diff options
Diffstat (limited to 'user/atril')
-rw-r--r-- | user/atril/APKBUILD | 8 | ||||
-rw-r--r-- | user/atril/CVE-2019-1010006.patch | 54 |
2 files changed, 3 insertions, 59 deletions
diff --git a/user/atril/APKBUILD b/user/atril/APKBUILD index 52f26e4a0..d36e45f69 100644 --- a/user/atril/APKBUILD +++ b/user/atril/APKBUILD @@ -1,8 +1,8 @@ # Contributor: Kiyoshi Aman <kiyoshi.aman+adelie@gmail.com> # Maintainer: Kiyoshi Aman <kiyoshi.aman+adelie@gmail.com> pkgname=atril -pkgver=1.22.1 -pkgrel=2 +pkgver=1.22.2 +pkgrel=0 pkgdesc="Document viewer for the MATE desktop environment" url="https://mate-desktop.org" arch="all" @@ -14,7 +14,6 @@ makedepends="caja-dev djvulibre-dev gobject-introspection-dev gtk+3.0-dev libxml2-dev libxml2-utils poppler-dev python3 tiff-dev" subpackages="$pkgname-dev $pkgname-doc $pkgname-lang" source="https://pub.mate-desktop.org/releases/1.22/atril-$pkgver.tar.xz - CVE-2019-1010006.patch CVE-2019-11459.patch" # secfixes: @@ -46,6 +45,5 @@ package() { make DESTDIR="$pkgdir" install } -sha512sums="838ae397c868ac417c9266e4a06525d66214650cf8647e91c1472d83d50c8954f6dbb29411384892a98f0929e1fbac9947118bd0db10d50400fc0d5270a3619d atril-1.22.1.tar.xz -38ea99130fba5ce174eb4351a8c5b2c4dd9591a81aff72876fa17581be8960f75592184e18d3653fa3286035d9e4899ca1b53e830328a64fc15d0bb4b8176b39 CVE-2019-1010006.patch +sha512sums="99ff55f84649dfb8de931ff2506ff0339852fbb7ed368cee1f6632ba243d2b0384cd0bd649d16c30317fbf786612f54c2404da43d14141e6f9c0944e64c34653 atril-1.22.2.tar.xz ba4ec4b0e10d87f44f189a16cfe2419906e3776edc9bc14f7da9356a8953683e3f7efc441691df131497b08b892d3b291aab416310f259ee6bc0706cc4f02880 CVE-2019-11459.patch" diff --git a/user/atril/CVE-2019-1010006.patch b/user/atril/CVE-2019-1010006.patch deleted file mode 100644 index 913e40312..000000000 --- a/user/atril/CVE-2019-1010006.patch +++ /dev/null @@ -1,54 +0,0 @@ -From aa8c51c24a3d716986ace9a4104a9632436ccff5 Mon Sep 17 00:00:00 2001 -From: lukefromdc <lukefromdc@hushmail.com> -Date: Sat, 27 Jul 2019 15:07:13 -0400 -Subject: [PATCH] Fix buffer overflow in backend/tiff-document.c - - Apply https://gitlab.gnome.org/GNOME/evince/commit/e02fe9170ad0ac2fd46c75329c4f1d4502d4a362 ---- - backend/tiff/tiff-document.c | 17 ++++++++++------- - 1 file changed, 10 insertions(+), 7 deletions(-) - -diff --git a/backend/tiff/tiff-document.c b/backend/tiff/tiff-document.c -index 0aa31cb6..94adc400 100644 ---- a/backend/tiff/tiff-document.c -+++ b/backend/tiff/tiff-document.c -@@ -268,13 +268,14 @@ tiff_document_render (EvDocument *document, - return NULL; - } - -- bytes = height * rowstride; -- if (bytes / rowstride != height) { -+ if (height >= INT_MAX / rowstride) { - g_warning("Overflow while rendering document."); - /* overflow */ - return NULL; - } - -+ bytes = height * rowstride; -+ - pixels = g_try_malloc (bytes); - if (!pixels) { - g_warning("Failed to allocate memory for rendering."); -@@ -356,15 +357,17 @@ tiff_document_render_pixbuf (EvDocument *document, - if (width <= 0 || height <= 0) - return NULL; - -- rowstride = width * 4; -- if (rowstride / 4 != width) -+ if (width >= INT_MAX / 4) - /* overflow */ - return NULL; - -- bytes = height * rowstride; -- if (bytes / rowstride != height) -+ rowstride = width * 4; -+ -+ if (height >= INT_MAX / rowstride) - /* overflow */ -- return NULL; -+ return NULL; -+ -+ bytes = height * rowstride; - - pixels = g_try_malloc (bytes); - if (!pixels) |