1 |
commit: feb4dc7d109f21da58604cb24640a3f8e39b15ab |
2 |
Author: Denis Dupeyron <calchan <AT> gentoo <DOT> org> |
3 |
AuthorDate: Thu Nov 16 19:03:54 2017 +0000 |
4 |
Commit: Denis Dupeyron <calchan <AT> gentoo <DOT> org> |
5 |
CommitDate: Thu Nov 16 19:05:45 2017 +0000 |
6 |
URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=feb4dc7d |
7 |
|
8 |
xfce-base/thunar: fix CVE-2013-7447 (integer overflow), bug #574382 |
9 |
|
10 |
Package-Manager: Portage-2.3.14, Repoman-2.3.6 |
11 |
|
12 |
.../files/thunar-1.16.2-integer-overflow.patch | 29 ++++++++++++++++++++++ |
13 |
...hunar-1.6.12.ebuild => thunar-1.6.12-r1.ebuild} | 3 +++ |
14 |
2 files changed, 32 insertions(+) |
15 |
|
16 |
diff --git a/xfce-base/thunar/files/thunar-1.16.2-integer-overflow.patch b/xfce-base/thunar/files/thunar-1.16.2-integer-overflow.patch |
17 |
new file mode 100644 |
18 |
index 00000000000..09f4b937443 |
19 |
--- /dev/null |
20 |
+++ b/xfce-base/thunar/files/thunar-1.16.2-integer-overflow.patch |
21 |
@@ -0,0 +1,29 @@ |
22 |
+From 1736b1f69ecf3e44a1b957d8090fb04c6bc5fd95 Mon Sep 17 00:00:00 2001 |
23 |
+From: Mikhail Efremov <sem@××××××××.org> |
24 |
+Date: Thu, 11 Feb 2016 18:59:27 +0300 |
25 |
+Subject: [PATCH] Fix potential buffer overflow |
26 |
+ |
27 |
+Use g_malloc_n() instead of g_malloc to avoid integer overflow. |
28 |
+This fixes CVE-2013-7447, see |
29 |
+http://www.openwall.com/lists/oss-security/2016/02/10/2 |
30 |
+for details. |
31 |
+--- |
32 |
+ thunar/thunar-gdk-extensions.c | 2 +- |
33 |
+ 1 file changed, 1 insertion(+), 1 deletion(-) |
34 |
+ |
35 |
+diff --git a/thunar/thunar-gdk-extensions.c b/thunar/thunar-gdk-extensions.c |
36 |
+index 50ecb4a..775eca3 100644 |
37 |
+--- a/thunar/thunar-gdk-extensions.c |
38 |
++++ b/thunar/thunar-gdk-extensions.c |
39 |
+@@ -75,7 +75,7 @@ thunar_gdk_cairo_create_surface (const GdkPixbuf *pixbuf) |
40 |
+ |
41 |
+ /* prepare pixel data and surface */ |
42 |
+ cairo_stride = cairo_format_stride_for_width (format, width); |
43 |
+- cairo_pixels = g_malloc (height * cairo_stride); |
44 |
++ cairo_pixels = g_malloc_n (height, cairo_stride); |
45 |
+ surface = cairo_image_surface_create_for_data (cairo_pixels, format, |
46 |
+ width, height, cairo_stride); |
47 |
+ cairo_surface_set_user_data (surface, &cairo_key, cairo_pixels, g_free); |
48 |
+-- |
49 |
+2.6.5 |
50 |
+ |
51 |
|
52 |
diff --git a/xfce-base/thunar/thunar-1.6.12.ebuild b/xfce-base/thunar/thunar-1.6.12-r1.ebuild |
53 |
similarity index 96% |
54 |
rename from xfce-base/thunar/thunar-1.6.12.ebuild |
55 |
rename to xfce-base/thunar/thunar-1.6.12-r1.ebuild |
56 |
index c34167b9a8a..f1baaf54ef0 100644 |
57 |
--- a/xfce-base/thunar/thunar-1.6.12.ebuild |
58 |
+++ b/xfce-base/thunar/thunar-1.6.12-r1.ebuild |
59 |
@@ -48,6 +48,9 @@ REQUIRED_USE="trash-panel-plugin? ( dbus )" |
60 |
S=${WORKDIR}/${MY_P} |
61 |
|
62 |
DOCS=( AUTHORS ChangeLog FAQ HACKING NEWS README THANKS TODO ) |
63 |
+PATCHES=( |
64 |
+ "${FILESDIR}"/thunar-1.16.2-integer-overflow.patch |
65 |
+) |
66 |
|
67 |
src_configure() { |
68 |
local myconf=( |