rpms/wine/FC-4 wine-CVE-2005-4560.patch,NONE,1.1 wine.spec,1.7,1.8

Andreas Bierfert (awjb) fedora-extras-commits at redhat.com
Sun Jan 8 09:06:46 UTC 2006 

Author: awjb

Update of /cvs/extras/rpms/wine/FC-4
In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv828/FC-4

Modified Files:
	wine.spec 
Added Files:
	wine-CVE-2005-4560.patch 
Log Message:
- fix CVE-2005-4560


wine-CVE-2005-4560.patch:

--- NEW FILE wine-CVE-2005-4560.patch ---
===================================================================
RCS file: /home/wine/wine/dlls/gdi/metafile.c,v
retrieving revision 1.11
retrieving revision 1.12
diff -u -p -r1.11 -r1.12
--- wine/dlls/gdi/metafile.c	2006/01/03 12:43:52	1.11
+++ wine/dlls/gdi/metafile.c	2006/01/06 20:52:46	1.12
@@ -863,6 +863,13 @@ BOOL WINAPI PlayMetaFileRecord( HDC hdc,
         break;
 
     case META_ESCAPE:
+        switch (mr->rdParm[0]) {
+        case GETSCALINGFACTOR: /* get function ... would just NULL dereference */
+             return FALSE;
+        case SETABORTPROC:
+             FIXME("Filtering Escape(SETABORTPROC), possible virus?\n");
+             return FALSE;
+        }
         Escape(hdc, mr->rdParm[0], mr->rdParm[1], (LPCSTR)&mr->rdParm[2], NULL);
         break;


Index: wine.spec
===================================================================
RCS file: /cvs/extras/rpms/wine/FC-4/wine.spec,v
retrieving revision 1.7
retrieving revision 1.8
diff -u -r1.7 -r1.8
--- wine.spec	6 Jan 2006 11:01:00 -0000	1.7
+++ wine.spec	8 Jan 2006 09:06:46 -0000	1.8
@@ -1,6 +1,6 @@
 Name:		wine
 Version:	0.9.5
-Release:	1%{?dist}
+Release:	2%{?dist}
 Summary:	A Windows 16/32/64 bit emulator
 
 Group:		Applications/Emulators
@@ -19,6 +19,9 @@
 Source105:      wine-winemine.desktop
 Source106:      wine-winhelp.desktop
 Patch2:		wine-20050524-generated.patch
+# CVS-2005-4560 wmf exploit from wine cvs
+# http://cvs.winehq.org/cvsweb/wine/dlls/gdi/metafile.c.diff?r1=text&tr1=1.11&r2=text&tr2=1.12
+Patch100:       wine-CVE-2005-4560.patch
 Buildroot:      %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n)
 
 ExclusiveArch:  %{ix86}
@@ -45,6 +48,7 @@
 BuildRequires:  zlib-devel
 BuildRequires:  desktop-file-utils
 BuildRequires:  fontforge
+BuildRequires:  cups-devel
 
 Requires(post): /sbin/ldconfig, /sbin/chkconfig, /sbin/service,
 Requires(post): /usr/bin/update-desktop-database
@@ -143,6 +147,7 @@
 %prep
 %setup -q
 %patch2 -p1 -b .generated
+%patch100 -p1
 autoconf
 
 %build
@@ -675,6 +680,11 @@
 %{_libdir}/wine/*.def
 
 %changelog
+* Sun Jan 08 2006 Andreas Bierfert <andreas.bierfert[AT]lowlatency.de>
+0.9.5-2
+- fix for CVE-2005-4560
+- add fix BR from devel
+
 * Fri Jan 06 2006 Andreas Bierfert <andreas.bierfert[AT]lowlatency.de>
 0.9.5-1
 - version upgrade

More information about the fedora-extras-commits mailing list