From e00c1aed1dbf6343f2914180f898943797586e8c Mon Sep 17 00:00:00 2001 From: Johannes Ranke Date: Tue, 21 Mar 2017 10:37:33 +0100 Subject: Changes for security fix of R 3.2.5 in wheezy-cran3 --- wheezy/TALOS-2016-0227.patch | 35 +++++++++++++++++++++++++++++++++++ wheezy/_reverts_r-base.sh | 2 ++ 2 files changed, 37 insertions(+) create mode 100644 wheezy/TALOS-2016-0227.patch create mode 100644 wheezy/_reverts_r-base.sh (limited to 'wheezy') diff --git a/wheezy/TALOS-2016-0227.patch b/wheezy/TALOS-2016-0227.patch new file mode 100644 index 0000000..f7bc97e --- /dev/null +++ b/wheezy/TALOS-2016-0227.patch @@ -0,0 +1,35 @@ +Index: src/library/grDevices/src/devPS.c +=================================================================== +--- src/library/grDevices/src/devPS.c (Revision 71663) ++++ src/library/grDevices/src/devPS.c (Revision 71664) +@@ -513,13 +513,15 @@ + if (!(fp = R_fopen(R_ExpandFileName(buf), "r"))) return 0; + } + if (GetNextItem(fp, buf, -1, &state)) return 0; /* encoding name */ +- strcpy(encname, buf+1); ++ strncpy(encname, buf+1, 99); ++ encname[99] = '\0'; + if (!isPDF) snprintf(enccode, 5000, "/%s [\n", encname); + else enccode[0] = '\0'; + if (GetNextItem(fp, buf, 0, &state)) { fclose(fp); return 0;} /* [ */ + for(i = 0; i < 256; i++) { + if (GetNextItem(fp, buf, i, &state)) { fclose(fp); return 0; } +- strcpy(encnames[i].cname, buf+1); ++ strncpy(encnames[i].cname, buf+1, 39); ++ encnames[i].cname[39] = '\0'; + strcat(enccode, " /"); strcat(enccode, encnames[i].cname); + if(i%8 == 7) strcat(enccode, "\n"); + } +Index: src/library/grDevices/src/devPS.c +=================================================================== +--- src/library/grDevices/src/devPS.c (Revision 71666) ++++ src/library/grDevices/src/devPS.c (Revision 71667) +@@ -521,7 +521,7 @@ + for(i = 0; i < 256; i++) { + if (GetNextItem(fp, buf, i, &state)) { fclose(fp); return 0; } + strncpy(encnames[i].cname, buf+1, 39); +- encnames[i].cname[39] = '\0'; ++ encnames[i].cname[39] = '\0'; + strcat(enccode, " /"); strcat(enccode, encnames[i].cname); + if(i%8 == 7) strcat(enccode, "\n"); + } diff --git a/wheezy/_reverts_r-base.sh b/wheezy/_reverts_r-base.sh new file mode 100644 index 0000000..df47c30 --- /dev/null +++ b/wheezy/_reverts_r-base.sh @@ -0,0 +1,2 @@ +patch -p0 < ../TALOS-2016-0227.patch +dch -a "debian/control: Apply upstream commits r71664 and r71667 related to CVE-2016-8714 reported as TALOS-2016-0227" -- cgit v1.2.1