[plib] Fix a bufferoverflow in ulSetError() (CVE-2011-4620)

Hans de Goede jwrdegoede at fedoraproject.org
Tue Dec 27 14:51:46 UTC 2011 

commit b24a9a6ef70b873e21740b03e2f1eb5707da31d1
Author: Hans de Goede <hdegoede at redhat.com>
Date:   Tue Dec 27 15:53:16 2011 +0100

    Fix a bufferoverflow in ulSetError() (CVE-2011-4620)

 plib-1.8.5-CVE-2011-4620.patch |   12 ++++++++++++
 plib.spec                      |   15 ++++++---------
 2 files changed, 18 insertions(+), 9 deletions(-)
---
diff --git a/plib-1.8.5-CVE-2011-4620.patch b/plib-1.8.5-CVE-2011-4620.patch
new file mode 100644
index 0000000..faf49a1
--- /dev/null
+++ b/plib-1.8.5-CVE-2011-4620.patch
@@ -0,0 +1,12 @@
+diff -up plib-1.8.5/src/util/ulError.cxx~ plib-1.8.5/src/util/ulError.cxx
+--- plib-1.8.5/src/util/ulError.cxx~	2008-03-11 03:06:23.000000000 +0100
++++ plib-1.8.5/src/util/ulError.cxx	2011-12-27 15:38:25.305676650 +0100
+@@ -39,7 +39,7 @@ void ulSetError ( enum ulSeverity severi
+ {
+   va_list argp;
+   va_start ( argp, fmt ) ;
+-  vsprintf ( _ulErrorBuffer, fmt, argp ) ;
++  vsnprintf ( _ulErrorBuffer, sizeof(_ulErrorBuffer), fmt, argp ) ;
+   va_end ( argp ) ;
+  
+   if ( _ulErrorCB )
diff --git a/plib.spec b/plib.spec
index b43ab99..930ec6c 100644
--- a/plib.spec
+++ b/plib.spec
@@ -1,6 +1,6 @@
 Name:           plib
 Version:        1.8.5
-Release:        4%{?dist}
+Release:        5%{?dist}
 Summary:        Set of portable libraries especially useful for games
 Group:          System Environment/Libraries
 License:        LGPLv2+
@@ -8,7 +8,7 @@ URL:            http://plib.sourceforge.net/
 Source:         http://plib.sourceforge.net/dist/plib-%{version}.tar.gz
 Patch1:         plib-1.8.4-fullscreen.patch
 Patch3:         plib-1.8.4-autorepeat.patch
-BuildRoot:      %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n)
+Patch4:         plib-1.8.5-CVE-2011-4620.patch
 BuildRequires:  freeglut-devel libpng-devel libXext-devel libXi-devel
 Buildrequires:  libXmu-devel libSM-devel libXxf86vm-devel
 
@@ -35,6 +35,7 @@ or compile programs that use plib.
 %setup -q
 %patch1 -p1 -b .fs
 %patch3 -p1 -b .autorepeat
+%patch4 -p1
 # for some reason this file has its x permission sets, which makes rpmlint cry
 chmod -x src/sg/sgdIsect.cxx
 
@@ -72,7 +73,6 @@ done
 
 
 %install
-rm -rf $RPM_BUILD_ROOT
 make install DESTDIR=$RPM_BUILD_ROOT
 # we don't want the static libs
 rm $RPM_BUILD_ROOT%{_libdir}/*.a
@@ -80,27 +80,24 @@ rm $RPM_BUILD_ROOT%{_libdir}/*.a
 cp -a `find . -name "libplib*.so*"` $RPM_BUILD_ROOT%{_libdir}
 
 
-%clean
-rm -rf $RPM_BUILD_ROOT
-
-
 %post -p /sbin/ldconfig
 
 %postun -p /sbin/ldconfig
 
 
 %files
-%defattr(-,root,root,-)
 %doc AUTHORS COPYING ChangeLog NOTICE README
 %{_libdir}/libplib*.so.%{version}
 
 %files devel
-%defattr(-,root,root,-)
 %{_includedir}/*
 %{_libdir}/libplib*.so
 
 
 %changelog
+* Tue Dec 27 2011 Hans de Goede <hdegoede at redhat.com> - 1.8.5-5
+- Fix a bufferoverflow in ulSetError() (CVE-2011-4620)
+
 * Wed Feb 09 2011 Fedora Release Engineering <rel-eng at lists.fedoraproject.org> - 1.8.5-4
 - Rebuilt for https://fedoraproject.org/wiki/Fedora_15_Mass_Rebuild

More information about the scm-commits mailing list