gnu: pixman: Add fix for CVE-2016-5296.

* gnu/packages/patches/pixman-CVE-2016-5296.patch: New file.
* gnu/local.mk (dist_patch_DATA): Add it.
* gnu/packages/xdisorg.scm (pixman)[replacement]: New field.
(pixman/fixed): New variable.
This commit is contained in:
Mark H Weaver 2016-11-16 02:14:28 -05:00
parent 05ceb8dcaf
commit 56ac2bf442
No known key found for this signature in database
GPG key ID: 7CEF29847562C516
3 changed files with 29 additions and 1 deletions

View file

@ -785,6 +785,7 @@ dist_patch_DATA = \
%D%/packages/patches/pinball-src-deps.patch \
%D%/packages/patches/pinball-system-ltdl.patch \
%D%/packages/patches/pingus-sdl-libs-config.patch \
%D%/packages/patches/pixman-CVE-2016-5296.patch \
%D%/packages/patches/plink-1.07-unclobber-i.patch \
%D%/packages/patches/plink-endian-detection.patch \
%D%/packages/patches/plotutils-libpng-jmpbuf.patch \

View file

@ -0,0 +1,19 @@
Fix CVE-2016-5296: Heap-buffer-overflow WRITE in rasterize_edges_1
Adapted for upstream pixman based on:
https://hg.mozilla.org/releases/mozilla-esr45/rev/5e39c1c2fded
--- pixman-0.34.0/pixman/pixman-edge-imp.h.orig 2015-06-30 05:48:31.000000000 -0400
+++ pixman-0.34.0/pixman/pixman-edge-imp.h 2016-11-16 01:09:34.046335106 -0500
@@ -55,8 +55,9 @@
*
* (The AA case does a similar adjustment in RENDER_SAMPLES_X)
*/
- lx += X_FRAC_FIRST(1) - pixman_fixed_e;
- rx += X_FRAC_FIRST(1) - pixman_fixed_e;
+ /* we cast to unsigned to get defined behaviour for overflow */
+ lx = (unsigned)lx + X_FRAC_FIRST(1) - pixman_fixed_e;
+ rx = (unsigned)rx + X_FRAC_FIRST(1) - pixman_fixed_e;
#endif
/* clip X */
if (lx < 0)

View file

@ -1,6 +1,6 @@
;;; GNU Guix --- Functional package management for GNU
;;; Copyright © 2013, 2014 Andreas Enge <andreas@enge.fr>
;;; Copyright © 2014, 2015 Mark H Weaver <mhw@netris.org>
;;; Copyright © 2014, 2015, 2016 Mark H Weaver <mhw@netris.org>
;;; Copyright © 2014 Eric Bavier <bavier@member.fsf.org>
;;; Copyright © 2014, 2015, 2016 Alex Kost <alezost@gmail.com>
;;; Copyright © 2013, 2015 Ludovic Courtès <ludo@gnu.org>
@ -241,6 +241,7 @@ (define-public pixman
(package
(name "pixman")
(version "0.34.0")
(replacement pixman/fixed)
(source (origin
(method url-fetch)
(uri (string-append
@ -262,6 +263,13 @@ (define-public pixman
rasterisation.")
(license license:x11)))
(define pixman/fixed
(package
(inherit pixman)
(source (origin
(inherit (package-source pixman))
(patches (search-patches "pixman-CVE-2016-5296.patch"))))))
(define-public libdrm
(package