diff --git a/wine-CVE-2005-4560.patch b/wine-CVE-2005-4560.patch new file mode 100644 index 0000000..29864a4 --- /dev/null +++ b/wine-CVE-2005-4560.patch @@ -0,0 +1,20 @@ +=================================================================== +RCS file: /home/wine/wine/dlls/gdi/metafile.c,v +retrieving revision 1.11 +retrieving revision 1.12 +diff -u -p -r1.11 -r1.12 +--- wine/dlls/gdi/metafile.c 2006/01/03 12:43:52 1.11 ++++ wine/dlls/gdi/metafile.c 2006/01/06 20:52:46 1.12 +@@ -863,6 +863,13 @@ BOOL WINAPI PlayMetaFileRecord( HDC hdc, + break; + + case META_ESCAPE: ++ switch (mr->rdParm[0]) { ++ case GETSCALINGFACTOR: /* get function ... would just NULL dereference */ ++ return FALSE; ++ case SETABORTPROC: ++ FIXME("Filtering Escape(SETABORTPROC), possible virus?\n"); ++ return FALSE; ++ } + Escape(hdc, mr->rdParm[0], mr->rdParm[1], (LPCSTR)&mr->rdParm[2], NULL); + break; diff --git a/wine.spec b/wine.spec index f25658e..3dae6c6 100644 --- a/wine.spec +++ b/wine.spec @@ -2,7 +2,7 @@ Name: wine Version: 0.9.5 -Release: 1%{?dist} +Release: 2%{?dist} Summary: A Windows 16/32/64 bit emulator Group: Applications/Emulators @@ -21,6 +21,10 @@ Source104: wine-winefile.desktop Source105: wine-winemine.desktop Source106: wine-winhelp.desktop Patch2: wine-20050524-generated.patch +# CVS-2005-4560 wmf exploit from wine cvs +# http://cvs.winehq.org/cvsweb/wine/dlls/gdi/metafile.c.diff?r1=text&tr1=1.11&r2=text&tr2=1.12 +Patch100: wine-CVE-2005-4560.patch + Buildroot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n) ExclusiveArch: %{ix86} @@ -155,6 +159,7 @@ with the Wine Windows(TM) emulation libraries. %prep %setup -q %patch2 -p1 -b .generated +%patch100 -p1 autoconf %build @@ -688,6 +693,10 @@ update-desktop-database &>/dev/null || : %{_libdir}/wine/*.def %changelog +* Sun Jan 08 2006 Andreas Bierfert +0.9.5-2 +- fix for CVE-2005-4560 + * Fri Jan 06 2006 Andreas Bierfert 0.9.5-1 - version upgrade