From af765ebebbea6b92f3ef538d1a7c43b51f5f27771211dda7d79fbb9be700cd09 Mon Sep 17 00:00:00 2001
From: Dominique Leuenberger <dimstar@opensuse.org>
Date: Fri, 13 Apr 2018 06:50:05 +0000
Subject: [PATCH] Accepting request 595399 from
 home:luc14n0:branches:GNOME:Factory

Update to version 2.36.12.

OBS-URL: https://build.opensuse.org/request/show/595399
OBS-URL: https://build.opensuse.org/package/show/GNOME:Factory/gdk-pixbuf?expand=0&rev=150
---
 gdk-pixbuf-2.36.11.tar.xz                   |  3 --
 gdk-pixbuf-2.36.12.tar.xz                   |  3 ++
 gdk-pixbuf-bgo779012-ico-overflow.patch     | 46 ---------------------
 gdk-pixbuf-gif-negative-array-indexes.patch | 37 -----------------
 gdk-pixbuf-gif-uninitialized-variable.patch | 46 ---------------------
 gdk-pixbuf-icns-handle-short-blocklen.patch | 30 --------------
 gdk-pixbuf-tiff-overflow.patch              | 38 -----------------
 gdk-pixbuf.changes                          | 16 +++++++
 gdk-pixbuf.spec                             | 21 ++--------
 9 files changed, 22 insertions(+), 218 deletions(-)
 delete mode 100644 gdk-pixbuf-2.36.11.tar.xz
 create mode 100644 gdk-pixbuf-2.36.12.tar.xz
 delete mode 100644 gdk-pixbuf-bgo779012-ico-overflow.patch
 delete mode 100644 gdk-pixbuf-gif-negative-array-indexes.patch
 delete mode 100644 gdk-pixbuf-gif-uninitialized-variable.patch
 delete mode 100644 gdk-pixbuf-icns-handle-short-blocklen.patch
 delete mode 100644 gdk-pixbuf-tiff-overflow.patch

diff --git a/gdk-pixbuf-2.36.11.tar.xz b/gdk-pixbuf-2.36.11.tar.xz
deleted file mode 100644
index 300d117..0000000
--- a/gdk-pixbuf-2.36.11.tar.xz
+++ /dev/null
@@ -1,3 +0,0 @@
-version https://git-lfs.github.com/spec/v1
-oid sha256:ae62ab87250413156ed72ef756347b10208c00e76b222d82d9ed361ed9dde2f3
-size 5675908
diff --git a/gdk-pixbuf-2.36.12.tar.xz b/gdk-pixbuf-2.36.12.tar.xz
new file mode 100644
index 0000000..d78148b
--- /dev/null
+++ b/gdk-pixbuf-2.36.12.tar.xz
@@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:fff85cf48223ab60e3c3c8318e2087131b590fd6f1737e42cb3759a3b427a334
+size 5675768
diff --git a/gdk-pixbuf-bgo779012-ico-overflow.patch b/gdk-pixbuf-bgo779012-ico-overflow.patch
deleted file mode 100644
index cf49f5a..0000000
--- a/gdk-pixbuf-bgo779012-ico-overflow.patch
+++ /dev/null
@@ -1,46 +0,0 @@
-From dec9ca22d70c0f0d4492333b4e8147afb038afd2 Mon Sep 17 00:00:00 2001
-From: Dhiru Kholia <dhiru.kholia@gmail.com>
-Date: Thu, 30 Nov 2017 02:36:26 +0100
-Subject: [PATCH] ico: Fix potential integer overflow
-
-Which relies on undefined behaviour. Instead of checking for an
-overflowed integer after the fact, check whether the addition would
-be possible at all.
-
-Fixes: CVE-2017-6312
-
-https://bugzilla.gnome.org/show_bug.cgi?id=779012
----
- gdk-pixbuf/io-ico.c | 9 +++++----
- 1 file changed, 5 insertions(+), 4 deletions(-)
-
-diff --git a/gdk-pixbuf/io-ico.c b/gdk-pixbuf/io-ico.c
-index 8729a0fb9..a86725751 100644
---- a/gdk-pixbuf/io-ico.c
-+++ b/gdk-pixbuf/io-ico.c
-@@ -333,10 +333,8 @@ static void DecodeHeader(guchar *Data, gint Bytes,
- 	for (l = State->entries; l != NULL; l = g_list_next (l)) {
- 		entry = l->data;
- 
--		/* We know how many bytes are in the "header" part. */
--		State->HeaderSize = entry->DIBoffset + INFOHEADER_SIZE;
--
--		if (State->HeaderSize < 0) {
-+		/* Avoid invoking undefined behavior in the State->HeaderSize calculation below */
-+		if (entry->DIBoffset > G_MAXINT - INFOHEADER_SIZE) {
- 			g_set_error (error,
- 			             GDK_PIXBUF_ERROR,
- 			             GDK_PIXBUF_ERROR_CORRUPT_IMAGE,
-@@ -344,6 +342,9 @@ static void DecodeHeader(guchar *Data, gint Bytes,
- 			return;
- 		}
- 
-+		/* We know how many bytes are in the "header" part. */
-+		State->HeaderSize = entry->DIBoffset + INFOHEADER_SIZE;
-+
- 		if (State->HeaderSize>State->BytesInHeaderBuf) {
- 			guchar *tmp=g_try_realloc(State->HeaderBuf,State->HeaderSize);
- 			if (!tmp) {
--- 
-2.15.1
-
diff --git a/gdk-pixbuf-gif-negative-array-indexes.patch b/gdk-pixbuf-gif-negative-array-indexes.patch
deleted file mode 100644
index f282c3d..0000000
--- a/gdk-pixbuf-gif-negative-array-indexes.patch
+++ /dev/null
@@ -1,37 +0,0 @@
-From 23e2a7c4b7794220ecd77389b3976c0767fc839d Mon Sep 17 00:00:00 2001
-From: Tobias Mueller <muelli@cryptobitch.de>
-Date: Wed, 14 Dec 2016 08:03:16 +0100
-Subject: [PATCH] gif: Prevent access to negative array indexes
-
-It seems that a pathological gif file can cause a negative array index
-to be read.  UBSAN reported this:
-io-gif.c:509:44: runtime error: index -2 out of bounds for type 'guchar [280]'
-io-gif.c:510:44: runtime error: index -1 out of bounds for type 'guchar [280]'
-
-https://bugzilla.gnome.org/show_bug.cgi?id=778584
----
- gdk-pixbuf/io-gif.c | 8 ++++++++
- 1 file changed, 8 insertions(+)
-
-diff --git a/gdk-pixbuf/io-gif.c b/gdk-pixbuf/io-gif.c
-index ef1001779..acbd1f3be 100644
---- a/gdk-pixbuf/io-gif.c
-+++ b/gdk-pixbuf/io-gif.c
-@@ -508,6 +508,14 @@ gif_lzw_fill_buffer (GifContext *context)
- 		return -2;
- 	}
- 
-+	if (context->code_last_byte < 2) {
-+		g_set_error_literal (context->error,
-+				     GDK_PIXBUF_ERROR,
-+				     GDK_PIXBUF_ERROR_CORRUPT_IMAGE,
-+				     _("Bad code encountered"));
-+		return -2;
-+	}
-+
- 	context->block_buf[0] = context->block_buf[context->code_last_byte - 2];
- 	context->block_buf[1] = context->block_buf[context->code_last_byte - 1];
- 
--- 
-2.15.1
-
diff --git a/gdk-pixbuf-gif-uninitialized-variable.patch b/gdk-pixbuf-gif-uninitialized-variable.patch
deleted file mode 100644
index 9e8b5e4..0000000
--- a/gdk-pixbuf-gif-uninitialized-variable.patch
+++ /dev/null
@@ -1,46 +0,0 @@
-From c1fd9f5d6592c0183c54efc806b3ca6871e1f496 Mon Sep 17 00:00:00 2001
-From: Tobias Mueller <muelli@cryptobitch.de>
-Date: Fri, 10 Nov 2017 18:51:21 +0100
-Subject: [PATCH] gif: Initialise code_last_byte to not cause undefined
- behaviour
-
-Currently, code_last_byte is set only after it has been used, i.e.
-
-    context->block_buf[0] = context->block_buf[context->code_last_byte - 2];
-
-comes before anything has touched context->code_last_byte yet.
-Except for the initialisation.
-context->code_last_byte is set a few lines later, though.
-And nowhere else, except for the initialisation which sets it
-to 0.  That will inevitably lead to context->block_buf[-2] which is
-undefined behaviour.
-
-We hence set the code_last_byte to 2 in order to not make that
-array index invalid.
-
-https://bugzilla.gnome.org/show_bug.cgi?id=778584
----
- gdk-pixbuf/io-gif.c | 7 ++++++-
- 1 file changed, 6 insertions(+), 1 deletion(-)
-
-diff --git a/gdk-pixbuf/io-gif.c b/gdk-pixbuf/io-gif.c
-index acbd1f3be..61821bdf9 100644
---- a/gdk-pixbuf/io-gif.c
-+++ b/gdk-pixbuf/io-gif.c
-@@ -1165,7 +1165,12 @@ gif_prepare_lzw (GifContext *context)
- 	context->lzw_fresh = TRUE;
- 	context->code_curbit = 0;
- 	context->code_lastbit = 0;
--	context->code_last_byte = 0;
-+	/* During initialistion (in gif_lzw_fill_buffer) we substract 2 from
-+	 * this value to peek into a buffer.
-+	 * In order to not get a negative array index later, we set the value
-+	 * to that magic 2 now.
-+	 */
-+	context->code_last_byte = 2;
- 	context->code_done = FALSE;
- 
-         g_assert (context->lzw_clear_code <= 
--- 
-2.15.1
-
diff --git a/gdk-pixbuf-icns-handle-short-blocklen.patch b/gdk-pixbuf-icns-handle-short-blocklen.patch
deleted file mode 100644
index 9e5880e..0000000
--- a/gdk-pixbuf-icns-handle-short-blocklen.patch
+++ /dev/null
@@ -1,30 +0,0 @@
-From 210b16399a492d05efb209615a143920b24251f4 Mon Sep 17 00:00:00 2001
-From: Bastien Nocera <hadess@hadess.net>
-Date: Tue, 5 Dec 2017 11:51:02 +0100
-Subject: [PATCH] icns: Protect against too short blocklen (CVE-2017-6313)
-
-The blocklen needs to be at least header sized to be valid, otherwise we
-can underflow picture data or mask data lengths.
-
-https://bugzilla.gnome.org/show_bug.cgi?id=779016
----
- gdk-pixbuf/io-icns.c | 3 ++-
- 1 file changed, 2 insertions(+), 1 deletion(-)
-
-diff --git a/gdk-pixbuf/io-icns.c b/gdk-pixbuf/io-icns.c
-index a432e463f..41732b153 100644
---- a/gdk-pixbuf/io-icns.c
-+++ b/gdk-pixbuf/io-icns.c
-@@ -95,7 +95,8 @@ load_resources (unsigned size, IN gpointer data, gsize datalen,
-       blocklen = GUINT32_FROM_BE (header->size);
- 
-       /* Check that blocklen isn't garbage */
--      if (blocklen > icnslen - (current - bytes))
-+      if (blocklen > icnslen - (current - bytes) ||
-+	  blocklen < sizeof (IcnsBlockHeader))
-         return FALSE;
- 
-       switch (size)
--- 
-2.15.1
-
diff --git a/gdk-pixbuf-tiff-overflow.patch b/gdk-pixbuf-tiff-overflow.patch
deleted file mode 100644
index 660daef..0000000
--- a/gdk-pixbuf-tiff-overflow.patch
+++ /dev/null
@@ -1,38 +0,0 @@
-From 1e513abdb55529f888233d3c96b27352d83aad5f Mon Sep 17 00:00:00 2001
-From: Bastien Nocera <hadess@hadess.net>
-Date: Tue, 5 Dec 2017 10:26:49 +0100
-Subject: [PATCH] tiff: Avoid overflowing buffer size computation
-
-Use g_uint_checked_mul() to avoid overflowing the guint used for buffer
-size calculation.
-
-https://bugzilla.gnome.org/show_bug.cgi?id=779020
----
- gdk-pixbuf/io-tiff.c | 11 +++++++++--
- 1 file changed, 9 insertions(+), 2 deletions(-)
-
-diff --git a/gdk-pixbuf/io-tiff.c b/gdk-pixbuf/io-tiff.c
-index 7ca0a565a..49fe60eee 100644
---- a/gdk-pixbuf/io-tiff.c
-+++ b/gdk-pixbuf/io-tiff.c
-@@ -529,8 +529,15 @@ make_available_at_least (TiffContext *context, guint needed)
-         need_alloc = context->used + needed;
-         if (need_alloc > context->allocated) {
-                 guint new_size = 1;
--                while (new_size < need_alloc)
--                        new_size *= 2;
-+                while (new_size < need_alloc) {
-+                        if (!g_uint_checked_mul (&new_size, new_size, 2)) {
-+                                new_size = 0;
-+                                break;
-+                        }
-+                }
-+
-+                if (new_size == 0)
-+                        return FALSE;
- 
-                 new_buffer = g_try_realloc (context->buffer, new_size);
-                 if (new_buffer) {
--- 
-2.15.1
-
diff --git a/gdk-pixbuf.changes b/gdk-pixbuf.changes
index 706ea0f..efcf965 100644
--- a/gdk-pixbuf.changes
+++ b/gdk-pixbuf.changes
@@ -1,3 +1,19 @@
+-------------------------------------------------------------------
+Tue Apr 10 02:44:36 UTC 2018 - luc14n0@linuxmail.org
+
+- Update to version 2.36.12:
+  + gif, ico, jpeg, tiff, icns: various fixes (bgo#778584,
+    bgo#779012, bgo#753605, bgo#779020, bgo#779016).
+  + Implement async loading without threads.
+  + Updated translations.
+- Rename with_docs meson option to docs, following usptream change.
+- Drop fixed upstream patches:
+  gdk-pixbuf-bgo779012-ico-overflow.patch,
+  gdk-pixbuf-gif-negative-array-indexes.patch,
+  gdk-pixbuf-gif-uninitialized-variable.patch,
+  gdk-pixbuf-tiff-overflow.patch and
+  gdk-pixbuf-icns-handle-short-blocklen.patch.
+
 -------------------------------------------------------------------
 Tue Mar 20 17:34:41 UTC 2018 - dimstar@opensuse.org
 
diff --git a/gdk-pixbuf.spec b/gdk-pixbuf.spec
index a00ec64..497f555 100644
--- a/gdk-pixbuf.spec
+++ b/gdk-pixbuf.spec
@@ -19,27 +19,17 @@
 # When updating the binary version, do not forget to also update baselibs.conf
 %define gdk_pixbuf_binary_version 2.10.0
 Name:           gdk-pixbuf
-Version:        2.36.11
+Version:        2.36.12
 Release:        0
 Summary:        An image loading library
 License:        LGPL-2.1-or-later
 Group:          Development/Libraries/GNOME
 URL:            https://www.gnome.org/
-Source:         https://download.gnome.org/sources/gdk-pixbuf/2.36/%{name}-%{version}.tar.xz
+Source:         http://download.gnome.org/sources/gdk-pixbuf/2.36/%{name}-%{version}.tar.xz
 Source1:        macros.gdk-pixbuf
 Source2:        README.SUSE
 Source3:        gdk-pixbuf-rpmlintrc
 Source99:       baselibs.conf
-# PATCH-FIX-UPSTREAM gdk-pixbuf-bgo779012-ico-overflow.patch boo#1027026 mgorse@suse.com -- fix potential integer overflow (CVE-2017-6312).
-Patch0:         gdk-pixbuf-bgo779012-ico-overflow.patch
-# PATCH-FIX-UPSTREAM gdk-pixbuf-gif-negative-array-indexes.patch bgo#778584 mgorse@suse.com -- gif: prevent access to negative array indexes.
-Patch1:         gdk-pixbuf-gif-negative-array-indexes.patch
-# PATCH-FIX-UPSTREAM gdk-pixbuf-gif-uninitialized-variable.patch bgo#778584 mgorse@suse.com -- fix uninitialized variable.
-Patch2:         gdk-pixbuf-gif-uninitialized-variable.patch
-# PATCH-FIX-UPSTREAM gdk-pixbuf-tiff-overflow.patch bgo#779020 mgorse@suse.com -- avoid overflow during size computation.
-Patch3:         gdk-pixbuf-tiff-overflow.patch
-# PATCH-FIX-UPSTREAM gdk-pixbuf-icns-handle-short-blocklen.patch boo#1027024 bgo#779016 mgorse@suse.com -- icns: protect against too short blocklen (CVE-2017-6313).
-Patch4:         gdk-pixbuf-icns-handle-short-blocklen.patch
 BuildRequires:  docbook-xsl-stylesheets
 BuildRequires:  gtk-doc
 BuildRequires:  libjpeg-devel
@@ -125,17 +115,12 @@ This package contains the development files for gdk-pixbuf.
 %prep
 %setup -q
 translation-update-upstream
-%patch0 -p1
-%patch1 -p1
-%patch2 -p1
-%patch3 -p1
-%patch4 -p1
 %if "%{_lib}" == "lib64"
 cp -a %{SOURCE2} .
 %endif
 
 %build
-%meson -D with_docs=true
+%meson -D docs=true
 %meson_build
 
 %install