Add patch for CVE-2018-10733

2018-05-08 22:40:27 +01:00 · 2018-05-08 22:40:27 +01:00 · 76e3e1eb03
commit 76e3e1eb03
parent 2543226729
3 changed files with 138 additions and 2 deletions
--- a/libgxps-readerror1.patch
+++ b/libgxps-readerror1.patch
@ -0,0 +1,106 @@
+commit b458226e162fe1ffe7acb4230c114a52ada5131b
+Author: Carlos Garcia Campos <carlosgc@gnome.org>
+Date:   Sat May 5 12:01:24 2018 +0200
+
+    gxps-archive: Ensure gxps_archive_read_entry() fills the GError in case of failure
+    
+    And fix the callers to not overwrite the GError.
+
+diff --git a/libgxps/gxps-archive.c b/libgxps/gxps-archive.c
+index e763773..346ba73 100644
+--- a/libgxps/gxps-archive.c
+++ b/libgxps/gxps-archive.c
+@@ -406,9 +406,13 @@ gxps_archive_read_entry (GXPSArchive *archive,
+ 	gboolean      retval;
+ 
+ 	stream = gxps_archive_open (archive, path);
+-	if (!stream)
+-		/* TODO: Error */
+	if (!stream) {
+                g_set_error (error,
+                             G_IO_ERROR,
+                             G_IO_ERROR_NOT_FOUND,
+                             "The entry '%s' was not found in archive", path);
+ 		return FALSE;
+        }
+ 
+ 	entry_size = archive_entry_size (GXPS_ARCHIVE_INPUT_STREAM (stream)->entry);
+ 	if (entry_size <= 0) {
+@@ -423,7 +427,7 @@ gxps_archive_read_entry (GXPSArchive *archive,
+ 		*buffer = g_malloc (buffer_size);
+ 		do {
+ 			bytes = g_input_stream_read (stream, &buf, BUFFER_SIZE, NULL, error);
+-			if (*error != NULL) {
+			if (bytes < 0) {
+ 				g_free (*buffer);
+ 				g_object_unref (stream);
+ 
+@@ -441,7 +445,10 @@ gxps_archive_read_entry (GXPSArchive *archive,
+ 		g_object_unref (stream);
+ 
+ 		if (*bytes_read == 0) {
+-			/* TODO: Error */
+                        g_set_error (error,
+                                     G_IO_ERROR,
+                                     G_IO_ERROR_INVALID_DATA,
+                                     "The entry '%s' is empty in archive", path);
+ 			g_free (*buffer);
+ 			return FALSE;
+ 		}
+diff --git a/libgxps/gxps-fonts.c b/libgxps/gxps-fonts.c
+index 882157d..8d02ffc 100644
+--- a/libgxps/gxps-fonts.c
+++ b/libgxps/gxps-fonts.c
+@@ -220,19 +220,12 @@ gxps_fonts_new_font_face (GXPSArchive *zip,
+ 	cairo_font_face_t *font_face;
+ 	guchar            *font_data;
+ 	gsize              font_data_len;
+-	gboolean           res;
+ 
+-	res = gxps_archive_read_entry (zip, font_uri,
+-				       &font_data, &font_data_len,
+-				       error);
+-	if (!res) {
+-		g_set_error (error,
+-			     GXPS_ERROR,
+-			     GXPS_ERROR_SOURCE_NOT_FOUND,
+-			     "Font source %s not found in archive",
+-			     font_uri);
+-		return NULL;
+-	}
+        if (!gxps_archive_read_entry (zip, font_uri,
+                                      &font_data, &font_data_len,
+                                      error)) {
+                return NULL;
+        }
+ 
+ 	ft_face.font_data = font_data;
+ 	ft_face.font_data_len = (gssize)font_data_len;
+diff --git a/libgxps/gxps-images.c b/libgxps/gxps-images.c
+index 4dcf9e2..50f899f 100644
+--- a/libgxps/gxps-images.c
+++ b/libgxps/gxps-images.c
+@@ -742,17 +742,12 @@ gxps_images_create_from_tiff (GXPSArchive *zip,
+ 	guchar     *data;
+ 	guchar     *p;
+ 
+-	if (!gxps_archive_read_entry (zip, image_uri,
+-				      &buffer.buffer,
+-				      &buffer.buffer_len,
+-				      error)) {
+-		g_set_error (error,
+-			     GXPS_ERROR,
+-			     GXPS_ERROR_SOURCE_NOT_FOUND,
+-			     "Image source %s not found in archive",
+-			     image_uri);
+-		return NULL;
+-	}
+        if (!gxps_archive_read_entry (zip, image_uri,
+                                      &buffer.buffer,
+                                      &buffer.buffer_len,
+                                      error)) {
+                return NULL;
+        }
+ 
+ 	buffer.pos = 0;
+ 
--- a/libgxps-readerror2.patch
+++ b/libgxps-readerror2.patch
@ -0,0 +1,24 @@
+commit 133fe2a96e020d4ca65c6f64fb28a404050ebbfd
+Author: Carlos Garcia Campos <carlosgc@gnome.org>
+Date:   Sat May 5 12:02:36 2018 +0200
+
+    gxps-archive: Handle errors returned by archive_read_data
+
+diff --git a/libgxps/gxps-archive.c b/libgxps/gxps-archive.c
+index 346ba73..1bae729 100644
+--- a/libgxps/gxps-archive.c
+++ b/libgxps/gxps-archive.c
+@@ -520,6 +520,13 @@ gxps_archive_input_stream_read (GInputStream  *stream,
+ 		return -1;
+ 
+         bytes_read = archive_read_data (istream->zip->archive, buffer, count);
+        if (bytes_read < 0) {
+                g_set_error_literal (error,
+                                     G_IO_ERROR,
+                                     g_io_error_from_errno (archive_errno (istream->zip->archive)),
+                                     archive_error_string (istream->zip->archive));
+                return -1;
+        }
+         if (bytes_read == 0 && istream->is_interleaved && !gxps_archive_input_stream_is_last_piece (istream)) {
+                 /* Read next piece */
+                 gxps_archive_input_stream_next_piece (istream);
--- a/libgxps.spec
+++ b/libgxps.spec
@ -1,11 +1,14 @@
 Name:           libgxps
 Version:        0.3.0
-Release:        3%{?dist}
+Release:        4%{?dist}
 Summary:        GObject based library for handling and rendering XPS documents

 License:        LGPLv2+
 URL:            https://wiki.gnome.org/Projects/libgxps
 Source0:        https://ftp.gnome.org/pub/gnome/sources/%{name}/0.3/%{name}-%{version}.tar.xz
+# https://bugzilla.redhat.com/show_bug.cgi?id=1574844
+Patch0:         libgxps-readerror1.patch
+Patch1:         libgxps-readerror2.patch

 BuildRequires:  meson
 BuildRequires:  gcc
@ -42,7 +45,7 @@ documents using the %{name} library.


 %prep
-%autosetup
+%autosetup -p1


 %build
@ -75,6 +78,9 @@ documents using the %{name} library.


 %changelog
+* Tue May  8 2018 Tom Hughes <tom@compton.nu> - 0.3.0-4
+- Add patch for CVE-2018-10733
+
 * Wed Feb 07 2018 Fedora Release Engineering <releng@fedoraproject.org> - 0.3.0-3
 - Rebuilt for https://fedoraproject.org/wiki/Fedora_28_Mass_Rebuild