summaryrefslogtreecommitdiff
path: root/wheezy
diff options
context:
space:
mode:
Diffstat (limited to 'wheezy')
-rw-r--r--wheezy/TALOS-2016-0227.patch35
-rw-r--r--wheezy/_reverts_r-base.sh2
2 files changed, 37 insertions, 0 deletions
diff --git a/wheezy/TALOS-2016-0227.patch b/wheezy/TALOS-2016-0227.patch
new file mode 100644
index 0000000..f7bc97e
--- /dev/null
+++ b/wheezy/TALOS-2016-0227.patch
@@ -0,0 +1,35 @@
+Index: src/library/grDevices/src/devPS.c
+===================================================================
+--- src/library/grDevices/src/devPS.c (Revision 71663)
++++ src/library/grDevices/src/devPS.c (Revision 71664)
+@@ -513,13 +513,15 @@
+ if (!(fp = R_fopen(R_ExpandFileName(buf), "r"))) return 0;
+ }
+ if (GetNextItem(fp, buf, -1, &state)) return 0; /* encoding name */
+- strcpy(encname, buf+1);
++ strncpy(encname, buf+1, 99);
++ encname[99] = '\0';
+ if (!isPDF) snprintf(enccode, 5000, "/%s [\n", encname);
+ else enccode[0] = '\0';
+ if (GetNextItem(fp, buf, 0, &state)) { fclose(fp); return 0;} /* [ */
+ for(i = 0; i < 256; i++) {
+ if (GetNextItem(fp, buf, i, &state)) { fclose(fp); return 0; }
+- strcpy(encnames[i].cname, buf+1);
++ strncpy(encnames[i].cname, buf+1, 39);
++ encnames[i].cname[39] = '\0';
+ strcat(enccode, " /"); strcat(enccode, encnames[i].cname);
+ if(i%8 == 7) strcat(enccode, "\n");
+ }
+Index: src/library/grDevices/src/devPS.c
+===================================================================
+--- src/library/grDevices/src/devPS.c (Revision 71666)
++++ src/library/grDevices/src/devPS.c (Revision 71667)
+@@ -521,7 +521,7 @@
+ for(i = 0; i < 256; i++) {
+ if (GetNextItem(fp, buf, i, &state)) { fclose(fp); return 0; }
+ strncpy(encnames[i].cname, buf+1, 39);
+- encnames[i].cname[39] = '\0';
++ encnames[i].cname[39] = '\0';
+ strcat(enccode, " /"); strcat(enccode, encnames[i].cname);
+ if(i%8 == 7) strcat(enccode, "\n");
+ }
diff --git a/wheezy/_reverts_r-base.sh b/wheezy/_reverts_r-base.sh
new file mode 100644
index 0000000..df47c30
--- /dev/null
+++ b/wheezy/_reverts_r-base.sh
@@ -0,0 +1,2 @@
+patch -p0 < ../TALOS-2016-0227.patch
+dch -a "debian/control: Apply upstream commits r71664 and r71667 related to CVE-2016-8714 reported as TALOS-2016-0227"

Contact - Imprint