rpms/libmikmod/devel libmikmod-CVE-2009-0179.patch, NONE, 1.1 libmikmod.spec, 1.11, 1.12

Jindrich Novy jnovy at fedoraproject.org
Fri Aug 28 06:04:48 UTC 2009 

Author: jnovy

Update of /cvs/pkgs/rpms/libmikmod/devel
In directory cvs1.fedora.phx.redhat.com:/tmp/cvs-serv19670

Modified Files:
	libmikmod.spec 
Added Files:
	libmikmod-CVE-2009-0179.patch 
Log Message:
* Fri Aug 28 2009 Jindrich Novy <jnovy at redhat.com> 3.2.0-8.beta2
- fix CVE-2009-0179 (#519992)


libmikmod-CVE-2009-0179.patch:
 loaders/load_xm.c    |    3 ++-
 playercode/mloader.c |   10 ++++++----
 2 files changed, 8 insertions(+), 5 deletions(-)

--- NEW FILE libmikmod-CVE-2009-0179.patch ---
diff -ur libmikmod-3.1.11.orig/loaders/load_xm.c libmikmod-3.1.11/loaders/load_xm.c
--- libmikmod-3.1.11.orig/loaders/load_xm.c	2004-01-21 18:43:53.000000000 +0100
+++ libmikmod-3.1.11/loaders/load_xm.c	2008-04-16 04:30:45.000000000 +0200
@@ -622,7 +622,8 @@
 				/* read the remainder of the header */
 				for(u=headend-_mm_ftell(modreader);u;u--) _mm_read_UBYTE(modreader);
 
-				if(_mm_eof(modreader)) {
+				/* last instrument is at the end of file in version 0x0104 */
+				if(_mm_eof(modreader) && (mh->version<0x0104 || t<of.numins-1)) {
 					free(nextwav);free(wh);
 					nextwav=NULL;wh=NULL;
 					_mm_errno = MMERR_LOADING_SAMPLEINFO;
diff -ur libmikmod-3.1.11.orig/playercode/mloader.c libmikmod-3.1.11/playercode/mloader.c
--- libmikmod-3.1.11.orig/playercode/mloader.c	2004-01-21 18:43:53.000000000 +0100
+++ libmikmod-3.1.11/playercode/mloader.c	2008-04-16 04:30:45.000000000 +0200
@@ -450,10 +450,12 @@
 	if (!l->Init || l->Init()) {
 		_mm_rewind(modreader);
 		ok = l->Load(curious);
-		/* propagate inflags=flags for in-module samples */
-		for (t = 0; t < of.numsmp; t++)
-			if (of.samples[t].inflags == 0)
-				of.samples[t].inflags = of.samples[t].flags;
+		if (ok) {
+			/* propagate inflags=flags for in-module samples */
+			for (t = 0; t < of.numsmp; t++)
+				if (of.samples[t].inflags == 0)
+					of.samples[t].inflags = of.samples[t].flags;
+		}
 	} else
 		ok = 0;
 


Index: libmikmod.spec
===================================================================
RCS file: /cvs/pkgs/rpms/libmikmod/devel/libmikmod.spec,v
retrieving revision 1.11
retrieving revision 1.12
diff -u -p -r1.11 -r1.12
--- libmikmod.spec	28 Aug 2009 03:12:32 -0000	1.11
+++ libmikmod.spec	28 Aug 2009 06:04:48 -0000	1.12
@@ -1,7 +1,7 @@
 Summary: A MOD music file player library
 Name: libmikmod
 Version: 3.2.0
-Release: 7.beta2%{?dist}
+Release: 8.beta2%{?dist}
 License: GPLv2 and LGPLv2+
 Group: Applications/Multimedia
 Buildroot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n)
@@ -15,6 +15,7 @@ Patch3:  libmikmod-multilib.patch
 Patch4:  libmikmod-autoconf.patch
 Patch5:  libmikmod-info.patch
 Patch6:  libmikmod-CVE-2007-6720.patch
+Patch7:  libmikmod-CVE-2009-0179.patch
 
 %description
 libmikmod is a library used by the mikmod MOD music file player for
@@ -43,6 +44,7 @@ applications for mikmod.
 %patch4 -p1 -b .autoconf
 %patch5 -p1 -b .info
 %patch6 -p1 -b .CVE-2007-6720
+%patch7 -p1 -b .CVE-2009-0179
 
 %build
 %configure
@@ -84,6 +86,9 @@ fi
 %{_mandir}/man1/libmikmod-config*
 
 %changelog
+* Fri Aug 28 2009 Jindrich Novy <jnovy at redhat.com> 3.2.0-8.beta2
+- fix CVE-2009-0179 (#519992)
+
 * Fri Aug 28 2009 Jindrich Novy <jnovy at redhat.com> 3.2.0-7.beta2
 - fix CVE-2007-6720 (#519990)

More information about the fedora-extras-commits mailing list