Mike Gabriel pushed to branch master at Debian and Ubuntu MATE Packaging Team / atril
Commits:
-
d06292b7
by Mike Gabriel at 2019-12-16T08:31:37Z
-
ec37e661
by Mike Gabriel at 2019-12-16T09:09:22Z
-
ef6d5ddc
by Mike Gabriel at 2019-12-16T09:27:26Z
3 changed files:
Changes:
1 |
+atril (1.22.3-1) unstable; urgency=medium
|
|
2 |
+ |
|
3 |
+ * New upstream release.
|
|
4 |
+ * debian/changelog: Document security issue closure for 1.22.1-1.
|
|
5 |
+ * debian/patches:
|
|
6 |
+ + Add CVE-2019-11459.patch. tiff: Handle failure from
|
|
7 |
+ TIFFReadRGBAImageOriented. (Closes: #927821, CVE-2019-11459).
|
|
8 |
+ * debian/control:
|
|
9 |
+ + Add Rules-Requires-Root: field and set it to 'no'.
|
|
10 |
+ + Bump Standards-Version: to 4.4.1. No changes needed.
|
|
11 |
+ |
|
12 |
+ -- Mike Gabriel <mike.gabriel@das-netzwerkteam.de> Mon, 16 Dec 2019 10:23:05 +0100
|
|
13 |
+ |
|
1 | 14 |
atril (1.22.2-1) unstable; urgency=medium
|
2 | 15 |
|
3 | 16 |
[ Martin Wimpress ]
|
... | ... | @@ -12,6 +25,11 @@ atril (1.22.1-1) unstable; urgency=medium |
12 | 25 |
|
13 | 26 |
[ Martin Wimpress ]
|
14 | 27 |
* New upstream release.
|
28 |
+ * debian/patches:
|
|
29 |
+ + Add 0002_CVE-2019-1010006.patch. Fix buffer overflow.
|
|
30 |
+ (CVE-2019-1010006)
|
|
31 |
+ + Add 0001_prevent_no_doc_segfault.patch. Prevent segfaults when no
|
|
32 |
+ document is loaded.
|
|
15 | 33 |
* debian/copyright:
|
16 | 34 |
+ Update copyright attributions.
|
17 | 35 |
* debian/rules:
|
1 |
+From 5ecffe6a75542fc4d82264c9b263fee5d25a84b1 Mon Sep 17 00:00:00 2001
|
|
2 |
+From: Victor Kareh <vkareh@redhat.com>
|
|
3 |
+Date: Sun, 11 Aug 2019 05:20:09 +0300
|
|
4 |
+Subject: [PATCH] tiff: Handle failure from TIFFReadRGBAImageOriented
|
|
5 |
+ |
|
6 |
+The TIFFReadRGBAImageOriented function returns zero if it was unable to
|
|
7 |
+read the image. Return NULL in this case instead of displaying
|
|
8 |
+uninitialized memory.
|
|
9 |
+ |
|
10 |
+This addresses CVE-2019-11459
|
|
11 |
+ |
|
12 |
+upstream commit:
|
|
13 |
+https://gitlab.gnome.org/GNOME/evince/commit/234f034a4
|
|
14 |
+---
|
|
15 |
+ backend/tiff/tiff-document.c | 26 +++++++++++++++++---------
|
|
16 |
+ 1 file changed, 17 insertions(+), 9 deletions(-)
|
|
17 |
+ |
|
18 |
+--- a/backend/tiff/tiff-document.c
|
|
19 |
++++ b/backend/tiff/tiff-document.c
|
|
20 |
+@@ -281,6 +281,15 @@
|
|
21 |
+ g_warning("Failed to allocate memory for rendering.");
|
|
22 |
+ return NULL;
|
|
23 |
+ }
|
|
24 |
++
|
|
25 |
++ if (!TIFFReadRGBAImageOriented (tiff_document->tiff,
|
|
26 |
++ width, height,
|
|
27 |
++ (uint32 *)pixels,
|
|
28 |
++ orientation, 0)) {
|
|
29 |
++ g_warning ("Failed to read TIFF image.");
|
|
30 |
++ g_free (pixels);
|
|
31 |
++ return NULL;
|
|
32 |
++ }
|
|
33 |
+
|
|
34 |
+ surface = cairo_image_surface_create_for_data (pixels,
|
|
35 |
+ CAIRO_FORMAT_RGB24,
|
|
36 |
+@@ -288,11 +297,6 @@
|
|
37 |
+ rowstride);
|
|
38 |
+ cairo_surface_set_user_data (surface, &key,
|
|
39 |
+ pixels, (cairo_destroy_func_t)g_free);
|
|
40 |
+-
|
|
41 |
+- TIFFReadRGBAImageOriented (tiff_document->tiff,
|
|
42 |
+- width, height,
|
|
43 |
+- (uint32 *)pixels,
|
|
44 |
+- orientation, 0);
|
|
45 |
+ pop_handlers ();
|
|
46 |
+
|
|
47 |
+ /* Convert the format returned by libtiff to
|
|
48 |
+@@ -372,14 +376,18 @@
|
|
49 |
+ pixels = g_try_malloc (bytes);
|
|
50 |
+ if (!pixels)
|
|
51 |
+ return NULL;
|
|
52 |
++
|
|
53 |
++ if (!TIFFReadRGBAImageOriented (tiff_document->tiff,
|
|
54 |
++ width, height,
|
|
55 |
++ (uint32 *)pixels,
|
|
56 |
++ ORIENTATION_TOPLEFT, 0)) {
|
|
57 |
++ g_free (pixels);
|
|
58 |
++ return NULL;
|
|
59 |
++ }
|
|
60 |
+
|
|
61 |
+ pixbuf = gdk_pixbuf_new_from_data (pixels, GDK_COLORSPACE_RGB, TRUE, 8,
|
|
62 |
+ width, height, rowstride,
|
|
63 |
+ (GdkPixbufDestroyNotify) g_free, NULL);
|
|
64 |
+- TIFFReadRGBAImageOriented (tiff_document->tiff,
|
|
65 |
+- width, height,
|
|
66 |
+- (uint32 *)pixels,
|
|
67 |
+- ORIENTATION_TOPLEFT, 0);
|
|
68 |
+ pop_handlers ();
|
|
69 |
+
|
|
70 |
+ scaled_pixbuf = gdk_pixbuf_scale_simple (pixbuf,
|
1 |
+CVE-2019-11459.patch
|