[oe-commits] Chris Larson : libmikmod: apply patch for CVE-2010-2971

git version control git at git.openembedded.org
Fri Jan 21 18:52:32 UTC 2011 

Module: openembedded.git
Branch: master
Commit: 4880cfd0217466c737c14f5fe7687baa0a01c00d
URL:    http://gitweb.openembedded.net/?p=openembedded.git&a=commit;h=4880cfd0217466c737c14f5fe7687baa0a01c00d

Author: Chris Larson <chris_larson at mentor.com>
Date:   Tue Jan 18 12:22:23 2011 -0500

libmikmod: apply patch for CVE-2010-2971

Signed-off-by: Chris Larson <chris_larson at mentor.com>

---

 recipes/libmikmod/libmikmod/CVE-2010-2971.patch |   24 +++++++++++++++++++++++
 recipes/libmikmod/libmikmod_3.1.12.bb           |    3 +-
 recipes/libmikmod/libmikmod_3.2.0-beta2.bb      |    3 +-
 3 files changed, 28 insertions(+), 2 deletions(-)

diff --git a/recipes/libmikmod/libmikmod/CVE-2010-2971.patch b/recipes/libmikmod/libmikmod/CVE-2010-2971.patch
new file mode 100644
index 0000000..94ea8f5
--- /dev/null
+++ b/recipes/libmikmod/libmikmod/CVE-2010-2971.patch
@@ -0,0 +1,24 @@
+---
+ loaders/load_it.c |    4 ++++
+ 1 file changed, 4 insertions(+)
+
+--- libmikmod-3.1.12.orig/loaders/load_it.c
++++ libmikmod-3.1.12/loaders/load_it.c
+@@ -743,6 +743,8 @@ BOOL IT_Load(BOOL curious)
+ #define IT_LoadEnvelope(name,type) 										\
+				ih. name##flg   =_mm_read_UBYTE(modreader);				\
+				ih. name##pts   =_mm_read_UBYTE(modreader);				\
++				if (ih. name##pts > ITENVCNT)							\
++					ih. name##pts = ITENVCNT;							\
+				ih. name##beg   =_mm_read_UBYTE(modreader);				\
+				ih. name##end   =_mm_read_UBYTE(modreader);				\
+				ih. name##susbeg=_mm_read_UBYTE(modreader);				\
+@@ -756,6 +758,8 @@ BOOL IT_Load(BOOL curious)
+ #define IT_LoadEnvelope(name,type) 										\
+				ih. name/**/flg   =_mm_read_UBYTE(modreader);			\
+				ih. name/**/pts   =_mm_read_UBYTE(modreader);			\
++				if (ih. name/**/pts > ITENVCNT)							\
++					ih. name/**/pts = ITENVCNT;							\
+				ih. name/**/beg   =_mm_read_UBYTE(modreader);			\
+				ih. name/**/end   =_mm_read_UBYTE(modreader);			\
+				ih. name/**/susbeg=_mm_read_UBYTE(modreader);			\
diff --git a/recipes/libmikmod/libmikmod_3.1.12.bb b/recipes/libmikmod/libmikmod_3.1.12.bb
index fdc87ce..cf7b0f0 100644
--- a/recipes/libmikmod/libmikmod_3.1.12.bb
+++ b/recipes/libmikmod/libmikmod_3.1.12.bb
@@ -2,13 +2,14 @@ DESCRIPTION = "libmikmod is a module player library supporting many formats, inc
 SECTION = "libs"
 PRIORITY = "optional"
 LICENSE = "LGPL"
-PR = "r3"
+PR = "r4"
 
 SRC_URI = "\
   ${SOURCEFORGE_MIRROR}/mikmod/libmikmod-${PV}.tar.gz \
   file://m4.patch \
   file://autofoo.patch \
   file://ldflags.patch \
+  file://CVE-2010-2971.patch \
 "
 
 inherit autotools binconfig
diff --git a/recipes/libmikmod/libmikmod_3.2.0-beta2.bb b/recipes/libmikmod/libmikmod_3.2.0-beta2.bb
index d692f1a..b54994b 100644
--- a/recipes/libmikmod/libmikmod_3.2.0-beta2.bb
+++ b/recipes/libmikmod/libmikmod_3.2.0-beta2.bb
@@ -3,7 +3,7 @@ SECTION = "libs"
 PRIORITY = "optional"
 LICENSE = "LGPL"
 
-PR="r2"
+PR = "r3"
 
 DEFAULT_PREFERENCE = "-1"
 
@@ -13,6 +13,7 @@ SRC_URI = "\
   http://mikmod.raphnet.net/files/libmikmod-${PV}.tar.gz \
   file://m4.patch \
   file://autofoo.patch \
+  file://CVE-2010-2971.patch \
 "
 
 inherit autotools binconfig

More information about the Openembedded-commits mailing list