Update to 1.14.91
This commit is contained in:
parent
972f0b0033
commit
700bbaa6f2
1
.gitignore
vendored
1
.gitignore
vendored
@ -45,3 +45,4 @@
|
|||||||
/wayland-1.13.92.tar.xz
|
/wayland-1.13.92.tar.xz
|
||||||
/wayland-1.13.93.tar.xz
|
/wayland-1.13.93.tar.xz
|
||||||
/wayland-1.14.0.tar.xz
|
/wayland-1.14.0.tar.xz
|
||||||
|
/wayland-1.14.91.tar.xz
|
||||||
|
@ -1,52 +0,0 @@
|
|||||||
From 5d201df72f3d4f4cb8b8f75f980169b03507da38 Mon Sep 17 00:00:00 2001
|
|
||||||
From: Tobias Stoeckmann <tobias@stoeckmann.org>
|
|
||||||
Date: Tue, 28 Nov 2017 21:38:07 +0100
|
|
||||||
Subject: [PATCH] cursor: Fix heap overflows when parsing malicious files.
|
|
||||||
|
|
||||||
It is possible to trigger heap overflows due to an integer overflow
|
|
||||||
while parsing images.
|
|
||||||
|
|
||||||
The integer overflow occurs because the chosen limit 0x10000 for
|
|
||||||
dimensions is too large for 32 bit systems, because each pixel takes
|
|
||||||
4 bytes. Properly chosen values allow an overflow which in turn will
|
|
||||||
lead to less allocated memory than needed for subsequent reads.
|
|
||||||
|
|
||||||
See also: https://cgit.freedesktop.org/xorg/lib/libXcursor/commit/?id=4794b5dd34688158fb51a2943032569d3780c4b8
|
|
||||||
Fixes: https://bugs.freedesktop.org/show_bug.cgi?id=103961
|
|
||||||
|
|
||||||
Signed-off-by: Tobias Stoeckmann <tobias@stoeckmann.org>
|
|
||||||
[Pekka: add link to the corresponding libXcursor commit]
|
|
||||||
Signed-off-by: Pekka Paalanen <pekka.paalanen@collabora.co.uk>
|
|
||||||
---
|
|
||||||
cursor/xcursor.c | 8 +++++++-
|
|
||||||
1 file changed, 7 insertions(+), 1 deletion(-)
|
|
||||||
|
|
||||||
diff --git a/cursor/xcursor.c b/cursor/xcursor.c
|
|
||||||
index ca41c4ac611f..689c7026729d 100644
|
|
||||||
--- a/cursor/xcursor.c
|
|
||||||
+++ b/cursor/xcursor.c
|
|
||||||
@@ -202,6 +202,11 @@ XcursorImageCreate (int width, int height)
|
|
||||||
{
|
|
||||||
XcursorImage *image;
|
|
||||||
|
|
||||||
+ if (width < 0 || height < 0)
|
|
||||||
+ return NULL;
|
|
||||||
+ if (width > XCURSOR_IMAGE_MAX_SIZE || height > XCURSOR_IMAGE_MAX_SIZE)
|
|
||||||
+ return NULL;
|
|
||||||
+
|
|
||||||
image = malloc (sizeof (XcursorImage) +
|
|
||||||
width * height * sizeof (XcursorPixel));
|
|
||||||
if (!image)
|
|
||||||
@@ -482,7 +487,8 @@ _XcursorReadImage (XcursorFile *file,
|
|
||||||
if (!_XcursorReadUInt (file, &head.delay))
|
|
||||||
return NULL;
|
|
||||||
/* sanity check data */
|
|
||||||
- if (head.width >= 0x10000 || head.height > 0x10000)
|
|
||||||
+ if (head.width > XCURSOR_IMAGE_MAX_SIZE ||
|
|
||||||
+ head.height > XCURSOR_IMAGE_MAX_SIZE)
|
|
||||||
return NULL;
|
|
||||||
if (head.width == 0 || head.height == 0)
|
|
||||||
return NULL;
|
|
||||||
--
|
|
||||||
2.14.3
|
|
||||||
|
|
2
sources
2
sources
@ -1 +1 @@
|
|||||||
SHA512 (wayland-1.14.0.tar.xz) = bd38b2b8963d4d98d42c270e5d7dbff6323789a173b19b67a18258424fd8adee5021b282c9d7f6dad0bd25aa0160e76aecd8ed803d4eb25d911ef0a81cd713a5
|
SHA512 (wayland-1.14.91.tar.xz) = e9a1f465188c46e82512efba1c7502fee1201f3ddfb7afe132c406c3fb728f0f5144580663bea4cdc2af38794f00b2c30369ca6e04fdcb691b9ed1889bc11344
|
||||||
|
11
wayland.spec
11
wayland.spec
@ -1,16 +1,12 @@
|
|||||||
Name: wayland
|
Name: wayland
|
||||||
Version: 1.14.0
|
Version: 1.14.91
|
||||||
Release: 3%{?dist}
|
Release: 1%{?dist}
|
||||||
Summary: Wayland Compositor Infrastructure
|
Summary: Wayland Compositor Infrastructure
|
||||||
|
|
||||||
License: MIT
|
License: MIT
|
||||||
URL: http://wayland.freedesktop.org/
|
URL: http://wayland.freedesktop.org/
|
||||||
Source0: http://wayland.freedesktop.org/releases/%{name}-%{version}.tar.xz
|
Source0: http://wayland.freedesktop.org/releases/%{name}-%{version}.tar.xz
|
||||||
|
|
||||||
# https://lists.freedesktop.org/archives/wayland-devel/2017-November/035979.html
|
|
||||||
# Backported from upstream
|
|
||||||
Patch0: 0001-cursor-Fix-heap-overflows-when-parsing-malicious-fil.patch
|
|
||||||
|
|
||||||
BuildRequires: chrpath
|
BuildRequires: chrpath
|
||||||
BuildRequires: docbook-style-xsl
|
BuildRequires: docbook-style-xsl
|
||||||
BuildRequires: doxygen
|
BuildRequires: doxygen
|
||||||
@ -131,6 +127,9 @@ XDG_RUNTIME_DIR=$PWD/tests/run make check || \
|
|||||||
%{_libdir}/libwayland-server.so.0*
|
%{_libdir}/libwayland-server.so.0*
|
||||||
|
|
||||||
%changelog
|
%changelog
|
||||||
|
* Tue Feb 27 2018 Kalev Lember <klember@redhat.com> - 1.14.91-1
|
||||||
|
- Update to 1.14.91
|
||||||
|
|
||||||
* Fri Feb 09 2018 Fedora Release Engineering <releng@fedoraproject.org> - 1.14.0-3
|
* Fri Feb 09 2018 Fedora Release Engineering <releng@fedoraproject.org> - 1.14.0-3
|
||||||
- Rebuilt for https://fedoraproject.org/wiki/Fedora_28_Mass_Rebuild
|
- Rebuilt for https://fedoraproject.org/wiki/Fedora_28_Mass_Rebuild
|
||||||
|
|
||||||
|
Loading…
Reference in New Issue
Block a user