Security fix for CVE-2020-28591
This commit is contained in:
parent
7e168e41ba
commit
6762986f74
|
@ -0,0 +1,21 @@
|
|||
diff --git a/xs/src/libslic3r/IO/AMF.cpp b/xs/src/libslic3r/IO/AMF.cpp
|
||||
index 7433762..42e6491 100644
|
||||
--- a/xs/src/libslic3r/IO/AMF.cpp
|
||||
+++ b/xs/src/libslic3r/IO/AMF.cpp
|
||||
@@ -344,9 +344,13 @@ void AMFParserContext::endElement(const char *name)
|
||||
// Faces of the current volume:
|
||||
case NODE_TYPE_TRIANGLE:
|
||||
assert(m_object && m_volume);
|
||||
- m_volume_facets.push_back(atoi(m_value[0].c_str()));
|
||||
- m_volume_facets.push_back(atoi(m_value[1].c_str()));
|
||||
- m_volume_facets.push_back(atoi(m_value[2].c_str()));
|
||||
+ if (strtoul(m_value[0].c_str(), nullptr, 10) < m_object_vertices.size() &&
|
||||
+ strtoul(m_value[1].c_str(), nullptr, 10) < m_object_vertices.size() &&
|
||||
+ strtoul(m_value[2].c_str(), nullptr, 10) < m_object_vertices.size()) {
|
||||
+ m_volume_facets.push_back(atoi(m_value[0].c_str()));
|
||||
+ m_volume_facets.push_back(atoi(m_value[1].c_str()));
|
||||
+ m_volume_facets.push_back(atoi(m_value[2].c_str()));
|
||||
+ }
|
||||
m_value[0].clear();
|
||||
m_value[1].clear();
|
||||
m_value[2].clear();
|
12
slic3r.spec
12
slic3r.spec
|
@ -5,7 +5,7 @@
|
|||
|
||||
Name: slic3r
|
||||
Version: 1.3.0
|
||||
Release: 18%{?dist}
|
||||
Release: 19%{?dist}
|
||||
Summary: G-code generator for 3D printers (RepRap, Makerbot, Ultimaker etc.)
|
||||
License: AGPLv3 and CC-BY
|
||||
# Images are CC-BY, code is AGPLv3
|
||||
|
@ -32,6 +32,10 @@ Patch9: %{name}-bind-placeholders.patch
|
|||
# Use boost/nowide/cstdlib.hpp instead of boost/nowide/cenv.hpp (PR#4976)
|
||||
Patch10: %{name}-boost-nowide.patch
|
||||
|
||||
# Security fix for CVE-2020-28591
|
||||
# https://github.com/slic3r/Slic3r/pull/5063
|
||||
Patch11: %{name}-CVE-2020-28591.patch
|
||||
|
||||
Source1: %{name}.desktop
|
||||
Source2: %{name}.appdata.xml
|
||||
|
||||
|
@ -137,6 +141,7 @@ for more information.
|
|||
%patch8 -p1
|
||||
%patch9 -p1
|
||||
%patch10 -p1
|
||||
%patch11 -p1
|
||||
|
||||
# Optional removals
|
||||
%if %{use_system_admesh}
|
||||
|
@ -249,6 +254,11 @@ SLIC3R_NO_AUTO=1 perl Build.PL installdirs=vendor
|
|||
%{_datadir}/%{name}
|
||||
|
||||
%changelog
|
||||
* Thu Mar 18 2021 Miro Hrončok <mhroncok@redhat.com> - 1.3.0-19
|
||||
- Security fix for CVE-2020-28591
|
||||
- Resolves: rhbz#1934823
|
||||
- Resolves: rhbz#1934824
|
||||
|
||||
* Wed Jan 27 2021 Fedora Release Engineering <releng@fedoraproject.org> - 1.3.0-18
|
||||
- Rebuilt for https://fedoraproject.org/wiki/Fedora_34_Mass_Rebuild
|
||||
|
||||
|
|
Loading…
Reference in New Issue