Commit 3753b9e3 authored by Leo's avatar Leo Committed by Natanael Copa

main/libcroco: fix a few CVEs

- CVE-2017-8834
- CVE-2017-8871

Also add comments for:

- CVE-2017-7960
- CVE-2017-7961
parent 50e76a2d
# Maintainer: Natanael Copa <ncopa@alpinelinux.org>
pkgname=libcroco
pkgver=0.6.13
pkgrel=0
pkgrel=1
pkgdesc="GNOME CSS2 parsing and manipulation toolkit"
url="http://www.gnome.org"
arch="all"
license="LGPL-2.1-only"
subpackages="$pkgname-dev $pkgname-doc"
makedepends="glib-dev libxml2-dev"
source="https://download.gnome.org/sources/$pkgname/0.6/$pkgname-$pkgver.tar.xz"
source="https://download.gnome.org/sources/$pkgname/0.6/$pkgname-$pkgver.tar.xz
CVE-2017-8871-and-CVE-2017-8834.patch
"
# secfixes:
# 0.6.13-r1:
# - CVE-2017-7960
# - CVE-2017-7961
# - CVE-2017-8871
# - CVE-2017-8834
build() {
cd "$builddir"
......@@ -29,4 +38,5 @@ package() {
cd "$builddir"
make DESTDIR="$pkgdir" install
}
sha512sums="038a3ac9d160a8cf86a8a88c34367e154ef26ede289c93349332b7bc449a5199b51ea3611cebf3a2416ae23b9e45ecf8f9c6b24ea6d16a5519b796d3c7e272d4 libcroco-0.6.13.tar.xz"
sha512sums="038a3ac9d160a8cf86a8a88c34367e154ef26ede289c93349332b7bc449a5199b51ea3611cebf3a2416ae23b9e45ecf8f9c6b24ea6d16a5519b796d3c7e272d4 libcroco-0.6.13.tar.xz
568ad8205f5c2ab1eb949ef664671069fad5991e43992e35092738c1a741289303dba343c8002caec817d1c27fe5645dc2a861573fb4d91074aef59ff41f3d27 CVE-2017-8871-and-CVE-2017-8834.patch"
From deda38539f5b25616aa294d8b19d33ebf8e175ff Mon Sep 17 00:00:00 2001
From: Mike Gorse <mgorse@alum.wpi.edu>
Date: Thu, 2 May 2019 10:54:43 -0500
Subject: [PATCH] cr_utils_read_char_from_utf8_buf: move past invalid UTF-8
Otherwise, the offending character is never consumed, possibly leading
to an infinite loop.
https://bugzilla.gnome.org/show_bug.cgi?id=782647
---
src/cr-utils.c | 1 +
1 file changed, 1 insertion(+)
diff --git a/src/cr-utils.c b/src/cr-utils.c
index 2420cec..6cf4849 100644
--- a/src/cr-utils.c
+++ b/src/cr-utils.c
@@ -505,6 +505,7 @@ cr_utils_read_char_from_utf8_buf (const guchar * a_in,
} else {
/*BAD ENCODING */
+ nb_bytes_2_decode = 1;
goto end;
}
--
2.20.1
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment