!28 fix cve-2021-35331

From: @zhangruifang2020 
Reviewed-by: @overweight 
Signed-off-by: @overweight

File-not-found-should-be-ignored-silently.patch

@@ -0,0 +1,45 @@
+From 00f8160e2d52e8df57744c3b02ddda3f8a65d149 Mon Sep 17 00:00:00 2001
+From: "jan.nijtmans" <nijtmans@users.sourceforge.net>
+Date: Sat, 24 Nov 2018 14:59:04 +0000
+Subject: [PATCH] If a pkgIndex file is encountered which produces an error,
+ continue. This shoud fix the Travis build for 9.0 (But same fix should be in
+ 8.7 as well)
+
+---
+ library/package.tcl | 9 ++++++---
+ 1 file changed, 6 insertions(+), 3 deletions(-)
+
+diff --git a/library/package.tcl b/library/package.tcl
+index c72fbfbbe41..974cbf07956 100644
+--- a/library/package.tcl
++++ b/library/package.tcl
+@@ -493,7 +493,8 @@ proc tclPkgUnknown {name args} {
+ 			# $file was not readable; silently ignore
+ 			continue
+ 		    } on error msg {
+-			tclLog "error reading package index file $file: $msg"
++			# $file is not usable; silently ignore
++			continue
+ 		    } on ok {} {
+ 			set procdDirs($dir) 1
+ 		    }
+@@ -511,7 +512,8 @@ proc tclPkgUnknown {name args} {
+ 		    # $file was not readable; silently ignore
+ 		    continue
+ 		} on error msg {
+-		    tclLog "error reading package index file $file: $msg"
++		    # $file is not usable; silently ignore
++		    continue
+ 		} on ok {} {
+ 		    set procdDirs($dir) 1
+ 		}
+@@ -595,7 +597,8 @@ proc tcl::MacOSXPkgUnknown {original name args} {
+ 		    # $file was not readable; silently ignore
+ 		    continue
+ 		} on error msg {
+-		    tclLog "error reading package index file $file: $msg"
++		    # $file is not usable; silently ignore
++		    continue
+ 		} on ok {} {
+ 		    set procdDirs($dir) 1
+ 		}

Fix-bad6cc213d-A-format-string-vulnerability-in-Tcl-.patch

@@ -0,0 +1,36 @@
+From 30db6ce78e7c4b96b977320e4d16555a93401c8d Mon Sep 17 00:00:00 2001
+From: "jan.nijtmans" <nijtmans@users.sourceforge.net>
+Date: Tue, 22 Jun 2021 09:02:00 +0000
+Subject: [PATCH] Fix [bad6cc213d]: A format string vulnerability in Tcl
+ nmakehelp.c allows code execution via a crated file. Also change a memcpy()
+ to a memmove(), because the range could be overlapping
+
+---
+ win/nmakehlp.c | 4 ++--
+ 1 file changed, 2 insertions(+), 2 deletions(-)
+
+diff --git a/win/nmakehlp.c b/win/nmakehlp.c
+index 7536ede..4021346 100644
+--- a/win/nmakehlp.c
++++ b/win/nmakehlp.c
+@@ -537,7 +537,7 @@ GetVersionFromFile(
+ 		    ++q;
+ 		}
+ 
+-		memcpy(szBuffer, p, q - p);
++		memmove(szBuffer, p, q - p);
+ 		szBuffer[q-p] = 0;
+ 		szResult = szBuffer;
+ 		break;
+@@ -674,7 +674,7 @@ SubstituteFile(
+ 		    memcpy(szBuffer, szCopy, sizeof(szCopy));
+ 		}
+ 	    }
+-	    printf(szBuffer);
++	    printf("%s", szBuffer);
+ 	}
+ 
+ 	list_free(&substPtr);
+-- 
+1.8.3.1
+

tcl.spec

@@ -2,14 +2,14 @@
 
 Name:          tcl
 Version:       8.6.10
-Release:       1
+Release:       4
 Epoch:         1
 Summary:       The Tool Command Language implementation
 License:       BSD
 URL:           https://sourceforge.net/projects/tcl/
 Source0:       http://downloads.sourceforge.net/sourceforge/tcl/tcl-core%{version}-src.tar.gz
 
-BuildRequires: autoconf zlib-devel systemtap-sdt-devel
+BuildRequires: autoconf zlib-devel systemtap-sdt-devel gcc
 Provides:      tcl(abi) = %{MAJOR}
 Obsoletes:     tcl-tcldict <= %{version}
 Provides:      tcl-tcldict = %{version}
@@ -25,6 +25,8 @@ Patch7:     Fix-11ae2be95d-tip-389-branch-string-range-errors-wi.patch
 Patch8:     Improved-overflow-prevention-1.patch
 Patch9:     Improved-overflow-prevention-2.patch
 Patch10:    fix-exec-test-error.patch
+Patch11:    File-not-found-should-be-ignored-silently.patch
+Patch12:    Fix-bad6cc213d-A-format-string-vulnerability-in-Tcl-.patch
 
 %description
 Tcl(Tool Command Language) provides a powerful platform for creating integration applications
@@ -126,42 +128,60 @@ make test
 %{_mandir}/mann/*
 
 %changelog
-* Wed Aug 19 2020 zhangrui <zhangrui182@huawei.com> - 1:8.6.10-1
+* Mon Jun 13 2022 zhangruifang <zhangruifang1@h-partners.com> - 1:8.6.10-4
+- Type:bugfix
+- ID:NA
+- SUG:NA
+- DESC:Fix cve-2021-35331
+
+* Fri May 28 2021 yangzhuangzhuang <yangzhuangzhuang1@huawei.com> - 1:8.6.10-3
+- Type:bugfix
+- ID:NA
+- SUG:NA
+- DESC:The "no acceptable C compiler found" error message is displayed during compilation.Therefore,add buildrequires gcc.
+
+* Tue Oct 27 2020 Guoshuai Sun <sunguoshuai@huawei.com> - 1:8.6.10-2
+- Type:bugfix
+- ID:NA
+- SUG:NA
+- DESC:File not found should be ignored silently
+
+* Wed Aug 26 2020 zhangrui<zhangrui182@huawei.com> - 1:8.6.10-1
 - Type:enhancement
 - ID:NA
 - SUG:NA
-- DESC:update to 8.6.10
+- DESC:update tcl from 8.6.8 to 8.6.10
 
-* Tue Mar 17 2020 chengquan<chengquan3@huawei.com> - 1:8.6.8-8
+* Tue Mar 17 2020 chengquan<chengquan3@huawei.com> - 1:8.6.8.8
 - Type:bugfix
 - ID:NA
 - SUG:NA
 - DESC:Rollback some patches & add /usr/lib64/tcl*
 
-* Sat Jan 11 2020 zhangguangzhi<zhangguangzhi3@huawei.com> - 1:8.6.8-7
+* Sat Jan 11 2020 zhangguangzhi<zhangguangzhi3@huawei.com> - 1:8.6.8.7
 - Type:bugfix
 - ID:NA
 - SUG:NA
 - DESC:del patch to be consistent with open source
 
-* Wed Dec 25 2019 chengquan <chengquan3@huawei.com> - 1:8.6.8-6
+* Wed Dec 25 2019 chengquan <chengquan3@huawei.com> - 1:8.6.8.6
 - Type:bugfix
 - ID:NA
 - SUG:NA
 - DESC:fix bug in update help package
 
-* Mon Nov 4 2019 shenyangyang <shenyangyang4@huawei.com> - 1:8.6.8-5
+* Mon Nov 4 2019 shenyangyang <shenyangyang4@huawei.com> - 1:8.6.8.5
 - Type:NA
 - ID:NA
 - SUG:NA
 - DESC:add use/bin/tclsh8.6
 
-* Fri Nov 1 2019 caomeng <caomeng5@huawei.com> - 1:8.6.8-4
+* Fri Nov 1 2019 caomeng <caomeng5@huawei.com> - 1:8.6.8.4
 - Type:NA
 - ID:NA
 - SUG:NA
 - DESC:fix tclConfig.sh problem
 
-* Mon Sep 09 2019 Huiming Xie <xiehuiming@huawei.com> - 1:8.6.8-3
+* Mon Sep 09 2019 Huiming Xie <xiehuiming@huawei.com> - 1:8.6.8.3
 - Package init