[arch-commits] Commit in lasem/trunk (CVE-2013-7447.patch PKGBUILD)

Jan de Groot jgc at archlinux.org
Wed Feb 14 22:50:46 UTC 2018 

    Date: Wednesday, February 14, 2018 @ 22:50:46
  Author: jgc
Revision: 317047

upgpkg: lasem 0.4.3-3

Add CVE patch from git master, use HTTPS

Added:
  lasem/trunk/CVE-2013-7447.patch
Modified:
  lasem/trunk/PKGBUILD

---------------------+
 CVE-2013-7447.patch |   28 ++++++++++++++++++++++++++++
 PKGBUILD            |   15 +++++++++++----
 2 files changed, 39 insertions(+), 4 deletions(-)

Added: CVE-2013-7447.patch
===================================================================
--- CVE-2013-7447.patch	                        (rev 0)
+++ CVE-2013-7447.patch	2018-02-14 22:50:46 UTC (rev 317047)
@@ -0,0 +1,28 @@
+From 6f2feed780d9139a45c06e1ad399d06a4f351fbf Mon Sep 17 00:00:00 2001
+From: RyuzakiKK <aasonykk at gmail.com>
+Date: Sat, 5 Aug 2017 21:40:55 +0200
+Subject: cairo: Avoid integer overflow CVE-2013-7447
+
+lasem is affected by a possible integer overflow, that was also
+found and patched upstream in gtk+
+https://git.gnome.org/browse/gtk+/commit/?id=894b1ae76a32720f4bb3d39cf460402e3ce331d6
+---
+ src/lsmcairo.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/src/lsmcairo.c b/src/lsmcairo.c
+index c568fd5..73fb93e 100644
+--- a/src/lsmcairo.c
++++ b/src/lsmcairo.c
+@@ -528,7 +528,7 @@ lsm_cairo_set_source_pixbuf (cairo_t *cairo,
+ 		format = CAIRO_FORMAT_ARGB32;
+ 
+ 	cairo_stride = cairo_format_stride_for_width (format, width);
+-	cairo_pixels = g_malloc (height * cairo_stride);
++	cairo_pixels = g_malloc_n (height, cairo_stride);
+ 	surface = cairo_image_surface_create_for_data ((unsigned char *)cairo_pixels,
+ 						       format,
+ 						       width, height, cairo_stride);
+-- 
+cgit v0.12
+

Modified: PKGBUILD
===================================================================
--- PKGBUILD	2018-02-14 22:38:50 UTC (rev 317046)
+++ PKGBUILD	2018-02-14 22:50:46 UTC (rev 317047)
@@ -3,17 +3,24 @@
 # Contributor: Adria Arrufat <adria.arrufat at protonmail.ch>
 pkgname=lasem
 pkgver=0.4.3
-pkgrel=2
+pkgrel=3
 pkgdesc="SVG and Mathml rendering library"
 arch=('x86_64')
 url="https://wiki.gnome.org/Projects/Lasem"
 license=('LGPL')
 depends=('gtk3')
-makedepends=('intltool')
+makedepends=('intltool' 'python')
 options=('!libtool')
-source=(http://ftp.gnome.org/pub/GNOME/sources/$pkgname/${pkgver:0:3}/$pkgname-$pkgver.tar.xz)
-sha256sums=('e7d950f9579defc7bb9d4159a0bfff165a3a621945ac9f202c930f2fea2dd58f')
+source=(https://download.gnome.org/sources/$pkgname/${pkgver:0:3}/$pkgname-$pkgver.tar.xz
+        CVE-2013-7447.patch)
+sha256sums=('e7d950f9579defc7bb9d4159a0bfff165a3a621945ac9f202c930f2fea2dd58f'
+            'd9e836934655db45e52f6ab1923866a5010a071c1c62fcbcb6c2fd999e978d2c')
 
+prepare() {
+  cd $pkgname-$pkgver
+  patch -Np1 -i ../CVE-2013-7447.patch
+}
+
 build() {
   cd "$pkgname-$pkgver"
   ./configure --prefix=/usr --sysconfdir=/etc --localstatedir=/var \

More information about the arch-commits mailing list