libmikmod: apply patch for CVE-2010-2971

Signed-off-by: Chris Larson <chris_larson@mentor.com>

diff --git a/recipes/libmikmod/libmikmod/CVE-2010-2971.patch b/recipes/libmikmod/libmikmod/CVE-2010-2971.patch
new file mode 100644 (file)
index 0000000..94ea8f5
--- /dev/null
+++ b/recipes/libmikmod/libmikmod/CVE-2010-2971.patch
@@ -0,0 +1,24 @@
+---
+ loaders/load_it.c |    4 ++++
+ 1 file changed, 4 insertions(+)
+
+--- libmikmod-3.1.12.orig/loaders/load_it.c
++++ libmikmod-3.1.12/loaders/load_it.c
+@@ -743,6 +743,8 @@ BOOL IT_Load(BOOL curious)
+ #define IT_LoadEnvelope(name,type)                                                                            \
+                               ih. name##flg   =_mm_read_UBYTE(modreader);                             \
+                               ih. name##pts   =_mm_read_UBYTE(modreader);                             \
++                              if (ih. name##pts > ITENVCNT)                                                   \
++                                      ih. name##pts = ITENVCNT;                                                       \
+                               ih. name##beg   =_mm_read_UBYTE(modreader);                             \
+                               ih. name##end   =_mm_read_UBYTE(modreader);                             \
+                               ih. name##susbeg=_mm_read_UBYTE(modreader);                             \
+@@ -756,6 +758,8 @@ BOOL IT_Load(BOOL curious)
+ #define IT_LoadEnvelope(name,type)                                                                            \
+                               ih. name/**/flg   =_mm_read_UBYTE(modreader);                   \
+                               ih. name/**/pts   =_mm_read_UBYTE(modreader);                   \
++                              if (ih. name/**/pts > ITENVCNT)                                                 \
++                                      ih. name/**/pts = ITENVCNT;                                                     \
+                               ih. name/**/beg   =_mm_read_UBYTE(modreader);                   \
+                               ih. name/**/end   =_mm_read_UBYTE(modreader);                   \
+                               ih. name/**/susbeg=_mm_read_UBYTE(modreader);                   \

diff --git a/recipes/libmikmod/libmikmod_3.1.12.bb b/recipes/libmikmod/libmikmod_3.1.12.bb
index fdc87ce..cf7b0f0 100644 (file)
--- a/recipes/libmikmod/libmikmod_3.1.12.bb
+++ b/recipes/libmikmod/libmikmod_3.1.12.bb
@@ -2,13 +2,14 @@ DESCRIPTION = "libmikmod is a module player library supporting many formats, inc
 SECTION = "libs"
 PRIORITY = "optional"
 LICENSE = "LGPL"
-PR = "r3"
+PR = "r4"
 
 SRC_URI = "\
   ${SOURCEFORGE_MIRROR}/mikmod/libmikmod-${PV}.tar.gz \
   file://m4.patch \
   file://autofoo.patch \
   file://ldflags.patch \
+  file://CVE-2010-2971.patch \
 "
 
 inherit autotools binconfig

diff --git a/recipes/libmikmod/libmikmod_3.2.0-beta2.bb b/recipes/libmikmod/libmikmod_3.2.0-beta2.bb
index d692f1a..b54994b 100644 (file)
--- a/recipes/libmikmod/libmikmod_3.2.0-beta2.bb
+++ b/recipes/libmikmod/libmikmod_3.2.0-beta2.bb
@@ -3,7 +3,7 @@ SECTION = "libs"
 PRIORITY = "optional"
 LICENSE = "LGPL"
 
-PR="r2"
+PR = "r3"
 
 DEFAULT_PREFERENCE = "-1"
 
@@ -13,6 +13,7 @@ SRC_URI = "\
   http://mikmod.raphnet.net/files/libmikmod-${PV}.tar.gz \
   file://m4.patch \
   file://autofoo.patch \
+  file://CVE-2010-2971.patch \
 "
 
 inherit autotools binconfig