diff options
author | Lucio Andrés Illanes Albornoz <lucio@lucioillanes.de> | 2019-03-23 17:56:18 +0000 |
---|---|---|
committer | Lucio Andrés Illanes Albornoz <lucio@lucioillanes.de> | 2019-03-23 17:56:18 +0000 |
commit | 4e574b64ac30b77c767f6466eaced934c7a4ce54 (patch) | |
tree | 4020dafa63b71dd605d0e76528c1ebfaa5697713 /patches/tiff/CVE-2018-8905.patch | |
parent | 3c21bc0ef035b510bc3691c79cfd939fe4755068 (diff) | |
download | midipix_build-4e574b64ac30b77c767f6466eaced934c7a4ce54.tar.bz2 midipix_build-4e574b64ac30b77c767f6466eaced934c7a4ce54.tar.xz |
vars/build.vars:{clzip,expat}{_host,}: updated to v{1.11,2.2.6} (via Redfoxmoon.)
vars/build.vars:libxml2: updated to v2.9.9 (via Redfoxmoon.)
vars/build.vars:libunistring: updated to v0.9.10 (via Redfoxmoon.)
vars/build.vars:libpng: updated to v1.6.36 (via Redfoxmoon.)
vars/build.vars:tiff: updated to v4.0.10 (via Redfoxmoon.)
vars/build.vars:gdbm: updated to v1.18.1 (via Redfoxmoon.)
vars/build.vars:pcre: updated to v8.43 (via Redfoxmoon.)
vars/build.vars:gzip: updated to v1.10 (via Redfoxmoon.)
vars/build.vars:gzip:${PKG_{CFLAGS_CONFIGURE_EXTRA,CONFIGURE_ARGS,MAKEFLAGS_{BUILD,INSTALL}_EXTRA}}: unset (via Redfoxmoon.)
vars/build.vars:libvorbis: updated to v1.3.6 (via Redfoxmoon.)
vars/build.vars:libxslt: updated to v1.1.33 (via Redfoxmoon.)
vars/build.vars:libtirpc: updated to v1.1.4 (via Redfoxmoon.)
patches/expat-2.2.{5,6}.local.patch: updated (via Redfoxmoon.)
patches/libtirpc-1.{0.3,1.4}.local.patch: updated (via Redfoxmoon.)
patches/libvorbis-1.3.5.local.patch: removes obsolete patch (via Redfoxmoon.)
patches/libxslt-1.1.3{2,3}.local.patch: updated (via Redfoxmoon.)
patches/pcre-8.4{2,3}.local.patch: updated (via Redfoxmoon.)
patches/tiff/CVE-{2017-{11613,17095,18013,9935},2018-{10963,5784,7456,8905}}.patch: removes obsolete patches (via Redfoxmoon.)
patches/tiff/CVE-2018-12900.patch: added (via Redfoxmoon.)
Diffstat (limited to 'patches/tiff/CVE-2018-8905.patch')
-rw-r--r-- | patches/tiff/CVE-2018-8905.patch | 51 |
1 files changed, 0 insertions, 51 deletions
diff --git a/patches/tiff/CVE-2018-8905.patch b/patches/tiff/CVE-2018-8905.patch deleted file mode 100644 index f951092c..00000000 --- a/patches/tiff/CVE-2018-8905.patch +++ /dev/null @@ -1,51 +0,0 @@ -From 58a898cb4459055bb488ca815c23b880c242a27d Mon Sep 17 00:00:00 2001 -From: Even Rouault <even.rouault@spatialys.com> -Date: Sat, 12 May 2018 15:32:31 +0200 -Subject: [PATCH] LZWDecodeCompat(): fix potential index-out-of-bounds write. Fixes http://bugzilla.maptools.org/show_bug.cgi?id=2780 / CVE-2018-8905 - -The fix consists in using the similar code LZWDecode() to validate we -don't write outside of the output buffer. ---- - libtiff/tif_lzw.c | 18 ++++++++++++------ - 1 file changed, 12 insertions(+), 6 deletions(-) - -diff --git a/libtiff/tif_lzw.c b/libtiff/tif_lzw.c -index 4ccb443..94d85e3 100644 ---- a/libtiff/tif_lzw.c -+++ b/libtiff/tif_lzw.c -@@ -602,6 +602,7 @@ LZWDecodeCompat(TIFF* tif, uint8* op0, tmsize_t occ0, uint16 s) - char *tp; - unsigned char *bp; - int code, nbits; -+ int len; - long nextbits, nextdata, nbitsmask; - code_t *codep, *free_entp, *maxcodep, *oldcodep; - -@@ -753,13 +754,18 @@ LZWDecodeCompat(TIFF* tif, uint8* op0, tmsize_t occ0, uint16 s) - } while (--occ); - break; - } -- assert(occ >= codep->length); -- op += codep->length; -- occ -= codep->length; -- tp = op; -+ len = codep->length; -+ tp = op + len; - do { -- *--tp = codep->value; -- } while( (codep = codep->next) != NULL ); -+ int t; -+ --tp; -+ t = codep->value; -+ codep = codep->next; -+ *tp = (char)t; -+ } while (codep && tp > op); -+ assert(occ >= len); -+ op += len; -+ occ -= len; - } else { - *op++ = (char)code; - occ--; --- -libgit2 0.27.0 - |