summaryrefslogtreecommitdiff
path: root/gnu/packages/patches
diff options
context:
space:
mode:
authorMarius Bakke <mbakke@fastmail.com>2017-10-06 11:03:27 +0200
committerMarius Bakke <mbakke@fastmail.com>2017-10-06 11:03:27 +0200
commit6a317919cf0f9dbc651a4a41f9ed99c49bf2d543 (patch)
tree9454b6c587b75ee1e3625be64f39cc39a5154db6 /gnu/packages/patches
parent68932812b8f6581dda4bf1896235492f687b7cc9 (diff)
parent8bde6a524e19d2bc9763b84dbf99959faf653bf8 (diff)
Merge branch 'master' into staging
Diffstat (limited to 'gnu/packages/patches')
-rw-r--r--gnu/packages/patches/openjpeg-CVE-2017-12982.patch28
-rw-r--r--gnu/packages/patches/openjpeg-CVE-2017-14040.patch83
-rw-r--r--gnu/packages/patches/openjpeg-CVE-2017-14041.patch25
-rw-r--r--gnu/packages/patches/openjpeg-CVE-2017-14151.patch46
-rw-r--r--gnu/packages/patches/openjpeg-CVE-2017-14152.patch38
-rw-r--r--gnu/packages/patches/openjpeg-CVE-2017-14164.patch89
6 files changed, 0 insertions, 309 deletions
diff --git a/gnu/packages/patches/openjpeg-CVE-2017-12982.patch b/gnu/packages/patches/openjpeg-CVE-2017-12982.patch
deleted file mode 100644
index 3929a73570..0000000000
--- a/gnu/packages/patches/openjpeg-CVE-2017-12982.patch
+++ /dev/null
@@ -1,28 +0,0 @@
-http://openwall.com/lists/oss-security/2017/08/21/1
-https://github.com/uclouvain/openjpeg/commit/baf0c1ad4572daa89caa3b12985bdd93530f0dd7.patch
-
-From baf0c1ad4572daa89caa3b12985bdd93530f0dd7 Mon Sep 17 00:00:00 2001
-From: Even Rouault <even.rouault@spatialys.com>
-Date: Mon, 14 Aug 2017 17:26:58 +0200
-Subject: [PATCH] bmp_read_info_header(): reject bmp files with biBitCount == 0
- (#983)
-
----
- src/bin/jp2/convertbmp.c | 4 ++++
- 1 file changed, 4 insertions(+)
-
-diff --git a/src/bin/jp2/convertbmp.c b/src/bin/jp2/convertbmp.c
-index b49e7a080..2715fdf24 100644
---- a/src/bin/jp2/convertbmp.c
-+++ b/src/bin/jp2/convertbmp.c
-@@ -392,6 +392,10 @@ static OPJ_BOOL bmp_read_info_header(FILE* IN, OPJ_BITMAPINFOHEADER* header)
-
- header->biBitCount = (OPJ_UINT16)getc(IN);
- header->biBitCount |= (OPJ_UINT16)((OPJ_UINT32)getc(IN) << 8);
-+ if (header->biBitCount == 0) {
-+ fprintf(stderr, "Error, invalid biBitCount %d\n", 0);
-+ return OPJ_FALSE;
-+ }
-
- if (header->biSize >= 40U) {
- header->biCompression = (OPJ_UINT32)getc(IN);
diff --git a/gnu/packages/patches/openjpeg-CVE-2017-14040.patch b/gnu/packages/patches/openjpeg-CVE-2017-14040.patch
deleted file mode 100644
index bd7473ba0d..0000000000
--- a/gnu/packages/patches/openjpeg-CVE-2017-14040.patch
+++ /dev/null
@@ -1,83 +0,0 @@
-http://openwall.com/lists/oss-security/2017/08/28/3
-https://github.com/uclouvain/openjpeg/commit/2cd30c2b06ce332dede81cccad8b334cde997281.patch
-
-From 2cd30c2b06ce332dede81cccad8b334cde997281 Mon Sep 17 00:00:00 2001
-From: Even Rouault <even.rouault@spatialys.com>
-Date: Thu, 17 Aug 2017 11:47:40 +0200
-Subject: [PATCH] tgatoimage(): avoid excessive memory allocation attempt, and
- fixes unaligned load (#995)
-
----
- src/bin/jp2/convert.c | 39 +++++++++++++++++++++++++++------------
- 1 file changed, 27 insertions(+), 12 deletions(-)
-
-diff --git a/src/bin/jp2/convert.c b/src/bin/jp2/convert.c
-index a4eb81f6a..73dfc8d5f 100644
---- a/src/bin/jp2/convert.c
-+++ b/src/bin/jp2/convert.c
-@@ -580,13 +580,10 @@ struct tga_header {
- };
- #endif /* INFORMATION_ONLY */
-
--static unsigned short get_ushort(const unsigned char *data)
-+/* Returns a ushort from a little-endian serialized value */
-+static unsigned short get_tga_ushort(const unsigned char *data)
- {
-- unsigned short val = *(const unsigned short *)data;
--#ifdef OPJ_BIG_ENDIAN
-- val = ((val & 0xffU) << 8) | (val >> 8);
--#endif
-- return val;
-+ return data[0] | (data[1] << 8);
- }
-
- #define TGA_HEADER_SIZE 18
-@@ -613,17 +610,17 @@ static int tga_readheader(FILE *fp, unsigned int *bits_per_pixel,
- id_len = tga[0];
- /*cmap_type = tga[1];*/
- image_type = tga[2];
-- /*cmap_index = get_ushort(&tga[3]);*/
-- cmap_len = get_ushort(&tga[5]);
-+ /*cmap_index = get_tga_ushort(&tga[3]);*/
-+ cmap_len = get_tga_ushort(&tga[5]);
- cmap_entry_size = tga[7];
-
-
- #if 0
-- x_origin = get_ushort(&tga[8]);
-- y_origin = get_ushort(&tga[10]);
-+ x_origin = get_tga_ushort(&tga[8]);
-+ y_origin = get_tga_ushort(&tga[10]);
- #endif
-- image_w = get_ushort(&tga[12]);
-- image_h = get_ushort(&tga[14]);
-+ image_w = get_tga_ushort(&tga[12]);
-+ image_h = get_tga_ushort(&tga[14]);
- pixel_depth = tga[16];
- image_desc = tga[17];
-
-@@ -817,6 +814,24 @@ opj_image_t* tgatoimage(const char *filename, opj_cparameters_t *parameters)
- color_space = OPJ_CLRSPC_SRGB;
- }
-
-+ /* If the declared file size is > 10 MB, check that the file is big */
-+ /* enough to avoid excessive memory allocations */
-+ if (image_height != 0 && image_width > 10000000 / image_height / numcomps) {
-+ char ch;
-+ OPJ_UINT64 expected_file_size =
-+ (OPJ_UINT64)image_width * image_height * numcomps;
-+ long curpos = ftell(f);
-+ if (expected_file_size > (OPJ_UINT64)INT_MAX) {
-+ expected_file_size = (OPJ_UINT64)INT_MAX;
-+ }
-+ fseek(f, (long)expected_file_size - 1, SEEK_SET);
-+ if (fread(&ch, 1, 1, f) != 1) {
-+ fclose(f);
-+ return NULL;
-+ }
-+ fseek(f, curpos, SEEK_SET);
-+ }
-+
- subsampling_dx = parameters->subsampling_dx;
- subsampling_dy = parameters->subsampling_dy;
-
diff --git a/gnu/packages/patches/openjpeg-CVE-2017-14041.patch b/gnu/packages/patches/openjpeg-CVE-2017-14041.patch
deleted file mode 100644
index 6e3fccf3c0..0000000000
--- a/gnu/packages/patches/openjpeg-CVE-2017-14041.patch
+++ /dev/null
@@ -1,25 +0,0 @@
-http://openwall.com/lists/oss-security/2017/08/28/4
-https://github.com/uclouvain/openjpeg/commit/e5285319229a5d77bf316bb0d3a6cbd3cb8666d9.patch
-
-From e5285319229a5d77bf316bb0d3a6cbd3cb8666d9 Mon Sep 17 00:00:00 2001
-From: Even Rouault <even.rouault@spatialys.com>
-Date: Fri, 18 Aug 2017 13:39:20 +0200
-Subject: [PATCH] pgxtoimage(): fix write stack buffer overflow (#997)
-
----
- src/bin/jp2/convert.c | 2 +-
- 1 file changed, 1 insertion(+), 1 deletion(-)
-
-diff --git a/src/bin/jp2/convert.c b/src/bin/jp2/convert.c
-index 5459f7d44..e606c9be7 100644
---- a/src/bin/jp2/convert.c
-+++ b/src/bin/jp2/convert.c
-@@ -1185,7 +1185,7 @@ opj_image_t* pgxtoimage(const char *filename, opj_cparameters_t *parameters)
- }
-
- fseek(f, 0, SEEK_SET);
-- if (fscanf(f, "PG%[ \t]%c%c%[ \t+-]%d%[ \t]%d%[ \t]%d", temp, &endian1,
-+ if (fscanf(f, "PG%31[ \t]%c%c%31[ \t+-]%d%31[ \t]%d%31[ \t]%d", temp, &endian1,
- &endian2, signtmp, &prec, temp, &w, temp, &h) != 9) {
- fclose(f);
- fprintf(stderr,
diff --git a/gnu/packages/patches/openjpeg-CVE-2017-14151.patch b/gnu/packages/patches/openjpeg-CVE-2017-14151.patch
deleted file mode 100644
index 4fcf6af6db..0000000000
--- a/gnu/packages/patches/openjpeg-CVE-2017-14151.patch
+++ /dev/null
@@ -1,46 +0,0 @@
-https://github.com/uclouvain/openjpeg/commit/afb308b9ccbe129608c9205cf3bb39bbefad90b9.patch
-http://openwall.com/lists/oss-security/2017/09/06/1
-
-From afb308b9ccbe129608c9205cf3bb39bbefad90b9 Mon Sep 17 00:00:00 2001
-From: Even Rouault <even.rouault@spatialys.com>
-Date: Mon, 14 Aug 2017 17:20:37 +0200
-Subject: [PATCH] Encoder: grow buffer size in
- opj_tcd_code_block_enc_allocate_data() to avoid write heap buffer overflow in
- opj_mqc_flush (#982)
-
----
- src/lib/openjp2/tcd.c | 7 +++++--
- tests/nonregression/test_suite.ctest.in | 2 ++
- 2 files changed, 7 insertions(+), 2 deletions(-)
-
-diff --git a/src/lib/openjp2/tcd.c b/src/lib/openjp2/tcd.c
-index 301c7213e..53cdcf64d 100644
---- a/src/lib/openjp2/tcd.c
-+++ b/src/lib/openjp2/tcd.c
-@@ -1187,8 +1187,11 @@ static OPJ_BOOL opj_tcd_code_block_enc_allocate_data(opj_tcd_cblk_enc_t *
- {
- OPJ_UINT32 l_data_size;
-
-- /* The +1 is needed for https://github.com/uclouvain/openjpeg/issues/835 */
-- l_data_size = 1 + (OPJ_UINT32)((p_code_block->x1 - p_code_block->x0) *
-+ /* +1 is needed for https://github.com/uclouvain/openjpeg/issues/835 */
-+ /* and actually +2 required for https://github.com/uclouvain/openjpeg/issues/982 */
-+ /* TODO: is there a theoretical upper-bound for the compressed code */
-+ /* block size ? */
-+ l_data_size = 2 + (OPJ_UINT32)((p_code_block->x1 - p_code_block->x0) *
- (p_code_block->y1 - p_code_block->y0) * (OPJ_INT32)sizeof(OPJ_UINT32));
-
- if (l_data_size > p_code_block->data_size) {
-diff --git a/tests/nonregression/test_suite.ctest.in b/tests/nonregression/test_suite.ctest.in
-index aaf40d7d0..ffd964c2a 100644
---- a/tests/nonregression/test_suite.ctest.in
-+++ b/tests/nonregression/test_suite.ctest.in
-@@ -169,6 +169,8 @@ opj_compress -i @INPUT_NR_PATH@/Bretagne2.ppm -o @TEMP_PATH@/Bretagne2_empty_ban
- # Same rate as Bretagne2_4.j2k
- opj_compress -i @INPUT_NR_PATH@/Bretagne2.ppm -o @TEMP_PATH@/Bretagne2_empty_band_r800.j2k -t 2591,1943 -n 2 -r 800
-
-+opj_compress -i @INPUT_NR_PATH@/issue982.bmp -o @TEMP_PATH@/issue982.j2k -n 1
-+
- # DECODER TEST SUITE
- opj_decompress -i @INPUT_NR_PATH@/Bretagne2.j2k -o @TEMP_PATH@/Bretagne2.j2k.pgx
- opj_decompress -i @INPUT_NR_PATH@/_00042.j2k -o @TEMP_PATH@/_00042.j2k.pgx
diff --git a/gnu/packages/patches/openjpeg-CVE-2017-14152.patch b/gnu/packages/patches/openjpeg-CVE-2017-14152.patch
deleted file mode 100644
index 6c083be123..0000000000
--- a/gnu/packages/patches/openjpeg-CVE-2017-14152.patch
+++ /dev/null
@@ -1,38 +0,0 @@
-https://github.com/uclouvain/openjpeg/commit/4241ae6fbbf1de9658764a80944dc8108f2b4154.patch
-http://openwall.com/lists/oss-security/2017/09/06/2
-
-From 4241ae6fbbf1de9658764a80944dc8108f2b4154 Mon Sep 17 00:00:00 2001
-From: Even Rouault <even.rouault@spatialys.com>
-Date: Tue, 15 Aug 2017 11:55:58 +0200
-Subject: [PATCH] Fix assertion in debug mode / heap-based buffer overflow in
- opj_write_bytes_LE for Cinema profiles with numresolutions = 1 (#985)
-
----
- src/lib/openjp2/j2k.c | 14 ++++++++++----
- 1 file changed, 10 insertions(+), 4 deletions(-)
-
-diff --git a/src/lib/openjp2/j2k.c b/src/lib/openjp2/j2k.c
-index a2521ebbc..54b490a8c 100644
---- a/src/lib/openjp2/j2k.c
-+++ b/src/lib/openjp2/j2k.c
-@@ -6573,10 +6573,16 @@ static void opj_j2k_set_cinema_parameters(opj_cparameters_t *parameters,
-
- /* Precincts */
- parameters->csty |= 0x01;
-- parameters->res_spec = parameters->numresolution - 1;
-- for (i = 0; i < parameters->res_spec; i++) {
-- parameters->prcw_init[i] = 256;
-- parameters->prch_init[i] = 256;
-+ if (parameters->numresolution == 1) {
-+ parameters->res_spec = 1;
-+ parameters->prcw_init[0] = 128;
-+ parameters->prch_init[0] = 128;
-+ } else {
-+ parameters->res_spec = parameters->numresolution - 1;
-+ for (i = 0; i < parameters->res_spec; i++) {
-+ parameters->prcw_init[i] = 256;
-+ parameters->prch_init[i] = 256;
-+ }
- }
-
- /* The progression order shall be CPRL */
diff --git a/gnu/packages/patches/openjpeg-CVE-2017-14164.patch b/gnu/packages/patches/openjpeg-CVE-2017-14164.patch
deleted file mode 100644
index 2bfc5a6a85..0000000000
--- a/gnu/packages/patches/openjpeg-CVE-2017-14164.patch
+++ /dev/null
@@ -1,89 +0,0 @@
-https://github.com/uclouvain/openjpeg/commit/dcac91b8c72f743bda7dbfa9032356bc8110098a.patch
-http://openwall.com/lists/oss-security/2017/09/06/3
-
-From dcac91b8c72f743bda7dbfa9032356bc8110098a Mon Sep 17 00:00:00 2001
-From: Even Rouault <even.rouault@spatialys.com>
-Date: Wed, 16 Aug 2017 17:09:10 +0200
-Subject: [PATCH] opj_j2k_write_sot(): fix potential write heap buffer overflow
- (#991)
-
----
- src/lib/openjp2/j2k.c | 25 ++++++++++++++++++++-----
- 1 file changed, 20 insertions(+), 5 deletions(-)
-
-diff --git a/src/lib/openjp2/j2k.c b/src/lib/openjp2/j2k.c
-index 54b490a8c..16915452e 100644
---- a/src/lib/openjp2/j2k.c
-+++ b/src/lib/openjp2/j2k.c
-@@ -832,13 +832,15 @@ static OPJ_BOOL opj_j2k_write_tlm(opj_j2k_t *p_j2k,
- * Writes the SOT marker (Start of tile-part)
- *
- * @param p_j2k J2K codec.
-- * @param p_data FIXME DOC
-- * @param p_data_written FIXME DOC
-+ * @param p_data Output buffer
-+ * @param p_total_data_size Output buffer size
-+ * @param p_data_written Number of bytes written into stream
- * @param p_stream the stream to write data to.
- * @param p_manager the user event manager.
- */
- static OPJ_BOOL opj_j2k_write_sot(opj_j2k_t *p_j2k,
- OPJ_BYTE * p_data,
-+ OPJ_UINT32 p_total_data_size,
- OPJ_UINT32 * p_data_written,
- const opj_stream_private_t *p_stream,
- opj_event_mgr_t * p_manager);
-@@ -4201,6 +4203,7 @@ static OPJ_BOOL opj_j2k_write_tlm(opj_j2k_t *p_j2k,
-
- static OPJ_BOOL opj_j2k_write_sot(opj_j2k_t *p_j2k,
- OPJ_BYTE * p_data,
-+ OPJ_UINT32 p_total_data_size,
- OPJ_UINT32 * p_data_written,
- const opj_stream_private_t *p_stream,
- opj_event_mgr_t * p_manager
-@@ -4214,6 +4217,12 @@ static OPJ_BOOL opj_j2k_write_sot(opj_j2k_t *p_j2k,
- OPJ_UNUSED(p_stream);
- OPJ_UNUSED(p_manager);
-
-+ if (p_total_data_size < 12) {
-+ opj_event_msg(p_manager, EVT_ERROR,
-+ "Not enough bytes in output buffer to write SOT marker\n");
-+ return OPJ_FALSE;
-+ }
-+
- opj_write_bytes(p_data, J2K_MS_SOT,
- 2); /* SOT */
- p_data += 2;
-@@ -11480,7 +11489,8 @@ static OPJ_BOOL opj_j2k_write_first_tile_part(opj_j2k_t *p_j2k,
-
- l_current_nb_bytes_written = 0;
- l_begin_data = p_data;
-- if (! opj_j2k_write_sot(p_j2k, p_data, &l_current_nb_bytes_written, p_stream,
-+ if (! opj_j2k_write_sot(p_j2k, p_data, p_total_data_size,
-+ &l_current_nb_bytes_written, p_stream,
- p_manager)) {
- return OPJ_FALSE;
- }
-@@ -11572,7 +11582,10 @@ static OPJ_BOOL opj_j2k_write_all_tile_parts(opj_j2k_t *p_j2k,
- l_part_tile_size = 0;
- l_begin_data = p_data;
-
-- if (! opj_j2k_write_sot(p_j2k, p_data, &l_current_nb_bytes_written, p_stream,
-+ if (! opj_j2k_write_sot(p_j2k, p_data,
-+ p_total_data_size,
-+ &l_current_nb_bytes_written,
-+ p_stream,
- p_manager)) {
- return OPJ_FALSE;
- }
-@@ -11615,7 +11628,9 @@ static OPJ_BOOL opj_j2k_write_all_tile_parts(opj_j2k_t *p_j2k,
- l_part_tile_size = 0;
- l_begin_data = p_data;
-
-- if (! opj_j2k_write_sot(p_j2k, p_data, &l_current_nb_bytes_written, p_stream,
-+ if (! opj_j2k_write_sot(p_j2k, p_data,
-+ p_total_data_size,
-+ &l_current_nb_bytes_written, p_stream,
- p_manager)) {
- return OPJ_FALSE;
- }