deleted file mode 100644
@@ -1,61 +0,0 @@
-From dc296a24862c2bcfbfbd642abbb4826ec282f0a1 Mon Sep 17 00:00:00 2001
-From: Hitendra Prajapati <hprajapati@mvista.com>
-Date: Mon, 8 Aug 2022 17:28:21 +0530
-Subject: [PATCH] CVE-2021-46829
-
-Upstream-Status: Backport [https://gitlab.gnome.org/GNOME/gdk-pixbuf/-/commit/5398f04d772f7f8baf5265715696ed88db0f0512]
-CVE: CVE-2021-46829
-Signed-off-by: Hitendra Prajapati <hprajapati@mvista.com>
----
- gdk-pixbuf/io-gif-animation.c | 21 +++++++++++++--------
- 1 file changed, 13 insertions(+), 8 deletions(-)
-
-diff --git a/gdk-pixbuf/io-gif-animation.c b/gdk-pixbuf/io-gif-animation.c
-index 8335cdd..71d9265 100644
---- a/gdk-pixbuf/io-gif-animation.c
-+++ b/gdk-pixbuf/io-gif-animation.c
-@@ -369,7 +369,7 @@ composite_frame (GdkPixbufGifAnim *anim, GdkPixbufFrame *frame)
- for (i = 0; i < n_indexes; i++) {
- guint8 index = index_buffer[i];
- guint x, y;
-- int offset;
-+ gsize offset;
-
- if (index == frame->transparent_index)
- continue;
-@@ -379,11 +379,13 @@ composite_frame (GdkPixbufGifAnim *anim, GdkPixbufFrame *frame)
- if (x >= anim->width || y >= anim->height)
- continue;
-
-- offset = y * gdk_pixbuf_get_rowstride (anim->last_frame_data) + x * 4;
-- pixels[offset + 0] = frame->color_map[index * 3 + 0];
-- pixels[offset + 1] = frame->color_map[index * 3 + 1];
-- pixels[offset + 2] = frame->color_map[index * 3 + 2];
-- pixels[offset + 3] = 255;
-+ if (g_size_checked_mul (&offset, gdk_pixbuf_get_rowstride (anim->last_frame_data), y) &&
-+ g_size_checked_add (&offset, offset, x * 4)) {
-+ pixels[offset + 0] = frame->color_map[index * 3 + 0];
-+ pixels[offset + 1] = frame->color_map[index * 3 + 1];
-+ pixels[offset + 2] = frame->color_map[index * 3 + 2];
-+ pixels[offset + 3] = 255;
-+ }
- }
-
- out:
-@@ -448,8 +450,11 @@ gdk_pixbuf_gif_anim_iter_get_pixbuf (GdkPixbufAnimationIter *anim_iter)
- x_end = MIN (anim->last_frame->x_offset + anim->last_frame->width, anim->width);
- y_end = MIN (anim->last_frame->y_offset + anim->last_frame->height, anim->height);
- for (y = anim->last_frame->y_offset; y < y_end; y++) {
-- guchar *line = pixels + y * gdk_pixbuf_get_rowstride (anim->last_frame_data) + anim->last_frame->x_offset * 4;
-- memset (line, 0, (x_end - anim->last_frame->x_offset) * 4);
-+ gsize offset;
-+ if (g_size_checked_mul (&offset, gdk_pixbuf_get_rowstride (anim->last_frame_data), y) &&
-+ g_size_checked_add (&offset, offset, anim->last_frame->x_offset * 4)) {
-+ memset (pixels + offset, 0, (x_end - anim->last_frame->x_offset) * 4);
-+ }
- }
- break;
- case GDK_PIXBUF_FRAME_REVERT:
-2.25.1
-
@@ -21,7 +21,6 @@ SRC_URI = "${GNOME_MIRROR}/${BPN}/${MAJ_VER}/${BPN}-${PV}.tar.xz \
file://run-ptest \
file://fatal-loader.patch \
file://0001-Add-use_prebuilt_tools-option.patch \
- file://CVE-2021-46829.patch \
"
SRC_URI[sha256sum] = "c4a6b75b7ed8f58ca48da830b9fa00ed96d668d3ab4b1f723dcf902f78bde77f"
From: Hitendra Prajapati <hprajapati@mvista.com> CVE will be fixed in subsequent stable release update This reverts commit 978bc910ac326e34ec4f99c4645a80ed09c65407. --- .../gdk-pixbuf/CVE-2021-46829.patch | 61 ------------------- .../gdk-pixbuf/gdk-pixbuf_2.42.6.bb | 1 - 2 files changed, 62 deletions(-) delete mode 100644 meta/recipes-gnome/gdk-pixbuf/gdk-pixbuf/CVE-2021-46829.patch