From d851798416d005977d9409babf710c050124cfda Mon Sep 17 00:00:00 2001 From: Caolán McNamara Date: Feb 08 2017 14:54:05 +0000 Subject: Related: rhbz#1418992 backport CVE-2016-9317 to embedded libwmf gd --- diff --git a/libwmf-0.2.8.4-CVE-2016-9317.patch b/libwmf-0.2.8.4-CVE-2016-9317.patch new file mode 100644 index 0000000..cf57734 --- /dev/null +++ b/libwmf-0.2.8.4-CVE-2016-9317.patch @@ -0,0 +1,21 @@ +--- libwmf-0.2.8.4/src/extra/gd/gd.c ++++ libwmf-0.2.8.4/src/extra/gd/gd.c +@@ -65,6 +65,18 @@ + { + int i; + gdImagePtr im; ++ ++ if (overflow2(sx, sy)) { ++ return NULL; ++ } ++ ++ if (overflow2(sizeof (unsigned char *), sy)) { ++ return NULL; ++ } ++ if (overflow2(sizeof (unsigned char), sx)) { ++ return NULL; ++ } ++ + im = (gdImage *) gdMalloc (sizeof (gdImage)); + memset (im, 0, sizeof (gdImage)); + /* Row-major ever since gd 1.3 */ diff --git a/libwmf.spec b/libwmf.spec index 3ac47f1..a58cf1c 100644 --- a/libwmf.spec +++ b/libwmf.spec @@ -1,7 +1,7 @@ Summary: Windows MetaFile Library Name: libwmf Version: 0.2.8.4 -Release: 49%{?dist} +Release: 50%{?dist} Group: System Environment/Libraries #libwmf is under the LGPLv2+, however... #1. The tarball contains an old version of the urw-fonts under GPL+. @@ -65,6 +65,8 @@ Patch19: libwmf-0.2.8.4-CVE-2015-4696.patch Patch20: libwmf-0.2.8.4-autoheader.patch # CVE-2016-9011 Patch21: libwmf-0.2.8.4-CVE-2016-9011.patch +# CVE-2016-9317 +Patch22: libwmf-0.2.8.4-CVE-2016-9317.patch Requires: urw-fonts Requires: %{name}-lite = %{version}-%{release} @@ -119,6 +121,7 @@ using libwmf. %patch19 -p1 -b .CVE-2015-4696 %patch20 -p1 -b .autoheader %patch21 -p1 -b .CVE-2016-9011 +%patch22 -p1 -b .CVE-2016-9317 f=README ; iconv -f iso-8859-2 -t utf-8 $f > $f.utf8 ; mv $f.utf8 $f %build @@ -180,6 +183,9 @@ sed -i $RPM_BUILD_ROOT%{_datadir}/libwmf/fonts/fontmap -e 's#libwmf/fonts#fonts/ %changelog +* Wed Feb 08 2017 Caolán McNamara - 0.2.8.4-50 +- CVE-2016-9317 + * Wed Oct 26 2016 Caolán McNamara - 0.2.8.4-49 - Resolves: rhbz#1388451 (CVE-2016-9011) check max claimed record len against max seekable position