From f0e7b136bbdaa7a03b76c054bbe1cf7b7a0f739f Mon Sep 17 00:00:00 2001 From: yang_zhuang_zhuang <1162011203@qq.com> Date: Fri, 28 May 2021 14:05:14 +0800 Subject: [PATCH 1/2] The "no acceptable C compiler found" error message is displayed during compilation.Therefore,add buildrequires gcc. --- tcl.spec | 14 ++++++++++---- 1 file changed, 10 insertions(+), 4 deletions(-) diff --git a/tcl.spec b/tcl.spec index 07d1b09..8f2e14b 100644 --- a/tcl.spec +++ b/tcl.spec @@ -2,14 +2,14 @@ Name: tcl Version: 8.6.10 -Release: 2 +Release: 3 Epoch: 1 Summary: The Tool Command Language implementation License: BSD URL: https://sourceforge.net/projects/tcl/ Source0: http://downloads.sourceforge.net/sourceforge/tcl/tcl-core%{version}-src.tar.gz -BuildRequires: autoconf zlib-devel systemtap-sdt-devel +BuildRequires: autoconf zlib-devel systemtap-sdt-devel gcc Provides: tcl(abi) = %{MAJOR} Obsoletes: tcl-tcldict <= %{version} Provides: tcl-tcldict = %{version} @@ -127,13 +127,19 @@ make test %{_mandir}/mann/* %changelog -* Tue Oct 27 2020 Guoshuai Sun - 1:8.6.10.2 +* Fri May 28 2021 yangzhuangzhuang - 1:8.6.10-3 +- Type:bugfix +- ID:NA +- SUG:NA +- DESC:The "no acceptable C compiler found" error message is displayed during compilation.Therefore,add buildrequires gcc. + +* Tue Oct 27 2020 Guoshuai Sun - 1:8.6.10-2 - Type:bugfix - ID:NA - SUG:NA - DESC:File not found should be ignored silently -* Wed Aug 26 2020 zhangrui - 1:8.6.10.1 +* Wed Aug 26 2020 zhangrui - 1:8.6.10-1 - Type:enhancement - ID:NA - SUG:NA -- Gitee From 54d549810b60c4659a13d803aa26e228d4b69173 Mon Sep 17 00:00:00 2001 From: zhangruifang2020 Date: Mon, 13 Jun 2022 16:02:51 +0800 Subject: [PATCH 2/2] Fix cve-2021-35331 --- ...-format-string-vulnerability-in-Tcl-.patch | 36 +++++++++++++++++++ tcl.spec | 9 ++++- 2 files changed, 44 insertions(+), 1 deletion(-) create mode 100644 Fix-bad6cc213d-A-format-string-vulnerability-in-Tcl-.patch diff --git a/Fix-bad6cc213d-A-format-string-vulnerability-in-Tcl-.patch b/Fix-bad6cc213d-A-format-string-vulnerability-in-Tcl-.patch new file mode 100644 index 0000000..3655229 --- /dev/null +++ b/Fix-bad6cc213d-A-format-string-vulnerability-in-Tcl-.patch @@ -0,0 +1,36 @@ +From 30db6ce78e7c4b96b977320e4d16555a93401c8d Mon Sep 17 00:00:00 2001 +From: "jan.nijtmans" +Date: Tue, 22 Jun 2021 09:02:00 +0000 +Subject: [PATCH] Fix [bad6cc213d]: A format string vulnerability in Tcl + nmakehelp.c allows code execution via a crated file. Also change a memcpy() + to a memmove(), because the range could be overlapping + +--- + win/nmakehlp.c | 4 ++-- + 1 file changed, 2 insertions(+), 2 deletions(-) + +diff --git a/win/nmakehlp.c b/win/nmakehlp.c +index 7536ede..4021346 100644 +--- a/win/nmakehlp.c ++++ b/win/nmakehlp.c +@@ -537,7 +537,7 @@ GetVersionFromFile( + ++q; + } + +- memcpy(szBuffer, p, q - p); ++ memmove(szBuffer, p, q - p); + szBuffer[q-p] = 0; + szResult = szBuffer; + break; +@@ -674,7 +674,7 @@ SubstituteFile( + memcpy(szBuffer, szCopy, sizeof(szCopy)); + } + } +- printf(szBuffer); ++ printf("%s", szBuffer); + } + + list_free(&substPtr); +-- +1.8.3.1 + diff --git a/tcl.spec b/tcl.spec index 8f2e14b..b3fd192 100644 --- a/tcl.spec +++ b/tcl.spec @@ -2,7 +2,7 @@ Name: tcl Version: 8.6.10 -Release: 3 +Release: 4 Epoch: 1 Summary: The Tool Command Language implementation License: BSD @@ -26,6 +26,7 @@ Patch8: Improved-overflow-prevention-1.patch Patch9: Improved-overflow-prevention-2.patch Patch10: fix-exec-test-error.patch Patch11: File-not-found-should-be-ignored-silently.patch +Patch12: Fix-bad6cc213d-A-format-string-vulnerability-in-Tcl-.patch %description Tcl(Tool Command Language) provides a powerful platform for creating integration applications @@ -127,6 +128,12 @@ make test %{_mandir}/mann/* %changelog +* Mon Jun 13 2022 zhangruifang - 1:8.6.10-4 +- Type:bugfix +- ID:NA +- SUG:NA +- DESC:Fix cve-2021-35331 + * Fri May 28 2021 yangzhuangzhuang - 1:8.6.10-3 - Type:bugfix - ID:NA -- Gitee