3 files changed, 104 insertions, 5 deletions

diff --git a/community/dumb/CVE-2006-3668.patch b/community/dumb/CVE-2006-3668.patch
new file mode 100644
index 000000000..09d2fb68f
--- /dev/null
+++ b/community/dumb/CVE-2006-3668.patch
@@ -0,0 +1,16 @@
+Index: libdumb-0.9.3/src/it/itread.c
+===================================================================
+--- libdumb-0.9.3.orig/src/it/itread.c	2006-07-21 11:05:48.000000000 +0200
++++ libdumb-0.9.3/src/it/itread.c	2006-07-21 11:07:22.000000000 +0200
+@@ -292,6 +292,11 @@
+ 
+ 	envelope->flags = dumbfile_getc(f);
+ 	envelope->n_nodes = dumbfile_getc(f);
++	if(envelope->n_nodes > 25) {
++		TRACE("IT error: wrong number of envelope nodes (%d)\n", envelope->n_nodes);
++		envelope->n_nodes = 0;
++		return -1;
++	}
+ 	envelope->loop_start = dumbfile_getc(f);
+ 	envelope->loop_end = dumbfile_getc(f);
+ 	envelope->sus_loop_start = dumbfile_getc(f);
diff --git a/community/dumb/PKGBUILD b/community/dumb/PKGBUILD
index 368c1cc9e..00551dd5f 100644
--- a/community/dumb/PKGBUILD
+++ b/community/dumb/PKGBUILD
@@ -4,20 +4,31 @@
 
 pkgname=dumb
 pkgver=0.9.3
-pkgrel=5
+pkgrel=6
 pkgdesc="An IT, XM, S3M and MOD player library"
 arch=('i686' 'x86_64' 'mips64el')
 license=('custom:dumb' 'GPL')
 url="http://dumb.sourceforge.net/"
 depends=('glibc' 'allegro4')
-source=(http://downloads.sourceforge.net/sourceforge/dumb/$pkgname-$pkgver.tar.gz)
-md5sums=('f48da5b990aa8aa822d3b6a951baf5c2')
+source=(http://downloads.sourceforge.net/sourceforge/dumb/$pkgname-$pkgver.tar.gz
+        as-needed.patch
+        CVE-2006-3668.patch)
+md5sums=('f48da5b990aa8aa822d3b6a951baf5c2'
+         '580676387b07d3b5998bbd525df2df52'
+         'e1378e2eb30346073ee188608ac2c9e7')
 
 build() {
   cd "$srcdir/$pkgname-$pkgver"
   [ "${CARCH}" != "i686" ] && export CFLAGS="${CFLAGS} -fPIC"
-  # Create the directories which the Makefile somehow fails to create
-  install -d lib/unix/{debug,release}
+
+  # Fix CVE-2006-3668 (Patch found in Gentoo and other distros).
+  patch -p1 < "$srcdir/CVE-2006-3668.patch"
+
+  # Apply a patch from Gentoo, so that we can build against binutils
+  # 2.22 and above.
+  patch -p1 < "$srcdir/as-needed.patch"
+  sed -i '/LDFLAGS :=/d' Makefile
+  cp Makefile Makefile.rdy
 
   # Make with Allegro support
   # Upstream's make process is interactive, and we can't simply pass
diff --git a/community/dumb/as-needed.patch b/community/dumb/as-needed.patch
new file mode 100644
index 000000000..6d482d196
--- /dev/null
+++ b/community/dumb/as-needed.patch
@@ -0,0 +1,72 @@
+diff -Naur dumb.orig/Makefile dumb/Makefile
+--- dumb.orig/Makefile	2003-04-03 16:34:18.000000000 -0800
++++ dumb/Makefile	2004-07-06 14:43:38.158063165 -0700
+@@ -199,11 +199,11 @@
+ ALLEGRO_EXAMPLES_EXE := $(addprefix examples/, $(notdir $(patsubst %.c, %$(EXE_SUFFIX), $(ALLEGRO_EXAMPLES))))
+ 
+ 
+-CORE_LIB_FILE_RELEASE := $(LIBDIR)/libdumb.a
+-ALLEGRO_LIB_FILE_RELEASE := $(LIBDIR)/libaldmb.a
++CORE_LIB_FILE_RELEASE := $(LIBDIR)/libdumb.so
++ALLEGRO_LIB_FILE_RELEASE := $(LIBDIR)/libaldmb.so
+ 
+-CORE_LIB_FILE_DEBUG := $(LIBDIR)/libdumbd.a
+-ALLEGRO_LIB_FILE_DEBUG := $(LIBDIR)/libaldmd.a
++CORE_LIB_FILE_DEBUG := $(LIBDIR)/libdumbd.so
++ALLEGRO_LIB_FILE_DEBUG := $(LIBDIR)/libaldmd.so
+ 
+ 
+ core: $(CORE_LIB_FILE_RELEASE) $(CORE_LIB_FILE_DEBUG)
+@@ -272,22 +272,22 @@
+ 
+ OBJDIR := $(OBJDIR_BASE)/release
+ CFLAGS := $(CFLAGS_RELEASE)
+-CORE_LIB_FILE := $(LIBDIR)/libdumb.a
+-ALLEGRO_LIB_FILE := $(LIBDIR)/libaldmb.a
++CORE_LIB_FILE := $(LIBDIR)/libdumb.so
++ALLEGRO_LIB_FILE := $(LIBDIR)/libaldmb.so
+ include make/Makefile.inc
+ 
+ OBJDIR := $(OBJDIR_BASE)/debug
+ CFLAGS := $(CFLAGS_DEBUG)
+-CORE_LIB_FILE := $(LIBDIR)/libdumbd.a
+-ALLEGRO_LIB_FILE := $(LIBDIR)/libaldmd.a
++CORE_LIB_FILE := $(LIBDIR)/libdumbd.so
++ALLEGRO_LIB_FILE := $(LIBDIR)/libaldmd.so
+ include make/Makefile.inc
+ 
+ 
+ $(CORE_EXAMPLES_EXE): examples/%$(EXE_SUFFIX): examples/%.o $(CORE_LIB_FILE_RELEASE)
+-	$(CC) $^ -o $@ $(LDFLAGS) $(LINK_MATH)
++	$(CC) $^ -o $@ $(LDFLAGS) $(LINK_MATH)
+ 
+ $(ALLEGRO_EXAMPLES_EXE): examples/%$(EXE_SUFFIX): examples/%.o $(ALLEGRO_LIB_FILE_RELEASE) $(CORE_LIB_FILE_RELEASE)
+-	$(CC) $^ -o $@ $(LDFLAGS) $(LINK_ALLEGRO)
++	$(CC) $^ -o $@ $(LDFLAGS) $(LINK_ALLEGRO)
+ 
+ $(CORE_EXAMPLES_OBJ): examples/%.o: examples/%.c include/dumb.h
+ 	$(CC) -c $< -o $@ $(CFLAGS_RELEASE)
+diff -Naur dumb.orig/make/Makefile.inc dumb/make/Makefile.inc
+--- dumb.orig/make/Makefile.inc	2003-04-03 16:34:18.000000000 -0800
++++ dumb/make/Makefile.inc	2004-07-06 14:37:13.082037585 -0700
+@@ -10,8 +10,8 @@
+ # accurately, create a local copy of the current CFLAGS variable. This is
+ # necessary because Make doesn't expand variables in commands until they are
+ # executed.
+-$(CORE_LIB_FILE): CFLAGS := $(CFLAGS)
+-$(ALLEGRO_LIB_FILE): CFLAGS := $(CFLAGS)
++$(CORE_LIB_FILE): CFLAGS := $(CFLAGS) -fPIC -DPIC
++$(ALLEGRO_LIB_FILE): CFLAGS := $(CFLAGS) -fPIC -DPIC
+ 
+ 
+ $(OBJDIR)/%.o: src/core/%.c include/dumb.h include/internal/dumb.h
+@@ -28,7 +28,7 @@
+ 	$(CC) -c -o $@ $< $(CFLAGS) $(WFLAGS_ALLEGRO)
+ 
+ $(CORE_LIB_FILE): $(CORE_OBJECTS)
+-	$(AR) rs $@ $^
++	$(CC) -shared -o $@ $(LDFLAGS) -Wl,-shared,-soname,$(shell basename $@) $^ -lm
+ 
+ $(ALLEGRO_LIB_FILE): $(ALLEGRO_OBJECTS)
+-	$(AR) rs $@ $^
++	$(CC) -shared -o $@ -Llib/unix $(LDFLAGS) -Wl,-shared,-soname,$(shell basename $@) $^ -ldumb