r49721 - in /desktop/jessie/eog/debian: changelog patches/0001-EogErrorMessageArea-Make-sure-error-messages-are-val.patch patches/series

Sat Aug 27 21:09:12 UTC 2016

Author: rbalint
Date: Sat Aug 27 21:09:12 2016
New Revision: 49721

URL: http://svn.debian.org/wsvn/pkg-gnome/?sc=1&rev=49721
Log:
Add fix to eog for CVE-2016-6855

Added:
    desktop/jessie/eog/debian/patches/0001-EogErrorMessageArea-Make-sure-error-messages-are-val.patch
Modified:
    desktop/jessie/eog/debian/changelog
    desktop/jessie/eog/debian/patches/series

Modified: desktop/jessie/eog/debian/changelog
URL: http://svn.debian.org/wsvn/pkg-gnome/desktop/jessie/eog/debian/changelog?rev=49721&op=diff
==============================================================================

--- desktop/jessie/eog/debian/changelog	[utf-8] (original)
+++ desktop/jessie/eog/debian/changelog	[utf-8] Sat Aug 27 21:09:12 2016
@@ -1,3 +1,10 @@
+eog (3.14.1-1+deb8u1) UNRELEASED; urgency=medium
+
+  * Make sure error messages are valid UTF8. This fixes out-of-bounds
+    write when passing invalid UTF-8 to GMarkup (CVE-2016-6855)
+
+ -- Balint Reczey <balint at balintreczey.hu>  Sat, 27 Aug 2016 22:21:00 +0200
+
 eog (3.14.1-1) unstable; urgency=medium
 
   * New upstream release.

Added: desktop/jessie/eog/debian/patches/0001-EogErrorMessageArea-Make-sure-error-messages-are-val.patch
URL: http://svn.debian.org/wsvn/pkg-gnome/desktop/jessie/eog/debian/patches/0001-EogErrorMessageArea-Make-sure-error-messages-are-val.patch?rev=49721&op=file
==============================================================================
--- desktop/jessie/eog/debian/patches/0001-EogErrorMessageArea-Make-sure-error-messages-are-val.patch	(added)
+++ desktop/jessie/eog/debian/patches/0001-EogErrorMessageArea-Make-sure-error-messages-are-val.patch	[utf-8] Sat Aug 27 21:09:12 2016
@@ -0,0 +1,47 @@
+From e99a8c00f959652fe7c10e2fa5a3a7a5c25e6af4 Mon Sep 17 00:00:00 2001
+From: Felix Riemann <friemann at gnome.org>
+Date: Sun, 21 Aug 2016 15:56:46 +0200
+Subject: [PATCH] EogErrorMessageArea: Make sure error messages are valid UTF8
+
+GMarkup requires valid UTF8 input strings and would cause odd
+looking messages if given invalid input. This could also trigger an
+out-of-bounds write in glib before 2.44.1. Reported by kaslovdmitri.
+
+https://bugzilla.gnome.org/show_bug.cgi?id=770143
+---
+ src/eog-error-message-area.c | 5 +++--
+ 1 file changed, 3 insertions(+), 2 deletions(-)
+
+diff --git a/src/eog-error-message-area.c b/src/eog-error-message-area.c
+index 22de7b1..938ba96 100644
+--- a/src/eog-error-message-area.c
++++ b/src/eog-error-message-area.c
+@@ -28,6 +28,7 @@
+ 
+ #include "eog-error-message-area.h"
+ #include "eog-image.h"
++#include "eog-util.h"
+ 
+ #include <glib.h>
+ #include <glib/gi18n.h>
+@@ -218,7 +219,7 @@ eog_image_load_error_message_area_new (const gchar  *caption,
+ 	error_message = g_strdup_printf (_("Could not load image '%s'."),
+ 					 pango_escaped_caption);
+ 
+-	message_details = g_strdup (error->message);
++	message_details = eog_util_make_valid_utf8 (error->message);
+ 
+ 	message_area = create_error_message_area (error_message,
+ 						  message_details,
+@@ -260,7 +261,7 @@ eog_image_save_error_message_area_new (const gchar  *caption,
+ 	error_message = g_strdup_printf (_("Could not save image '%s'."),
+ 					 pango_escaped_caption);
+ 
+-	message_details = g_strdup (error->message);
++	message_details = eog_util_make_valid_utf8 (error->message);
+ 
+ 	message_area = create_error_message_area (error_message,
+ 						  message_details,
+-- 
+2.1.4
+

Modified: desktop/jessie/eog/debian/patches/series
URL: http://svn.debian.org/wsvn/pkg-gnome/desktop/jessie/eog/debian/patches/series?rev=49721&op=diff
==============================================================================
--- desktop/jessie/eog/debian/patches/series	[utf-8] (original)
+++ desktop/jessie/eog/debian/patches/series	[utf-8] Sat Aug 27 21:09:12 2016
@@ -0,0 +1 @@
+0001-EogErrorMessageArea-Make-sure-error-messages-are-val.patch


