diff options
| author |   Samuli Suominen <ssuominen@gentoo.org> | 2010-01-03 18:19:17 +0000 |
|---|---|---|
| committer | Samuli Suominen <ssuominen@gentoo.org> | 2010-01-03 18:19:17 +0000 |
| commit | 06e7df156ee9c1afbd0a1c4485c81eefc1d34984 (patch) | |
| tree | 3f99635a6b10e21869ee7d1f71b1c03f4a363d02 /media-libs/libmikmod | |
| parent | Version bump thanks to Fabian Henze (bug #297565 again). (diff) | |
| download | historical-06e7df156ee9c1afbd0a1c4485c81eefc1d34984.tar.gz historical-06e7df156ee9c1afbd0a1c4485c81eefc1d34984.tar.bz2 historical-06e7df156ee9c1afbd0a1c4485c81eefc1d34984.zip | |
Fix security bug #255363 (CVE-2007-6720 and CVE-2009-0179).
Package-Manager: portage-2.2_rc61/cvs/Linux x86_64
Diffstat (limited to 'media-libs/libmikmod')
| -rw-r--r-- | media-libs/libmikmod/ChangeLog | 11 | ||||
| -rw-r--r-- | media-libs/libmikmod/Manifest | 5 | ||||
| -rw-r--r-- | media-libs/libmikmod/files/libmikmod-CVE-2007-6720.patch | 112 | ||||
| -rw-r--r-- | media-libs/libmikmod/files/libmikmod-CVE-2009-0179.patch | 33 | ||||
| -rw-r--r-- | media-libs/libmikmod/libmikmod-3.2.0_beta2-r1.ebuild | 45 |
5 files changed, 203 insertions, 3 deletions
diff --git a/media-libs/libmikmod/ChangeLog b/media-libs/libmikmod/ChangeLog index b0cb170c63ca..1dcea4c95efe 100644 --- a/media-libs/libmikmod/ChangeLog +++ b/media-libs/libmikmod/ChangeLog @@ -1,6 +1,13 @@ # ChangeLog for media-libs/libmikmod -# Copyright 1999-2009 Gentoo Foundation; Distributed under the GPL v2 -# $Header: /var/cvsroot/gentoo-x86/media-libs/libmikmod/ChangeLog,v 1.62 2009/09/12 16:24:21 armin76 Exp $ +# Copyright 1999-2010 Gentoo Foundation; Distributed under the GPL v2 +# $Header: /var/cvsroot/gentoo-x86/media-libs/libmikmod/ChangeLog,v 1.63 2010/01/03 18:19:16 ssuominen Exp $ + +*libmikmod-3.2.0_beta2-r1 (03 Jan 2010) + + 03 Jan 2010; Samuli Suominen <ssuominen@gentoo.org> + +libmikmod-3.2.0_beta2-r1.ebuild, +files/libmikmod-CVE-2007-6720.patch, + +files/libmikmod-CVE-2009-0179.patch: + Fix security bug #255363 (CVE-2007-6720 and CVE-2009-0179). 12 Sep 2009; Raúl Porcel <armin76@gentoo.org> libmikmod-3.1.11-r5.ebuild: arm/ia64/sh/sparc stable wrt #278857 diff --git a/media-libs/libmikmod/Manifest b/media-libs/libmikmod/Manifest index f0affd9e36dd..c18bffa55c93 100644 --- a/media-libs/libmikmod/Manifest +++ b/media-libs/libmikmod/Manifest @@ -8,10 +8,13 @@ AUX libmikmod-3.2.0_beta2-64bit.patch 1044 RMD160 5d16f56caae168d875a5bb607f0981 AUX libmikmod-3.2.0_beta2-autotools.patch 10264 RMD160 ea1718aaf0e75464522ba25b6aa8fd609a783667 SHA1 bb9ffc1164e01cb9ddb171573888501d647e3747 SHA256 fa0b1b75420efb86ad7ac627d1ac9b82ba233f594672879fcaa65778b7dc7513 AUX libmikmod-3.2.0_beta2-doubleRegister.patch 722 RMD160 9b40114b4a966747af2905aaa38f3b1ee7e1d263 SHA1 f57811b14706dc31ece6206bc472a3ed7288f422 SHA256 f658d3459ef5bebf8daea407961cfa5f5059035a5fbbb56f81b26807fbe907f2 AUX libmikmod-3.2.0_beta2-info.patch 1405 RMD160 7ce4c47e7ec34c5d2f33bd538d59a7f991563b0b SHA1 675cff9d348a3c03b5c2672a863688a6ad986301 SHA256 d116a38ad10292c5ee0c37a04e1ed3cd9436e432d5d6b4128721d168199b4be1 +AUX libmikmod-CVE-2007-6720.patch 3178 RMD160 8c9e8493f609e79dc6981b6182c17a645220a5fe SHA1 311cbe9412eeeb576afed3425e28d6aae3abd822 SHA256 580ca0d63d94a7bd009346da49cf731e8d837a723af30f530be57c0084e2b8ab +AUX libmikmod-CVE-2009-0179.patch 1401 RMD160 0c4967c39d5c67b6d677b05d7f223785b7d53c6a SHA1 fbfa3648f9368a2ad010a504f2650792797ea8a7 SHA256 386b8430c38c21e8c558db88fa1e1844459df1381e610843a39e6763cd6329fd DIST libmikmod-3.1.11-esdm4.patch.bz2 2944 RMD160 8abf8e31a5e3cb9ebee45a04b52ef04024894e25 SHA1 63e03cb0f34d3ece66af2403d9c2d5c463affe7b SHA256 3dc3d413a9c617b919523866768559bee487a240670040f987825305609987da DIST libmikmod-3.1.11.tar.gz 611590 RMD160 79b144cce51340b4c9abe09d1110dba2333d7bfb SHA1 ca18fff19348d3bcf3550aa920b129b082c5069a SHA256 2d7598cd2a8c61c023f27c9c7c1aca8bbfd92aadbee2f98b7a6d421eae35c929 DIST libmikmod-3.2.0-beta2.tar.gz 760967 RMD160 db2cb3510874f50663528507a2d7598b6137bc3c SHA1 86ba141daf37ce059f83483aabaecddc0d504c73 SHA256 857b66ef04d695f70414188b985e08b04f1f62cc250d72a43d0e0609dfbdba03 EBUILD libmikmod-3.1.11-r5.ebuild 1354 RMD160 3b8411c1c78ad2a184017b4e730f7dcd44527d63 SHA1 5a3e6f5748c1ec443f0a200a3003700eb3ad3a72 SHA256 0310aff7ed7c929906130c6093178288fe2b3a57fb6786fe46e378518efc507d +EBUILD libmikmod-3.2.0_beta2-r1.ebuild 1307 RMD160 87773fcde2badd84167170c927eaaf29458a2884 SHA1 4ad061a8947824a26260f1253ef050ce4c7f819f SHA256 fdff9b71beea5451a242b436e9c94c07da42173ca79cf0c53c5261653d4a7db4 EBUILD libmikmod-3.2.0_beta2.ebuild 1131 RMD160 c143a18c0138e05a6155dca92a128b673704e6df SHA1 bd007be121927d1c60390c92b56a5182a04498de SHA256 2441a964126c194e0833bc93910ec3e50136c98263c0a60dd5bcfd0217fdfbf1 -MISC ChangeLog 8602 RMD160 e1e655eac82f17c0d1435a570082254e5c1a1cec SHA1 27578bcb28ebcea75e99f92f7b6f70b8082de1ed SHA256 d9e0a9393c08132629a7327ba7eeeb16a44a5e5288dc8e95c15068252374b83f +MISC ChangeLog 8876 RMD160 bbe6d9db9b48f2ea8dc166c5fc4c0a437ef3d266 SHA1 b72f49e8d83a8e9643eee4933a91978a1b3190d6 SHA256 896612e2cb239f7a2cf3f6e3938855129e9a552f99ee4e9bc3adeaf395a5ecc5 MISC metadata.xml 158 RMD160 6842e2189a50bd8a98e84802c38180ac1421c00e SHA1 703cea5a2109d41f7c87993c1f01d418a4c85174 SHA256 dfb5b47e6836db39fb187301dfcff1c2605e91d13d21db160806a563d8c75f9b diff --git a/media-libs/libmikmod/files/libmikmod-CVE-2007-6720.patch b/media-libs/libmikmod/files/libmikmod-CVE-2007-6720.patch new file mode 100644 index 000000000000..45cc355aee43 --- /dev/null +++ b/media-libs/libmikmod/files/libmikmod-CVE-2007-6720.patch @@ -0,0 +1,112 @@ +This patch fixes "buffer overflow due to md_numchn - ID: 1630158" + +diff -ru libmikmod-3.1.12.orig/playercode/mplayer.c libmikmod-3.1.12/playercode/mplayer.c +--- libmikmod-3.1.12.orig/playercode/mplayer.c 2007-12-15 01:26:28.000000000 -0800 ++++ libmikmod-3.1.12/playercode/mplayer.c 2009-10-04 23:48:36.000000000 -0700 +@@ -52,6 +52,8 @@ + will wait */ + /*static*/ MODULE *pf = NULL; + ++#define NUMVOICES(mod) (md_sngchn < (mod)->numvoices ? md_sngchn : (mod)->numvoices) ++ + #define HIGH_OCTAVE 2 /* number of above-range octaves */ + + static UWORD oldperiods[OCTAVE*2]={ +@@ -248,14 +250,14 @@ + MP_VOICE *a; + ULONG t,k,tvol,pp; + +- for (t=0;t<md_sngchn;t++) ++ for (t=0;t<NUMVOICES(mod);t++) + if (((mod->voice[t].main.kick==KICK_ABSENT)|| + (mod->voice[t].main.kick==KICK_ENV))&& + Voice_Stopped_internal(t)) + return t; + + tvol=0xffffffUL;t=-1;a=mod->voice; +- for (k=0;k<md_sngchn;k++,a++) { ++ for (k=0;k<NUMVOICES(mod);k++,a++) { + /* allow us to take over a nonexisting sample */ + if (!a->main.s) + return k; +@@ -2249,12 +2251,12 @@ + + switch (dat) { + case 0x0: /* past note cut */ +- for (t=0;t<md_sngchn;t++) ++ for (t=0;t<NUMVOICES(mod);t++) + if (mod->voice[t].master==a) + mod->voice[t].main.fadevol=0; + break; + case 0x1: /* past note off */ +- for (t=0;t<md_sngchn;t++) ++ for (t=0;t<NUMVOICES(mod);t++) + if (mod->voice[t].master==a) { + mod->voice[t].main.keyoff|=KEY_OFF; + if ((!(mod->voice[t].venv.flg & EF_ON))|| +@@ -2263,7 +2265,7 @@ + } + break; + case 0x2: /* past note fade */ +- for (t=0;t<md_sngchn;t++) ++ for (t=0;t<NUMVOICES(mod);t++) + if (mod->voice[t].master==a) + mod->voice[t].main.keyoff|=KEY_FADE; + break; +@@ -2318,7 +2320,7 @@ + SAMPLE *s; + + mod->totalchn=mod->realchn=0; +- for (channel=0;channel<md_sngchn;channel++) { ++ for (channel=0;channel<NUMVOICES(mod);channel++) { + aout=&mod->voice[channel]; + i=aout->main.i; + s=aout->main.s; +@@ -2736,7 +2738,7 @@ + if (a->dct!=DCT_OFF) { + int t; + +- for (t=0;t<md_sngchn;t++) ++ for (t=0;t<NUMVOICES(mod);t++) + if ((!Voice_Stopped_internal(t))&& + (mod->voice[t].masterchn==channel)&& + (a->main.sample==mod->voice[t].main.sample)) { +@@ -2978,6 +2980,11 @@ + if (!(mod->voice=(MP_VOICE*)_mm_calloc(md_sngchn,sizeof(MP_VOICE)))) + return 1; + ++ /* mod->numvoices was used during loading to clamp md_sngchn. ++ After loading it's used to remember how big mod->voice is. ++ */ ++ mod->numvoices = md_sngchn; ++ + Player_Init_internal(mod); + return 0; + } +@@ -3086,7 +3093,7 @@ + pf->patbrk=0; + pf->vbtick=pf->sngspd; + +- for (t=0;t<md_sngchn;t++) { ++ for (t=0;t<NUMVOICES(pf);t++) { + Voice_Stop_internal(t); + pf->voice[t].main.i=NULL; + pf->voice[t].main.s=NULL; +@@ -3111,7 +3118,7 @@ + pf->patbrk=0; + pf->vbtick=pf->sngspd; + +- for (t=0;t<md_sngchn;t++) { ++ for (t=0;t<NUMVOICES(pf);t++) { + Voice_Stop_internal(t); + pf->voice[t].main.i=NULL; + pf->voice[t].main.s=NULL; +@@ -3138,7 +3145,7 @@ + pf->sngpos=pos; + pf->vbtick=pf->sngspd; + +- for (t=0;t<md_sngchn;t++) { ++ for (t=0;t<NUMVOICES(pf);t++) { + Voice_Stop_internal(t); + pf->voice[t].main.i=NULL; + pf->voice[t].main.s=NULL; diff --git a/media-libs/libmikmod/files/libmikmod-CVE-2009-0179.patch b/media-libs/libmikmod/files/libmikmod-CVE-2009-0179.patch new file mode 100644 index 000000000000..0c47e6545575 --- /dev/null +++ b/media-libs/libmikmod/files/libmikmod-CVE-2009-0179.patch @@ -0,0 +1,33 @@ +diff -ur libmikmod-3.1.11.orig/loaders/load_xm.c libmikmod-3.1.11/loaders/load_xm.c +--- libmikmod-3.1.11.orig/loaders/load_xm.c 2004-01-21 18:43:53.000000000 +0100 ++++ libmikmod-3.1.11/loaders/load_xm.c 2008-04-16 04:30:45.000000000 +0200 +@@ -622,7 +622,8 @@ + /* read the remainder of the header */ + for(u=headend-_mm_ftell(modreader);u;u--) _mm_read_UBYTE(modreader); + +- if(_mm_eof(modreader)) { ++ /* last instrument is at the end of file in version 0x0104 */ ++ if(_mm_eof(modreader) && (mh->version<0x0104 || t<of.numins-1)) { + free(nextwav);free(wh); + nextwav=NULL;wh=NULL; + _mm_errno = MMERR_LOADING_SAMPLEINFO; +diff -ur libmikmod-3.1.11.orig/playercode/mloader.c libmikmod-3.1.11/playercode/mloader.c +--- libmikmod-3.1.11.orig/playercode/mloader.c 2004-01-21 18:43:53.000000000 +0100 ++++ libmikmod-3.1.11/playercode/mloader.c 2008-04-16 04:30:45.000000000 +0200 +@@ -450,10 +450,12 @@ + if (!l->Init || l->Init()) { + _mm_rewind(modreader); + ok = l->Load(curious); +- /* propagate inflags=flags for in-module samples */ +- for (t = 0; t < of.numsmp; t++) +- if (of.samples[t].inflags == 0) +- of.samples[t].inflags = of.samples[t].flags; ++ if (ok) { ++ /* propagate inflags=flags for in-module samples */ ++ for (t = 0; t < of.numsmp; t++) ++ if (of.samples[t].inflags == 0) ++ of.samples[t].inflags = of.samples[t].flags; ++ } + } else + ok = 0; + diff --git a/media-libs/libmikmod/libmikmod-3.2.0_beta2-r1.ebuild b/media-libs/libmikmod/libmikmod-3.2.0_beta2-r1.ebuild new file mode 100644 index 000000000000..b1bf1770ea12 --- /dev/null +++ b/media-libs/libmikmod/libmikmod-3.2.0_beta2-r1.ebuild @@ -0,0 +1,45 @@ +# Copyright 1999-2010 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 +# $Header: /var/cvsroot/gentoo-x86/media-libs/libmikmod/libmikmod-3.2.0_beta2-r1.ebuild,v 1.1 2010/01/03 18:19:16 ssuominen Exp $ + +EAPI=2 +MY_P=${P/_/-} +inherit autotools eutils + +DESCRIPTION="A library to play a wide range of module formats" +HOMEPAGE="http://mikmod.raphnet.net/" +SRC_URI="http://mikmod.raphnet.net/files/${MY_P}.tar.gz" + +LICENSE="|| ( LGPL-2.1 LGPL-2 )" +SLOT="0" +KEYWORDS="~alpha ~amd64 ~arm ~hppa ~ia64 ~mips ~ppc ~ppc64 ~sh ~sparc ~x86 ~x86-fbsd" +# Enable OSS by default since ALSA support isn't available, look below +IUSE="+oss" + +S=${WORKDIR}/${MY_P} + +src_prepare() { + epatch "${FILESDIR}"/${P}-64bit.patch \ + "${FILESDIR}"/${P}-autotools.patch \ + "${FILESDIR}"/${P}-info.patch \ + "${FILESDIR}"/${P}-doubleRegister.patch \ + "${FILESDIR}"/${PN}-CVE-2007-6720.patch \ + "${FILESDIR}"/${PN}-CVE-2009-0179.patch + AT_M4DIR=${S} eautoreconf +} + +src_configure() { + # * af is something called AF/AFlib.h and -lAF, not audiofile in tree + # * alsa support is for deprecated API and doesn't work + econf \ + --disable-af \ + --disable-alsa \ + --disable-esd \ + $(use_enable oss) +} + +src_install() { + emake DESTDIR="${D}" install || die + dodoc AUTHORS NEWS README TODO + dohtml docs/*.html +} |