Date: Thursday, September 5, 2013 @ 22:04:00
Author: eric
Revision: 193909
archrelease: copy trunk to extra-i686, extra-x86_64
Added:
libmodplug/repos/extra-i686/PKGBUILD
(from rev 193908, libmodplug/trunk/PKGBUILD)
libmodplug/repos/extra-i686/libmodplug-CVE-2013-4233-Fix.patch
(from rev 193908, libmodplug/trunk/libmodplug-CVE-2013-4233-Fix.patch)
libmodplug/repos/extra-i686/libmodplug-CVE-2013-4234-Fix.patch
(from rev 193908, libmodplug/trunk/libmodplug-CVE-2013-4234-Fix.patch)
libmodplug/repos/extra-x86_64/PKGBUILD
(from rev 193908, libmodplug/trunk/PKGBUILD)
libmodplug/repos/extra-x86_64/libmodplug-CVE-2013-4233-Fix.patch
(from rev 193908, libmodplug/trunk/libmodplug-CVE-2013-4233-Fix.patch)
libmodplug/repos/extra-x86_64/libmodplug-CVE-2013-4234-Fix.patch
(from rev 193908, libmodplug/trunk/libmodplug-CVE-2013-4234-Fix.patch)
Deleted:
libmodplug/repos/extra-i686/PKGBUILD
libmodplug/repos/extra-x86_64/PKGBUILD
-------------------------------------------------+
/PKGBUILD | 70 ++++++++++++++++
extra-i686/PKGBUILD | 28 ------
extra-i686/libmodplug-CVE-2013-4233-Fix.patch | 42 +++++++++
extra-i686/libmodplug-CVE-2013-4234-Fix.patch | 95 ++++++++++++++++++++++
extra-x86_64/PKGBUILD | 28 ------
extra-x86_64/libmodplug-CVE-2013-4233-Fix.patch | 42 +++++++++
extra-x86_64/libmodplug-CVE-2013-4234-Fix.patch | 95 ++++++++++++++++++++++
7 files changed, 344 insertions(+), 56 deletions(-)
Deleted: extra-i686/PKGBUILD
===================================================================
--- extra-i686/PKGBUILD 2013-09-05 20:03:19 UTC (rev 193908)
+++ extra-i686/PKGBUILD 2013-09-05 20:04:00 UTC (rev 193909)
@@ -1,28 +0,0 @@
-# $Id$
-# Maintainer:
-# Contributor: Jan de Groot <j...@archlinux.org>
-# Contributor: Patrick Leslie Polzer <leslie.pol...@gmx.net>
-
-pkgname=libmodplug
-pkgver=0.8.8.4
-pkgrel=1
-pkgdesc="A MOD playing library"
-arch=('i686' 'x86_64')
-url="http://modplug-xmms.sourceforge.net/";
-license=('custom')
-depends=('gcc-libs')
-options=('!libtool')
-source=("http://downloads.sourceforge.net/modplug-xmms/${pkgname}-${pkgver}.tar.gz";)
-md5sums=('fddc3c704c5489de2a3cf0fedfec59db')
-
-build() {
- cd "${srcdir}/${pkgname}-${pkgver}"
- ./configure --prefix=/usr
- make
-}
-
-package() {
- cd "${srcdir}/${pkgname}-${pkgver}"
- make DESTDIR="${pkgdir}" install
- install -D -m644 COPYING "${pkgdir}/usr/share/licenses/${pkgname}/LICENSE"
-}
Copied: libmodplug/repos/extra-i686/PKGBUILD (from rev 193908,
libmodplug/trunk/PKGBUILD)
===================================================================
--- extra-i686/PKGBUILD (rev 0)
+++ extra-i686/PKGBUILD 2013-09-05 20:04:00 UTC (rev 193909)
@@ -0,0 +1,35 @@
+# $Id$
+# Maintainer: Eric Bélanger <e...@archlinux.org>
+
+pkgname=libmodplug
+pkgver=0.8.8.4
+pkgrel=2
+pkgdesc="A MOD playing library"
+arch=('i686' 'x86_64')
+url="http://modplug-xmms.sourceforge.net/";
+license=('custom')
+depends=('gcc-libs')
+options=('!libtool')
+source=(http://downloads.sourceforge.net/modplug-xmms/${pkgname}-${pkgver}.tar.gz
+ libmodplug-CVE-2013-4233-Fix.patch libmodplug-CVE-2013-4234-Fix.patch)
+sha1sums=('df4deffe542b501070ccb0aee37d875ebb0c9e22'
+ 'daee7fba80f633236a3d09ad19225c57013140e9'
+ '2e870747261a86dce5056cbf077c5914e9e8b287')
+
+prepare() {
+ cd ${pkgname}-${pkgver}
+ patch -p2 -i "${srcdir}/libmodplug-CVE-2013-4233-Fix.patch"
+ patch -p2 -i "${srcdir}/libmodplug-CVE-2013-4234-Fix.patch"
+}
+
+build() {
+ cd ${pkgname}-${pkgver}
+ ./configure --prefix=/usr
+ make
+}
+
+package() {
+ cd ${pkgname}-${pkgver}
+ make DESTDIR="${pkgdir}" install
+ install -D -m644 COPYING "${pkgdir}/usr/share/licenses/${pkgname}/LICENSE"
+}
Copied: libmodplug/repos/extra-i686/libmodplug-CVE-2013-4233-Fix.patch (from
rev 193908, libmodplug/trunk/libmodplug-CVE-2013-4233-Fix.patch)
===================================================================
--- extra-i686/libmodplug-CVE-2013-4233-Fix.patch
(rev 0)
+++ extra-i686/libmodplug-CVE-2013-4233-Fix.patch 2013-09-05 20:04:00 UTC
(rev 193909)
@@ -0,0 +1,42 @@
+From c4d4e047862649a75f6dba905c613aff0df81309 Mon Sep 17 00:00:00 2001
+From: Konstanty Bialkowski <konsta...@ieee.org>
+Date: Wed, 14 Aug 2013 14:15:27 +1000
+Subject: [PATCH] CVE-2013-4233 Fix
+
+Integer overflow in j variable
+
+-- reported by Florian "Agix" Gaultier
+---
+ libmodplug/src/load_abc.cpp | 7 ++++---
+ 1 file changed, 4 insertions(+), 3 deletions(-)
+
+diff --git a/libmodplug/src/load_abc.cpp b/libmodplug/src/load_abc.cpp
+index 9f4b328..ecb7b62 100644
+--- a/libmodplug/src/load_abc.cpp
++++ b/libmodplug/src/load_abc.cpp
+@@ -1814,7 +1814,7 @@ static int abc_extract_tempo(const char *p, int invoice)
+
+ static void abc_set_parts(char **d, char *p)
+ {
+- int i,j,k,m,n;
++ int i,j,k,m,n,size;
+ char *q;
+ #ifdef NEWMIKMOD
+ static MM_ALLOC *h;
+@@ -1852,10 +1852,11 @@ static void abc_set_parts(char **d, char *p)
+ i += n-1;
+ }
+ }
+- q = (char *)_mm_calloc(h, j+1, sizeof(char)); // enough storage for
the worst case
++ size = (j + 1) > 0 ? j+1 : j;
++ q = (char *)_mm_calloc(h, size, sizeof(char)); // enough storage for
the worst case
+ // now copy bytes from p to *d, taking parens and digits in account
+ j = 0;
+- for( i=0; p[i] && p[i] != '%'; i++ ) {
++ for( i=0; p[i] && p[i] != '%' && j < size; i++ ) {
+ if( isdigit(p[i]) || isupper(p[i]) || p[i] == '(' || p[i] ==
')' ) {
+ if( p[i] == ')' ) {
+ for( n=j; n > 0 && q[n-1] != '('; n-- ) ;
// find open paren in q
+--
+1.8.4
+
Copied: libmodplug/repos/extra-i686/libmodplug-CVE-2013-4234-Fix.patch (from
rev 193908, libmodplug/trunk/libmodplug-CVE-2013-4234-Fix.patch)
===================================================================
--- extra-i686/libmodplug-CVE-2013-4234-Fix.patch
(rev 0)
+++ extra-i686/libmodplug-CVE-2013-4234-Fix.patch 2013-09-05 20:04:00 UTC
(rev 193909)
@@ -0,0 +1,95 @@
+From 5de53a46283e7c463115444a9339978011dab961 Mon Sep 17 00:00:00 2001
+From: Konstanty Bialkowski <konsta...@ieee.org>
+Date: Wed, 14 Aug 2013 15:15:09 +1000
+Subject: [PATCH] CVE-2013-4234 Fix
+
+Heap overflow in abc_MIDI_drum + abc_MIDI_gchord
+
+-- reported by Florian "Agix" Gaultier
+---
+ libmodplug/src/load_abc.cpp | 34 +++++++++++++++++++++++-----------
+ 1 file changed, 23 insertions(+), 11 deletions(-)
+
+diff --git a/libmodplug/src/load_abc.cpp b/libmodplug/src/load_abc.cpp
+index ecb7b62..dd9cc6b 100644
+--- a/libmodplug/src/load_abc.cpp
++++ b/libmodplug/src/load_abc.cpp
+@@ -3205,27 +3205,33 @@ static void abc_MIDI_chordname(const char *p)
+ static int abc_MIDI_drum(const char *p, ABCHANDLE *h)
+ {
+ char *q;
+- int i,n,m;
++ int i, n, m, len;
+ while( isspace(*p) ) p++;
+ if( !strncmp(p,"on",2) && (isspace(p[2]) || p[2] == '\0') ) return 2;
+ if( !strncmp(p,"off",3) && (isspace(p[3]) || p[3] == '\0') ) return 1;
+- n = 0;
++ n = 0; len = 0;
+ for( q = h->drum; *p && !isspace(*p); p++ ) {
+ if( !strchr("dz0123456789",*p) ) break;
+- *q++ = *p;
+- if( !isdigit(*p) ) {
+- if( !isdigit(p[1]) ) *q++ = '1';
++ *q++ = *p; len++;
++ if( !isdigit(*p) && len < sizeof(h->drum)-1 ) {
++ if( !isdigit(p[1]) ) { *q++ = '1'; len ++; }
+ n++; // count the silences too....
+ }
++ if (len >= sizeof(h->drum)-1) {
++ // consume the rest of the input
++ // definitely enough "drum last state" stored.
++ while ( *p && !isspace(*p) ) p++;
++ break;
++ }
+ }
+ *q = '\0';
+ q = h->drumins;
+ for( i = 0; i<n; i++ ) {
+ if( h->drum[i*2] == 'd' ) {
+- while( isspace(*p) ) p++;
++ while( *p && isspace(*p) ) p++;
+ if( !isdigit(*p) ) {
+ m = 0;
+- while( !isspace(*p) ) p++;
++ while( *p && !isspace(*p) ) p++;
+ }
+ else
+ p += abc_getnumber(p,&m);
+@@ -3236,10 +3242,10 @@ static int abc_MIDI_drum(const char *p, ABCHANDLE *h)
+ q = h->drumvol;
+ for( i = 0; i<n; i++ ) {
+ if( h->drum[i*2] == 'd' ) {
+- while( isspace(*p) ) p++;
++ while( *p && isspace(*p) ) p++;
+ if( !isdigit(*p) ) {
+ m = 0;
+- while( !isspace(*p) ) p++;
++ while( *p && !isspace(*p) ) p++;
+ }
+ else
+ p += abc_getnumber(p,&m);
+@@ -3254,13 +3260,19 @@ static int abc_MIDI_drum(const char *p, ABCHANDLE *h)
+ static int abc_MIDI_gchord(const char *p, ABCHANDLE *h)
+ {
+ char *q;
++ int len = 0;
+ while( isspace(*p) ) p++;
+ if( !strncmp(p,"on",2) && (isspace(p[2]) || p[2] == '\0') ) return 2;
+ if( !strncmp(p,"off",3) && (isspace(p[3]) || p[3] == '\0') ) return 1;
+ for( q = h->gchord; *p && !isspace(*p); p++ ) {
+ if( !strchr("fbcz0123456789ghijGHIJ",*p) ) break;
+- *q++ = *p;
+- if( !isdigit(*p) && !isdigit(p[1]) ) *q++ = '1';
++ *q++ = *p; len++;
++ if( !isdigit(*p) && len < sizeof(h->gchord)-1 && !isdigit(p[1])
) { *q++ = '1'; len ++; }
++ if (len >= sizeof(h->gchord)-1) {
++ // consume the rest of the input
++ // definitely enough "drum last state" stored.
++ while ( *p && !isspace(*p) ) p++;
++ }
+ }
+ *q = '\0';
+ return 0;
+--
+1.8.4
+
Deleted: extra-x86_64/PKGBUILD
===================================================================
--- extra-x86_64/PKGBUILD 2013-09-05 20:03:19 UTC (rev 193908)
+++ extra-x86_64/PKGBUILD 2013-09-05 20:04:00 UTC (rev 193909)
@@ -1,28 +0,0 @@
-# $Id$
-# Maintainer:
-# Contributor: Jan de Groot <j...@archlinux.org>
-# Contributor: Patrick Leslie Polzer <leslie.pol...@gmx.net>
-
-pkgname=libmodplug
-pkgver=0.8.8.4
-pkgrel=1
-pkgdesc="A MOD playing library"
-arch=('i686' 'x86_64')
-url="http://modplug-xmms.sourceforge.net/";
-license=('custom')
-depends=('gcc-libs')
-options=('!libtool')
-source=("http://downloads.sourceforge.net/modplug-xmms/${pkgname}-${pkgver}.tar.gz";)
-md5sums=('fddc3c704c5489de2a3cf0fedfec59db')
-
-build() {
- cd "${srcdir}/${pkgname}-${pkgver}"
- ./configure --prefix=/usr
- make
-}
-
-package() {
- cd "${srcdir}/${pkgname}-${pkgver}"
- make DESTDIR="${pkgdir}" install
- install -D -m644 COPYING "${pkgdir}/usr/share/licenses/${pkgname}/LICENSE"
-}
Copied: libmodplug/repos/extra-x86_64/PKGBUILD (from rev 193908,
libmodplug/trunk/PKGBUILD)
===================================================================
--- extra-x86_64/PKGBUILD (rev 0)
+++ extra-x86_64/PKGBUILD 2013-09-05 20:04:00 UTC (rev 193909)
@@ -0,0 +1,35 @@
+# $Id$
+# Maintainer: Eric Bélanger <e...@archlinux.org>
+
+pkgname=libmodplug
+pkgver=0.8.8.4
+pkgrel=2
+pkgdesc="A MOD playing library"
+arch=('i686' 'x86_64')
+url="http://modplug-xmms.sourceforge.net/";
+license=('custom')
+depends=('gcc-libs')
+options=('!libtool')
+source=(http://downloads.sourceforge.net/modplug-xmms/${pkgname}-${pkgver}.tar.gz
+ libmodplug-CVE-2013-4233-Fix.patch libmodplug-CVE-2013-4234-Fix.patch)
+sha1sums=('df4deffe542b501070ccb0aee37d875ebb0c9e22'
+ 'daee7fba80f633236a3d09ad19225c57013140e9'
+ '2e870747261a86dce5056cbf077c5914e9e8b287')
+
+prepare() {
+ cd ${pkgname}-${pkgver}
+ patch -p2 -i "${srcdir}/libmodplug-CVE-2013-4233-Fix.patch"
+ patch -p2 -i "${srcdir}/libmodplug-CVE-2013-4234-Fix.patch"
+}
+
+build() {
+ cd ${pkgname}-${pkgver}
+ ./configure --prefix=/usr
+ make
+}
+
+package() {
+ cd ${pkgname}-${pkgver}
+ make DESTDIR="${pkgdir}" install
+ install -D -m644 COPYING "${pkgdir}/usr/share/licenses/${pkgname}/LICENSE"
+}
Copied: libmodplug/repos/extra-x86_64/libmodplug-CVE-2013-4233-Fix.patch (from
rev 193908, libmodplug/trunk/libmodplug-CVE-2013-4233-Fix.patch)
===================================================================
--- extra-x86_64/libmodplug-CVE-2013-4233-Fix.patch
(rev 0)
+++ extra-x86_64/libmodplug-CVE-2013-4233-Fix.patch 2013-09-05 20:04:00 UTC
(rev 193909)
@@ -0,0 +1,42 @@
+From c4d4e047862649a75f6dba905c613aff0df81309 Mon Sep 17 00:00:00 2001
+From: Konstanty Bialkowski <konsta...@ieee.org>
+Date: Wed, 14 Aug 2013 14:15:27 +1000
+Subject: [PATCH] CVE-2013-4233 Fix
+
+Integer overflow in j variable
+
+-- reported by Florian "Agix" Gaultier
+---
+ libmodplug/src/load_abc.cpp | 7 ++++---
+ 1 file changed, 4 insertions(+), 3 deletions(-)
+
+diff --git a/libmodplug/src/load_abc.cpp b/libmodplug/src/load_abc.cpp
+index 9f4b328..ecb7b62 100644
+--- a/libmodplug/src/load_abc.cpp
++++ b/libmodplug/src/load_abc.cpp
+@@ -1814,7 +1814,7 @@ static int abc_extract_tempo(const char *p, int invoice)
+
+ static void abc_set_parts(char **d, char *p)
+ {
+- int i,j,k,m,n;
++ int i,j,k,m,n,size;
+ char *q;
+ #ifdef NEWMIKMOD
+ static MM_ALLOC *h;
+@@ -1852,10 +1852,11 @@ static void abc_set_parts(char **d, char *p)
+ i += n-1;
+ }
+ }
+- q = (char *)_mm_calloc(h, j+1, sizeof(char)); // enough storage for
the worst case
++ size = (j + 1) > 0 ? j+1 : j;
++ q = (char *)_mm_calloc(h, size, sizeof(char)); // enough storage for
the worst case
+ // now copy bytes from p to *d, taking parens and digits in account
+ j = 0;
+- for( i=0; p[i] && p[i] != '%'; i++ ) {
++ for( i=0; p[i] && p[i] != '%' && j < size; i++ ) {
+ if( isdigit(p[i]) || isupper(p[i]) || p[i] == '(' || p[i] ==
')' ) {
+ if( p[i] == ')' ) {
+ for( n=j; n > 0 && q[n-1] != '('; n-- ) ;
// find open paren in q
+--
+1.8.4
+
Copied: libmodplug/repos/extra-x86_64/libmodplug-CVE-2013-4234-Fix.patch (from
rev 193908, libmodplug/trunk/libmodplug-CVE-2013-4234-Fix.patch)
===================================================================
--- extra-x86_64/libmodplug-CVE-2013-4234-Fix.patch
(rev 0)
+++ extra-x86_64/libmodplug-CVE-2013-4234-Fix.patch 2013-09-05 20:04:00 UTC
(rev 193909)
@@ -0,0 +1,95 @@
+From 5de53a46283e7c463115444a9339978011dab961 Mon Sep 17 00:00:00 2001
+From: Konstanty Bialkowski <konsta...@ieee.org>
+Date: Wed, 14 Aug 2013 15:15:09 +1000
+Subject: [PATCH] CVE-2013-4234 Fix
+
+Heap overflow in abc_MIDI_drum + abc_MIDI_gchord
+
+-- reported by Florian "Agix" Gaultier
+---
+ libmodplug/src/load_abc.cpp | 34 +++++++++++++++++++++++-----------
+ 1 file changed, 23 insertions(+), 11 deletions(-)
+
+diff --git a/libmodplug/src/load_abc.cpp b/libmodplug/src/load_abc.cpp
+index ecb7b62..dd9cc6b 100644
+--- a/libmodplug/src/load_abc.cpp
++++ b/libmodplug/src/load_abc.cpp
+@@ -3205,27 +3205,33 @@ static void abc_MIDI_chordname(const char *p)
+ static int abc_MIDI_drum(const char *p, ABCHANDLE *h)
+ {
+ char *q;
+- int i,n,m;
++ int i, n, m, len;
+ while( isspace(*p) ) p++;
+ if( !strncmp(p,"on",2) && (isspace(p[2]) || p[2] == '\0') ) return 2;
+ if( !strncmp(p,"off",3) && (isspace(p[3]) || p[3] == '\0') ) return 1;
+- n = 0;
++ n = 0; len = 0;
+ for( q = h->drum; *p && !isspace(*p); p++ ) {
+ if( !strchr("dz0123456789",*p) ) break;
+- *q++ = *p;
+- if( !isdigit(*p) ) {
+- if( !isdigit(p[1]) ) *q++ = '1';
++ *q++ = *p; len++;
++ if( !isdigit(*p) && len < sizeof(h->drum)-1 ) {
++ if( !isdigit(p[1]) ) { *q++ = '1'; len ++; }
+ n++; // count the silences too....
+ }
++ if (len >= sizeof(h->drum)-1) {
++ // consume the rest of the input
++ // definitely enough "drum last state" stored.
++ while ( *p && !isspace(*p) ) p++;
++ break;
++ }
+ }
+ *q = '\0';
+ q = h->drumins;
+ for( i = 0; i<n; i++ ) {
+ if( h->drum[i*2] == 'd' ) {
+- while( isspace(*p) ) p++;
++ while( *p && isspace(*p) ) p++;
+ if( !isdigit(*p) ) {
+ m = 0;
+- while( !isspace(*p) ) p++;
++ while( *p && !isspace(*p) ) p++;
+ }
+ else
+ p += abc_getnumber(p,&m);
+@@ -3236,10 +3242,10 @@ static int abc_MIDI_drum(const char *p, ABCHANDLE *h)
+ q = h->drumvol;
+ for( i = 0; i<n; i++ ) {
+ if( h->drum[i*2] == 'd' ) {
+- while( isspace(*p) ) p++;
++ while( *p && isspace(*p) ) p++;
+ if( !isdigit(*p) ) {
+ m = 0;
+- while( !isspace(*p) ) p++;
++ while( *p && !isspace(*p) ) p++;
+ }
+ else
+ p += abc_getnumber(p,&m);
+@@ -3254,13 +3260,19 @@ static int abc_MIDI_drum(const char *p, ABCHANDLE *h)
+ static int abc_MIDI_gchord(const char *p, ABCHANDLE *h)
+ {
+ char *q;
++ int len = 0;
+ while( isspace(*p) ) p++;
+ if( !strncmp(p,"on",2) && (isspace(p[2]) || p[2] == '\0') ) return 2;
+ if( !strncmp(p,"off",3) && (isspace(p[3]) || p[3] == '\0') ) return 1;
+ for( q = h->gchord; *p && !isspace(*p); p++ ) {
+ if( !strchr("fbcz0123456789ghijGHIJ",*p) ) break;
+- *q++ = *p;
+- if( !isdigit(*p) && !isdigit(p[1]) ) *q++ = '1';
++ *q++ = *p; len++;
++ if( !isdigit(*p) && len < sizeof(h->gchord)-1 && !isdigit(p[1])
) { *q++ = '1'; len ++; }
++ if (len >= sizeof(h->gchord)-1) {
++ // consume the rest of the input
++ // definitely enough "drum last state" stored.
++ while ( *p && !isspace(*p) ) p++;
++ }
+ }
+ *q = '\0';
+ return 0;
+--
+1.8.4
+
