Script 'mail_helper' called by obssrc Hello community, here is the log from the commit of package librecad for openSUSE:Factory checked in at 2022-05-17 17:24:27 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/librecad (Old) and /work/SRC/openSUSE:Factory/.librecad.new.1538 (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "librecad" Tue May 17 17:24:27 2022 rev:31 rq:977618 version:2.2.0~rc3 Changes: -------- --- /work/SRC/openSUSE:Factory/librecad/librecad.changes 2022-05-12 23:00:01.660770003 +0200 +++ /work/SRC/openSUSE:Factory/.librecad.new.1538/librecad.changes 2022-05-17 17:24:45.483188633 +0200 @@ -1,0 +2,8 @@ +Mon May 16 20:31:43 UTC 2022 - Jan Engelhardt <[email protected]> + +- Add 0001-Added-bounds-checking-to-CDataMoji-in-jww-parser.patch + [boo#1195105] [CVE-2021-45341] +- Add 0001-Added-bounds-check-to-CDataList-in-JWW-parser.patch + [boo#1195122] [CVE-2021-45342] + +------------------------------------------------------------------- New: ---- 0001-Added-bounds-check-to-CDataList-in-JWW-parser.patch 0001-Added-bounds-checking-to-CDataMoji-in-jww-parser.patch ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ librecad.spec ++++++ --- /var/tmp/diff_new_pack.KKmSsb/_old 2022-05-17 17:24:46.079189172 +0200 +++ /var/tmp/diff_new_pack.KKmSsb/_new 2022-05-17 17:24:46.083189176 +0200 @@ -41,6 +41,8 @@ Patch6: librecad-install.diff Patch7: librecad-plugindir.diff Patch8: librecad-use-system-shapelib.patch +Patch9: 0001-Added-bounds-checking-to-CDataMoji-in-jww-parser.patch +Patch10: 0001-Added-bounds-check-to-CDataList-in-JWW-parser.patch BuildRequires: fdupes BuildRequires: freetype2-devel BuildRequires: gcc-c++ >= 4.7 ++++++ 0001-Added-bounds-check-to-CDataList-in-JWW-parser.patch ++++++ >From 4edcbe72679f95cb60979c77a348c1522a20b0f4 Mon Sep 17 00:00:00 2001 From: eldstal <[email protected]> Date: Sat, 18 Dec 2021 23:55:22 +0100 Subject: [PATCH] Added bounds check to CDataList in JWW parser This fixes issue #1464 --- libraries/jwwlib/src/jwwdoc.h | 10 ++++++++++ 1 file changed, 10 insertions(+) diff --git a/libraries/jwwlib/src/jwwdoc.h b/libraries/jwwlib/src/jwwdoc.h index fc8cd217..7ccf2d83 100644 --- a/libraries/jwwlib/src/jwwdoc.h +++ b/libraries/jwwlib/src/jwwdoc.h @@ -793,7 +793,17 @@ cout << "MojiData1:" << m_strName << endl; }else { ifstr >> wd; + + jwDWORD skip = 0; + if (wd > 511) { + skip = wd - 511; + wd = 511; + } + ifstr.read(buf,wd); + + if (skip != 0) ifstr.ignore(skip); + buf[wd] = '\0'; m_strName = buf; #ifdef DATA_DUMP -- 2.36.1 ++++++ 0001-Added-bounds-checking-to-CDataMoji-in-jww-parser.patch ++++++ >From f3502963eaf379a429bc9da73c1224c5db649997 Mon Sep 17 00:00:00 2001 From: eldstal <[email protected]> Date: Sat, 18 Dec 2021 20:27:34 +0100 Subject: [PATCH] Added bounds checking to CDataMoji in jww parser. This fixes issue #1462 --- libraries/jwwlib/src/jwwdoc.h | 20 ++++++++++++++++++++ 1 file changed, 20 insertions(+) diff --git a/libraries/jwwlib/src/jwwdoc.h b/libraries/jwwlib/src/jwwdoc.h index fc8cd217..a11bc63a 100644 --- a/libraries/jwwlib/src/jwwdoc.h +++ b/libraries/jwwlib/src/jwwdoc.h @@ -521,7 +521,17 @@ cout << "MojiData1:" << m_strFontName << endl; }else { ifstr >> wd; + + jwDWORD skip = 0; + if (wd > 511) { + skip = wd - 511; + wd = 511; + } + ifstr.read(buf,wd); + + if (skip != 0) ifstr.ignore(skip); + buf[wd] = '\0'; m_strFontName = buf; #ifdef DATA_DUMP @@ -539,7 +549,17 @@ cout << "MojiData3:" << m_string << endl; }else { ifstr >> wd; + + jwDWORD skip = 0; + if (wd > 511) { + skip = wd - 511; + wd = 511; + } + ifstr.read(buf,wd); + + if (skip != 0) ifstr.ignore(skip); + buf[wd] = '\0'; m_string = buf; #ifdef DATA_DUMP -- 2.36.1
