From 4fcb7253f6c6b955583642fc382de9172f4248a8 Mon Sep 17 00:00:00 2001
From: Tom Callaway <spot@fedoraproject.org>
Date: Jan 02 2013 16:32:04 +0000
Subject: apply fix from Michael Karcher to fix CVE-2012-6303 (bz 885893)


---

diff --git a/tcl-snack-2.2.10-CVE-2012-6303-fix.patch b/tcl-snack-2.2.10-CVE-2012-6303-fix.patch
new file mode 100644
index 0000000..6326e8a
--- /dev/null
+++ b/tcl-snack-2.2.10-CVE-2012-6303-fix.patch
@@ -0,0 +1,19 @@
+diff -up snack2.2.10/generic/jkSoundFile.c.CVE20126303 snack2.2.10/generic/jkSoundFile.c
+--- snack2.2.10/generic/jkSoundFile.c.CVE20126303	2013-01-02 11:26:15.496231056 -0500
++++ snack2.2.10/generic/jkSoundFile.c	2013-01-02 11:27:26.134250662 -0500
+@@ -1798,7 +1798,14 @@ static int
+ GetHeaderBytes(Sound *s, Tcl_Interp *interp, Tcl_Channel ch, char *buf, 
+ 	       int len)
+ {
+-  int rlen = Tcl_Read(ch, &buf[s->firstNRead], len - s->firstNRead);
++  int rlen;
++
++  if (len > max(CHANNEL_HEADER_BUFFER, HEADBUF)){
++    Tcl_AppendResult(interp, "Excessive header size", NULL);
++    return TCL_ERROR;
++  }
++
++  rlen = Tcl_Read(ch, &buf[s->firstNRead], len - s->firstNRead);
+ 
+   if (rlen < len - s->firstNRead){
+     Tcl_AppendResult(interp, "Failed reading header bytes", NULL);
diff --git a/tcl-snack.spec b/tcl-snack.spec
index a9bafb2..8eb090b 100644
--- a/tcl-snack.spec
+++ b/tcl-snack.spec
@@ -9,7 +9,7 @@
 
 Name:		tcl-%{realname}
 Version:	2.2.10
-Release:	15%{?dist}
+Release:	17%{?dist}
 Summary:	Sound toolkit
 Group:		System Environment/Libraries
 License:	GPLv2+
@@ -25,6 +25,7 @@ Patch0:		snack2.2.10-nomp3.patch
 Patch1:		snack2.2.10-extracflags.patch
 Patch2:		snack2.2.10-shared-stubs.patch
 Patch3:		snack2.2.10-newALSA.patch
+Patch4:		tcl-snack-2.2.10-CVE-2012-6303-fix.patch
 BuildRoot:	%{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n)
 BuildRequires:	tcl-devel, tk-devel, libogg-devel, libvorbis-devel
 BuildRequires:	libXft-devel
@@ -71,6 +72,7 @@ Tkinter are also required to use Snack.
 %patch1 -p1 -b .extracflags
 %patch2 -p1 -b .shared-stubs
 %patch3 -p1 -b .newALSA
+%patch4 -p1 -b .CVE20126303
 chmod -x generic/*.c generic/*.h unix/*.c COPYING README demos/python/*
 iconv -f iso-8859-1 -t utf-8 -o README{.utf8,}
 mv README{.utf8,}
@@ -126,6 +128,12 @@ rm -rf %{buildroot}
 %{python_sitelib}/tkSnack*
 
 %changelog
+* Wed Jan  2 2013 Tom Callaway <spot@fedoraproject.org> - 2.2.10-17
+- apply fix from Michael Karcher to fix CVE-2012-6303 (bz 885893)
+
+* Sat Jul 21 2012 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 2.2.10-16
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_18_Mass_Rebuild
+
 * Sat Jan 14 2012 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 2.2.10-15
 - Rebuilt for https://fedoraproject.org/wiki/Fedora_17_Mass_Rebuild