diff options
author | Marius Bakke <mbakke@fastmail.com> | 2018-05-06 15:56:24 +0200 |
---|---|---|
committer | Marius Bakke <mbakke@fastmail.com> | 2018-05-06 15:56:24 +0200 |
commit | 12bd588346f8b2fb3709acfe0ee89d153da2db34 (patch) | |
tree | 459d8eb13a0508170ba462fe61a8b45fb55ea79f /gnu/packages/patches/gimp-CVE-2017-17786.patch | |
parent | 7d5adf013127c89826e9fbe9f1a67265b3538609 (diff) | |
parent | 8e020519b45bbdb9403164bd4403f2465bac99ad (diff) | |
download | guix-12bd588346f8b2fb3709acfe0ee89d153da2db34.tar.gz |
Merge branch 'master' into core-updates
Diffstat (limited to 'gnu/packages/patches/gimp-CVE-2017-17786.patch')
-rw-r--r-- | gnu/packages/patches/gimp-CVE-2017-17786.patch | 94 |
1 files changed, 0 insertions, 94 deletions
diff --git a/gnu/packages/patches/gimp-CVE-2017-17786.patch b/gnu/packages/patches/gimp-CVE-2017-17786.patch deleted file mode 100644 index 851227ac1d..0000000000 --- a/gnu/packages/patches/gimp-CVE-2017-17786.patch +++ /dev/null @@ -1,94 +0,0 @@ -Fix CVE-2017-17786: - -https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-17786 -https://bugzilla.gnome.org/show_bug.cgi?id=739134 - -Both patches copied from upstream source repository: - -https://git.gnome.org/browse/gimp/commit/?id=ef9c821fff8b637a2178eab1c78cae6764c50e12 -https://git.gnome.org/browse/gimp/commit/?id=22e2571c25425f225abdb11a566cc281fca6f366 - -From ef9c821fff8b637a2178eab1c78cae6764c50e12 Mon Sep 17 00:00:00 2001 -From: Jehan <jehan@girinstud.io> -Date: Wed, 20 Dec 2017 13:02:38 +0100 -Subject: [PATCH] Bug 739134 - (CVE-2017-17786) Out of bounds read / heap - overflow in... -MIME-Version: 1.0 -Content-Type: text/plain; charset=UTF-8 -Content-Transfer-Encoding: 8bit - -... TGA importer. - -Be more thorough on valid TGA RGB and RGBA images. -In particular current TGA plug-in can import RGBA as 32 bits (8 bits per -channel) and 16 bits (5 bits per color channel and 1 bit for alpha), and -RGB as 15 and 24 bits. -Maybe there exist more variants, but if they do exist, we simply don't -support them yet. - -Thanks to Hanno Böck for the report and a first patch attempt. - -(cherry picked from commit 674b62ad45b6579ec6d7923dc3cb1ef4e8b5498b) ---- - plug-ins/common/file-tga.c | 12 ++++++++---- - 1 file changed, 8 insertions(+), 4 deletions(-) - -diff --git a/plug-ins/common/file-tga.c b/plug-ins/common/file-tga.c -index aef98702d4..426acc2925 100644 ---- a/plug-ins/common/file-tga.c -+++ b/plug-ins/common/file-tga.c -@@ -564,12 +564,16 @@ load_image (const gchar *filename, - } - break; - case TGA_TYPE_COLOR: -- if (info.bpp != 15 && info.bpp != 16 && -- info.bpp != 24 && info.bpp != 32) -+ if ((info.bpp != 15 && info.bpp != 16 && -+ info.bpp != 24 && info.bpp != 32) || -+ ((info.bpp == 15 || info.bpp == 24) && -+ info.alphaBits != 0) || -+ (info.bpp == 16 && info.alphaBits != 1) || -+ (info.bpp == 32 && info.alphaBits != 8)) - { -- g_message ("Unhandled sub-format in '%s' (type = %u, bpp = %u)", -+ g_message ("Unhandled sub-format in '%s' (type = %u, bpp = %u, alpha = %u)", - gimp_filename_to_utf8 (filename), -- info.imageType, info.bpp); -+ info.imageType, info.bpp, info.alphaBits); - return -1; - } - break; --- -2.15.1 - -From 22e2571c25425f225abdb11a566cc281fca6f366 Mon Sep 17 00:00:00 2001 -From: Jehan <jehan@girinstud.io> -Date: Wed, 20 Dec 2017 13:26:26 +0100 -Subject: [PATCH] plug-ins: TGA 16-bit RGB (without alpha bit) is also valid. - -According to some spec on the web, 16-bit RGB is also valid. In this -case, the last bit is simply ignored (at least that's how it is -implemented right now). - -(cherry picked from commit 8ea316667c8a3296bce2832b3986b58d0fdfc077) ---- - plug-ins/common/file-tga.c | 3 ++- - 1 file changed, 2 insertions(+), 1 deletion(-) - -diff --git a/plug-ins/common/file-tga.c b/plug-ins/common/file-tga.c -index 426acc2925..eb14a1dadc 100644 ---- a/plug-ins/common/file-tga.c -+++ b/plug-ins/common/file-tga.c -@@ -568,7 +568,8 @@ load_image (const gchar *filename, - info.bpp != 24 && info.bpp != 32) || - ((info.bpp == 15 || info.bpp == 24) && - info.alphaBits != 0) || -- (info.bpp == 16 && info.alphaBits != 1) || -+ (info.bpp == 16 && info.alphaBits != 1 && -+ info.alphaBits != 0) || - (info.bpp == 32 && info.alphaBits != 8)) - { - g_message ("Unhandled sub-format in '%s' (type = %u, bpp = %u, alpha = %u)", --- -2.15.1 - |