Mon May 28 19:12:29 UTC 201820180528191229

a/pkgtools-15.0-noarch-13.txz: Rebuilt. installpkg: default line length for --terselength is the number of columns. removepkg: added --terse mode. upgradepkg: default line length for --terselength is the number of columns. upgradepkg: accept -option in addition to --option. ap/vim-8.1.0026-x86_64-1.txz: Upgraded. d/bison-3.0.5-x86_64-1.txz: Upgraded. e/emacs-26.1-x86_64-1.txz: Upgraded. kde/kopete-4.14.3-x86_64-8.txz: Rebuilt. Recompiled against libidn-1.35. n/conntrack-tools-1.4.5-x86_64-1.txz: Upgraded. n/libnetfilter_conntrack-1.0.7-x86_64-1.txz: Upgraded. n/libnftnl-1.1.0-x86_64-1.txz: Upgraded. n/links-2.16-x86_64-2.txz: Rebuilt. Rebuilt to enable X driver for -g mode. n/lynx-2.8.9dev.19-x86_64-1.txz: Upgraded. n/nftables-0.8.5-x86_64-1.txz: Upgraded. n/p11-kit-0.23.11-x86_64-1.txz: Upgraded. n/ulogd-2.0.7-x86_64-1.txz: Upgraded. n/whois-5.3.1-x86_64-1.txz: Upgraded. xap/network-manager-applet-1.8.12-x86_64-1.txz: Upgraded. xap/vim-gvim-8.1.0026-x86_64-1.txz: Upgraded.
author: Patrick J Volkerding <volkerdi@slackware.com> 2018-05-28 19:12:29 +0000
committer: Eric Hameleers <alien@slackware.com> 2018-05-31 23:39:35 +0200
commit: 646a5c1cbfd95873950a87b5f75d52073a967023 (patch)
tree: b8b8d2ab3b0d432ea69ad1a64d1c789649d65020 /source/l/libwmf/libwmf-0.2.8.4-CVE-2016-9011.patch
parent: d31c50870d0bee042ce660e445c9294a59a3a65b (diff)
download: current-646a5c1cbfd95873950a87b5f75d52073a967023.tar.gz
current-646a5c1cbfd95873950a87b5f75d52073a967023.tar.xz
1 files changed, 36 insertions, 0 deletions
diff --git a/source/l/libwmf/libwmf-0.2.8.4-CVE-2016-9011.patch b/source/l/libwmf/libwmf-0.2.8.4-CVE-2016-9011.patch
new file mode 100644
index 000000000..c6bd017c2
--- /dev/null
+++ b/source/l/libwmf/libwmf-0.2.8.4-CVE-2016-9011.patch
@@ -0,0 +1,36 @@
+--- libwmf-0.2.8.4/src/player.c
++++ libwmf-0.2.8.4/src/player.c
+@@ -139,8 +139,31 @@
+ 		WMF_DEBUG (API,"bailing...");
+ 		return (API->err);
+ 	}
+-	
+- 	P->Parameters = (unsigned char*) wmf_malloc (API,(MAX_REC_SIZE(API)  ) * 2 * sizeof (unsigned char));
++
++	U32 nMaxRecordSize = (MAX_REC_SIZE(API)  ) * 2 * sizeof (unsigned char);
++	if (nMaxRecordSize)
++	{
++		//before allocating memory do a sanity check on size by seeking
++		//to claimed end to see if its possible. We're constrained here
++		//by the api and existing implementations to not simply seeking
++		//to SEEK_END. So use what we have to skip to the last byte and
++		//try and read it.
++		const long nPos = WMF_TELL (API);
++		WMF_SEEK (API, nPos + nMaxRecordSize - 1);
++		if (ERR (API))
++		{	WMF_DEBUG (API,"bailing...");
++			return (API->err);
++		}
++		int byte = WMF_READ (API);
++		if (byte == (-1))
++		{	WMF_ERROR (API,"Unexpected EOF!");
++		       	API->err = wmf_E_EOF;
++		       	return (API->err);
++		}
++		WMF_SEEK (API, nPos);
++	}
++
++ 	P->Parameters = (unsigned char*) wmf_malloc (API, nMaxRecordSize);
+ 
+ 	if (ERR (API))
+ 	{	WMF_DEBUG (API,"bailing...");
author	Patrick J Volkerding <volkerdi@slackware.com>	2018-05-28 19:12:29 +0000
committer	Eric Hameleers <alien@slackware.com>	2018-05-31 23:39:35 +0200
commit	646a5c1cbfd95873950a87b5f75d52073a967023 (patch)
tree	b8b8d2ab3b0d432ea69ad1a64d1c789649d65020 /source/l/libwmf/libwmf-0.2.8.4-CVE-2016-9011.patch
parent	d31c50870d0bee042ce660e445c9294a59a3a65b (diff)
download	current-646a5c1cbfd95873950a87b5f75d52073a967023.tar.gz current-646a5c1cbfd95873950a87b5f75d52073a967023.tar.xz