rpms/wine/FC-4 wine-CVE-2005-4560.patch,NONE,1.1 wine.spec,1.7,1.8
Andreas Bierfert (awjb)
fedora-extras-commits at redhat.com
Sun Jan 8 09:06:46 UTC 2006
Author: awjb
Update of /cvs/extras/rpms/wine/FC-4
In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv828/FC-4
Modified Files:
wine.spec
Added Files:
wine-CVE-2005-4560.patch
Log Message:
- fix CVE-2005-4560
wine-CVE-2005-4560.patch:
--- NEW FILE wine-CVE-2005-4560.patch ---
===================================================================
RCS file: /home/wine/wine/dlls/gdi/metafile.c,v
retrieving revision 1.11
retrieving revision 1.12
diff -u -p -r1.11 -r1.12
--- wine/dlls/gdi/metafile.c 2006/01/03 12:43:52 1.11
+++ wine/dlls/gdi/metafile.c 2006/01/06 20:52:46 1.12
@@ -863,6 +863,13 @@ BOOL WINAPI PlayMetaFileRecord( HDC hdc,
break;
case META_ESCAPE:
+ switch (mr->rdParm[0]) {
+ case GETSCALINGFACTOR: /* get function ... would just NULL dereference */
+ return FALSE;
+ case SETABORTPROC:
+ FIXME("Filtering Escape(SETABORTPROC), possible virus?\n");
+ return FALSE;
+ }
Escape(hdc, mr->rdParm[0], mr->rdParm[1], (LPCSTR)&mr->rdParm[2], NULL);
break;
Index: wine.spec
===================================================================
RCS file: /cvs/extras/rpms/wine/FC-4/wine.spec,v
retrieving revision 1.7
retrieving revision 1.8
diff -u -r1.7 -r1.8
--- wine.spec 6 Jan 2006 11:01:00 -0000 1.7
+++ wine.spec 8 Jan 2006 09:06:46 -0000 1.8
@@ -1,6 +1,6 @@
Name: wine
Version: 0.9.5
-Release: 1%{?dist}
+Release: 2%{?dist}
Summary: A Windows 16/32/64 bit emulator
Group: Applications/Emulators
@@ -19,6 +19,9 @@
Source105: wine-winemine.desktop
Source106: wine-winhelp.desktop
Patch2: wine-20050524-generated.patch
+# CVS-2005-4560 wmf exploit from wine cvs
+# http://cvs.winehq.org/cvsweb/wine/dlls/gdi/metafile.c.diff?r1=text&tr1=1.11&r2=text&tr2=1.12
+Patch100: wine-CVE-2005-4560.patch
Buildroot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n)
ExclusiveArch: %{ix86}
@@ -45,6 +48,7 @@
BuildRequires: zlib-devel
BuildRequires: desktop-file-utils
BuildRequires: fontforge
+BuildRequires: cups-devel
Requires(post): /sbin/ldconfig, /sbin/chkconfig, /sbin/service,
Requires(post): /usr/bin/update-desktop-database
@@ -143,6 +147,7 @@
%prep
%setup -q
%patch2 -p1 -b .generated
+%patch100 -p1
autoconf
%build
@@ -675,6 +680,11 @@
%{_libdir}/wine/*.def
%changelog
+* Sun Jan 08 2006 Andreas Bierfert <andreas.bierfert[AT]lowlatency.de>
+0.9.5-2
+- fix for CVE-2005-4560
+- add fix BR from devel
+
* Fri Jan 06 2006 Andreas Bierfert <andreas.bierfert[AT]lowlatency.de>
0.9.5-1
- version upgrade
More information about the fedora-extras-commits
mailing list