This should be proposed for master too. We're still at 2.40.0 there. Thanks,
Anuj On Thu, 2021-04-22 at 16:09 +0800, Changqing Li wrote: > From: Changqing Li <[email protected]> > > Signed-off-by: Changqing Li <[email protected]> > --- > .../gdk-pixbuf/CVE-2021-20240.patch | 40 > +++++++++++++++++++ > .../gdk-pixbuf/gdk-pixbuf_2.40.0.bb | 1 + > 2 files changed, 41 insertions(+) > create mode 100644 meta/recipes-gnome/gdk-pixbuf/gdk-pixbuf/CVE- > 2021-20240.patch > > diff --git a/meta/recipes-gnome/gdk-pixbuf/gdk-pixbuf/CVE-2021- > 20240.patch b/meta/recipes-gnome/gdk-pixbuf/gdk-pixbuf/CVE-2021- > 20240.patch > new file mode 100644 > index 0000000000..fe594b24bb > --- /dev/null > +++ b/meta/recipes-gnome/gdk-pixbuf/gdk-pixbuf/CVE-2021-20240.patch > @@ -0,0 +1,40 @@ > +From 086e8adf4cc352cd11572f96066b001b545f354e Mon Sep 17 00:00:00 > 2001 > +From: Emmanuele Bassi <[email protected]> > +Date: Wed, 1 Apr 2020 18:11:55 +0100 > +Subject: [PATCH] Check the memset length argument > + > +Avoid overflows by using the checked multiplication macro for gsize. > + > +Fixes: #132 > + > +Upstream-Status: Backported > [https://gitlab.gnome.org/GNOME/gdk-pixbuf/-/commit/086e8adf4cc352cd11572f96066b001b545f354e > ] > +CVE: CVE-2021-20240 > + > +Signed-off-by: Changqing Li <[email protected]> > +--- > + gdk-pixbuf/io-gif-animation.c | 6 +++++- > + 1 file changed, 5 insertions(+), 1 deletion(-) > + > +diff --git a/gdk-pixbuf/io-gif-animation.c b/gdk-pixbuf/io-gif- > animation.c > +index c9db3c66e..49674fd2e 100644 > +--- a/gdk-pixbuf/io-gif-animation.c > ++++ b/gdk-pixbuf/io-gif-animation.c > +@@ -412,11 +412,15 @@ gdk_pixbuf_gif_anim_iter_get_pixbuf > (GdkPixbufAnimationIter *anim_iter) > + > + /* If no rendered frame, render the first frame */ > + if (anim->last_frame == NULL) { > ++ gsize len = 0; > + if (anim->last_frame_data == NULL) > + anim->last_frame_data = gdk_pixbuf_new > (GDK_COLORSPACE_RGB, TRUE, 8, anim->width, anim->height); > + if (anim->last_frame_data == NULL) > + return NULL; > +- memset (gdk_pixbuf_get_pixels (anim- > >last_frame_data), 0, gdk_pixbuf_get_rowstride (anim- > >last_frame_data) * anim->height); > ++ if (g_size_checked_mul (&len, > gdk_pixbuf_get_rowstride (anim->last_frame_data), anim->height)) > ++ memset (gdk_pixbuf_get_pixels (anim- > >last_frame_data), 0, len); > ++ else > ++ return NULL; > + composite_frame (anim, g_list_nth_data (anim- > >frames, 0)); > + } > + > +-- > +GitLab > diff --git a/meta/recipes-gnome/gdk-pixbuf/gdk-pixbuf_2.40.0.bb > b/meta/recipes-gnome/gdk-pixbuf/gdk-pixbuf_2.40.0.bb > index 226e1c7b89..f01da32e71 100644 > --- a/meta/recipes-gnome/gdk-pixbuf/gdk-pixbuf_2.40.0.bb > +++ b/meta/recipes-gnome/gdk-pixbuf/gdk-pixbuf_2.40.0.bb > @@ -26,6 +26,7 @@ SRC_URI = > "${GNOME_MIRROR}/${BPN}/${MAJ_VER}/${BPN}-${PV}.tar.xz \ > > file://0006-Build-thumbnailer-and-tests-also-in-cross-builds.patch \ > file://missing-test-data.patch \ > file://CVE-2020-29385.patch \ > + file://CVE-2021-20240.patch \ > " > > SRC_URI_append_class-target = " \ > > >
-=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#150822): https://lists.openembedded.org/g/openembedded-core/message/150822 Mute This Topic: https://lists.openembedded.org/mt/82280871/21656 Group Owner: [email protected] Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub [[email protected]] -=-=-=-=-=-=-=-=-=-=-=-
