--- libdumb-0.9.3.orig/debian/compat
+++ libdumb-0.9.3/debian/compat
@@ -0,0 +1 @@
+4
--- libdumb-0.9.3.orig/debian/patches/010_extra_flags.diff
+++ libdumb-0.9.3/debian/patches/010_extra_flags.diff
@@ -0,0 +1,13 @@
+--- libdumb-0.9.3.orig/Makefile
++++ libdumb-0.9.3/Makefile
+@@ -231,8 +231,8 @@
+ endif
+ endif
+
+-CFLAGS_RELEASE := -Iinclude $(WFLAGS) $(OFLAGS)
+-CFLAGS_DEBUG := -Iinclude $(WFLAGS) $(DBGFLAGS)
++CFLAGS_RELEASE := -Iinclude $(WFLAGS) $(OFLAGS) $(CFLAGS_EXTRA)
++CFLAGS_DEBUG := -Iinclude $(WFLAGS) $(DBGFLAGS) $(CFLAGS_EXTRA)
+
+ LDFLAGS := -s
+
--- libdumb-0.9.3.orig/debian/patches/100_CVE-2006-3668.diff
+++ libdumb-0.9.3/debian/patches/100_CVE-2006-3668.diff
@@ -0,0 +1,16 @@
+Index: libdumb-0.9.3/src/it/itread.c
+===================================================================
+--- libdumb-0.9.3.orig/src/it/itread.c 2006-07-21 11:05:48.000000000 +0200
++++ libdumb-0.9.3/src/it/itread.c 2006-07-21 11:07:22.000000000 +0200
+@@ -292,6 +292,11 @@
+
+ envelope->flags = dumbfile_getc(f);
+ envelope->n_nodes = dumbfile_getc(f);
++ if(envelope->n_nodes > 25) {
++ TRACE("IT error: wrong number of envelope nodes (%d)\n", envelope->n_nodes);
++ envelope->n_nodes = 0;
++ return -1;
++ }
+ envelope->loop_start = dumbfile_getc(f);
+ envelope->loop_end = dumbfile_getc(f);
+ envelope->sus_loop_start = dumbfile_getc(f);
--- libdumb-0.9.3.orig/debian/patches/series
+++ libdumb-0.9.3/debian/patches/series
@@ -0,0 +1,2 @@
+010_extra_flags.diff -p1
+100_CVE-2006-3668.diff
--- libdumb-0.9.3.orig/debian/changelog
+++ libdumb-0.9.3/debian/changelog
@@ -0,0 +1,109 @@
+libdumb (1:0.9.3-5.1) unstable; urgency=low
+
+ * Non-maintainer upload.
+ * Update debian/rules to use new tail syntax (Closes: #470968)
+ - use tail -n +2 instead of tail +2
+
+ -- Andreas Henriksson <andreas@fatal.se> Tue, 01 Apr 2008 13:01:27 +0200
+
+libdumb (1:0.9.3-5) unstable; urgency=critical
+
+ * Set urgency=critical because of security fix.
+
+ * debian/patches/100_CVE-2006-3668.diff:
+ + Fix for CVE-2006-3668 "Heap-based buffer overflow in the it_read_envelope
+ function in Dynamic Universal Music Bibliotheque (DUMB) 0.9.3 and
+ earlier, and current CVS as of 20060716, allows user-complicit attackers
+ to execute arbitrary code via a ".it" (Impulse Tracker) file with an
+ enveloper with a large number of nodes." (Closes: #379064).
+
+ * debian/control:
+ + Set policy to 3.7.2.
+
+ -- Sam Hocevar (Debian packages) <sam+deb@zoy.org> Fri, 21 Jul 2006 11:07:45 +0200
+
+libdumb (1:0.9.3-4) unstable; urgency=low
+
+ + Build-depend on liballegro4.2-dev (>= 2:4.2.0-4) to fix the missing
+ libxcursor-dev build-dependency (Closes: #360190).
+
+ -- Sam Hocevar (Debian packages) <sam+deb@zoy.org> Fri, 31 Mar 2006 11:21:00 +0200
+
+libdumb (1:0.9.3-3) unstable; urgency=low
+
+ * debian/rules
+ + Removed the -lalleg_unsharable stripping.
+ * debian/control:
+ + Build-depend on liballegro4.2-dev (>= 2:4.2.0-2) (Closes: #360140).
+
+ -- Sam Hocevar (Debian packages) <sam+deb@zoy.org> Thu, 30 Mar 2006 22:52:14 +0200
+
+libdumb (1:0.9.3-2) unstable; urgency=low
+
+ * Moved development to Alioth.
+ * debian/rules
+ + Switched to quilt for patch handling.
+ * debian/control:
+ + Build-depend on quilt.
+
+ -- Sam Hocevar (Debian packages) <sam+deb@zoy.org> Thu, 30 Mar 2006 12:23:16 +0200
+
+libdumb (1:0.9.3-1) unstable; urgency=low
+
+ * New upstream release.
+ * debian/control:
+ + Set policy to 3.6.2.1.
+ + Bumped soname due to API changes.
+ + Build-depend on liballegro 4.2 instead of 4.1.
+ * debian/rules:
+ + Replace DH_COMPAT with debian/compat and set its level to 4.
+
+ -- Sam Hocevar (Debian packages) <sam+deb@zoy.org> Mon, 14 Nov 2005 11:31:04 +0100
+
+libdumb (1:0.9.2-5) unstable; urgency=low
+
+ * debian/control:
+ + Set policy to 3.6.1.1.
+ + Removed leading "the" in short descriptions.
+
+ -- Sam Hocevar (Debian packages) <sam+deb@zoy.org> Fri, 23 Jul 2004 13:23:09 +0200
+
+libdumb (1:0.9.2-4) unstable; urgency=low
+
+ * Removed libc6-dev from the -dev packages' dependencies.
+ * Set policy to 3.5.10.
+
+ -- Sam Hocevar (Debian packages) <sam+deb@zoy.org> Sat, 31 May 2003 00:43:41 +0200
+
+libdumb (1:0.9.2-3) unstable; urgency=high
+
+ * Upload with urgency=high so that libdumb enters testing ASAP (packages
+ are identical to the ones in testing except the source package name) and
+ we can remove "dumb".
+
+ -- Samuel Hocevar <sam@zoy.org> Thu, 22 May 2003 12:30:42 +0200
+
+libdumb (1:0.9.2-2) unstable; urgency=low
+
+ * Skipped version number to avoid package name conflicts in pool.
+
+ -- Samuel Hocevar <sam@zoy.org> Thu, 22 May 2003 12:30:41 +0200
+
+libdumb (1:0.9.2-1) unstable; urgency=low
+
+ * Renamed the source package to libdumb to fix a name collision.
+
+ -- Samuel Hocevar <sam@zoy.org> Sun, 11 May 2003 19:28:31 +0200
+
+dumb (0.9.2-2) unstable; urgency=low
+
+ * Fixed the library naming scheme.
+
+ -- Samuel Hocevar <sam@zoy.org> Sun, 27 Apr 2003 20:21:13 +0200
+
+dumb (0.9.2-1) unstable; urgency=low
+
+ * First Debian release (Closes: #190422).
+
+ -- Samuel Hocevar <sam@zoy.org> Wed, 23 Apr 2003 19:06:43 +0200
+
--- libdumb-0.9.3.orig/debian/copyright
+++ libdumb-0.9.3/debian/copyright
@@ -0,0 +1,48 @@
+This package was debianized by Sam Hocevar <sam@zoy.org> on
+Wed, 23 Apr 2003 19:01:58 +0200.
+
+It was downloaded from http://dumb.sourceforge.net/
+
+
+Upstream Authors: Ben Davis <entheh@users.sf.net>
+ Robert J Ohannessian
+ Julien Cugniere
+
+Copyright (C) 2001-2003 Ben Davis, Robert J Ohannessian and Julien Cugniere
+
+This software is provided 'as-is', without any express or implied warranty.
+In no event shall the authors be held liable for any damages arising from the
+use of this software.
+
+Permission is granted to anyone to use this software for any purpose,
+including commercial applications, and to alter it and redistribute it
+freely, subject to the following restrictions:
+
+1. The origin of this software must not be misrepresented; you must not claim
+ that you wrote the original software. If you use this software in a
+ product, you are requested to acknowledge its use in the product
+ documentation, along with details on where to get an unmodified version of
+ this software, but this is not a strict requirement.
+
+ [Note that the above point asks for a link to DUMB, not just a mention.
+ Googling for DUMB doesn't help much! The URL is "http://dumb.sf.net/".]
+
+ [The only reason why the link is not strictly required is that such a
+ requirement prevents DUMB from being used in projects with certain other
+ licences, notably the GPL. See http://www.gnu.org/philosophy/bsd.html .]
+
+2. Altered source versions must be plainly marked as such, and must not be
+ misrepresented as being the original software.
+
+3. This notice may not be removed from or altered in any source distribution.
+
+4. If you are using the Program in someone else's bedroom at any Monday
+ 3:05 PM, you are not allowed to modify the Program for ten minutes. [This
+ clause provided by Inphernic; every licence should contain at least one
+ clause, the reasoning behind which is far from obvious.]
+
+[Note: clause 4 was resigned after a quick IRC talk with the author]
+
+[Note 2: if I did not mention /usr/share/common-licenses here, lintian
+ would complain because he found the words "GPL" above, but this
+ software is not GPL. It is GPL-compatible, though.]
--- libdumb-0.9.3.orig/debian/control
+++ libdumb-0.9.3/debian/control
@@ -0,0 +1,64 @@
+Source: libdumb
+Section: libs
+Priority: optional
+Maintainer: Debian allegro packages maintainers <pkg-allegro-maintainers@lists.alioth.debian.org>
+Uploaders: Sam Hocevar (Debian packages) <sam+deb@zoy.org>
+Build-Depends: debhelper (>= 4.0), quilt, liballegro4.2-dev (>= 2:4.2.0-4)
+Standards-Version: 3.7.2
+
+Package: libdumb1
+Section: libs
+Architecture: any
+Depends: ${shlibs:Depends}
+Description: dynamic universal music bibliotheque
+ DUMB is a tracker library with support for IT, XM, S3M and MOD files. It
+ targets maximum accuracy to the original formats, with low-pass resonant
+ filters for the IT files, accurate timing and pitching, and three resampling
+ quality settings (aliasing, linear interpolation and cubic interpolation).
+ .
+ This package contains the libdumb1 runtime library, a standalone library
+ for module playback. If you plan to use the Allegro library with your
+ project, please consider the libaldmb1 library.
+
+Package: libdumb1-dev
+Section: libdevel
+Architecture: any
+Depends: libdumb1 (= ${Source-Version})
+Conflicts: libdumb0-dev
+Description: development files for libdumb1
+ DUMB is a tracker library with support for IT, XM, S3M and MOD files. It
+ targets maximum accuracy to the original formats, with low-pass resonant
+ filters for the IT files, accurate timing and pitching, and three resampling
+ quality settings (aliasing, linear interpolation and cubic interpolation).
+ .
+ This package contains the header files and static library needed to
+ compile applications that use libdumb1.
+
+Package: libaldmb1
+Section: libs
+Architecture: any
+Depends: ${shlibs:Depends}
+Description: dynamic universal music bibliotheque, Allegro version
+ DUMB is a tracker library with support for IT, XM, S3M and MOD files. It
+ targets maximum accuracy to the original formats, with low-pass resonant
+ filters for the IT files, accurate timing and pitching, and three resampling
+ quality settings (aliasing, linear interpolation and cubic interpolation).
+ .
+ This package contains the libaldmb1 runtime library, a library for module
+ playback that uses the Allegro library. If you do not plan to use Allegro
+ with your project, please consider the libdumb1 library.
+
+Package: libaldmb1-dev
+Section: libdevel
+Architecture: any
+Depends: libaldmb1 (= ${Source-Version}), libdumb1-dev, liballegro4.2-dev
+Conflicts: libaldmb0-dev
+Description: development files for libaldmb1
+ DUMB is a tracker library with support for IT, XM, S3M and MOD files. It
+ targets maximum accuracy to the original formats, with low-pass resonant
+ filters for the IT files, accurate timing and pitching, and three resampling
+ quality settings (aliasing, linear interpolation and cubic interpolation).
+ .
+ This package contains the header files and static library needed to
+ compile applications that use libaldmb1.
+
--- libdumb-0.9.3.orig/debian/rules
+++ libdumb-0.9.3/debian/rules
@@ -0,0 +1,110 @@
+#!/usr/bin/make -f
+# debian/rules for libdumb - uses debhelper.
+
+# Uncomment this to turn on verbose mode.
+#export DH_VERBOSE=1
+
+# Compilation options
+export CONFIG_FLAGS="--prefix=/usr"
+
+build: build-stamp
+build-stamp:
+ dh_testdir
+ dh_clean -k
+ QUILT_PATCHES=debian/patches quilt push -a || test $$? = 2
+ dh_installdirs -p libdumb1 usr/lib usr/share/doc/libdumb1
+ dh_installdirs -p libdumb1-dev usr/lib usr/include usr/share/doc
+ dh_installdirs -p libaldmb1 usr/lib usr/share/doc/libaldmb1
+ dh_installdirs -p libaldmb1-dev usr/lib usr/include usr/share/doc
+
+ echo 'include make/unix.inc' > make/config.txt
+ echo 'ALL_TARGETS := core core-examples core-headers' >> make/config.txt
+ echo 'ALL_TARGETS += allegro allegro-examples allegro-headers' >> make/config.txt
+ echo 'PREFIX := /usr' >> make/config.txt
+
+ mkdir -p obj/unix/release/
+ mkdir -p lib/unix/
+
+ $(MAKE) lib/unix/libdumb.a
+ $(MAKE) lib/unix/libaldmb.a
+
+ cp lib/unix/libdumb.a debian/libdumb1-dev/usr/lib/
+ cp lib/unix/libaldmb.a debian/libaldmb1-dev/usr/lib/
+
+ $(MAKE) clean
+
+ $(MAKE) lib/unix/libdumb.a CFLAGS_EXTRA=-fPIC
+ $(MAKE) lib/unix/libaldmb.a CFLAGS_EXTRA=-fPIC
+
+ $(CC) -Wl,-soname,libdumb.so.1 -shared `sed -ne '/^CORE_MODULES :=/,/c$$/p' < Makefile | sed -e 's,\\\\,,' -e 's,.*/\\(.*\\)\\.c,obj/unix/release/\\1.o,' | tail -n +2` -o debian/libdumb1/usr/lib/libdumb.so.1.0.0 -lm -lc
+ ln -s libdumb.so.1.0.0 debian/libdumb1/usr/lib/libdumb.so
+ $(CC) -Wl,-soname,libaldmb.so.1 -shared `sed -ne '/^ALLEGRO_MODULES :=/,/c$$/p' < Makefile | sed -e 's,\\\\,,' -e 's,.*/\\(.*\\)\\.c,obj/unix/release/\\1.o,' | tail -n +2` -o debian/libaldmb1/usr/lib/libaldmb.so.1.0.0 -Ldebian/libdumb1/usr/lib/ -ldumb `allegro-config --libs` -lm -lc
+ rm -f debian/libdumb1/usr/lib/libdumb.so
+
+ touch build-stamp
+
+clean:
+ dh_testdir
+ dh_testroot
+ rm -f build-stamp
+ -$(MAKE) veryclean
+ QUILT_PATCHES=debian/patches quilt pop -a -R || test $$? = 2
+ rm -f `find -name '*.a'` make/dumbask make/config.txt
+ rm -Rf obj/unix/release/ lib/unix/
+
+ dh_clean
+
+install: build
+ dh_testdir
+ dh_testroot
+
+ ln -s libdumb.so.1.0.0 debian/libdumb1/usr/lib/libdumb.so.1
+ ln -s libaldmb.so.1.0.0 debian/libaldmb1/usr/lib/libaldmb.so.1
+ ln -s libdumb.so.1 debian/libdumb1-dev/usr/lib/libdumb.so
+ cp include/dumb.h debian/libdumb1-dev/usr/include
+ ln -s libaldmb.so.1 debian/libaldmb1-dev/usr/lib/libaldmb.so
+ cp include/aldumb.h debian/libaldmb1-dev/usr/include
+
+ ln -s libdumb1 debian/libdumb1-dev/usr/share/doc/libdumb1-dev
+ ln -s libaldmb1 debian/libaldmb1-dev/usr/share/doc/libaldmb1-dev
+
+# Build architecture-independent files here.
+binary-indep: build install
+# We have nothing to do by default.
+
+# Build architecture-dependent files here.
+binary-arch: build install
+# dh_testversion
+ dh_testdir
+ dh_testroot
+# dh_installdebconf
+ dh_installdocs -p libdumb1 readme.txt docs
+ dh_installdocs -p libaldmb1 readme.txt docs
+ dh_installexamples -p libdumb1 examples/*
+ dh_installexamples -p libaldmb1 examples/*
+# dh_installmenu
+# dh_installemacsen
+# dh_installpam
+# dh_installinit
+# dh_installcron
+# dh_installman
+# dh_installinfo
+# dh_undocumented
+ dh_installchangelogs -p libdumb1 release.txt
+ dh_installchangelogs -p libaldmb1 release.txt
+ dh_link
+ dh_strip
+ dh_compress -X examples/
+ dh_fixperms
+ dh_makeshlibs
+ dh_installdeb
+# dh_perl
+
+ dh_shlibdeps
+ dh_gencontrol
+ dh_md5sums
+ dh_builddeb
+
+binary: binary-indep binary-arch
+.PHONY: build clean binary-indep binary-arch binary install
+
![[patchlogo]](http://patch-tracker.debian.org/static/img/swirlpatch.png)