Accepting request 595399 from home:luc14n0:branches:GNOME:Factory
Update to version 2.36.12. OBS-URL: https://build.opensuse.org/request/show/595399 OBS-URL: https://build.opensuse.org/package/show/GNOME:Factory/gdk-pixbuf?expand=0&rev=150
This commit is contained in:
Git OBS Bridge
parent
61233d854a
commit
af765ebebb
@ -1,3 +0,0 @@
|
||||
version https://git-lfs.github.com/spec/v1
|
||||
oid sha256:ae62ab87250413156ed72ef756347b10208c00e76b222d82d9ed361ed9dde2f3
|
||||
size 5675908
|
||||
3
gdk-pixbuf-2.36.12.tar.xz
Normal file
3
gdk-pixbuf-2.36.12.tar.xz
Normal file
@ -0,0 +1,3 @@
|
||||
version https://git-lfs.github.com/spec/v1
|
||||
oid sha256:fff85cf48223ab60e3c3c8318e2087131b590fd6f1737e42cb3759a3b427a334
|
||||
size 5675768
|
||||
@ -1,46 +0,0 @@
|
||||
From dec9ca22d70c0f0d4492333b4e8147afb038afd2 Mon Sep 17 00:00:00 2001
|
||||
From: Dhiru Kholia <dhiru.kholia@gmail.com>
|
||||
Date: Thu, 30 Nov 2017 02:36:26 +0100
|
||||
Subject: [PATCH] ico: Fix potential integer overflow
|
||||
|
||||
Which relies on undefined behaviour. Instead of checking for an
|
||||
overflowed integer after the fact, check whether the addition would
|
||||
be possible at all.
|
||||
|
||||
Fixes: CVE-2017-6312
|
||||
|
||||
https://bugzilla.gnome.org/show_bug.cgi?id=779012
|
||||
---
|
||||
gdk-pixbuf/io-ico.c | 9 +++++----
|
||||
1 file changed, 5 insertions(+), 4 deletions(-)
|
||||
|
||||
diff --git a/gdk-pixbuf/io-ico.c b/gdk-pixbuf/io-ico.c
|
||||
index 8729a0fb9..a86725751 100644
|
||||
--- a/gdk-pixbuf/io-ico.c
|
||||
+++ b/gdk-pixbuf/io-ico.c
|
||||
@@ -333,10 +333,8 @@ static void DecodeHeader(guchar *Data, gint Bytes,
|
||||
for (l = State->entries; l != NULL; l = g_list_next (l)) {
|
||||
entry = l->data;
|
||||
|
||||
- /* We know how many bytes are in the "header" part. */
|
||||
- State->HeaderSize = entry->DIBoffset + INFOHEADER_SIZE;
|
||||
-
|
||||
- if (State->HeaderSize < 0) {
|
||||
+ /* Avoid invoking undefined behavior in the State->HeaderSize calculation below */
|
||||
+ if (entry->DIBoffset > G_MAXINT - INFOHEADER_SIZE) {
|
||||
g_set_error (error,
|
||||
GDK_PIXBUF_ERROR,
|
||||
GDK_PIXBUF_ERROR_CORRUPT_IMAGE,
|
||||
@@ -344,6 +342,9 @@ static void DecodeHeader(guchar *Data, gint Bytes,
|
||||
return;
|
||||
}
|
||||
|
||||
+ /* We know how many bytes are in the "header" part. */
|
||||
+ State->HeaderSize = entry->DIBoffset + INFOHEADER_SIZE;
|
||||
+
|
||||
if (State->HeaderSize>State->BytesInHeaderBuf) {
|
||||
guchar *tmp=g_try_realloc(State->HeaderBuf,State->HeaderSize);
|
||||
if (!tmp) {
|
||||
--
|
||||
2.15.1
|
||||
|
||||
@ -1,37 +0,0 @@
|
||||
From 23e2a7c4b7794220ecd77389b3976c0767fc839d Mon Sep 17 00:00:00 2001
|
||||
From: Tobias Mueller <muelli@cryptobitch.de>
|
||||
Date: Wed, 14 Dec 2016 08:03:16 +0100
|
||||
Subject: [PATCH] gif: Prevent access to negative array indexes
|
||||
|
||||
It seems that a pathological gif file can cause a negative array index
|
||||
to be read. UBSAN reported this:
|
||||
io-gif.c:509:44: runtime error: index -2 out of bounds for type 'guchar [280]'
|
||||
io-gif.c:510:44: runtime error: index -1 out of bounds for type 'guchar [280]'
|
||||
|
||||
https://bugzilla.gnome.org/show_bug.cgi?id=778584
|
||||
---
|
||||
gdk-pixbuf/io-gif.c | 8 ++++++++
|
||||
1 file changed, 8 insertions(+)
|
||||
|
||||
diff --git a/gdk-pixbuf/io-gif.c b/gdk-pixbuf/io-gif.c
|
||||
index ef1001779..acbd1f3be 100644
|
||||
--- a/gdk-pixbuf/io-gif.c
|
||||
+++ b/gdk-pixbuf/io-gif.c
|
||||
@@ -508,6 +508,14 @@ gif_lzw_fill_buffer (GifContext *context)
|
||||
return -2;
|
||||
}
|
||||
|
||||
+ if (context->code_last_byte < 2) {
|
||||
+ g_set_error_literal (context->error,
|
||||
+ GDK_PIXBUF_ERROR,
|
||||
+ GDK_PIXBUF_ERROR_CORRUPT_IMAGE,
|
||||
+ _("Bad code encountered"));
|
||||
+ return -2;
|
||||
+ }
|
||||
+
|
||||
context->block_buf[0] = context->block_buf[context->code_last_byte - 2];
|
||||
context->block_buf[1] = context->block_buf[context->code_last_byte - 1];
|
||||
|
||||
--
|
||||
2.15.1
|
||||
|
||||
@ -1,46 +0,0 @@
|
||||
From c1fd9f5d6592c0183c54efc806b3ca6871e1f496 Mon Sep 17 00:00:00 2001
|
||||
From: Tobias Mueller <muelli@cryptobitch.de>
|
||||
Date: Fri, 10 Nov 2017 18:51:21 +0100
|
||||
Subject: [PATCH] gif: Initialise code_last_byte to not cause undefined
|
||||
behaviour
|
||||
|
||||
Currently, code_last_byte is set only after it has been used, i.e.
|
||||
|
||||
context->block_buf[0] = context->block_buf[context->code_last_byte - 2];
|
||||
|
||||
comes before anything has touched context->code_last_byte yet.
|
||||
Except for the initialisation.
|
||||
context->code_last_byte is set a few lines later, though.
|
||||
And nowhere else, except for the initialisation which sets it
|
||||
to 0. That will inevitably lead to context->block_buf[-2] which is
|
||||
undefined behaviour.
|
||||
|
||||
We hence set the code_last_byte to 2 in order to not make that
|
||||
array index invalid.
|
||||
|
||||
https://bugzilla.gnome.org/show_bug.cgi?id=778584
|
||||
---
|
||||
gdk-pixbuf/io-gif.c | 7 ++++++-
|
||||
1 file changed, 6 insertions(+), 1 deletion(-)
|
||||
|
||||
diff --git a/gdk-pixbuf/io-gif.c b/gdk-pixbuf/io-gif.c
|
||||
index acbd1f3be..61821bdf9 100644
|
||||
--- a/gdk-pixbuf/io-gif.c
|
||||
+++ b/gdk-pixbuf/io-gif.c
|
||||
@@ -1165,7 +1165,12 @@ gif_prepare_lzw (GifContext *context)
|
||||
context->lzw_fresh = TRUE;
|
||||
context->code_curbit = 0;
|
||||
context->code_lastbit = 0;
|
||||
- context->code_last_byte = 0;
|
||||
+ /* During initialistion (in gif_lzw_fill_buffer) we substract 2 from
|
||||
+ * this value to peek into a buffer.
|
||||
+ * In order to not get a negative array index later, we set the value
|
||||
+ * to that magic 2 now.
|
||||
+ */
|
||||
+ context->code_last_byte = 2;
|
||||
context->code_done = FALSE;
|
||||
|
||||
g_assert (context->lzw_clear_code <=
|
||||
--
|
||||
2.15.1
|
||||
|
||||
@ -1,30 +0,0 @@
|
||||
From 210b16399a492d05efb209615a143920b24251f4 Mon Sep 17 00:00:00 2001
|
||||
From: Bastien Nocera <hadess@hadess.net>
|
||||
Date: Tue, 5 Dec 2017 11:51:02 +0100
|
||||
Subject: [PATCH] icns: Protect against too short blocklen (CVE-2017-6313)
|
||||
|
||||
The blocklen needs to be at least header sized to be valid, otherwise we
|
||||
can underflow picture data or mask data lengths.
|
||||
|
||||
https://bugzilla.gnome.org/show_bug.cgi?id=779016
|
||||
---
|
||||
gdk-pixbuf/io-icns.c | 3 ++-
|
||||
1 file changed, 2 insertions(+), 1 deletion(-)
|
||||
|
||||
diff --git a/gdk-pixbuf/io-icns.c b/gdk-pixbuf/io-icns.c
|
||||
index a432e463f..41732b153 100644
|
||||
--- a/gdk-pixbuf/io-icns.c
|
||||
+++ b/gdk-pixbuf/io-icns.c
|
||||
@@ -95,7 +95,8 @@ load_resources (unsigned size, IN gpointer data, gsize datalen,
|
||||
blocklen = GUINT32_FROM_BE (header->size);
|
||||
|
||||
/* Check that blocklen isn't garbage */
|
||||
- if (blocklen > icnslen - (current - bytes))
|
||||
+ if (blocklen > icnslen - (current - bytes) ||
|
||||
+ blocklen < sizeof (IcnsBlockHeader))
|
||||
return FALSE;
|
||||
|
||||
switch (size)
|
||||
--
|
||||
2.15.1
|
||||
|
||||
@ -1,38 +0,0 @@
|
||||
From 1e513abdb55529f888233d3c96b27352d83aad5f Mon Sep 17 00:00:00 2001
|
||||
From: Bastien Nocera <hadess@hadess.net>
|
||||
Date: Tue, 5 Dec 2017 10:26:49 +0100
|
||||
Subject: [PATCH] tiff: Avoid overflowing buffer size computation
|
||||
|
||||
Use g_uint_checked_mul() to avoid overflowing the guint used for buffer
|
||||
size calculation.
|
||||
|
||||
https://bugzilla.gnome.org/show_bug.cgi?id=779020
|
||||
---
|
||||
gdk-pixbuf/io-tiff.c | 11 +++++++++--
|
||||
1 file changed, 9 insertions(+), 2 deletions(-)
|
||||
|
||||
diff --git a/gdk-pixbuf/io-tiff.c b/gdk-pixbuf/io-tiff.c
|
||||
index 7ca0a565a..49fe60eee 100644
|
||||
--- a/gdk-pixbuf/io-tiff.c
|
||||
+++ b/gdk-pixbuf/io-tiff.c
|
||||
@@ -529,8 +529,15 @@ make_available_at_least (TiffContext *context, guint needed)
|
||||
need_alloc = context->used + needed;
|
||||
if (need_alloc > context->allocated) {
|
||||
guint new_size = 1;
|
||||
- while (new_size < need_alloc)
|
||||
- new_size *= 2;
|
||||
+ while (new_size < need_alloc) {
|
||||
+ if (!g_uint_checked_mul (&new_size, new_size, 2)) {
|
||||
+ new_size = 0;
|
||||
+ break;
|
||||
+ }
|
||||
+ }
|
||||
+
|
||||
+ if (new_size == 0)
|
||||
+ return FALSE;
|
||||
|
||||
new_buffer = g_try_realloc (context->buffer, new_size);
|
||||
if (new_buffer) {
|
||||
--
|
||||
2.15.1
|
||||
|
||||
@ -1,3 +1,19 @@
|
||||
-------------------------------------------------------------------
|
||||
Tue Apr 10 02:44:36 UTC 2018 - luc14n0@linuxmail.org
|
||||
|
||||
- Update to version 2.36.12:
|
||||
+ gif, ico, jpeg, tiff, icns: various fixes (bgo#778584,
|
||||
bgo#779012, bgo#753605, bgo#779020, bgo#779016).
|
||||
+ Implement async loading without threads.
|
||||
+ Updated translations.
|
||||
- Rename with_docs meson option to docs, following usptream change.
|
||||
- Drop fixed upstream patches:
|
||||
gdk-pixbuf-bgo779012-ico-overflow.patch,
|
||||
gdk-pixbuf-gif-negative-array-indexes.patch,
|
||||
gdk-pixbuf-gif-uninitialized-variable.patch,
|
||||
gdk-pixbuf-tiff-overflow.patch and
|
||||
gdk-pixbuf-icns-handle-short-blocklen.patch.
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Tue Mar 20 17:34:41 UTC 2018 - dimstar@opensuse.org
|
||||
|
||||
|
||||
@ -19,27 +19,17 @@
|
||||
# When updating the binary version, do not forget to also update baselibs.conf
|
||||
%define gdk_pixbuf_binary_version 2.10.0
|
||||
Name: gdk-pixbuf
|
||||
Version: 2.36.11
|
||||
Version: 2.36.12
|
||||
Release: 0
|
||||
Summary: An image loading library
|
||||
License: LGPL-2.1-or-later
|
||||
Group: Development/Libraries/GNOME
|
||||
URL: https://www.gnome.org/
|
||||
Source: https://download.gnome.org/sources/gdk-pixbuf/2.36/%{name}-%{version}.tar.xz
|
||||
Source: http://download.gnome.org/sources/gdk-pixbuf/2.36/%{name}-%{version}.tar.xz
|
||||
Source1: macros.gdk-pixbuf
|
||||
Source2: README.SUSE
|
||||
Source3: gdk-pixbuf-rpmlintrc
|
||||
Source99: baselibs.conf
|
||||
# PATCH-FIX-UPSTREAM gdk-pixbuf-bgo779012-ico-overflow.patch boo#1027026 mgorse@suse.com -- fix potential integer overflow (CVE-2017-6312).
|
||||
Patch0: gdk-pixbuf-bgo779012-ico-overflow.patch
|
||||
# PATCH-FIX-UPSTREAM gdk-pixbuf-gif-negative-array-indexes.patch bgo#778584 mgorse@suse.com -- gif: prevent access to negative array indexes.
|
||||
Patch1: gdk-pixbuf-gif-negative-array-indexes.patch
|
||||
# PATCH-FIX-UPSTREAM gdk-pixbuf-gif-uninitialized-variable.patch bgo#778584 mgorse@suse.com -- fix uninitialized variable.
|
||||
Patch2: gdk-pixbuf-gif-uninitialized-variable.patch
|
||||
# PATCH-FIX-UPSTREAM gdk-pixbuf-tiff-overflow.patch bgo#779020 mgorse@suse.com -- avoid overflow during size computation.
|
||||
Patch3: gdk-pixbuf-tiff-overflow.patch
|
||||
# PATCH-FIX-UPSTREAM gdk-pixbuf-icns-handle-short-blocklen.patch boo#1027024 bgo#779016 mgorse@suse.com -- icns: protect against too short blocklen (CVE-2017-6313).
|
||||
Patch4: gdk-pixbuf-icns-handle-short-blocklen.patch
|
||||
BuildRequires: docbook-xsl-stylesheets
|
||||
BuildRequires: gtk-doc
|
||||
BuildRequires: libjpeg-devel
|
||||
@ -125,17 +115,12 @@ This package contains the development files for gdk-pixbuf.
|
||||
%prep
|
||||
%setup -q
|
||||
translation-update-upstream
|
||||
%patch0 -p1
|
||||
%patch1 -p1
|
||||
%patch2 -p1
|
||||
%patch3 -p1
|
||||
%patch4 -p1
|
||||
%if "%{_lib}" == "lib64"
|
||||
cp -a %{SOURCE2} .
|
||||
%endif
|
||||
|
||||
%build
|
||||
%meson -D with_docs=true
|
||||
%meson -D docs=true
|
||||
%meson_build
|
||||
|
||||
%install
|
||||
|
||||
Loading…
Reference in New Issue
Block a user