diff --git a/srcpkgs/libgxps/patches/CVE-2018-10733.patch b/srcpkgs/libgxps/patches/CVE-2018-10733.patch deleted file mode 100644 index b7f07dfdfc5..00000000000 --- a/srcpkgs/libgxps/patches/CVE-2018-10733.patch +++ /dev/null @@ -1,148 +0,0 @@ -Sources: -https://git.gnome.org/browse/libgxps/commit/?id=b458226e162fe1ffe7acb4230c114a52ada5131b - -https://git.gnome.org/browse/libgxps/commit/?id=133fe2a96e020d4ca65c6f64fb28a404050ebbfd -From 133fe2a96e020d4ca65c6f64fb28a404050ebbfd Mon Sep 17 00:00:00 2001 -From: Carlos Garcia Campos -Date: Sat, 5 May 2018 12:02:36 +0200 -Subject: [PATCH] gxps-archive: Handle errors returned by archive_read_data - ---- - libgxps/gxps-archive.c | 7 +++++++ - 1 file changed, 7 insertions(+) - -diff --git libgxps/gxps-archive.c libgxps/gxps-archive.c -index 346ba73..1bae729 100644 ---- libgxps/gxps-archive.c -+++ libgxps/gxps-archive.c -@@ -520,6 +520,13 @@ gxps_archive_input_stream_read (GInputStream *stream, - return -1; - - bytes_read = archive_read_data (istream->zip->archive, buffer, count); -+ if (bytes_read < 0) { -+ g_set_error_literal (error, -+ G_IO_ERROR, -+ g_io_error_from_errno (archive_errno (istream->zip->archive)), -+ archive_error_string (istream->zip->archive)); -+ return -1; -+ } - if (bytes_read == 0 && istream->is_interleaved && !gxps_archive_input_stream_is_last_piece (istream)) { - /* Read next piece */ - gxps_archive_input_stream_next_piece (istream); --- -2.18.1 - -From b458226e162fe1ffe7acb4230c114a52ada5131b Mon Sep 17 00:00:00 2001 -From: Carlos Garcia Campos -Date: Sat, 5 May 2018 12:01:24 +0200 -Subject: [PATCH] gxps-archive: Ensure gxps_archive_read_entry() fills the - GError in case of failure - -And fix the callers to not overwrite the GError. ---- - libgxps/gxps-archive.c | 15 +++++++++++---- - libgxps/gxps-fonts.c | 17 +++++------------ - libgxps/gxps-images.c | 17 ++++++----------- - 3 files changed, 22 insertions(+), 27 deletions(-) - -diff --git libgxps/gxps-archive.c libgxps/gxps-archive.c -index e763773..346ba73 100644 ---- libgxps/gxps-archive.c -+++ libgxps/gxps-archive.c -@@ -406,9 +406,13 @@ gxps_archive_read_entry (GXPSArchive *archive, - gboolean retval; - - stream = gxps_archive_open (archive, path); -- if (!stream) -- /* TODO: Error */ -+ if (!stream) { -+ g_set_error (error, -+ G_IO_ERROR, -+ G_IO_ERROR_NOT_FOUND, -+ "The entry '%s' was not found in archive", path); - return FALSE; -+ } - - entry_size = archive_entry_size (GXPS_ARCHIVE_INPUT_STREAM (stream)->entry); - if (entry_size <= 0) { -@@ -423,7 +427,7 @@ gxps_archive_read_entry (GXPSArchive *archive, - *buffer = g_malloc (buffer_size); - do { - bytes = g_input_stream_read (stream, &buf, BUFFER_SIZE, NULL, error); -- if (*error != NULL) { -+ if (bytes < 0) { - g_free (*buffer); - g_object_unref (stream); - -@@ -441,7 +445,10 @@ gxps_archive_read_entry (GXPSArchive *archive, - g_object_unref (stream); - - if (*bytes_read == 0) { -- /* TODO: Error */ -+ g_set_error (error, -+ G_IO_ERROR, -+ G_IO_ERROR_INVALID_DATA, -+ "The entry '%s' is empty in archive", path); - g_free (*buffer); - return FALSE; - } -diff --git libgxps/gxps-fonts.c libgxps/gxps-fonts.c -index 882157d..8d02ffc 100644 ---- libgxps/gxps-fonts.c -+++ libgxps/gxps-fonts.c -@@ -220,19 +220,12 @@ gxps_fonts_new_font_face (GXPSArchive *zip, - cairo_font_face_t *font_face; - guchar *font_data; - gsize font_data_len; -- gboolean res; - -- res = gxps_archive_read_entry (zip, font_uri, -- &font_data, &font_data_len, -- error); -- if (!res) { -- g_set_error (error, -- GXPS_ERROR, -- GXPS_ERROR_SOURCE_NOT_FOUND, -- "Font source %s not found in archive", -- font_uri); -- return NULL; -- } -+ if (!gxps_archive_read_entry (zip, font_uri, -+ &font_data, &font_data_len, -+ error)) { -+ return NULL; -+ } - - ft_face.font_data = font_data; - ft_face.font_data_len = (gssize)font_data_len; -diff --git libgxps/gxps-images.c libgxps/gxps-images.c -index 4dcf9e2..50f899f 100644 ---- libgxps/gxps-images.c -+++ libgxps/gxps-images.c -@@ -742,17 +742,12 @@ gxps_images_create_from_tiff (GXPSArchive *zip, - guchar *data; - guchar *p; - -- if (!gxps_archive_read_entry (zip, image_uri, -- &buffer.buffer, -- &buffer.buffer_len, -- error)) { -- g_set_error (error, -- GXPS_ERROR, -- GXPS_ERROR_SOURCE_NOT_FOUND, -- "Image source %s not found in archive", -- image_uri); -- return NULL; -- } -+ if (!gxps_archive_read_entry (zip, image_uri, -+ &buffer.buffer, -+ &buffer.buffer_len, -+ error)) { -+ return NULL; -+ } - - buffer.pos = 0; - --- -2.18.1 - diff --git a/srcpkgs/libgxps/patches/CVE-2018-10767.patch b/srcpkgs/libgxps/patches/CVE-2018-10767.patch deleted file mode 100644 index be77fd2d012..00000000000 --- a/srcpkgs/libgxps/patches/CVE-2018-10767.patch +++ /dev/null @@ -1,28 +0,0 @@ -Source: -https://gitlab.gnome.org/GNOME/libgxps/commit/123dd99c6a1ae2ef6fcb5547e51fa58e8c954b51 - -From 123dd99c6a1ae2ef6fcb5547e51fa58e8c954b51 Mon Sep 17 00:00:00 2001 -From: Carlos Garcia Campos -Date: Fri, 8 Dec 2017 11:11:38 +0100 -Subject: [PATCH] gxps-images: fix integer overflow in png decoder - ---- - libgxps/gxps-images.c | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git libgxps/gxps-images.c libgxps/gxps-images.c -index 98c7052..19cb1c0 100644 ---- libgxps/gxps-images.c -+++ libgxps/gxps-images.c -@@ -286,7 +286,7 @@ gxps_images_create_from_png (GXPSArchive *zip, - } - - stride = cairo_format_stride_for_width (format, png_width); -- if (stride < 0) { -+ if (stride < 0 || png_height >= INT_MAX / stride) { - fill_png_error (error, image_uri, NULL); - g_object_unref (stream); - png_destroy_read_struct (&png, &info, NULL); --- -2.18.1 - diff --git a/srcpkgs/libgxps/template b/srcpkgs/libgxps/template index 202085fb1a5..c8e4b27a559 100644 --- a/srcpkgs/libgxps/template +++ b/srcpkgs/libgxps/template @@ -1,7 +1,7 @@ # Template file for 'libgxps' pkgname=libgxps -version=0.3.0 -revision=2 +version=0.3.1 +revision=1 build_style=meson configure_args="-Denable-test=false -Ddisable-introspection=$(vopt_if gir false true)" hostmakedepends="pkg-config $(vopt_if gir gobject-introspection)" @@ -12,7 +12,7 @@ maintainer="Rasmus Thomsen " license="LGPL-2.1-or-later" homepage="https://wiki.gnome.org/Projects/libgxps" distfiles="${GNOME_SITE}/${pkgname}/${version%.*}/${pkgname}-${version}.tar.xz" -checksum=412b1343bd31fee41f7204c47514d34c563ae34dafa4cc710897366bd6cd0fae +checksum=1a939fc8fcea9471b7eca46b1ac90cff89a30d26f65c7c9a375a4bf91223fa94 # Package build options build_options="gir"