forked from pool/mupdf
Accepting request 454978 from Publishing
- Add CVE-2017-5627.patch and CVE-2017-5628.patch fixes CVE-2017-5627 and CVE-2017-5628 bsc#1022503 bsc#1022504 OBS-URL: https://build.opensuse.org/request/show/454978 OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/mupdf?expand=0&rev=24
This commit is contained in:
Dominique Leuenberger
Git OBS Bridge
commit
014dbb9c99
15
CVE-2017-5627.patch
Normal file
15
CVE-2017-5627.patch
Normal file
@ -0,0 +1,15 @@
|
||||
X-Git-Url: http://git.ghostscript.com/?p=mujs.git;a=blobdiff_plain;f=jsrun.c;h=ca7d5ad46ba2414f075280ee94121a88f0bcfde6;hp=782a6f9caa62d510377397b0c63c1407e70f6c95;hb=4006739a28367c708dea19aeb19b8a1a9326ce08;hpb=8f62ea10a0af68e56d5c00720523ebcba13c2e6a
|
||||
|
||||
diff --git a/jsrun.c b/jsrun.c
|
||||
index 782a6f9..ca7d5ad 100644
|
||||
--- a/jsrun.c
|
||||
+++ b/jsrun.c
|
||||
@@ -544,7 +544,7 @@ static void jsR_setproperty(js_State *J, js_Object *obj, const char *name)
|
||||
if (!strcmp(name, "length")) {
|
||||
double rawlen = jsV_tonumber(J, value);
|
||||
int newlen = jsV_numbertointeger(rawlen);
|
||||
- if (newlen != rawlen)
|
||||
+ if (newlen != rawlen || newlen < 0)
|
||||
js_rangeerror(J, "array length");
|
||||
jsV_resizearray(J, obj, newlen);
|
||||
return;
|
||||
35
CVE-2017-5628.patch
Normal file
35
CVE-2017-5628.patch
Normal file
@ -0,0 +1,35 @@
|
||||
From 8f62ea10a0af68e56d5c00720523ebcba13c2e6a Mon Sep 17 00:00:00 2001
|
||||
From: Tor Andersson <tor.andersson@gmail.com>
|
||||
Date: Tue, 24 Jan 2017 14:32:14 +0100
|
||||
Subject: [PATCH] Fix 697496: Check NAN before accessing array in MakeDay().
|
||||
|
||||
---
|
||||
jsdate.c | 7 ++++++-
|
||||
1 file changed, 6 insertions(+), 1 deletion(-)
|
||||
|
||||
diff --git a/jsdate.c b/jsdate.c
|
||||
index 2b43edf..6efbb60 100644
|
||||
--- a/jsdate.c
|
||||
+++ b/jsdate.c
|
||||
@@ -207,12 +207,17 @@ static double MakeDay(double y, double m, double date)
|
||||
};
|
||||
|
||||
double yd, md;
|
||||
+ int im;
|
||||
|
||||
y += floor(m / 12);
|
||||
m = pmod(m, 12);
|
||||
|
||||
+ im = (int)m;
|
||||
+ if (im < 0 || im >= 12)
|
||||
+ return NAN;
|
||||
+
|
||||
yd = floor(TimeFromYear(y) / msPerDay);
|
||||
- md = firstDayOfMonth[InLeapYear(y)][(int)m];
|
||||
+ md = firstDayOfMonth[InLeapYear(y)][im];
|
||||
|
||||
return yd + md + date - 1;
|
||||
}
|
||||
--
|
||||
2.9.1
|
||||
|
||||
@ -1,3 +1,9 @@
|
||||
-------------------------------------------------------------------
|
||||
Mon Feb 6 12:51:00 UTC 2017 - idonmez@suse.com
|
||||
|
||||
- Add CVE-2017-5627.patch and CVE-2017-5628.patch fixes
|
||||
CVE-2017-5627 and CVE-2017-5628 bsc#1022503 bsc#1022504
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Tue Jan 24 11:57:17 UTC 2017 - idonmez@suse.com
|
||||
|
||||
|
||||
@ -31,6 +31,8 @@ Patch1: fix-openjpeg-flags.patch
|
||||
Patch2: CVE-2016-10132.patch
|
||||
Patch3: CVE-2016-10133.patch
|
||||
Patch4: CVE-2016-10141.patch
|
||||
Patch5: CVE-2017-5627.patch
|
||||
Patch6: CVE-2017-5628.patch
|
||||
BuildRequires: freetype-devel
|
||||
BuildRequires: gcc-c++
|
||||
BuildRequires: jbig2dec-devel
|
||||
@ -72,6 +74,8 @@ pushd ./thirdparty/mujs
|
||||
%patch2 -p1
|
||||
%patch3 -p1
|
||||
%patch4 -p1
|
||||
%patch5 -p1
|
||||
%patch6 -p1
|
||||
popd
|
||||
|
||||
# do not use the inlined copies of build dpendencies except for mujs
|
||||
|
||||
Loading…
Reference in New Issue
Block a user