rpms/gegl/devel gegl-0.1.2-buffer-save-overflow.patch, NONE, 1.1 gegl.spec, 1.25, 1.26

Wed Feb 17 16:06:09 UTC 2010

Author: nphilipp

Update of /cvs/pkgs/rpms/gegl/devel
In directory cvs1.fedora.phx.redhat.com:/tmp/cvs-serv9479

Modified Files:
	gegl.spec 
Added Files:
	gegl-0.1.2-buffer-save-overflow.patch 
Log Message:
avoid buffer overflow in gegl_buffer_header_init()
correct gegl library version, use macro for it


gegl-0.1.2-buffer-save-overflow.patch:
 gegl-buffer-save.c |    3 +--
 1 file changed, 1 insertion(+), 2 deletions(-)

--- NEW FILE gegl-0.1.2-buffer-save-overflow.patch ---
>From 6ed206a3f38a1bc5af315b2794d26392d45ba434 Mon Sep 17 00:00:00 2001
From: Nils Philippsen <nils at redhat.com>
Date: Wed, 17 Feb 2010 11:40:31 +0100
Subject: [PATCH] avoid buffer overflow in gegl_buffer_header_init()

Use memcpy() instead of strcpy() as the target is not a zero-terminated
string.
---
 gegl/buffer/gegl-buffer-save.c |    2 +-
 1 files changed, 1 insertions(+), 1 deletions(-)

diff --git a/gegl/buffer/gegl-buffer-save.c b/gegl/buffer/gegl-buffer-save.c
index 85c7894..aff175c 100644
--- a/gegl/buffer/gegl-buffer-save.c
+++ b/gegl/buffer/gegl-buffer-save.c
@@ -196,7 +196,7 @@ gegl_buffer_header_init (GeglBufferHeader *header,
                          gint              bpp,
                          Babl*             format)
 {
-  strcpy (header->magic, "GEGL");
+  memcpy (header->magic, "GEGL", 4);
 
   header->flags = GEGL_FLAG_HEADER;
   header->tile_width  = tile_width;
-- 
1.6.6



Index: gegl.spec
===================================================================
RCS file: /cvs/pkgs/rpms/gegl/devel/gegl.spec,v
retrieving revision 1.25
retrieving revision 1.26
diff -u -p -r1.25 -r1.26
--- gegl.spec	16 Feb 2010 16:17:49 -0000	1.25
+++ gegl.spec	17 Feb 2010 16:06:09 -0000	1.26
@@ -1,3 +1,5 @@
+%global gegl_lib_version 0.1
+
 Summary:	A graph based image processing framework
 Name:		gegl
 Version:	0.1.2
@@ -10,6 +12,8 @@ Source0:	ftp://ftp.gtk.org/pub/gegl/0.1/
 # backported git commit fc207f85521c3939600bd3e5a337c6ed2dfaa950
 # "process: don't leak each node set on a GeglProcessor"
 Patch0:     gegl-0.1.2-processor-leak.patch
+# avoid buffer overflow in gegl_buffer_header_init()
+Patch1:     gegl-0.1.2-buffer-save-overflow.patch
 BuildRoot:	%{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n)
 BuildRequires:	asciidoc
 BuildRequires:	babl-devel >= 0.1.0
@@ -55,6 +59,7 @@ developing with %{name}.
 chmod -x docs/devhelp.css operations/external/ff-load.c operations/workshop/external/ff-save.c operations/common/perlin/perlin.?
 
 %patch0 -p1 -b .processor-leak
+%patch1 -p1 -b .buffer-save-overflow
 
 %build
 %configure				\
@@ -80,7 +85,7 @@ rm -rf %{buildroot}
 make DESTDIR=%{buildroot} install INSTALL='install -p'
 
 rm -f %{buildroot}%{_libdir}/*.la
-rm -f %{buildroot}%{_libdir}/gegl-0.0/*.la
+rm -f %{buildroot}%{_libdir}/gegl-%{gegl_lib_version}/*.la
 
 %check
 make check
@@ -97,17 +102,21 @@ rm -rf %{buildroot}
 %doc AUTHORS ChangeLog COPYING COPYING.LESSER NEWS README
 %{_bindir}/gegl
 %{_libdir}/*.so.*
-%{_libdir}/gegl-0.0/
+%{_libdir}/gegl-%{gegl_lib_version}/
 
 %files devel
 %defattr(-, root, root, -)
 %doc %{_datadir}/gtk-doc/html/gegl/
-%{_includedir}/gegl-0.0/
+%{_includedir}/gegl-%{gegl_lib_version}/
 %{_libdir}/*.so
 %{_libdir}/pkgconfig/%{name}.pc
 
 %changelog
-* Tue Feb 16 2010 Nils Philippsen <nils at redhat.com> - 0.1.2-1
+* Wed Feb 17 2010 Nils Philippsen <nils at redhat.com> - 0.1.2-1
+- avoid buffer overflow in gegl_buffer_header_init()
+- correct gegl library version, use macro for it
+
+* Tue Feb 16 2010 Nils Philippsen <nils at redhat.com>
 - version 0.1.2
 - remove obsolete cflags, babl-instrumentation, autoreconf patches
 - backported: don't leak each node set on a GeglProcessor

