1 |
slyfox 12/02/06 21:46:32 |
2 |
|
3 |
Added: libmikmod-3.2.0_beta2-CVE-2009-3995-3996.patch |
4 |
libmikmod-3.2.0_beta2-fix-unload-crash.patch |
5 |
libmikmod-3.2.0_beta2-fix-vol-crash.patch |
6 |
libmikmod-3.2.0_beta2-CVE-2010-2546-2971.patch |
7 |
libmikmod-3.2.0_beta2-pa-workaround.patch |
8 |
Log: |
9 |
Fixed sdl-mixer crash (bug #300525 reported by A.C.Heron and fixed by pva). |
10 |
Fixed CVE-2009-3995, CVE-2009-3996 CVE-2010-2546 CVE-2010-2971 (security |
11 |
bug #335892 by Stefan Behte fixes are pulled from upstream, redhat and suse). |
12 |
Added workaround to avoid crash when libmikmod ran under padsp pulseaudio wrapper. |
13 |
|
14 |
(Portage version: 2.2.0_alpha85/cvs/Linux x86_64) |
15 |
|
16 |
Revision Changes Path |
17 |
1.1 media-libs/libmikmod/files/libmikmod-3.2.0_beta2-CVE-2009-3995-3996.patch |
18 |
|
19 |
file : http://sources.gentoo.org/viewvc.cgi/gentoo-x86/media-libs/libmikmod/files/libmikmod-3.2.0_beta2-CVE-2009-3995-3996.patch?rev=1.1&view=markup |
20 |
plain: http://sources.gentoo.org/viewvc.cgi/gentoo-x86/media-libs/libmikmod/files/libmikmod-3.2.0_beta2-CVE-2009-3995-3996.patch?rev=1.1&content-type=text/plain |
21 |
|
22 |
Index: libmikmod-3.2.0_beta2-CVE-2009-3995-3996.patch |
23 |
=================================================================== |
24 |
#! /bin/sh /usr/share/dpatch/dpatch-run |
25 |
## CVE-2009-3995f.dpatch by <aw@×××××.de> |
26 |
## |
27 |
## All lines beginning with `## DP:' are a description of the patch. |
28 |
## DP: Patch for CVE-2009-3995 and CVE-2009-3996 |
29 |
|
30 |
@DPATCH@ |
31 |
|
32 |
diff -Ndurp libmikmod-3.1.11/loaders/load_it.c libmikmod-3.1.11-fixed/loaders/load_it.c |
33 |
--- libmikmod-3.1.11/loaders/load_it.c 2010-05-31 14:10:34.000000000 +0200 |
34 |
+++ libmikmod-3.1.11-fixed/loaders/load_it.c 2010-05-31 14:10:10.000000000 +0200 |
35 |
@@ -862,6 +862,10 @@ BOOL IT_Load(BOOL curious) |
36 |
#endif |
37 |
|
38 |
IT_ProcessEnvelope(vol); |
39 |
+ /* fix for CVE-2009-3995 - snatched from SuSe's fix -- AW */ |
40 |
+ if (ih.volpts>= ENVPOINTS) |
41 |
+ ih.volpts = ENVPOINTS-1; |
42 |
+ |
43 |
for(u=0;u<ih.volpts;u++) |
44 |
d->volenv[u].val=(ih.volnode[u]<<2); |
45 |
|
46 |
diff -Ndurp libmikmod-3.1.11/loaders/load_ult.c libmikmod-3.1.11-fixed/loaders/load_ult.c |
47 |
--- libmikmod-3.1.11/loaders/load_ult.c 2010-05-31 14:10:34.000000000 +0200 |
48 |
+++ libmikmod-3.1.11-fixed/loaders/load_ult.c 2010-05-31 14:10:10.000000000 +0200 |
49 |
@@ -224,6 +224,9 @@ BOOL ULT_Load(BOOL curious) |
50 |
for(u=0;u<of.numchn;u++) |
51 |
for(t=0;t<of.numpat;t++) |
52 |
of.patterns[(t*of.numchn)+u]=tracks++; |
53 |
+ /* fix for CVE-2009-3996 - snatched from SuSe's fix -- AW */ |
54 |
+ if (of.numchn>=UF_MAXCHAN) |
55 |
+ of.numchn=UF_MAXCHAN - 1; |
56 |
|
57 |
/* read pan position table for v1.5 and higher */ |
58 |
if(mh.id[14]>='3') { |
59 |
|
60 |
|
61 |
|
62 |
1.1 media-libs/libmikmod/files/libmikmod-3.2.0_beta2-fix-unload-crash.patch |
63 |
|
64 |
file : http://sources.gentoo.org/viewvc.cgi/gentoo-x86/media-libs/libmikmod/files/libmikmod-3.2.0_beta2-fix-unload-crash.patch?rev=1.1&view=markup |
65 |
plain: http://sources.gentoo.org/viewvc.cgi/gentoo-x86/media-libs/libmikmod/files/libmikmod-3.2.0_beta2-fix-unload-crash.patch?rev=1.1&content-type=text/plain |
66 |
|
67 |
Index: libmikmod-3.2.0_beta2-fix-unload-crash.patch |
68 |
=================================================================== |
69 |
Date: 15 Apr 2002 11:01:19 +0200 |
70 |
From: Guillaume Cottenceau <gc@××××××××××××.com> |
71 |
|
72 |
Unfortunately, I should have double checked that the following |
73 |
fix (authored by Dave Goehrig <dave@××××××××××××××.org>, not me), |
74 |
was really in the CVS... it's not, as of stable 1.2.3 at least. |
75 |
Please include it, it fixes a segfault on exiting a program which |
76 |
disabled MOD music during its execution. |
77 |
|
78 |
Gentoo-bug: http://bugs.gentoo.org/300525 |
79 |
diff -ru libmikmod-3.1.12.orig/playercode/virtch_common.c libmikmod-3.1.12/playercode/virtch_common.c |
80 |
--- libmikmod-3.1.12.orig/playercode/virtch_common.c 2007-12-15 01:26:53.000000000 -0800 |
81 |
+++ libmikmod-3.1.12/playercode/virtch_common.c 2009-10-05 00:37:12.000000000 -0700 |
82 |
@@ -347,7 +347,7 @@ |
83 |
|
84 |
void VC1_SampleUnload(SWORD handle) |
85 |
{ |
86 |
- if (handle<MAXSAMPLEHANDLES) { |
87 |
+ if (Samples && handle<MAXSAMPLEHANDLES) { |
88 |
if (Samples[handle]) |
89 |
free(Samples[handle]); |
90 |
Samples[handle]=NULL; |
91 |
|
92 |
|
93 |
|
94 |
1.1 media-libs/libmikmod/files/libmikmod-3.2.0_beta2-fix-vol-crash.patch |
95 |
|
96 |
file : http://sources.gentoo.org/viewvc.cgi/gentoo-x86/media-libs/libmikmod/files/libmikmod-3.2.0_beta2-fix-vol-crash.patch?rev=1.1&view=markup |
97 |
plain: http://sources.gentoo.org/viewvc.cgi/gentoo-x86/media-libs/libmikmod/files/libmikmod-3.2.0_beta2-fix-vol-crash.patch?rev=1.1&content-type=text/plain |
98 |
|
99 |
Index: libmikmod-3.2.0_beta2-fix-vol-crash.patch |
100 |
=================================================================== |
101 |
Yi-Huang Han - Wed Oct 24 21:55:47 PDT 2001 |
102 |
* Fixed MOD music volume when looping |
103 |
|
104 |
Gentoo-bug: http://bugs.gentoo.org/300525 |
105 |
diff -ru libmikmod-3.1.12.orig/playercode/mplayer.c libmikmod-3.1.12/playercode/mplayer.c |
106 |
--- libmikmod-3.1.12.orig/playercode/mplayer.c 2009-10-05 00:19:59.000000000 -0700 |
107 |
+++ libmikmod-3.1.12/playercode/mplayer.c 2009-10-05 00:44:35.000000000 -0700 |
108 |
@@ -3019,7 +3019,7 @@ |
109 |
{ |
110 |
MUTEX_LOCK(vars); |
111 |
if (pf) |
112 |
- pf->volume=(volume<0)?0:(volume>128)?128:volume; |
113 |
+ pf->volume=pf->initvolume=(volume<0)?0:(volume>128)?128:volume; |
114 |
MUTEX_UNLOCK(vars); |
115 |
} |
116 |
|
117 |
|
118 |
|
119 |
|
120 |
1.1 media-libs/libmikmod/files/libmikmod-3.2.0_beta2-CVE-2010-2546-2971.patch |
121 |
|
122 |
file : http://sources.gentoo.org/viewvc.cgi/gentoo-x86/media-libs/libmikmod/files/libmikmod-3.2.0_beta2-CVE-2010-2546-2971.patch?rev=1.1&view=markup |
123 |
plain: http://sources.gentoo.org/viewvc.cgi/gentoo-x86/media-libs/libmikmod/files/libmikmod-3.2.0_beta2-CVE-2010-2546-2971.patch?rev=1.1&content-type=text/plain |
124 |
|
125 |
Index: libmikmod-3.2.0_beta2-CVE-2010-2546-2971.patch |
126 |
=================================================================== |
127 |
Related: https://bugzilla.redhat.com/show_bug.cgi?id=614643#c6 |
128 |
Gentoo-bug: http://bugs.gentoo.org/335892 |
129 |
--- loaders/load_it.c.orig 2010-07-22 16:02:16.000000000 +0200 |
130 |
+++ loaders/load_it.c 2010-07-22 16:07:48.000000000 +0200 |
131 |
@@ -743,6 +743,8 @@ BOOL IT_Load(BOOL curious) |
132 |
#define IT_LoadEnvelope(name,type) \ |
133 |
ih. name##flg =_mm_read_UBYTE(modreader); \ |
134 |
ih. name##pts =_mm_read_UBYTE(modreader); \ |
135 |
+ if (ih. name##pts > ITENVCNT) \ |
136 |
+ ih. name##pts = ITENVCNT; \ |
137 |
ih. name##beg =_mm_read_UBYTE(modreader); \ |
138 |
ih. name##end =_mm_read_UBYTE(modreader); \ |
139 |
ih. name##susbeg=_mm_read_UBYTE(modreader); \ |
140 |
@@ -756,6 +758,8 @@ BOOL IT_Load(BOOL curious) |
141 |
#define IT_LoadEnvelope(name,type) \ |
142 |
ih. name/**/flg =_mm_read_UBYTE(modreader); \ |
143 |
ih. name/**/pts =_mm_read_UBYTE(modreader); \ |
144 |
+ if (ih. name/**/pts > ITENVCNT) \ |
145 |
+ ih. name/**/pts = ITENVCNT; \ |
146 |
ih. name/**/beg =_mm_read_UBYTE(modreader); \ |
147 |
ih. name/**/end =_mm_read_UBYTE(modreader); \ |
148 |
ih. name/**/susbeg=_mm_read_UBYTE(modreader); \ |
149 |
@@ -862,10 +866,6 @@ BOOL IT_Load(BOOL curious) |
150 |
#endif |
151 |
|
152 |
IT_ProcessEnvelope(vol); |
153 |
- /* fix for CVE-2009-3995 - snatched from SuSe's fix -- AW */ |
154 |
- if (ih.volpts>= ENVPOINTS) |
155 |
- ih.volpts = ENVPOINTS-1; |
156 |
- |
157 |
for(u=0;u<ih.volpts;u++) |
158 |
d->volenv[u].val=(ih.volnode[u]<<2); |
159 |
|
160 |
|
161 |
|
162 |
|
163 |
1.1 media-libs/libmikmod/files/libmikmod-3.2.0_beta2-pa-workaround.patch |
164 |
|
165 |
file : http://sources.gentoo.org/viewvc.cgi/gentoo-x86/media-libs/libmikmod/files/libmikmod-3.2.0_beta2-pa-workaround.patch?rev=1.1&view=markup |
166 |
plain: http://sources.gentoo.org/viewvc.cgi/gentoo-x86/media-libs/libmikmod/files/libmikmod-3.2.0_beta2-pa-workaround.patch?rev=1.1&content-type=text/plain |
167 |
|
168 |
Index: libmikmod-3.2.0_beta2-pa-workaround.patch |
169 |
=================================================================== |
170 |
Under padsp wrapper mikmod returns |
171 |
buffinf.fragments = -1; buffinf.bytes = -65535. |
172 |
Buggy oss emulation layer in pulseaudio. |
173 |
More details in upstream report: |
174 |
|
175 |
Gentoo-bug: http://bugs.gentoo.org/300525 |
176 |
Upstream-bug: https://bugs.freedesktop.org/show_bug.cgi?id=45643 |
177 |
diff --git a/drivers/drv_oss.c b/drivers/drv_oss.c |
178 |
index 27766f2..74864c2 100644 |
179 |
--- a/drivers/drv_oss.c |
180 |
+++ b/drivers/drv_oss.c |
181 |
@@ -327,7 +327,7 @@ static void OSS_Update(void) |
182 |
buffinf.fragments--; |
183 |
buffinf.fragsize = buffinf.bytes = buffersize; |
184 |
} |
185 |
- if(!buffinf.fragments) |
186 |
+ if(buffinf.fragments < 1) |
187 |
break; |
188 |
done=VC_WriteBytes(audiobuffer,buffinf.fragsize>buffinf.bytes? |
189 |
buffinf.bytes:buffinf.fragsize); |