Backport patch for CVE-2021-45943
This commit is contained in:
parent
3e685b82b4
commit
28d95f449f
|
@ -0,0 +1,25 @@
|
|||
diff -rupN gdal-3.3.2-fedora/frmts/pcidsk/sdk/segment/cpcidskbinarysegment.cpp gdal-3.3.2-fedora-new/frmts/pcidsk/sdk/segment/cpcidskbinarysegment.cpp
|
||||
--- gdal-3.3.2-fedora/frmts/pcidsk/sdk/segment/cpcidskbinarysegment.cpp 2021-09-01 11:51:01.000000000 +0200
|
||||
+++ gdal-3.3.2-fedora-new/frmts/pcidsk/sdk/segment/cpcidskbinarysegment.cpp 2022-02-04 18:57:11.761058218 +0100
|
||||
@@ -31,6 +31,7 @@
|
||||
#include "pcidsk_exception.h"
|
||||
#include "core/pcidsk_utils.h"
|
||||
|
||||
+#include <limits>
|
||||
#include <vector>
|
||||
#include <string>
|
||||
#include <cassert>
|
||||
@@ -73,8 +74,12 @@ void CPCIDSKBinarySegment::Load()
|
||||
if (loaded_) {
|
||||
return;
|
||||
}
|
||||
+ if( data_size - 1024 > static_cast<uint64_t>(std::numeric_limits<int>::max()) )
|
||||
+ {
|
||||
+ return ThrowPCIDSKException("too large data_size");
|
||||
+ }
|
||||
|
||||
- seg_data.SetSize((int)data_size - 1024);
|
||||
+ seg_data.SetSize((int)(data_size - 1024));
|
||||
|
||||
ReadFromFile(seg_data.buffer, 0, data_size - 1024);
|
||||
|
|
@ -44,7 +44,7 @@
|
|||
|
||||
Name: gdal
|
||||
Version: 3.3.2
|
||||
Release: 1%{?dist}%{?bootstrap:.%{bootstrap}.bootstrap}
|
||||
Release: 2%{?dist}%{?bootstrap:.%{bootstrap}.bootstrap}
|
||||
Summary: GIS file format library
|
||||
License: MIT
|
||||
URL: http://www.gdal.org
|
||||
|
@ -78,6 +78,9 @@ Patch8: %{name}-gcc11.patch
|
|||
Patch9: gdal_no-diag-disable.patch
|
||||
# Fix build with autoconf 2.70
|
||||
Patch10: gdal_autoconf270.patch
|
||||
# Backport patch for CVE-2021-45943
|
||||
# https://github.com/OSGeo/gdal/pull/4944
|
||||
Patch11: CVE-2021-45943.patch
|
||||
|
||||
|
||||
BuildRequires: gcc
|
||||
|
@ -641,6 +644,9 @@ popd
|
|||
#Or as before, using ldconfig
|
||||
|
||||
%changelog
|
||||
* Fri Feb 04 2022 Sandro Mani <manisandro@gmail.com> - 3.3.2-2
|
||||
- Backport patch for CVE-2021-45943
|
||||
|
||||
* Tue Sep 07 2021 Sandro Mani <manisandro@gmail.com> - 3.3.2-1
|
||||
- Update to 3.3.2
|
||||
|
||||
|
|
Loading…
Reference in New Issue