| 1 |
commit: feb4dc7d109f21da58604cb24640a3f8e39b15ab |
| 2 |
Author: Denis Dupeyron <calchan <AT> gentoo <DOT> org> |
| 3 |
AuthorDate: Thu Nov 16 19:03:54 2017 +0000 |
| 4 |
Commit: Denis Dupeyron <calchan <AT> gentoo <DOT> org> |
| 5 |
CommitDate: Thu Nov 16 19:05:45 2017 +0000 |
| 6 |
URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=feb4dc7d |
| 7 |
|
| 8 |
xfce-base/thunar: fix CVE-2013-7447 (integer overflow), bug #574382 |
| 9 |
|
| 10 |
Package-Manager: Portage-2.3.14, Repoman-2.3.6 |
| 11 |
|
| 12 |
.../files/thunar-1.16.2-integer-overflow.patch | 29 ++++++++++++++++++++++ |
| 13 |
...hunar-1.6.12.ebuild => thunar-1.6.12-r1.ebuild} | 3 +++ |
| 14 |
2 files changed, 32 insertions(+) |
| 15 |
|
| 16 |
diff --git a/xfce-base/thunar/files/thunar-1.16.2-integer-overflow.patch b/xfce-base/thunar/files/thunar-1.16.2-integer-overflow.patch |
| 17 |
new file mode 100644 |
| 18 |
index 00000000000..09f4b937443 |
| 19 |
--- /dev/null |
| 20 |
+++ b/xfce-base/thunar/files/thunar-1.16.2-integer-overflow.patch |
| 21 |
@@ -0,0 +1,29 @@ |
| 22 |
+From 1736b1f69ecf3e44a1b957d8090fb04c6bc5fd95 Mon Sep 17 00:00:00 2001 |
| 23 |
+From: Mikhail Efremov <sem@××××××××.org> |
| 24 |
+Date: Thu, 11 Feb 2016 18:59:27 +0300 |
| 25 |
+Subject: [PATCH] Fix potential buffer overflow |
| 26 |
+ |
| 27 |
+Use g_malloc_n() instead of g_malloc to avoid integer overflow. |
| 28 |
+This fixes CVE-2013-7447, see |
| 29 |
+http://www.openwall.com/lists/oss-security/2016/02/10/2 |
| 30 |
+for details. |
| 31 |
+--- |
| 32 |
+ thunar/thunar-gdk-extensions.c | 2 +- |
| 33 |
+ 1 file changed, 1 insertion(+), 1 deletion(-) |
| 34 |
+ |
| 35 |
+diff --git a/thunar/thunar-gdk-extensions.c b/thunar/thunar-gdk-extensions.c |
| 36 |
+index 50ecb4a..775eca3 100644 |
| 37 |
+--- a/thunar/thunar-gdk-extensions.c |
| 38 |
++++ b/thunar/thunar-gdk-extensions.c |
| 39 |
+@@ -75,7 +75,7 @@ thunar_gdk_cairo_create_surface (const GdkPixbuf *pixbuf) |
| 40 |
+ |
| 41 |
+ /* prepare pixel data and surface */ |
| 42 |
+ cairo_stride = cairo_format_stride_for_width (format, width); |
| 43 |
+- cairo_pixels = g_malloc (height * cairo_stride); |
| 44 |
++ cairo_pixels = g_malloc_n (height, cairo_stride); |
| 45 |
+ surface = cairo_image_surface_create_for_data (cairo_pixels, format, |
| 46 |
+ width, height, cairo_stride); |
| 47 |
+ cairo_surface_set_user_data (surface, &cairo_key, cairo_pixels, g_free); |
| 48 |
+-- |
| 49 |
+2.6.5 |
| 50 |
+ |
| 51 |
|
| 52 |
diff --git a/xfce-base/thunar/thunar-1.6.12.ebuild b/xfce-base/thunar/thunar-1.6.12-r1.ebuild |
| 53 |
similarity index 96% |
| 54 |
rename from xfce-base/thunar/thunar-1.6.12.ebuild |
| 55 |
rename to xfce-base/thunar/thunar-1.6.12-r1.ebuild |
| 56 |
index c34167b9a8a..f1baaf54ef0 100644 |
| 57 |
--- a/xfce-base/thunar/thunar-1.6.12.ebuild |
| 58 |
+++ b/xfce-base/thunar/thunar-1.6.12-r1.ebuild |
| 59 |
@@ -48,6 +48,9 @@ REQUIRED_USE="trash-panel-plugin? ( dbus )" |
| 60 |
S=${WORKDIR}/${MY_P} |
| 61 |
|
| 62 |
DOCS=( AUTHORS ChangeLog FAQ HACKING NEWS README THANKS TODO ) |
| 63 |
+PATCHES=( |
| 64 |
+ "${FILESDIR}"/thunar-1.16.2-integer-overflow.patch |
| 65 |
+) |
| 66 |
|
| 67 |
src_configure() { |
| 68 |
local myconf=( |
Archives