rpms/mikmod/devel mikmod-3.2.2-beta1-CVE-2009-0179.patch, NONE, 1.1 mikmod.spec, 1.44, 1.45
Jindrich Novy
jnovy at fedoraproject.org
Fri Aug 28 02:52:32 UTC 2009
- Previous message (by thread): rpms/ibus-table-erbi/devel .cvsignore,1.3,1.4 sources,1.3,1.4
- Next message (by thread): rpms/xorg-x11-proto-devel/devel .cvsignore, 1.59, 1.60 sources, 1.58, 1.59 xorg-x11-proto-devel.spec, 1.108, 1.109
- Messages sorted by:
[ date ]
[ thread ]
[ subject ]
[ author ]
Author: jnovy
Update of /cvs/pkgs/rpms/mikmod/devel
In directory cvs1.fedora.phx.redhat.com:/tmp/cvs-serv15358
Modified Files:
mikmod.spec
Added Files:
mikmod-3.2.2-beta1-CVE-2009-0179.patch
Log Message:
* Fri Aug 28 2009 Jindrich Novy <jnovy at redhat.com> 3.2.2-13.beta1
- fix CVE-2009-0179 (#519992)
mikmod-3.2.2-beta1-CVE-2009-0179.patch:
loaders/load_xm.c | 3 ++-
playercode/mloader.c | 10 ++++++----
2 files changed, 8 insertions(+), 5 deletions(-)
--- NEW FILE mikmod-3.2.2-beta1-CVE-2009-0179.patch ---
diff -ur libmikmod-3.1.11.orig/loaders/load_xm.c libmikmod-3.1.11/loaders/load_xm.c
--- libmikmod-3.1.11.orig/loaders/load_xm.c 2004-01-21 18:43:53.000000000 +0100
+++ libmikmod-3.1.11/loaders/load_xm.c 2008-04-16 04:30:45.000000000 +0200
@@ -622,7 +622,8 @@
/* read the remainder of the header */
for(u=headend-_mm_ftell(modreader);u;u--) _mm_read_UBYTE(modreader);
- if(_mm_eof(modreader)) {
+ /* last instrument is at the end of file in version 0x0104 */
+ if(_mm_eof(modreader) && (mh->version<0x0104 || t<of.numins-1)) {
free(nextwav);free(wh);
nextwav=NULL;wh=NULL;
_mm_errno = MMERR_LOADING_SAMPLEINFO;
diff -ur libmikmod-3.1.11.orig/playercode/mloader.c libmikmod-3.1.11/playercode/mloader.c
--- libmikmod-3.1.11.orig/playercode/mloader.c 2004-01-21 18:43:53.000000000 +0100
+++ libmikmod-3.1.11/playercode/mloader.c 2008-04-16 04:30:45.000000000 +0200
@@ -450,10 +450,12 @@
if (!l->Init || l->Init()) {
_mm_rewind(modreader);
ok = l->Load(curious);
- /* propagate inflags=flags for in-module samples */
- for (t = 0; t < of.numsmp; t++)
- if (of.samples[t].inflags == 0)
- of.samples[t].inflags = of.samples[t].flags;
+ if (ok) {
+ /* propagate inflags=flags for in-module samples */
+ for (t = 0; t < of.numsmp; t++)
+ if (of.samples[t].inflags == 0)
+ of.samples[t].inflags = of.samples[t].flags;
+ }
} else
ok = 0;
Index: mikmod.spec
===================================================================
RCS file: /cvs/pkgs/rpms/mikmod/devel/mikmod.spec,v
retrieving revision 1.44
retrieving revision 1.45
diff -u -p -r1.44 -r1.45
--- mikmod.spec 12 Aug 2009 17:38:29 -0000 1.44
+++ mikmod.spec 28 Aug 2009 02:52:32 -0000 1.45
@@ -3,7 +3,7 @@
Summary: Music module player
Name: mikmod
Version: 3.2.2
-Release: 12.beta1%{?dist}
+Release: 13.beta1%{?dist}
License: GPLv2 and LGPLv2+
Group: Applications/Multimedia
Buildroot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n)
@@ -11,6 +11,7 @@ BuildRequires: ncurses-devel libmikmod-d
URL: http://mikmod.raphnet.net/
Source0: http://mikmod.raphnet.net/files/mikmod-%{version}-beta1.tar.bz2
Patch0: mikmod-3.2.2-beta1-missing-protos.patch
+Patch1: mikmod-3.2.2-beta1-CVE-2009-0179.patch
%description
MikMod is one of the best and most well known MOD music file players
@@ -54,6 +55,9 @@ rm -rf $RPM_BUILD_ROOT
%changelog
+* Fri Aug 28 2009 Jindrich Novy <jnovy at redhat.com> 3.2.2-13.beta1
+- fix CVE-2009-0179 (#519992)
+
* Tue Aug 11 2009 Ville Skyttä <ville.skytta at iki.fi> - 3.2.2-12.beta1
- Use bzipped upstream tarball.
- Previous message (by thread): rpms/ibus-table-erbi/devel .cvsignore,1.3,1.4 sources,1.3,1.4
- Next message (by thread): rpms/xorg-x11-proto-devel/devel .cvsignore, 1.59, 1.60 sources, 1.58, 1.59 xorg-x11-proto-devel.spec, 1.108, 1.109
- Messages sorted by:
[ date ]
[ thread ]
[ subject ]
[ author ]
More information about the fedora-extras-commits
mailing list