diff options
| author |   Sergei Trofimovich <slyfox@gentoo.org> | 2012-02-06 21:46:32 +0000 |
|---|---|---|
| committer | Sergei Trofimovich <slyfox@gentoo.org> | 2012-02-06 21:46:32 +0000 |
| commit | 4011ea6f15fcdb7e2494791ae06e861811228ce3 (patch) | |
| tree | 016f93cf4330ac0e38e92b1c637a0cd1cd44441b /media-libs/libmikmod/files | |
| parent | Version bump. (diff) | |
| download | gentoo-2-4011ea6f15fcdb7e2494791ae06e861811228ce3.tar.gz gentoo-2-4011ea6f15fcdb7e2494791ae06e861811228ce3.tar.bz2 gentoo-2-4011ea6f15fcdb7e2494791ae06e861811228ce3.zip | |
Fixed sdl-mixer crash (bug #300525 reported by A.C.Heron and fixed by pva).
Fixed CVE-2009-3995, CVE-2009-3996 CVE-2010-2546 CVE-2010-2971 (security
bug #335892 by Stefan Behte fixes are pulled from upstream, redhat and suse).
Added workaround to avoid crash when libmikmod ran under padsp pulseaudio wrapper.
(Portage version: 2.2.0_alpha85/cvs/Linux x86_64)
Diffstat (limited to 'media-libs/libmikmod/files')
5 files changed, 126 insertions, 0 deletions
diff --git a/media-libs/libmikmod/files/libmikmod-3.2.0_beta2-CVE-2009-3995-3996.patch b/media-libs/libmikmod/files/libmikmod-3.2.0_beta2-CVE-2009-3995-3996.patch new file mode 100644 index 000000000000..1161e898e20d --- /dev/null +++ b/media-libs/libmikmod/files/libmikmod-3.2.0_beta2-CVE-2009-3995-3996.patch @@ -0,0 +1,35 @@ +#! /bin/sh /usr/share/dpatch/dpatch-run +## CVE-2009-3995f.dpatch by <aw@linux.de> +## +## All lines beginning with `## DP:' are a description of the patch. +## DP: Patch for CVE-2009-3995 and CVE-2009-3996 + +@DPATCH@ + +diff -Ndurp libmikmod-3.1.11/loaders/load_it.c libmikmod-3.1.11-fixed/loaders/load_it.c +--- libmikmod-3.1.11/loaders/load_it.c 2010-05-31 14:10:34.000000000 +0200 ++++ libmikmod-3.1.11-fixed/loaders/load_it.c 2010-05-31 14:10:10.000000000 +0200 +@@ -862,6 +862,10 @@ BOOL IT_Load(BOOL curious) + #endif + + IT_ProcessEnvelope(vol); ++ /* fix for CVE-2009-3995 - snatched from SuSe's fix -- AW */ ++ if (ih.volpts>= ENVPOINTS) ++ ih.volpts = ENVPOINTS-1; ++ + for(u=0;u<ih.volpts;u++) + d->volenv[u].val=(ih.volnode[u]<<2); + +diff -Ndurp libmikmod-3.1.11/loaders/load_ult.c libmikmod-3.1.11-fixed/loaders/load_ult.c +--- libmikmod-3.1.11/loaders/load_ult.c 2010-05-31 14:10:34.000000000 +0200 ++++ libmikmod-3.1.11-fixed/loaders/load_ult.c 2010-05-31 14:10:10.000000000 +0200 +@@ -224,6 +224,9 @@ BOOL ULT_Load(BOOL curious) + for(u=0;u<of.numchn;u++) + for(t=0;t<of.numpat;t++) + of.patterns[(t*of.numchn)+u]=tracks++; ++ /* fix for CVE-2009-3996 - snatched from SuSe's fix -- AW */ ++ if (of.numchn>=UF_MAXCHAN) ++ of.numchn=UF_MAXCHAN - 1; + + /* read pan position table for v1.5 and higher */ + if(mh.id[14]>='3') { diff --git a/media-libs/libmikmod/files/libmikmod-3.2.0_beta2-CVE-2010-2546-2971.patch b/media-libs/libmikmod/files/libmikmod-3.2.0_beta2-CVE-2010-2546-2971.patch new file mode 100644 index 000000000000..7e3bff18b25b --- /dev/null +++ b/media-libs/libmikmod/files/libmikmod-3.2.0_beta2-CVE-2010-2546-2971.patch @@ -0,0 +1,33 @@ +Related: https://bugzilla.redhat.com/show_bug.cgi?id=614643#c6 +Gentoo-bug: http://bugs.gentoo.org/335892 +--- loaders/load_it.c.orig 2010-07-22 16:02:16.000000000 +0200 ++++ loaders/load_it.c 2010-07-22 16:07:48.000000000 +0200 +@@ -743,6 +743,8 @@ BOOL IT_Load(BOOL curious) + #define IT_LoadEnvelope(name,type) \ + ih. name##flg =_mm_read_UBYTE(modreader); \ + ih. name##pts =_mm_read_UBYTE(modreader); \ ++ if (ih. name##pts > ITENVCNT) \ ++ ih. name##pts = ITENVCNT; \ + ih. name##beg =_mm_read_UBYTE(modreader); \ + ih. name##end =_mm_read_UBYTE(modreader); \ + ih. name##susbeg=_mm_read_UBYTE(modreader); \ +@@ -756,6 +758,8 @@ BOOL IT_Load(BOOL curious) + #define IT_LoadEnvelope(name,type) \ + ih. name/**/flg =_mm_read_UBYTE(modreader); \ + ih. name/**/pts =_mm_read_UBYTE(modreader); \ ++ if (ih. name/**/pts > ITENVCNT) \ ++ ih. name/**/pts = ITENVCNT; \ + ih. name/**/beg =_mm_read_UBYTE(modreader); \ + ih. name/**/end =_mm_read_UBYTE(modreader); \ + ih. name/**/susbeg=_mm_read_UBYTE(modreader); \ +@@ -862,10 +866,6 @@ BOOL IT_Load(BOOL curious) + #endif + + IT_ProcessEnvelope(vol); +- /* fix for CVE-2009-3995 - snatched from SuSe's fix -- AW */ +- if (ih.volpts>= ENVPOINTS) +- ih.volpts = ENVPOINTS-1; +- + for(u=0;u<ih.volpts;u++) + d->volenv[u].val=(ih.volnode[u]<<2); + diff --git a/media-libs/libmikmod/files/libmikmod-3.2.0_beta2-fix-unload-crash.patch b/media-libs/libmikmod/files/libmikmod-3.2.0_beta2-fix-unload-crash.patch new file mode 100644 index 000000000000..90d2a3bd2ac5 --- /dev/null +++ b/media-libs/libmikmod/files/libmikmod-3.2.0_beta2-fix-unload-crash.patch @@ -0,0 +1,22 @@ +Date: 15 Apr 2002 11:01:19 +0200 +From: Guillaume Cottenceau <gc@mandrakesoft.com> + +Unfortunately, I should have double checked that the following +fix (authored by Dave Goehrig <dave@cthulhu-burger.org>, not me), +was really in the CVS... it's not, as of stable 1.2.3 at least. +Please include it, it fixes a segfault on exiting a program which +disabled MOD music during its execution. + +Gentoo-bug: http://bugs.gentoo.org/300525 +diff -ru libmikmod-3.1.12.orig/playercode/virtch_common.c libmikmod-3.1.12/playercode/virtch_common.c +--- libmikmod-3.1.12.orig/playercode/virtch_common.c 2007-12-15 01:26:53.000000000 -0800 ++++ libmikmod-3.1.12/playercode/virtch_common.c 2009-10-05 00:37:12.000000000 -0700 +@@ -347,7 +347,7 @@ + + void VC1_SampleUnload(SWORD handle) + { +- if (handle<MAXSAMPLEHANDLES) { ++ if (Samples && handle<MAXSAMPLEHANDLES) { + if (Samples[handle]) + free(Samples[handle]); + Samples[handle]=NULL; diff --git a/media-libs/libmikmod/files/libmikmod-3.2.0_beta2-fix-vol-crash.patch b/media-libs/libmikmod/files/libmikmod-3.2.0_beta2-fix-vol-crash.patch new file mode 100644 index 000000000000..7e05b2fb4aca --- /dev/null +++ b/media-libs/libmikmod/files/libmikmod-3.2.0_beta2-fix-vol-crash.patch @@ -0,0 +1,16 @@ +Yi-Huang Han - Wed Oct 24 21:55:47 PDT 2001 + * Fixed MOD music volume when looping + +Gentoo-bug: http://bugs.gentoo.org/300525 +diff -ru libmikmod-3.1.12.orig/playercode/mplayer.c libmikmod-3.1.12/playercode/mplayer.c +--- libmikmod-3.1.12.orig/playercode/mplayer.c 2009-10-05 00:19:59.000000000 -0700 ++++ libmikmod-3.1.12/playercode/mplayer.c 2009-10-05 00:44:35.000000000 -0700 +@@ -3019,7 +3019,7 @@ + { + MUTEX_LOCK(vars); + if (pf) +- pf->volume=(volume<0)?0:(volume>128)?128:volume; ++ pf->volume=pf->initvolume=(volume<0)?0:(volume>128)?128:volume; + MUTEX_UNLOCK(vars); + } + diff --git a/media-libs/libmikmod/files/libmikmod-3.2.0_beta2-pa-workaround.patch b/media-libs/libmikmod/files/libmikmod-3.2.0_beta2-pa-workaround.patch new file mode 100644 index 000000000000..6e35912e6513 --- /dev/null +++ b/media-libs/libmikmod/files/libmikmod-3.2.0_beta2-pa-workaround.patch @@ -0,0 +1,20 @@ +Under padsp wrapper mikmod returns + buffinf.fragments = -1; buffinf.bytes = -65535. +Buggy oss emulation layer in pulseaudio. +More details in upstream report: + +Gentoo-bug: http://bugs.gentoo.org/300525 +Upstream-bug: https://bugs.freedesktop.org/show_bug.cgi?id=45643 +diff --git a/drivers/drv_oss.c b/drivers/drv_oss.c +index 27766f2..74864c2 100644 +--- a/drivers/drv_oss.c ++++ b/drivers/drv_oss.c +@@ -327,7 +327,7 @@ static void OSS_Update(void) + buffinf.fragments--; + buffinf.fragsize = buffinf.bytes = buffersize; + } +- if(!buffinf.fragments) ++ if(buffinf.fragments < 1) + break; + done=VC_WriteBytes(audiobuffer,buffinf.fragsize>buffinf.bytes? + buffinf.bytes:buffinf.fragsize); |