[lib3ds/f14/master] - Address https://bugzilla.redhat.com/show_bug.cgi?id=633475 (CVE-2010-0280). - Adopt Debian patch t
corsepiu
corsepiu at fedoraproject.org
Tue Sep 14 13:03:54 UTC 2010
commit 45466786d10c105b8f956db54138201aabca916f
Author: Ralf Corsépius <corsepiu at fedoraproject.org>
Date: Tue Sep 14 15:03:42 2010 +0200
- Address https://bugzilla.redhat.com/show_bug.cgi?id=633475 (CVE-2010-0280).
- Adopt Debian patch to add missing decl.
lib3ds-1.3.0-lib3ds-file.h.diff | 10 ++++++++++
lib3ds-1.3.0-lib3ds-mesh.c.diff | 17 +++++++++++++++++
lib3ds.spec | 13 ++++++++++++-
3 files changed, 39 insertions(+), 1 deletions(-)
---
diff --git a/lib3ds-1.3.0-lib3ds-file.h.diff b/lib3ds-1.3.0-lib3ds-file.h.diff
new file mode 100644
index 0000000..24af7b5
--- /dev/null
+++ b/lib3ds-1.3.0-lib3ds-file.h.diff
@@ -0,0 +1,10 @@
+--- lib3ds-1.3.0.orig/lib3ds/file.h
++++ lib3ds-1.3.0/lib3ds/file.h
+@@ -98,6 +98,7 @@
+ extern LIB3DSAPI void lib3ds_file_bounding_box_of_objects(Lib3dsFile *file, Lib3dsBool include_meshes, Lib3dsBool include_cameras, Lib3dsBool include_lights, Lib3dsVector bmin, Lib3dsVector bmax);
+ extern LIB3DSAPI void lib3ds_file_bounding_box_of_nodes(Lib3dsFile *file, Lib3dsBool include_meshes, Lib3dsBool include_cameras, Lib3dsBool include_lights, Lib3dsVector bmin, Lib3dsVector bmax);
+ extern LIB3DSAPI void lib3ds_file_dump_nodes(Lib3dsFile *file);
++extern LIB3DSAPI void lib3ds_file_bounding_box(Lib3dsFile *file, Lib3dsVector min, Lib3dsVector max);
+
+ #ifdef __cplusplus
+ }
diff --git a/lib3ds-1.3.0-lib3ds-mesh.c.diff b/lib3ds-1.3.0-lib3ds-mesh.c.diff
new file mode 100644
index 0000000..1455660
--- /dev/null
+++ b/lib3ds-1.3.0-lib3ds-mesh.c.diff
@@ -0,0 +1,17 @@
+diff -Naur lib3ds-1.3.0.orig/lib3ds/mesh.c lib3ds-1.3.0/lib3ds/mesh.c
+--- lib3ds-1.3.0.orig/lib3ds/mesh.c 2007-06-20 19:04:08.000000000 +0200
++++ lib3ds-1.3.0/lib3ds/mesh.c 2010-09-14 06:34:39.987807911 +0200
+@@ -87,8 +87,11 @@
+ faces=lib3ds_io_read_word(io);
+ for (i=0; i<faces; ++i) {
+ index=lib3ds_io_read_word(io);
+- ASSERT(index<mesh->faces);
+- strcpy(mesh->faceL[index].material, name);
++ if (index<mesh->faces) {
++ strncpy(mesh->faceL[index].material, name, 64);
++ } else {
++ // TODO warning
++ }
+ }
+ }
+ break;
diff --git a/lib3ds.spec b/lib3ds.spec
index d6b9a87..c35e223 100644
--- a/lib3ds.spec
+++ b/lib3ds.spec
@@ -1,6 +1,6 @@
Name: lib3ds
Version: 1.3.0
-Release: 8%{?dist}
+Release: 9%{?dist}
Summary: 3D Studio file format library
@@ -8,6 +8,11 @@ Group: System Environment/Libraries
License: LGPLv2+
URL: http://lib3ds.sourceforge.net
Source: http://downloads.sourceforge.net/lib3ds/lib3ds-%{version}.zip
+# Extracted from Debian's lib3ds_1.3.0-1.diff.gz
+Patch0: lib3ds-1.3.0-lib3ds-file.h.diff
+# Address https://bugzilla.redhat.com/show_bug.cgi?id=633475
+Patch1: lib3ds-1.3.0-lib3ds-mesh.c.diff
+
Patch2: lib3ds-1.2.0-pkgconfig.diff
BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n)
@@ -49,6 +54,8 @@ Development files for lib3ds
%prep
%setup -q
+%patch0 -p1
+%patch1 -p1
%patch2 -p1
@@ -98,6 +105,10 @@ rm -rf $RPM_BUILD_ROOT
%{_datadir}/aclocal/*
%changelog
+* Tue Sep 14 2010 Ralf Corsépius <corsepiu at fedoraproject> - 1.3.0-9
+- Address https://bugzilla.redhat.com/show_bug.cgi?id=633475 (CVE-2010-0280).
+- Adopt Debian patch to add missing decl.
+
* Tue May 11 2010 Ralf Corsépius <corsepiu at fedoraproject> - 1.3.0-8
- Adopt EPEL spec cleanup.
More information about the scm-commits
mailing list