From 7461fb383796c1283d4db3b3070f9b75c267e830 Mon Sep 17 00:00:00 2001 From: Sebastian Harl Date: Fri, 25 Apr 2014 22:22:45 +0200 Subject: [PATCH] Updated patches/CVE-2013-2131 to compile cleanly and not export new symbols. --- debian/patches/CVE-2013-2131 | 47 ++++++++++++++++++------------------ 1 file changed, 24 insertions(+), 23 deletions(-) diff --git a/debian/patches/CVE-2013-2131 b/debian/patches/CVE-2013-2131 index b0b576b..9886b93 100644 --- a/debian/patches/CVE-2013-2131 +++ b/debian/patches/CVE-2013-2131 @@ -1,25 +1,13 @@ -diff --git a/src/rrd_graph.c b/src/rrd_graph.c -index 25ae485..e714e4f 100644 ---- a/src/rrd_graph.c -+++ b/src/rrd_graph.c -@@ -4144,6 +4144,12 @@ rrd_info_t *rrd_graph_v( - char *path; - char *filename; - -+ if (bad_format_imginfo(im.imginfo)) { -+ rrd_info_free(im.grinfo); -+ im_free(&im); -+ rrd_set_error("bad format for imginfo"); -+ return NULL; -+ } - path = strdup(im.graphfile); - filename = basename(path); - info.u_str = -@@ -4961,6 +4967,51 @@ int bad_format( - } +Index: pkg-rrdtool/src/rrd_graph.c +=================================================================== +--- pkg-rrdtool.orig/src/rrd_graph.c 2014-04-25 22:19:44.198412319 +0200 ++++ pkg-rrdtool/src/rrd_graph.c 2014-04-25 22:21:36.202414000 +0200 +@@ -305,6 +305,52 @@ + #undef conv_if -+int bad_format_imginfo( ++ ++static int bad_format_imginfo( + char *fmt) +{ + char *ptr; @@ -64,6 +52,19 @@ index 25ae485..e714e4f 100644 +} + + - int vdef_parse( - struct graph_desc_t - *gdes, + int im_free( + image_desc_t *im) + { +@@ -4035,6 +4081,12 @@ + char *path; + char *filename; + ++ if (bad_format_imginfo(im.imginfo)) { ++ rrd_info_free(im.grinfo); ++ im_free(&im); ++ rrd_set_error("bad format for imginfo"); ++ return NULL; ++ } + path = strdup(im.graphfile); + filename = basename(path); + info.u_str = -- 2.30.2