rpms/libmikmod/devel libmikmod-CVE-2009-0179.patch, NONE, 1.1 libmikmod.spec, 1.11, 1.12
Jindrich Novy
jnovy at fedoraproject.org
Fri Aug 28 06:04:48 UTC 2009
Author: jnovy
Update of /cvs/pkgs/rpms/libmikmod/devel
In directory cvs1.fedora.phx.redhat.com:/tmp/cvs-serv19670
Modified Files:
libmikmod.spec
Added Files:
libmikmod-CVE-2009-0179.patch
Log Message:
* Fri Aug 28 2009 Jindrich Novy <jnovy at redhat.com> 3.2.0-8.beta2
- fix CVE-2009-0179 (#519992)
libmikmod-CVE-2009-0179.patch:
loaders/load_xm.c | 3 ++-
playercode/mloader.c | 10 ++++++----
2 files changed, 8 insertions(+), 5 deletions(-)
--- NEW FILE libmikmod-CVE-2009-0179.patch ---
diff -ur libmikmod-3.1.11.orig/loaders/load_xm.c libmikmod-3.1.11/loaders/load_xm.c
--- libmikmod-3.1.11.orig/loaders/load_xm.c 2004-01-21 18:43:53.000000000 +0100
+++ libmikmod-3.1.11/loaders/load_xm.c 2008-04-16 04:30:45.000000000 +0200
@@ -622,7 +622,8 @@
/* read the remainder of the header */
for(u=headend-_mm_ftell(modreader);u;u--) _mm_read_UBYTE(modreader);
- if(_mm_eof(modreader)) {
+ /* last instrument is at the end of file in version 0x0104 */
+ if(_mm_eof(modreader) && (mh->version<0x0104 || t<of.numins-1)) {
free(nextwav);free(wh);
nextwav=NULL;wh=NULL;
_mm_errno = MMERR_LOADING_SAMPLEINFO;
diff -ur libmikmod-3.1.11.orig/playercode/mloader.c libmikmod-3.1.11/playercode/mloader.c
--- libmikmod-3.1.11.orig/playercode/mloader.c 2004-01-21 18:43:53.000000000 +0100
+++ libmikmod-3.1.11/playercode/mloader.c 2008-04-16 04:30:45.000000000 +0200
@@ -450,10 +450,12 @@
if (!l->Init || l->Init()) {
_mm_rewind(modreader);
ok = l->Load(curious);
- /* propagate inflags=flags for in-module samples */
- for (t = 0; t < of.numsmp; t++)
- if (of.samples[t].inflags == 0)
- of.samples[t].inflags = of.samples[t].flags;
+ if (ok) {
+ /* propagate inflags=flags for in-module samples */
+ for (t = 0; t < of.numsmp; t++)
+ if (of.samples[t].inflags == 0)
+ of.samples[t].inflags = of.samples[t].flags;
+ }
} else
ok = 0;
Index: libmikmod.spec
===================================================================
RCS file: /cvs/pkgs/rpms/libmikmod/devel/libmikmod.spec,v
retrieving revision 1.11
retrieving revision 1.12
diff -u -p -r1.11 -r1.12
--- libmikmod.spec 28 Aug 2009 03:12:32 -0000 1.11
+++ libmikmod.spec 28 Aug 2009 06:04:48 -0000 1.12
@@ -1,7 +1,7 @@
Summary: A MOD music file player library
Name: libmikmod
Version: 3.2.0
-Release: 7.beta2%{?dist}
+Release: 8.beta2%{?dist}
License: GPLv2 and LGPLv2+
Group: Applications/Multimedia
Buildroot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n)
@@ -15,6 +15,7 @@ Patch3: libmikmod-multilib.patch
Patch4: libmikmod-autoconf.patch
Patch5: libmikmod-info.patch
Patch6: libmikmod-CVE-2007-6720.patch
+Patch7: libmikmod-CVE-2009-0179.patch
%description
libmikmod is a library used by the mikmod MOD music file player for
@@ -43,6 +44,7 @@ applications for mikmod.
%patch4 -p1 -b .autoconf
%patch5 -p1 -b .info
%patch6 -p1 -b .CVE-2007-6720
+%patch7 -p1 -b .CVE-2009-0179
%build
%configure
@@ -84,6 +86,9 @@ fi
%{_mandir}/man1/libmikmod-config*
%changelog
+* Fri Aug 28 2009 Jindrich Novy <jnovy at redhat.com> 3.2.0-8.beta2
+- fix CVE-2009-0179 (#519992)
+
* Fri Aug 28 2009 Jindrich Novy <jnovy at redhat.com> 3.2.0-7.beta2
- fix CVE-2007-6720 (#519990)
More information about the fedora-extras-commits
mailing list