Hello community, here is the log from the commit of package libgme for openSUSE:Factory checked in at 2017-01-24 10:27:08 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/libgme (Old) and /work/SRC/openSUSE:Factory/.libgme.new (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "libgme" Changes: -------- --- /work/SRC/openSUSE:Factory/libgme/libgme.changes 2015-12-27 01:59:19.000000000 +0100 +++ /work/SRC/openSUSE:Factory/.libgme.new/libgme.changes 2017-01-24 10:27:09.995448903 +0100 @@ -1,0 +2,8 @@ +Fri Dec 16 11:16:04 UTC 2016 - [email protected] + +- Apply "cve-2016-9957.patch" to fix an arbitrary code execution + vulnerability that could have been exploited using specially + crafted SPC music files. [CVE-2016-9957, CVE-2016-9958, + CVE-2016-9959, CVE-2016-9960, CVE-2016-9961, bsc#1015941] + +------------------------------------------------------------------- New: ---- cve-2016-9957.patch ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ libgme.spec ++++++ --- /var/tmp/diff_new_pack.osndDw/_old 2017-01-24 10:27:10.443385365 +0100 +++ /var/tmp/diff_new_pack.osndDw/_new 2017-01-24 10:27:10.447384797 +0100 @@ -28,6 +28,7 @@ Source1: baselibs.conf # PATCH-FIX-UPSTREAM libgme-0.6.0-pkgconfig_path.patch http://code.google.com/p/game-music-emu/issues/detail?id=19 [email protected] -- Fix .pc installation path Patch0: libgme-0.6.0-pkgconfig_path.patch +Patch1: cve-2016-9957.patch BuildRequires: cmake BuildRequires: gcc-c++ BuildRequires: pkg-config @@ -75,6 +76,7 @@ %prep %setup -q -n game-music-emu-%{version} %patch0 +%patch1 -p1 sed -i 's/\r$//' changes.txt design.txt gme.txt license.txt readme.txt %build ++++++ cve-2016-9957.patch ++++++ diff -rubB gme-old/Spc_Cpu.h gme/Spc_Cpu.h Index: game-music-emu-0.6.0/gme/Spc_Cpu.h =================================================================== --- game-music-emu-0.6.0.orig/gme/Spc_Cpu.h 2016-12-16 12:06:53.981779435 +0100 +++ game-music-emu-0.6.0/gme/Spc_Cpu.h 2016-12-16 12:09:35.995506135 +0100 @@ -76,8 +76,8 @@ Inc., 51 Franklin Street, Fifth Floor, B // TODO: remove non-wrapping versions? #define SPC_NO_SP_WRAPAROUND 0 -#define SET_SP( v ) (sp = ram + 0x101 + (v)) -#define GET_SP() (sp - 0x101 - ram) +#define SET_SP( v ) (sp = ram + 0x101 + ((uint8_t) v)) +#define GET_SP() (uint8_t) (sp - 0x101 - ram) #if SPC_NO_SP_WRAPAROUND #define PUSH16( v ) (sp -= 2, SET_LE16( sp, v )) @@ -485,7 +485,7 @@ loop: case 0xAF: // MOV (X)+,A WRITE_DP( 0, x, a + no_read_before_write ); - x++; + x = (uint8_t) (x + 1); goto loop; // 5. 8-BIT LOGIC OPERATION COMMANDS @@ -808,7 +808,7 @@ loop: unsigned temp = y * a; a = (uint8_t) temp; nz = ((temp >> 1) | temp) & 0x7F; - y = temp >> 8; + y = (uint8_t) (temp >> 8); nz |= y; goto loop; } @@ -838,6 +838,7 @@ loop: nz = (uint8_t) a; a = (uint8_t) a; + y = (uint8_t) y; goto loop; } @@ -1004,7 +1005,7 @@ loop: case 0x7F: // RET1 temp = *sp; SET_PC( GET_LE16( sp + 1 ) ); - sp += 3; + SET_SP(GET_SP() + 3); goto set_psw; case 0x8E: // POP PSW POP( temp );
