main/gdk-pixbuf: security fixes (CVE-2017-6311, CVE-2017-6312, CVE-2017-6314)

Partially fixes #6954 CVE-2017-6313: fix N/A, https://bugzilla.gnome.org/show_bug.cgi?id=779016
author: Leonardo Arena <rnalrd@alpinelinux.org> 2017-06-16 08:24:59 +0000
committer: Leonardo Arena <rnalrd@alpinelinux.org> 2017-06-16 08:32:52 +0000
commit: b94677ab61788321ca49525a88ae523c9f0a6bca (patch)
tree: a8aa57f6fa9ce3db67078113380ae43d78571021
parent: 93fd1a38cd5fd45ff4049e23489bd9f46b5065b3 (diff)
download: alpine_aports-b94677ab61788321ca49525a88ae523c9f0a6bca.tar.bz2
alpine_aports-b94677ab61788321ca49525a88ae523c9f0a6bca.tar.xz
alpine_aports-b94677ab61788321ca49525a88ae523c9f0a6bca.zip
4 files changed, 78 insertions, 2 deletions
diff --git a/main/gdk-pixbuf/APKBUILD b/main/gdk-pixbuf/APKBUILD
index e828f3e2f5..335826903d 100644
--- a/main/gdk-pixbuf/APKBUILD
+++ b/main/gdk-pixbuf/APKBUILD
@@ -1,7 +1,7 @@
 # Maintainer: Natanael Copa <ncopa@alpinelinux.org>
 pkgname=gdk-pixbuf
 pkgver=2.36.6
-pkgrel=0
+pkgrel=1
 pkgdesc="GDK Pixbuf library"
 url="http://www.gtk.org/"
 arch="all"
@@ -14,11 +14,20 @@ install="$pkgname.pre-deinstall"
 triggers="$pkgname.trigger=/usr/lib/gdk-pixbuf-2.0/*/loaders"
 subpackages="$pkgname-dev $pkgname-doc $pkgname-lang"
 source="http://ftp.gnome.org/pub/gnome/sources/gdk-pixbuf/${pkgver%.*}/gdk-pixbuf-$pkgver.tar.xz
+        CVE-2017-6311.patch
+        CVE-2017-6312.patch
+        CVE-2017-6314.patch
        "
 replaces="gtk+"
 _builddir="$srcdir"/$pkgname-$pkgver
+# secfixes:
+#   2.36.6-r1:
+#     - CVE-2017-6311
+#     - CVE-2017-6312
+#     - CVE-2017-6314
 prepare() {
        cd "$_builddir"
        for i in $source; do
@@ -57,4 +66,7 @@ dev() {
        default_dev
 }
-sha512sums="b963f01161b58463c83499079545aa946fd824ec5e7167e0898698ac46e0cc3fb3dcb0cac5afabd6b7d957391b9c9bba55f340294076433155fc91052d5403ec  gdk-pixbuf-2.36.6.tar.xz"
+sha512sums="b963f01161b58463c83499079545aa946fd824ec5e7167e0898698ac46e0cc3fb3dcb0cac5afabd6b7d957391b9c9bba55f340294076433155fc91052d5403ec  gdk-pixbuf-2.36.6.tar.xz
+b1da3b159b20fe9fcfb06ec77970d3f4adc516dbc63a9fe7e81dbaa61db2f18188775668a2bc764128186696adc9ee3dfd4dcf1a04faa302e23957d38071a610  CVE-2017-6311.patch
+3b67e10ae02ecfdb541c427f811541e2cd0cfc3f048b1e4b119767b7f8f3a02de8a9c7302c21d23de1ea886f994d4dcdb687580c970d7d49eba80f17075ff0de  CVE-2017-6312.patch
+2ea67f0716234de017f7e8c628d544b40513f23689d70e5e5e2621affabce40ae733d399f64d2641616c114ac7f3fa22396e68142656dbb10993d70181ff5a50  CVE-2017-6314.patch"
diff --git a/main/gdk-pixbuf/CVE-2017-6311.patch b/main/gdk-pixbuf/CVE-2017-6311.patch
new file mode 100644
index 0000000000..d3d65789ee
--- /dev/null
+++ b/main/gdk-pixbuf/CVE-2017-6311.patch
@@ -0,0 +1,23 @@
+@@ -, +, @@ 
+ returned
+ thumbnailer/gnome-thumbnailer-skeleton.c | 6 +++++-
+ 1 file changed, 5 insertions(+), 1 deletion(-)
+--- a/thumbnailer/gnome-thumbnailer-skeleton.c  
+++ a/thumbnailer/gnome-thumbnailer-skeleton.c  
+@@ -315,11 +315,15 @@ int main (int argc, char **argv)
+ #endif
+        g_free (input_filename);
+ 
+-       if (!pixbuf) {
+       if (!pixbuf && error) {
+                g_warning ("Could not thumbnail '%s': %s", filenames[0], error->message);
+                g_error_free (error);
+                g_strfreev (filenames);
+                return 1;
+       } else if (!pixbuf) {
+               g_warning ("Could not thumbnail '%s'", filenames[0]);
+               g_strfreev (filenames);
+               return 1;
+        }
+ 
+        if (gdk_pixbuf_save (pixbuf, output, "png", &error, NULL) == FALSE) {
diff --git a/main/gdk-pixbuf/CVE-2017-6312.patch b/main/gdk-pixbuf/CVE-2017-6312.patch
new file mode 100644
index 0000000000..3cd9bbe757
--- /dev/null
+++ b/main/gdk-pixbuf/CVE-2017-6312.patch
@@ -0,0 +1,25 @@
+--- a/gdk-pixbuf/io-ico.c       
+++ a/gdk-pixbuf/io-ico.c       
+@@ -330,10 +330,8 @@ static void DecodeHeader(guchar *Data, gint Bytes,
+                        return;
+                }
+ 
+-               /* We know how many bytes are in the "header" part. */
+-               State->HeaderSize = entry->DIBoffset + INFOHEADER_SIZE;
+-
+-               if (State->HeaderSize < 0) {
+               /* Avoid invoking undefined behavior in the State->HeaderSize calculation below */
+               if (entry->DIBoffset > G_MAXINT - INFOHEADER_SIZE) {
+                        g_set_error (error,
+                                     GDK_PIXBUF_ERROR,
+                                     GDK_PIXBUF_ERROR_CORRUPT_IMAGE,
+@@ -341,6 +339,9 @@ static void DecodeHeader(guchar *Data, gint Bytes,
+                        return;
+                }
+ 
+               /* We know how many bytes are in the "header" part. */
+               State->HeaderSize = entry->DIBoffset + INFOHEADER_SIZE;
+
+                if (State->HeaderSize>State->BytesInHeaderBuf) {
+                        guchar *tmp=g_try_realloc(State->HeaderBuf,State->HeaderSize);
+                        if (!tmp) {
diff --git a/main/gdk-pixbuf/CVE-2017-6314.patch b/main/gdk-pixbuf/CVE-2017-6314.patch
new file mode 100644
index 0000000000..a345fe03fd
--- /dev/null
+++ b/main/gdk-pixbuf/CVE-2017-6314.patch
@@ -0,0 +1,16 @@
+--- gdk-pixbuf-2.30.8/gdk-pixbuf/io-tiff.c      
+++ gdk-pixbuf-2.30.8/gdk-pixbuf/io-tiff.c      
+@@ -458,9 +458,12 @@ make_available_at_least (TiffContext *co
+         need_alloc = context->used + needed;
+         if (need_alloc > context->allocated) {
+                 guint new_size = 1;
+-                while (new_size < need_alloc)
+                while (new_size && (new_size < need_alloc))
+                         new_size *= 2;
+ 
+               if(!(new_size))
+                       return FALSE;
+
+                 new_buffer = g_try_realloc (context->buffer, new_size);
+                 if (new_buffer) {
+                         context->buffer = new_buffer;
author	Leonardo Arena <rnalrd@alpinelinux.org>	2017-06-16 08:24:59 +0000
committer	Leonardo Arena <rnalrd@alpinelinux.org>	2017-06-16 08:32:52 +0000
commit	b94677ab61788321ca49525a88ae523c9f0a6bca (patch)
tree	a8aa57f6fa9ce3db67078113380ae43d78571021
parent	93fd1a38cd5fd45ff4049e23489bd9f46b5065b3 (diff)
download	alpine_aports-b94677ab61788321ca49525a88ae523c9f0a6bca.tar.bz2 alpine_aports-b94677ab61788321ca49525a88ae523c9f0a6bca.tar.xz alpine_aports-b94677ab61788321ca49525a88ae523c9f0a6bca.zip

diff --git a/main/gdk-pixbuf/APKBUILD b/main/gdk-pixbuf/APKBUILD index e828f3e2f5..335826903d 100644 --- a/main/gdk-pixbuf/APKBUILD +++ b/main/gdk-pixbuf/APKBUILD
@@ -1,7 +1,7 @@
1	# Maintainer: Natanael Copa <ncopa@alpinelinux.org>	1	# Maintainer: Natanael Copa <ncopa@alpinelinux.org>
2	pkgname=gdk-pixbuf	2	pkgname=gdk-pixbuf
3	pkgver=2.36.6	3	pkgver=2.36.6
4	pkgrel=0	4	pkgrel=1
5	pkgdesc="GDK Pixbuf library"	5	pkgdesc="GDK Pixbuf library"
6	url="http://www.gtk.org/"	6	url="http://www.gtk.org/"
7	arch="all"	7	arch="all"
@@ -14,11 +14,20 @@ install="$pkgname.pre-deinstall"
14	triggers="$pkgname.trigger=/usr/lib/gdk-pixbuf-2.0/*/loaders"	14	triggers="$pkgname.trigger=/usr/lib/gdk-pixbuf-2.0/*/loaders"
15	subpackages="$pkgname-dev $pkgname-doc $pkgname-lang"	15	subpackages="$pkgname-dev $pkgname-doc $pkgname-lang"
16	source="http://ftp.gnome.org/pub/gnome/sources/gdk-pixbuf/${pkgver%.*}/gdk-pixbuf-$pkgver.tar.xz	16	source="http://ftp.gnome.org/pub/gnome/sources/gdk-pixbuf/${pkgver%.*}/gdk-pixbuf-$pkgver.tar.xz
		17	CVE-2017-6311.patch
		18	CVE-2017-6312.patch
		19	CVE-2017-6314.patch
17	"	20	"
18	replaces="gtk+"	21	replaces="gtk+"
19		22
20	_builddir="$srcdir"/$pkgname-$pkgver	23	_builddir="$srcdir"/$pkgname-$pkgver
21		24
		25	# secfixes:
		26	# 2.36.6-r1:
		27	# - CVE-2017-6311
		28	# - CVE-2017-6312
		29	# - CVE-2017-6314
		30
22	prepare() {	31	prepare() {
23	cd "$_builddir"	32	cd "$_builddir"
24	for i in $source; do	33	for i in $source; do
@@ -57,4 +66,7 @@ dev() {
57	default_dev	66	default_dev
58	}	67	}
59		68
60	sha512sums="b963f01161b58463c83499079545aa946fd824ec5e7167e0898698ac46e0cc3fb3dcb0cac5afabd6b7d957391b9c9bba55f340294076433155fc91052d5403ec gdk-pixbuf-2.36.6.tar.xz"	69	sha512sums="b963f01161b58463c83499079545aa946fd824ec5e7167e0898698ac46e0cc3fb3dcb0cac5afabd6b7d957391b9c9bba55f340294076433155fc91052d5403ec gdk-pixbuf-2.36.6.tar.xz
		70	b1da3b159b20fe9fcfb06ec77970d3f4adc516dbc63a9fe7e81dbaa61db2f18188775668a2bc764128186696adc9ee3dfd4dcf1a04faa302e23957d38071a610 CVE-2017-6311.patch
		71	3b67e10ae02ecfdb541c427f811541e2cd0cfc3f048b1e4b119767b7f8f3a02de8a9c7302c21d23de1ea886f994d4dcdb687580c970d7d49eba80f17075ff0de CVE-2017-6312.patch
		72	2ea67f0716234de017f7e8c628d544b40513f23689d70e5e5e2621affabce40ae733d399f64d2641616c114ac7f3fa22396e68142656dbb10993d70181ff5a50 CVE-2017-6314.patch"


diff --git a/main/gdk-pixbuf/CVE-2017-6311.patch b/main/gdk-pixbuf/CVE-2017-6311.patch new file mode 100644 index 0000000000..d3d65789ee --- /dev/null +++ b/main/gdk-pixbuf/CVE-2017-6311.patch
@@ -0,0 +1,23 @@
		1	@@ -, +, @@
		2	returned
		3	thumbnailer/gnome-thumbnailer-skeleton.c \| 6 +++++-
		4	1 file changed, 5 insertions(+), 1 deletion(-)
		5	--- a/thumbnailer/gnome-thumbnailer-skeleton.c
		6	+++ a/thumbnailer/gnome-thumbnailer-skeleton.c
		7	@@ -315,11 +315,15 @@ int main (int argc, char **argv)
		8	#endif
		9	g_free (input_filename);
		10
		11	- if (!pixbuf) {
		12	+ if (!pixbuf && error) {
		13	g_warning ("Could not thumbnail '%s': %s", filenames[0], error->message);
		14	g_error_free (error);
		15	g_strfreev (filenames);
		16	return 1;
		17	+ } else if (!pixbuf) {
		18	+ g_warning ("Could not thumbnail '%s'", filenames[0]);
		19	+ g_strfreev (filenames);
		20	+ return 1;
		21	}
		22
		23	if (gdk_pixbuf_save (pixbuf, output, "png", &error, NULL) == FALSE) {


diff --git a/main/gdk-pixbuf/CVE-2017-6312.patch b/main/gdk-pixbuf/CVE-2017-6312.patch new file mode 100644 index 0000000000..3cd9bbe757 --- /dev/null +++ b/main/gdk-pixbuf/CVE-2017-6312.patch
@@ -0,0 +1,25 @@
		1	--- a/gdk-pixbuf/io-ico.c
		2	+++ a/gdk-pixbuf/io-ico.c
		3	@@ -330,10 +330,8 @@ static void DecodeHeader(guchar *Data, gint Bytes,
		4	return;
		5	}
		6
		7	- /* We know how many bytes are in the "header" part. */
		8	- State->HeaderSize = entry->DIBoffset + INFOHEADER_SIZE;
		9	-
		10	- if (State->HeaderSize < 0) {
		11	+ /* Avoid invoking undefined behavior in the State->HeaderSize calculation below */
		12	+ if (entry->DIBoffset > G_MAXINT - INFOHEADER_SIZE) {
		13	g_set_error (error,
		14	GDK_PIXBUF_ERROR,
		15	GDK_PIXBUF_ERROR_CORRUPT_IMAGE,
		16	@@ -341,6 +339,9 @@ static void DecodeHeader(guchar *Data, gint Bytes,
		17	return;
		18	}
		19
		20	+ /* We know how many bytes are in the "header" part. */
		21	+ State->HeaderSize = entry->DIBoffset + INFOHEADER_SIZE;
		22	+
		23	if (State->HeaderSize>State->BytesInHeaderBuf) {
		24	guchar *tmp=g_try_realloc(State->HeaderBuf,State->HeaderSize);
		25	if (!tmp) {


diff --git a/main/gdk-pixbuf/CVE-2017-6314.patch b/main/gdk-pixbuf/CVE-2017-6314.patch new file mode 100644 index 0000000000..a345fe03fd --- /dev/null +++ b/main/gdk-pixbuf/CVE-2017-6314.patch
@@ -0,0 +1,16 @@
		1	--- gdk-pixbuf-2.30.8/gdk-pixbuf/io-tiff.c
		2	+++ gdk-pixbuf-2.30.8/gdk-pixbuf/io-tiff.c
		3	@@ -458,9 +458,12 @@ make_available_at_least (TiffContext *co
		4	need_alloc = context->used + needed;
		5	if (need_alloc > context->allocated) {
		6	guint new_size = 1;
		7	- while (new_size < need_alloc)
		8	+ while (new_size && (new_size < need_alloc))
		9	new_size *= 2;
		10
		11	+ if(!(new_size))
		12	+ return FALSE;
		13	+
		14	new_buffer = g_try_realloc (context->buffer, new_size);
		15	if (new_buffer) {
		16	context->buffer = new_buffer;