media-gfx/ufraw: remove old

1 files changed, 0 insertions, 52 deletions

diff --git a/media-gfx/ufraw/files/ufraw-0.21-CVE-2015-3885.patch b/media-gfx/ufraw/files/ufraw-0.21-CVE-2015-3885.patch
deleted file mode 100644
index c17c66c41ab7..000000000000
--- a/media-gfx/ufraw/files/ufraw-0.21-CVE-2015-3885.patch
+++ /dev/null
@@ -1,52 +0,0 @@
-From 6b4ff65c6fc1a88eaa7bfc1ee5a25413d171b5f7 Mon Sep 17 00:00:00 2001
-From: Nils Philippsen <nils@redhat.com>
-Date: Thu, 21 May 2015 13:47:29 +0200
-Subject: [PATCH] patch: CVE-2015-3885
-
-Squashed commit of the following:
-
-commit 8f2a2348638f74e059069d98a6329fcc656ae4b5
-Author: Nils Philippsen <nils@redhat.com>
-Date:   Tue May 19 11:36:57 2015 +0200
-
-    CVE-2015-3885: avoid overflowing array
-
-    When reading raw image files containing lossless JPEG data, headers
-    could be manipulated to make the signed int variable 'len' negative
-    which specifies how much actual data follows. Interpreted as unsigned,
-    this could lead to reading file data past the 64k boundary of the array
-    used for storing it. To avoid that, make 'len' unsigned short, and bail
-    out early if its value would become invalid (i.e. <= 0).
----
- dcraw.cc | 8 +++++---
- 1 file changed, 5 insertions(+), 3 deletions(-)
-
-diff --git a/dcraw.cc b/dcraw.cc
-index 75ea121..d9f96ff 100644
---- a/dcraw.cc
-+++ b/dcraw.cc
-@@ -934,7 +934,8 @@ struct jhead {
- 
- int CLASS ljpeg_start (struct jhead *jh, int info_only)
- {
--  int c, tag, len;
-+  int c, tag;
-+  ushort len;
-   uchar data[0x10000];
-   const uchar *dp;
- 
-@@ -945,8 +946,9 @@ int CLASS ljpeg_start (struct jhead *jh, int info_only)
-   do {
-     fread (data, 2, 2, ifp);
-     tag =  data[0] << 8 | data[1];
--    len = (data[2] << 8 | data[3]) - 2;
--    if (tag <= 0xff00) return 0;
-+    len = (data[2] << 8 | data[3]);
-+    if (tag <= 0xff00 || len <= 2) return 0;
-+    len -= 2;
-     fread (data, 1, len, ifp);
-     switch (tag) {
-       case 0xffc3:
--- 
-2.4.1
-