summaryrefslogtreecommitdiff
path: root/gnu/packages/patches/libwmf-CVE-2007-2756.patch
diff options
context:
space:
mode:
authorMark H Weaver <mhw@netris.org>2015-10-08 10:43:40 -0400
committerMark H Weaver <mhw@netris.org>2015-10-08 10:46:30 -0400
commitf956d661add890acb41592482a8a0c3fd90afd76 (patch)
tree796d7838d9fd3b8dac7020988bb963e0c325f7a9 /gnu/packages/patches/libwmf-CVE-2007-2756.patch
parent48e4a9f32f93c404b6fb4472164d8e00d12b2937 (diff)
gnu: libwmf: Add fixes for several security flaws.
* gnu/packages/patches/libwmf-CAN-2004-0941.patch, gnu/packages/patches/libwmf-CVE-2007-0455.patch, gnu/packages/patches/libwmf-CVE-2007-2756.patch, gnu/packages/patches/libwmf-CVE-2007-3472.patch, gnu/packages/patches/libwmf-CVE-2007-3473.patch, gnu/packages/patches/libwmf-CVE-2007-3477.patch, gnu/packages/patches/libwmf-CVE-2009-3546.patch: New files. * gnu/packages/patches/libwmf-CVE-2015-0848+4588+4695+4696.patch: Delete file. Replace with ... * gnu/packages/patches/libwmf-CVE-2015-0848+CVE-2015-4588.patch, gnu/packages/patches/libwmf-CVE-2015-4695.patch, gnu/packages/patches/libwmf-CVE-2015-4696.patch: ... these new files. * gnu-system.am (dist_patch_DATA): Adjust accordingly. * gnu/packages/image.scm (libwmf)[source]: Adjust set of patches.
Diffstat (limited to 'gnu/packages/patches/libwmf-CVE-2007-2756.patch')
-rw-r--r--gnu/packages/patches/libwmf-CVE-2007-2756.patch20
1 files changed, 20 insertions, 0 deletions
diff --git a/gnu/packages/patches/libwmf-CVE-2007-2756.patch b/gnu/packages/patches/libwmf-CVE-2007-2756.patch
new file mode 100644
index 0000000000..feafac535a
--- /dev/null
+++ b/gnu/packages/patches/libwmf-CVE-2007-2756.patch
@@ -0,0 +1,20 @@
+Copied from Fedora.
+
+http://pkgs.fedoraproject.org/cgit/libwmf.git/tree/libwmf-0.2.8.4-CVE-2007-2756.patch
+
+--- libwmf-0.2.8.4/src/extra/gd/gd_png.c 1 Apr 2007 20:41:01 -0000 1.21.2.1
++++ libwmf-0.2.8.4/src/extra/gd/gd_png.c 16 May 2007 19:06:11 -0000
+@@ -78,8 +78,11 @@
+ gdPngReadData (png_structp png_ptr,
+ png_bytep data, png_size_t length)
+ {
+- gdGetBuf (data, length, (gdIOCtx *)
+- png_get_io_ptr (png_ptr));
++ int check;
++ check = gdGetBuf (data, length, (gdIOCtx *) png_get_io_ptr (png_ptr));
++ if (check != length) {
++ png_error(png_ptr, "Read Error: truncated data");
++ }
+ }
+
+ static void