[arch-commits] Commit in lasem/trunk (CVE-2013-7447.patch PKGBUILD)
Jan de Groot
jgc at archlinux.org
Wed Feb 14 22:50:46 UTC 2018
Date: Wednesday, February 14, 2018 @ 22:50:46
Author: jgc
Revision: 317047
upgpkg: lasem 0.4.3-3
Add CVE patch from git master, use HTTPS
Added:
lasem/trunk/CVE-2013-7447.patch
Modified:
lasem/trunk/PKGBUILD
---------------------+
CVE-2013-7447.patch | 28 ++++++++++++++++++++++++++++
PKGBUILD | 15 +++++++++++----
2 files changed, 39 insertions(+), 4 deletions(-)
Added: CVE-2013-7447.patch
===================================================================
--- CVE-2013-7447.patch (rev 0)
+++ CVE-2013-7447.patch 2018-02-14 22:50:46 UTC (rev 317047)
@@ -0,0 +1,28 @@
+From 6f2feed780d9139a45c06e1ad399d06a4f351fbf Mon Sep 17 00:00:00 2001
+From: RyuzakiKK <aasonykk at gmail.com>
+Date: Sat, 5 Aug 2017 21:40:55 +0200
+Subject: cairo: Avoid integer overflow CVE-2013-7447
+
+lasem is affected by a possible integer overflow, that was also
+found and patched upstream in gtk+
+https://git.gnome.org/browse/gtk+/commit/?id=894b1ae76a32720f4bb3d39cf460402e3ce331d6
+---
+ src/lsmcairo.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/src/lsmcairo.c b/src/lsmcairo.c
+index c568fd5..73fb93e 100644
+--- a/src/lsmcairo.c
++++ b/src/lsmcairo.c
+@@ -528,7 +528,7 @@ lsm_cairo_set_source_pixbuf (cairo_t *cairo,
+ format = CAIRO_FORMAT_ARGB32;
+
+ cairo_stride = cairo_format_stride_for_width (format, width);
+- cairo_pixels = g_malloc (height * cairo_stride);
++ cairo_pixels = g_malloc_n (height, cairo_stride);
+ surface = cairo_image_surface_create_for_data ((unsigned char *)cairo_pixels,
+ format,
+ width, height, cairo_stride);
+--
+cgit v0.12
+
Modified: PKGBUILD
===================================================================
--- PKGBUILD 2018-02-14 22:38:50 UTC (rev 317046)
+++ PKGBUILD 2018-02-14 22:50:46 UTC (rev 317047)
@@ -3,17 +3,24 @@
# Contributor: Adria Arrufat <adria.arrufat at protonmail.ch>
pkgname=lasem
pkgver=0.4.3
-pkgrel=2
+pkgrel=3
pkgdesc="SVG and Mathml rendering library"
arch=('x86_64')
url="https://wiki.gnome.org/Projects/Lasem"
license=('LGPL')
depends=('gtk3')
-makedepends=('intltool')
+makedepends=('intltool' 'python')
options=('!libtool')
-source=(http://ftp.gnome.org/pub/GNOME/sources/$pkgname/${pkgver:0:3}/$pkgname-$pkgver.tar.xz)
-sha256sums=('e7d950f9579defc7bb9d4159a0bfff165a3a621945ac9f202c930f2fea2dd58f')
+source=(https://download.gnome.org/sources/$pkgname/${pkgver:0:3}/$pkgname-$pkgver.tar.xz
+ CVE-2013-7447.patch)
+sha256sums=('e7d950f9579defc7bb9d4159a0bfff165a3a621945ac9f202c930f2fea2dd58f'
+ 'd9e836934655db45e52f6ab1923866a5010a071c1c62fcbcb6c2fd999e978d2c')
+prepare() {
+ cd $pkgname-$pkgver
+ patch -Np1 -i ../CVE-2013-7447.patch
+}
+
build() {
cd "$pkgname-$pkgver"
./configure --prefix=/usr --sysconfdir=/etc --localstatedir=/var \
More information about the arch-commits
mailing list