summaryrefslogtreecommitdiff
path: root/user/evince
diff options
context:
space:
mode:
Diffstat (limited to 'user/evince')
-rw-r--r--user/evince/APKBUILD15
-rw-r--r--user/evince/CVE-2019-11459.patch72
2 files changed, 81 insertions, 6 deletions
diff --git a/user/evince/APKBUILD b/user/evince/APKBUILD
index a98bf2cf9..ea6b66231 100644
--- a/user/evince/APKBUILD
+++ b/user/evince/APKBUILD
@@ -2,7 +2,7 @@
# Maintainer: A. Wilcox <awilfox@adelielinux.org>
pkgname=evince
pkgver=3.32.0
-pkgrel=1
+pkgrel=2
pkgdesc="GNOME document viewer"
url="https://wiki.gnome.org/Apps/Evince"
arch="all"
@@ -14,10 +14,14 @@ makedepends="djvulibre-dev glib-dev gobject-introspection-dev
libsecret-dev libspectre-dev libxml2-dev libxml2-utils poppler-dev
tiff-dev zlib-dev"
subpackages="$pkgname-dev $pkgname-doc $pkgname-lang"
-source="https://ftp.gnome.org/pub/gnome/sources/evince/3.32/evince-$pkgver.tar.xz"
+source="https://ftp.gnome.org/pub/gnome/sources/evince/3.32/evince-$pkgver.tar.xz
+ CVE-2019-11459.patch"
+
+# secfixes:
+# 3.32.0-r2:
+# - CVE-2019-11459
build() {
- cd "$builddir"
./configure \
--build=$CBUILD \
--host=$CHOST \
@@ -65,13 +69,12 @@ build() {
}
check() {
- cd "$builddir"
make check
}
package() {
- cd "$builddir"
make DESTDIR="$pkgdir" install
}
-sha512sums="565298a200d9ae2f6b4cb53c3cba0d0d0e4cfbef60e4145bfb9c82a5682947ceb2371e52c27179cd69a238cd387bcfd744d3c55df814b6347f07781aec3ea658 evince-3.32.0.tar.xz"
+sha512sums="565298a200d9ae2f6b4cb53c3cba0d0d0e4cfbef60e4145bfb9c82a5682947ceb2371e52c27179cd69a238cd387bcfd744d3c55df814b6347f07781aec3ea658 evince-3.32.0.tar.xz
+ebb8e2e0b2754d4634c99fda7669171e97b583dfbcd383682b70eb36ce816f1bcf1c2cb81b4ffbfac86db891d9f63bd0c2d90ff9ca3838c64a258b6a0002f7c4 CVE-2019-11459.patch"
diff --git a/user/evince/CVE-2019-11459.patch b/user/evince/CVE-2019-11459.patch
new file mode 100644
index 000000000..b331a0c30
--- /dev/null
+++ b/user/evince/CVE-2019-11459.patch
@@ -0,0 +1,72 @@
+From 234f034a4d15cd46dd556f4945f99fbd57ef5f15 Mon Sep 17 00:00:00 2001
+From: Jason Crain <jcrain@src.gnome.org>
+Date: Mon, 15 Apr 2019 23:06:36 -0600
+Subject: [PATCH] tiff: Handle failure from TIFFReadRGBAImageOriented
+
+The TIFFReadRGBAImageOriented function returns zero if it was unable to
+read the image. Return NULL in this case instead of displaying
+uninitialized memory.
+
+Fixes #1129
+---
+ backend/tiff/tiff-document.c | 28 ++++++++++++++++++----------
+ 1 file changed, 18 insertions(+), 10 deletions(-)
+
+diff --git a/backend/tiff/tiff-document.c b/backend/tiff/tiff-document.c
+index 7715031b..38bb3bd8 100644
+--- a/backend/tiff/tiff-document.c
++++ b/backend/tiff/tiff-document.c
+@@ -292,18 +292,22 @@ tiff_document_render (EvDocument *document,
+ g_warning("Failed to allocate memory for rendering.");
+ return NULL;
+ }
+-
++
++ if (!TIFFReadRGBAImageOriented (tiff_document->tiff,
++ width, height,
++ (uint32 *)pixels,
++ orientation, 0)) {
++ g_warning ("Failed to read TIFF image.");
++ g_free (pixels);
++ return NULL;
++ }
++
+ surface = cairo_image_surface_create_for_data (pixels,
+ CAIRO_FORMAT_RGB24,
+ width, height,
+ rowstride);
+ cairo_surface_set_user_data (surface, &key,
+ pixels, (cairo_destroy_func_t)g_free);
+-
+- TIFFReadRGBAImageOriented (tiff_document->tiff,
+- width, height,
+- (uint32 *)pixels,
+- orientation, 0);
+ pop_handlers ();
+
+ /* Convert the format returned by libtiff to
+@@ -384,13 +388,17 @@ tiff_document_get_thumbnail (EvDocument *document,
+ if (!pixels)
+ return NULL;
+
++ if (!TIFFReadRGBAImageOriented (tiff_document->tiff,
++ width, height,
++ (uint32 *)pixels,
++ ORIENTATION_TOPLEFT, 0)) {
++ g_free (pixels);
++ return NULL;
++ }
++
+ pixbuf = gdk_pixbuf_new_from_data (pixels, GDK_COLORSPACE_RGB, TRUE, 8,
+ width, height, rowstride,
+ (GdkPixbufDestroyNotify) g_free, NULL);
+- TIFFReadRGBAImageOriented (tiff_document->tiff,
+- width, height,
+- (uint32 *)pixels,
+- ORIENTATION_TOPLEFT, 0);
+ pop_handlers ();
+
+ ev_render_context_compute_scaled_size (rc, width, height * (x_res / y_res),
+--
+2.21.0
+