rpms/wine/FC-3 wine-CVE-2005-4560.patch,NONE,1.1 wine.spec,1.5,1.6

Andreas Bierfert (awjb) fedora-extras-commits at redhat.com
Sun Jan 8 09:06:39 UTC 2006 

Author: awjb

Update of /cvs/extras/rpms/wine/FC-3
In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv828/FC-3

Modified Files:
	wine.spec 
Added Files:
	wine-CVE-2005-4560.patch 
Log Message:
- fix CVE-2005-4560


wine-CVE-2005-4560.patch:

--- NEW FILE wine-CVE-2005-4560.patch ---
===================================================================
RCS file: /home/wine/wine/dlls/gdi/metafile.c,v
retrieving revision 1.11
retrieving revision 1.12
diff -u -p -r1.11 -r1.12
--- wine/dlls/gdi/metafile.c	2006/01/03 12:43:52	1.11
+++ wine/dlls/gdi/metafile.c	2006/01/06 20:52:46	1.12
@@ -863,6 +863,13 @@ BOOL WINAPI PlayMetaFileRecord( HDC hdc,
         break;
 
     case META_ESCAPE:
+        switch (mr->rdParm[0]) {
+        case GETSCALINGFACTOR: /* get function ... would just NULL dereference */
+             return FALSE;
+        case SETABORTPROC:
+             FIXME("Filtering Escape(SETABORTPROC), possible virus?\n");
+             return FALSE;
+        }
         Escape(hdc, mr->rdParm[0], mr->rdParm[1], (LPCSTR)&mr->rdParm[2], NULL);
         break;


Index: wine.spec
===================================================================
RCS file: /cvs/extras/rpms/wine/FC-3/wine.spec,v
retrieving revision 1.5
retrieving revision 1.6
diff -u -r1.5 -r1.6
--- wine.spec	6 Jan 2006 11:00:54 -0000	1.5
+++ wine.spec	8 Jan 2006 09:06:36 -0000	1.6
@@ -1,6 +1,6 @@
 Name:		wine
 Version:	0.9.5
-Release:	1%{?dist}
+Release:	2%{?dist}
 Summary:	A Windows 16/32/64 bit emulator
 
 Group:		Applications/Emulators
@@ -19,6 +19,8 @@
 Source105:      wine-winemine.desktop
 Source106:      wine-winhelp.desktop
 Patch2:		wine-20050524-generated.patch
+# CVS-2005-4560 wmf exploit
+Patch100:       wine-CVE-2005-4560.patch
 Buildroot:      %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n)
 
 ExclusiveArch:  %{ix86}
@@ -45,6 +47,7 @@
 BuildRequires:  zlib-devel
 BuildRequires:  desktop-file-utils
 BuildRequires:  fontforge
+BuildRequires:  cups-devel
 
 Requires(post): /sbin/ldconfig, /sbin/chkconfig, /sbin/service,
 Requires(post): /usr/bin/update-desktop-database
@@ -143,6 +146,7 @@
 %prep
 %setup -q
 %patch2 -p1 -b .generated
+%patch100 -p1
 autoconf
 
 %build
@@ -675,10 +679,15 @@
 %{_libdir}/wine/*.def
 
 %changelog
+* Sun Jan 08 2006 Andreas Bierfert <andreas.bierfert[AT]lowlatency.de>
+0.9.5-2
+- fix for CVE-2005-4560
+- add fix BR from devel
+
 * Fri Jan 06 2006 Andreas Bierfert <andreas.bierfert[AT]lowlatency.de>
 0.9.5-1
 - version upgrade
-- fix #177089
+- fix #177089 (winemine desktop entry should be in Game not in System)
 
 * Wed Jan 04 2006 Andreas Bierfert <andreas.bierfert[AT]lowlatency.de>
 0.9.4-5

More information about the fedora-extras-commits mailing list