Skip to content
Projects
Groups
Snippets
Help
Loading...
Help
Support
Submit feedback
Contribute to GitLab
Sign in / Register
Toggle navigation
aports
Project
Project
Details
Activity
Releases
Cycle Analytics
Repository
Repository
Files
Commits
Branches
Tags
Contributors
Graph
Compare
Charts
Issues
817
Issues
817
List
Boards
Labels
Milestones
Merge Requests
43
Merge Requests
43
CI / CD
CI / CD
Pipelines
Jobs
Schedules
Charts
Wiki
Wiki
Snippets
Snippets
Members
Members
Collapse sidebar
Close sidebar
Activity
Graph
Charts
Create a new issue
Jobs
Commits
Issue Boards
Open sidebar
alpine
aports
Commits
e7899278
Commit
e7899278
authored
May 06, 2019
by
Rasmus Thomsen
Committed by
Natanael Copa
Jun 05, 2019
Browse files
Options
Browse Files
Download
Email Patches
Plain Diff
main/gdk-pixbuf: upgrade to 2.38.1
parent
a0020da8
Changes
3
Hide whitespace changes
Inline
Side-by-side
Showing
3 changed files
with
25 additions
and
68 deletions
+25
-68
APKBUILD
main/gdk-pixbuf/APKBUILD
+25
-27
CVE-2017-6312.patch
main/gdk-pixbuf/CVE-2017-6312.patch
+0
-25
CVE-2017-6314.patch
main/gdk-pixbuf/CVE-2017-6314.patch
+0
-16
No files found.
main/gdk-pixbuf/APKBUILD
View file @
e7899278
# Maintainer: Natanael Copa <ncopa@alpinelinux.org>
pkgname
=
gdk-pixbuf
pkgver
=
2.3
6.1
1
pkgrel
=
2
pkgver
=
2.3
8.
1
pkgrel
=
0
pkgdesc
=
"GTK+ image loading library"
url
=
"https://w
ww.gtk.org/
"
url
=
"https://w
iki.gnome.org/Projects/GdkPixbuf
"
arch
=
"all"
license
=
"LGPL-2.0
+
"
license
=
"LGPL-2.0
-or-later
"
depends
=
"shared-mime-info"
depends_dev
=
""
makedepends
=
"
$depends_dev
tiff-dev libjpeg-turbo-dev gobject-introspection-dev
libpng-dev glib-dev"
depends_dev
=
"
shared-mime-info
"
makedepends
=
"tiff-dev libjpeg-turbo-dev gobject-introspection-dev
libpng-dev glib-dev
meson
"
install
=
"
$pkgname
.pre-deinstall"
triggers
=
"
$pkgname
.trigger=/usr/lib/gdk-pixbuf-2.0/*/loaders"
subpackages
=
"
$pkgname
-dev
$pkgname
-doc
$pkgname
-lang
$pkgname
-dbg"
source
=
"https://download.gnome.org/sources/gdk-pixbuf/
${
pkgver
%.*
}
/gdk-pixbuf-
$pkgver
.tar.xz
CVE-2017-6312.patch
CVE-2017-6314.patch
"
source
=
"https://download.gnome.org/sources/gdk-pixbuf/
${
pkgver
%.*
}
/gdk-pixbuf-
$pkgver
.tar.xz"
replaces
=
"gtk+"
# secfixes:
...
...
@@ -27,28 +24,31 @@ replaces="gtk+"
build
()
{
cd
"
$builddir
"
./configure
\
--build
=
$CBUILD
\
--host
=
$CHOST
\
meson
\
--prefix
=
/usr
\
--sysconfdir
=
/etc
\
--with-x11
\
--mandir
=
/usr/share/man
\
--infodir
=
/usr/share/info
\
--with-libjpeg
\
--with-libtiff
\
--enable-introspection
make
-Dinstalled_tests
=
false
\
output
.
ninja
-C
output
}
check
()
{
cd
"
$builddir
"
make check
# pixbuf-area-updated takes over 50 minutes to run on Drone
case
$CARCH
in
armhf
)
if
test
$DRONE
;
then
sed
-i
'/pixbuf-area-updated/d'
tests/meson.build
fi
;;
esac
meson
test
-C
output
}
package
()
{
cd
"
$builddir
"
make
DESTDIR
=
"
$pkgdir
"
install
DESTDIR
=
"
$pkgdir
"
ninja
-C
output
install
}
doc
()
{
...
...
@@ -61,6 +61,4 @@ dev() {
default_dev
}
sha512sums
=
"231e13ef2339fc6953788e8597a0c455143273338793ed835dac6ccf42e26e0292dec4121a4976b859ba8ffaa81b3ca5b250b54bd4897dbd3146a1874a59d4e3 gdk-pixbuf-2.36.11.tar.xz
3b67e10ae02ecfdb541c427f811541e2cd0cfc3f048b1e4b119767b7f8f3a02de8a9c7302c21d23de1ea886f994d4dcdb687580c970d7d49eba80f17075ff0de CVE-2017-6312.patch
2ea67f0716234de017f7e8c628d544b40513f23689d70e5e5e2621affabce40ae733d399f64d2641616c114ac7f3fa22396e68142656dbb10993d70181ff5a50 CVE-2017-6314.patch"
sha512sums
=
"e50badaad2ccb3c816ba0849be386ecb75ea3c7df203d0b0144541c463ad1ace86c0d190b7550e3f59f0cba9639acc5cc048b7127484287894e4df6d62777920 gdk-pixbuf-2.38.1.tar.xz"
main/gdk-pixbuf/CVE-2017-6312.patch
deleted
100644 → 0
View file @
a0020da8
--- a/gdk-pixbuf/io-ico.c
+++ a/gdk-pixbuf/io-ico.c
@@ -330,10 +330,8 @@
static void DecodeHeader(guchar *Data, gint Bytes,
return;
}
- /* We know how many bytes are in the "header" part. */
- State->HeaderSize = entry->DIBoffset + INFOHEADER_SIZE;
-
- if (State->HeaderSize < 0) {
+ /* Avoid invoking undefined behavior in the State->HeaderSize calculation below */
+ if (entry->DIBoffset > G_MAXINT - INFOHEADER_SIZE) {
g_set_error (error,
GDK_PIXBUF_ERROR,
GDK_PIXBUF_ERROR_CORRUPT_IMAGE,
@@ -341,6 +339,9 @@
static void DecodeHeader(guchar *Data, gint Bytes,
return;
}
+ /* We know how many bytes are in the "header" part. */
+ State->HeaderSize = entry->DIBoffset + INFOHEADER_SIZE;
+
if (State->HeaderSize>State->BytesInHeaderBuf) {
guchar *tmp=g_try_realloc(State->HeaderBuf,State->HeaderSize);
if (!tmp) {
main/gdk-pixbuf/CVE-2017-6314.patch
deleted
100644 → 0
View file @
a0020da8
--- gdk-pixbuf-2.30.8/gdk-pixbuf/io-tiff.c
+++ gdk-pixbuf-2.30.8/gdk-pixbuf/io-tiff.c
@@ -458,9 +458,12 @@
make_available_at_least (TiffContext *co
need_alloc = context->used + needed;
if (need_alloc > context->allocated) {
guint new_size = 1;
- while (new_size < need_alloc)
+ while (new_size && (new_size < need_alloc))
new_size *= 2;
+ if(!(new_size))
+ return FALSE;
+
new_buffer = g_try_realloc (context->buffer, new_size);
if (new_buffer) {
context->buffer = new_buffer;
Write
Preview
Markdown
is supported
0%
Try again
or
attach a new file
Attach a file
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment