diff --git a/tcl-fortify.patch b/tcl-fortify.patch new file mode 100644 index 0000000..e57fca6 --- /dev/null +++ b/tcl-fortify.patch @@ -0,0 +1,11 @@ +--- generic/tclTrace.c.orig 2010-01-21 12:38:47.000000000 +0100 ++++ generic/tclTrace.c 2010-01-21 12:55:05.000000000 +0100 +@@ -909,7 +909,7 @@ + } + ctvarPtr->traceCmdInfo.length = length; + flags |= TCL_TRACE_UNSETS | TCL_TRACE_RESULT_OBJECT; +- strcpy(ctvarPtr->traceCmdInfo.command, command); ++ memcpy(ctvarPtr->traceCmdInfo.command, command, length + 1); + ctvarPtr->traceInfo.traceProc = TraceVarProc; + ctvarPtr->traceInfo.clientData = (ClientData) + &ctvarPtr->traceCmdInfo; diff --git a/tcl.changes b/tcl.changes index a74a83f..a30c856 100644 --- a/tcl.changes +++ b/tcl.changes @@ -1,3 +1,8 @@ +------------------------------------------------------------------- +Thu Jan 21 12:55:33 CET 2010 - rguenther@suse.de + +- Fix fortify violation in TraceVariableObjCmd. + ------------------------------------------------------------------- Wed Nov 18 16:18:20 CET 2009 - max@suse.de diff --git a/tcl.spec b/tcl.spec index 4be5922..3d72082 100644 --- a/tcl.spec +++ b/tcl.spec @@ -41,6 +41,7 @@ Source2: baselibs.conf Source3: macros.tcl Patch0: tcl.patch Patch1: tcl-unload.patch +Patch2: tcl-fortify.patch %description Tcl (Tool Command Language) is a very powerful but easy to learn @@ -88,6 +89,7 @@ Authors: %setup -q -n %name%version %patch0 %patch1 +%patch2 %build cd unix