summaryrefslogtreecommitdiff
path: root/user
diff options
context:
space:
mode:
authorMax Rees <maxcrees@me.com>2019-07-23 19:33:20 -0400
committerMax Rees <maxcrees@me.com>2019-07-23 19:33:20 -0400
commit0dec8e672d9f4dcf03494c0a85b4296ea30c56b7 (patch)
treea168abf9dff1242ba15a08b08c5c5730596ac5b8 /user
parentb0c732dec4e83b2f18cb2cd323373b7247a6f2d3 (diff)
downloadpackages-0dec8e672d9f4dcf03494c0a85b4296ea30c56b7.tar.gz
packages-0dec8e672d9f4dcf03494c0a85b4296ea30c56b7.tar.bz2
packages-0dec8e672d9f4dcf03494c0a85b4296ea30c56b7.tar.xz
packages-0dec8e672d9f4dcf03494c0a85b4296ea30c56b7.zip
user/atril: patch for CVE-2019-1010006
Diffstat (limited to 'user')
-rw-r--r--user/atril/APKBUILD6
-rw-r--r--user/atril/CVE-2019-1010006.patch56
2 files changed, 60 insertions, 2 deletions
diff --git a/user/atril/APKBUILD b/user/atril/APKBUILD
index 5fd885123..d9f1127a9 100644
--- a/user/atril/APKBUILD
+++ b/user/atril/APKBUILD
@@ -13,7 +13,8 @@ makedepends="caja-dev djvulibre-dev gobject-introspection-dev gtk+3.0-dev
intltool itstool libgxps-dev libsecret-dev libsm-dev libspectre-dev
libxml2-dev libxml2-utils poppler-dev python3 tiff-dev"
subpackages="$pkgname-dev $pkgname-doc $pkgname-lang"
-source="https://pub.mate-desktop.org/releases/1.22/atril-$pkgver.tar.xz"
+source="https://pub.mate-desktop.org/releases/1.22/atril-$pkgver.tar.xz
+ CVE-2019-1010006.patch"
build() {
cd "$builddir"
@@ -41,4 +42,5 @@ package() {
make DESTDIR="$pkgdir" install
}
-sha512sums="838ae397c868ac417c9266e4a06525d66214650cf8647e91c1472d83d50c8954f6dbb29411384892a98f0929e1fbac9947118bd0db10d50400fc0d5270a3619d atril-1.22.1.tar.xz"
+sha512sums="838ae397c868ac417c9266e4a06525d66214650cf8647e91c1472d83d50c8954f6dbb29411384892a98f0929e1fbac9947118bd0db10d50400fc0d5270a3619d atril-1.22.1.tar.xz
+ea6db09fe033a8ddf6d90f080858057fad5452a23801e0f41f7a90ec352b71344e8b596a0913deabca333ff24dc5023628eab7c18bc526c0a7f8fb0d680acdf7 CVE-2019-1010006.patch"
diff --git a/user/atril/CVE-2019-1010006.patch b/user/atril/CVE-2019-1010006.patch
new file mode 100644
index 000000000..ce107d193
--- /dev/null
+++ b/user/atril/CVE-2019-1010006.patch
@@ -0,0 +1,56 @@
+From e02fe9170ad0ac2fd46c75329c4f1d4502d4a362 Mon Sep 17 00:00:00 2001
+From: Jason Crain <jcrain@src.gnome.org>
+Date: Sat, 2 Dec 2017 20:24:33 -0600
+Subject: [PATCH] Fix overflow checks in tiff backend
+
+The overflow checks in tiff_document_render and
+tiff_document_get_thumbnail don't work when optimizations are enabled.
+Change the checks so they don't rely on undefined behavior.
+
+https://bugzilla.gnome.org/show_bug.cgi?id=788980
+---
+ backend/tiff/tiff-document.c | 12 ++++++------
+ 1 file changed, 6 insertions(+), 6 deletions(-)
+
+diff --git a/backend/tiff/tiff-document.c b/backend/tiff/tiff-document.c
+index 8f40934e..7bf95c2b 100644
+--- a/backend/tiff/tiff-document.c
++++ b/backend/tiff/tiff-document.c
+@@ -284,12 +284,12 @@ tiff_document_render (EvDocument *document,
+ return NULL;
+ }
+
+- bytes = height * rowstride;
+- if (bytes / rowstride != height) {
++ if (height >= INT_MAX / rowstride) {
+ g_warning("Overflow while rendering document.");
+ /* overflow */
+ return NULL;
+ }
++ bytes = height * rowstride;
+
+ pixels = g_try_malloc (bytes);
+ if (!pixels) {
+@@ -374,15 +374,15 @@ tiff_document_get_thumbnail (EvDocument *document,
+ if (width <= 0 || height <= 0)
+ return NULL;
+
+- rowstride = width * 4;
+- if (rowstride / 4 != width)
++ if (width >= INT_MAX / 4)
+ /* overflow */
+ return NULL;
++ rowstride = width * 4;
+
+- bytes = height * rowstride;
+- if (bytes / rowstride != height)
++ if (height >= INT_MAX / rowstride)
+ /* overflow */
+ return NULL;
++ bytes = height * rowstride;
+
+ pixels = g_try_malloc (bytes);
+ if (!pixels)
+--
+2.21.0
+