Browse code
Added patch for CVE-2018-14679 & CVE-2018-14680 vulnerabilities
Change-Id: I0ba81c08a0950081756e5a86ae79f975cdc74aa2
Reviewed-on: http://photon-jenkins.eng.vmware.com:8082/6156
Tested-by: gerrit-photon <photon-checkins@vmware.com>
Reviewed-by: Anish Swaminathan <anishs@vmware.com>
gsujayvmw authored on 2018/11/12 22:12:24Showing 2 changed files
| 1 | 1 |
new file mode 100644 |
| ... | ... |
@@ -0,0 +1,40 @@ |
| 0 |
+diff --git libmspack-0.5alpha/mspack/chmd.c libmspack-0.5alpha-a/mspack/chmd.c |
|
| 1 |
+--- libmspack-0.5alpha/mspack/chmd.c |
|
| 2 |
+@@ -1,5 +1,5 @@ |
|
| 3 |
+ /* This file is part of libmspack. |
|
| 4 |
+- * (C) 2003-2011 Stuart Caie. |
|
| 5 |
++ * (C) 2003-2018 Stuart Caie. |
|
| 6 |
+ * |
|
| 7 |
+ * libmspack is free software; you can redistribute it and/or modify it under |
|
| 8 |
+ * the terms of the GNU Lesser General Public License (LGPL) version 2.1 |
|
| 9 |
+@@ -397,7 +397,7 @@ static int chmd_read_headers(struct mspack_system *sys, struct mspack_file *fh, |
|
| 10 |
+ D(("first pmgl chunk is after last pmgl chunk"))
|
|
| 11 |
+ return MSPACK_ERR_DATAFORMAT; |
|
| 12 |
+ } |
|
| 13 |
+- if (chm->index_root != 0xFFFFFFFF && chm->index_root > chm->num_chunks) {
|
|
| 14 |
++ if (chm->index_root != 0xFFFFFFFF && chm->index_root >= chm->num_chunks) {
|
|
| 15 |
+ D(("index_root outside valid range"))
|
|
| 16 |
+ return MSPACK_ERR_DATAFORMAT; |
|
| 17 |
+ } |
|
| 18 |
+@@ -447,7 +447,10 @@ static int chmd_read_headers(struct mspack_system *sys, struct mspack_file *fh, |
|
| 19 |
+ while (num_entries--) {
|
|
| 20 |
+ READ_ENCINT(name_len); |
|
| 21 |
+ if (name_len > (unsigned int) (end - p)) goto chunk_end; |
|
| 22 |
++ /* consider blank filenames to be an error */ |
|
| 23 |
++ if (name_len == 0) goto chunk_end; |
|
| 24 |
+ name = p; p += name_len; |
|
| 25 |
++ |
|
| 26 |
+ READ_ENCINT(section); |
|
| 27 |
+ READ_ENCINT(offset); |
|
| 28 |
+ READ_ENCINT(length); |
|
| 29 |
+@@ -622,7 +625,7 @@ static unsigned char *read_chunk(struct mschm_decompressor_p *self, |
|
| 30 |
+ unsigned char *buf; |
|
| 31 |
+ |
|
| 32 |
+ /* check arguments - most are already checked by chmd_fast_find */ |
|
| 33 |
+- if (chunk_num > chm->num_chunks) return NULL; |
|
| 34 |
++ if (chunk_num >= chm->num_chunks) return NULL; |
|
| 35 |
+ |
|
| 36 |
+ /* ensure chunk cache is available */ |
|
| 37 |
+ if (!chm->chunk_cache) {
|
|
| 38 |
+ |
| ... | ... |
@@ -1,7 +1,7 @@ |
| 1 | 1 |
Summary: A library that provides compression and decompression of file formats used by Microsoft |
| 2 | 2 |
Name: libmspack |
| 3 | 3 |
Version: 0.5alpha |
| 4 |
-Release: 4%{?dist}
|
|
| 4 |
+Release: 5%{?dist}
|
|
| 5 | 5 |
License: LGPLv2+ |
| 6 | 6 |
URL: http://www.cabextract.org.uk/libmspack/libmspack-0.5alpha.tar.gz |
| 7 | 7 |
Group: Applications/System |
| ... | ... |
@@ -11,12 +11,14 @@ Source0: http://www.cabextract.org.uk/libmspack/%{name}-%{version}.tar.gz
|
| 11 | 11 |
%define sha1 libmspack=226f19b1fc58e820671a1749983b06896e108cc4 |
| 12 | 12 |
Patch0: CVE-2017-6419.patch |
| 13 | 13 |
Patch1: CVE-2017-11423.patch |
| 14 |
+Patch2: CVE-2018-14679-CVE-2018-14680.patch |
|
| 14 | 15 |
%description |
| 15 | 16 |
A library that provides compression and decompression of file formats used by Microsoft |
| 16 | 17 |
%prep |
| 17 | 18 |
%setup -q |
| 18 | 19 |
%patch0 -p1 |
| 19 | 20 |
%patch1 -p1 |
| 21 |
+%patch2 -p1 |
|
| 20 | 22 |
%build |
| 21 | 23 |
./configure --prefix=/usr |
| 22 | 24 |
make %{?_smp_mflags}
|
| ... | ... |
@@ -33,6 +35,8 @@ make DESTDIR=%{buildroot} install
|
| 33 | 33 |
%{_libdir}/pkgconfig/*.pc
|
| 34 | 34 |
%{_includedir}/*
|
| 35 | 35 |
%changelog |
| 36 |
+* Mon Nov 12 2018 Sujay G <gsujay@vmware.com> 0.5alpha-5 |
|
| 37 |
+- Patch for CVE-2018-14679 & CVE-2018-14680 |
|
| 36 | 38 |
* Tue Jul 24 2018 Ajay Kaher <akaher@vmware.com> 0.5alpha-4 |
| 37 | 39 |
- Patch for CVE-2017-11423.patch |
| 38 | 40 |
* Mon May 21 2018 Anish Swaminathan <anishs@vmware.com> 0.5alpha-3 |