# HG changeset patch # User Stanislas Leduc # Date 1717335239 0 # Node ID cec918ae56eedb17a47cc7cbf4f4a2025c7f5630 # Parent 4ec2d061d601ab505b48874a9326cc839feedeb3 Downgrade gdk-pixbuf to 2.42.6 (mtpaint segfault thank ceel), backport patch for CVE-2022-48622 diff -r 4ec2d061d601 -r cec918ae56ee gdk-pixbuf-dev/receipt --- a/gdk-pixbuf-dev/receipt Thu May 30 20:14:23 2024 +0000 +++ b/gdk-pixbuf-dev/receipt Sun Jun 02 13:33:59 2024 +0000 @@ -1,7 +1,7 @@ # SliTaz package receipt. PACKAGE="gdk-pixbuf-dev" -VERSION="2.42.12" +VERSION="2.42.6" CATEGORY="development" SHORT_DESC="Development files for gdk-pixbuf." MAINTAINER="slaxemulator@gmail.com" diff -r 4ec2d061d601 -r cec918ae56ee gdk-pixbuf/receipt --- a/gdk-pixbuf/receipt Thu May 30 20:14:23 2024 +0000 +++ b/gdk-pixbuf/receipt Sun Jun 02 13:33:59 2024 +0000 @@ -1,7 +1,7 @@ # SliTaz package receipt. PACKAGE="gdk-pixbuf" -VERSION="2.42.12" +VERSION="2.42.6" CATEGORY="x-window" SHORT_DESC="An image loading library for gtk2." MAINTAINER="slaxemulator@gmail.com" @@ -41,6 +41,11 @@ (arm) echo "gio_can_sniff=yes" > arm.cache ;; esac + # Backport patch for CVE-2022-48622 + # see https://gitlab.gnome.org/GNOME/gdk-pixbuf/-/commit/4d7c94ca + # mtpaint segfault with 2.42.12 (thank Ceel for report) + patch -p1 < $stuff/CVE-2022-48622.patch + meson build \ --prefix=/usr \ --libdir=lib \ diff -r 4ec2d061d601 -r cec918ae56ee gdk-pixbuf/stuff/CVE-2022-48622.patch --- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/gdk-pixbuf/stuff/CVE-2022-48622.patch Sun Jun 02 13:33:59 2024 +0000 @@ -0,0 +1,50 @@ +diff --git a/gdk-pixbuf/io-ani.c b/gdk-pixbuf/io-ani.c +index c6c4642cf4490aaaa7ef78a2f20a6ec2ad169a61..cfafd7b1961b5cfad08475dc3cb5f5916277f33b 100644 +--- a/gdk-pixbuf/io-ani.c ++++ b/gdk-pixbuf/io-ani.c +@@ -295,6 +295,23 @@ ani_load_chunk (AniLoaderContext *context, GError **error) + + if (context->chunk_id == TAG_anih) + { ++ if (context->chunk_size < 36) ++ { ++ g_set_error_literal (error, ++ GDK_PIXBUF_ERROR, ++ GDK_PIXBUF_ERROR_CORRUPT_IMAGE, ++ _("Malformed chunk in animation")); ++ return FALSE; ++ } ++ if (context->animation) ++ { ++ g_set_error_literal (error, ++ GDK_PIXBUF_ERROR, ++ GDK_PIXBUF_ERROR_CORRUPT_IMAGE, ++ _("Invalid header in animation")); ++ return FALSE; ++ } ++ + context->HeaderSize = read_int32 (context); + context->NumFrames = read_int32 (context); + context->NumSteps = read_int32 (context); +@@ -436,7 +453,7 @@ ani_load_chunk (AniLoaderContext *context, GError **error) + } + else if (context->chunk_id == TAG_INAM) + { +- if (!context->animation) ++ if (!context->animation || context->title) + { + g_set_error_literal (error, + GDK_PIXBUF_ERROR, +@@ -463,7 +480,7 @@ ani_load_chunk (AniLoaderContext *context, GError **error) + } + else if (context->chunk_id == TAG_IART) + { +- if (!context->animation) ++ if (!context->animation || context->author) + { + g_set_error_literal (error, + GDK_PIXBUF_ERROR, +diff --git a/tests/test-images/fail/CVE-2022-48622.ani b/tests/test-images/fail/CVE-2022-48622.ani +new file mode 100644 +index 0000000000000000000000000000000000000000..276b5b989f1e9ec9185e49eb45f710ee38278eb2 +Binary files /dev/null and b/tests/test-images/fail/CVE-2022-48622.ani differ