From d49b5d11fbcaa348507fd036c91cfd519e4ff228 Mon Sep 17 00:00:00 2001 From: Leonardo Arena Date: Wed, 25 Oct 2017 07:26:54 +0000 Subject: main/gdk-pixbuf: security fix (CVE-2017-2862) fixes #7869 --- main/gdk-pixbuf/APKBUILD | 14 ++++++++---- main/gdk-pixbuf/CVE-2017-2862.patch | 45 +++++++++++++++++++++++++++++++++++++ 2 files changed, 55 insertions(+), 4 deletions(-) create mode 100644 main/gdk-pixbuf/CVE-2017-2862.patch diff --git a/main/gdk-pixbuf/APKBUILD b/main/gdk-pixbuf/APKBUILD index 1918326c94..6b73c4d66f 100644 --- a/main/gdk-pixbuf/APKBUILD +++ b/main/gdk-pixbuf/APKBUILD @@ -1,7 +1,7 @@ # Maintainer: Natanael Copa pkgname=gdk-pixbuf pkgver=2.32.2 -pkgrel=1 +pkgrel=2 pkgdesc="GDK Pixbuf library" url="http://www.gtk.org/" arch="all" @@ -14,12 +14,15 @@ triggers="$pkgname.trigger=/usr/lib/gdk-pixbuf-2.0/*/loaders" subpackages="$pkgname-dev $pkgname-doc $pkgname-lang" source="http://ftp.gnome.org/pub/gnome/sources/gdk-pixbuf/${pkgver%.*}/gdk-pixbuf-$pkgver.tar.xz CVE-2017-6314.patch + CVE-2017-2862.patch " replaces="gtk+" _builddir="$srcdir"/$pkgname-$pkgver # secfixes: +# 2.32.0-r2: +# - CVE-2017-2862 # 2.32.2-r1: # - CVE-2017-6314 @@ -62,8 +65,11 @@ dev() { } md5sums="bbd9b471c60d11ab8ce133a5f04310af gdk-pixbuf-2.32.2.tar.xz -bd0cf481936ebc80e0f2be3411bfe720 CVE-2017-6314.patch" +bd0cf481936ebc80e0f2be3411bfe720 CVE-2017-6314.patch +82d368976a0edbaa9a68bcac73a6adf9 CVE-2017-2862.patch" sha256sums="d3ab06fc123b13effed4c27c77cebdfad2173ff20628d82c397b7660ae926145 gdk-pixbuf-2.32.2.tar.xz -17e3f13cc3b42b442a36ddf1c7d2c588f0e3aa39699d70299690930322ddd019 CVE-2017-6314.patch" +17e3f13cc3b42b442a36ddf1c7d2c588f0e3aa39699d70299690930322ddd019 CVE-2017-6314.patch +c0e958f235fd18271ca1268bcd2c76b043b741ac90d45807faf375b5596c4fb8 CVE-2017-2862.patch" sha512sums="146cbddc1b4a68715a827fc53d98f213f5e27f4f4a8b3fe6148b96c866b4ca4ab624613ddf196d4b0a01bbddfc6f8438b96ad436d23dfced02d584ff8c2fdf3d gdk-pixbuf-2.32.2.tar.xz -2ea67f0716234de017f7e8c628d544b40513f23689d70e5e5e2621affabce40ae733d399f64d2641616c114ac7f3fa22396e68142656dbb10993d70181ff5a50 CVE-2017-6314.patch" +2ea67f0716234de017f7e8c628d544b40513f23689d70e5e5e2621affabce40ae733d399f64d2641616c114ac7f3fa22396e68142656dbb10993d70181ff5a50 CVE-2017-6314.patch +7d2b3e30af7d3084f55236d47990af13c6a9825d7aae2843fe4369c57d846428cdcaaa664bd721a558a8df748b606a61405e205a38271a775d80ef15bab6c091 CVE-2017-2862.patch" diff --git a/main/gdk-pixbuf/CVE-2017-2862.patch b/main/gdk-pixbuf/CVE-2017-2862.patch new file mode 100644 index 0000000000..f41f5124f3 --- /dev/null +++ b/main/gdk-pixbuf/CVE-2017-2862.patch @@ -0,0 +1,45 @@ +Backport of c2a40a92fe3df4111ed9da51fe3368c079b86926 and +6dd89e126a277460faafc1f679db44ccf78446fb + +--- gdk-pixbuf-2.36.5.orig/gdk-pixbuf/io-jpeg.c ++++ gdk-pixbuf-2.36.5/gdk-pixbuf/io-jpeg.c +@@ -1026,6 +1026,7 @@ gdk_pixbuf__jpeg_image_load_increment (g + /* try to load jpeg header */ + if (!context->got_header) { + int rc; ++ gboolean has_alpha; + + jpeg_save_markers (cinfo, JPEG_APP0+1, 0xffff); + jpeg_save_markers (cinfo, JPEG_APP0+2, 0xffff); +@@ -1063,10 +1064,27 @@ gdk_pixbuf__jpeg_image_load_increment (g + } + } + jpeg_calc_output_dimensions (cinfo); +- +- context->pixbuf = gdk_pixbuf_new (GDK_COLORSPACE_RGB, +- cinfo->output_components == 4 ? TRUE : FALSE, +- 8, ++ ++ if (cinfo->output_components == 3) { ++ has_alpha = FALSE; ++ } else if (cinfo->output_components == 4) { ++ has_alpha = TRUE; ++ } else if (cinfo->output_components == 1 && ++ cinfo->out_color_space == JCS_GRAYSCALE) { ++ has_alpha = FALSE; ++ } else { ++ g_set_error (error, ++ GDK_PIXBUF_ERROR, ++ GDK_PIXBUF_ERROR_CORRUPT_IMAGE, ++ _("Unsupported number of color components (%d)"), ++ cinfo->output_components); ++ retval = FALSE; ++ goto out; ++ } ++ ++ context->pixbuf = gdk_pixbuf_new (GDK_COLORSPACE_RGB, ++ has_alpha, ++ 8, + cinfo->output_width, + cinfo->output_height); + -- cgit v1.2.3