rpms/gegl/devel gegl-0.1.2-buffer-save-overflow.patch, NONE, 1.1 gegl.spec, 1.25, 1.26
Nils Philippsen
nphilipp at fedoraproject.org
Wed Feb 17 16:06:09 UTC 2010
Author: nphilipp
Update of /cvs/pkgs/rpms/gegl/devel
In directory cvs1.fedora.phx.redhat.com:/tmp/cvs-serv9479
Modified Files:
gegl.spec
Added Files:
gegl-0.1.2-buffer-save-overflow.patch
Log Message:
avoid buffer overflow in gegl_buffer_header_init()
correct gegl library version, use macro for it
gegl-0.1.2-buffer-save-overflow.patch:
gegl-buffer-save.c | 3 +--
1 file changed, 1 insertion(+), 2 deletions(-)
--- NEW FILE gegl-0.1.2-buffer-save-overflow.patch ---
>From 6ed206a3f38a1bc5af315b2794d26392d45ba434 Mon Sep 17 00:00:00 2001
From: Nils Philippsen <nils at redhat.com>
Date: Wed, 17 Feb 2010 11:40:31 +0100
Subject: [PATCH] avoid buffer overflow in gegl_buffer_header_init()
Use memcpy() instead of strcpy() as the target is not a zero-terminated
string.
---
gegl/buffer/gegl-buffer-save.c | 2 +-
1 files changed, 1 insertions(+), 1 deletions(-)
diff --git a/gegl/buffer/gegl-buffer-save.c b/gegl/buffer/gegl-buffer-save.c
index 85c7894..aff175c 100644
--- a/gegl/buffer/gegl-buffer-save.c
+++ b/gegl/buffer/gegl-buffer-save.c
@@ -196,7 +196,7 @@ gegl_buffer_header_init (GeglBufferHeader *header,
gint bpp,
Babl* format)
{
- strcpy (header->magic, "GEGL");
+ memcpy (header->magic, "GEGL", 4);
header->flags = GEGL_FLAG_HEADER;
header->tile_width = tile_width;
--
1.6.6
Index: gegl.spec
===================================================================
RCS file: /cvs/pkgs/rpms/gegl/devel/gegl.spec,v
retrieving revision 1.25
retrieving revision 1.26
diff -u -p -r1.25 -r1.26
--- gegl.spec 16 Feb 2010 16:17:49 -0000 1.25
+++ gegl.spec 17 Feb 2010 16:06:09 -0000 1.26
@@ -1,3 +1,5 @@
+%global gegl_lib_version 0.1
+
Summary: A graph based image processing framework
Name: gegl
Version: 0.1.2
@@ -10,6 +12,8 @@ Source0: ftp://ftp.gtk.org/pub/gegl/0.1/
# backported git commit fc207f85521c3939600bd3e5a337c6ed2dfaa950
# "process: don't leak each node set on a GeglProcessor"
Patch0: gegl-0.1.2-processor-leak.patch
+# avoid buffer overflow in gegl_buffer_header_init()
+Patch1: gegl-0.1.2-buffer-save-overflow.patch
BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n)
BuildRequires: asciidoc
BuildRequires: babl-devel >= 0.1.0
@@ -55,6 +59,7 @@ developing with %{name}.
chmod -x docs/devhelp.css operations/external/ff-load.c operations/workshop/external/ff-save.c operations/common/perlin/perlin.?
%patch0 -p1 -b .processor-leak
+%patch1 -p1 -b .buffer-save-overflow
%build
%configure \
@@ -80,7 +85,7 @@ rm -rf %{buildroot}
make DESTDIR=%{buildroot} install INSTALL='install -p'
rm -f %{buildroot}%{_libdir}/*.la
-rm -f %{buildroot}%{_libdir}/gegl-0.0/*.la
+rm -f %{buildroot}%{_libdir}/gegl-%{gegl_lib_version}/*.la
%check
make check
@@ -97,17 +102,21 @@ rm -rf %{buildroot}
%doc AUTHORS ChangeLog COPYING COPYING.LESSER NEWS README
%{_bindir}/gegl
%{_libdir}/*.so.*
-%{_libdir}/gegl-0.0/
+%{_libdir}/gegl-%{gegl_lib_version}/
%files devel
%defattr(-, root, root, -)
%doc %{_datadir}/gtk-doc/html/gegl/
-%{_includedir}/gegl-0.0/
+%{_includedir}/gegl-%{gegl_lib_version}/
%{_libdir}/*.so
%{_libdir}/pkgconfig/%{name}.pc
%changelog
-* Tue Feb 16 2010 Nils Philippsen <nils at redhat.com> - 0.1.2-1
+* Wed Feb 17 2010 Nils Philippsen <nils at redhat.com> - 0.1.2-1
+- avoid buffer overflow in gegl_buffer_header_init()
+- correct gegl library version, use macro for it
+
+* Tue Feb 16 2010 Nils Philippsen <nils at redhat.com>
- version 0.1.2
- remove obsolete cflags, babl-instrumentation, autoreconf patches
- backported: don't leak each node set on a GeglProcessor
More information about the scm-commits
mailing list