10 files changed, 167 insertions, 1 deletions
diff --git a/meta/recipes-gnome/epiphany/epiphany_3.34.4.bb b/meta/recipes-gnome/epiphany/epiphany_3.34.4.bb
index ddb4c2794f..f43bfd6a67 100644
--- a/meta/recipes-gnome/epiphany/epiphany_3.34.4.bb
+++ b/meta/recipes-gnome/epiphany/epiphany_3.34.4.bb
@@ -1,4 +1,7 @@
 SUMMARY = "WebKit based web browser for GNOME"
+DESCRIPTION = "Epiphany is an open source web browser for the Linux desktop environment. \
+It provides a simple and easy-to-use internet browsing experience."
+HOMEPAGE = "https://wiki.gnome.org/Apps/Web"
 BUGTRACKER = "https://gitlab.gnome.org/GNOME/epiphany"
 LICENSE = "GPLv3+"
 LIC_FILES_CHKSUM = "file://COPYING;md5=d32239bcb673463ab874e80d47fae504"
@@ -13,6 +16,7 @@ REQUIRED_DISTRO_FEATURES = "x11 opengl"
 SRC_URI = "${GNOME_MIRROR}/${GNOMEBN}/${@gnome_verdir("${PV}")}/${GNOMEBN}-${PV}.tar.${GNOME_COMPRESS_TYPE};name=archive \
           file://0002-help-meson.build-disable-the-use-of-yelp.patch \
+           file://CVE-2022-29536.patch \
           "
 SRC_URI[archive.md5sum] = "a559f164bb7d6cbeceb348648076830b"
 SRC_URI[archive.sha256sum] = "60e190fc07ec7e33472e60c7e633e04004f7e277a0ffc5e9cd413706881e598d"
diff --git a/meta/recipes-gnome/epiphany/files/CVE-2022-29536.patch b/meta/recipes-gnome/epiphany/files/CVE-2022-29536.patch
new file mode 100644
index 0000000000..71cfc1238a
--- /dev/null
+++ b/meta/recipes-gnome/epiphany/files/CVE-2022-29536.patch
@@ -0,0 +1,46 @@
+CVE: CVE-2022-29536
+Upstream-Status: Backport [ https://gitlab.gnome.org/GNOME/epiphany/-/commit/486da133569ebfc436c959a7419565ab102e8525 ]
+Signed-off-by: Lee Chee Yang <chee.yang.lee@intel.com>
+From 486da133569ebfc436c959a7419565ab102e8525 Mon Sep 17 00:00:00 2001
+From: Michael Catanzaro <mcatanzaro@redhat.com>
+Date: Fri, 15 Apr 2022 18:09:46 -0500
+Subject: [PATCH] Fix memory corruption in ephy_string_shorten()
+This fixes a regression that I introduced in 232c613472b38ff0d0d97338f366024ddb9cd228.
+I got my browser stuck in a crash loop today while visiting a website
+with a page title greater than ephy-embed.c's MAX_TITLE_LENGTH, the only
+condition in which ephy_string_shorten() is ever used. Turns out this
+commit is wrong: an ellipses is a multibyte character (three bytes in
+UTF-8) and so we're writing past the end of the buffer when calling
+strcat() here. Ooops.
+Shame it took nearly four years to notice and correct this.
+Part-of: <https://gitlab.gnome.org/GNOME/epiphany/-/merge_requests/1106>
+---
+ lib/ephy-string.c | 5 ++---
+ 1 file changed, 2 insertions(+), 3 deletions(-)
+diff --git a/lib/ephy-string.c b/lib/ephy-string.c
+index 35a148ab32..8e524d52ca 100644
+--- a/lib/ephy-string.c
+++ b/lib/ephy-string.c
+@@ -114,11 +114,10 @@ ephy_string_shorten (char  *str,
+   /* create string */
+   bytes = GPOINTER_TO_UINT (g_utf8_offset_to_pointer (str, target_length - 1) - str);
+ 
+-  /* +1 for ellipsis, +1 for trailing NUL */
+-  new_str = g_new (gchar, bytes + 1 + 1);
+  new_str = g_new (gchar, bytes + strlen ("…") + 1);
+ 
+   strncpy (new_str, str, bytes);
+-  strcat (new_str, "…");
+  strncpy (new_str + bytes, "…", strlen ("…") + 1);
+ 
+   g_free (str);
+ 
+-- 
+GitLab
diff --git a/meta/recipes-gnome/gdk-pixbuf/gdk-pixbuf/CVE-2021-20240.patch b/meta/recipes-gnome/gdk-pixbuf/gdk-pixbuf/CVE-2021-20240.patch
new file mode 100644
index 0000000000..fe594b24bb
--- /dev/null
+++ b/meta/recipes-gnome/gdk-pixbuf/gdk-pixbuf/CVE-2021-20240.patch
@@ -0,0 +1,40 @@
+From 086e8adf4cc352cd11572f96066b001b545f354e Mon Sep 17 00:00:00 2001
+From: Emmanuele Bassi <ebassi@gnome.org>
+Date: Wed, 1 Apr 2020 18:11:55 +0100
+Subject: [PATCH] Check the memset length argument
+Avoid overflows by using the checked multiplication macro for gsize.
+Fixes: #132
+Upstream-Status: Backported [https://gitlab.gnome.org/GNOME/gdk-pixbuf/-/commit/086e8adf4cc352cd11572f96066b001b545f354e]
+CVE: CVE-2021-20240
+Signed-off-by: Changqing Li <changqing.li@windriver.com>
+---
+ gdk-pixbuf/io-gif-animation.c | 6 +++++-
+ 1 file changed, 5 insertions(+), 1 deletion(-)
+diff --git a/gdk-pixbuf/io-gif-animation.c b/gdk-pixbuf/io-gif-animation.c
+index c9db3c66e..49674fd2e 100644
+--- a/gdk-pixbuf/io-gif-animation.c
+++ b/gdk-pixbuf/io-gif-animation.c
+@@ -412,11 +412,15 @@ gdk_pixbuf_gif_anim_iter_get_pixbuf (GdkPixbufAnimationIter *anim_iter)
+ 
+         /* If no rendered frame, render the first frame */
+         if (anim->last_frame == NULL) {
+                gsize len = 0;
+                 if (anim->last_frame_data == NULL)
+                         anim->last_frame_data = gdk_pixbuf_new (GDK_COLORSPACE_RGB, TRUE, 8, anim->width, anim->height);
+                 if (anim->last_frame_data == NULL)
+                         return NULL;
+-                memset (gdk_pixbuf_get_pixels (anim->last_frame_data), 0, gdk_pixbuf_get_rowstride (anim->last_frame_data) * anim->height);
+                if (g_size_checked_mul (&len, gdk_pixbuf_get_rowstride (anim->last_frame_data), anim->height))
+                        memset (gdk_pixbuf_get_pixels (anim->last_frame_data), 0, len);
+                else
+                        return NULL;
+                 composite_frame (anim, g_list_nth_data (anim->frames, 0));
+         }
+ 
+-- 
+GitLab
diff --git a/meta/recipes-gnome/gdk-pixbuf/gdk-pixbuf/CVE-2021-46829.patch b/meta/recipes-gnome/gdk-pixbuf/gdk-pixbuf/CVE-2021-46829.patch
new file mode 100644
index 0000000000..b29ab209ce
--- /dev/null
+++ b/meta/recipes-gnome/gdk-pixbuf/gdk-pixbuf/CVE-2021-46829.patch
@@ -0,0 +1,61 @@
+From bdf3a2630c02a63803309cf0ad4b274234c814ce Mon Sep 17 00:00:00 2001
+From: Hitendra Prajapati <hprajapati@mvista.com>
+Date: Tue, 9 Aug 2022 09:45:42 +0530
+Subject: [PATCH] CVE-2021-46829
+Upstream-Status: Backport [https://gitlab.gnome.org/GNOME/gdk-pixbuf/-/commit/5398f04d772f7f8baf5265715696ed88db0f0512]
+CVE: CVE-2021-46829
+Signed-off-by: Hitendra Prajapati <hprajapati@mvista.com>
+---
+ gdk-pixbuf/io-gif-animation.c | 21 +++++++++++++--------
+ 1 file changed, 13 insertions(+), 8 deletions(-)
+diff --git a/gdk-pixbuf/io-gif-animation.c b/gdk-pixbuf/io-gif-animation.c
+index d742963..9544391 100644
+--- a/gdk-pixbuf/io-gif-animation.c
+++ b/gdk-pixbuf/io-gif-animation.c
+@@ -364,7 +364,7 @@ composite_frame (GdkPixbufGifAnim *anim, GdkPixbufFrame *frame)
+         for (i = 0; i < n_indexes; i++) {
+                 guint8 index = index_buffer[i];
+                 guint x, y;
+-                int offset;
+                gsize offset;
+ 
+                 if (index == frame->transparent_index)
+                         continue;
+@@ -374,11 +374,13 @@ composite_frame (GdkPixbufGifAnim *anim, GdkPixbufFrame *frame)
+                 if (x >= anim->width || y >= anim->height)
+                         continue;
+ 
+-                offset = y * gdk_pixbuf_get_rowstride (anim->last_frame_data) + x * 4;
+-                pixels[offset + 0] = frame->color_map[index * 3 + 0];
+-                pixels[offset + 1] = frame->color_map[index * 3 + 1];
+-                pixels[offset + 2] = frame->color_map[index * 3 + 2];
+-                pixels[offset + 3] = 255;
+                if (g_size_checked_mul (&offset, gdk_pixbuf_get_rowstride (anim->last_frame_data), y) &&
+                    g_size_checked_add (&offset, offset, x * 4)) {
+                        pixels[offset + 0] = frame->color_map[index * 3 + 0];
+                        pixels[offset + 1] = frame->color_map[index * 3 + 1];
+                        pixels[offset + 2] = frame->color_map[index * 3 + 2];
+                        pixels[offset + 3] = 255;
+                }
+         }
+ 
+ out:
+@@ -443,8 +445,11 @@ gdk_pixbuf_gif_anim_iter_get_pixbuf (GdkPixbufAnimationIter *anim_iter)
+                         x_end = MIN (anim->last_frame->x_offset + anim->last_frame->width, anim->width);
+                         y_end = MIN (anim->last_frame->y_offset + anim->last_frame->height, anim->height);
+                         for (y = anim->last_frame->y_offset; y < y_end; y++) {
+-                                guchar *line = pixels + y * gdk_pixbuf_get_rowstride (anim->last_frame_data) + anim->last_frame->x_offset * 4;
+-                                memset (line, 0, (x_end - anim->last_frame->x_offset) * 4);
+                                gsize offset;
+                                if (g_size_checked_mul (&offset, gdk_pixbuf_get_rowstride (anim->last_frame_data), y) &&
+                                    g_size_checked_add (&offset, offset, anim->last_frame->x_offset * 4)) {
+                                         memset (pixels + offset, 0, (x_end - anim->last_frame->x_offset) * 4);
+                                }
+                         }
+                         break;
+                 case GDK_PIXBUF_FRAME_REVERT:
+-- 
+2.25.1
diff --git a/meta/recipes-gnome/gdk-pixbuf/gdk-pixbuf_2.40.0.bb b/meta/recipes-gnome/gdk-pixbuf/gdk-pixbuf_2.40.0.bb
index 54861e83c6..1171e6cc11 100644
--- a/meta/recipes-gnome/gdk-pixbuf/gdk-pixbuf_2.40.0.bb
+++ b/meta/recipes-gnome/gdk-pixbuf/gdk-pixbuf_2.40.0.bb
@@ -25,6 +25,8 @@ SRC_URI = "${GNOME_MIRROR}/${BPN}/${MAJ_VER}/${BPN}-${PV}.tar.xz \
           file://0006-Build-thumbnailer-and-tests-also-in-cross-builds.patch \
           file://missing-test-data.patch \
           file://CVE-2020-29385.patch \
+           file://CVE-2021-20240.patch \
+           file://CVE-2021-46829.patch \
           "
 SRC_URI_append_class-target = " \
diff --git a/meta/recipes-gnome/gnome/adwaita-icon-theme_3.34.3.bb b/meta/recipes-gnome/gnome/adwaita-icon-theme_3.34.3.bb
index 3a2727b701..5503f225bb 100644
--- a/meta/recipes-gnome/gnome/adwaita-icon-theme_3.34.3.bb
+++ b/meta/recipes-gnome/gnome/adwaita-icon-theme_3.34.3.bb
@@ -1,4 +1,6 @@
 SUMMARY = "GTK+ icon theme"
+DESCRIPTION = "The Adwaita icon theme is the default icon theme of the GNOME desktop \
+This package package contains an icon theme for Gtk+ 3 applications."
 HOMEPAGE = "https://gitlab.gnome.org/GNOME/adwaita-icon-theme"
 BUGTRACKER = "https://gitlab.gnome.org/GNOME/adwaita-icon-theme/issues"
 SECTION = "x11/gnome"
diff --git a/meta/recipes-gnome/gobject-introspection/gobject-introspection_1.62.0.bb b/meta/recipes-gnome/gobject-introspection/gobject-introspection_1.62.0.bb
index 92b0d1d52f..0842f10ea9 100644
--- a/meta/recipes-gnome/gobject-introspection/gobject-introspection_1.62.0.bb
+++ b/meta/recipes-gnome/gobject-introspection/gobject-introspection_1.62.0.bb
@@ -102,7 +102,7 @@ EOF
        # from the target sysroot.
        cat > ${B}/g-ir-scanner-wrapper << EOF
 #!/bin/sh
-# This prevents g-ir-scanner from writing cache data to $HOME
+# This prevents g-ir-scanner from writing cache data to user's HOME dir
 export GI_SCANNER_DISABLE_CACHE=1
 g-ir-scanner --lib-dirs-envvar=GIR_EXTRA_LIBS_PATH --use-binary-wrapper=${STAGING_BINDIR}/g-ir-scanner-qemuwrapper --use-ldd-wrapper=${STAGING_BINDIR}/g-ir-scanner-lddwrapper --add-include-path=${STAGING_DATADIR}/gir-1.0 --add-include-path=${STAGING_LIBDIR}/gir-1.0 "\$@"
diff --git a/meta/recipes-gnome/libnotify/libnotify_0.7.8.bb b/meta/recipes-gnome/libnotify/libnotify_0.7.8.bb
index 0306b04f4e..6b59029255 100644
--- a/meta/recipes-gnome/libnotify/libnotify_0.7.8.bb
+++ b/meta/recipes-gnome/libnotify/libnotify_0.7.8.bb
@@ -1,4 +1,8 @@
 SUMMARY = "Library for sending desktop notifications to a notification daemon"
+DESCRIPTION = "It sends desktop notifications to a notification daemon, as defined \
+in the Desktop Notifications spec. These notifications can be used to inform \
+the user about an event or display some form of information without getting \
+in the user's way."
 HOMEPAGE = "https://gitlab.gnome.org/GNOME/libnotify"
 BUGTRACKER = "https://gitlab.gnome.org/GNOME/libnotify/issues"
 SECTION = "libs"
@@ -20,3 +24,6 @@ PROVIDES += "libnotify3"
 RPROVIDES_${PN} += "libnotify3"
 RCONFLICTS_${PN} += "libnotify3"
 RREPLACES_${PN} += "libnotify3"
+# -7381 is specific to the NodeJS bindings
+CVE_CHECK_WHITELIST += "CVE-2013-7381"
diff --git a/meta/recipes-gnome/librsvg/librsvg_2.40.21.bb b/meta/recipes-gnome/librsvg/librsvg_2.40.21.bb
index 237aec6062..ef1dae0a69 100644
--- a/meta/recipes-gnome/librsvg/librsvg_2.40.21.bb
+++ b/meta/recipes-gnome/librsvg/librsvg_2.40.21.bb
@@ -25,6 +25,9 @@ SRC_URI += "file://gtk-option.patch \
 SRC_URI[archive.sha256sum] = "f7628905f1cada84e87e2b14883ed57d8094dca3281d5bcb24ece4279e9a92ba"
+# Issue only on windows
+CVE_CHECK_WHITELIST += "CVE-2018-1000041"
 CACHED_CONFIGUREVARS = "ac_cv_path_GDK_PIXBUF_QUERYLOADERS=${STAGING_LIBDIR_NATIVE}/gdk-pixbuf-2.0/gdk-pixbuf-query-loaders"
 PACKAGECONFIG ??= "gdkpixbuf"
diff --git a/meta/recipes-gnome/libsecret/libsecret_0.20.1.bb b/meta/recipes-gnome/libsecret/libsecret_0.20.1.bb
index 72511af02d..8b5d301515 100644
--- a/meta/recipes-gnome/libsecret/libsecret_0.20.1.bb
+++ b/meta/recipes-gnome/libsecret/libsecret_0.20.1.bb
@@ -4,6 +4,7 @@ the freedesktop.org project, a cross-desktop effort to access passwords, \
 tokens and other types of secrets. libsecret provides a convenient wrapper \
 for these methods so consumers do not have to call the low-level DBus methods."
 LICENSE = "LGPLv2.1"
+HOMEPAGE = "https://github.com/GNOME/libsecret"
 BUGTRACKER = "https://gitlab.gnome.org/GNOME/libsecret/issues"
 LIC_FILES_CHKSUM = "file://COPYING;md5=23c2a5e0106b99d75238986559bb5fc6"

diff --git a/meta/recipes-gnome/epiphany/epiphany_3.34.4.bb b/meta/recipes-gnome/epiphany/epiphany_3.34.4.bb index ddb4c2794f..f43bfd6a67 100644 --- a/meta/recipes-gnome/epiphany/epiphany_3.34.4.bb +++ b/meta/recipes-gnome/epiphany/epiphany_3.34.4.bb
@@ -1,4 +1,7 @@
1	SUMMARY = "WebKit based web browser for GNOME"	1	SUMMARY = "WebKit based web browser for GNOME"
		2	DESCRIPTION = "Epiphany is an open source web browser for the Linux desktop environment. \
		3	It provides a simple and easy-to-use internet browsing experience."
		4	HOMEPAGE = "https://wiki.gnome.org/Apps/Web"
2	BUGTRACKER = "https://gitlab.gnome.org/GNOME/epiphany"	5	BUGTRACKER = "https://gitlab.gnome.org/GNOME/epiphany"
3	LICENSE = "GPLv3+"	6	LICENSE = "GPLv3+"
4	LIC_FILES_CHKSUM = "file://COPYING;md5=d32239bcb673463ab874e80d47fae504"	7	LIC_FILES_CHKSUM = "file://COPYING;md5=d32239bcb673463ab874e80d47fae504"
@@ -13,6 +16,7 @@ REQUIRED_DISTRO_FEATURES = "x11 opengl"
13		16
14	SRC_URI = "${GNOME_MIRROR}/${GNOMEBN}/${@gnome_verdir("${PV}")}/${GNOMEBN}-${PV}.tar.${GNOME_COMPRESS_TYPE};name=archive \	17	SRC_URI = "${GNOME_MIRROR}/${GNOMEBN}/${@gnome_verdir("${PV}")}/${GNOMEBN}-${PV}.tar.${GNOME_COMPRESS_TYPE};name=archive \
15	file://0002-help-meson.build-disable-the-use-of-yelp.patch \	18	file://0002-help-meson.build-disable-the-use-of-yelp.patch \
		19	file://CVE-2022-29536.patch \
16	"	20	"
17	SRC_URI[archive.md5sum] = "a559f164bb7d6cbeceb348648076830b"	21	SRC_URI[archive.md5sum] = "a559f164bb7d6cbeceb348648076830b"
18	SRC_URI[archive.sha256sum] = "60e190fc07ec7e33472e60c7e633e04004f7e277a0ffc5e9cd413706881e598d"	22	SRC_URI[archive.sha256sum] = "60e190fc07ec7e33472e60c7e633e04004f7e277a0ffc5e9cd413706881e598d"


diff --git a/meta/recipes-gnome/epiphany/files/CVE-2022-29536.patch b/meta/recipes-gnome/epiphany/files/CVE-2022-29536.patch new file mode 100644 index 0000000000..71cfc1238a --- /dev/null +++ b/meta/recipes-gnome/epiphany/files/CVE-2022-29536.patch
@@ -0,0 +1,46 @@
		1	CVE: CVE-2022-29536
		2	Upstream-Status: Backport [ https://gitlab.gnome.org/GNOME/epiphany/-/commit/486da133569ebfc436c959a7419565ab102e8525 ]
		3	Signed-off-by: Lee Chee Yang <chee.yang.lee@intel.com>
		4
		5	From 486da133569ebfc436c959a7419565ab102e8525 Mon Sep 17 00:00:00 2001
		6	From: Michael Catanzaro <mcatanzaro@redhat.com>
		7	Date: Fri, 15 Apr 2022 18:09:46 -0500
		8	Subject: [PATCH] Fix memory corruption in ephy_string_shorten()
		9
		10	This fixes a regression that I introduced in 232c613472b38ff0d0d97338f366024ddb9cd228.
		11
		12	I got my browser stuck in a crash loop today while visiting a website
		13	with a page title greater than ephy-embed.c's MAX_TITLE_LENGTH, the only
		14	condition in which ephy_string_shorten() is ever used. Turns out this
		15	commit is wrong: an ellipses is a multibyte character (three bytes in
		16	UTF-8) and so we're writing past the end of the buffer when calling
		17	strcat() here. Ooops.
		18
		19	Shame it took nearly four years to notice and correct this.
		20
		21	Part-of: <https://gitlab.gnome.org/GNOME/epiphany/-/merge_requests/1106>
		22	---
		23	lib/ephy-string.c \| 5 ++---
		24	1 file changed, 2 insertions(+), 3 deletions(-)
		25
		26	diff --git a/lib/ephy-string.c b/lib/ephy-string.c
		27	index 35a148ab32..8e524d52ca 100644
		28	--- a/lib/ephy-string.c
		29	+++ b/lib/ephy-string.c
		30	@@ -114,11 +114,10 @@ ephy_string_shorten (char *str,
		31	/* create string */
		32	bytes = GPOINTER_TO_UINT (g_utf8_offset_to_pointer (str, target_length - 1) - str);
		33
		34	- /* +1 for ellipsis, +1 for trailing NUL */
		35	- new_str = g_new (gchar, bytes + 1 + 1);
		36	+ new_str = g_new (gchar, bytes + strlen ("…") + 1);
		37
		38	strncpy (new_str, str, bytes);
		39	- strcat (new_str, "…");
		40	+ strncpy (new_str + bytes, "…", strlen ("…") + 1);
		41
		42	g_free (str);
		43
		44	--
		45	GitLab
		46


diff --git a/meta/recipes-gnome/gdk-pixbuf/gdk-pixbuf/CVE-2021-20240.patch b/meta/recipes-gnome/gdk-pixbuf/gdk-pixbuf/CVE-2021-20240.patch new file mode 100644 index 0000000000..fe594b24bb --- /dev/null +++ b/meta/recipes-gnome/gdk-pixbuf/gdk-pixbuf/CVE-2021-20240.patch
@@ -0,0 +1,40 @@
		1	From 086e8adf4cc352cd11572f96066b001b545f354e Mon Sep 17 00:00:00 2001
		2	From: Emmanuele Bassi <ebassi@gnome.org>
		3	Date: Wed, 1 Apr 2020 18:11:55 +0100
		4	Subject: [PATCH] Check the memset length argument
		5
		6	Avoid overflows by using the checked multiplication macro for gsize.
		7
		8	Fixes: #132
		9
		10	Upstream-Status: Backported [https://gitlab.gnome.org/GNOME/gdk-pixbuf/-/commit/086e8adf4cc352cd11572f96066b001b545f354e]
		11	CVE: CVE-2021-20240
		12
		13	Signed-off-by: Changqing Li <changqing.li@windriver.com>
		14	---
		15	gdk-pixbuf/io-gif-animation.c \| 6 +++++-
		16	1 file changed, 5 insertions(+), 1 deletion(-)
		17
		18	diff --git a/gdk-pixbuf/io-gif-animation.c b/gdk-pixbuf/io-gif-animation.c
		19	index c9db3c66e..49674fd2e 100644
		20	--- a/gdk-pixbuf/io-gif-animation.c
		21	+++ b/gdk-pixbuf/io-gif-animation.c
		22	@@ -412,11 +412,15 @@ gdk_pixbuf_gif_anim_iter_get_pixbuf (GdkPixbufAnimationIter *anim_iter)
		23
		24	/* If no rendered frame, render the first frame */
		25	if (anim->last_frame == NULL) {
		26	+ gsize len = 0;
		27	if (anim->last_frame_data == NULL)
		28	anim->last_frame_data = gdk_pixbuf_new (GDK_COLORSPACE_RGB, TRUE, 8, anim->width, anim->height);
		29	if (anim->last_frame_data == NULL)
		30	return NULL;
		31	- memset (gdk_pixbuf_get_pixels (anim->last_frame_data), 0, gdk_pixbuf_get_rowstride (anim->last_frame_data) * anim->height);
		32	+ if (g_size_checked_mul (&len, gdk_pixbuf_get_rowstride (anim->last_frame_data), anim->height))
		33	+ memset (gdk_pixbuf_get_pixels (anim->last_frame_data), 0, len);
		34	+ else
		35	+ return NULL;
		36	composite_frame (anim, g_list_nth_data (anim->frames, 0));
		37	}
		38
		39	--
		40	GitLab


diff --git a/meta/recipes-gnome/gdk-pixbuf/gdk-pixbuf/CVE-2021-46829.patch b/meta/recipes-gnome/gdk-pixbuf/gdk-pixbuf/CVE-2021-46829.patch new file mode 100644 index 0000000000..b29ab209ce --- /dev/null +++ b/meta/recipes-gnome/gdk-pixbuf/gdk-pixbuf/CVE-2021-46829.patch
@@ -0,0 +1,61 @@
		1	From bdf3a2630c02a63803309cf0ad4b274234c814ce Mon Sep 17 00:00:00 2001
		2	From: Hitendra Prajapati <hprajapati@mvista.com>
		3	Date: Tue, 9 Aug 2022 09:45:42 +0530
		4	Subject: [PATCH] CVE-2021-46829
		5
		6	Upstream-Status: Backport [https://gitlab.gnome.org/GNOME/gdk-pixbuf/-/commit/5398f04d772f7f8baf5265715696ed88db0f0512]
		7	CVE: CVE-2021-46829
		8	Signed-off-by: Hitendra Prajapati <hprajapati@mvista.com>
		9	---
		10	gdk-pixbuf/io-gif-animation.c \| 21 +++++++++++++--------
		11	1 file changed, 13 insertions(+), 8 deletions(-)
		12
		13	diff --git a/gdk-pixbuf/io-gif-animation.c b/gdk-pixbuf/io-gif-animation.c
		14	index d742963..9544391 100644
		15	--- a/gdk-pixbuf/io-gif-animation.c
		16	+++ b/gdk-pixbuf/io-gif-animation.c
		17	@@ -364,7 +364,7 @@ composite_frame (GdkPixbufGifAnim anim, GdkPixbufFrame frame)
		18	for (i = 0; i < n_indexes; i++) {
		19	guint8 index = index_buffer[i];
		20	guint x, y;
		21	- int offset;
		22	+ gsize offset;
		23
		24	if (index == frame->transparent_index)
		25	continue;
		26	@@ -374,11 +374,13 @@ composite_frame (GdkPixbufGifAnim anim, GdkPixbufFrame frame)
		27	if (x >= anim->width \|\| y >= anim->height)
		28	continue;
		29
		30	- offset = y * gdk_pixbuf_get_rowstride (anim->last_frame_data) + x * 4;
		31	- pixels[offset + 0] = frame->color_map[index * 3 + 0];
		32	- pixels[offset + 1] = frame->color_map[index * 3 + 1];
		33	- pixels[offset + 2] = frame->color_map[index * 3 + 2];
		34	- pixels[offset + 3] = 255;
		35	+ if (g_size_checked_mul (&offset, gdk_pixbuf_get_rowstride (anim->last_frame_data), y) &&
		36	+ g_size_checked_add (&offset, offset, x * 4)) {
		37	+ pixels[offset + 0] = frame->color_map[index * 3 + 0];
		38	+ pixels[offset + 1] = frame->color_map[index * 3 + 1];
		39	+ pixels[offset + 2] = frame->color_map[index * 3 + 2];
		40	+ pixels[offset + 3] = 255;
		41	+ }
		42	}
		43
		44	out:
		45	@@ -443,8 +445,11 @@ gdk_pixbuf_gif_anim_iter_get_pixbuf (GdkPixbufAnimationIter *anim_iter)
		46	x_end = MIN (anim->last_frame->x_offset + anim->last_frame->width, anim->width);
		47	y_end = MIN (anim->last_frame->y_offset + anim->last_frame->height, anim->height);
		48	for (y = anim->last_frame->y_offset; y < y_end; y++) {
		49	- guchar line = pixels + y gdk_pixbuf_get_rowstride (anim->last_frame_data) + anim->last_frame->x_offset * 4;
		50	- memset (line, 0, (x_end - anim->last_frame->x_offset) * 4);
		51	+ gsize offset;
		52	+ if (g_size_checked_mul (&offset, gdk_pixbuf_get_rowstride (anim->last_frame_data), y) &&
		53	+ g_size_checked_add (&offset, offset, anim->last_frame->x_offset * 4)) {
		54	+ memset (pixels + offset, 0, (x_end - anim->last_frame->x_offset) * 4);
		55	+ }
		56	}
		57	break;
		58	case GDK_PIXBUF_FRAME_REVERT:
		59	--
		60	2.25.1
		61


diff --git a/meta/recipes-gnome/gdk-pixbuf/gdk-pixbuf_2.40.0.bb b/meta/recipes-gnome/gdk-pixbuf/gdk-pixbuf_2.40.0.bb index 54861e83c6..1171e6cc11 100644 --- a/meta/recipes-gnome/gdk-pixbuf/gdk-pixbuf_2.40.0.bb +++ b/meta/recipes-gnome/gdk-pixbuf/gdk-pixbuf_2.40.0.bb
@@ -25,6 +25,8 @@ SRC_URI = "${GNOME_MIRROR}/${BPN}/${MAJ_VER}/${BPN}-${PV}.tar.xz \
25	file://0006-Build-thumbnailer-and-tests-also-in-cross-builds.patch \	25	file://0006-Build-thumbnailer-and-tests-also-in-cross-builds.patch \
26	file://missing-test-data.patch \	26	file://missing-test-data.patch \
27	file://CVE-2020-29385.patch \	27	file://CVE-2020-29385.patch \
		28	file://CVE-2021-20240.patch \
		29	file://CVE-2021-46829.patch \
28	"	30	"
29		31
30	SRC_URI_append_class-target = " \	32	SRC_URI_append_class-target = " \


diff --git a/meta/recipes-gnome/gnome/adwaita-icon-theme_3.34.3.bb b/meta/recipes-gnome/gnome/adwaita-icon-theme_3.34.3.bb index 3a2727b701..5503f225bb 100644 --- a/meta/recipes-gnome/gnome/adwaita-icon-theme_3.34.3.bb +++ b/meta/recipes-gnome/gnome/adwaita-icon-theme_3.34.3.bb
@@ -1,4 +1,6 @@
1	SUMMARY = "GTK+ icon theme"	1	SUMMARY = "GTK+ icon theme"
		2	DESCRIPTION = "The Adwaita icon theme is the default icon theme of the GNOME desktop \
		3	This package package contains an icon theme for Gtk+ 3 applications."
2	HOMEPAGE = "https://gitlab.gnome.org/GNOME/adwaita-icon-theme"	4	HOMEPAGE = "https://gitlab.gnome.org/GNOME/adwaita-icon-theme"
3	BUGTRACKER = "https://gitlab.gnome.org/GNOME/adwaita-icon-theme/issues"	5	BUGTRACKER = "https://gitlab.gnome.org/GNOME/adwaita-icon-theme/issues"
4	SECTION = "x11/gnome"	6	SECTION = "x11/gnome"


diff --git a/meta/recipes-gnome/gobject-introspection/gobject-introspection_1.62.0.bb b/meta/recipes-gnome/gobject-introspection/gobject-introspection_1.62.0.bb index 92b0d1d52f..0842f10ea9 100644 --- a/meta/recipes-gnome/gobject-introspection/gobject-introspection_1.62.0.bb +++ b/meta/recipes-gnome/gobject-introspection/gobject-introspection_1.62.0.bb
@@ -102,7 +102,7 @@ EOF
102	# from the target sysroot.	102	# from the target sysroot.
103	cat > ${B}/g-ir-scanner-wrapper << EOF	103	cat > ${B}/g-ir-scanner-wrapper << EOF
104	#!/bin/sh	104	#!/bin/sh
105	# This prevents g-ir-scanner from writing cache data to $HOME	105	# This prevents g-ir-scanner from writing cache data to user's HOME dir
106	export GI_SCANNER_DISABLE_CACHE=1	106	export GI_SCANNER_DISABLE_CACHE=1
107		107
108	g-ir-scanner --lib-dirs-envvar=GIR_EXTRA_LIBS_PATH --use-binary-wrapper=${STAGING_BINDIR}/g-ir-scanner-qemuwrapper --use-ldd-wrapper=${STAGING_BINDIR}/g-ir-scanner-lddwrapper --add-include-path=${STAGING_DATADIR}/gir-1.0 --add-include-path=${STAGING_LIBDIR}/gir-1.0 "\$@"	108	g-ir-scanner --lib-dirs-envvar=GIR_EXTRA_LIBS_PATH --use-binary-wrapper=${STAGING_BINDIR}/g-ir-scanner-qemuwrapper --use-ldd-wrapper=${STAGING_BINDIR}/g-ir-scanner-lddwrapper --add-include-path=${STAGING_DATADIR}/gir-1.0 --add-include-path=${STAGING_LIBDIR}/gir-1.0 "\$@"


diff --git a/meta/recipes-gnome/libnotify/libnotify_0.7.8.bb b/meta/recipes-gnome/libnotify/libnotify_0.7.8.bb index 0306b04f4e..6b59029255 100644 --- a/meta/recipes-gnome/libnotify/libnotify_0.7.8.bb +++ b/meta/recipes-gnome/libnotify/libnotify_0.7.8.bb
@@ -1,4 +1,8 @@
1	SUMMARY = "Library for sending desktop notifications to a notification daemon"	1	SUMMARY = "Library for sending desktop notifications to a notification daemon"
		2	DESCRIPTION = "It sends desktop notifications to a notification daemon, as defined \
		3	in the Desktop Notifications spec. These notifications can be used to inform \
		4	the user about an event or display some form of information without getting \
		5	in the user's way."
2	HOMEPAGE = "https://gitlab.gnome.org/GNOME/libnotify"	6	HOMEPAGE = "https://gitlab.gnome.org/GNOME/libnotify"
3	BUGTRACKER = "https://gitlab.gnome.org/GNOME/libnotify/issues"	7	BUGTRACKER = "https://gitlab.gnome.org/GNOME/libnotify/issues"
4	SECTION = "libs"	8	SECTION = "libs"
@@ -20,3 +24,6 @@ PROVIDES += "libnotify3"
20	RPROVIDES_${PN} += "libnotify3"	24	RPROVIDES_${PN} += "libnotify3"
21	RCONFLICTS_${PN} += "libnotify3"	25	RCONFLICTS_${PN} += "libnotify3"
22	RREPLACES_${PN} += "libnotify3"	26	RREPLACES_${PN} += "libnotify3"
		27
		28	# -7381 is specific to the NodeJS bindings
		29	CVE_CHECK_WHITELIST += "CVE-2013-7381"


diff --git a/meta/recipes-gnome/librsvg/librsvg_2.40.21.bb b/meta/recipes-gnome/librsvg/librsvg_2.40.21.bb index 237aec6062..ef1dae0a69 100644 --- a/meta/recipes-gnome/librsvg/librsvg_2.40.21.bb +++ b/meta/recipes-gnome/librsvg/librsvg_2.40.21.bb
@@ -25,6 +25,9 @@ SRC_URI += "file://gtk-option.patch \
25		25
26	SRC_URI[archive.sha256sum] = "f7628905f1cada84e87e2b14883ed57d8094dca3281d5bcb24ece4279e9a92ba"	26	SRC_URI[archive.sha256sum] = "f7628905f1cada84e87e2b14883ed57d8094dca3281d5bcb24ece4279e9a92ba"
27		27
		28	# Issue only on windows
		29	CVE_CHECK_WHITELIST += "CVE-2018-1000041"
		30
28	CACHED_CONFIGUREVARS = "ac_cv_path_GDK_PIXBUF_QUERYLOADERS=${STAGING_LIBDIR_NATIVE}/gdk-pixbuf-2.0/gdk-pixbuf-query-loaders"	31	CACHED_CONFIGUREVARS = "ac_cv_path_GDK_PIXBUF_QUERYLOADERS=${STAGING_LIBDIR_NATIVE}/gdk-pixbuf-2.0/gdk-pixbuf-query-loaders"
29		32
30	PACKAGECONFIG ??= "gdkpixbuf"	33	PACKAGECONFIG ??= "gdkpixbuf"


diff --git a/meta/recipes-gnome/libsecret/libsecret_0.20.1.bb b/meta/recipes-gnome/libsecret/libsecret_0.20.1.bb index 72511af02d..8b5d301515 100644 --- a/meta/recipes-gnome/libsecret/libsecret_0.20.1.bb +++ b/meta/recipes-gnome/libsecret/libsecret_0.20.1.bb
@@ -4,6 +4,7 @@ the freedesktop.org project, a cross-desktop effort to access passwords, \
4	tokens and other types of secrets. libsecret provides a convenient wrapper \	4	tokens and other types of secrets. libsecret provides a convenient wrapper \
5	for these methods so consumers do not have to call the low-level DBus methods."	5	for these methods so consumers do not have to call the low-level DBus methods."
6	LICENSE = "LGPLv2.1"	6	LICENSE = "LGPLv2.1"
		7	HOMEPAGE = "https://github.com/GNOME/libsecret"
7	BUGTRACKER = "https://gitlab.gnome.org/GNOME/libsecret/issues"	8	BUGTRACKER = "https://gitlab.gnome.org/GNOME/libsecret/issues"
8	LIC_FILES_CHKSUM = "file://COPYING;md5=23c2a5e0106b99d75238986559bb5fc6"	9	LIC_FILES_CHKSUM = "file://COPYING;md5=23c2a5e0106b99d75238986559bb5fc6"
9		10