mirrors/aports
1
0
Fork 0
mirror of https://gitlab.alpinelinux.org/alpine/aports.git synced 2026-05-05 20:36:40 +02:00
Code Issues Packages Projects Releases Wiki Activity

main/libcroco: fix a few CVEs

Browse Source 
- CVE-2017-8834
- CVE-2017-8871

Also add comments for:

- CVE-2017-7960
- CVE-2017-7961
This commit is contained in:
Leo 2019-07-21 02:35:49 -03:00 committed by Natanael Copa
parent 177d553d27
commit ac4f22e825
2 changed files with 42 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

16
main/libcroco/APKBUILD
View File

@ -1,14 +1,23 @@
# Maintainer: Natanael Copa <ncopa@alpinelinux.org>
pkgname=libcroco
pkgver=0.6.13
pkgrel=0
pkgrel=1
pkgdesc="GNOME CSS2 parsing and manipulation toolkit"
url="http://www.gnome.org"
arch="all"
license="LGPL-2.1-only"
subpackages="$pkgname-dev $pkgname-doc"
makedepends="glib-dev libxml2-dev"
source="https://download.gnome.org/sources/$pkgname/0.6/$pkgname-$pkgver.tar.xz"
source="https://download.gnome.org/sources/$pkgname/0.6/$pkgname-$pkgver.tar.xz
CVE-2017-8871-and-CVE-2017-8834.patch
"
# secfixes:
# 0.6.13-r1:
# - CVE-2017-7960
# - CVE-2017-7961
# - CVE-2017-8871
# - CVE-2017-8834
build() {
cd "$builddir"
@ -29,4 +38,5 @@ package() {
cd "$builddir"
make DESTDIR="$pkgdir" install
}
sha512sums="038a3ac9d160a8cf86a8a88c34367e154ef26ede289c93349332b7bc449a5199b51ea3611cebf3a2416ae23b9e45ecf8f9c6b24ea6d16a5519b796d3c7e272d4 libcroco-0.6.13.tar.xz"
sha512sums="038a3ac9d160a8cf86a8a88c34367e154ef26ede289c93349332b7bc449a5199b51ea3611cebf3a2416ae23b9e45ecf8f9c6b24ea6d16a5519b796d3c7e272d4 libcroco-0.6.13.tar.xz
568ad8205f5c2ab1eb949ef664671069fad5991e43992e35092738c1a741289303dba343c8002caec817d1c27fe5645dc2a861573fb4d91074aef59ff41f3d27 CVE-2017-8871-and-CVE-2017-8834.patch"

29
main/libcroco/CVE-2017-8871-and-CVE-2017-8834.patch Normal file
View File

@ -0,0 +1,29 @@
From deda38539f5b25616aa294d8b19d33ebf8e175ff Mon Sep 17 00:00:00 2001
From: Mike Gorse <mgorse@alum.wpi.edu>
Date: Thu, 2 May 2019 10:54:43 -0500
Subject: [PATCH] cr_utils_read_char_from_utf8_buf: move past invalid UTF-8
Otherwise, the offending character is never consumed, possibly leading
to an infinite loop.
https://bugzilla.gnome.org/show_bug.cgi?id=782647
---
src/cr-utils.c | 1 +
1 file changed, 1 insertion(+)
diff --git a/src/cr-utils.c b/src/cr-utils.c
index 2420cec..6cf4849 100644
--- a/src/cr-utils.c
+++ b/src/cr-utils.c
@@ -505,6 +505,7 @@ cr_utils_read_char_from_utf8_buf (const guchar * a_in,
} else {
/*BAD ENCODING */
+ nb_bytes_2_decode = 1;
goto end;
}
--
2.20.1