diff options
author | Marius Bakke <mbakke@fastmail.com> | 2017-08-10 21:35:32 +0200 |
---|---|---|
committer | Marius Bakke <mbakke@fastmail.com> | 2017-08-10 22:23:31 +0200 |
commit | c2f93e9c07c75e47078ab313ce9e0c90ff130eb1 (patch) | |
tree | bd6bb94f4e764ab40fda86258b26f437974024da /gnu/packages/patches/openjpeg-CVE-2016-9850-CVE-2016-9851.patch | |
parent | 1a1558e88f1f119be9dca28dac0bf554bc6aa171 (diff) | |
download | guix-c2f93e9c07c75e47078ab313ce9e0c90ff130eb1.tar guix-c2f93e9c07c75e47078ab313ce9e0c90ff130eb1.tar.gz |
gnu: openjpeg: Update to 2.2.0 [security fixes].
In addition to the patches we already had (which are not mentioned in the
ChangeLog, but verified by following their respective GitHub issues) this
release also fixes CVE-2016-9112, CVE-2016-5139, CVE-2016-5152, CVE-2016-5158,
CVE-2016-5159, CVE-2016-1626 and CVE-2016-1628.
See <https://github.com/uclouvain/openjpeg/blob/v2.2.0/CHANGELOG.md> for details.
* gnu/packages/patches/openjpeg-CVE-2016-9572-CVE-2016-9573.patch,
gnu/packages/patches/openjpeg-CVE-2016-9850-CVE-2016-9851.patch: Delete files.
* gnu/local.mk (dist_patch_DATA): Remove them.
* gnu/packages/image.scm (openjpeg): Update to 2.2.0.
[source](patches): Remove.
* gnu/packages/gstreamer.scm (gst-plugins-bad)[arguments]: Add phase to patch
hard-coded openjpeg-2.1 path.
Diffstat (limited to 'gnu/packages/patches/openjpeg-CVE-2016-9850-CVE-2016-9851.patch')
-rw-r--r-- | gnu/packages/patches/openjpeg-CVE-2016-9850-CVE-2016-9851.patch | 245 |
1 files changed, 0 insertions, 245 deletions
diff --git a/gnu/packages/patches/openjpeg-CVE-2016-9850-CVE-2016-9851.patch b/gnu/packages/patches/openjpeg-CVE-2016-9850-CVE-2016-9851.patch deleted file mode 100644 index 3f637fa88b..0000000000 --- a/gnu/packages/patches/openjpeg-CVE-2016-9850-CVE-2016-9851.patch +++ /dev/null @@ -1,245 +0,0 @@ -From cadff5fb6e73398de26a92e96d3d7cac893af255 Mon Sep 17 00:00:00 2001 -From: szukw000 <szukw000@arcor.de> -Date: Fri, 9 Dec 2016 08:29:55 +0100 -Subject: [PATCH] These changes repair bugs of #871 and #872 - -email from http://openwall.com/lists/oss-security/2016/12/09/4 -patch is against openjpeg-2.1.2, applies cleanly to 2.1.1. - ---- - src/bin/jp2/converttif.c | 107 +++++++++++++++++++++++++++++++---------------- - 1 file changed, 70 insertions(+), 37 deletions(-) - -diff --git a/src/bin/jp2/converttif.c b/src/bin/jp2/converttif.c -index 143d3be..c690f8b 100644 ---- a/src/bin/jp2/converttif.c -+++ b/src/bin/jp2/converttif.c -@@ -553,20 +553,18 @@ static void tif_32sto16u(const OPJ_INT32* pSrc, OPJ_UINT16* pDst, OPJ_SIZE_T len - - int imagetotif(opj_image_t * image, const char *outfile) - { -- int width, height; -- int bps,adjust, sgnd; -- int tiPhoto; -+ uint32 width, height, bps, tiPhoto; -+ int adjust, sgnd; - TIFF *tif; - tdata_t buf; -- tsize_t strip_size; -+ tmsize_t strip_size, rowStride; - OPJ_UINT32 i, numcomps; -- OPJ_SIZE_T rowStride; - OPJ_INT32* buffer32s = NULL; - OPJ_INT32 const* planes[4]; - convert_32s_PXCX cvtPxToCx = NULL; - convert_32sXXx_C1R cvt32sToTif = NULL; - -- bps = (int)image->comps[0].prec; -+ bps = (uint32)image->comps[0].prec; - planes[0] = image->comps[0].data; - - numcomps = image->numcomps; -@@ -674,13 +672,13 @@ int imagetotif(opj_image_t * image, const char *outfile) - break; - } - sgnd = (int)image->comps[0].sgnd; -- adjust = sgnd ? 1 << (image->comps[0].prec - 1) : 0; -- width = (int)image->comps[0].w; -- height = (int)image->comps[0].h; -+ adjust = sgnd ? (int)(1 << (image->comps[0].prec - 1)) : 0; -+ width = (uint32)image->comps[0].w; -+ height = (uint32)image->comps[0].h; - - TIFFSetField(tif, TIFFTAG_IMAGEWIDTH, width); - TIFFSetField(tif, TIFFTAG_IMAGELENGTH, height); -- TIFFSetField(tif, TIFFTAG_SAMPLESPERPIXEL, numcomps); -+ TIFFSetField(tif, TIFFTAG_SAMPLESPERPIXEL, (uint32)numcomps); - TIFFSetField(tif, TIFFTAG_BITSPERSAMPLE, bps); - TIFFSetField(tif, TIFFTAG_ORIENTATION, ORIENTATION_TOPLEFT); - TIFFSetField(tif, TIFFTAG_PLANARCONFIG, PLANARCONFIG_CONTIG); -@@ -688,8 +686,8 @@ int imagetotif(opj_image_t * image, const char *outfile) - TIFFSetField(tif, TIFFTAG_ROWSPERSTRIP, 1); - - strip_size = TIFFStripSize(tif); -- rowStride = ((OPJ_SIZE_T)width * numcomps * (OPJ_SIZE_T)bps + 7U) / 8U; -- if (rowStride != (OPJ_SIZE_T)strip_size) { -+ rowStride = (width * numcomps * bps + 7U) / 8U; -+ if (rowStride != strip_size) { - fprintf(stderr, "Invalid TIFF strip size\n"); - TIFFClose(tif); - return 1; -@@ -699,7 +697,7 @@ int imagetotif(opj_image_t * image, const char *outfile) - TIFFClose(tif); - return 1; - } -- buffer32s = (OPJ_INT32 *)malloc((OPJ_SIZE_T)width * numcomps * sizeof(OPJ_INT32)); -+ buffer32s = (OPJ_INT32 *)malloc((OPJ_SIZE_T)(width * numcomps * sizeof(OPJ_INT32))); - if (buffer32s == NULL) { - _TIFFfree(buf); - TIFFClose(tif); -@@ -1211,20 +1209,19 @@ opj_image_t* tiftoimage(const char *filename, opj_cparameters_t *parameters) - TIFF *tif; - tdata_t buf; - tstrip_t strip; -- tsize_t strip_size; -+ tmsize_t strip_size; - int j, currentPlane, numcomps = 0, w, h; - OPJ_COLOR_SPACE color_space = OPJ_CLRSPC_UNKNOWN; - opj_image_cmptparm_t cmptparm[4]; /* RGBA */ - opj_image_t *image = NULL; - int has_alpha = 0; -- unsigned short tiBps, tiPhoto, tiSf, tiSpp, tiPC; -- unsigned int tiWidth, tiHeight; -+ uint32 tiBps, tiPhoto, tiSf, tiSpp, tiPC, tiWidth, tiHeight; - OPJ_BOOL is_cinema = OPJ_IS_CINEMA(parameters->rsiz); - convert_XXx32s_C1R cvtTifTo32s = NULL; - convert_32s_CXPX cvtCxToPx = NULL; - OPJ_INT32* buffer32s = NULL; - OPJ_INT32* planes[4]; -- OPJ_SIZE_T rowStride; -+ tmsize_t rowStride; - - tif = TIFFOpen(filename, "r"); - -@@ -1243,22 +1240,35 @@ opj_image_t* tiftoimage(const char *filename, opj_cparameters_t *parameters) - TIFFGetField(tif, TIFFTAG_SAMPLESPERPIXEL, &tiSpp); - TIFFGetField(tif, TIFFTAG_PHOTOMETRIC, &tiPhoto); - TIFFGetField(tif, TIFFTAG_PLANARCONFIG, &tiPC); -- w= (int)tiWidth; -- h= (int)tiHeight; -- -- if(tiBps > 16U) { -- fprintf(stderr,"tiftoimage: Bits=%d, Only 1 to 16 bits implemented\n",tiBps); -- fprintf(stderr,"\tAborting\n"); -+ -+ if(tiSpp == 0 || tiSpp > 4) { /* should be 1 ... 4 */ -+ fprintf(stderr,"tiftoimage: Bad value for samples per pixel == %hu.\n" -+ "\tAborting.\n", tiSpp); -+ TIFFClose(tif); -+ return NULL; -+ } -+ if(tiBps > 16U || tiBps == 0) { -+ fprintf(stderr,"tiftoimage: Bad values for Bits == %d.\n" -+ "\tMax. 16 Bits are allowed here.\n\tAborting.\n",tiBps); - TIFFClose(tif); - return NULL; - } - if(tiPhoto != PHOTOMETRIC_MINISBLACK && tiPhoto != PHOTOMETRIC_RGB) { -- fprintf(stderr,"tiftoimage: Bad color format %d.\n\tOnly RGB(A) and GRAY(A) has been implemented\n",(int) tiPhoto); -+ fprintf(stderr,"tiftoimage: Bad color format %d.\n" -+ "\tOnly RGB(A) and GRAY(A) has been implemented\n",(int) tiPhoto); - fprintf(stderr,"\tAborting\n"); - TIFFClose(tif); - return NULL; - } -- -+ if(tiWidth == 0 || tiHeight == 0) { -+ fprintf(stderr,"tiftoimage: Bad values for width(%u) " -+ "and/or height(%u)\n\tAborting.\n",tiWidth,tiHeight); -+ TIFFClose(tif); -+ return NULL; -+ } -+ w= (int)tiWidth; -+ h= (int)tiHeight; -+ - switch (tiBps) { - case 1: - case 2: -@@ -1312,7 +1322,7 @@ opj_image_t* tiftoimage(const char *filename, opj_cparameters_t *parameters) - - TIFFGetFieldDefaulted(tif, TIFFTAG_EXTRASAMPLES, - &extrasamples, &sampleinfo); -- -+ - if(extrasamples >= 1) - { - switch(sampleinfo[0]) -@@ -1333,7 +1343,7 @@ opj_image_t* tiftoimage(const char *filename, opj_cparameters_t *parameters) - else /* extrasamples == 0 */ - if(tiSpp == 4 || tiSpp == 2) has_alpha = 1; - } -- -+ - /* initialize image components */ - memset(&cmptparm[0], 0, 4 * sizeof(opj_image_cmptparm_t)); - -@@ -1346,7 +1356,7 @@ opj_image_t* tiftoimage(const char *filename, opj_cparameters_t *parameters) - } else { - is_cinema = 0U; - } -- -+ - if(tiPhoto == PHOTOMETRIC_RGB) /* RGB(A) */ - { - numcomps = 3 + has_alpha; -@@ -1384,10 +1394,24 @@ opj_image_t* tiftoimage(const char *filename, opj_cparameters_t *parameters) - image->x0 = (OPJ_UINT32)parameters->image_offset_x0; - image->y0 = (OPJ_UINT32)parameters->image_offset_y0; - image->x1 = !image->x0 ? (OPJ_UINT32)(w - 1) * (OPJ_UINT32)subsampling_dx + 1 : -- image->x0 + (OPJ_UINT32)(w - 1) * (OPJ_UINT32)subsampling_dx + 1; -+ image->x0 + (OPJ_UINT32)(w - 1) * (OPJ_UINT32)subsampling_dx + 1; -+ if(image->x1 <= image->x0) { -+ fprintf(stderr,"tiftoimage: Bad value for image->x1(%d) vs. " -+ "image->x0(%d)\n\tAborting.\n",image->x1,image->x0); -+ TIFFClose(tif); -+ opj_image_destroy(image); -+ return NULL; -+ } - image->y1 = !image->y0 ? (OPJ_UINT32)(h - 1) * (OPJ_UINT32)subsampling_dy + 1 : -- image->y0 + (OPJ_UINT32)(h - 1) * (OPJ_UINT32)subsampling_dy + 1; -- -+ image->y0 + (OPJ_UINT32)(h - 1) * (OPJ_UINT32)subsampling_dy + 1; -+ if(image->y1 <= image->y0) { -+ fprintf(stderr,"tiftoimage: Bad value for image->y1(%d) vs. " -+ "image->y0(%d)\n\tAborting.\n",image->y1,image->y0); -+ TIFFClose(tif); -+ opj_image_destroy(image); -+ return NULL; -+ } -+ - for(j = 0; j < numcomps; j++) - { - planes[j] = image->comps[j].data; -@@ -1395,15 +1419,15 @@ opj_image_t* tiftoimage(const char *filename, opj_cparameters_t *parameters) - image->comps[numcomps - 1].alpha = (OPJ_UINT16)(1 - (numcomps & 1)); - - strip_size = TIFFStripSize(tif); -- -+ - buf = _TIFFmalloc(strip_size); - if (buf == NULL) { - TIFFClose(tif); - opj_image_destroy(image); - return NULL; - } -- rowStride = ((OPJ_SIZE_T)w * tiSpp * tiBps + 7U) / 8U; -- buffer32s = (OPJ_INT32 *)malloc((OPJ_SIZE_T)w * tiSpp * sizeof(OPJ_INT32)); -+ rowStride = (w * tiSpp * tiBps + 7U) / 8U; -+ buffer32s = (OPJ_INT32 *)malloc((OPJ_SIZE_T)(w * tiSpp * sizeof(OPJ_INT32))); - if (buffer32s == NULL) { - _TIFFfree(buf); - TIFFClose(tif); -@@ -1421,11 +1445,20 @@ opj_image_t* tiftoimage(const char *filename, opj_cparameters_t *parameters) - for(; (h > 0) && (strip < TIFFNumberOfStrips(tif)); strip++) - { - const OPJ_UINT8 *dat8; -- OPJ_SIZE_T ssize; -+ tmsize_t ssize; - -- ssize = (OPJ_SIZE_T)TIFFReadEncodedStrip(tif, strip, buf, strip_size); -+ ssize = TIFFReadEncodedStrip(tif, strip, buf, strip_size); -+ if(ssize < 1 || ssize > strip_size) { -+ fprintf(stderr,"tiftoimage: Bad value for ssize(%ld) " -+ "vs. strip_size(%ld).\n\tAborting.\n",ssize,strip_size); -+ _TIFFfree(buf); -+ _TIFFfree(buffer32s); -+ TIFFClose(tif); -+ opj_image_destroy(image); -+ return NULL; -+ } - dat8 = (const OPJ_UINT8*)buf; -- -+ - while (ssize >= rowStride) { - cvtTifTo32s(dat8, buffer32s, (OPJ_SIZE_T)w * tiSpp); - cvtCxToPx(buffer32s, planes, (OPJ_SIZE_T)w); |