[tremulous] fix #796362 - fixed CVE-2011-2764 and CVE-2011-3012
Jan Kaluža
jkaluza at fedoraproject.org
Thu Feb 23 09:42:19 UTC 2012
commit dc8a083a812eb3a5a72cc14f51589d8b70ca1e5c
Author: Jan Kaluza <hanzz.k at gmail.com>
Date: Thu Feb 23 10:37:17 2012 +0100
fix #796362 - fixed CVE-2011-2764 and CVE-2011-3012
tremulous-1.2.0-dll-overwrite.patch | 60 +++++++++++++++++++++++++++++++++++
tremulous.spec | 7 +++-
2 files changed, 66 insertions(+), 1 deletions(-)
---
diff --git a/tremulous-1.2.0-dll-overwrite.patch b/tremulous-1.2.0-dll-overwrite.patch
new file mode 100644
index 0000000..5be8293
--- /dev/null
+++ b/tremulous-1.2.0-dll-overwrite.patch
@@ -0,0 +1,60 @@
+diff --git a/src/qcommon/files.c b/src/qcommon/files.c
+index 656b8fb..afeeb9b 100644
+--- a/src/qcommon/files.c
++++ b/src/qcommon/files.c
+@@ -531,7 +531,7 @@ static void FS_CheckFilenameIsNotExecutable( const char *filename,
+ const char *function )
+ {
+ // Check if the filename ends with the library extension
+- if( !Q_stricmp( COM_GetExtension( filename ), DLL_EXT ) )
++ if(COM_CompareExtension(filename, DLL_EXT))
+ {
+ Com_Error( ERR_FATAL, "%s: Not allowed to manipulate '%s' due "
+ "to %s extension\n", function, filename, DLL_EXT );
+diff --git a/src/qcommon/q_shared.c b/src/qcommon/q_shared.c
+index 59ddf2e..c6ab101 100644
+--- a/src/qcommon/q_shared.c
++++ b/src/qcommon/q_shared.c
+@@ -97,6 +97,30 @@ void COM_StripExtension( const char *in, char *out, int destsize ) {
+ out[length] = 0;
+ }
+
++/*
++============
++COM_CompareExtension
++
++string compare the end of the strings and return qtrue if strings match
++============
++*/
++qboolean COM_CompareExtension(const char *in, const char *ext)
++{
++ int inlen, extlen;
++
++ inlen = strlen(in);
++ extlen = strlen(ext);
++
++ if(extlen <= inlen)
++ {
++ in += inlen - extlen;
++
++ if(!Q_stricmp(in, ext))
++ return qtrue;
++ }
++
++ return qfalse;
++}
+
+ /*
+ ==================
+diff --git a/src/qcommon/q_shared.h b/src/qcommon/q_shared.h
+index e1b166a..2456b81 100644
+--- a/src/qcommon/q_shared.h
++++ b/src/qcommon/q_shared.h
+@@ -693,6 +693,7 @@ float Com_Clamp( float min, float max, float value );
+ char *COM_SkipPath( char *pathname );
+ const char *COM_GetExtension( const char *name );
+ void COM_StripExtension(const char *in, char *out, int destsize);
++qboolean COM_CompareExtension(const char *in, const char *ext);
+ void COM_DefaultExtension( char *path, int maxSize, const char *extension );
+
+ void COM_BeginParseSession( const char *name );
diff --git a/tremulous.spec b/tremulous.spec
index 88b613f..f1d237b 100644
--- a/tremulous.spec
+++ b/tremulous.spec
@@ -1,6 +1,6 @@
Name: tremulous
Version: 1.2.0
-Release: 0.3.beta1%{?dist}
+Release: 0.4.beta1%{?dist}
Summary: First Person Shooter game based on the Quake 3 engine
Group: Amusements/Games
License: GPLv2+
@@ -12,6 +12,7 @@ URL: http://tremulous.net
Source0: tremulous-1.2.0.beta1.tar.gz
Source1: %{name}.desktop
Source2: %{name}.png
+Patch0: tremulous-1.2.0-dll-overwrite.patch
BuildRequires: desktop-file-utils SDL-devel openal-soft-devel libvorbis-devel
BuildRequires: libjpeg-devel
BuildRequires: libcurl-devel
@@ -42,6 +43,7 @@ removing their ability to respawn by destroying their spawn structures.
%prep
%setup -q -n tremulous-1.2.beta1
+%patch0 -p1 -b .dll-overwrite
# Rip out the bundled libraries and use the
# system versions instead
@@ -96,6 +98,9 @@ fi
%{_datadir}/icons/hicolor/48x48/apps/%{name}.png
%changelog
+* Thu Feb 23 2012 Jan Kaluza <jkaluza at redhat.com> - 1.2.0-0.4.beta1
+- fix #796362 - fixed CVE-2011-2764 and CVE-2011-3012
+
* Sat Jan 14 2012 Fedora Release Engineering <rel-eng at lists.fedoraproject.org> - 1.2.0-0.3.beta1
- Rebuilt for https://fedoraproject.org/wiki/Fedora_17_Mass_Rebuild
More information about the scm-commits
mailing list