From 848747cd7a4dddc3895d17a96b6e2042bfccaf84 Mon Sep 17 00:00:00 2001 From: Nathan Owens Date: Sun, 22 Dec 2019 14:03:21 -0600 Subject: [PATCH] libspiro: CVE-2019-19847 patch Signed-off-by: Nathan Owens --- srcpkgs/libspiro/patches/CVE-2019-19847.patch | 63 +++++++++++++++++++ srcpkgs/libspiro/template | 2 +- 2 files changed, 64 insertions(+), 1 deletion(-) create mode 100644 srcpkgs/libspiro/patches/CVE-2019-19847.patch diff --git a/srcpkgs/libspiro/patches/CVE-2019-19847.patch b/srcpkgs/libspiro/patches/CVE-2019-19847.patch new file mode 100644 index 00000000000..994d13f9e59 --- /dev/null +++ b/srcpkgs/libspiro/patches/CVE-2019-19847.patch @@ -0,0 +1,63 @@ +From 35233450c922787dad42321e359e5229ff470a1e Mon Sep 17 00:00:00 2001 +From: Joe Da Silva +Date: Sat, 21 Dec 2019 13:10:22 -0800 +Subject: [PATCH] CVE-2019-19847, Stack-based buffer overflow in the + spiro_to_bpath0() + +Frederic Cambus (@fcambus) discovered a bug in call-test.c using: +./configure CFLAGS="-fsanitize=address" +make +./tests/call-test[14,15,16,17,18,19] +Fredrick Brennan (@ctrlcctrlv) provided bugfix. See issue #21 +--- + configure.ac | 7 ++++++- + tests/call-test.c | 4 ++-- + 3 files changed, 10 insertions(+), 3 deletions(-) + +diff --git configure.ac configure.ac +index 8a44d04..e77ce17 100644 +--- configure.ac ++++ configure.ac +@@ -50,7 +50,7 @@ m4_define([spiro_age], [0]) + m4_define([spiro_libver],[spiro_current:spiro_revision:spiro_age]) + + m4_define([spiro_package_name], [libspiro]) +- ++ + AC_INIT([spiro],[spiro_package_stamp],[fontforge-devel@lists.sourceforge.net], + [spiro_package_name],[https://github.com/fontforge/libspiro]) + +@@ -236,6 +236,11 @@ dnl AX_CHECK_COMPILE_FLAG([-Wcast-qual],[WCFLAGS="$WCFLAGS -Wcast-qual"]) + dnl AX_CHECK_COMPILE_FLAG([-Wcast-align],[WCFLAGS="$WCFLAGS -Wcast-align"]) + dnl AX_CHECK_COMPILE_FLAG([-Wpadded],[WCFLAGS="$WCFLAGS -Wpadded"]) + dnl AX_CHECK_COMPILE_FLAG([-Woverlength-strings],[WCFLAGS="$WCFLAGS -Woverlength-strings"]) ++ ++dnl NOTE: -fsanitize has to be first library ++dnl and will also conflict with other checks ++dnl like valgrind due to similar test checks ++dnl AX_CHECK_COMPILE_FLAG([-fsanitize=address],[CFLAGS=" -fsanitize=address $CFLAGS"]) + AC_LANG_POP + # Skip if replacing with LS_LIB instead. + WLSLIB="" +diff --git tests/call-test.c tests/call-test.c +index c27d41a..76ee12d 100644 +--- tests/call-test.c ++++ tests/call-test.c +@@ -536,7 +536,7 @@ bezctx *new_bezctx_test(void) { + int test_curve(int c) { + spiro_cp spiro[16]; + int nextknot[17]; +- double d[5]; ++ double d[6]; + spiro_seg *segs = NULL; + bezctx *bc; + rs_check_vals *rsp; +@@ -545,7 +545,7 @@ int test_curve(int c) { + /* Load sample data so that we can see if library is callable */ + load_test_curve(spiro,nextknot,c); + +- d[0] = 1.; d[1] = d[1] = 0.; ++ d[0] = 1.; d[1] = d[2] = 0.; + #if defined(DO_CALL_TEST20) + /* check if spiro values are reversed correctly on input path */ + printf("---\ntesting spiroreverse() using data=path%d[].\n",c); diff --git a/srcpkgs/libspiro/template b/srcpkgs/libspiro/template index 72b7ade123b..df5229e3dd5 100644 --- a/srcpkgs/libspiro/template +++ b/srcpkgs/libspiro/template @@ -1,7 +1,7 @@ # Template file for 'libspiro' pkgname=libspiro version=20190731 -revision=1 +revision=2 build_style=gnu-configure hostmakedepends="automake libtool" short_desc="Simplifies the drawing of beautiful curves"