aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorArmin Kuster <akuster@mvista.com>2016-01-31 07:14:33 -0800
committerJoshua Lock <joshua.g.lock@intel.com>2016-02-29 15:05:16 +0000
commit50602eebe1150819c320b6b611dcd792573eb55a (patch)
treea487e065c3148691688c4f31b9aa39f3d1f409df
parent4e21caee47a0ca3e66e84a15d104d3b532731263 (diff)
downloadopenembedded-core-50602eebe1150819c320b6b611dcd792573eb55a.zip
openembedded-core-50602eebe1150819c320b6b611dcd792573eb55a.tar.gz
openembedded-core-50602eebe1150819c320b6b611dcd792573eb55a.tar.bz2
gdk-pixbuf: Security fix CVE-2015-7674
CVE-2015-7674 Heap overflow with a gif file in gdk-pixbuf < 2.32.1 (From OE-Core master rev: f2b16d0f9c3ad67fdf63e9e41f42a6d54f1043e4) Signed-off-by: Armin Kuster <akuster@mvista.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> Signed-off-by: Armin Kuster <akuster@mvista.com> Signed-off-by: Joshua Lock <joshua.g.lock@intel.com>
-rw-r--r--meta/recipes-gnome/gdk-pixbuf/gdk-pixbuf/CVE-2015-7674.patch39
-rw-r--r--meta/recipes-gnome/gdk-pixbuf/gdk-pixbuf_2.30.8.bb1
2 files changed, 40 insertions, 0 deletions
diff --git a/meta/recipes-gnome/gdk-pixbuf/gdk-pixbuf/CVE-2015-7674.patch b/meta/recipes-gnome/gdk-pixbuf/gdk-pixbuf/CVE-2015-7674.patch
new file mode 100644
index 0000000..d516e88
--- /dev/null
+++ b/meta/recipes-gnome/gdk-pixbuf/gdk-pixbuf/CVE-2015-7674.patch
@@ -0,0 +1,39 @@
+From e9a5704edaa9aee9498f1fbf6e1b70fcce2e55aa Mon Sep 17 00:00:00 2001
+From: Benjamin Otte <otte@redhat.com>
+Date: Tue, 22 Sep 2015 22:44:51 +0200
+Subject: [PATCH] pixops: Don't overflow variables when shifting them
+
+If we shift by 16 bits we need to be sure those 16 bits actually exist.
+They do now.
+
+Upstream-status: Backport
+https://git.gnome.org/browse/gdk-pixbuf/commit/?id=e9a5704edaa9aee9498f1fbf6e1b70fcce2e55aa
+
+CVE: CVE-2015-7674
+Signed-off-by: Armin Kuster <akuster@mvista.com>
+
+---
+ gdk-pixbuf/pixops/pixops.c | 10 +++++-----
+ 1 file changed, 5 insertions(+), 5 deletions(-)
+
+Index: gdk-pixbuf-2.30.8/gdk-pixbuf/pixops/pixops.c
+===================================================================
+--- gdk-pixbuf-2.30.8.orig/gdk-pixbuf/pixops/pixops.c
++++ gdk-pixbuf-2.30.8/gdk-pixbuf/pixops/pixops.c
+@@ -264,11 +264,11 @@ pixops_scale_nearest (guchar *des
+ double scale_x,
+ double scale_y)
+ {
+- int i;
+- int x;
+- int x_step = (1 << SCALE_SHIFT) / scale_x;
+- int y_step = (1 << SCALE_SHIFT) / scale_y;
+- int xmax, xstart, xstop, x_pos, y_pos;
++ gint64 i;
++ gint64 x;
++ gint64 x_step = (1 << SCALE_SHIFT) / scale_x;
++ gint64 y_step = (1 << SCALE_SHIFT) / scale_y;
++ gint64 xmax, xstart, xstop, x_pos, y_pos;
+ const guchar *p;
+
+ #define INNER_LOOP(SRC_CHANNELS,DEST_CHANNELS,ASSIGN_PIXEL) \
diff --git a/meta/recipes-gnome/gdk-pixbuf/gdk-pixbuf_2.30.8.bb b/meta/recipes-gnome/gdk-pixbuf/gdk-pixbuf_2.30.8.bb
index 07c2dce..5a858fb 100644
--- a/meta/recipes-gnome/gdk-pixbuf/gdk-pixbuf_2.30.8.bb
+++ b/meta/recipes-gnome/gdk-pixbuf/gdk-pixbuf_2.30.8.bb
@@ -19,6 +19,7 @@ SRC_URI = "${GNOME_MIRROR}/${BPN}/${MAJ_VER}/${BPN}-${PV}.tar.xz \
file://run-ptest \
file://fatal-loader.patch \
file://0001-pixops-Be-more-careful-about-integer-overflow.patch \
+ file://CVE-2015-7674.patch \
"
SRC_URI[md5sum] = "4fed0d54432f1b69fc6e66e608bd5542"