Message ID | 20191108160030.12803-1-peter@korsgaard.com |
---|---|
State | Accepted |
Headers | show |
Series | package/libfribidi: add upstream security fix | expand |
On Fri, 8 Nov 2019 17:00:29 +0100 Peter Korsgaard <peter@korsgaard.com> wrote: > Fixes the following security issue: > > - CVE-2019-18397: GNU FriBidi stack buffer overflow >= 1.0.0 > > For more details, see the advisory: > https://www.openwall.com/lists/oss-security/2019/11/08/5 > > Signed-off-by: Peter Korsgaard <peter@korsgaard.com> > --- > ..._level-to-FRIBIDI_BIDI_MAX_EXPLICIT_.patch | 30 +++++++++++++++++++ > 1 file changed, 30 insertions(+) > create mode 100644 package/libfribidi/0001-Truncate-isolate_level-to-FRIBIDI_BIDI_MAX_EXPLICIT_.patch Applied to master, thanks. Thomas
>>>>> "Peter" == Peter Korsgaard <peter@korsgaard.com> writes: > Fixes the following security issue: > - CVE-2019-18397: GNU FriBidi stack buffer overflow >= 1.0.0 > For more details, see the advisory: > https://www.openwall.com/lists/oss-security/2019/11/08/5 > Signed-off-by: Peter Korsgaard <peter@korsgaard.com> Committed to 2019.08.x (2019.02.x uses < 1.0.0), thanks.
diff --git a/package/libfribidi/0001-Truncate-isolate_level-to-FRIBIDI_BIDI_MAX_EXPLICIT_.patch b/package/libfribidi/0001-Truncate-isolate_level-to-FRIBIDI_BIDI_MAX_EXPLICIT_.patch new file mode 100644 index 0000000000..b78f9b2111 --- /dev/null +++ b/package/libfribidi/0001-Truncate-isolate_level-to-FRIBIDI_BIDI_MAX_EXPLICIT_.patch @@ -0,0 +1,30 @@ +From 034c6e9a1d296286305f4cfd1e0072b879f52568 Mon Sep 17 00:00:00 2001 +From: Dov Grobgeld <dov.grobgeld@gmail.com> +Date: Thu, 24 Oct 2019 09:37:29 +0300 +Subject: [PATCH] Truncate isolate_level to FRIBIDI_BIDI_MAX_EXPLICIT_LEVEL + +CVE-2019-18397 + +Signed-off-by: Peter Korsgaard <peter@korsgaard.com> +--- + lib/fribidi-bidi.c | 4 +++- + 1 file changed, 3 insertions(+), 1 deletion(-) + +diff --git a/lib/fribidi-bidi.c b/lib/fribidi-bidi.c +index 6c84392..d384878 100644 +--- a/lib/fribidi-bidi.c ++++ b/lib/fribidi-bidi.c +@@ -747,7 +747,9 @@ fribidi_get_par_embedding_levels_ex ( + } + + RL_LEVEL (pp) = level; +- RL_ISOLATE_LEVEL (pp) = isolate_level++; ++ RL_ISOLATE_LEVEL (pp) = isolate_level; ++ if (isolate_level < FRIBIDI_BIDI_MAX_EXPLICIT_LEVEL-1) ++ isolate_level++; + base_level_per_iso_level[isolate_level] = new_level; + + if (!FRIBIDI_IS_NEUTRAL (override)) +-- +2.20.1 +
Fixes the following security issue: - CVE-2019-18397: GNU FriBidi stack buffer overflow >= 1.0.0 For more details, see the advisory: https://www.openwall.com/lists/oss-security/2019/11/08/5 Signed-off-by: Peter Korsgaard <peter@korsgaard.com> --- ..._level-to-FRIBIDI_BIDI_MAX_EXPLICIT_.patch | 30 +++++++++++++++++++ 1 file changed, 30 insertions(+) create mode 100644 package/libfribidi/0001-Truncate-isolate_level-to-FRIBIDI_BIDI_MAX_EXPLICIT_.patch