diff options
author | Patrick J Volkerding <volkerdi@slackware.com> | 2020-10-29 21:55:56 +0000 |
---|---|---|
committer | Eric Hameleers <alien@slackware.com> | 2020-10-30 08:59:49 +0100 |
commit | c54ffbc86d562b12ffef86f2af11628ec0647899 (patch) | |
tree | afa56b8f437628b14c3ad19ba55f7afe97d96e47 /source/l/openexr/openexr.CVE-2017-9110-to-9116.patch | |
parent | 037917abe789c55171028a20ce56284921260d2a (diff) | |
download | current-c54ffbc86d562b12ffef86f2af11628ec0647899.tar.gz current-c54ffbc86d562b12ffef86f2af11628ec0647899.tar.xz |
Thu Oct 29 21:55:56 UTC 202020201029215556
a/aaa_elflibs-15.0-x86_64-26.txz: Rebuilt.
Upgraded: liblber-2.4.so.2.11.3, libldap-2.4.so.2.11.3, libmpc.so.3.2.1.
Added temporarily to allow for third-party packages to be recompiled:
libHalf.so.12.0.0, libIex-2_2.so.12.0.0, libIexMath-2_2.so.12.0.0,
libIlmImf-2_2.so.22.0.0, libIlmImfUtil-2_2.so.22.0.0,
libIlmThread-2_2.so.12.0.0, libImath-2_2.so.12.0.0,
libpoppler-qt4.so.4.11.0, libpoppler.so.79.0.0.
a/kernel-generic-5.4.73-x86_64-1.txz: Upgraded.
a/kernel-huge-5.4.73-x86_64-1.txz: Upgraded.
a/kernel-modules-5.4.73-x86_64-1.txz: Upgraded.
d/kernel-headers-5.4.73-x86-1.txz: Upgraded.
k/kernel-source-5.4.73-noarch-1.txz: Upgraded.
l/LibRaw-0.20.2-x86_64-1.txz: Upgraded.
Shared library .so-version bump.
l/exiv2-0.27.3-x86_64-1.txz: Upgraded.
Shared library .so-version bump.
l/gegl-0.4.26-x86_64-2.txz: Rebuilt.
Recompiled against openexr-2.5.3.
l/gexiv2-0.12.1-x86_64-1.txz: Upgraded.
Compiled against exiv2-0.27.3.
l/graphene-1.10.2-x86_64-1.txz: Added.
l/gst-plugins-base-1.18.1-x86_64-2.txz: Rebuilt.
Recompiled against system libgraphene.
l/ilmbase-2.2.0-x86_64-2.txz: Removed.
These libraries are now part of openexr.
l/imagemagick-7.0.10_34-x86_64-2.txz: Rebuilt.
Recompiled against LibRaw-0.20.2 and openexr-2.5.3.
l/openexr-2.5.3-x86_64-1.txz: Upgraded.
Shared library .so-version bump.
l/poppler-20.10.0-x86_64-1.txz: Upgraded.
Shared library .so-version bump.
Qt4 support dropped.
n/samba-4.13.1-x86_64-1.txz: Upgraded.
This update fixes security issues:
Missing handle permissions check in SMB1/2/3 ChangeNotify.
Denial-of-service vulnerabilities.
For more information, see:
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14318
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14323
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14383
(* Security fix *)
xap/geeqie-1.5.1-x86_64-2.txz: Rebuilt.
Recompiled against exiv2-0.27.3.
xap/gimp-2.10.22-x86_64-2.txz: Rebuilt.
Recompiled against openexr-2.5.3.
xap/xlockmore-5.66-x86_64-1.txz: Upgraded.
isolinux/initrd.img: Rebuilt.
kernels/*: Upgraded.
usb-and-pxe-installers/usbboot.img: Rebuilt.
Diffstat (limited to 'source/l/openexr/openexr.CVE-2017-9110-to-9116.patch')
-rw-r--r-- | source/l/openexr/openexr.CVE-2017-9110-to-9116.patch | 82 |
1 files changed, 0 insertions, 82 deletions
diff --git a/source/l/openexr/openexr.CVE-2017-9110-to-9116.patch b/source/l/openexr/openexr.CVE-2017-9110-to-9116.patch deleted file mode 100644 index 98c03a997..000000000 --- a/source/l/openexr/openexr.CVE-2017-9110-to-9116.patch +++ /dev/null @@ -1,82 +0,0 @@ ---- a/IlmImf/ImfDwaCompressor.cpp -+++ b/IlmImf/ImfDwaCompressor.cpp -@@ -2377,7 +2377,12 @@ DwaCompressor::uncompress - - const char *dataPtr = inPtr + NUM_SIZES_SINGLE * sizeof(Int64); - -- if (inSize < headerSize + compressedSize) -+ /* Both the sum and individual sizes are checked in case of overflow. */ -+ if (inSize < (headerSize + compressedSize) || -+ inSize < unknownCompressedSize || -+ inSize < acCompressedSize || -+ inSize < dcCompressedSize || -+ inSize < rleCompressedSize) - { - throw Iex::InputExc("Error uncompressing DWA data" - "(truncated file)."); -diff --git a/IlmImf/ImfHuf.cpp b/IlmImf/ImfHuf.cpp -index a375d05..97909a5 100644 ---- a/IlmImf/ImfHuf.cpp -+++ b/IlmImf/ImfHuf.cpp -@@ -822,7 +822,7 @@ hufEncode // return: output size (in bits) - } - - --#define getCode(po, rlc, c, lc, in, out, oe) \ -+#define getCode(po, rlc, c, lc, in, out, ob, oe)\ - { \ - if (po == rlc) \ - { \ -@@ -835,6 +835,8 @@ hufEncode // return: output size (in bits) - \ - if (out + cs > oe) \ - tooMuchData(); \ -+ else if (out - 1 < ob) \ -+ notEnoughData(); \ - \ - unsigned short s = out[-1]; \ - \ -@@ -895,7 +897,7 @@ hufDecode - // - - lc -= pl.len; -- getCode (pl.lit, rlc, c, lc, in, out, oe); -+ getCode (pl.lit, rlc, c, lc, in, out, outb, oe); - } - else - { -@@ -925,7 +927,7 @@ hufDecode - // - - lc -= l; -- getCode (pl.p[j], rlc, c, lc, in, out, oe); -+ getCode (pl.p[j], rlc, c, lc, in, out, outb, oe); - break; - } - } -@@ -952,7 +954,7 @@ hufDecode - if (pl.len) - { - lc -= pl.len; -- getCode (pl.lit, rlc, c, lc, in, out, oe); -+ getCode (pl.lit, rlc, c, lc, in, out, outb, oe); - } - else - { -diff --git a/IlmImf/ImfPizCompressor.cpp b/IlmImf/ImfPizCompressor.cpp -index 46c6fba..8b3ee38 100644 ---- a/IlmImf/ImfPizCompressor.cpp -+++ b/IlmImf/ImfPizCompressor.cpp -@@ -573,6 +573,12 @@ PizCompressor::uncompress (const char *inPtr, - int length; - Xdr::read <CharPtrIO> (inPtr, length); - -+ if (length > inSize) -+ { -+ throw InputExc ("Error in header for PIZ-compressed data " -+ "(invalid array length)."); -+ } -+ - hufUncompress (inPtr, length, _tmpBuffer, tmpBufferEnd - _tmpBuffer); - - // |