diff options
| author | Dan Andresan <Dan.Andresan@enea.com> | 2018-10-29 12:01:08 +0100 |
|---|---|---|
| committer | Gerrit Code Review <gerrit2@sestogerrit02> | 2018-10-29 12:01:08 +0100 |
| commit | 1fd90264695d95bc6a84409283cd6d002c0b0e35 (patch) | |
| tree | 3c68f0135854e61128e2adf7b9270a179bd89063 | |
| parent | c1d3038ebc3595d452dd987ce985446b75b944db (diff) | |
| parent | af4aca51dcef02ca7b07fd0f77d0f8c856dc54b5 (diff) | |
| download | meta-el-common-1fd90264695d95bc6a84409283cd6d002c0b0e35.tar.gz | |
Merge "gdk-pixbuf: Fix CVE-2017-6311" into pyro
| -rw-r--r-- | recipes-gnome/gdk-pixbuf/gdk-pixbuf/CVE-2017-6311.patch | 109 | ||||
| -rw-r--r-- | recipes-gnome/gdk-pixbuf/gdk-pixbuf_2.36.5.bbappend | 6 |
2 files changed, 115 insertions, 0 deletions
diff --git a/recipes-gnome/gdk-pixbuf/gdk-pixbuf/CVE-2017-6311.patch b/recipes-gnome/gdk-pixbuf/gdk-pixbuf/CVE-2017-6311.patch new file mode 100644 index 0000000..25d55ad --- /dev/null +++ b/recipes-gnome/gdk-pixbuf/gdk-pixbuf/CVE-2017-6311.patch | |||
| @@ -0,0 +1,109 @@ | |||
| 1 | From 725afb9a926553b664a1cb1270d38de133f659e1 Mon Sep 17 00:00:00 2001 | ||
| 2 | From: Andreas Wellving <andreas.wellving@enea.com> | ||
| 3 | Date: Mon, 22 Oct 2018 12:21:56 +0200 | ||
| 4 | Subject: [PATCH] ico: Return an error when the ICO didn't load | ||
| 5 | |||
| 6 | If we don't even read enough data to fill the header, return an | ||
| 7 | error. This doesn't cover everything that could go wrong with | ||
| 8 | the ICO incremental loader, but this is a good first throw. | ||
| 9 | |||
| 10 | Upstream-Status: Backport [https://gitlab.gnome.org/GNOME/gdk-pixbuf/commit/7586553] | ||
| 11 | |||
| 12 | thumbnailer: Update skeleton to fix a possible crash | ||
| 13 | |||
| 14 | If the loader returns a NULL pixbuf without returning an | ||
| 15 | error, the skeleton would crash trying to print the error. | ||
| 16 | Print that the thumbnailer is broken instead. | ||
| 17 | |||
| 18 | https://bugzilla.gnome.org/show_bug.cgi?id=778204 | ||
| 19 | |||
| 20 | Upstream-Status: Backport [https://gitlab.gnome.org/GNOME/gdk-pixbuf/commit/57362ed] | ||
| 21 | |||
| 22 | CVE: CVE-2017-6311 | ||
| 23 | Signed-off-by: Andreas Wellving <andreas.wellving@enea.com> | ||
| 24 | --- | ||
| 25 | gdk-pixbuf/io-ico.c | 11 ++++++++++- | ||
| 26 | thumbnailer/gnome-thumbnailer-skeleton.c | 14 ++++++++++++-- | ||
| 27 | 2 files changed, 22 insertions(+), 3 deletions(-) | ||
| 28 | |||
| 29 | diff --git a/gdk-pixbuf/io-ico.c b/gdk-pixbuf/io-ico.c | ||
| 30 | index 2b0441f..68295a3 100644 | ||
| 31 | --- a/gdk-pixbuf/io-ico.c | ||
| 32 | +++ b/gdk-pixbuf/io-ico.c | ||
| 33 | @@ -605,6 +605,7 @@ gdk_pixbuf__ico_image_stop_load(gpointer data, | ||
| 34 | { | ||
| 35 | struct ico_progressive_state *context = | ||
| 36 | (struct ico_progressive_state *) data; | ||
| 37 | + gboolean ret = TRUE; | ||
| 38 | |||
| 39 | /* FIXME this thing needs to report errors if | ||
| 40 | * we have unused image data | ||
| 41 | @@ -612,8 +613,16 @@ gdk_pixbuf__ico_image_stop_load(gpointer data, | ||
| 42 | |||
| 43 | g_return_val_if_fail(context != NULL, TRUE); | ||
| 44 | |||
| 45 | + if (context->HeaderDone < context->HeaderSize) { | ||
| 46 | + g_set_error_literal (error, | ||
| 47 | + GDK_PIXBUF_ERROR, | ||
| 48 | + GDK_PIXBUF_ERROR_CORRUPT_IMAGE, | ||
| 49 | + _("ICO image was truncated or incomplete.")); | ||
| 50 | + ret = FALSE; | ||
| 51 | + } | ||
| 52 | + | ||
| 53 | context_free (context); | ||
| 54 | - return TRUE; | ||
| 55 | + return ret; | ||
| 56 | } | ||
| 57 | |||
| 58 | static void | ||
| 59 | diff --git a/thumbnailer/gnome-thumbnailer-skeleton.c b/thumbnailer/gnome-thumbnailer-skeleton.c | ||
| 60 | index d686432..73da53e 100644 | ||
| 61 | --- a/thumbnailer/gnome-thumbnailer-skeleton.c | ||
| 62 | +++ b/thumbnailer/gnome-thumbnailer-skeleton.c | ||
| 63 | @@ -37,6 +37,7 @@ static int output_size = 256; | ||
| 64 | static gboolean g_fatal_warnings = FALSE; | ||
| 65 | static char **filenames = NULL; | ||
| 66 | |||
| 67 | +#if !GDK_PIXBUF_CHECK_VERSION(2,36,5) | ||
| 68 | /** | ||
| 69 | * gnome_desktop_thumbnail_scale_down_pixbuf: | ||
| 70 | * @pixbuf: a #GdkPixbuf | ||
| 71 | @@ -178,6 +179,7 @@ gnome_desktop_thumbnail_scale_down_pixbuf (GdkPixbuf *pixbuf, | ||
| 72 | |||
| 73 | return dest_pixbuf; | ||
| 74 | } | ||
| 75 | +#endif | ||
| 76 | |||
| 77 | static char * | ||
| 78 | get_target_uri (GFile *file) | ||
| 79 | @@ -291,9 +293,16 @@ int main (int argc, char **argv) | ||
| 80 | |||
| 81 | scale = (double)output_size / MAX (width, height); | ||
| 82 | |||
| 83 | +#if !GDK_PIXBUF_CHECK_VERSION(2,36,5) | ||
| 84 | scaled = gnome_desktop_thumbnail_scale_down_pixbuf (pixbuf, | ||
| 85 | floor (width * scale + 0.5), | ||
| 86 | floor (height * scale + 0.5)); | ||
| 87 | +#else | ||
| 88 | + scaled = gdk_pixbuf_scale_simple (pixbuf, | ||
| 89 | + floor (width * scale + 0.5), | ||
| 90 | + floor (height * scale + 0.5), | ||
| 91 | + GDK_INTERP_HYPER); | ||
| 92 | +#endif | ||
| 93 | gdk_pixbuf_copy_options (pixbuf, scaled); | ||
| 94 | g_object_unref (pixbuf); | ||
| 95 | pixbuf = scaled; | ||
| 96 | @@ -316,8 +325,9 @@ int main (int argc, char **argv) | ||
| 97 | g_free (input_filename); | ||
| 98 | |||
| 99 | if (!pixbuf) { | ||
| 100 | - g_warning ("Could not thumbnail '%s': %s", filenames[0], error->message); | ||
| 101 | - g_error_free (error); | ||
| 102 | + g_warning ("Could not thumbnail '%s': %s", filenames[0], | ||
| 103 | + error ? error->message : "Thumbnailer failed without returning an error"); | ||
| 104 | + g_clear_error (&error); | ||
| 105 | g_strfreev (filenames); | ||
| 106 | return 1; | ||
| 107 | } | ||
| 108 | |||
| 109 | |||
diff --git a/recipes-gnome/gdk-pixbuf/gdk-pixbuf_2.36.5.bbappend b/recipes-gnome/gdk-pixbuf/gdk-pixbuf_2.36.5.bbappend new file mode 100644 index 0000000..370bb73 --- /dev/null +++ b/recipes-gnome/gdk-pixbuf/gdk-pixbuf_2.36.5.bbappend | |||
| @@ -0,0 +1,6 @@ | |||
| 1 | # look for files in the layer first | ||
| 2 | FILESEXTRAPATHS_prepend := "${THISDIR}/${PN}:" | ||
| 3 | |||
| 4 | SRC_URI += " \ | ||
| 5 | file://CVE-2017-6311.patch \ | ||
| 6 | " | ||