From 00080e7a1c03f6b1a927228e76a6c8ea1834cc355b8343bdadd806ff508dd9ed Mon Sep 17 00:00:00 2001
From: OBS User autobuild <null@suse.de>
Date: Wed, 21 Apr 2010 16:35:57 +0000
Subject: [PATCH] Accepting request 38433 from multimedia:libs

Copy from multimedia:libs/libmikmod based on submit request 38433 from user prusnak

OBS-URL: https://build.opensuse.org/request/show/38433
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/libmikmod?expand=0&rev=14
---
 libmikmod-3.1.12-CVE-2009-3995,3996.diff | 31 ++++++++++++++++++++++++
 libmikmod.changes                        |  5 ++++
 libmikmod.spec                           |  6 +++--
 3 files changed, 40 insertions(+), 2 deletions(-)
 create mode 100644 libmikmod-3.1.12-CVE-2009-3995,3996.diff

diff --git a/libmikmod-3.1.12-CVE-2009-3995,3996.diff b/libmikmod-3.1.12-CVE-2009-3995,3996.diff
new file mode 100644
index 0000000..1d2b7ad
--- /dev/null
+++ b/libmikmod-3.1.12-CVE-2009-3995,3996.diff
@@ -0,0 +1,31 @@
+Index: loaders/load_it.c
+===================================================================
+--- loaders/load_it.c.orig
++++ loaders/load_it.c
+@@ -862,6 +862,11 @@ BOOL IT_Load(BOOL curious)
+ #endif
+ 
+ 				IT_ProcessEnvelope(vol);
++			
++				// Secunia SA37775
++				if (ih.volpts>= ENVPOINTS)
++					ih.volpts = ENVPOINTS-1;
++				
+ 				for(u=0;u<ih.volpts;u++)
+ 					d->volenv[u].val=(ih.volnode[u]<<2);
+ 
+Index: loaders/load_ult.c
+===================================================================
+--- loaders/load_ult.c.orig
++++ loaders/load_ult.c
+@@ -225,6 +225,10 @@ BOOL ULT_Load(BOOL curious)
+ 		for(t=0;t<of.numpat;t++)
+ 			of.patterns[(t*of.numchn)+u]=tracks++;
+ 
++	// SA37775
++	if (of.numchn>=UF_MAXCHAN)
++		of.numchn=UF_MAXCHAN - 1;
++	
+ 	/* read pan position table for v1.5 and higher */
+ 	if(mh.id[14]>='3') {
+ 		for(t=0;t<of.numchn;t++) of.panning[t]=_mm_read_UBYTE(modreader)<<4;
diff --git a/libmikmod.changes b/libmikmod.changes
index aa7ea02..c16df79 100644
--- a/libmikmod.changes
+++ b/libmikmod.changes
@@ -1,3 +1,8 @@
+-------------------------------------------------------------------
+Wed Apr 21 15:03:19 CEST 2010 - prusnak@suse.cz
+
+- fixed CVE-2009-3995 and CVE-2009-3996 [bnc#577875]
+
 -------------------------------------------------------------------
 Mon Dec 21 15:01:16 UTC 2009 - prusnak@suse.cz
 
diff --git a/libmikmod.spec b/libmikmod.spec
index f039bed..f36ddb3 100644
--- a/libmikmod.spec
+++ b/libmikmod.spec
@@ -1,7 +1,7 @@
 #
 # spec file for package libmikmod (Version 3.1.12)
 #
-# Copyright (c) 2009 SUSE LINUX Products GmbH, Nuernberg, Germany.
+# Copyright (c) 2010 SUSE LINUX Products GmbH, Nuernberg, Germany.
 #
 # All modifications and additions to the file contributed by third parties
 # remain the property of their copyright owners, unless otherwise agreed
@@ -25,7 +25,7 @@ License:        LGPLv2.1+
 Group:          System/Libraries
 Summary:        MikMod Sound Library
 Version:        3.1.12
-Release:        1
+Release:        2
 # bug437293
 %ifarch ppc64
 Obsoletes:      libmikmod-64bit
@@ -42,6 +42,7 @@ Patch4:         %{name}-3.1.12-config-fix.diff
 Patch5:         %{name}-3.1.12-conftest_fix.diff
 Patch6:         %{name}-3.1.12-exitcrash-fix.diff
 Patch7:         %{name}-3.1.12-loopingvolume-fix.diff
+Patch8:         %{name}-3.1.12-CVE-2009-3995,3996.diff
 BuildRoot:      %{_tmppath}/%{name}-%{version}-build
 
 %description
@@ -87,6 +88,7 @@ mtm, xm, and it.
 %patch5
 %patch6 -p1
 %patch7 -p1
+%patch8
 
 %build
 autoreconf -f -i