main/gdk-pixbuf: security fix (CVE-2017-2862)

fixes #7869

2 files changed, 55 insertions, 4 deletions

diff --git a/main/gdk-pixbuf/APKBUILD b/main/gdk-pixbuf/APKBUILD
index 1918326c94..6b73c4d66f 100644
--- a/main/gdk-pixbuf/APKBUILD
+++ b/main/gdk-pixbuf/APKBUILD
@@ -1,7 +1,7 @@
 # Maintainer: Natanael Copa <ncopa@alpinelinux.org>
 pkgname=gdk-pixbuf
 pkgver=2.32.2
-pkgrel=1
+pkgrel=2
 pkgdesc="GDK Pixbuf library"
 url="http://www.gtk.org/"
 arch="all"
@@ -14,12 +14,15 @@ triggers="$pkgname.trigger=/usr/lib/gdk-pixbuf-2.0/*/loaders"
 subpackages="$pkgname-dev $pkgname-doc $pkgname-lang"
 source="http://ftp.gnome.org/pub/gnome/sources/gdk-pixbuf/${pkgver%.*}/gdk-pixbuf-$pkgver.tar.xz
 	CVE-2017-6314.patch
+	CVE-2017-2862.patch
 	"
 replaces="gtk+"
 
 _builddir="$srcdir"/$pkgname-$pkgver
 
 # secfixes:
+#   2.32.0-r2:
+#     - CVE-2017-2862
 #   2.32.2-r1:
 #     - CVE-2017-6314
 
@@ -62,8 +65,11 @@ dev() {
 }
 
 md5sums="bbd9b471c60d11ab8ce133a5f04310af  gdk-pixbuf-2.32.2.tar.xz
-bd0cf481936ebc80e0f2be3411bfe720  CVE-2017-6314.patch"
+bd0cf481936ebc80e0f2be3411bfe720  CVE-2017-6314.patch
+82d368976a0edbaa9a68bcac73a6adf9  CVE-2017-2862.patch"
 sha256sums="d3ab06fc123b13effed4c27c77cebdfad2173ff20628d82c397b7660ae926145  gdk-pixbuf-2.32.2.tar.xz
-17e3f13cc3b42b442a36ddf1c7d2c588f0e3aa39699d70299690930322ddd019  CVE-2017-6314.patch"
+17e3f13cc3b42b442a36ddf1c7d2c588f0e3aa39699d70299690930322ddd019  CVE-2017-6314.patch
+c0e958f235fd18271ca1268bcd2c76b043b741ac90d45807faf375b5596c4fb8  CVE-2017-2862.patch"
 sha512sums="146cbddc1b4a68715a827fc53d98f213f5e27f4f4a8b3fe6148b96c866b4ca4ab624613ddf196d4b0a01bbddfc6f8438b96ad436d23dfced02d584ff8c2fdf3d  gdk-pixbuf-2.32.2.tar.xz
-2ea67f0716234de017f7e8c628d544b40513f23689d70e5e5e2621affabce40ae733d399f64d2641616c114ac7f3fa22396e68142656dbb10993d70181ff5a50  CVE-2017-6314.patch"
+2ea67f0716234de017f7e8c628d544b40513f23689d70e5e5e2621affabce40ae733d399f64d2641616c114ac7f3fa22396e68142656dbb10993d70181ff5a50  CVE-2017-6314.patch
+7d2b3e30af7d3084f55236d47990af13c6a9825d7aae2843fe4369c57d846428cdcaaa664bd721a558a8df748b606a61405e205a38271a775d80ef15bab6c091  CVE-2017-2862.patch"
diff --git a/main/gdk-pixbuf/CVE-2017-2862.patch b/main/gdk-pixbuf/CVE-2017-2862.patch
new file mode 100644
index 0000000000..f41f5124f3
--- /dev/null
+++ b/main/gdk-pixbuf/CVE-2017-2862.patch
@@ -0,0 +1,45 @@
+Backport of c2a40a92fe3df4111ed9da51fe3368c079b86926 and
+6dd89e126a277460faafc1f679db44ccf78446fb
+
+--- gdk-pixbuf-2.36.5.orig/gdk-pixbuf/io-jpeg.c
++++ gdk-pixbuf-2.36.5/gdk-pixbuf/io-jpeg.c
+@@ -1026,6 +1026,7 @@ gdk_pixbuf__jpeg_image_load_increment (g
+ 		/* try to load jpeg header */
+ 		if (!context->got_header) {
+ 			int rc;
++			gboolean has_alpha;
+ 		
+ 			jpeg_save_markers (cinfo, JPEG_APP0+1, 0xffff);
+ 			jpeg_save_markers (cinfo, JPEG_APP0+2, 0xffff);
+@@ -1063,10 +1064,27 @@ gdk_pixbuf__jpeg_image_load_increment (g
+ 				}
+ 			}
+ 			jpeg_calc_output_dimensions (cinfo);
+-			
+-			context->pixbuf = gdk_pixbuf_new (GDK_COLORSPACE_RGB, 
+-							  cinfo->output_components == 4 ? TRUE : FALSE,
+-							  8, 
++
++			if (cinfo->output_components == 3) {
++				has_alpha = FALSE;
++			} else if (cinfo->output_components == 4) {
++				has_alpha = TRUE;
++			} else if (cinfo->output_components == 1 &&
++				   cinfo->out_color_space == JCS_GRAYSCALE) {
++				has_alpha = FALSE;
++			} else {
++				g_set_error (error,
++					     GDK_PIXBUF_ERROR,
++					     GDK_PIXBUF_ERROR_CORRUPT_IMAGE,
++					     _("Unsupported number of color components (%d)"),
++					     cinfo->output_components);
++				retval = FALSE;
++				goto out;
++			}
++
++			context->pixbuf = gdk_pixbuf_new (GDK_COLORSPACE_RGB,
++							  has_alpha,
++							  8,
+ 							  cinfo->output_width,
+ 							  cinfo->output_height);
+