apply fix from Michael Karcher to fix CVE-2012-6303 (bz 885893)
This commit is contained in:
parent
cf5d846869
commit
833921df77
|
@ -0,0 +1,19 @@
|
||||||
|
diff -up snack2.2.10/generic/jkSoundFile.c.CVE20126303 snack2.2.10/generic/jkSoundFile.c
|
||||||
|
--- snack2.2.10/generic/jkSoundFile.c.CVE20126303 2013-01-02 11:26:15.496231056 -0500
|
||||||
|
+++ snack2.2.10/generic/jkSoundFile.c 2013-01-02 11:27:26.134250662 -0500
|
||||||
|
@@ -1798,7 +1798,14 @@ static int
|
||||||
|
GetHeaderBytes(Sound *s, Tcl_Interp *interp, Tcl_Channel ch, char *buf,
|
||||||
|
int len)
|
||||||
|
{
|
||||||
|
- int rlen = Tcl_Read(ch, &buf[s->firstNRead], len - s->firstNRead);
|
||||||
|
+ int rlen;
|
||||||
|
+
|
||||||
|
+ if (len > max(CHANNEL_HEADER_BUFFER, HEADBUF)){
|
||||||
|
+ Tcl_AppendResult(interp, "Excessive header size", NULL);
|
||||||
|
+ return TCL_ERROR;
|
||||||
|
+ }
|
||||||
|
+
|
||||||
|
+ rlen = Tcl_Read(ch, &buf[s->firstNRead], len - s->firstNRead);
|
||||||
|
|
||||||
|
if (rlen < len - s->firstNRead){
|
||||||
|
Tcl_AppendResult(interp, "Failed reading header bytes", NULL);
|
|
@ -9,7 +9,7 @@
|
||||||
|
|
||||||
Name: tcl-%{realname}
|
Name: tcl-%{realname}
|
||||||
Version: 2.2.10
|
Version: 2.2.10
|
||||||
Release: 16%{?dist}
|
Release: 17%{?dist}
|
||||||
Summary: Sound toolkit
|
Summary: Sound toolkit
|
||||||
Group: System Environment/Libraries
|
Group: System Environment/Libraries
|
||||||
License: GPLv2+
|
License: GPLv2+
|
||||||
|
@ -25,6 +25,7 @@ Patch0: snack2.2.10-nomp3.patch
|
||||||
Patch1: snack2.2.10-extracflags.patch
|
Patch1: snack2.2.10-extracflags.patch
|
||||||
Patch2: snack2.2.10-shared-stubs.patch
|
Patch2: snack2.2.10-shared-stubs.patch
|
||||||
Patch3: snack2.2.10-newALSA.patch
|
Patch3: snack2.2.10-newALSA.patch
|
||||||
|
Patch4: tcl-snack-2.2.10-CVE-2012-6303-fix.patch
|
||||||
BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n)
|
BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n)
|
||||||
BuildRequires: tcl-devel, tk-devel, libogg-devel, libvorbis-devel
|
BuildRequires: tcl-devel, tk-devel, libogg-devel, libvorbis-devel
|
||||||
BuildRequires: libXft-devel
|
BuildRequires: libXft-devel
|
||||||
|
@ -71,6 +72,7 @@ Tkinter are also required to use Snack.
|
||||||
%patch1 -p1 -b .extracflags
|
%patch1 -p1 -b .extracflags
|
||||||
%patch2 -p1 -b .shared-stubs
|
%patch2 -p1 -b .shared-stubs
|
||||||
%patch3 -p1 -b .newALSA
|
%patch3 -p1 -b .newALSA
|
||||||
|
%patch4 -p1 -b .CVE20126303
|
||||||
chmod -x generic/*.c generic/*.h unix/*.c COPYING README demos/python/*
|
chmod -x generic/*.c generic/*.h unix/*.c COPYING README demos/python/*
|
||||||
iconv -f iso-8859-1 -t utf-8 -o README{.utf8,}
|
iconv -f iso-8859-1 -t utf-8 -o README{.utf8,}
|
||||||
mv README{.utf8,}
|
mv README{.utf8,}
|
||||||
|
@ -126,6 +128,9 @@ rm -rf %{buildroot}
|
||||||
%{python_sitelib}/tkSnack*
|
%{python_sitelib}/tkSnack*
|
||||||
|
|
||||||
%changelog
|
%changelog
|
||||||
|
* Wed Jan 2 2013 Tom Callaway <spot@fedoraproject.org> - 2.2.10-17
|
||||||
|
- apply fix from Michael Karcher to fix CVE-2012-6303 (bz 885893)
|
||||||
|
|
||||||
* Sat Jul 21 2012 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 2.2.10-16
|
* Sat Jul 21 2012 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 2.2.10-16
|
||||||
- Rebuilt for https://fedoraproject.org/wiki/Fedora_18_Mass_Rebuild
|
- Rebuilt for https://fedoraproject.org/wiki/Fedora_18_Mass_Rebuild
|
||||||
|
|
||||||
|
|
Loading…
Reference in New Issue