diff --git a/scummvm-fix_CVE-2017-17528.patch b/scummvm-fix_CVE-2017-17528.patch new file mode 100644 index 0000000..a91bba1 --- /dev/null +++ b/scummvm-fix_CVE-2017-17528.patch @@ -0,0 +1,64 @@ +From 7aaac1dfba22d2e70b33b2cf856d7885944d4a6e Mon Sep 17 00:00:00 2001 +From: Colin Snover +Date: Thu, 14 Dec 2017 13:51:04 -0600 +Subject: [PATCH] POSIX: Fix CVE-2017-17528 + +--- + backends/platform/sdl/posix/posix.cpp | 28 ++++++++++++++++++++-------- + 1 file changed, 20 insertions(+), 8 deletions(-) + +diff --git a/backends/platform/sdl/posix/posix.cpp b/backends/platform/sdl/posix/posix.cpp +index b805a452cf7..60f85efc2f1 100644 +--- a/backends/platform/sdl/posix/posix.cpp ++++ b/backends/platform/sdl/posix/posix.cpp +@@ -49,6 +49,9 @@ + #include + #include + ++#include ++extern char **environ; ++ + OSystem_POSIX::OSystem_POSIX(Common::String baseConfigName) + : + _baseConfigName(baseConfigName) { +@@ -279,7 +282,7 @@ bool OSystem_POSIX::openUrl(const Common::String &url) { + // try desktop environment specific tools + if (launchBrowser("gnome-open", url)) // gnome + return true; +- if (launchBrowser("kfmclient openURL", url)) // kde ++ if (launchBrowser("kfmclient", url)) // kde + return true; + if (launchBrowser("exo-open", url)) // xfce + return true; +@@ -302,15 +305,24 @@ bool OSystem_POSIX::openUrl(const Common::String &url) { + return false; + } + +-bool OSystem_POSIX::launchBrowser(const Common::String& client, const Common::String &url) { +- // FIXME: system's input must be heavily escaped +- // well, when url's specified by user +- // it's OK now (urls are hardcoded somewhere in GUI) +- Common::String cmd = client + " " + url; +- return (system(cmd.c_str()) != -1); ++bool OSystem_POSIX::launchBrowser(const Common::String &client, const Common::String &url) { ++ pid_t pid; ++ const char *argv[] = { ++ client.c_str(), ++ url.c_str(), ++ NULL, ++ NULL ++ }; ++ if (client == "kfmclient") { ++ argv[2] = argv[1]; ++ argv[1] = "openURL"; ++ } ++ if (posix_spawnp(&pid, client.c_str(), NULL, NULL, const_cast(argv), environ) != 0) { ++ return false; ++ } ++ return (waitpid(pid, NULL, 0) != -1); + } + +- + AudioCDManager *OSystem_POSIX::createAudioCDManager() { + #ifdef USE_LINUXCD + return createLinuxAudioCDManager(); diff --git a/scummvm.changes b/scummvm.changes index fb4c78d..06b1de7 100644 --- a/scummvm.changes +++ b/scummvm.changes @@ -1,3 +1,8 @@ +------------------------------------------------------------------- +Mon Dec 18 09:12:00 UTC 2017 - aloisio@gmx.com + +- Added scummvm-fix_CVE-2017-17528.patch to address (boo#1073248) + ------------------------------------------------------------------- Sun Dec 17 19:25:33 UTC 2017 - alarrosa@suse.com diff --git a/scummvm.spec b/scummvm.spec index f02f104..e372ca3 100644 --- a/scummvm.spec +++ b/scummvm.spec @@ -28,6 +28,8 @@ Group: Amusements/Games/Other Url: http://www.scummvm.org/ Source: http://www.scummvm.org/frs/scummvm/%{version}/scummvm-%{version}.tar.xz Source99: %{name}.changes +# PATCH-FIX-UPSTREAM scummvm-fix_CVE-2017-17528.patch -- backported commit #7aaac1d +Patch0: scummvm-fix_CVE-2017-17528.patch BuildRequires: desktop-file-utils BuildRequires: gcc-c++ BuildRequires: hicolor-icon-theme @@ -80,6 +82,7 @@ These engines are in a worse state, but allow to play extra games. %prep %setup -q +%patch0 -p1 modified="$(sed -n '/^----/n;s/ - .*$//;p;q' "%{SOURCE99}")" DATE="\"$(date -d "${modified}" "+%%b %%e %%Y")\"" TIME="\"$(date -d "${modified}" "+%%R")\""