helium-3rd-party/poky
1
0
Fork 0
mirror of git://git.yoctoproject.org/poky synced 2026-04-02 02:49:11 +00:00
Code Issues Packages Projects Releases Wiki Activity

gdk-pixbuf: Fix CVE-2025-6199

Browse Source 
Backport the fix for CVE-2025-6199
Add below patch to fix
CVE-2025-6199.patch

Reference: In Ubuntu and debian, fixed patch is given -> [c4986342b2]

(From OE-Core rev: 214b7bc0d2325ab1f8a5c567abd2851c07f45942)

Signed-off-by: Shaik Moin <moins@kpit.com>
Signed-off-by: Fabien Thomas <fabien.thomas@smile.fr>
[YC: removed the extra ".patch" in patches Backport URL]
Signed-off-by: Yoann Congal <yoann.congal@smile.fr>
Signed-off-by: Paul Barker <paul@pbarker.dev>
This commit is contained in:
Shaik Moin 2026-02-26 09:13:53 +05:30 committed by Paul Barker
parent 66d06f3bde
commit 101fc59b73
2 changed files with 37 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

36
meta/recipes-gnome/gdk-pixbuf/gdk-pixbuf/CVE-2025-6199.patch Normal file
View File

@ -0,0 +1,36 @@
From 140200be0b4d5355aab76a6fd474e17d117045ca Mon Sep 17 00:00:00 2001
From: lumi <lumi@suwi.moe>
Date: Sat, 7 Jun 2025 22:27:06 +0200
Subject: [PATCH] lzw: Fix reporting of bytes written in decoder
When the LZW decoder encounters an invalid code, it stops
processing the image and returns the whole buffer size.
It should return the amount of bytes written, instead.
Fixes #257
CVE: CVE-2025-6199
Upstream-Status: Backport [https://gitlab.gnome.org/GNOME/gdk-pixbuf/-/commit/c4986342b241cdc075259565f3fa7a7597d32a32]
Signed-off-by: Shaik Moin <moins@kpit.com>
---
gdk-pixbuf/lzw.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/gdk-pixbuf/lzw.c b/gdk-pixbuf/lzw.c
index 15293560b..4f3dd8beb 100644
--- a/gdk-pixbuf/lzw.c
+++ b/gdk-pixbuf/lzw.c
@@ -208,7 +208,7 @@ lzw_decoder_feed (LZWDecoder *self,
/* Invalid code received - just stop here */
if (self->code >= self->code_table_size) {
self->last_code = self->eoi_code;
- return output_length;
+ return n_written;
}
/* Convert codeword into indexes */
--
2.34.1

1
meta/recipes-gnome/gdk-pixbuf/gdk-pixbuf_2.42.10.bb
View File

@ -21,6 +21,7 @@ SRC_URI = "${GNOME_MIRROR}/${BPN}/${MAJ_VER}/${BPN}-${PV}.tar.xz \
file://fatal-loader.patch \ file://fatal-loader.patch \
file://0001-meson.build-allow-a-subset-of-tests-in-cross-compile.patch \ file://0001-meson.build-allow-a-subset-of-tests-in-cross-compile.patch \
file://CVE-2025-7345.patch \ file://CVE-2025-7345.patch \
file://CVE-2025-6199.patch \
" "
SRC_URI[sha256sum] = "ee9b6c75d13ba096907a2e3c6b27b61bcd17f5c7ebeab5a5b439d2f2e39fe44b" SRC_URI[sha256sum] = "ee9b6c75d13ba096907a2e3c6b27b61bcd17f5c7ebeab5a5b439d2f2e39fe44b"