NetCube-Systems-Austria/kumquat-buildroot
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

gdk-pixbuf: security bump to version 2.32.1

Browse Source 
CVE-2015-4491 already fixed in the release so drop patch.

Fixes a heap overflow with a gif file and a heap overflow and DoS with a
tga file. CVEs not assigned yet.

Tests disabled since they fail to build properly on uClibc toolchains.

Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
This commit is contained in:
Gustavo Zacarias 2015-10-05 16:52:36 -03:00 committed by Peter Korsgaard
parent 7ed04d21d6
commit d1e9016dea
3 changed files with 10 additions and 88 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

84
package/gdk-pixbuf/0001-fix-CVE-2015-4491.patch
View File

@ -1,84 +0,0 @@
From ffec86ed5010c5a2be14f47b33bcf4ed3169a199 Mon Sep 17 00:00:00 2001
From: Matthias Clasen <mclasen@redhat.com>
Date: Mon, 13 Jul 2015 00:33:40 -0400
Subject: pixops: Be more careful about integer overflow
Our loader code is supposed to handle out-of-memory and overflow
situations gracefully, reporting errors instead of aborting. But
if you load an image at a specific size, we also execute our
scaling code, which was not careful enough about overflow in some
places.
This commit makes the scaling code silently return if it fails to
allocate filter tables. This is the best we can do, since
gdk_pixbuf_scale() is not taking a GError.
https://bugzilla.gnome.org/show_bug.cgi?id=752297
Signed-off-by: Gustavo Zacarisa <gustavo@zacarias.com.ar>
diff --git a/gdk-pixbuf/pixops/pixops.c b/gdk-pixbuf/pixops/pixops.c
index 29a1c14..ce51745 100644
--- a/gdk-pixbuf/pixops/pixops.c
+++ b/gdk-pixbuf/pixops/pixops.c
@@ -1272,7 +1272,16 @@ make_filter_table (PixopsFilter *filter)
int i_offset, j_offset;
int n_x = filter->x.n;
int n_y = filter->y.n;
- int *weights = g_new (int, SUBSAMPLE * SUBSAMPLE * n_x * n_y);
+ gsize n_weights;
+ int *weights;
+
+ n_weights = SUBSAMPLE * SUBSAMPLE * n_x * n_y;
+ if (n_weights / (SUBSAMPLE * SUBSAMPLE * n_x) != n_y)
+ return NULL; /* overflow, bail */
+
+ weights = g_try_new (int, n_weights);
+ if (!weights)
+ return NULL; /* overflow, bail */
for (i_offset=0; i_offset < SUBSAMPLE; i_offset++)
for (j_offset=0; j_offset < SUBSAMPLE; j_offset++)
@@ -1347,8 +1356,11 @@ pixops_process (guchar *dest_buf,
if (x_step == 0 || y_step == 0)
return; /* overflow, bail out */
- line_bufs = g_new (guchar *, filter->y.n);
filter_weights = make_filter_table (filter);
+ if (!filter_weights)
+ return; /* overflow, bail out */
+
+ line_bufs = g_new (guchar *, filter->y.n);
check_shift = check_size ? get_check_shift (check_size) : 0;
@@ -1468,7 +1480,7 @@ tile_make_weights (PixopsFilterDimension *dim,
double scale)
{
int n = ceil (1 / scale + 1);
- double *pixel_weights = g_new (double, SUBSAMPLE * n);
+ double *pixel_weights = g_malloc_n (sizeof (double) * SUBSAMPLE, n);
int offset;
int i;
@@ -1526,7 +1538,7 @@ bilinear_magnify_make_weights (PixopsFilterDimension *dim,
}
dim->n = n;
- dim->weights = g_new (double, SUBSAMPLE * n);
+ dim->weights = g_malloc_n (sizeof (double) * SUBSAMPLE, n);
pixel_weights = dim->weights;
@@ -1617,7 +1629,7 @@ bilinear_box_make_weights (PixopsFilterDimension *dim,
double scale)
{
int n = ceil (1/scale + 3.0);
- double *pixel_weights = g_new (double, SUBSAMPLE * n);
+ double *pixel_weights = g_malloc_n (sizeof (double) * SUBSAMPLE, n);
double w;
int offset, i;
--
cgit v0.10.2

4
package/gdk-pixbuf/gdk-pixbuf.hash
View File

@ -1,2 +1,2 @@
# From http://ftp.gnome.org/pub/gnome/sources/gdk-pixbuf/2.30/gdk-pixbuf-2.30.8.sha256sum # From http://ftp.gnome.org/pub/gnome/sources/gdk-pixbuf/2.32/gdk-pixbuf-2.32.1.sha256sum
sha256 4853830616113db4435837992c0aebd94cbb993c44dc55063cee7f72a7bef8be gdk-pixbuf-2.30.8.tar.xz sha256 4432b74f25538c7d6bcb3ca51adabdd666168955f25812a2568dc9637697f3bc gdk-pixbuf-2.32.1.tar.xz

10
package/gdk-pixbuf/gdk-pixbuf.mk
View File

@ -4,8 +4,8 @@
# #
################################################################################ ################################################################################
GDK_PIXBUF_VERSION_MAJOR = 2.30 GDK_PIXBUF_VERSION_MAJOR = 2.32
GDK_PIXBUF_VERSION = $(GDK_PIXBUF_VERSION_MAJOR).8 GDK_PIXBUF_VERSION = $(GDK_PIXBUF_VERSION_MAJOR).1
GDK_PIXBUF_SOURCE = gdk-pixbuf-$(GDK_PIXBUF_VERSION).tar.xz GDK_PIXBUF_SOURCE = gdk-pixbuf-$(GDK_PIXBUF_VERSION).tar.xz
GDK_PIXBUF_SITE = http://ftp.gnome.org/pub/gnome/sources/gdk-pixbuf/$(GDK_PIXBUF_VERSION_MAJOR) GDK_PIXBUF_SITE = http://ftp.gnome.org/pub/gnome/sources/gdk-pixbuf/$(GDK_PIXBUF_VERSION_MAJOR)
GDK_PIXBUF_LICENSE = LGPLv2+ GDK_PIXBUF_LICENSE = LGPLv2+
@ -52,6 +52,12 @@ define GDK_PIXBUF_INSTALL_INIT_SYSV
$(TARGET_DIR)/etc/init.d/S26gdk-pixbuf $(TARGET_DIR)/etc/init.d/S26gdk-pixbuf
endef endef
# Tests don't build correctly with uClibc
define GDK_PIXBUF_DISABLE_TESTS
$(SED) 's/ tests//' $(@D)/Makefile.in
endef
GDK_PIXBUF_POST_PATCH_HOOKS += GDK_PIXBUF_DISABLE_TESTS
$(eval $(autotools-package)) $(eval $(autotools-package))
HOST_GDK_PIXBUF_CONF_OPTS = \ HOST_GDK_PIXBUF_CONF_OPTS = \