From bc1a812e62b471c410ec9aa982fbb1b436de8890 Mon Sep 17 00:00:00 2001 From: Zhang Peng Date: Tue, 3 Dec 2024 16:59:01 +0800 Subject: libgsf: upgrade 1.14.52 -> 1.14.53 Changelog: * Compilation fixes for libxml 2.13 * Fix ABR in gsf-vba-dump. * Teach gsf (the tool) to handle odf properties. * Fix integer overflows affecting memory allocation. * Add missing "DocumentStatus" ole2 property. * Avoid some undefined C behaviour in overflow checks. Security fixes: CVE-2024-42415 An integer overflow vulnerability exists in the Compound Document Binary File format parser of v1.14.52 of the GNOME Project G Structured File Library (libgsf). A specially crafted file can result in an integer overflow that allows for a heap-based buffer overflow when processing the sector allocation table. This can lead to arbitrary code execution. An attacker can provide a malicious file to trigger this vulnerability. CVE-2024-36474 An integer overflow vulnerability exists in the Compound Document Binary File format parser of the GNOME Project G Structured File Library (libgsf) version v1.14.52. A specially crafted file can result in an integer overflow when processing the directory from the file that allows for an out-of-bounds index to be used when reading and writing to an array. This can lead to arbitrary code execution. An attacker can provide a malicious file to trigger this vulnerability. Reference: [https://gitlab.gnome.org/GNOME/libgsf/-/issues/34] (master rev: 6ed5891c18fc78a69764af0a29ad9b5feefb1aa8) Signed-off-by: Zhang Peng Signed-off-by: Armin Kuster --- meta-gnome/recipes-gnome/libgsf/libgsf_1.14.52.bb | 22 ---------------------- meta-gnome/recipes-gnome/libgsf/libgsf_1.14.53.bb | 22 ++++++++++++++++++++++ 2 files changed, 22 insertions(+), 22 deletions(-) delete mode 100644 meta-gnome/recipes-gnome/libgsf/libgsf_1.14.52.bb create mode 100644 meta-gnome/recipes-gnome/libgsf/libgsf_1.14.53.bb diff --git a/meta-gnome/recipes-gnome/libgsf/libgsf_1.14.52.bb b/meta-gnome/recipes-gnome/libgsf/libgsf_1.14.52.bb deleted file mode 100644 index 7e1842b1ac..0000000000 --- a/meta-gnome/recipes-gnome/libgsf/libgsf_1.14.52.bb +++ /dev/null @@ -1,22 +0,0 @@ -SUMMARY = "GNOME Structured File Library" -LICENSE = "LGPL-2.1-only" -LIC_FILES_CHKSUM = "file://COPYING;md5=61464cfe342798eeced82efe9ae55f63" - -SECTION = "libs" - -DEPENDS= "libxml2 bzip2 glib-2.0 zlib" - -GNOMEBASEBUILDCLASS = "autotools" -inherit gnomebase gobject-introspection gettext gtk-doc - -SRC_URI[archive.sha256sum] = "9181c914b9fac0e05d6bcaa34c7b552fe5fc0961d3c9f8c01ccc381fb084bcf0" -SRC_URI += "file://0001-configure.ac-drop-a-copy-paste-of-introspection.m4-m.patch" - -PACKAGECONFIG ??= "" -PACKAGECONFIG[gdk-pixbuf] = "--with-gdk-pixbuf,--without-gdk-pixbuf,gdk-pixbuf" - -EXTRA_OECONF = "\ - --with-bz2 \ -" - -FILES:${PN} += "${datadir}/thumbnailers" diff --git a/meta-gnome/recipes-gnome/libgsf/libgsf_1.14.53.bb b/meta-gnome/recipes-gnome/libgsf/libgsf_1.14.53.bb new file mode 100644 index 0000000000..ffa24e8120 --- /dev/null +++ b/meta-gnome/recipes-gnome/libgsf/libgsf_1.14.53.bb @@ -0,0 +1,22 @@ +SUMMARY = "GNOME Structured File Library" +LICENSE = "LGPL-2.1-only" +LIC_FILES_CHKSUM = "file://COPYING;md5=61464cfe342798eeced82efe9ae55f63" + +SECTION = "libs" + +DEPENDS= "libxml2 bzip2 glib-2.0 zlib" + +GNOMEBASEBUILDCLASS = "autotools" +inherit gnomebase gobject-introspection gettext gtk-doc + +SRC_URI[archive.sha256sum] = "0eb59a86e0c50f97ac9cfe4d8cc1969f623f2ae8c5296f2414571ff0a9e8bcba" +SRC_URI += " file://0001-configure.ac-drop-a-copy-paste-of-introspection.m4-m.patch" + +PACKAGECONFIG ??= "" +PACKAGECONFIG[gdk-pixbuf] = "--with-gdk-pixbuf,--without-gdk-pixbuf,gdk-pixbuf" + +EXTRA_OECONF = "\ + --with-bz2 \ +" + +FILES:${PN} += "${datadir}/thumbnailers" -- cgit v1.2.3-54-g00ecf