[lib3ds/f12/master] - Address https://bugzilla.redhat.com/show_bug.cgi?id=633475 (CVE-2010-0280). - Adopt Debian patch t
corsepiu
corsepiu at fedoraproject.org
Tue Sep 14 13:06:19 UTC 2010
commit 1a667f6ff1141934d5e7671c8e3d20775396170d
Author: Ralf Corsépius <corsepiu at fedoraproject.org>
Date: Tue Sep 14 15:06:08 2010 +0200
- Address https://bugzilla.redhat.com/show_bug.cgi?id=633475 (CVE-2010-0280).
- Adopt Debian patch to add missing decl.
lib3ds-1.3.0-lib3ds-file.h.diff | 10 +++++++++
lib3ds-1.3.0-lib3ds-mesh.c.diff | 17 +++++++++++++++
lib3ds.spec | 43 ++++++++++++++------------------------
3 files changed, 43 insertions(+), 27 deletions(-)
---
diff --git a/lib3ds-1.3.0-lib3ds-file.h.diff b/lib3ds-1.3.0-lib3ds-file.h.diff
new file mode 100644
index 0000000..24af7b5
--- /dev/null
+++ b/lib3ds-1.3.0-lib3ds-file.h.diff
@@ -0,0 +1,10 @@
+--- lib3ds-1.3.0.orig/lib3ds/file.h
++++ lib3ds-1.3.0/lib3ds/file.h
+@@ -98,6 +98,7 @@
+ extern LIB3DSAPI void lib3ds_file_bounding_box_of_objects(Lib3dsFile *file, Lib3dsBool include_meshes, Lib3dsBool include_cameras, Lib3dsBool include_lights, Lib3dsVector bmin, Lib3dsVector bmax);
+ extern LIB3DSAPI void lib3ds_file_bounding_box_of_nodes(Lib3dsFile *file, Lib3dsBool include_meshes, Lib3dsBool include_cameras, Lib3dsBool include_lights, Lib3dsVector bmin, Lib3dsVector bmax);
+ extern LIB3DSAPI void lib3ds_file_dump_nodes(Lib3dsFile *file);
++extern LIB3DSAPI void lib3ds_file_bounding_box(Lib3dsFile *file, Lib3dsVector min, Lib3dsVector max);
+
+ #ifdef __cplusplus
+ }
diff --git a/lib3ds-1.3.0-lib3ds-mesh.c.diff b/lib3ds-1.3.0-lib3ds-mesh.c.diff
new file mode 100644
index 0000000..1455660
--- /dev/null
+++ b/lib3ds-1.3.0-lib3ds-mesh.c.diff
@@ -0,0 +1,17 @@
+diff -Naur lib3ds-1.3.0.orig/lib3ds/mesh.c lib3ds-1.3.0/lib3ds/mesh.c
+--- lib3ds-1.3.0.orig/lib3ds/mesh.c 2007-06-20 19:04:08.000000000 +0200
++++ lib3ds-1.3.0/lib3ds/mesh.c 2010-09-14 06:34:39.987807911 +0200
+@@ -87,8 +87,11 @@
+ faces=lib3ds_io_read_word(io);
+ for (i=0; i<faces; ++i) {
+ index=lib3ds_io_read_word(io);
+- ASSERT(index<mesh->faces);
+- strcpy(mesh->faceL[index].material, name);
++ if (index<mesh->faces) {
++ strncpy(mesh->faceL[index].material, name, 64);
++ } else {
++ // TODO warning
++ }
+ }
+ }
+ break;
diff --git a/lib3ds.spec b/lib3ds.spec
index 23c1457..c35e223 100644
--- a/lib3ds.spec
+++ b/lib3ds.spec
@@ -1,6 +1,6 @@
Name: lib3ds
Version: 1.3.0
-Release: 7%{?dist}
+Release: 9%{?dist}
Summary: 3D Studio file format library
@@ -8,8 +8,12 @@ Group: System Environment/Libraries
License: LGPLv2+
URL: http://lib3ds.sourceforge.net
Source: http://downloads.sourceforge.net/lib3ds/lib3ds-%{version}.zip
+# Extracted from Debian's lib3ds_1.3.0-1.diff.gz
+Patch0: lib3ds-1.3.0-lib3ds-file.h.diff
+# Address https://bugzilla.redhat.com/show_bug.cgi?id=633475
+Patch1: lib3ds-1.3.0-lib3ds-mesh.c.diff
+
Patch2: lib3ds-1.2.0-pkgconfig.diff
-Patch3: lib3ds-1.3.0-3ds2m.diff
BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n)
@@ -37,10 +41,6 @@ Some tools to process 3ds files.
%doc AUTHORS COPYING ChangeLog README
%{_bindir}/3dsdump
%{_mandir}/man1/3dsdump.1*
-%if 0%{?fedora} < 9
-%{_bindir}/3ds2m
-%{_mandir}/man1/3ds2m.1*
-%endif
%package devel
Summary: %summary
@@ -51,29 +51,16 @@ Requires: lib3ds = %{version}-%{release}
%description devel
Development files for lib3ds
-%if 0%{?fedora} < 9
-%package static
-Summary: %summary
-Group: Development/Libraries
-Requires: lib3ds-devel = %{version}-%{release}
-
-%description static
-Static development files for lib3ds
-%endif
%prep
%setup -q
+%patch0 -p1
+%patch1 -p1
%patch2 -p1
-%if 0%{?fedora} < 9
-%patch3 -p1
-%endif
%build
-%configure \
-%if 0%{?fedora} >= 9
- --disable-static
-%endif
+%configure --disable-static
make %{?_smp_mflags}
@@ -107,11 +94,6 @@ rm -rf $RPM_BUILD_ROOT
%postun -p /sbin/ldconfig
-%if 0%{?fedora} < 9
-%files static
-%{_libdir}/*.a
-%endif
-
%files devel
%defattr(-,root,root,-)
@@ -123,6 +105,13 @@ rm -rf $RPM_BUILD_ROOT
%{_datadir}/aclocal/*
%changelog
+* Tue Sep 14 2010 Ralf Corsépius <corsepiu at fedoraproject> - 1.3.0-9
+- Address https://bugzilla.redhat.com/show_bug.cgi?id=633475 (CVE-2010-0280).
+- Adopt Debian patch to add missing decl.
+
+* Tue May 11 2010 Ralf Corsépius <corsepiu at fedoraproject> - 1.3.0-8
+- Adopt EPEL spec cleanup.
+
* Fri Jul 24 2009 Fedora Release Engineering <rel-eng at lists.fedoraproject.org> - 1.3.0-7
- Rebuilt for https://fedoraproject.org/wiki/Fedora_12_Mass_Rebuild
More information about the scm-commits
mailing list