debian/0000755000000000000000000000000012154446420007170 5ustar debian/libdumb1.docs0000644000000000000000000000003112154442107011531 0ustar docs examples readme.txt debian/libaldmb1.docs0000644000000000000000000000003112154445135011665 0ustar docs examples readme.txt debian/rules0000755000000000000000000000534312154446326010262 0ustar #!/usr/bin/make -f # debian/rules for libdumb - uses debhelper. # Uncomment this to turn on verbose mode. #export DH_VERBOSE=1 CFLAGS := $(shell dpkg-buildflags --get CFLAGS) LDFLAGS := $(shell dpkg-buildflags --get LDFLAGS) DEB_HOST_MULTIARCH ?= $(shell dpkg-architecture -qDEB_HOST_MULTIARCH) # Compilation options export CONFIG_FLAGS="--prefix=/usr" %: dh $@ --parallel override_dh_auto_clean: $(MAKE) veryclean rm -f `find -name '*.a'` make/dumbask make/config.txt rm -Rf obj/unix/release/ lib/unix/ rm -f libdumb.so.1.0.0 libaldmb.so.1.0.0 libdumb.a libaldmb.a dh_auto_clean override_dh_auto_build: echo 'include make/unix.inc' > make/config.txt echo 'ALL_TARGETS := core core-examples core-headers' >> make/config.txt echo 'ALL_TARGETS += allegro allegro-examples allegro-headers' >> make/config.txt echo 'PREFIX := /usr' >> make/config.txt mkdir -p obj/unix/release/ mkdir -p lib/unix/ $(MAKE) lib/unix/libdumb.a $(MAKE) lib/unix/libaldmb.a cp lib/unix/libdumb.a . cp lib/unix/libaldmb.a . $(MAKE) clean $(MAKE) lib/unix/libdumb.a CFLAGS_EXTRA=-fPIC $(MAKE) lib/unix/libaldmb.a CFLAGS_EXTRA=-fPIC $(CC) $(CFLAGS) $(LDFLAGS) -Wl,-soname,libdumb.so.1 -shared `sed -ne '/^CORE_MODULES :=/,/c$$/p' < Makefile | sed -e 's,\\\\,,' -e 's,.*/\\(.*\\)\\.c,obj/unix/release/\\1.o,' | tail -n +2` -o libdumb.so.1.0.0 -lm -lc ln -s libdumb.so.1.0.0 libdumb.so $(CC) $(CFLAGS) $(LDFLAGS) -Wl,-soname,libaldmb.so.1 -shared `sed -ne '/^ALLEGRO_MODULES :=/,/c$$/p' < Makefile | sed -e 's,\\\\,,' -e 's,.*/\\(.*\\)\\.c,obj/unix/release/\\1.o,' | tail -n +2` -o libaldmb.so.1.0.0 -L. -ldumb `allegro-config --libs` -lm -lc rm -f libdumb.so override_dh_auto_install: dh_install -plibdumb1 libdumb.so.1.0.0 usr/lib/$(DEB_HOST_MULTIARCH) dh_install -plibaldmb1 libaldmb.so.1.0.0 usr/lib/$(DEB_HOST_MULTIARCH) dh_install -plibdumb1-dev libdumb.a usr/lib/$(DEB_HOST_MULTIARCH) dh_install -plibaldmb1-dev libaldmb.a usr/lib/$(DEB_HOST_MULTIARCH) dh_install -plibdumb1-dev include/dumb.h usr/include dh_install -plibaldmb1-dev include/aldumb.h usr/include override_dh_link: dh_link -plibdumb1 usr/lib/$(DEB_HOST_MULTIARCH)/libdumb.so.1.0.0 usr/lib/$(DEB_HOST_MULTIARCH)/libdumb.so.1 dh_link -plibdumb1-dev usr/lib/$(DEB_HOST_MULTIARCH)/libdumb.so.1 usr/lib/$(DEB_HOST_MULTIARCH)/libdumb.so dh_link -plibaldmb1 usr/lib/$(DEB_HOST_MULTIARCH)/libaldmb.so.1.0.0 usr/lib/$(DEB_HOST_MULTIARCH)/libaldmb.so.1 dh_link -plibaldmb1-dev usr/lib/$(DEB_HOST_MULTIARCH)/libaldmb.so.1 usr/lib/$(DEB_HOST_MULTIARCH)/libaldmb.so override_dh_installdocs: dh_installdocs -plibdumb1 dh_installdocs -plibaldmb1 dh_installdocs -plibdumb1-dev --link-doc=libdumb1 dh_installdocs -plibaldmb1-dev --link-doc=libdumb1 override_dh_installchangelogs: dh_installchangelogs release.txt debian/changelog0000644000000000000000000001140112154446042011037 0ustar libdumb (1:0.9.3-6) unstable; urgency=low * I took over the package after it was unmaintained for a long time. See #626049 for a related orphaning. * Add Homepage and Vcs-* fields to debian/control. * Change versioned build dependency on liballegro4.2-dev to dependency on liballegro4-dev (Closes: #710601). * Change debian/copyright to format 1.0 and clarify license change (Closes: #533555). * Include watch file from Bart Martens. * Change to dh and compat 9, fix all lintian warnings. * Bump Standards-Version to 3.9.4. * Change to source format 3.0 (quilt). -- Tobias Hansen Fri, 07 Jun 2013 23:06:45 +0200 libdumb (1:0.9.3-5.4) unstable; urgency=low * Non-maintainer upload. * No-change upload requested by Tobias, to fix multiarch-related coinstallability issues (Closes: #678062). -- Cyril Brulebois Thu, 21 Jun 2012 01:45:25 +0200 libdumb (1:0.9.3-5.3) unstable; urgency=low * Non-maintainer upload. * Also enable hardening LDFLAGS, patch from Simon Ruderich. (Closes: #658965) * Enable multiarch. -- Tobias Hansen Sat, 19 May 2012 03:41:34 +0200 libdumb (1:0.9.3-5.2) unstable; urgency=low * Non-maintainer upload. * Enabled hardened build flags (Closes: #658965) -- Moritz Muehlenhoff Sat, 07 Apr 2012 18:04:36 +0200 libdumb (1:0.9.3-5.1) unstable; urgency=low * Non-maintainer upload. * Update debian/rules to use new tail syntax (Closes: #470968) - use tail -n +2 instead of tail +2 -- Andreas Henriksson Tue, 01 Apr 2008 13:01:27 +0200 libdumb (1:0.9.3-5) unstable; urgency=critical * Set urgency=critical because of security fix. * debian/patches/100_CVE-2006-3668.diff: + Fix for CVE-2006-3668 "Heap-based buffer overflow in the it_read_envelope function in Dynamic Universal Music Bibliotheque (DUMB) 0.9.3 and earlier, and current CVS as of 20060716, allows user-complicit attackers to execute arbitrary code via a ".it" (Impulse Tracker) file with an enveloper with a large number of nodes." (Closes: #379064). * debian/control: + Set policy to 3.7.2. -- Sam Hocevar (Debian packages) Fri, 21 Jul 2006 11:07:45 +0200 libdumb (1:0.9.3-4) unstable; urgency=low + Build-depend on liballegro4.2-dev (>= 2:4.2.0-4) to fix the missing libxcursor-dev build-dependency (Closes: #360190). -- Sam Hocevar (Debian packages) Fri, 31 Mar 2006 11:21:00 +0200 libdumb (1:0.9.3-3) unstable; urgency=low * debian/rules + Removed the -lalleg_unsharable stripping. * debian/control: + Build-depend on liballegro4.2-dev (>= 2:4.2.0-2) (Closes: #360140). -- Sam Hocevar (Debian packages) Thu, 30 Mar 2006 22:52:14 +0200 libdumb (1:0.9.3-2) unstable; urgency=low * Moved development to Alioth. * debian/rules + Switched to quilt for patch handling. * debian/control: + Build-depend on quilt. -- Sam Hocevar (Debian packages) Thu, 30 Mar 2006 12:23:16 +0200 libdumb (1:0.9.3-1) unstable; urgency=low * New upstream release. * debian/control: + Set policy to 3.6.2.1. + Bumped soname due to API changes. + Build-depend on liballegro 4.2 instead of 4.1. * debian/rules: + Replace DH_COMPAT with debian/compat and set its level to 4. -- Sam Hocevar (Debian packages) Mon, 14 Nov 2005 11:31:04 +0100 libdumb (1:0.9.2-5) unstable; urgency=low * debian/control: + Set policy to 3.6.1.1. + Removed leading "the" in short descriptions. -- Sam Hocevar (Debian packages) Fri, 23 Jul 2004 13:23:09 +0200 libdumb (1:0.9.2-4) unstable; urgency=low * Removed libc6-dev from the -dev packages' dependencies. * Set policy to 3.5.10. -- Sam Hocevar (Debian packages) Sat, 31 May 2003 00:43:41 +0200 libdumb (1:0.9.2-3) unstable; urgency=high * Upload with urgency=high so that libdumb enters testing ASAP (packages are identical to the ones in testing except the source package name) and we can remove "dumb". -- Samuel Hocevar Thu, 22 May 2003 12:30:42 +0200 libdumb (1:0.9.2-2) unstable; urgency=low * Skipped version number to avoid package name conflicts in pool. -- Samuel Hocevar Thu, 22 May 2003 12:30:41 +0200 libdumb (1:0.9.2-1) unstable; urgency=low * Renamed the source package to libdumb to fix a name collision. -- Samuel Hocevar Sun, 11 May 2003 19:28:31 +0200 dumb (0.9.2-2) unstable; urgency=low * Fixed the library naming scheme. -- Samuel Hocevar Sun, 27 Apr 2003 20:21:13 +0200 dumb (0.9.2-1) unstable; urgency=low * First Debian release (Closes: #190422). -- Samuel Hocevar Wed, 23 Apr 2003 19:06:43 +0200 debian/copyright0000644000000000000000000001451612152353544011134 0ustar Format: http://www.debian.org/doc/packaging-manuals/copyright-format/1.0/ Upstream-Name: DUMB Source: http://dumb.sourceforge.net Files: * Copyright: Copyright (C) 2001-2005 Ben Davis, Robert J Ohannessian and Julien Cugniere License: DUMB Files: debian/* Copyright: 2003-2006 Sam Hocevar 2012-2013 Tobias Hansen License: Zlib License: DUMB Modification to licence terms for DUMB v0.9.3 (as of 25 February 2010) . Addition of a new clause directly after Clause 6: . 8. Take the number stated as introducing this clause. Multiply it by two, then subtract four. Now insert a '+' between the two digits and evaluate the resulting sum. Call the result 'x'. If you have not yet concluded that every numbered clause in this licence whose ordinal number is strictly greater than 'x' (with the exception of the present clause) is null and void, Debian, then you are hereby informed that laughter is good for one's health and you are warmly suggested to do it. By the way, Clauses 4, 5 and 6 are null and void. Incidentally, I like Kubuntu. The work you guys do is awesome. (Lawyers, on the other hand ...) . Licence for DUMB v0.9.3 . /* _______ ____ __ ___ ___ * \ _ \ \ / \ / \ \ / / ' ' ' * | | \ \ | | || | \/ | . . * | | | | | | || ||\ /| | * | | | | | | || || \/ | | ' ' ' * | | | | | | || || | | . . * | |_/ / \ \__// || | | * /_______/ynamic \____/niversal /__\ /____\usic /| . . ibliotheque * / \ * / . \ * licence.txt - Conditions for use of DUMB. / / \ \ * | < / \_ * If you do not agree to these terms, please | \/ /\ / * do not use DUMB. \_ / > / * | \ / / * Information in [brackets] is provided to aid | ' / * interpretation of the licence. \__/ */ . . Dynamic Universal Music Bibliotheque, Version 0.9.3 . Copyright (C) 2001-2005 Ben Davis, Robert J Ohannessian and Julien Cugniere . This software is provided 'as-is', without any express or implied warranty. In no event shall the authors be held liable for any damages arising from the use of this software. . Permission is granted to anyone to use this software for any purpose, including commercial applications, and to alter it and redistribute it freely, subject to the following restrictions: . 1. The origin of this software must not be misrepresented; you must not claim that you wrote the original software. If you use this software in a product, you are requested to acknowledge its use in the product documentation, along with details on where to get an unmodified version of this software, but this is not a strict requirement. . [Note that the above point asks for a link to DUMB, not just a mention. Googling for DUMB doesn't help much! The URL is "http://dumb.sf.net/".] . [The link was originally strictly required. This was changed for two reasons. Firstly, if many projects request an acknowledgement, the list of acknowledgements can become quite unmanageable. Secondly, DUMB was placing a restriction on the code using it, preventing people from using the GNU General Public Licence which disallows any such restrictions. See http://www.gnu.org/philosophy/bsd.html for more information on this subject. However, if DUMB plays a significant part in your project, we do urge you to acknowledge its use.] . 2. Altered source versions must be plainly marked as such, and must not be misrepresented as being the original software. . 3. This notice may not be removed from or altered in any source distribution. . 4. If you are using the Program in someone else's bedroom on any Monday at 3:05 pm, you are not allowed to modify the Program for ten minutes. [This clause provided by Inphernic; every licence should contain at least one clause, the reasoning behind which is far from obvious.] . 5. Users who wish to use DUMB for the specific purpose of playing music are required to feed their dog on every full moon (if deemed appropriate). [This clause provided by Allefant, who couldn't remember what Inphernic's clause was.] . 6. No clause in this licence shall prevent this software from being depended upon by a product licensed under the GNU General Public Licence. If such a clause is deemed to exist, Debian, then it shall be respected in spirit as far as possible and all other clauses shall continue to apply in full force. . We regret that we cannot provide any warranty, not even the implied warranty of merchantability or fitness for a particular purpose. . Some files generated or copied by automake, autoconf and friends are available in an extra download. These fall under separate licences but are all free to distribute. Please check their licences as necessary. Comment: The addition in the beginning (paragraph 8) is not present in the file licence.txt, but on the homepage http://dumb.sourceforge.net/index.php?page=licences It was added after the discussion of Debian bug #533555. License: Zlib This software is provided 'as-is', without any express or implied warranty. In no event will the authors be held liable for any damages arising from the use of this software. . Permission is granted to anyone to use this software for any purpose, including commercial applications, and to alter it and redistribute it freely, subject to the following restrictions: . 1. The origin of this software must not be misrepresented; you must not claim that you wrote the original software. If you use this software in a product, an acknowledgment in the product documentation would be appreciated but is not required. . 2. Altered source versions must be plainly marked as such, and must not be misrepresented as being the original software. . 3. This notice may not be removed or altered from any source distribution. debian/patches/0000755000000000000000000000000012152346612010617 5ustar debian/patches/010_extra_flags.diff0000644000000000000000000000052612152346611014332 0ustar --- libdumb-0.9.3.orig/Makefile +++ libdumb-0.9.3/Makefile @@ -231,8 +231,8 @@ endif endif -CFLAGS_RELEASE := -Iinclude $(WFLAGS) $(OFLAGS) -CFLAGS_DEBUG := -Iinclude $(WFLAGS) $(DBGFLAGS) +CFLAGS_RELEASE := -Iinclude $(WFLAGS) $(OFLAGS) $(CFLAGS_EXTRA) +CFLAGS_DEBUG := -Iinclude $(WFLAGS) $(DBGFLAGS) $(CFLAGS_EXTRA) LDFLAGS := -s debian/patches/100_CVE-2006-3668.diff0000644000000000000000000000117512152346612013443 0ustar Index: libdumb-0.9.3/src/it/itread.c =================================================================== --- libdumb-0.9.3.orig/src/it/itread.c 2006-07-21 11:05:48.000000000 +0200 +++ libdumb-0.9.3/src/it/itread.c 2006-07-21 11:07:22.000000000 +0200 @@ -292,6 +292,11 @@ envelope->flags = dumbfile_getc(f); envelope->n_nodes = dumbfile_getc(f); + if(envelope->n_nodes > 25) { + TRACE("IT error: wrong number of envelope nodes (%d)\n", envelope->n_nodes); + envelope->n_nodes = 0; + return -1; + } envelope->loop_start = dumbfile_getc(f); envelope->loop_end = dumbfile_getc(f); envelope->sus_loop_start = dumbfile_getc(f); debian/patches/series0000644000000000000000000000010312152346612012026 0ustar 010_extra_flags.diff -p1 100_CVE-2006-3668.diff 110-hardening.diff debian/patches/110-hardening.diff0000644000000000000000000000145612152346612013715 0ustar diff -aur libdumb-0.9.3.orig/Makefile libdumb-0.9.3/Makefile --- libdumb-0.9.3.orig/Makefile 2012-02-06 23:51:26.000000000 +0100 +++ libdumb-0.9.3/Makefile 2012-02-06 23:52:17.000000000 +0100 @@ -231,10 +231,10 @@ endif endif -CFLAGS_RELEASE := -Iinclude $(WFLAGS) $(OFLAGS) $(CFLAGS_EXTRA) -CFLAGS_DEBUG := -Iinclude $(WFLAGS) $(DBGFLAGS) $(CFLAGS_EXTRA) +CFLAGS_RELEASE := -Iinclude $(WFLAGS) $(OFLAGS) $(CFLAGS_EXTRA) `dpkg-buildflags --get CFLAGS` `dpkg-buildflags --get CPPFLAGS` +CFLAGS_DEBUG := -Iinclude $(WFLAGS) $(DBGFLAGS) $(CFLAGS_EXTRA) `dpkg-buildflags --get CFLAGS` `dpkg-buildflags --get CPPFLAGS` -LDFLAGS := -s +LDFLAGS := -s `dpkg-buildflags --get LDFLAGS` CORE_EXAMPLES_OBJ := $(addprefix examples/, $(notdir $(patsubst %.c, %.o, $(CORE_EXAMPLES)))) Nur in libdumb-0.9.3: Makefile~. debian/source/0000755000000000000000000000000012110234013010451 5ustar debian/source/format0000644000000000000000000000001412110234013011657 0ustar 3.0 (quilt) debian/watch0000644000000000000000000000045312152353041010215 0ustar version=3 opts=dversionmangle=s/\+dfsg\d*$//,uversionmangle=s/_/./g;s/(\d)[_\.\-\+]?((RC|rc|pre|dev|beta|alpha|b|a)[\-\.]?\d*)$/$1~$2/ \ http://qa.debian.org/watch/sf.php/dumb/dumb-(\d[^t]*)\.(?:tgz|tbz2|txz|tar\.(?:gz|bz2|xz)|jar) # Bart Martens Tue, 15 Jan 2013 19:19:04 +0000 debian/compat0000644000000000000000000000000212154434124010364 0ustar 9 debian/control0000644000000000000000000000600012154444325010571 0ustar Source: libdumb Section: libs Priority: optional Maintainer: Debian Games Team Uploaders: Tobias Hansen Build-Depends: debhelper (>= 9), liballegro4-dev Standards-Version: 3.9.4 Homepage: http://dumb.sourceforge.net/ Vcs-Git: git://git.debian.org/pkg-games/libdumb.git Vcs-Browser: http://git.debian.org/?p=pkg-games/libdumb.git;a=summary Package: libdumb1 Architecture: any Multi-Arch: same Depends: ${shlibs:Depends}, ${misc:Depends} Pre-Depends: ${misc:Pre-Depends} Description: dynamic universal music bibliotheque DUMB is a tracker library with support for IT, XM, S3M and MOD files. It targets maximum accuracy to the original formats, with low-pass resonant filters for the IT files, accurate timing and pitching, and three resampling quality settings (aliasing, linear interpolation and cubic interpolation). . This package contains the libdumb1 runtime library, a standalone library for module playback. If you plan to use the Allegro library with your project, please consider the libaldmb1 library. Package: libdumb1-dev Section: libdevel Architecture: any Multi-Arch: same Depends: libdumb1 (= ${binary:Version}), ${misc:Depends} Conflicts: libdumb0-dev Description: development files for libdumb1 DUMB is a tracker library with support for IT, XM, S3M and MOD files. It targets maximum accuracy to the original formats, with low-pass resonant filters for the IT files, accurate timing and pitching, and three resampling quality settings (aliasing, linear interpolation and cubic interpolation). . This package contains the header files and static library needed to compile applications that use libdumb1. Package: libaldmb1 Architecture: any Multi-Arch: same Depends: ${shlibs:Depends}, ${misc:Depends} Pre-Depends: ${misc:Pre-Depends} Description: dynamic universal music bibliotheque, Allegro version DUMB is a tracker library with support for IT, XM, S3M and MOD files. It targets maximum accuracy to the original formats, with low-pass resonant filters for the IT files, accurate timing and pitching, and three resampling quality settings (aliasing, linear interpolation and cubic interpolation). . This package contains the libaldmb1 runtime library, a library for module playback that uses the Allegro library. If you do not plan to use Allegro with your project, please consider the libdumb1 library. Package: libaldmb1-dev Section: libdevel Architecture: any Multi-Arch: same Depends: libaldmb1 (= ${binary:Version}), libdumb1-dev, liballegro4-dev, ${misc:Depends} Conflicts: libaldmb0-dev Description: development files for libaldmb1 DUMB is a tracker library with support for IT, XM, S3M and MOD files. It targets maximum accuracy to the original formats, with low-pass resonant filters for the IT files, accurate timing and pitching, and three resampling quality settings (aliasing, linear interpolation and cubic interpolation). . This package contains the header files and static library needed to compile applications that use libaldmb1.