mirror of
https://git.in.rschanz.org/ryan77627/guix.git
synced 2024-12-24 21:38:07 -05:00
gnu: jasper: Add fixes for CVE-2016-1577, CVE-2016-2089, CVE-2016-2116.
* gnu/packages/patches/jasper-CVE-2016-1557.patch, gnu/packages/patches/jasper-CVE-2016-2089.patch, gnu/packages/patches/jasper-CVE-2016-2116.patch: New files. * gnu-system.am (dist_patch_DATA): Add them. * gnu/packages/image.scm (jasper)[source]: Add patches.
This commit is contained in:
parent
165e0382b3
commit
e224495ce1
5 changed files with 136 additions and 1 deletions
|
@ -543,7 +543,10 @@ dist_patch_DATA = \
|
|||
gnu/packages/patches/jasper-CVE-2014-8157.patch \
|
||||
gnu/packages/patches/jasper-CVE-2014-8158.patch \
|
||||
gnu/packages/patches/jasper-CVE-2014-9029.patch \
|
||||
gnu/packages/patches/jasper-CVE-2016-1577.patch \
|
||||
gnu/packages/patches/jasper-CVE-2016-1867.patch \
|
||||
gnu/packages/patches/jasper-CVE-2016-2089.patch \
|
||||
gnu/packages/patches/jasper-CVE-2016-2116.patch \
|
||||
gnu/packages/patches/jbig2dec-ignore-testtest.patch \
|
||||
gnu/packages/patches/kmod-module-directory.patch \
|
||||
gnu/packages/patches/ldc-disable-tests.patch \
|
||||
|
|
|
@ -7,6 +7,7 @@
|
|||
;;; Copyright © 2015 Amirouche Boubekki <amirouche@hypermove.net>
|
||||
;;; Copyright © 2014 John Darrington <jmd@gnu.org>
|
||||
;;; Copyright © 2016 Leo Famulari <leo@famulari.name>
|
||||
;;; Copyright © 2016 Efraim Flashner <efraim@flashner.co.il>
|
||||
;;;
|
||||
;;; This file is part of GNU Guix.
|
||||
;;;
|
||||
|
@ -736,7 +737,10 @@ (define-public jasper
|
|||
(search-patch "jasper-CVE-2014-8157.patch")
|
||||
(search-patch "jasper-CVE-2014-8158.patch")
|
||||
(search-patch "jasper-CVE-2014-9029.patch")
|
||||
(search-patch "jasper-CVE-2016-1867.patch")))))
|
||||
(search-patch "jasper-CVE-2016-1577.patch")
|
||||
(search-patch "jasper-CVE-2016-1867.patch")
|
||||
(search-patch "jasper-CVE-2016-2089.patch")
|
||||
(search-patch "jasper-CVE-2016-2116.patch")))))
|
||||
(build-system gnu-build-system)
|
||||
(native-inputs
|
||||
`(("unzip" ,unzip)))
|
||||
|
|
19
gnu/packages/patches/jasper-CVE-2016-1577.patch
Normal file
19
gnu/packages/patches/jasper-CVE-2016-1577.patch
Normal file
|
@ -0,0 +1,19 @@
|
|||
Description: CVE-2016-1577: Prevent double-free in jas_iccattrval_destroy()
|
||||
Origin: vendor, http://www.openwall.com/lists/oss-security/2016/03/03/12
|
||||
Bug-Ubuntu: https://launchpad.net/bugs/1547865
|
||||
Bug-Debian: https://bugs.debian.org/816625
|
||||
Forwarded: not-needed
|
||||
Author: Tyler Hicks <tyhicks@canonical.com>
|
||||
Reviewed-by: Salvatore Bonaccorso <carnil@debian.org>
|
||||
Last-Update: 2016-03-05
|
||||
|
||||
--- a/src/libjasper/base/jas_icc.c
|
||||
+++ b/src/libjasper/base/jas_icc.c
|
||||
@@ -300,6 +300,7 @@ jas_iccprof_t *jas_iccprof_load(jas_stre
|
||||
if (jas_iccprof_setattr(prof, tagtabent->tag, attrval))
|
||||
goto error;
|
||||
jas_iccattrval_destroy(attrval);
|
||||
+ attrval = 0;
|
||||
} else {
|
||||
#if 0
|
||||
jas_eprintf("warning: skipping unknown tag type\n");
|
90
gnu/packages/patches/jasper-CVE-2016-2089.patch
Normal file
90
gnu/packages/patches/jasper-CVE-2016-2089.patch
Normal file
|
@ -0,0 +1,90 @@
|
|||
Description: CVE-2016-2089: matrix rows_ NULL pointer dereference in jas_matrix_clip()
|
||||
Origin: vendor
|
||||
Bug-RedHat: https://bugzilla.redhat.com/show_bug.cgi?id=1302636
|
||||
Bug-Debian: https://bugs.debian.org/812978
|
||||
Forwarded: not-needed
|
||||
Author: Tomas Hoger <thoger@redhat.com>
|
||||
Reviewed-by: Salvatore Bonaccorso <carnil@debian.org>
|
||||
Last-Update: 2016-03-05
|
||||
|
||||
--- a/src/libjasper/base/jas_image.c
|
||||
+++ b/src/libjasper/base/jas_image.c
|
||||
@@ -426,6 +426,10 @@ int jas_image_readcmpt(jas_image_t *imag
|
||||
return -1;
|
||||
}
|
||||
|
||||
+ if (!data->rows_) {
|
||||
+ return -1;
|
||||
+ }
|
||||
+
|
||||
if (jas_matrix_numrows(data) != height || jas_matrix_numcols(data) != width) {
|
||||
if (jas_matrix_resize(data, height, width)) {
|
||||
return -1;
|
||||
@@ -479,6 +483,10 @@ int jas_image_writecmpt(jas_image_t *ima
|
||||
return -1;
|
||||
}
|
||||
|
||||
+ if (!data->rows_) {
|
||||
+ return -1;
|
||||
+ }
|
||||
+
|
||||
if (jas_matrix_numrows(data) != height || jas_matrix_numcols(data) != width) {
|
||||
return -1;
|
||||
}
|
||||
--- a/src/libjasper/base/jas_seq.c
|
||||
+++ b/src/libjasper/base/jas_seq.c
|
||||
@@ -262,6 +262,10 @@ void jas_matrix_divpow2(jas_matrix_t *ma
|
||||
int rowstep;
|
||||
jas_seqent_t *data;
|
||||
|
||||
+ if (!matrix->rows_) {
|
||||
+ return;
|
||||
+ }
|
||||
+
|
||||
rowstep = jas_matrix_rowstep(matrix);
|
||||
for (i = matrix->numrows_, rowstart = matrix->rows_[0]; i > 0; --i,
|
||||
rowstart += rowstep) {
|
||||
@@ -282,6 +286,10 @@ void jas_matrix_clip(jas_matrix_t *matri
|
||||
jas_seqent_t *data;
|
||||
int rowstep;
|
||||
|
||||
+ if (!matrix->rows_) {
|
||||
+ return;
|
||||
+ }
|
||||
+
|
||||
rowstep = jas_matrix_rowstep(matrix);
|
||||
for (i = matrix->numrows_, rowstart = matrix->rows_[0]; i > 0; --i,
|
||||
rowstart += rowstep) {
|
||||
@@ -306,6 +314,10 @@ void jas_matrix_asr(jas_matrix_t *matrix
|
||||
int rowstep;
|
||||
jas_seqent_t *data;
|
||||
|
||||
+ if (!matrix->rows_) {
|
||||
+ return;
|
||||
+ }
|
||||
+
|
||||
assert(n >= 0);
|
||||
rowstep = jas_matrix_rowstep(matrix);
|
||||
for (i = matrix->numrows_, rowstart = matrix->rows_[0]; i > 0; --i,
|
||||
@@ -325,6 +337,10 @@ void jas_matrix_asl(jas_matrix_t *matrix
|
||||
int rowstep;
|
||||
jas_seqent_t *data;
|
||||
|
||||
+ if (!matrix->rows_) {
|
||||
+ return;
|
||||
+ }
|
||||
+
|
||||
rowstep = jas_matrix_rowstep(matrix);
|
||||
for (i = matrix->numrows_, rowstart = matrix->rows_[0]; i > 0; --i,
|
||||
rowstart += rowstep) {
|
||||
@@ -367,6 +383,10 @@ void jas_matrix_setall(jas_matrix_t *mat
|
||||
int rowstep;
|
||||
jas_seqent_t *data;
|
||||
|
||||
+ if (!matrix->rows_) {
|
||||
+ return;
|
||||
+ }
|
||||
+
|
||||
rowstep = jas_matrix_rowstep(matrix);
|
||||
for (i = matrix->numrows_, rowstart = matrix->rows_[0]; i > 0; --i,
|
||||
rowstart += rowstep) {
|
19
gnu/packages/patches/jasper-CVE-2016-2116.patch
Normal file
19
gnu/packages/patches/jasper-CVE-2016-2116.patch
Normal file
|
@ -0,0 +1,19 @@
|
|||
Description: CVE-2016-2116: Prevent jas_stream_t memory leak in jas_iccprof_createfrombuf()
|
||||
Origin: vendor, http://www.openwall.com/lists/oss-security/2016/03/03/12
|
||||
Bug-Debian: https://bugs.debian.org/816626
|
||||
Forwarded: not-needed
|
||||
Author: Tyler Hicks <tyhicks@canoonical.com>
|
||||
Reviewed-by: Salvatore Bonaccorso <carnil@debian.org>
|
||||
Last-Update: 2016-03-05
|
||||
|
||||
--- a/src/libjasper/base/jas_icc.c
|
||||
+++ b/src/libjasper/base/jas_icc.c
|
||||
@@ -1693,6 +1693,8 @@ jas_iccprof_t *jas_iccprof_createfrombuf
|
||||
jas_stream_close(in);
|
||||
return prof;
|
||||
error:
|
||||
+ if (in)
|
||||
+ jas_stream_close(in);
|
||||
return 0;
|
||||
}
|
||||
|
Loading…
Reference in a new issue