diff options
Diffstat (limited to 'user/evince')
-rw-r--r-- | user/evince/APKBUILD | 15 | ||||
-rw-r--r-- | user/evince/CVE-2019-11459.patch | 72 |
2 files changed, 81 insertions, 6 deletions
diff --git a/user/evince/APKBUILD b/user/evince/APKBUILD index a98bf2cf9..ea6b66231 100644 --- a/user/evince/APKBUILD +++ b/user/evince/APKBUILD @@ -2,7 +2,7 @@ # Maintainer: A. Wilcox <awilfox@adelielinux.org> pkgname=evince pkgver=3.32.0 -pkgrel=1 +pkgrel=2 pkgdesc="GNOME document viewer" url="https://wiki.gnome.org/Apps/Evince" arch="all" @@ -14,10 +14,14 @@ makedepends="djvulibre-dev glib-dev gobject-introspection-dev libsecret-dev libspectre-dev libxml2-dev libxml2-utils poppler-dev tiff-dev zlib-dev" subpackages="$pkgname-dev $pkgname-doc $pkgname-lang" -source="https://ftp.gnome.org/pub/gnome/sources/evince/3.32/evince-$pkgver.tar.xz" +source="https://ftp.gnome.org/pub/gnome/sources/evince/3.32/evince-$pkgver.tar.xz + CVE-2019-11459.patch" + +# secfixes: +# 3.32.0-r2: +# - CVE-2019-11459 build() { - cd "$builddir" ./configure \ --build=$CBUILD \ --host=$CHOST \ @@ -65,13 +69,12 @@ build() { } check() { - cd "$builddir" make check } package() { - cd "$builddir" make DESTDIR="$pkgdir" install } -sha512sums="565298a200d9ae2f6b4cb53c3cba0d0d0e4cfbef60e4145bfb9c82a5682947ceb2371e52c27179cd69a238cd387bcfd744d3c55df814b6347f07781aec3ea658 evince-3.32.0.tar.xz" +sha512sums="565298a200d9ae2f6b4cb53c3cba0d0d0e4cfbef60e4145bfb9c82a5682947ceb2371e52c27179cd69a238cd387bcfd744d3c55df814b6347f07781aec3ea658 evince-3.32.0.tar.xz +ebb8e2e0b2754d4634c99fda7669171e97b583dfbcd383682b70eb36ce816f1bcf1c2cb81b4ffbfac86db891d9f63bd0c2d90ff9ca3838c64a258b6a0002f7c4 CVE-2019-11459.patch" diff --git a/user/evince/CVE-2019-11459.patch b/user/evince/CVE-2019-11459.patch new file mode 100644 index 000000000..b331a0c30 --- /dev/null +++ b/user/evince/CVE-2019-11459.patch @@ -0,0 +1,72 @@ +From 234f034a4d15cd46dd556f4945f99fbd57ef5f15 Mon Sep 17 00:00:00 2001 +From: Jason Crain <jcrain@src.gnome.org> +Date: Mon, 15 Apr 2019 23:06:36 -0600 +Subject: [PATCH] tiff: Handle failure from TIFFReadRGBAImageOriented + +The TIFFReadRGBAImageOriented function returns zero if it was unable to +read the image. Return NULL in this case instead of displaying +uninitialized memory. + +Fixes #1129 +--- + backend/tiff/tiff-document.c | 28 ++++++++++++++++++---------- + 1 file changed, 18 insertions(+), 10 deletions(-) + +diff --git a/backend/tiff/tiff-document.c b/backend/tiff/tiff-document.c +index 7715031b..38bb3bd8 100644 +--- a/backend/tiff/tiff-document.c ++++ b/backend/tiff/tiff-document.c +@@ -292,18 +292,22 @@ tiff_document_render (EvDocument *document, + g_warning("Failed to allocate memory for rendering."); + return NULL; + } +- ++ ++ if (!TIFFReadRGBAImageOriented (tiff_document->tiff, ++ width, height, ++ (uint32 *)pixels, ++ orientation, 0)) { ++ g_warning ("Failed to read TIFF image."); ++ g_free (pixels); ++ return NULL; ++ } ++ + surface = cairo_image_surface_create_for_data (pixels, + CAIRO_FORMAT_RGB24, + width, height, + rowstride); + cairo_surface_set_user_data (surface, &key, + pixels, (cairo_destroy_func_t)g_free); +- +- TIFFReadRGBAImageOriented (tiff_document->tiff, +- width, height, +- (uint32 *)pixels, +- orientation, 0); + pop_handlers (); + + /* Convert the format returned by libtiff to +@@ -384,13 +388,17 @@ tiff_document_get_thumbnail (EvDocument *document, + if (!pixels) + return NULL; + ++ if (!TIFFReadRGBAImageOriented (tiff_document->tiff, ++ width, height, ++ (uint32 *)pixels, ++ ORIENTATION_TOPLEFT, 0)) { ++ g_free (pixels); ++ return NULL; ++ } ++ + pixbuf = gdk_pixbuf_new_from_data (pixels, GDK_COLORSPACE_RGB, TRUE, 8, + width, height, rowstride, + (GdkPixbufDestroyNotify) g_free, NULL); +- TIFFReadRGBAImageOriented (tiff_document->tiff, +- width, height, +- (uint32 *)pixels, +- ORIENTATION_TOPLEFT, 0); + pop_handlers (); + + ev_render_context_compute_scaled_size (rc, width, height * (x_res / y_res), +-- +2.21.0 + |