rpms/libmikmod/F-10 libmikmod-CVE-2007-6720.patch, NONE, 1.1 libmikmod-CVE-2009-0179.patch, NONE, 1.1 libmikmod.spec, 1.7, 1.8
Jindrich Novy
jnovy at fedoraproject.org
Fri Aug 28 07:27:30 UTC 2009
Author: jnovy
Update of /cvs/pkgs/rpms/libmikmod/F-10
In directory cvs1.fedora.phx.redhat.com:/tmp/cvs-serv11776
Modified Files:
libmikmod.spec
Added Files:
libmikmod-CVE-2007-6720.patch libmikmod-CVE-2009-0179.patch
Log Message:
* Fri Aug 28 2009 Jindrich Novy <jnovy at redhat.com> 3.2.0-4.beta2
- fix CVE-2007-6720 (#479829)
- fix CVE-2009-0179 (#479833)
libmikmod-CVE-2007-6720.patch:
mplayer.c | 8 ++++----
1 file changed, 4 insertions(+), 4 deletions(-)
--- NEW FILE libmikmod-CVE-2007-6720.patch ---
diff -up libmikmod-3.2.0-beta2/playercode/mplayer.c.CVE-2007-6720 libmikmod-3.2.0-beta2/playercode/mplayer.c
--- libmikmod-3.2.0-beta2/playercode/mplayer.c.CVE-2007-6720 2004-01-31 23:40:22.000000000 +0100
+++ libmikmod-3.2.0-beta2/playercode/mplayer.c 2009-08-28 05:06:07.000000000 +0200
@@ -2318,7 +2318,7 @@ void pt_UpdateVoices(MODULE *mod, int ma
SAMPLE *s;
mod->totalchn=mod->realchn=0;
- for (channel=0;channel<md_sngchn;channel++) {
+ for (channel=0;channel<pf->numchn;channel++) {
aout=&mod->voice[channel];
i=aout->main.i;
s=aout->main.s;
@@ -3089,7 +3089,7 @@ MIKMODAPI void Player_NextPosition(void)
pf->patbrk=0;
pf->vbtick=pf->sngspd;
- for (t=0;t<md_sngchn;t++) {
+ for (t=0;t<pf->numchn;t++) {
Voice_Stop_internal(t);
pf->voice[t].main.i=NULL;
pf->voice[t].main.s=NULL;
@@ -3114,7 +3114,7 @@ MIKMODAPI void Player_PrevPosition(void)
pf->patbrk=0;
pf->vbtick=pf->sngspd;
- for (t=0;t<md_sngchn;t++) {
+ for (t=0;t<pf->numchn;t++) {
Voice_Stop_internal(t);
pf->voice[t].main.i=NULL;
pf->voice[t].main.s=NULL;
@@ -3141,7 +3141,7 @@ MIKMODAPI void Player_SetPosition(UWORD
pf->sngpos=pos;
pf->vbtick=pf->sngspd;
- for (t=0;t<md_sngchn;t++) {
+ for (t=0;t<pf->numchn;t++) {
Voice_Stop_internal(t);
pf->voice[t].main.i=NULL;
pf->voice[t].main.s=NULL;
libmikmod-CVE-2009-0179.patch:
loaders/load_xm.c | 3 ++-
playercode/mloader.c | 10 ++++++----
2 files changed, 8 insertions(+), 5 deletions(-)
--- NEW FILE libmikmod-CVE-2009-0179.patch ---
diff -ur libmikmod-3.1.11.orig/loaders/load_xm.c libmikmod-3.1.11/loaders/load_xm.c
--- libmikmod-3.1.11.orig/loaders/load_xm.c 2004-01-21 18:43:53.000000000 +0100
+++ libmikmod-3.1.11/loaders/load_xm.c 2008-04-16 04:30:45.000000000 +0200
@@ -622,7 +622,8 @@
/* read the remainder of the header */
for(u=headend-_mm_ftell(modreader);u;u--) _mm_read_UBYTE(modreader);
- if(_mm_eof(modreader)) {
+ /* last instrument is at the end of file in version 0x0104 */
+ if(_mm_eof(modreader) && (mh->version<0x0104 || t<of.numins-1)) {
free(nextwav);free(wh);
nextwav=NULL;wh=NULL;
_mm_errno = MMERR_LOADING_SAMPLEINFO;
diff -ur libmikmod-3.1.11.orig/playercode/mloader.c libmikmod-3.1.11/playercode/mloader.c
--- libmikmod-3.1.11.orig/playercode/mloader.c 2004-01-21 18:43:53.000000000 +0100
+++ libmikmod-3.1.11/playercode/mloader.c 2008-04-16 04:30:45.000000000 +0200
@@ -450,10 +450,12 @@
if (!l->Init || l->Init()) {
_mm_rewind(modreader);
ok = l->Load(curious);
- /* propagate inflags=flags for in-module samples */
- for (t = 0; t < of.numsmp; t++)
- if (of.samples[t].inflags == 0)
- of.samples[t].inflags = of.samples[t].flags;
+ if (ok) {
+ /* propagate inflags=flags for in-module samples */
+ for (t = 0; t < of.numsmp; t++)
+ if (of.samples[t].inflags == 0)
+ of.samples[t].inflags = of.samples[t].flags;
+ }
} else
ok = 0;
Index: libmikmod.spec
===================================================================
RCS file: /cvs/pkgs/rpms/libmikmod/F-10/libmikmod.spec,v
retrieving revision 1.7
retrieving revision 1.8
diff -u -p -r1.7 -r1.8
--- libmikmod.spec 18 Feb 2008 21:52:21 -0000 1.7
+++ libmikmod.spec 28 Aug 2009 07:27:30 -0000 1.8
@@ -1,7 +1,7 @@
Summary: A MOD music file player library
Name: libmikmod
Version: 3.2.0
-Release: 3.beta2%{?dist}
+Release: 4.beta2%{?dist}
License: GPLv2 and LGPLv2+
Group: Applications/Multimedia
Buildroot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n)
@@ -14,6 +14,8 @@ Patch2: libmikmod-strip-lib.patch
Patch3: libmikmod-multilib.patch
Patch4: libmikmod-autoconf.patch
Patch5: libmikmod-info.patch
+Patch6: libmikmod-CVE-2007-6720.patch
+Patch7: libmikmod-CVE-2009-0179.patch
%description
libmikmod is a library used by the mikmod MOD music file player for
@@ -39,6 +41,8 @@ applications for mikmod.
%patch3 -p1 -b .multilib
%patch4 -p1 -b .autoconf
%patch5 -p1 -b .info
+%patch6 -p1 -b .CVE-2007-6720
+%patch7 -p1 -b .CVE-2009-0179
%build
%configure
@@ -80,6 +84,10 @@ fi
%{_mandir}/man1/libmikmod-config*
%changelog
+* Fri Aug 28 2009 Jindrich Novy <jnovy at redhat.com> 3.2.0-4.beta2
+- fix CVE-2007-6720 (#479829)
+- fix CVE-2009-0179 (#479833)
+
* Mon Feb 18 2008 Hans de Goede <j.w.r.degoede at hhs.nl> 3.2.0-3.beta2
- Fix MikMod_InfoLoader() and MikMod_InfoDriver() functions, fixing mikmod -n
output
More information about the fedora-extras-commits
mailing list