From 61a997e90983331c9618463c3d9761ade294cdaa72ce631095c601898fc31517 Mon Sep 17 00:00:00 2001 From: OBS User unknown Date: Fri, 23 Jan 2009 22:46:08 +0000 Subject: [PATCH] OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/libmikmod?expand=0&rev=9 --- libmikmod-CVE-2007-6720.diff | 31 +++++++++++++++++++++++++++++++ libmikmod.changes | 13 +++++++++---- libmikmod.spec | 6 +++++- 3 files changed, 45 insertions(+), 5 deletions(-) create mode 100644 libmikmod-CVE-2007-6720.diff diff --git a/libmikmod-CVE-2007-6720.diff b/libmikmod-CVE-2007-6720.diff new file mode 100644 index 0000000..5d22fb4 --- /dev/null +++ b/libmikmod-CVE-2007-6720.diff @@ -0,0 +1,31 @@ +--- loaders/load_xm.c ++++ loaders/load_xm.c +@@ -622,7 +622,8 @@ + /* read the remainder of the header */ + for(u=headend-_mm_ftell(modreader);u;u--) _mm_read_UBYTE(modreader); + +- if(_mm_eof(modreader)) { ++ /* last instrument is at the end of file in version 0x0104 */ ++ if(_mm_eof(modreader) && (mh->version<0x0104 || tInit || l->Init()) { + _mm_rewind(modreader); + ok = l->Load(curious); +- /* propagate inflags=flags for in-module samples */ +- for (t = 0; t < of.numsmp; t++) +- if (of.samples[t].inflags == 0) +- of.samples[t].inflags = of.samples[t].flags; ++ if (ok) { ++ /* propagate inflags=flags for in-module samples */ ++ for (t = 0; t < of.numsmp; t++) ++ if (of.samples[t].inflags == 0) ++ of.samples[t].inflags = of.samples[t].flags; ++ } + } else + ok = 0; + diff --git a/libmikmod.changes b/libmikmod.changes index 7c0cfae..096d686 100644 --- a/libmikmod.changes +++ b/libmikmod.changes @@ -1,7 +1,12 @@ +------------------------------------------------------------------- +Fri Jan 23 16:44:16 CET 2009 - prusnak@suse.cz + +- fixed DoS CVE-2007-6720 [bnc#468760] + ------------------------------------------------------------------- Fri Jan 9 13:37:54 CET 2009 - crrodriguez@suse.de -- remove static libraries and "la" files +- remove static libraries and "la" files ------------------------------------------------------------------- Wed Jan 7 12:34:56 CET 2009 - olh@suse.de @@ -57,7 +62,7 @@ Thu Sep 8 17:24:37 CEST 2005 - pth@suse.de ------------------------------------------------------------------- Tue Sep 6 02:04:59 CEST 2005 - jpr@suse.de -- Make sure libmikmod-config reports libdir correctly on all +- Make sure libmikmod-config reports libdir correctly on all architectures (96912) ------------------------------------------------------------------- @@ -103,7 +108,7 @@ Tue Aug 6 11:24:59 CEST 2002 - adrian@suse.de ------------------------------------------------------------------- Tue Jun 4 02:30:16 CEST 2002 - ro@suse.de -- fix file list +- fix file list ------------------------------------------------------------------- Fri May 31 20:25:10 CEST 2002 - adrian@suse.de @@ -138,7 +143,7 @@ Fri Jun 16 17:41:55 CEST 2000 - adrian@suse.de ------------------------------------------------------------------- Fri Jun 2 16:37:17 CEST 2000 - uli@suse.de -- moved docs to %{_docdir} +- moved docs to %{_docdir} ------------------------------------------------------------------- Thu Mar 2 15:30:24 CET 2000 - uli@suse.de diff --git a/libmikmod.spec b/libmikmod.spec index 25f31ca..2ffbb0d 100644 --- a/libmikmod.spec +++ b/libmikmod.spec @@ -25,7 +25,7 @@ License: LGPL v2.1 or later Group: System/Libraries Summary: MikMod Sound Library Version: 3.1.11a -Release: 113 +Release: 114 %define _version 3.1.11 # bug437293 %ifarch ppc64 @@ -38,6 +38,7 @@ Patch1: libmikmod.diff Source2: libmikmod-rpmlintrc Patch3: libmikmod-config-fix.dif Patch4: libmikmod-conftest_fix.diff +Patch5: libmikmod-CVE-2007-6720.diff BuildRoot: %{_tmppath}/%{name}-%{version}-build %description @@ -79,6 +80,7 @@ mtm, xm, and it. %patch1 %patch3 %patch4 +%patch5 %build autoreconf -f -i @@ -119,6 +121,8 @@ rm -rf $RPM_BUILD_ROOT %doc %{_mandir}/man1/*-config.* %changelog +* Fri Jan 23 2009 prusnak@suse.cz +- fixed DoS CVE-2007-6720 [bnc#468760] * Fri Jan 09 2009 crrodriguez@suse.de - remove static libraries and "la" files * Wed Jan 07 2009 olh@suse.de