NetCube-Systems-Austria/kumquat-buildroot
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

links: add security fix for CVE-2013-6050

Browse Source 
Also fix LICENSE typo.

Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
This commit is contained in:
Gustavo Zacarias 2014-06-17 16:05:49 -03:00 committed by Peter Korsgaard
parent 9019f17c68
commit 69636df180
3 changed files with 18 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

0
package/links/links-no-largefile.patch → package/links/links-0001-no-largefile.patch
View File

17
package/links/links-0002-CVE-2013-6050.patch Normal file
View File

@ -0,0 +1,17 @@
Description: Fix integer overflow in graphics mode (CVE-2013-6050)
Author: Mikulas Patocka <mikulas@artax.karlin.mff.cuni.cz>
Bug-CVE: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6050
Index: links-2.7/html_tbl.c
===================================================================
--- links-2.7.orig/html_tbl.c 2013-11-22 01:57:29.000000000 +0100
+++ links-2.7/html_tbl.c 2013-11-22 01:58:30.000000000 +0100
@@ -1550,6 +1550,8 @@ static void add_to_rect_sets(struct rect
static void add_to_cell_sets(struct table_cell ****s, int **nn, int *n, struct rect *r, struct table_cell *c)
{
int i, j;
+ if (r->y1 < 0 || r->y2 < 0)
+ fatal_exit("add_to_cell_sets: integer overflow: %d, %d", r->y1, r->y2);
for (i = r->y1 >> RECT_BOUND_BITS; i <= (r->y2 - 1) >> RECT_BOUND_BITS; i++) {
if (i >= *n) {
struct table_cell ***ns;

2
package/links/links.mk
View File

@ -7,7 +7,7 @@
LINKS_VERSION = 2.7
LINKS_SITE = http://links.twibright.com/download
LINKS_DEPENDENCIES = host-pkgconf
LINKS_LICNSE = GPLv2+
LINKS_LICENSE = GPLv2+
LINKS_LICENSE_FILES = COPYING
ifeq ($(BR2_PACKAGE_LINKS_GRAPHICS),y)