--- libmodplug-0.8.8.4.orig/ChangeLog +++ libmodplug-0.8.8.4/ChangeLog @@ -33,7 +33,7 @@ (Thanks to Leandro Nini/Diego "Flameeyes" Pettenò) ->file: src/table.cpp -> src/table.h where: rename of file - what: moved tables to seperate file + what: moved tables to separate file (Thanks to Leandro Nini/Diego "Flameeyes" Pettenò) date = 15-apr-2009 [Konstanty Bialkowski] --- libmodplug-0.8.8.4.orig/INSTALL +++ libmodplug-0.8.8.4/INSTALL @@ -1,365 +1,3 @@ -Installation Instructions -************************* - -Copyright (C) 1994, 1995, 1996, 1999, 2000, 2001, 2002, 2004, 2005, -2006, 2007, 2008, 2009 Free Software Foundation, Inc. - - Copying and distribution of this file, with or without modification, -are permitted in any medium without royalty provided the copyright -notice and this notice are preserved. This file is offered as-is, -without warranty of any kind. - -Basic Installation -================== - - Briefly, the shell commands `./configure; make; make install' should -configure, build, and install this package. The following -more-detailed instructions are generic; see the `README' file for -instructions specific to this package. Some packages provide this -`INSTALL' file but do not implement all of the features documented -below. The lack of an optional feature in a given package is not -necessarily a bug. More recommendations for GNU packages can be found -in *note Makefile Conventions: (standards)Makefile Conventions. - - The `configure' shell script attempts to guess correct values for -various system-dependent variables used during compilation. It uses -those values to create a `Makefile' in each directory of the package. -It may also create one or more `.h' files containing system-dependent -definitions. Finally, it creates a shell script `config.status' that -you can run in the future to recreate the current configuration, and a -file `config.log' containing compiler output (useful mainly for -debugging `configure'). - - It can also use an optional file (typically called `config.cache' -and enabled with `--cache-file=config.cache' or simply `-C') that saves -the results of its tests to speed up reconfiguring. Caching is -disabled by default to prevent problems with accidental use of stale -cache files. - - If you need to do unusual things to compile the package, please try -to figure out how `configure' could check whether to do them, and mail -diffs or instructions to the address given in the `README' so they can -be considered for the next release. If you are using the cache, and at -some point `config.cache' contains results you don't want to keep, you -may remove or edit it. - - The file `configure.ac' (or `configure.in') is used to create -`configure' by a program called `autoconf'. You need `configure.ac' if -you want to change it or regenerate `configure' using a newer version -of `autoconf'. - - The simplest way to compile this package is: - - 1. `cd' to the directory containing the package's source code and type - `./configure' to configure the package for your system. - - Running `configure' might take a while. While running, it prints - some messages telling which features it is checking for. - - 2. Type `make' to compile the package. - - 3. Optionally, type `make check' to run any self-tests that come with - the package, generally using the just-built uninstalled binaries. - - 4. Type `make install' to install the programs and any data files and - documentation. When installing into a prefix owned by root, it is - recommended that the package be configured and built as a regular - user, and only the `make install' phase executed with root - privileges. - - 5. Optionally, type `make installcheck' to repeat any self-tests, but - this time using the binaries in their final installed location. - This target does not install anything. Running this target as a - regular user, particularly if the prior `make install' required - root privileges, verifies that the installation completed - correctly. - - 6. You can remove the program binaries and object files from the - source code directory by typing `make clean'. To also remove the - files that `configure' created (so you can compile the package for - a different kind of computer), type `make distclean'. There is - also a `make maintainer-clean' target, but that is intended mainly - for the package's developers. If you use it, you may have to get - all sorts of other programs in order to regenerate files that came - with the distribution. - - 7. Often, you can also type `make uninstall' to remove the installed - files again. In practice, not all packages have tested that - uninstallation works correctly, even though it is required by the - GNU Coding Standards. - - 8. Some packages, particularly those that use Automake, provide `make - distcheck', which can by used by developers to test that all other - targets like `make install' and `make uninstall' work correctly. - This target is generally not run by end users. - -Compilers and Options -===================== - - Some systems require unusual options for compilation or linking that -the `configure' script does not know about. Run `./configure --help' -for details on some of the pertinent environment variables. - - You can give `configure' initial values for configuration parameters -by setting variables in the command line or in the environment. Here -is an example: - - ./configure CC=c99 CFLAGS=-g LIBS=-lposix - - *Note Defining Variables::, for more details. - -Compiling For Multiple Architectures -==================================== - - You can compile the package for more than one kind of computer at the -same time, by placing the object files for each architecture in their -own directory. To do this, you can use GNU `make'. `cd' to the -directory where you want the object files and executables to go and run -the `configure' script. `configure' automatically checks for the -source code in the directory that `configure' is in and in `..'. This -is known as a "VPATH" build. - - With a non-GNU `make', it is safer to compile the package for one -architecture at a time in the source code directory. After you have -installed the package for one architecture, use `make distclean' before -reconfiguring for another architecture. - - On MacOS X 10.5 and later systems, you can create libraries and -executables that work on multiple system types--known as "fat" or -"universal" binaries--by specifying multiple `-arch' options to the -compiler but only a single `-arch' option to the preprocessor. Like -this: - - ./configure CC="gcc -arch i386 -arch x86_64 -arch ppc -arch ppc64" \ - CXX="g++ -arch i386 -arch x86_64 -arch ppc -arch ppc64" \ - CPP="gcc -E" CXXCPP="g++ -E" - - This is not guaranteed to produce working output in all cases, you -may have to build one architecture at a time and combine the results -using the `lipo' tool if you have problems. - -Installation Names -================== - - By default, `make install' installs the package's commands under -`/usr/local/bin', include files under `/usr/local/include', etc. You -can specify an installation prefix other than `/usr/local' by giving -`configure' the option `--prefix=PREFIX', where PREFIX must be an -absolute file name. - - You can specify separate installation prefixes for -architecture-specific files and architecture-independent files. If you -pass the option `--exec-prefix=PREFIX' to `configure', the package uses -PREFIX as the prefix for installing programs and libraries. -Documentation and other data files still use the regular prefix. - - In addition, if you use an unusual directory layout you can give -options like `--bindir=DIR' to specify different values for particular -kinds of files. Run `configure --help' for a list of the directories -you can set and what kinds of files go in them. In general, the -default for these options is expressed in terms of `${prefix}', so that -specifying just `--prefix' will affect all of the other directory -specifications that were not explicitly provided. - - The most portable way to affect installation locations is to pass the -correct locations to `configure'; however, many packages provide one or -both of the following shortcuts of passing variable assignments to the -`make install' command line to change installation locations without -having to reconfigure or recompile. - - The first method involves providing an override variable for each -affected directory. For example, `make install -prefix=/alternate/directory' will choose an alternate location for all -directory configuration variables that were expressed in terms of -`${prefix}'. Any directories that were specified during `configure', -but not in terms of `${prefix}', must each be overridden at install -time for the entire installation to be relocated. The approach of -makefile variable overrides for each directory variable is required by -the GNU Coding Standards, and ideally causes no recompilation. -However, some platforms have known limitations with the semantics of -shared libraries that end up requiring recompilation when using this -method, particularly noticeable in packages that use GNU Libtool. - - The second method involves providing the `DESTDIR' variable. For -example, `make install DESTDIR=/alternate/directory' will prepend -`/alternate/directory' before all installation names. The approach of -`DESTDIR' overrides is not required by the GNU Coding Standards, and -does not work on platforms that have drive letters. On the other hand, -it does better at avoiding recompilation issues, and works well even -when some directory options were not specified in terms of `${prefix}' -at `configure' time. - -Optional Features -================= - - If the package supports it, you can cause programs to be installed -with an extra prefix or suffix on their names by giving `configure' the -option `--program-prefix=PREFIX' or `--program-suffix=SUFFIX'. - - Some packages pay attention to `--enable-FEATURE' options to -`configure', where FEATURE indicates an optional part of the package. -They may also pay attention to `--with-PACKAGE' options, where PACKAGE -is something like `gnu-as' or `x' (for the X Window System). The -`README' should mention any `--enable-' and `--with-' options that the -package recognizes. - - For packages that use the X Window System, `configure' can usually -find the X include and library files automatically, but if it doesn't, -you can use the `configure' options `--x-includes=DIR' and -`--x-libraries=DIR' to specify their locations. - - Some packages offer the ability to configure how verbose the -execution of `make' will be. For these packages, running `./configure ---enable-silent-rules' sets the default to minimal output, which can be -overridden with `make V=1'; while running `./configure ---disable-silent-rules' sets the default to verbose, which can be -overridden with `make V=0'. - -Particular systems -================== - - On HP-UX, the default C compiler is not ANSI C compatible. If GNU -CC is not installed, it is recommended to use the following options in -order to use an ANSI C compiler: - - ./configure CC="cc -Ae -D_XOPEN_SOURCE=500" - -and if that doesn't work, install pre-built binaries of GCC for HP-UX. - - On OSF/1 a.k.a. Tru64, some versions of the default C compiler cannot -parse its `' header file. The option `-nodtk' can be used as -a workaround. If GNU CC is not installed, it is therefore recommended -to try - - ./configure CC="cc" - -and if that doesn't work, try - - ./configure CC="cc -nodtk" - - On Solaris, don't put `/usr/ucb' early in your `PATH'. This -directory contains several dysfunctional programs; working variants of -these programs are available in `/usr/bin'. So, if you need `/usr/ucb' -in your `PATH', put it _after_ `/usr/bin'. - - On Haiku, software installed for all users goes in `/boot/common', -not `/usr/local'. It is recommended to use the following options: - - ./configure --prefix=/boot/common - -Specifying the System Type -========================== - - There may be some features `configure' cannot figure out -automatically, but needs to determine by the type of machine the package -will run on. Usually, assuming the package is built to be run on the -_same_ architectures, `configure' can figure that out, but if it prints -a message saying it cannot guess the machine type, give it the -`--build=TYPE' option. TYPE can either be a short name for the system -type, such as `sun4', or a canonical name which has the form: - - CPU-COMPANY-SYSTEM - -where SYSTEM can have one of these forms: - - OS - KERNEL-OS - - See the file `config.sub' for the possible values of each field. If -`config.sub' isn't included in this package, then this package doesn't -need to know the machine type. - - If you are _building_ compiler tools for cross-compiling, you should -use the option `--target=TYPE' to select the type of system they will -produce code for. - - If you want to _use_ a cross compiler, that generates code for a -platform different from the build platform, you should specify the -"host" platform (i.e., that on which the generated programs will -eventually be run) with `--host=TYPE'. - -Sharing Defaults -================ - - If you want to set default values for `configure' scripts to share, -you can create a site shell script called `config.site' that gives -default values for variables like `CC', `cache_file', and `prefix'. -`configure' looks for `PREFIX/share/config.site' if it exists, then -`PREFIX/etc/config.site' if it exists. Or, you can set the -`CONFIG_SITE' environment variable to the location of the site script. -A warning: not all `configure' scripts look for a site script. - -Defining Variables -================== - - Variables not defined in a site shell script can be set in the -environment passed to `configure'. However, some packages may run -configure again during the build, and the customized values of these -variables may be lost. In order to avoid this problem, you should set -them in the `configure' command line, using `VAR=value'. For example: - - ./configure CC=/usr/local2/bin/gcc - -causes the specified `gcc' to be used as the C compiler (unless it is -overridden in the site shell script). - -Unfortunately, this technique does not work for `CONFIG_SHELL' due to -an Autoconf bug. Until the bug is fixed you can use this workaround: - - CONFIG_SHELL=/bin/bash /bin/bash ./configure CONFIG_SHELL=/bin/bash - -`configure' Invocation -====================== - - `configure' recognizes the following options to control how it -operates. - -`--help' -`-h' - Print a summary of all of the options to `configure', and exit. - -`--help=short' -`--help=recursive' - Print a summary of the options unique to this package's - `configure', and exit. The `short' variant lists options used - only in the top level, while the `recursive' variant lists options - also present in any nested packages. - -`--version' -`-V' - Print the version of Autoconf used to generate the `configure' - script, and exit. - -`--cache-file=FILE' - Enable the cache: use and save the results of the tests in FILE, - traditionally `config.cache'. FILE defaults to `/dev/null' to - disable caching. - -`--config-cache' -`-C' - Alias for `--cache-file=config.cache'. - -`--quiet' -`--silent' -`-q' - Do not print messages saying which checks are being made. To - suppress all normal output, redirect it to `/dev/null' (any error - messages will still be shown). - -`--srcdir=DIR' - Look for the package's source code in directory DIR. Usually - `configure' can determine that directory automatically. - -`--prefix=DIR' - Use DIR as the installation prefix. *note Installation Names:: - for more details, including other options available for fine-tuning - the installation locations. - -`--no-create' -`-n' - Run the configure checks, but stop before creating any output - files. - -`configure' also accepts some other, not widely useful, options. Run -`configure --help' for more details. - +(1) ./configure +(2) make +(3) su -c "make install" --- libmodplug-0.8.8.4.orig/NEWS +++ libmodplug-0.8.8.4/NEWS @@ -1,5 +1,5 @@ Konstanty Bialkowski Tue Apr 7 15:00:00 AEST 2009 - New release of small fixes from contributers and downstream distributions. (Package config Libs.private addin (from Debian)), usage of uint32_t vs uint for load_abc.cpp,load_mid.cpp,load_pat.cpp. + New release of small fixes from contributors and downstream distributions. (Package config Libs.private addin (from Debian)), usage of uint32_t vs uint for load_abc.cpp,load_mid.cpp,load_pat.cpp. Konstanty Bialkowski Mon Mar 20 10:00:00 AEST 2006 New Release based on fixes contributed since last release. --- libmodplug-0.8.8.4.orig/README +++ libmodplug-0.8.8.4/README @@ -1,12 +1,23 @@ -Modplug Plugin for XMMS v2.0 / libmodplug v0.8.5 +libmodplug - the library which was part of the Modplug-xmms project +Web page: http://modplug-xmms.sf.net/ + Based on the ModPlug sound engine by Olivier Lapicque - XMMS plugin by Kenton Varda - Maintainer is now Konstanty Bialkowski + XMMS plugin by Kenton Varda (~2002) + Maintainer is now Konstanty Bialkowski (~2006) + +On Wed 14 Aug 2013 the repository was forked / cloned to GitHub. +The current release is libmodplug v0.8.8.4. +History +------- Olivier Lapicque, author of Modplug, which is arguably the best quality MOD-playing software available, has placed his sound rendering code in the public domain. This library and plugin is based on that code. +This code was originally part of modplug-xmms, and was split into a library - libmodplug +and the modplug-xmms code. Also since then an example rendering project called modplugplay and +modplug123 were introduced. They are still available on the sourceforge website. + For more information on libmodplug, the library for decoding mod-like music formats, see libmodplug/README. @@ -31,7 +42,7 @@ it to work on PPC and other big-endian systems. * Under linux there is also modplugplay contributed, which allows command - line playing of mod files under Linux. + line playing of mod files under Linux. (Available at http://modplug-xmms.sf.net/) ----------- 2. Features @@ -92,7 +103,7 @@ immediately succeeding the control events. - Slightly better sound quality than Mikmod. Vastly superior quality over Winamp. -- All XMMS calls are supported exept for the band gains on the +- All XMMS calls are supported except for the band gains on the equalizer. The preamp is supported, but MOD music is not anywhere near as cheap to equalize as MP3. Thus, equalization does is not supported in this version. However, a variable bass boost option @@ -151,25 +162,6 @@ ------------------ Problem: - None of the config options seem to have any affect on the sound quality. - -Possible cause: - You did not disable MikMod, so mods are being played by it rather than - by ModPlug. - -Solution: - Disable MikMod in the XMMS input plugins configuration dialog. - -Alternative cause: - You are not playing a mod-like file. ModPlug only plays mod-like file - formats, and has no affect on mp3's or other non-mod formats. (Note: - Yes, I have actually had people e-mail me with this problem.) - -Solution: - Download some mods. You can start at . - - -Problem: Some of my files load up, but show garbled info in the playlist and/or don't play correctly. --- libmodplug-0.8.8.4.orig/configure.ac +++ libmodplug-0.8.8.4/configure.ac @@ -0,0 +1,69 @@ +dnl Process this file with autoconf to produce a configure script. +AC_INIT +AC_PREREQ(2.63) +AC_CONFIG_SRCDIR([Makefile.am]) + +AM_INIT_AUTOMAKE(libmodplug, 0.8.8.4) +m4_ifdef([AM_SILENT_RULES], [AM_SILENT_RULES]) +AC_CONFIG_HEADERS([src/config.h]) + +dnl Checks for programs. +dnl I am disabling static libraries here because otherwise libtool insists on +dnl compiling everything twice -- once with and once without -fPIC. Pisses me +dnl off. Just do everything with -fPIC, damnit! Compiling everything twice +dnl probably wastes more cycles than not using -fPIC saves. +AC_DISABLE_STATIC +AC_DISABLE_STATIC([]) +AC_PROG_CC +AC_PROG_CXX +AC_LANG([C++]) +AC_C_BIGENDIAN #this will cause problems when cross-compiling... +#AC_REQUIRE([AC_CANONICAL_HOST])_LT_SET_OPTION([LT_INIT],[win32-dll]) +#AC_DIAGNOSE([obsolete],[AC_LIBTOOL_WIN32_DLL: Remove this warning and the call to _LT_SET_OPTION when you +#put the `win32-dll' option into LT_INIT's first parameter.]) + +LT_INIT +AC_HEADER_STDC +AC_CHECK_HEADERS([inttypes.h stdint.h malloc.h]) +AC_CHECK_FUNCS(setenv sinf) + +CXXFLAGS="$CXXFLAGS -fno-exceptions -Wall -ffast-math -D_REENTRANT" +# CXXFLAGS="-fno-exceptions -g -Wall -ffast-math -D_REENTRANT `glib-config --cflags`" + +AC_CANONICAL_HOST +case "$host" in + *mingw* | *cygwin*) + LT_LDFLAGS="-no-undefined" + ;; + *) + LT_LDFLAGS="" + ;; +esac +AC_SUBST(LT_LDFLAGS) + +case ${target_os} in + *sun* | *solaris*) + CXXFLAGS="$CXXFLAGS -fpermissive" + ;; +esac + +# portable types. requires autoconf 2.60 +# `configure' will check if these are defined in system headers. +# if not, it will auto-detect and define them in `config.h' +AC_TYPE_INT8_T +AC_TYPE_UINT8_T +AC_TYPE_INT16_T +AC_TYPE_UINT16_T +AC_TYPE_INT32_T +AC_TYPE_UINT32_T +AC_TYPE_INT64_T +AC_TYPE_UINT64_T + +MODPLUG_LIBRARY_VERSION=1:0:0 + +AC_SUBST(MODPLUG_LIBRARY_VERSION) + +AC_CONFIG_FILES([Makefile + src/Makefile + libmodplug.pc]) +AC_OUTPUT --- libmodplug-0.8.8.4.orig/configure.in +++ libmodplug-0.8.8.4/configure.in @@ -16,6 +16,7 @@ AC_DISABLE_STATIC([]) AC_PROG_CC AC_PROG_CXX +AC_PROG_LIBTOOL AC_LANG([C++]) AC_C_BIGENDIAN #this will cause problems when cross-compiling... #AC_REQUIRE([AC_CANONICAL_HOST])_LT_SET_OPTION([LT_INIT],[win32-dll]) --- libmodplug-0.8.8.4.orig/debian/README.Debian +++ libmodplug-0.8.8.4/debian/README.Debian @@ -0,0 +1,7 @@ +modplugxmms for Debian +---------------------- + +Keep in mind that xmms comes with a mikmod-based modplayer plugin +which will need to be disabled before this one can be used. + + -- Zed Pobre , Thu Jul 3 10:06:39 2003 --- libmodplug-0.8.8.4.orig/debian/changelog +++ libmodplug-0.8.8.4/debian/changelog @@ -0,0 +1,497 @@ +libmodplug (1:0.8.8.4-4.1) unstable; urgency=medium + + * Non-maintainer upload. + * debian/control: Switch to automake1.11. (Closes: #724407) + + -- Eric Dorland Sat, 08 Mar 2014 17:32:36 -0500 + +libmodplug (1:0.8.8.4-4) unstable; urgency=high + + * Merge all changes from latest upstream Git repository (0.8.8.4 with + additional patches), including the following security changes: + * CVE-2013-4233: fix integer overflow in load_abc.cpp + * CVE-2013-4234: fix heap overflows in abc_MIDI_drum and abc_MIDI_gchord + * Closes: #719642 + * Standards-Version: 3.9.4 + * Added Vcs-Git and Vcs-Browser entries + + -- Zed Pobre Mon, 02 Sep 2013 22:31:46 -0400 + +libmodplug (1:0.8.8.4-3) unstable; urgency=low + + * Fix missing backslash on dpkg-buildflags line (closes: #654817) + + -- Zed Pobre Mon, 09 Apr 2012 11:44:45 -0400 + +libmodplug (1:0.8.8.4-2) unstable; urgency=low + + * Enable hardened build flags via dpkg-buildflags (closes: #654817) + This requires dpkg-buildflags from the dpkg-dev package to be at least + version 1.16.1 (when the --export=configure flag was defined) + + -- Zed Pobre Fri, 06 Apr 2012 14:55:26 -0400 + +libmodplug (1:0.8.8.4-1) unstable; urgency=high + + * New upstream version + * Fixes buffer overflow in load_abc (CVE-2011-1761, closes: #625966) + * Fixes integer overflow in load_wav (SA45131.1) + * Fixes stack overflow in load_s3m (SA45131.2) + * Fixes off-by-one errors in load_ams and load_dms that can cause + stack and memory corruption (SA45131.3-5) + * Added a few lines to the package description describing what mod + music is. (closes: #637854) + * Allow CC and CXX to contain spaces in debian/rules (closes: #636863) + * Standards-Version: 3.9.2 + + -- Zed Pobre Mon, 05 Sep 2011 19:21:47 -0400 + +libmodplug (1:0.8.8.2-3) unstable; urgency=medium + + * Remove redundant AM_SILENT_RULES macro outside of the ifdef to + prevent breaking builds on many platforms (closes: #624403) + + -- Zed Pobre Thu, 28 Apr 2011 11:16:26 -0400 + +libmodplug (1:0.8.8.2-2) unstable; urgency=low + + * Removed outdated references to xmms-modplug package + (closes: #624300) + + -- Zed Pobre Wed, 27 Apr 2011 11:10:29 -0400 + +libmodplug (1:0.8.8.2-1) unstable; urgency=high + + * New upstream version + * Fixes buffer overflow in ReadS3M function + (SEC Consult SA-20110407-0) + + -- Zed Pobre Thu, 14 Apr 2011 14:05:13 -0400 + +libmodplug (1:0.8.8.1-2) unstable; urgency=low + + * libmodplug-dev no longer depends on libstdc++-dev (which should have + been unnecessary since the move of -lstdc++ to Libs.private in + 0.8.4-2). + + Closes: #596463 + * Standards-Version: 3.9.1 (no changes needed) + + -- Zed Pobre Sat, 11 Sep 2010 15:02:34 -0400 + +libmodplug (1:0.8.8.1-1) unstable; urgency=high + + * New upstream version + * 0.8.8 introduced an ABI change without updating the major version. + This was causing potential problems in clients linked against + libmodplug0c2, including silence. + + This version changes the binary package from libmodplug0c2 to + libmodplug1, so all related applications will have to be + recompiled to use a version greater than is in Lenny (0.8.4). + + Closes: #588465 + * debian/copyright updated with additional contributors and the license + description properly set to public domain + + -- Zed Pobre Sun, 18 Jul 2010 21:25:08 -0400 + +libmodplug (1:0.8.8-2) unstable; urgency=low + + * Capitalize "Windows" in long descriptions (closes: #586114) + + -- Zed Pobre Wed, 16 Jun 2010 11:18:56 -0400 + +libmodplug (1:0.8.8-1) unstable; urgency=high + + * New upstream version + * Fix 32 to 32 bit "downsampling" on 64bit platforms. (Closes: #585699) + * The above bug is causing crashes in the Gnome file browser during + previews, thus urgency is set to high. + * Fix usage of bigendian in include files + * Fix PSM files on bigendian computers + * Allow configuration of Stereo Seperation and MaxMixChannels + * Fix possible problem with misaligned data structure when converting + to int32 (load_669) + * Added AC_PROG_LIBTOOL to configure.in to allow libtool during rebuild + * Added real package alternative dependency for libstdc++-dev + * Standards-Version: 3.8.4 (no changes required) + * Added misc:Depends to dependencies + + -- Zed Pobre Sun, 13 Jun 2010 12:54:12 -0400 + +libmodplug (1:0.8.7-1) unstable; urgency=high + + * New upstream version + * Fixes integer overflow in CSoundFile::ReadMed (CVE-2009-1438) + (closes: #526657) + * Fixes PATinst() Buffer Overflow (SA34927) (closes: #526084) + * Fixes 24/32-bit conversion routine + + -- Zed Pobre Sun, 10 May 2009 15:03:45 -0400 + +libmodplug (1:0.8.4-5) unstable; urgency=low + + * Fix ftbfs on all architectures (Closes: #524417): + * Build-depends: automake1.9 + * re-order autotools/libtool calls. + * Thanks to Fathi Boudra for the patch. + + -- Zed Pobre Mon, 20 Apr 2009 14:29:36 -0400 + +libmodplug (1:0.8.4-4) unstable; urgency=low + + * libmodplug-dev depends on libstdc++-dev now (closes: #524259) + + -- Zed Pobre Wed, 15 Apr 2009 19:34:24 -0400 + +libmodplug (1:0.8.4-3) unstable; urgency=low + + * Switch automake dependency back to just automake, pull versioned usage + of automake/aclocal. (closes: #506020) + + -- Zed Pobre Mon, 17 Nov 2008 16:24:26 -0500 + +libmodplug (1:0.8.4-2) unstable; urgency=low + + * Use Libs.private in libmodplug.pc for -lstdc++ -lm to avoid certain + build failure cases. (closes: #457278, #360248) + * Slight improvement to debian/rules clean + * Force automake to v1.9 + * Add copyright notice to debian/copyright + * Thanks to Steve Langasek for the long-standing patch covering the above. + * Move homepage information out of Description and into Homepage field. + * Add Section: libs to source package in debian/control + * Standards-Version: 3.8.0 + + -- Zed Pobre Wed, 24 Sep 2008 13:52:58 -0400 + +libmodplug (1:0.8.4-1) unstable; urgency=low + + * New upstream version (closes: #458792) + * libmodplug0c2 is now in section libs (closes: #478143) + * libmodplug-dev is now in section libdevel (closes: #306327) + * Removed debian/watch -- there doesn't seem to be any way to get it to + separate out the libmodplug version number from the modplug-xmms version + number, which is not the same. (closes: #449893) + + -- Zed Pobre Sat, 26 Jul 2008 18:14:38 -0400 + +libmodplug (1:0.7-7) unstable; urgency=low + + * Debhelper compatibility level 5, using debian/compat + * use both >= and << for source:Version for the -dev package, to + properly handle binNMU safety (closes: #437489) + * Build-Depends: autotools-dev. Also sort build-depends packages + alphabetically. + * Standards-Version 3.7.2.2 (no changes required) + + -- Zed Pobre Thu, 23 Aug 2007 15:43:14 -0400 + +libmodplug (1:0.7-6) unstable; urgency=low + + * use source:Version for -dev package in debian/control for binNMU + safety -- however, the originally submitted patch also wanted to + change the relationship from = to >=, which I am _not_ doing, as it + does not appear to be necessary. (closes: #437489) + * Acknowledge Automake NMU (closes: #376456) + * Acknowledge overflow NMU (closes: #383574) + + -- Zed Pobre Wed, 22 Aug 2007 21:45:46 -0400 + +libmodplug (1:0.7-5.2) unstable; urgency=medium + + * Non-maintainer upload. + * Check for very large sample sizes that could create overflows, enabling an + attacker to allocate zero bytes and possibly execute arbitrary codes as + the user [CVE-2006-4192]. (Closes: #383574) + * Run aclocal-1.9 instead of aclocal, as automake1.9 doesn't provide the + latter; fixes FTBFS. + + -- Steinar H. Gunderson Mon, 25 Sep 2006 17:36:29 +0200 + +libmodplug (1:0.7-5.1) unstable; urgency=low + + * NMU. + * debian/control: Update automake Build-Depend to automake1.9. (Closes: + #376456) + + -- Eric Dorland Sat, 19 Aug 2006 14:22:53 -0400 + +libmodplug (1:0.7-5) unstable; urgency=low + + * Official build, acknowledging NMU, and closing out the bugs + (closes: #318392, #318994) + * Standards-Version: 3.6.2.0 (no changes required) + + -- Zed Pobre Fri, 19 Aug 2005 18:13:54 -0500 + +libmodplug (1:0.7-4.1) unstable; urgency=medium + + * Non-maintainer upload. + * Medium-urgency upload for RC bugfix. + * Rebuild against g++-4.0 for the C++ ABI transition, renaming + libmodplug0 to libmodplug0c2 and conflicting with libmodplug0. + + -- Steve Langasek Mon, 18 Jul 2005 19:10:24 -0700 + +libmodplug (1:0.7-4) unstable; urgency=low + + * Use stdafx.h from upstream CVS, correcting issues with 64-bit + architectures. + * Altered short description to better follow policy + * Debhelper cleanups + + -- Zed Pobre Wed, 2 Feb 2005 17:29:28 -0600 + +libmodplug (1:0.7-3) unstable; urgency=low + + * Acknowledge NMU. (closes: #267204) + * Fixed Makefile.in locations in clean: target. + * Changed "copyright" to "license" when describing the license in + debian/copyright. + * Make the shlibs force a version >= 1:0.7-1 to be safe. + + -- Zed Pobre Fri, 10 Sep 2004 14:05:53 -0500 + +libmodplug (1:0.7-2.1) unstable; urgency=high + + * NMU + * debian/control: (Closes: #267204) + - removed build-dependency on libxmms-dev, libglib2.0-dev; + - libmodplug-dev now depends on libmodplug (= ${Source-Version}) + * debian/rules: enable CFLAGS and CXXFLAGS, set to "-O2", so that the + "-g" flag is inhibited. This makes the build slightly faster. + + -- Wolfgang Sourdeau Sat, 28 Aug 2004 23:05:11 -0400 + +libmodplug (1:0.7-2) unstable; urgency=high + + * Depends: libmodplug0, not Recommends. This is breaking builds of a + number of other packages, so the urgency is high. (closes: #266794) + * Standards-Version: 3.6.1.0 (no changes needed) + * Deleted unneeded manpage template. + + -- Zed Pobre Fri, 20 Aug 2004 10:02:24 -0500 + +libmodplug (1:0.7-1) unstable; urgency=low + + * libmodplug split off from modplugxmms + * Epoch needed, as actual version of libmodplug is lower than the + version of modplugxmms from which it was forked. + + -- Zed Pobre Mon, 2 Aug 2004 14:02:18 -0500 + +modplugxmms (2.05-1) unstable; urgency=low + + * New upstream version (closes: #262960) + + -- Zed Pobre Mon, 2 Aug 2004 13:18:12 -0500 + +modplugxmms (2.04-2) unstable; urgency=low + + * Corrected outdated README.Debian information. + * Arch: any (removed hppa exclusion) (closes: #126985 again) + * Add Conflicts/Replaces lines to debian/control for libmodplug0 and + libmodplug-dev to allow clean upgrade from the NMU. (closes: #199840) + * Added libmodplug_la_LIBADD = -lstdc++ to libmodplug/Makefile.am to + force the module to be compiled against libstdc++ to correct some + problems other programs may have linking against it (thanks to Sam + Hocevar for this). + + -- Zed Pobre Thu, 3 Jul 2003 10:10:36 -0500 + +modplugxmms (2.04-1) unstable; urgency=low + + * New upstream version. (closes: #147604) + - This is the first version that actually compiles properly with gcc + 3.x. (closes: #126985) + - A new binary is included, modplugplay, that I have for now stowed + in the xmms-modplug binary package. Since this is a self-standing + player, the Depends: xmms in xmms-modplug has been demoted to a + Recommends. + * ** WARNING FOR PEOPLE THAT HAVE USED THE NMU VERSIONS (2.04-0.x) ** + - If you have created any files that have made use of libmodplug as + provided in the NMU, be aware that the files are now in a different + binary package (libmodplug0 and libmodplug-dev), and if you created + any packages, your dependencies are now wrong. + - I have not used any of the NMU code due to an absolute lack of any + attempt at coordination with me on the part of the uploader. + However, everything that was fixed there should be fixed here as + well. + * This version corrects endianness issues that were causing it + to play nothing but noise on PowerPC (closes: #196941) + * Backed out gcc/g++3.2 changes that I had started to make, since + upstream seems to have taken care of things fairly well. + * Backed out uint32 change in gui/main.cpp (no longer needed) + * Edited modplugxmms/Makefile.am to force the libtool relinking to + search the ../libtool/.libs directory for libmodplug.so. This removes + the circular build-dependency described below under the changes from + 2.02-1. + * Fixed the Author(s) to Authors in debian/copyright + * Changed build-dependency from libglib1.2-dev to libglib2.0-dev + -- CHANGES FROM 2.03-1 (not uploaded) -- + * New upstream version. This still does not compile. + * Recommends: unzip, bzip2. Note that the xmms-modplug may refuse to + play some zip files created in MS Windows until they have been + decompressed and recompressed with standard zip. + * Removed emacs stuff from changelog + -- CHANGES FROM 2.02-1 (not uploaded) -- + * New upstream version. New upstream maintainer. (closes: #147604) + * Supposedly works fine now under gcc 3.x. It doesn't (tested against + gcc/g++3.2, but it's different things breaking now than before). + * modplugxmms/gui/main.cpp modified to use stringstream instead of + strstream. -- Nope, backed out. This would require changes to the + headers as well that I will need more time to deal with. I need + someone else to help me do c++ cleanup, please. + * modplugxmms/gui/main.cpp: counter i changed from uint32 to unsigned + long int. I'm surprised that it compiles for anyone without this. + * libmodplug.so is a separate library built by the program that is + required by the libmodplugxmms.so plugin to XMMS. This library must + be in /usr/lib at make install time, or libmodplugxmms will fail to + build and install (though the make process does not abort with error, + making it easy to miss). I have split libmodplug out into separate + lib and -dev packages. Thanks to Joanne Hunter + for helping me figure this out. + (closes: #190993) + * The above introduces a circular build dependency, of a sort (and this + has been entered into the Build-Depends) -- the package will + successfully build without the libmodplug0 and libmodplug-dev packages + installed, but it will create an xmms-modplug package with no plugin. + If the libmodplug packages are then installed and the package is + rebuilt, it will rebuild all packages correctly. This may be + correctable inside the main source, but I don't have time to work on + it properly at the moment. Patches welcome. + * Noted the above in README.Debian. + * This version correctly handles the .rar file that was crashing it + before (closes: #148166) + * This version will still crash if fed a .rar file when unrar is not + installed. I am tempted to remove .rar support entirely for this + reason, since unrar is an egregiously non-free utility anyway, but I + am leaving it in for now. + + -- Zed Pobre Mon, 23 Jun 2003 20:16:14 -0500 + +modplugxmms (2.04-0.3) unstable; urgency=low + + * NMU. + * debian/control: + + Added a build dependency on libglib2.0-dev so that we get the + AM_GLIB_GNU_GETTEXT macro. + * debian/rules: + + Removed the .la file from /usr/lib/xmms. + * Linked libmodplug.so with libstdc++. + + -- Sam Hocevar (Debian packages) Sat, 21 Jun 2003 19:27:10 +0200 + +modplugxmms (2.04-0.2) unstable; urgency=low + + * NMU (RC bug more than one year old). + * New upstream release (Closes: #147604). + + Upstream fixed endianness issues for PPC (Closes: #196941). + + Upstream fixed gcc3 builds (Closes: #126985). + * debian/control: + + Set policy to 3.5.10. + + Build-depend on debhelper (>=2.0). + + Added trailing slashes to URLs. + + We recommend unzip and bzip2 because they are needed to uncompress some + module formats. + + Ditto for unrar, but we merely suggest it since it is non-free. + * debian/rules: + + Set prefix to /usr everywhere to fix installation issues. + + Added a call to dh_makeshlibs. + + Removed the override file. + * debian/copyright: + + Replaced "Author(s)" with "Author". + * Removed spurious debian/manpage.sgml.ex file. + + -- Sam Hocevar (Debian packages) Sat, 21 Jun 2003 16:30:23 +0200 + +modplugxmms (2.0-1) unstable; urgency=low + + * New upstream version. Upstream maintainer is looking for someone to + take over development from him, so if you have an interest in this + package, send him e-mail at temporal@gauge3d.org. + * PowerPC patches have been integrated upstream. + * Integrated a few C++ fixes to make a slight dent in the g++-3.0 build + failures. Unfortunately, the code makes extensive use of procbuf.h, + which has gone away with g++-3.0, so I'm removing hppa from the arch + list for now and downgrading the bug. Someone will need to port this + section to g++-3.0, which is more than I have time or skill for. + * Standards-Version: 3.5.6 (no changes needed) + * Problem with DESTDIR not being handled correctly fixed upstream; + workaround removed in debian/rules. Unfortunately, libmodplug.so is + now being dumped in /usr/lib instead of /usr/lib/xmms/Input, so it + has to be moved in the debian/rules install target. + * I originally packaged this back in March, but because the resulting so + file was not visible to XMMS, it was never uploaded. + + -- Zed Pobre Tue, 21 May 2002 20:59:28 -0500 + +modplugxmms (1.5a-2) unstable; urgency=low + + * Added Build-Depends on libtool (closes: #104981) + * Applied patches from Adam Goode to get it working on + PowerPC (closes: #95221). Thanks Adam! Sorry for the delay. + * Call aclocal, automake, autoconf after libtoolize -f to get a correct + configure script. Add automake and autoconf to Build-Depends. + * Do $(MAKE) distclean before removing specific files to make sure we + don't delete anything that $(MAKE) distclean needs to succeed. + + -- Zed Pobre Sun, 15 Jul 2001 12:30:52 -0500 + +modplugxmms (1.5a-1) unstable; urgency=low + + * New upstream version, includes preamp bugfix patch upstream, *really* + supports polyphase and 8-tap sampling now, and other bugfixes. + * Added dependency on xmms. + * INSTALL file removed. + + -- Zed Pobre Sun, 25 Feb 2001 19:29:07 -0600 + +modplugxmms (1.5-2) unstable; urgency=low + + * Upstream bugfix to fix the problem that the preamp volume isn't + properly saved in the config file. + + -- Zed Pobre Sat, 27 Jan 2001 09:50:03 -0600 + +modplugxmms (1.5-1) unstable; urgency=low + + * New upstream version (support for MT2 and PSM mod formats and + polyphase sampling). + * Pitch bend problem fixed (closes: #76255) + + -- Zed Pobre Thu, 25 Jan 2001 22:58:25 -0600 + +modplugxmms (1.3a-3) unstable; urgency=low + + * Added libtoolize -f to debian/rules to update config.guess, + config.sub, ltconfig, and ltmain.sh to fix ARM/HURD breakage (those + files are now removed on clean) (closes: #78669) + * Moved to DH_COMPAT=2 + * Moved override.Lintian to /usr/share/lintian/overrides/xmms-modplug + * Removed extraneous /usr/bin and /usr/sbin directories + * Thanks to Eduard Bloch for the patches for the last + two entries. + * Added a watch file + * Removed a number of example files from the debian/ directory that I + figured I probably wouldn't need to keep for this package. + * Added a note to README.Debian about having to disable the XMMS default + modplayer plugin before this one will work. + + -- Zed Pobre Mon, 1 Jan 2001 17:24:14 -0600 + +modplugxmms (1.3a-2) unstable; urgency=low + + * Added xmms-dev and libglib1.2-dev (this is weird, since the configure + script uses glib-config to set an include path for glib, but the + module doesn't link to it). Closes: #72576 + + -- Zed Pobre Sat, 30 Sep 2000 11:21:03 -0500 + +modplugxmms (1.3a-1) unstable; urgency=low + + * Initial Release. + + -- Zed Pobre Sat, 2 Sep 2000 20:32:25 -0500 --- libmodplug-0.8.8.4.orig/debian/compat +++ libmodplug-0.8.8.4/debian/compat @@ -0,0 +1 @@ +5 --- libmodplug-0.8.8.4.orig/debian/control +++ libmodplug-0.8.8.4/debian/control @@ -0,0 +1,41 @@ +Source: libmodplug +Build-Depends: debhelper (>= 5.0.0), autoconf, automake1.11, autotools-dev, libtool, dpkg-dev (>= 1.16.1) +Section: libs +Priority: optional +Maintainer: Zed Pobre +Standards-Version: 3.9.4 +Vcs-Git: git://git.debian.org/git/collab-maint/libmodplug.git -b debian +Vcs-Browser: http://anonscm.debian.org/gitweb/?p=collab-maint/libmodplug.git + +Package: libmodplug1 +Architecture: any +Section: libs +Depends: ${misc:Depends}, ${shlibs:Depends} +Conflicts: xmms-modplug (<< 2.04-1) +Replaces: xmms-modplug (<< 2.04-1) +Description: shared libraries for mod music based on ModPlug + Module files (MOD music, tracker music) are a family of music file + formats originating from the MOD file format on Amiga systems used in + late 1980s. + . + This is a library based on the mod music rendering code from ModPlug, + a popular Windows mod player written by Olivier Lapicque, found at + http://www.modplug.com. +Homepage: http://modplug-xmms.sourceforge.net/ + +Package: libmodplug-dev +Architecture: all +Section: libdevel +Depends: libmodplug1 (>= ${source:Version}), libmodplug1 (<< ${source:Version}.1~), ${misc:Depends} +Conflicts: xmms-modplug (<< 2.04-1) +Replaces: xmms-modplug (<< 2.04-1) +Description: development files for mod music based on ModPlug + Module files (MOD music, tracker music) are a family of music file + formats originating from the MOD file format on Amiga systems used in + late 1980s. + . + This package contains the header files and .so symlinks required to + compile code against libmodplug, a library based on the mod rendering + code from ModPlug, a popular Windows mod player written by Olivier + Lapicque, found at http://www.modplug.com. +Homepage: http://modplug-xmms.sourceforge.net --- libmodplug-0.8.8.4.orig/debian/copyright +++ libmodplug-0.8.8.4/debian/copyright @@ -0,0 +1,41 @@ +This package was originally debianized by Zed Pobre +on Sat, 2 Sep 2000 20:32:25 -0500. + +It was downloaded from http://modplug-xmms.sourceforge.net + +Upstream Authors: + Current XMMS modplug maintainer: + Konstanty Bialkowski + + Original XMMS plugin: + Kenton Varda + + Sound Engine: + Olivier Lapicque + + BZip2 support: + Colin DeVilbiss + + Spline and Fir resamplers: + Markus Fick + + Endianness Fixes: + Adam Goode + + Endianness Fixes + Implementation of C 24bit,32bit functions: + Marco Trillo + + Fixes to AGC/Clipping, Frequency Limit, Other Fixes: + Alistair John Strachan + + AMD64 Fix (long long vs long vs int) + Tyler Montbriand + + Copyright 2002-2003 Kenton Varda , + Olivier Lapicque , + Colin DeVilbiss , + Markus Fick , + Adam Goode + + +License: Public Domain --- libmodplug-0.8.8.4.orig/debian/docs +++ libmodplug-0.8.8.4/debian/docs @@ -0,0 +1,2 @@ +README +TODO --- libmodplug-0.8.8.4.orig/debian/override.Lintian +++ libmodplug-0.8.8.4/debian/override.Lintian @@ -0,0 +1 @@ +xmms-modplug: no-shlibs-control-file usr/lib/xmms/Input/libmodplug.so --- libmodplug-0.8.8.4.orig/debian/rules +++ libmodplug-0.8.8.4/debian/rules @@ -0,0 +1,101 @@ +#!/usr/bin/make -f +# Uncomment this to turn on verbose mode. +#export DH_VERBOSE=1 + +CC=gcc +CXX=g++ +PACKAGE=libmodplug1 +LIBRARY=libmodplug1 +DEV=libmodplug-dev +major=1 +version=1.0.0 + +configure: configure-stamp +configure-stamp: + dh_testdir + + libtoolize --copy --force + aclocal + autoconf + autoheader + automake --add-missing --copy + + CC="$(CC)" CXX="$(CXX)" $(shell dpkg-buildflags --export=configure) \ + ./configure --prefix=/usr \ + --mandir=\$${prefix}/share/man \ + --infodir=\$${prefix}/share/info + + touch configure-stamp + +build: build-stamp +build-stamp: configure-stamp + dh_testdir + $(MAKE) + touch build-stamp + +clean: + dh_testdir + test ! -f Makefile || $(MAKE) distclean + rm -f build-stamp configure-stamp + rm -f config.guess config.sub ltconfig conftest conftest.o + rm -f aclocal.m4 config.h.in configure config.log + rm -f Makefile.in src/Makefile.in + rm -f ltmain.sh + dh_clean + +install: build + dh_testdir + dh_testroot + dh_clean -k + dh_installdirs + + $(MAKE) install DESTDIR=`pwd`/debian/$(DEV) + cp src/libmodplug/*.h `pwd`/debian/$(DEV)/usr/include/libmodplug + rm `pwd`/debian/$(DEV)/usr/lib/libmodplug.la + + dh_movefiles --sourcedir=debian/$(DEV) -p$(LIBRARY) \ + usr/lib/libmodplug.so.$(major) \ + usr/lib/libmodplug.so.$(version) + +binary-indep: build install + dh_testdir + dh_testroot + dh_installdocs -i + dh_installexamples -i + dh_installcron -i + dh_installman -i + dh_installinfo -i + dh_installchangelogs -i ChangeLog + dh_link -i + dh_strip -i + dh_compress -i + dh_fixperms -i + dh_makeshlibs -i + dh_installdeb -i + dh_shlibdeps -i + dh_gencontrol -i + dh_md5sums -i + dh_builddeb -i + +binary-arch: build install + dh_testdir + dh_testroot + dh_installdocs -a + dh_installexamples -a + dh_installcron -a + dh_installman -a + dh_installinfo -a + dh_installchangelogs -a ChangeLog + dh_link -a + dh_strip -a + dh_compress -a + dh_fixperms -a + dh_makeshlibs -a + dh_installdeb -a + dh_shlibdeps -a + dh_gencontrol -a + dh_md5sums -a + dh_builddeb -a + +binary: binary-indep binary-arch +.PHONY: build clean binary-indep binary-arch binary-common binary install --- libmodplug-0.8.8.4.orig/libmodplug.pc.in +++ libmodplug-0.8.8.4/libmodplug.pc.in @@ -9,4 +9,4 @@ Requires: Libs: -L${libdir} -lmodplug Libs.private: -lstdc++ -lm -Cflags: -I${includedir} -I${includedir}/libmodplug +Cflags: -I${includedir} --- libmodplug-0.8.8.4.orig/src/load_abc.cpp +++ libmodplug-0.8.8.4/src/load_abc.cpp @@ -24,6 +24,7 @@ All systems - all compilers (hopefully) */ +#include #include #include #include @@ -461,7 +462,10 @@ fseek(fp, 0, SEEK_END); len = ftell(fp); mmfile = (MMFILE *)malloc(len+sizeof(MMFILE)); - if( !mmfile ) return NULL; + if( !mmfile ) { + fclose(fp); + return NULL; + } fseek(fp, 0, SEEK_SET); fread(&mmfile[1],1,len,fp); fclose(fp); @@ -1251,7 +1255,7 @@ tp = h->tp; vp = tp->tiedvpos; if( tp->vpos != vp ) { - // chord note track allready returned in previous call + // chord note track already returned in previous call for( tp = h->track; tp; tp = tp->next ) { if( tp->vno == vn && tp->vpos == vp ) { tp->tiedvpos = h->tp->vpos; @@ -1811,7 +1815,8 @@ static void abc_set_parts(char **d, char *p) { - int i,j,k,m,n; + int i,k,m,n; + size_t j, size; char *q; #ifdef NEWMIKMOD static MM_ALLOC *h; @@ -1849,10 +1854,12 @@ i += n-1; } } - q = (char *)_mm_calloc(h, j+1, sizeof(char)); // enough storage for the worst case + // even if j overflows above, it will only wrap around and still be okay + size = ( j > INT_MAX )? INT_MAX : j; + q = (char *)_mm_calloc(h, size, sizeof(char)); // enough storage for the worst case // now copy bytes from p to *d, taking parens and digits in account j = 0; - for( i=0; p[i] && p[i] != '%'; i++ ) { + for( i=0; p[i] && p[i] != '%' && j < size && i < size; i++ ) { if( isdigit(p[i]) || isupper(p[i]) || p[i] == '(' || p[i] == ')' ) { if( p[i] == ')' ) { for( n=j; n > 0 && q[n-1] != '('; n-- ) ; // find open paren in q @@ -3201,27 +3208,33 @@ static int abc_MIDI_drum(const char *p, ABCHANDLE *h) { char *q; - int i,n,m; + int i, n, m, len; while( isspace(*p) ) p++; if( !strncmp(p,"on",2) && (isspace(p[2]) || p[2] == '\0') ) return 2; if( !strncmp(p,"off",3) && (isspace(p[3]) || p[3] == '\0') ) return 1; - n = 0; + n = 0; len = 0; for( q = h->drum; *p && !isspace(*p); p++ ) { if( !strchr("dz0123456789",*p) ) break; - *q++ = *p; - if( !isdigit(*p) ) { - if( !isdigit(p[1]) ) *q++ = '1'; + *q++ = *p; len++; + if( !isdigit(*p) && len < sizeof(h->drum)-1 ) { + if( !isdigit(p[1]) ) { *q++ = '1'; len ++; } n++; // count the silences too.... } + if (len >= sizeof(h->drum)-1) { + // consume the rest of the input + // definitely enough "drum last state" stored. + while ( *p && !isspace(*p) ) p++; + break; + } } *q = '\0'; q = h->drumins; for( i = 0; idrum[i*2] == 'd' ) { - while( isspace(*p) ) p++; + while( *p && isspace(*p) ) p++; if( !isdigit(*p) ) { m = 0; - while( !isspace(*p) ) p++; + while( *p && !isspace(*p) ) p++; } else p += abc_getnumber(p,&m); @@ -3232,10 +3245,10 @@ q = h->drumvol; for( i = 0; idrum[i*2] == 'd' ) { - while( isspace(*p) ) p++; + while( *p && isspace(*p) ) p++; if( !isdigit(*p) ) { m = 0; - while( !isspace(*p) ) p++; + while( *p && !isspace(*p) ) p++; } else p += abc_getnumber(p,&m); @@ -3250,13 +3263,20 @@ static int abc_MIDI_gchord(const char *p, ABCHANDLE *h) { char *q; + int len = 0; while( isspace(*p) ) p++; if( !strncmp(p,"on",2) && (isspace(p[2]) || p[2] == '\0') ) return 2; if( !strncmp(p,"off",3) && (isspace(p[3]) || p[3] == '\0') ) return 1; for( q = h->gchord; *p && !isspace(*p); p++ ) { if( !strchr("fbcz0123456789ghijGHIJ",*p) ) break; - *q++ = *p; - if( !isdigit(*p) && !isdigit(p[1]) ) *q++ = '1'; + *q++ = *p; len++; + if( !isdigit(*p) && len < sizeof(h->gchord)-1 && !isdigit(p[1]) ) { *q++ = '1'; len ++; } + if (len >= sizeof(h->gchord)-1) { + // consume the rest of the input + // definitely enough "drum last state" stored. + while ( *p && !isspace(*p) ) p++; + break; + } } *q = '\0'; return 0; --- libmodplug-0.8.8.4.orig/src/load_amf.cpp +++ libmodplug-0.8.8.4/src/load_amf.cpp @@ -266,7 +266,7 @@ if ((pfh->szAMF[0] != 'A') || (pfh->szAMF[1] != 'M') || (pfh->szAMF[2] != 'F') || (pfh->version < 10) || (pfh->version > 14) || (!bswapLE16(pfh->numtracks)) || (!pfh->numorders) || (pfh->numorders > MAX_PATTERNS) - || (!pfh->numsamples) || (pfh->numsamples > MAX_SAMPLES) + || (!pfh->numsamples) || (pfh->numsamples >= MAX_SAMPLES) || (pfh->numchannels < 4) || (pfh->numchannels > 32)) return FALSE; memcpy(m_szNames[0], pfh->title, 32); --- libmodplug-0.8.8.4.orig/src/load_dsm.cpp +++ libmodplug-0.8.8.4/src/load_dsm.cpp @@ -107,7 +107,7 @@ m_nDefaultGlobalVolume = psong->globalvol << 2; if ((!m_nDefaultGlobalVolume) || (m_nDefaultGlobalVolume > 256)) m_nDefaultGlobalVolume = 256; m_nSongPreAmp = psong->mastervol & 0x7F; - for (UINT iOrd=0; iOrdorders); iOrd++) { Order[iOrd] = (BYTE)((iOrd < psong->numord) ? psong->orders[iOrd] : 0xFF); } --- libmodplug-0.8.8.4.orig/src/load_med.cpp +++ libmodplug-0.8.8.4/src/load_med.cpp @@ -695,7 +695,7 @@ { for (UINT i8ch=0; i8ch<4; i8ch++) { - if (pmex->channelsplit[i8ch]) --m_nChannels; + if (pmex->channelsplit[i8ch]) m_nChannels++; } } // Song Comments --- libmodplug-0.8.8.4.orig/src/load_mid.cpp +++ libmodplug-0.8.8.4/src/load_mid.cpp @@ -1456,10 +1456,14 @@ else h->divider = h->resolution; h->divider <<= 2; // ticks per quartnote ==> ticks per note + if (!h->divider) h->divider = 1; h->tempo = 122; m_nDefaultTempo = 0; h->tracktime = 0; h->speed = 6; + if (h->miditracks == 0) { + return FALSE; + } p = (BYTE *)getenv(ENV_MMMID_SPEED); if( p && isdigit(*p) && p[0] != '0' && p[1] == '\0' ) { // transform speed @@ -1789,7 +1793,10 @@ mid_adjust_for_optimal_tempo(h, maxtempo); } if( maxtempo > 0 ) m_nDefaultTempo = (255 * m_nDefaultTempo) / maxtempo; + numpats = 1 + (modticks(h, h->tracktime) / h->speed / 64 ); + if (numpats > MAX_PATTERNS) numpats = MAX_PATTERNS; + if( h->verbose ) printf("Generating %d patterns with speed %d\n", numpats, h->speed); #ifdef NEWMIKMOD if( !of->songname ) of->songname = DupStr(of->allochandle, "Untitled", 8); @@ -1842,6 +1849,8 @@ m_dwSongFlags = SONG_LINEARSLIDES; m_nMinPeriod = 28 << 2; m_nMaxPeriod = 1712 << 3; + if (m_nChannels == 0) + return FALSE; // orderlist for(t=0; t < numpats; t++) Order[t] = t; --- libmodplug-0.8.8.4.orig/src/load_mtm.cpp +++ libmodplug-0.8.8.4/src/load_mtm.cpp @@ -56,7 +56,7 @@ if ((strncmp(pmh->id, "MTM", 3)) || (pmh->numchannels > 32) || (pmh->numsamples >= MAX_SAMPLES) || (!pmh->numsamples) || (!pmh->numtracks) || (!pmh->numchannels) - || (!pmh->lastpattern) || (pmh->lastpattern > MAX_PATTERNS)) + || (!pmh->lastpattern) || (pmh->lastpattern >= MAX_PATTERNS)) return FALSE; strncpy(m_szNames[0], pmh->songname, 20); m_szNames[0][20] = 0; --- libmodplug-0.8.8.4.orig/src/load_pat.cpp +++ libmodplug-0.8.8.4/src/load_pat.cpp @@ -562,7 +562,8 @@ } } _mm_read_UBYTES((BYTE *)hw, sizeof(WaveHeader), mmpat); - strncpy(hw->reserved, hl.reserved, 36); + strncpy(hw->reserved, hl.reserved, 32); + hw->reserved[31] = 0; if( hw->start_loop >= hw->wave_size ) { hw->start_loop = 0; hw->end_loop = 0; @@ -625,7 +626,7 @@ static int pat_readpat_attr(int pat, WaveHeader *hw, int layer) { char fname[128]; - int fsize; + unsigned long fsize; MMSTREAM *mmpat; pat_build_path(fname, pat); mmpat = _mm_fopen(fname, "r"); @@ -1330,7 +1331,7 @@ #else s[31] = '\0'; memset(cs->m_szNames[smp], 0, 32); - strcpy(cs->m_szNames[smp], s); + strncpy(cs->m_szNames[smp], s, 32-1); q->nGlobalVol = 64; q->nPan = 128; q->uFlags = CHN_16BIT; @@ -1522,8 +1523,8 @@ } #else m_nType = MOD_TYPE_PAT; - m_nInstruments = h->samples + 1; // we know better but use each sample in the pat... - m_nSamples = h->samples + 1; // xmms modplug does not use slot zero + m_nInstruments = h->samples >= MAX_INSTRUMENTS-1 ? MAX_INSTRUMENTS-1 : h->samples + 1; // we know better but use each sample in the pat... + m_nSamples = h->samples >= MAX_SAMPLES-1 ? MAX_SAMPLES-1 : h->samples + 1; // xmms modplug does not use slot zero m_nDefaultSpeed = 6; m_nChannels = h->samples; numpat = t; --- libmodplug-0.8.8.4.orig/src/mmcmp.cpp +++ libmodplug-0.8.8.4/src/mmcmp.cpp @@ -1,6 +1,7 @@ /* * This source code is public domain. * + * Handles unpacking of Powerpack PP20 * Authors: Olivier Lapicque */ @@ -34,7 +35,7 @@ WORD sub_blk; WORD flags; WORD tt_entries; - WORD num_bits; + USHORT num_bits; } MMCMPBLOCK, *LPMMCMPBLOCK; typedef struct MMCMPSUBBLOCK @@ -145,7 +146,9 @@ { for (UINT i=0; isub_blk; i++) { - if ((psubblk->unpk_pos > dwFileSize) || (psubblk->unpk_pos + psubblk->unpk_size > dwFileSize)) break; + if ((psubblk->unpk_pos >= dwFileSize) || + (psubblk->unpk_size >= dwFileSize) || + (psubblk->unpk_size > dwFileSize - psubblk->unpk_pos)) break; #ifdef MMCMP_LOG Log(" Unpacked sub-block %d: offset %d, size=%d\n", i, psubblk->unpk_pos, psubblk->unpk_size); #endif @@ -155,7 +158,7 @@ } } else // Data is 16-bit packed - if (pblk->flags & MMCMP_16BIT) + if (pblk->flags & MMCMP_16BIT && pblk->num_bits < 16) { MMCMPBITBUFFER bb; LPWORD pDest = (LPWORD)(pBuffer + psubblk->unpk_pos); @@ -223,7 +226,7 @@ pDest = (LPWORD)(pBuffer + psubblk[subblk].unpk_pos); } } - } else + } else if (pblk->num_bits < 8) // Data is 8-bit packed { MMCMPBITBUFFER bb; @@ -283,6 +286,9 @@ pDest = pBuffer + psubblk[subblk].unpk_pos; } } + } else + { + return FALSE; } } *ppMemFile = pBuffer; --- libmodplug-0.8.8.4.orig/src/modplug.cpp +++ libmodplug-0.8.8.4/src/modplug.cpp @@ -240,7 +240,7 @@ } ModPlugNote* ModPlug_GetPattern(ModPlugFile* file,int pattern,unsigned int* numrows) { - if ( pattern= 0) { if (file->mSoundFile.Patterns[pattern]) { if (numrows) *numrows=(unsigned int)file->mSoundFile.PatternSize[pattern]; return (ModPlugNote*)file->mSoundFile.Patterns[pattern]; --- libmodplug-0.8.8.4.orig/src/sndfile.cpp +++ libmodplug-0.8.8.4/src/sndfile.cpp @@ -770,11 +770,11 @@ { UINT n = 0; if ((!m_nSamples) || (!m_nChannels) || (m_nType == MOD_TYPE_NONE)) return 0; - switch(m_nType) - { - case MOD_TYPE_MOD: n = MOD_TYPE_MOD; - case MOD_TYPE_S3M: n = MOD_TYPE_S3M; - } + if (m_nType & MOD_TYPE_MOD) + n |= MOD_TYPE_MOD; + if (m_nType & MOD_TYPE_S3M) + n |= MOD_TYPE_S3M; + // Can always save to XM & IT n |= MOD_TYPE_XM | MOD_TYPE_IT; if (!m_nInstruments) { @@ -789,7 +789,8 @@ //-------------------------------------------------------- { char sztmp[40] = ""; // changed from CHAR - memcpy(sztmp, m_szNames[nSample],32); + if (nSample < MAX_SAMPLES) + memcpy(sztmp, m_szNames[nSample], 32); sztmp[31] = 0; if (s) strcpy(s, sztmp); return strlen(sztmp);