2 files changed, 40 insertions, 0 deletions
diff --git a/meta/recipes-gnome/gdk-pixbuf/gdk-pixbuf/CVE-2015-7674.patch b/meta/recipes-gnome/gdk-pixbuf/gdk-pixbuf/CVE-2015-7674.patch
new file mode 100644
index 0000000000..d516e88ab5
--- /dev/null
+++ b/meta/recipes-gnome/gdk-pixbuf/gdk-pixbuf/CVE-2015-7674.patch
@@ -0,0 +1,39 @@
+From e9a5704edaa9aee9498f1fbf6e1b70fcce2e55aa Mon Sep 17 00:00:00 2001
+From: Benjamin Otte <otte@redhat.com>
+Date: Tue, 22 Sep 2015 22:44:51 +0200
+Subject: [PATCH] pixops: Don't overflow variables when shifting them
+If we shift by 16 bits we need to be sure those 16 bits actually exist.
+They do now.
+Upstream-status: Backport
+https://git.gnome.org/browse/gdk-pixbuf/commit/?id=e9a5704edaa9aee9498f1fbf6e1b70fcce2e55aa
+CVE:  CVE-2015-7674
+Signed-off-by: Armin Kuster <akuster@mvista.com>
+---
+ gdk-pixbuf/pixops/pixops.c | 10 +++++-----
+ 1 file changed, 5 insertions(+), 5 deletions(-)
+Index: gdk-pixbuf-2.30.8/gdk-pixbuf/pixops/pixops.c
+===================================================================
+--- gdk-pixbuf-2.30.8.orig/gdk-pixbuf/pixops/pixops.c
+++ gdk-pixbuf-2.30.8/gdk-pixbuf/pixops/pixops.c
+@@ -264,11 +264,11 @@ pixops_scale_nearest (guchar        *des
+                      double         scale_x,
+                      double         scale_y)
+ {
+-  int i;
+-  int x;
+-  int x_step = (1 << SCALE_SHIFT) / scale_x;
+-  int y_step = (1 << SCALE_SHIFT) / scale_y;
+-  int xmax, xstart, xstop, x_pos, y_pos;
+  gint64 i;
+  gint64 x;
+  gint64 x_step = (1 << SCALE_SHIFT) / scale_x;
+  gint64 y_step = (1 << SCALE_SHIFT) / scale_y;
+  gint64 xmax, xstart, xstop, x_pos, y_pos;
+   const guchar *p;
+ 
+ #define INNER_LOOP(SRC_CHANNELS,DEST_CHANNELS,ASSIGN_PIXEL)     \
diff --git a/meta/recipes-gnome/gdk-pixbuf/gdk-pixbuf_2.30.8.bb b/meta/recipes-gnome/gdk-pixbuf/gdk-pixbuf_2.30.8.bb
index 07c2dcec16..5a858fb99f 100644
--- a/meta/recipes-gnome/gdk-pixbuf/gdk-pixbuf_2.30.8.bb
+++ b/meta/recipes-gnome/gdk-pixbuf/gdk-pixbuf_2.30.8.bb
@@ -19,6 +19,7 @@ SRC_URI = "${GNOME_MIRROR}/${BPN}/${MAJ_VER}/${BPN}-${PV}.tar.xz \
           file://run-ptest \
           file://fatal-loader.patch \
           file://0001-pixops-Be-more-careful-about-integer-overflow.patch \
+           file://CVE-2015-7674.patch \
           "
 SRC_URI[md5sum] = "4fed0d54432f1b69fc6e66e608bd5542"

diff --git a/meta/recipes-gnome/gdk-pixbuf/gdk-pixbuf/CVE-2015-7674.patch b/meta/recipes-gnome/gdk-pixbuf/gdk-pixbuf/CVE-2015-7674.patch new file mode 100644 index 0000000000..d516e88ab5 --- /dev/null +++ b/meta/recipes-gnome/gdk-pixbuf/gdk-pixbuf/CVE-2015-7674.patch
@@ -0,0 +1,39 @@
		1	From e9a5704edaa9aee9498f1fbf6e1b70fcce2e55aa Mon Sep 17 00:00:00 2001
		2	From: Benjamin Otte <otte@redhat.com>
		3	Date: Tue, 22 Sep 2015 22:44:51 +0200
		4	Subject: [PATCH] pixops: Don't overflow variables when shifting them
		5
		6	If we shift by 16 bits we need to be sure those 16 bits actually exist.
		7	They do now.
		8
		9	Upstream-status: Backport
		10	https://git.gnome.org/browse/gdk-pixbuf/commit/?id=e9a5704edaa9aee9498f1fbf6e1b70fcce2e55aa
		11
		12	CVE: CVE-2015-7674
		13	Signed-off-by: Armin Kuster <akuster@mvista.com>
		14
		15	---
		16	gdk-pixbuf/pixops/pixops.c \| 10 +++++-----
		17	1 file changed, 5 insertions(+), 5 deletions(-)
		18
		19	Index: gdk-pixbuf-2.30.8/gdk-pixbuf/pixops/pixops.c
		20	===================================================================
		21	--- gdk-pixbuf-2.30.8.orig/gdk-pixbuf/pixops/pixops.c
		22	+++ gdk-pixbuf-2.30.8/gdk-pixbuf/pixops/pixops.c
		23	@@ -264,11 +264,11 @@ pixops_scale_nearest (guchar *des
		24	double scale_x,
		25	double scale_y)
		26	{
		27	- int i;
		28	- int x;
		29	- int x_step = (1 << SCALE_SHIFT) / scale_x;
		30	- int y_step = (1 << SCALE_SHIFT) / scale_y;
		31	- int xmax, xstart, xstop, x_pos, y_pos;
		32	+ gint64 i;
		33	+ gint64 x;
		34	+ gint64 x_step = (1 << SCALE_SHIFT) / scale_x;
		35	+ gint64 y_step = (1 << SCALE_SHIFT) / scale_y;
		36	+ gint64 xmax, xstart, xstop, x_pos, y_pos;
		37	const guchar *p;
		38
		39	#define INNER_LOOP(SRC_CHANNELS,DEST_CHANNELS,ASSIGN_PIXEL) \


diff --git a/meta/recipes-gnome/gdk-pixbuf/gdk-pixbuf_2.30.8.bb b/meta/recipes-gnome/gdk-pixbuf/gdk-pixbuf_2.30.8.bb index 07c2dcec16..5a858fb99f 100644 --- a/meta/recipes-gnome/gdk-pixbuf/gdk-pixbuf_2.30.8.bb +++ b/meta/recipes-gnome/gdk-pixbuf/gdk-pixbuf_2.30.8.bb
@@ -19,6 +19,7 @@ SRC_URI = "${GNOME_MIRROR}/${BPN}/${MAJ_VER}/${BPN}-${PV}.tar.xz \
19	file://run-ptest \	19	file://run-ptest \
20	file://fatal-loader.patch \	20	file://fatal-loader.patch \
21	file://0001-pixops-Be-more-careful-about-integer-overflow.patch \	21	file://0001-pixops-Be-more-careful-about-integer-overflow.patch \
		22	file://CVE-2015-7674.patch \
22	"	23	"
23		24
24	SRC_URI[md5sum] = "4fed0d54432f1b69fc6e66e608bd5542"	25	SRC_URI[md5sum] = "4fed0d54432f1b69fc6e66e608bd5542"