From: Zhang Peng <[email protected]> Changelog: libgsf 1.14.53 * Compilation fixes for libxml 2.13 * Fix ABR in gsf-vba-dump. * Teach gsf (the tool) to handle odf properties. * Fix integer overflows affecting memory allocation. * Add missing "DocumentStatus" ole2 property. * Avoid some undefined C behaviour in overflow checks. libgsf 1.14.51 * Fix thumbnailer crash. * Fix leaks. libgsf 1.14.50 * Fix error handling problem when writing ole files.
License changed to LGPL-2.1-only from 1.14.51 [https://gitlab.gnome.org/GNOME/libgsf/-/commit/037c913eb631349c410ef45e49697bf5c46dac8a] remove obsolete DEPENDS from upstream [103f49b5fc987e7bb8765700d16bd387a33b62ca] Security fixes: CVE-2024-42415 An integer overflow vulnerability exists in the Compound Document Binary File format parser of v1.14.52 of the GNOME Project G Structured File Library (libgsf). A specially crafted file can result in an integer overflow that allows for a heap-based buffer overflow when processing the sector allocation table. This can lead to arbitrary code execution. An attacker can provide a malicious file to trigger this vulnerability. CVE-2024-36474 An integer overflow vulnerability exists in the Compound Document Binary File format parser of the GNOME Project G Structured File Library (libgsf) version v1.14.52. A specially crafted file can result in an integer overflow when processing the directory from the file that allows for an out-of-bounds index to be used when reading and writing to an array. This can lead to arbitrary code execution. An attacker can provide a malicious file to trigger this vulnerability. Reference: [https://gitlab.gnome.org/GNOME/libgsf/-/issues/34] (master rev: 6ed5891c18fc78a69764af0a29ad9b5feefb1aa8) Signed-off-by: Zhang Peng <[email protected]> --- .../libgsf/{libgsf_1.14.49.bb => libgsf_1.14.53.bb} | 9 ++++----- 1 file changed, 4 insertions(+), 5 deletions(-) rename meta-gnome/recipes-gnome/libgsf/{libgsf_1.14.49.bb => libgsf_1.14.53.bb} (52%) diff --git a/meta-gnome/recipes-gnome/libgsf/libgsf_1.14.49.bb b/meta-gnome/recipes-gnome/libgsf/libgsf_1.14.53.bb similarity index 52% rename from meta-gnome/recipes-gnome/libgsf/libgsf_1.14.49.bb rename to meta-gnome/recipes-gnome/libgsf/libgsf_1.14.53.bb index f663141bd5..f31c4737a9 100644 --- a/meta-gnome/recipes-gnome/libgsf/libgsf_1.14.49.bb +++ b/meta-gnome/recipes-gnome/libgsf/libgsf_1.14.53.bb @@ -1,15 +1,14 @@ SUMMARY = "GNOME Structured File Library" -LICENSE = "GPL-2.0-only & LGPL-2.1-only" -LIC_FILES_CHKSUM = "file://COPYING;md5=dc7371b50816c96e145fa0f8ade8e24d \ - file://COPYING.LIB;md5=61464cfe342798eeced82efe9ae55f63" +LICENSE = "LGPL-2.1-only" +LIC_FILES_CHKSUM = "file://COPYING;md5=61464cfe342798eeced82efe9ae55f63" SECTION = "libs" -DEPENDS= "libxml2 bzip2 glib-2.0 zlib gnome-common-native" +DEPENDS= "libxml2 bzip2 glib-2.0 zlib" inherit gnomebase gobject-introspection gettext gtk-doc -SRC_URI[archive.sha256sum] = "e9ebe36688f010c9e6e40c8903f3732948deb8aca032578d07d0751bd82cf857" +SRC_URI[archive.sha256sum] = "0eb59a86e0c50f97ac9cfe4d8cc1969f623f2ae8c5296f2414571ff0a9e8bcba" SRC_URI += "file://0001-configure.ac-drop-a-copy-paste-of-introspection.m4-m.patch" PACKAGECONFIG ??= "" -- 2.39.4
-=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#114181): https://lists.openembedded.org/g/openembedded-devel/message/114181 Mute This Topic: https://lists.openembedded.org/mt/109897689/21656 Group Owner: [email protected] Unsubscribe: https://lists.openembedded.org/g/openembedded-devel/unsub [[email protected]] -=-=-=-=-=-=-=-=-=-=-=-
