Change-Id: I5085b685174de86bedfb75375873563a37b6559c
Reviewed-on: http://photon-jenkins.eng.vmware.com:8082/6193
Tested-by: gerrit-photon <photon-checkins@vmware.com>
Reviewed-by: Sharath George
1 | 1 |
new file mode 100644 |
... | ... |
@@ -0,0 +1,40 @@ |
0 |
+diff --git libmspack-0.5alpha/mspack/chmd.c libmspack-0.5alpha-a/mspack/chmd.c |
|
1 |
+--- libmspack-0.5alpha/mspack/chmd.c |
|
2 |
+@@ -1,5 +1,5 @@ |
|
3 |
+ /* This file is part of libmspack. |
|
4 |
+- * (C) 2003-2011 Stuart Caie. |
|
5 |
++ * (C) 2003-2018 Stuart Caie. |
|
6 |
+ * |
|
7 |
+ * libmspack is free software; you can redistribute it and/or modify it under |
|
8 |
+ * the terms of the GNU Lesser General Public License (LGPL) version 2.1 |
|
9 |
+@@ -397,7 +397,7 @@ static int chmd_read_headers(struct mspack_system *sys, struct mspack_file *fh, |
|
10 |
+ D(("first pmgl chunk is after last pmgl chunk")) |
|
11 |
+ return MSPACK_ERR_DATAFORMAT; |
|
12 |
+ } |
|
13 |
+- if (chm->index_root != 0xFFFFFFFF && chm->index_root > chm->num_chunks) { |
|
14 |
++ if (chm->index_root != 0xFFFFFFFF && chm->index_root >= chm->num_chunks) { |
|
15 |
+ D(("index_root outside valid range")) |
|
16 |
+ return MSPACK_ERR_DATAFORMAT; |
|
17 |
+ } |
|
18 |
+@@ -447,7 +447,10 @@ static int chmd_read_headers(struct mspack_system *sys, struct mspack_file *fh, |
|
19 |
+ while (num_entries--) { |
|
20 |
+ READ_ENCINT(name_len); |
|
21 |
+ if (name_len > (unsigned int) (end - p)) goto chunk_end; |
|
22 |
++ /* consider blank filenames to be an error */ |
|
23 |
++ if (name_len == 0) goto chunk_end; |
|
24 |
+ name = p; p += name_len; |
|
25 |
++ |
|
26 |
+ READ_ENCINT(section); |
|
27 |
+ READ_ENCINT(offset); |
|
28 |
+ READ_ENCINT(length); |
|
29 |
+@@ -622,7 +625,7 @@ static unsigned char *read_chunk(struct mschm_decompressor_p *self, |
|
30 |
+ unsigned char *buf; |
|
31 |
+ |
|
32 |
+ /* check arguments - most are already checked by chmd_fast_find */ |
|
33 |
+- if (chunk_num > chm->num_chunks) return NULL; |
|
34 |
++ if (chunk_num >= chm->num_chunks) return NULL; |
|
35 |
+ |
|
36 |
+ /* ensure chunk cache is available */ |
|
37 |
+ if (!chm->chunk_cache) { |
|
38 |
+ |
... | ... |
@@ -1,7 +1,7 @@ |
1 | 1 |
Summary: A library that provides compression and decompression of file formats used by Microsoft |
2 | 2 |
Name: libmspack |
3 | 3 |
Version: 0.5alpha |
4 |
-Release: 5%{?dist} |
|
4 |
+Release: 6%{?dist} |
|
5 | 5 |
License: LGPLv2+ |
6 | 6 |
URL: http://www.cabextract.org.uk/libmspack/libmspack-0.5alpha.tar.gz |
7 | 7 |
Group: Applications/System |
... | ... |
@@ -11,6 +11,7 @@ Source0: http://www.cabextract.org.uk/libmspack/%{name}-%{version}.tar.gz |
11 | 11 |
%define sha1 libmspack=226f19b1fc58e820671a1749983b06896e108cc4 |
12 | 12 |
Patch0: CVE-2017-6419.patch |
13 | 13 |
Patch1: CVE-2017-11423.patch |
14 |
+Patch2: CVE-2018-14679-CVE-2018-14680.patch |
|
14 | 15 |
%description |
15 | 16 |
A library that provides compression and decompression of file formats used by Microsoft |
16 | 17 |
|
... | ... |
@@ -24,6 +25,7 @@ It contains the libraries and header files to create applications. |
24 | 24 |
%setup -q |
25 | 25 |
%patch0 -p1 |
26 | 26 |
%patch1 -p1 |
27 |
+%patch2 -p1 |
|
27 | 28 |
%build |
28 | 29 |
./configure --prefix=/usr |
29 | 30 |
make %{?_smp_mflags} |
... | ... |
@@ -49,6 +51,8 @@ cd test |
49 | 49 |
%{_libdir}/*.so |
50 | 50 |
|
51 | 51 |
%changelog |
52 |
+* Fri Nov 16 2018 Sujay G <gsujay@vmware.com> 0.5alpha-6 |
|
53 |
+- Patch for CVE-2018-14679 & CVE-2018-14680 |
|
52 | 54 |
* Mon Jul 16 2018 Ajay Kaher <akaher@vmware.com> 0.5alpha-5 |
53 | 55 |
- Patch for CVE-2017-11423 |
54 | 56 |
* Mon May 21 2018 Anish Swaminathan <anishs@vmware.com> 0.5alpha-4 |