From 613de77c525f23ae18b5521fc1bdb21e7ad103b0 Mon Sep 17 00:00:00 2001 From: Erik van Pienbroek Date: May 29 2014 14:54:56 +0000 Subject: Fix CVE-2013-6425 (RHBZ #1043744) --- diff --git a/5e14da97f16e421d084a9e735be21b1025150f0c.patch b/5e14da97f16e421d084a9e735be21b1025150f0c.patch new file mode 100644 index 0000000..b47a484 --- /dev/null +++ b/5e14da97f16e421d084a9e735be21b1025150f0c.patch @@ -0,0 +1,26 @@ +From 5e14da97f16e421d084a9e735be21b1025150f0c Mon Sep 17 00:00:00 2001 +From: Ritesh Khadgaray +Date: Wed, 23 Oct 2013 21:29:07 +0000 +Subject: pixman_trapezoid_valid(): Fix underflow when bottom is close to MIN_INT + +If t->bottom is close to MIN_INT (probably invalid value), subtracting +top can lead to underflow which causes crashes. Attached patch will +fix the issue. + +This fixes bug 67484. +--- +diff --git a/pixman/pixman.h b/pixman/pixman.h +index 7ff9fb5..509ba5e 100644 +--- a/pixman/pixman.h ++++ b/pixman/pixman.h +@@ -1030,7 +1030,7 @@ struct pixman_triangle + #define pixman_trapezoid_valid(t) \ + ((t)->left.p1.y != (t)->left.p2.y && \ + (t)->right.p1.y != (t)->right.p2.y && \ +- (int) ((t)->bottom - (t)->top) > 0) ++ ((t)->bottom > (t)->top)) + + struct pixman_span_fix + { +-- +cgit v0.9.0.2-2-gbebe diff --git a/mingw-pixman.spec b/mingw-pixman.spec index cccc46d..fd33366 100644 --- a/mingw-pixman.spec +++ b/mingw-pixman.spec @@ -2,7 +2,7 @@ Name: mingw-pixman Version: 0.30.0 -Release: 3%{?dist} +Release: 4%{?dist} Summary: MinGW Windows Pixman library License: MIT @@ -12,6 +12,9 @@ Group: Development/Libraries Source0: http://cairographics.org/releases/pixman-%{version}.tar.gz Source1: make-pixman-snapshot.sh +# CVE-2013-6425 +Patch0: 5e14da97f16e421d084a9e735be21b1025150f0c.patch + BuildArch: noarch BuildRequires: mingw32-filesystem >= 95 @@ -63,6 +66,7 @@ Static version of the cross compiled Pixman library. %prep %setup -q -n pixman-%{version} +%patch0 -p1 %build @@ -103,6 +107,9 @@ find $RPM_BUILD_ROOT -name "*.la" -delete %changelog +* Thu May 29 2014 Erik van Pienbroek - 0.30.0-4 +- Fix CVE-2013-6425 (RHBZ #1043744) + * Wed Sep 04 2013 Kalev Lember - 0.30.0-3 - Disable SSE2 (fdo#68300)