From af4aca51dcef02ca7b07fd0f77d0f8c856dc54b5 Mon Sep 17 00:00:00 2001
From: Dan Andresan <Dan.Andresan@enea.com>
Date: Fri, 26 Oct 2018 15:03:29 +0200
Subject: gdk-pixbuf: Fix CVE-2017-6311

gdk-pixbuf in the upstream pyro is 2.36.5

CVE: CVE-2017-6311

References:
https://bug778204.bugzilla-attachments.gnome.org/attachment.cgi?id=356474
https://bug778204.bugzilla-attachments.gnome.org/attachment.cgi?id=356475
(two patches were collected in one patch)

Change-Id: I425ea4da5371ef7445b9600ce1b18cb38f56946e
Signed-off-by: Andreas Wellving <andreas.wellving@enea.com>
Signed-off-by: Adrian Mangeac <adrian.mangeac@enea.com>
---
 .../gdk-pixbuf/gdk-pixbuf/CVE-2017-6311.patch      | 109 +++++++++++++++++++++
 .../gdk-pixbuf/gdk-pixbuf_2.36.5.bbappend          |   6 ++
 2 files changed, 115 insertions(+)
 create mode 100644 recipes-gnome/gdk-pixbuf/gdk-pixbuf/CVE-2017-6311.patch
 create mode 100644 recipes-gnome/gdk-pixbuf/gdk-pixbuf_2.36.5.bbappend

diff --git a/recipes-gnome/gdk-pixbuf/gdk-pixbuf/CVE-2017-6311.patch b/recipes-gnome/gdk-pixbuf/gdk-pixbuf/CVE-2017-6311.patch
new file mode 100644
index 0000000..25d55ad
--- /dev/null
+++ b/recipes-gnome/gdk-pixbuf/gdk-pixbuf/CVE-2017-6311.patch
@@ -0,0 +1,109 @@
+From 725afb9a926553b664a1cb1270d38de133f659e1 Mon Sep 17 00:00:00 2001
+From: Andreas Wellving <andreas.wellving@enea.com>
+Date: Mon, 22 Oct 2018 12:21:56 +0200
+Subject: [PATCH] ico: Return an error when the ICO didn't load
+
+If we don't even read enough data to fill the header, return an
+error. This doesn't cover everything that could go wrong with
+the ICO incremental loader, but this is a good first throw.
+
+Upstream-Status: Backport [https://gitlab.gnome.org/GNOME/gdk-pixbuf/commit/7586553]
+
+thumbnailer: Update skeleton to fix a possible crash
+
+If the loader returns a NULL pixbuf without returning an
+error, the skeleton would crash trying to print the error.
+Print that the thumbnailer is broken instead.
+
+https://bugzilla.gnome.org/show_bug.cgi?id=778204
+
+Upstream-Status: Backport [https://gitlab.gnome.org/GNOME/gdk-pixbuf/commit/57362ed]
+
+CVE: CVE-2017-6311
+Signed-off-by: Andreas Wellving <andreas.wellving@enea.com>
+---
+ gdk-pixbuf/io-ico.c                      | 11 ++++++++++-
+ thumbnailer/gnome-thumbnailer-skeleton.c | 14 ++++++++++++--
+ 2 files changed, 22 insertions(+), 3 deletions(-)
+
+diff --git a/gdk-pixbuf/io-ico.c b/gdk-pixbuf/io-ico.c
+index 2b0441f..68295a3 100644
+--- a/gdk-pixbuf/io-ico.c
++++ b/gdk-pixbuf/io-ico.c
+@@ -605,6 +605,7 @@ gdk_pixbuf__ico_image_stop_load(gpointer data,
+ {
+ 	struct ico_progressive_state *context =
+ 	    (struct ico_progressive_state *) data;
++	gboolean ret = TRUE;
+ 
+         /* FIXME this thing needs to report errors if
+          * we have unused image data
+@@ -612,8 +613,16 @@ gdk_pixbuf__ico_image_stop_load(gpointer data,
+ 
+ 	g_return_val_if_fail(context != NULL, TRUE);
+ 
++	if (context->HeaderDone < context->HeaderSize) {
++		g_set_error_literal (error,
++				     GDK_PIXBUF_ERROR,
++				     GDK_PIXBUF_ERROR_CORRUPT_IMAGE,
++				     _("ICO image was truncated or incomplete."));
++		ret = FALSE;
++	}
++
+ 	context_free (context);
+-        return TRUE;
++        return ret;
+ }
+ 
+ static void
+diff --git a/thumbnailer/gnome-thumbnailer-skeleton.c b/thumbnailer/gnome-thumbnailer-skeleton.c
+index d686432..73da53e 100644
+--- a/thumbnailer/gnome-thumbnailer-skeleton.c
++++ b/thumbnailer/gnome-thumbnailer-skeleton.c
+@@ -37,6 +37,7 @@ static int output_size = 256;
+ static gboolean g_fatal_warnings = FALSE;
+ static char **filenames = NULL;
+ 
++#if !GDK_PIXBUF_CHECK_VERSION(2,36,5)
+ /**
+  * gnome_desktop_thumbnail_scale_down_pixbuf:
+  * @pixbuf: a #GdkPixbuf
+@@ -178,6 +179,7 @@ gnome_desktop_thumbnail_scale_down_pixbuf (GdkPixbuf *pixbuf,
+ 	
+ 	return dest_pixbuf;
+ }
++#endif
+ 
+ static char *
+ get_target_uri (GFile *file)
+@@ -291,9 +293,16 @@ int main (int argc, char **argv)
+ 
+ 			scale = (double)output_size / MAX (width, height);
+ 
++#if !GDK_PIXBUF_CHECK_VERSION(2,36,5)
+ 			scaled = gnome_desktop_thumbnail_scale_down_pixbuf (pixbuf,
+ 									    floor (width * scale + 0.5),
+ 									    floor (height * scale + 0.5));
++#else
++			scaled = gdk_pixbuf_scale_simple (pixbuf,
++							  floor (width * scale + 0.5),
++							  floor (height * scale + 0.5),
++							  GDK_INTERP_HYPER);
++#endif
+ 			gdk_pixbuf_copy_options (pixbuf, scaled);
+ 			g_object_unref (pixbuf);
+ 			pixbuf = scaled;
+@@ -316,8 +325,9 @@ int main (int argc, char **argv)
+ 	g_free (input_filename);
+ 
+ 	if (!pixbuf) {
+-		g_warning ("Could not thumbnail '%s': %s", filenames[0], error->message);
+-		g_error_free (error);
++		g_warning ("Could not thumbnail '%s': %s", filenames[0],
++			   error ? error->message : "Thumbnailer failed without returning an error");
++		g_clear_error (&error);
+ 		g_strfreev (filenames);
+ 		return 1;
+ 	}
+
+
diff --git a/recipes-gnome/gdk-pixbuf/gdk-pixbuf_2.36.5.bbappend b/recipes-gnome/gdk-pixbuf/gdk-pixbuf_2.36.5.bbappend
new file mode 100644
index 0000000..370bb73
--- /dev/null
+++ b/recipes-gnome/gdk-pixbuf/gdk-pixbuf_2.36.5.bbappend
@@ -0,0 +1,6 @@
+# look for files in the layer first
+FILESEXTRAPATHS_prepend := "${THISDIR}/${PN}:"
+
+SRC_URI += " \
+        file://CVE-2017-6311.patch \
+        "
-- 
cgit v1.2.3-54-g00ecf