diff options
-rw-r--r-- | gnu/local.mk | 1 | ||||
-rw-r--r-- | gnu/packages/patches/libxvmc-CVE-2016-7953.patch | 42 | ||||
-rw-r--r-- | gnu/packages/xorg.scm | 13 |
3 files changed, 2 insertions, 54 deletions
diff --git a/gnu/local.mk b/gnu/local.mk index 578693f07e..4a1a0ec382 100644 --- a/gnu/local.mk +++ b/gnu/local.mk @@ -668,7 +668,6 @@ dist_patch_DATA = \ %D%/packages/patches/libwmf-CVE-2015-0848+CVE-2015-4588.patch \ %D%/packages/patches/libwmf-CVE-2015-4695.patch \ %D%/packages/patches/libwmf-CVE-2015-4696.patch \ - %D%/packages/patches/libxvmc-CVE-2016-7953.patch \ %D%/packages/patches/libxslt-generated-ids.patch \ %D%/packages/patches/linux-pam-no-setfsuid.patch \ %D%/packages/patches/lirc-localstatedir.patch \ diff --git a/gnu/packages/patches/libxvmc-CVE-2016-7953.patch b/gnu/packages/patches/libxvmc-CVE-2016-7953.patch deleted file mode 100644 index 737abdeb9f..0000000000 --- a/gnu/packages/patches/libxvmc-CVE-2016-7953.patch +++ /dev/null @@ -1,42 +0,0 @@ -Fix CVE-2016-7953: - -https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7953 - -Patch copied from upstream source repository: - -https://cgit.freedesktop.org/xorg/lib/libXvMC/commit/?id=2cd95e7da8367cccdcdd5c9b160012d1dec5cbdb - -From 2cd95e7da8367cccdcdd5c9b160012d1dec5cbdb Mon Sep 17 00:00:00 2001 -From: Tobias Stoeckmann <tobias@stoeckmann.org> -Date: Sun, 25 Sep 2016 22:34:27 +0200 -Subject: [PATCH] Avoid buffer underflow on empty strings. - -If an empty string is received from an x-server, do not underrun the -buffer by accessing "rep.nameLen - 1" unconditionally, which could end -up being -1. - -Signed-off-by: Tobias Stoeckmann <tobias@stoeckmann.org> -Reviewed-by: Matthieu Herrb <matthieu@herrb.eu> ---- - src/XvMC.c | 4 ++-- - 1 file changed, 2 insertions(+), 2 deletions(-) - -diff --git a/src/XvMC.c b/src/XvMC.c -index 7336760..3ee4212 100644 ---- a/src/XvMC.c -+++ b/src/XvMC.c -@@ -576,9 +576,9 @@ Status XvMCGetDRInfo(Display *dpy, XvPortID port, - if (*name && *busID && tmpBuf) { - _XRead(dpy, tmpBuf, realSize); - strncpy(*name,tmpBuf,rep.nameLen); -- (*name)[rep.nameLen - 1] = '\0'; -+ (*name)[rep.nameLen == 0 ? 0 : rep.nameLen - 1] = '\0'; - strncpy(*busID,tmpBuf+rep.nameLen,rep.busIDLen); -- (*busID)[rep.busIDLen - 1] = '\0'; -+ (*busID)[rep.busIDLen == 0 ? 0 : rep.busIDLen - 1] = '\0'; - XFree(tmpBuf); - } else { - XFree(*name); --- -2.10.1 - diff --git a/gnu/packages/xorg.scm b/gnu/packages/xorg.scm index 3793c2b3a7..1b2b0cafcd 100644 --- a/gnu/packages/xorg.scm +++ b/gnu/packages/xorg.scm @@ -4943,8 +4943,7 @@ new API's in libXft, or the legacy API's in libX11.") (define-public libxvmc (package (name "libxvmc") - (replacement libxvmc/fixed) - (version "1.0.9") + (version "1.0.10") (source (origin (method url-fetch) @@ -4954,7 +4953,7 @@ new API's in libXft, or the legacy API's in libX11.") ".tar.bz2")) (sha256 (base32 - "0mjp1b21dvkaz7r0iq085r92nh5vkpmx99awfgqq9hgzyvgxf0q7")))) + "0bpffxr5dal90a8miv2w0rif61byqxq2f5angj4z1bnznmws00g5")))) (build-system gnu-build-system) (propagated-inputs `(("libxv" ,libxv))) @@ -4969,14 +4968,6 @@ new API's in libXft, or the legacy API's in libX11.") (description "Xorg XvMC library.") (license license:x11))) -(define libxvmc/fixed - (package - (inherit libxvmc) - (source (origin - (inherit (package-source libxvmc)) - (patches (search-patches - "libxvmc-CVE-2016-7953.patch")))))) - (define-public libxxf86vm (package (name "libxxf86vm") |