diff options
author | Mike Gabriel <mike.gabriel@das-netzwerkteam.de> | 2015-02-16 09:57:17 +0100 |
---|---|---|
committer | Mike Gabriel <mike.gabriel@das-netzwerkteam.de> | 2015-02-16 10:05:33 +0100 |
commit | ac2937e717f29e38583eca34657988e7b6da7eb6 (patch) | |
tree | 9957f2574172bda4066b521403fc50abecccb3db | |
parent | 650181c23b32378b4ec829880cc20700bf5b2ddf (diff) | |
download | nx-libs-ac2937e717f29e38583eca34657988e7b6da7eb6.tar.gz nx-libs-ac2937e717f29e38583eca34657988e7b6da7eb6.tar.bz2 nx-libs-ac2937e717f29e38583eca34657988e7b6da7eb6.zip |
Update 1042-Do-proper-input-validation-to-fix-for-CVE-2011-2895.patch. Fix broken comment paragraph, whitespace fix.
-rw-r--r-- | debian/changelog | 2 | ||||
-rw-r--r-- | debian/patches/1042-Do-proper-input-validation-to-fix-for-CVE-2011-2895.patch | 19 |
2 files changed, 12 insertions, 9 deletions
diff --git a/debian/changelog b/debian/changelog index 523d7a5a2..05a86f477 100644 --- a/debian/changelog +++ b/debian/changelog @@ -31,6 +31,8 @@ nx-libs (2:3.5.0.29-0x2go2) UNRELEASED; urgency=medium rely on nxproxy/Makefile.in. * Makefile.nx-libs: Fix uninstall-lite rule. The nxproxy and nxcomp uninstallation has to be in uninstall-lite, not in uninstall-full. + * Update 1042-Do-proper-input-validation-to-fix-for-CVE-2011-2895.patch. + Fix broken comment paragraph, whitespace fix. * NX code reduction efforts (from 93Mb to 41Mb): - Drop more unused code in nx-X11/programs/Xserver/hw/. Do this in diff --git a/debian/patches/1042-Do-proper-input-validation-to-fix-for-CVE-2011-2895.patch b/debian/patches/1042-Do-proper-input-validation-to-fix-for-CVE-2011-2895.patch index 04910353c..9ea330101 100644 --- a/debian/patches/1042-Do-proper-input-validation-to-fix-for-CVE-2011-2895.patch +++ b/debian/patches/1042-Do-proper-input-validation-to-fix-for-CVE-2011-2895.patch @@ -1,4 +1,4 @@ -From 6acafc9334828da22446380c81af81bde14b5d86 Mon Sep 17 00:00:00 2001 +From 36368e658a2b83753230af5296978ce27f468d8b Mon Sep 17 00:00:00 2001 From: Joerg Sonnenberger <joerg@britannica.bec.de> Date: Sun, 21 Aug 2011 18:51:53 +0200 Subject: [PATCH 02/02] Do proper input validation to fix for CVE-2011-2895. @@ -9,6 +9,7 @@ validation of the LZW stream and doesn't pessimize the inner loop for no good reason. It's derived from a change in libarchive from 2004. v2: backports to nx-libs 3.6.x (Mihai Moldovan) +v3: fix comment lines starting with "+" + whitespace fixes (Mike Gabriel) Signed-off-by: Matthieu Herrb <matthieu.herrb@laas.fr> Reviewed-by: Tomas Hoger <thoger@redhat.com> --- @@ -16,7 +17,7 @@ Reviewed-by: Tomas Hoger <thoger@redhat.com> 1 file changed, 17 insertions(+), 14 deletions(-) diff --git a/nx-X11/lib/font/fontfile/decompress.c b/nx-X11/lib/font/fontfile/decompress.c -index 553b315..12b9f0a 100644 +index 553b315..c7e649f 100644 --- a/nx-X11/lib/font/fontfile/decompress.c +++ b/nx-X11/lib/font/fontfile/decompress.c @@ -99,7 +99,7 @@ static char_type magic_header[] = { "\037\235" }; /* 1F 9D */ @@ -78,12 +79,12 @@ index 553b315..12b9f0a 100644 code = oldcode; } - -++ /* -++ * The above condition ensures that code < free_ent. -++ * The construction of tab_prefixof in turn guarantees that -++ * each iteration decreases code and therefore stack usage is -++ * bound by 1 << BITS - 256. -++ */ ++ /* ++ * The above condition ensures that code < free_ent. ++ * The construction of tab_prefixof in turn guarantees that ++ * each iteration decreases code and therefore stack usage is ++ * bound by 1 << BITS - 256. ++ */ + /* * Generate output characters in reverse order @@ -100,7 +101,7 @@ index 553b315..12b9f0a 100644 * Generate the new entry. */ - if ( (code=file->free_ent) < file->maxmaxcode ) { -+ if ( (code=file->free_ent) < file->maxmaxcode && oldcode != -1) { ++ if ( (code=file->free_ent) < file->maxmaxcode && oldcode != -1) { file->tab_prefix[code] = (unsigned short)oldcode; file->tab_suffix[code] = finchar; file->free_ent = code+1; |