mirror of
https://git.in.rschanz.org/ryan77627/guix.git
synced 2024-12-24 21:38:07 -05:00
gnu: pixman: Add fix for CVE-2016-5296.
* gnu/packages/patches/pixman-CVE-2016-5296.patch: New file. * gnu/local.mk (dist_patch_DATA): Add it. * gnu/packages/xdisorg.scm (pixman)[replacement]: New field. (pixman/fixed): New variable.
This commit is contained in:
parent
05ceb8dcaf
commit
56ac2bf442
3 changed files with 29 additions and 1 deletions
|
@ -785,6 +785,7 @@ dist_patch_DATA = \
|
||||||
%D%/packages/patches/pinball-src-deps.patch \
|
%D%/packages/patches/pinball-src-deps.patch \
|
||||||
%D%/packages/patches/pinball-system-ltdl.patch \
|
%D%/packages/patches/pinball-system-ltdl.patch \
|
||||||
%D%/packages/patches/pingus-sdl-libs-config.patch \
|
%D%/packages/patches/pingus-sdl-libs-config.patch \
|
||||||
|
%D%/packages/patches/pixman-CVE-2016-5296.patch \
|
||||||
%D%/packages/patches/plink-1.07-unclobber-i.patch \
|
%D%/packages/patches/plink-1.07-unclobber-i.patch \
|
||||||
%D%/packages/patches/plink-endian-detection.patch \
|
%D%/packages/patches/plink-endian-detection.patch \
|
||||||
%D%/packages/patches/plotutils-libpng-jmpbuf.patch \
|
%D%/packages/patches/plotutils-libpng-jmpbuf.patch \
|
||||||
|
|
19
gnu/packages/patches/pixman-CVE-2016-5296.patch
Normal file
19
gnu/packages/patches/pixman-CVE-2016-5296.patch
Normal file
|
@ -0,0 +1,19 @@
|
||||||
|
Fix CVE-2016-5296: Heap-buffer-overflow WRITE in rasterize_edges_1
|
||||||
|
Adapted for upstream pixman based on:
|
||||||
|
|
||||||
|
https://hg.mozilla.org/releases/mozilla-esr45/rev/5e39c1c2fded
|
||||||
|
|
||||||
|
--- pixman-0.34.0/pixman/pixman-edge-imp.h.orig 2015-06-30 05:48:31.000000000 -0400
|
||||||
|
+++ pixman-0.34.0/pixman/pixman-edge-imp.h 2016-11-16 01:09:34.046335106 -0500
|
||||||
|
@@ -55,8 +55,9 @@
|
||||||
|
*
|
||||||
|
* (The AA case does a similar adjustment in RENDER_SAMPLES_X)
|
||||||
|
*/
|
||||||
|
- lx += X_FRAC_FIRST(1) - pixman_fixed_e;
|
||||||
|
- rx += X_FRAC_FIRST(1) - pixman_fixed_e;
|
||||||
|
+ /* we cast to unsigned to get defined behaviour for overflow */
|
||||||
|
+ lx = (unsigned)lx + X_FRAC_FIRST(1) - pixman_fixed_e;
|
||||||
|
+ rx = (unsigned)rx + X_FRAC_FIRST(1) - pixman_fixed_e;
|
||||||
|
#endif
|
||||||
|
/* clip X */
|
||||||
|
if (lx < 0)
|
|
@ -1,6 +1,6 @@
|
||||||
;;; GNU Guix --- Functional package management for GNU
|
;;; GNU Guix --- Functional package management for GNU
|
||||||
;;; Copyright © 2013, 2014 Andreas Enge <andreas@enge.fr>
|
;;; Copyright © 2013, 2014 Andreas Enge <andreas@enge.fr>
|
||||||
;;; Copyright © 2014, 2015 Mark H Weaver <mhw@netris.org>
|
;;; Copyright © 2014, 2015, 2016 Mark H Weaver <mhw@netris.org>
|
||||||
;;; Copyright © 2014 Eric Bavier <bavier@member.fsf.org>
|
;;; Copyright © 2014 Eric Bavier <bavier@member.fsf.org>
|
||||||
;;; Copyright © 2014, 2015, 2016 Alex Kost <alezost@gmail.com>
|
;;; Copyright © 2014, 2015, 2016 Alex Kost <alezost@gmail.com>
|
||||||
;;; Copyright © 2013, 2015 Ludovic Courtès <ludo@gnu.org>
|
;;; Copyright © 2013, 2015 Ludovic Courtès <ludo@gnu.org>
|
||||||
|
@ -241,6 +241,7 @@ (define-public pixman
|
||||||
(package
|
(package
|
||||||
(name "pixman")
|
(name "pixman")
|
||||||
(version "0.34.0")
|
(version "0.34.0")
|
||||||
|
(replacement pixman/fixed)
|
||||||
(source (origin
|
(source (origin
|
||||||
(method url-fetch)
|
(method url-fetch)
|
||||||
(uri (string-append
|
(uri (string-append
|
||||||
|
@ -262,6 +263,13 @@ (define-public pixman
|
||||||
rasterisation.")
|
rasterisation.")
|
||||||
(license license:x11)))
|
(license license:x11)))
|
||||||
|
|
||||||
|
(define pixman/fixed
|
||||||
|
(package
|
||||||
|
(inherit pixman)
|
||||||
|
(source (origin
|
||||||
|
(inherit (package-source pixman))
|
||||||
|
(patches (search-patches "pixman-CVE-2016-5296.patch"))))))
|
||||||
|
|
||||||
|
|
||||||
(define-public libdrm
|
(define-public libdrm
|
||||||
(package
|
(package
|
||||||
|
|
Loading…
Reference in a new issue