Merge branch 'master' into core-updates

author: Marius Bakke <mbakke@fastmail.com> 2019-02-09 21:11:00 +0100
committer: Marius Bakke <mbakke@fastmail.com> 2019-02-09 21:11:00 +0100
commit: ebbb7286b91e21cb26153e3d0a3ea8017cf16224 (patch)
tree: c41eccbe937b0541109cc3b2d45c372ebf826755 /gnu/packages/patches/libtiff-CVE-2018-8905.patch
parent: d41f63942b5df85223f5fae110253bc30869653b (diff)
parent: aefa29123feaf4202010675eae0a563b3ee90cf1 (diff)
download: guix-ebbb7286b91e21cb26153e3d0a3ea8017cf16224.tar.gz
1 files changed, 0 insertions, 61 deletions
diff --git a/gnu/packages/patches/libtiff-CVE-2018-8905.patch b/gnu/packages/patches/libtiff-CVE-2018-8905.patch
deleted file mode 100644
index f49815789e..0000000000
--- a/gnu/packages/patches/libtiff-CVE-2018-8905.patch
+++ /dev/null
@@ -1,61 +0,0 @@
-Fix CVE-2018-8095:
-
-http://bugzilla.maptools.org/show_bug.cgi?id=2780
-https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-8905
-
-Patch copied from upstream source repository:
-
-https://gitlab.com/libtiff/libtiff/commit/58a898cb4459055bb488ca815c23b880c242a27d
-
-From 58a898cb4459055bb488ca815c23b880c242a27d Mon Sep 17 00:00:00 2001
-From: Even Rouault <even.rouault@spatialys.com>
-Date: Sat, 12 May 2018 15:32:31 +0200
-Subject: [PATCH] LZWDecodeCompat(): fix potential index-out-of-bounds write.
- Fixes http://bugzilla.maptools.org/show_bug.cgi?id=2780 / CVE-2018-8905
-
-The fix consists in using the similar code LZWDecode() to validate we
-don't write outside of the output buffer.
----
- libtiff/tif_lzw.c | 18 ++++++++++++------
- 1 file changed, 12 insertions(+), 6 deletions(-)
-
-diff --git a/libtiff/tif_lzw.c b/libtiff/tif_lzw.c
-index 4ccb443c..94d85e38 100644
---- a/libtiff/tif_lzw.c
-+++ b/libtiff/tif_lzw.c
-@@ -602,6 +602,7 @@ LZWDecodeCompat(TIFF* tif, uint8* op0, tmsize_t occ0, uint16 s)
- 	char *tp;
- 	unsigned char *bp;
- 	int code, nbits;
-+	int len;
- 	long nextbits, nextdata, nbitsmask;
- 	code_t *codep, *free_entp, *maxcodep, *oldcodep;
- 
-@@ -753,13 +754,18 @@ LZWDecodeCompat(TIFF* tif, uint8* op0, tmsize_t occ0, uint16 s)
- 				}  while (--occ);
- 				break;
- 			}
--			assert(occ >= codep->length);
--			op += codep->length;
--			occ -= codep->length;
--			tp = op;
-+			len = codep->length;
-+			tp = op + len;
- 			do {
--				*--tp = codep->value;
--			} while( (codep = codep->next) != NULL );
-+				int t;
-+				--tp;
-+				t = codep->value;
-+				codep = codep->next;
-+				*tp = (char)t;
-+			} while (codep && tp > op);
-+			assert(occ >= len);
-+			op += len;
-+			occ -= len;
- 		} else {
- 			*op++ = (char)code;
- 			occ--;
--- 
-2.17.0
-
author	Marius Bakke <mbakke@fastmail.com>	2019-02-09 21:11:00 +0100
committer	Marius Bakke <mbakke@fastmail.com>	2019-02-09 21:11:00 +0100
commit	ebbb7286b91e21cb26153e3d0a3ea8017cf16224 (patch)
tree	c41eccbe937b0541109cc3b2d45c372ebf826755 /gnu/packages/patches/libtiff-CVE-2018-8905.patch
parent	d41f63942b5df85223f5fae110253bc30869653b (diff)
parent	aefa29123feaf4202010675eae0a563b3ee90cf1 (diff)
download	guix-ebbb7286b91e21cb26153e3d0a3ea8017cf16224.tar.gz