Hello community,
here is the log from the commit of package gdk-pixbuf for openSUSE:Factory
checked in at 2020-07-28 17:24:27
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:Factory/gdk-pixbuf (Old)
and /work/SRC/openSUSE:Factory/.gdk-pixbuf.new.3592 (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "gdk-pixbuf"
Tue Jul 28 17:24:27 2020 rev:79 rq:822966 version:2.40.0
Changes:
--------
--- /work/SRC/openSUSE:Factory/gdk-pixbuf/gdk-pixbuf.changes 2020-02-29
21:21:09.894118774 +0100
+++ /work/SRC/openSUSE:Factory/.gdk-pixbuf.new.3592/gdk-pixbuf.changes
2020-07-28 17:25:04.273886551 +0200
@@ -1,0 +2,7 @@
+Mon Jul 27 06:56:15 UTC 2020 - Jia Zhaocong <zc...@suse.com>
+
+- Add gdk-pixbuf-boo1174307-io-gif-overflow.patch: Avoid overflows
+ by checking the memset length argument (boo#1174307).
+- Raise dependency glib-2.0 version.
+
+-------------------------------------------------------------------
New:
----
gdk-pixbuf-boo1174307-io-gif-overflow.patch
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Other differences:
------------------
++++++ gdk-pixbuf.spec ++++++
--- /var/tmp/diff_new_pack.ebrKz2/_old 2020-07-28 17:25:05.861888353 +0200
+++ /var/tmp/diff_new_pack.ebrKz2/_new 2020-07-28 17:25:05.865888357 +0200
@@ -37,6 +37,9 @@
Source3: gdk-pixbuf-rpmlintrc
Source99: baselibs.conf
+# PATCH-FIX-UPSTREAM gdk-pixbuf-boo1174307-io-gif-overflow.patch boo#1174307
glgo#GNOME/gdk-pixbuf#132 zc...@suse.com -- Avoid overflows by checking the
memset length argument
+Patch0: gdk-pixbuf-boo1174307-io-gif-overflow.patch
+
BuildRequires: docbook-xsl-stylesheets
BuildRequires: gtk-doc
BuildRequires: libjpeg-devel
@@ -46,7 +49,7 @@
BuildRequires: translation-update-upstream
BuildRequires: unzip
BuildRequires: xsltproc
-BuildRequires: pkgconfig(glib-2.0) >= 2.48.0
+BuildRequires: pkgconfig(glib-2.0) >= 2.56.0
BuildRequires: pkgconfig(gobject-introspection-1.0)
BuildRequires: pkgconfig(libpng)
BuildRequires: pkgconfig(x11)
@@ -135,6 +138,7 @@
%setup -c -T -q
unzip -P gecko %{SOURCE0}
translation-update-upstream
+%patch0 -p1
%if "%{_lib}" == "lib64"
cp -a %{SOURCE2} .
%endif
++++++ gdk-pixbuf-boo1174307-io-gif-overflow.patch ++++++
>From 43ec8f286e3d499d82735c16bbca83d7a1c03efa Mon Sep 17 00:00:00 2001
From: Emmanuele Bassi <eba...@gnome.org>
Date: Wed, 1 Apr 2020 18:11:55 +0100
Subject: [PATCH] Check the memset length argument
Avoid overflows by using the checked multiplication macro for gsize.
Fixes: #132
---
gdk-pixbuf/io-gif-animation.c | 6 +++++-
1 file changed, 5 insertions(+), 1 deletion(-)
diff --git a/gdk-pixbuf/io-gif-animation.c b/gdk-pixbuf/io-gif-animation.c
index a3155e065..d74296337 100644
--- a/gdk-pixbuf/io-gif-animation.c
+++ b/gdk-pixbuf/io-gif-animation.c
@@ -411,11 +411,15 @@ gdk_pixbuf_gif_anim_iter_get_pixbuf
(GdkPixbufAnimationIter *anim_iter)
/* If no rendered frame, render the first frame */
if (anim->last_frame == NULL) {
+ gsize len = 0;
if (anim->last_frame_data == NULL)
anim->last_frame_data = gdk_pixbuf_new
(GDK_COLORSPACE_RGB, TRUE, 8, anim->width, anim->height);
if (anim->last_frame_data == NULL)
return NULL;
- memset (gdk_pixbuf_get_pixels (anim->last_frame_data), 0,
gdk_pixbuf_get_rowstride (anim->last_frame_data) * anim->height);
+ if (g_size_checked_mul (&len, gdk_pixbuf_get_rowstride
(anim->last_frame_data), anim->height))
+ memset (gdk_pixbuf_get_pixels (anim->last_frame_data),
0, len);
+ else
+ return NULL;
composite_frame (anim, g_list_nth_data (anim->frames, 0));
}
--
GitLab
