[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
01/02: gnu: pixman: Add fix for CVE-2016-5296.
|
From: |
Mark H. Weaver |
|
Subject: |
01/02: gnu: pixman: Add fix for CVE-2016-5296. |
|
Date: |
Wed, 16 Nov 2016 18:05:54 +0000 (UTC) |
mhw pushed a commit to branch master
in repository guix.
commit 56ac2bf442c0639f498cdea2db4f3e57cdb49140
Author: Mark H Weaver <address@hidden>
Date: Wed Nov 16 02:14:28 2016 -0500
gnu: pixman: Add fix for CVE-2016-5296.
* gnu/packages/patches/pixman-CVE-2016-5296.patch: New file.
* gnu/local.mk (dist_patch_DATA): Add it.
* gnu/packages/xdisorg.scm (pixman)[replacement]: New field.
(pixman/fixed): New variable.
---
gnu/local.mk | 1 +
gnu/packages/patches/pixman-CVE-2016-5296.patch | 19 +++++++++++++++++++
gnu/packages/xdisorg.scm | 10 +++++++++-
3 files changed, 29 insertions(+), 1 deletion(-)
diff --git a/gnu/local.mk b/gnu/local.mk
index 08f99c4..8a8b743 100644
--- a/gnu/local.mk
+++ b/gnu/local.mk
@@ -785,6 +785,7 @@ dist_patch_DATA =
\
%D%/packages/patches/pinball-src-deps.patch \
%D%/packages/patches/pinball-system-ltdl.patch \
%D%/packages/patches/pingus-sdl-libs-config.patch \
+ %D%/packages/patches/pixman-CVE-2016-5296.patch \
%D%/packages/patches/plink-1.07-unclobber-i.patch \
%D%/packages/patches/plink-endian-detection.patch \
%D%/packages/patches/plotutils-libpng-jmpbuf.patch \
diff --git a/gnu/packages/patches/pixman-CVE-2016-5296.patch
b/gnu/packages/patches/pixman-CVE-2016-5296.patch
new file mode 100644
index 0000000..2194232
--- /dev/null
+++ b/gnu/packages/patches/pixman-CVE-2016-5296.patch
@@ -0,0 +1,19 @@
+Fix CVE-2016-5296: Heap-buffer-overflow WRITE in rasterize_edges_1
+Adapted for upstream pixman based on:
+
+ https://hg.mozilla.org/releases/mozilla-esr45/rev/5e39c1c2fded
+
+--- pixman-0.34.0/pixman/pixman-edge-imp.h.orig 2015-06-30
05:48:31.000000000 -0400
++++ pixman-0.34.0/pixman/pixman-edge-imp.h 2016-11-16 01:09:34.046335106
-0500
+@@ -55,8 +55,9 @@
+ *
+ * (The AA case does a similar adjustment in RENDER_SAMPLES_X)
+ */
+- lx += X_FRAC_FIRST(1) - pixman_fixed_e;
+- rx += X_FRAC_FIRST(1) - pixman_fixed_e;
++ /* we cast to unsigned to get defined behaviour for overflow */
++ lx = (unsigned)lx + X_FRAC_FIRST(1) - pixman_fixed_e;
++ rx = (unsigned)rx + X_FRAC_FIRST(1) - pixman_fixed_e;
+ #endif
+ /* clip X */
+ if (lx < 0)
diff --git a/gnu/packages/xdisorg.scm b/gnu/packages/xdisorg.scm
index a26c716..53048e0 100644
--- a/gnu/packages/xdisorg.scm
+++ b/gnu/packages/xdisorg.scm
@@ -1,6 +1,6 @@
;;; GNU Guix --- Functional package management for GNU
;;; Copyright © 2013, 2014 Andreas Enge <address@hidden>
-;;; Copyright © 2014, 2015 Mark H Weaver <address@hidden>
+;;; Copyright © 2014, 2015, 2016 Mark H Weaver <address@hidden>
;;; Copyright © 2014 Eric Bavier <address@hidden>
;;; Copyright © 2014, 2015, 2016 Alex Kost <address@hidden>
;;; Copyright © 2013, 2015 Ludovic Courtès <address@hidden>
@@ -241,6 +241,7 @@ following the mouse.")
(package
(name "pixman")
(version "0.34.0")
+ (replacement pixman/fixed)
(source (origin
(method url-fetch)
(uri (string-append
@@ -262,6 +263,13 @@ manipulation, providing features such as image compositing
and trapezoid
rasterisation.")
(license license:x11)))
+(define pixman/fixed
+ (package
+ (inherit pixman)
+ (source (origin
+ (inherit (package-source pixman))
+ (patches (search-patches "pixman-CVE-2016-5296.patch"))))))
+
(define-public libdrm
(package