gnu: libxvmc: Fix CVE-2016-7953.
* gnu/packages/patches/libxvmc-CVE-2016-7953.patch: New file. * gnu/local.mk (dist_patch_DATA): Add it. * gnu/packages/xorg.scm (libxvmc)[replacement]: New field. (libxvmc/fixed): New variable.
This commit is contained in:
parent
e73631a906
commit
813062a5f7
|
@ -678,6 +678,7 @@ dist_patch_DATA = \
|
|||
%D%/packages/patches/libxrender-CVE-2016-7950.patch \
|
||||
%D%/packages/patches/libxtst-CVE-2016-7951-CVE-2016-7952.patch \
|
||||
%D%/packages/patches/libxv-CVE-2016-5407.patch \
|
||||
%D%/packages/patches/libxvmc-CVE-2016-7953.patch \
|
||||
%D%/packages/patches/libxslt-generated-ids.patch \
|
||||
%D%/packages/patches/lirc-localstatedir.patch \
|
||||
%D%/packages/patches/llvm-for-extempore.patch \
|
||||
|
|
|
@ -0,0 +1,42 @@
|
|||
Fix CVE-2016-7953:
|
||||
|
||||
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7953
|
||||
|
||||
Patch copied from upstream source repository:
|
||||
|
||||
https://cgit.freedesktop.org/xorg/lib/libXvMC/commit/?id=2cd95e7da8367cccdcdd5c9b160012d1dec5cbdb
|
||||
|
||||
From 2cd95e7da8367cccdcdd5c9b160012d1dec5cbdb Mon Sep 17 00:00:00 2001
|
||||
From: Tobias Stoeckmann <tobias@stoeckmann.org>
|
||||
Date: Sun, 25 Sep 2016 22:34:27 +0200
|
||||
Subject: [PATCH] Avoid buffer underflow on empty strings.
|
||||
|
||||
If an empty string is received from an x-server, do not underrun the
|
||||
buffer by accessing "rep.nameLen - 1" unconditionally, which could end
|
||||
up being -1.
|
||||
|
||||
Signed-off-by: Tobias Stoeckmann <tobias@stoeckmann.org>
|
||||
Reviewed-by: Matthieu Herrb <matthieu@herrb.eu>
|
||||
---
|
||||
src/XvMC.c | 4 ++--
|
||||
1 file changed, 2 insertions(+), 2 deletions(-)
|
||||
|
||||
diff --git a/src/XvMC.c b/src/XvMC.c
|
||||
index 7336760..3ee4212 100644
|
||||
--- a/src/XvMC.c
|
||||
+++ b/src/XvMC.c
|
||||
@@ -576,9 +576,9 @@ Status XvMCGetDRInfo(Display *dpy, XvPortID port,
|
||||
if (*name && *busID && tmpBuf) {
|
||||
_XRead(dpy, tmpBuf, realSize);
|
||||
strncpy(*name,tmpBuf,rep.nameLen);
|
||||
- (*name)[rep.nameLen - 1] = '\0';
|
||||
+ (*name)[rep.nameLen == 0 ? 0 : rep.nameLen - 1] = '\0';
|
||||
strncpy(*busID,tmpBuf+rep.nameLen,rep.busIDLen);
|
||||
- (*busID)[rep.busIDLen - 1] = '\0';
|
||||
+ (*busID)[rep.busIDLen == 0 ? 0 : rep.busIDLen - 1] = '\0';
|
||||
XFree(tmpBuf);
|
||||
} else {
|
||||
XFree(*name);
|
||||
--
|
||||
2.10.1
|
||||
|
|
@ -4998,6 +4998,7 @@ new API's in libXft, or the legacy API's in libX11.")
|
|||
(define-public libxvmc
|
||||
(package
|
||||
(name "libxvmc")
|
||||
(replacement libxvmc/fixed)
|
||||
(version "1.0.9")
|
||||
(source
|
||||
(origin
|
||||
|
@ -5023,6 +5024,13 @@ new API's in libXft, or the legacy API's in libX11.")
|
|||
(description "Xorg XvMC library.")
|
||||
(license license:x11)))
|
||||
|
||||
(define libxvmc/fixed
|
||||
(package
|
||||
(inherit libxvmc)
|
||||
(source (origin
|
||||
(inherit (package-source libxvmc))
|
||||
(patches (search-patches
|
||||
"libxvmc-CVE-2016-7953.patch"))))))
|
||||
|
||||
(define-public libxxf86vm
|
||||
(package
|
||||
|
|
Loading…
Reference in New Issue