links: add security fix for CVE-2013-6050

Message ID	1403031949-11357-1-git-send-email-gustavo@zacarias.com.ar
State	Accepted
Commit	69636df180e4a723b6160685b605dfbe326a0d26
Headers	show Return-Path: <buildroot-bounces@busybox.net> From: Gustavo Zacarias <gustavo@zacarias.com.ar> To: buildroot@busybox.net Date: Tue, 17 Jun 2014 16:05:49 -0300 Message-Id: <1403031949-11357-1-git-send-email-gustavo@zacarias.com.ar> Subject: [Buildroot] [PATCH] links: add security fix for CVE-2013-6050 Precedence: list MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit Errors-To: buildroot-bounces@busybox.net Sender: buildroot-bounces@busybox.net

Message ID

1403031949-11357-1-git-send-email-gustavo@zacarias.com.ar

State

Accepted

Commit

69636df180e4a723b6160685b605dfbe326a0d26

Headers

From: Gustavo Zacarias <gustavo@zacarias.com.ar>
To: buildroot@busybox.net
Date: Tue, 17 Jun 2014 16:05:49 -0300
Message-Id: <1403031949-11357-1-git-send-email-gustavo@zacarias.com.ar>
Subject: [Buildroot] [PATCH] links: add security fix for CVE-2013-6050
Precedence: list
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: buildroot-bounces@busybox.net
Sender: buildroot-bounces@busybox.net

Commit Message

Gustavo Zacarias June 17, 2014, 7:05 p.m. UTC

Also fix LICENSE typo.

Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar>
---
 ...no-largefile.patch => links-0001-no-largefile.patch} |  0
 package/links/links-0002-CVE-2013-6050.patch            | 17 +++++++++++++++++
 package/links/links.mk                                  |  2 +-
 3 files changed, 18 insertions(+), 1 deletion(-)
 rename package/links/{links-no-largefile.patch => links-0001-no-largefile.patch} (100%)
 create mode 100644 package/links/links-0002-CVE-2013-6050.patch

Comments

Peter Korsgaard June 18, 2014, 11:54 a.m. UTC | #1

>>>>> "Gustavo" == Gustavo Zacarias <gustavo@zacarias.com.ar> writes:

 > Also fix LICENSE typo.
 > Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar>

Committed, thanks.

diff --git a/package/links/links-no-largefile.patch b/package/links/links-0001-no-largefile.patch
similarity index 100%
rename from package/links/links-no-largefile.patch
rename to package/links/links-0001-no-largefile.patch
diff --git a/package/links/links-0002-CVE-2013-6050.patch b/package/links/links-0002-CVE-2013-6050.patch
new file mode 100644
index 0000000..d85c250
--- /dev/null
+++ b/package/links/links-0002-CVE-2013-6050.patch
@@ -0,0 +1,17 @@ 
+Description: Fix integer overflow in graphics mode (CVE-2013-6050)
+Author: Mikulas Patocka <mikulas@artax.karlin.mff.cuni.cz>
+Bug-CVE: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6050
+
+Index: links-2.7/html_tbl.c
+===================================================================
+--- links-2.7.orig/html_tbl.c   2013-11-22 01:57:29.000000000 +0100
++++ links-2.7/html_tbl.c        2013-11-22 01:58:30.000000000 +0100
+@@ -1550,6 +1550,8 @@ static void add_to_rect_sets(struct rect
+ static void add_to_cell_sets(struct table_cell ****s, int **nn, int *n, struct rect *r, struct table_cell *c)
+ {
+ 	int i, j;
++	if (r->y1 < 0 || r->y2 < 0)
++		fatal_exit("add_to_cell_sets: integer overflow: %d, %d", r->y1, r->y2);
+ 	for (i = r->y1 >> RECT_BOUND_BITS; i <= (r->y2 - 1) >> RECT_BOUND_BITS; i++) {
+ 		if (i >= *n) {
+ 			struct table_cell ***ns;
diff --git a/package/links/links.mk b/package/links/links.mk
index 6e683dd..a7baa4c 100644
--- a/package/links/links.mk
+++ b/package/links/links.mk
@@ -7,7 +7,7 @@ 
 LINKS_VERSION = 2.7
 LINKS_SITE = http://links.twibright.com/download
 LINKS_DEPENDENCIES = host-pkgconf
-LINKS_LICNSE = GPLv2+
+LINKS_LICENSE = GPLv2+
 LINKS_LICENSE_FILES = COPYING
 
 ifeq ($(BR2_PACKAGE_LINKS_GRAPHICS),y)

links: add security fix for CVE-2013-6050

Commit Message

Comments

Patch