pool/libgme
SHA256
4
0
Fork 1
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

- Apply "cve-2016-9957.patch" to fix an arbitrary code execution

Browse Source 
vulnerability that could have been exploited using specially
  crafted SPC music files. [CVE-2016-9957, CVE-2016-9958,
  CVE-2016-9959, CVE-2016-9960, CVE-2016-9961, bsc#1015941]

OBS-URL: https://build.opensuse.org/package/show/multimedia:libs/libgme?expand=0&rev=14
This commit is contained in:
Olaf Hering 2017-01-09 14:11:58 +00:00 committed by Git OBS Bridge
parent 7520ae6bb8
commit 4526e3b58c
3 changed files with 61 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

51
cve-2016-9957.patch Normal file
View File

@ -0,0 +1,51 @@
diff -rubB gme-old/Spc_Cpu.h gme/Spc_Cpu.h
Index: game-music-emu-0.6.0/gme/Spc_Cpu.h
===================================================================
--- game-music-emu-0.6.0.orig/gme/Spc_Cpu.h 2016-12-16 12:06:53.981779435 +0100
+++ game-music-emu-0.6.0/gme/Spc_Cpu.h 2016-12-16 12:09:35.995506135 +0100
@@ -76,8 +76,8 @@ Inc., 51 Franklin Street, Fifth Floor, B
// TODO: remove non-wrapping versions?
#define SPC_NO_SP_WRAPAROUND 0
-#define SET_SP( v ) (sp = ram + 0x101 + (v))
-#define GET_SP() (sp - 0x101 - ram)
+#define SET_SP( v ) (sp = ram + 0x101 + ((uint8_t) v))
+#define GET_SP() (uint8_t) (sp - 0x101 - ram)
#if SPC_NO_SP_WRAPAROUND
#define PUSH16( v ) (sp -= 2, SET_LE16( sp, v ))
@@ -485,7 +485,7 @@ loop:
case 0xAF: // MOV (X)+,A
WRITE_DP( 0, x, a + no_read_before_write );
- x++;
+ x = (uint8_t) (x + 1);
goto loop;
// 5. 8-BIT LOGIC OPERATION COMMANDS
@@ -808,7 +808,7 @@ loop:
unsigned temp = y * a;
a = (uint8_t) temp;
nz = ((temp >> 1) | temp) & 0x7F;
- y = temp >> 8;
+ y = (uint8_t) (temp >> 8);
nz |= y;
goto loop;
}
@@ -838,6 +838,7 @@ loop:
nz = (uint8_t) a;
a = (uint8_t) a;
+ y = (uint8_t) y;
goto loop;
}
@@ -1004,7 +1005,7 @@ loop:
case 0x7F: // RET1
temp = *sp;
SET_PC( GET_LE16( sp + 1 ) );
- sp += 3;
+ SET_SP(GET_SP() + 3);
goto set_psw;
case 0x8E: // POP PSW
POP( temp );

8
libgme.changes
View File

@ -1,3 +1,11 @@
-------------------------------------------------------------------
Fri Dec 16 11:16:04 UTC 2016 - psimons@suse.com
- Apply "cve-2016-9957.patch" to fix an arbitrary code execution
vulnerability that could have been exploited using specially
crafted SPC music files. [CVE-2016-9957, CVE-2016-9958,
CVE-2016-9959, CVE-2016-9960, CVE-2016-9961, bsc#1015941]
------------------------------------------------------------------- -------------------------------------------------------------------
Wed Dec 23 13:09:47 UTC 2015 - mpluskal@suse.com Wed Dec 23 13:09:47 UTC 2015 - mpluskal@suse.com

2
libgme.spec
View File

@ -28,6 +28,7 @@ Source0: https://bitbucket.org/mpyne/game-music-emu/downloads/game-music-
Source1: baselibs.conf Source1: baselibs.conf
# PATCH-FIX-UPSTREAM libgme-0.6.0-pkgconfig_path.patch http://code.google.com/p/game-music-emu/issues/detail?id=19 reddwarf@opensuse.org -- Fix .pc installation path # PATCH-FIX-UPSTREAM libgme-0.6.0-pkgconfig_path.patch http://code.google.com/p/game-music-emu/issues/detail?id=19 reddwarf@opensuse.org -- Fix .pc installation path
Patch0: libgme-0.6.0-pkgconfig_path.patch Patch0: libgme-0.6.0-pkgconfig_path.patch
Patch1: cve-2016-9957.patch
BuildRequires: cmake BuildRequires: cmake
BuildRequires: gcc-c++ BuildRequires: gcc-c++
BuildRequires: pkg-config BuildRequires: pkg-config
@ -75,6 +76,7 @@ which use libgme.
%prep %prep
%setup -q -n game-music-emu-%{version} %setup -q -n game-music-emu-%{version}
%patch0 %patch0
%patch1 -p1
sed -i 's/\r$//' changes.txt design.txt gme.txt license.txt readme.txt sed -i 's/\r$//' changes.txt design.txt gme.txt license.txt readme.txt
%build %build