From b8b1da305af7874eaa3f47184e096db4257d28e4 Mon Sep 17 00:00:00 2001 From: eabdullin Date: Wed, 10 Jan 2024 13:24:50 +0000 Subject: [PATCH] import UBI pixman-0.38.4-3.el8_9 --- ...erflow-leading-to-out-of-bounds-writ.patch | 29 +++++++++++++++++++ SPECS/pixman.spec | 6 +++- 2 files changed, 34 insertions(+), 1 deletion(-) create mode 100644 SOURCES/0001-Avoid-integer-overflow-leading-to-out-of-bounds-writ.patch diff --git a/SOURCES/0001-Avoid-integer-overflow-leading-to-out-of-bounds-writ.patch b/SOURCES/0001-Avoid-integer-overflow-leading-to-out-of-bounds-writ.patch new file mode 100644 index 0000000..bbc7f77 --- /dev/null +++ b/SOURCES/0001-Avoid-integer-overflow-leading-to-out-of-bounds-writ.patch @@ -0,0 +1,29 @@ +From a1f88e842e0216a5b4df1ab023caebe33c101395 Mon Sep 17 00:00:00 2001 +From: Matt Turner +Date: Wed, 2 Nov 2022 12:07:32 -0400 +Subject: [PATCH] Avoid integer overflow leading to out-of-bounds write + +Thanks to Maddie Stone and Google's Project Zero for discovering this +issue, providing a proof-of-concept, and a great analysis. + +Closes: https://gitlab.freedesktop.org/pixman/pixman/-/issues/63 +--- + pixman/pixman-trap.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/pixman/pixman-trap.c b/pixman/pixman-trap.c +index 91766fd..7560405 100644 +--- a/pixman/pixman-trap.c ++++ b/pixman/pixman-trap.c +@@ -74,7 +74,7 @@ pixman_sample_floor_y (pixman_fixed_t y, + + if (f < Y_FRAC_FIRST (n)) + { +- if (pixman_fixed_to_int (i) == 0x8000) ++ if (pixman_fixed_to_int (i) == 0xffff8000) + { + f = 0; /* saturate */ + } +-- +2.41.0 + diff --git a/SPECS/pixman.spec b/SPECS/pixman.spec index b6244a1..747922a 100644 --- a/SPECS/pixman.spec +++ b/SPECS/pixman.spec @@ -3,7 +3,7 @@ Name: pixman Version: 0.38.4 -Release: 2%{?dist} +Release: 3%{?dist} Summary: Pixel manipulation library Group: System Environment/Libraries @@ -17,6 +17,7 @@ Source0: https://xorg.freedesktop.org/archive/individual/lib/%{name}-%{ve Source1: make-pixman-snapshot.sh Patch0: 0001-Initialize-temporary-buffers-in-general_composite_re.patch +Patch1: 0001-Avoid-integer-overflow-leading-to-out-of-bounds-writ.patch BuildRequires: automake autoconf libtool BuildRequires: gcc @@ -68,6 +69,9 @@ make check %{?_smp_mflags} V=1 %{_libdir}/pkgconfig/pixman-1.pc %changelog +* Mon Oct 09 2023 José Expósito - 0.38.4-3 +- Backport fix for CVE-2022-44638 + * Tue Feb 22 2022 Adam Jackson - 0.38.4-2 - Backport the pixman part of cairo CVE-2020-35492