aboutsummaryrefslogtreecommitdiff
path: root/gnu/packages/patches
diff options
context:
space:
mode:
authorMark H Weaver <mhw@netris.org>2016-12-10 23:03:57 -0500
committerMark H Weaver <mhw@netris.org>2016-12-10 23:03:57 -0500
commitd94691e0c21440657ad198b03145743d4a876829 (patch)
tree20dd105c352c117244eed15f6ffcc3ea3ba43b00 /gnu/packages/patches
parent72c0b687800a617b891565f5a85bb06c1e1ba015 (diff)
parentedd1652e0a66c7d0713c810c1e3711840d5ab8bc (diff)
downloadguix-d94691e0c21440657ad198b03145743d4a876829.tar
guix-d94691e0c21440657ad198b03145743d4a876829.tar.gz
Merge branch 'master' into staging
Diffstat (limited to 'gnu/packages/patches')
-rw-r--r--gnu/packages/patches/openjpeg-CVE-2015-6581.patch47
-rw-r--r--gnu/packages/patches/openjpeg-CVE-2016-9850-CVE-2016-9851.patch245
2 files changed, 245 insertions, 47 deletions
diff --git a/gnu/packages/patches/openjpeg-CVE-2015-6581.patch b/gnu/packages/patches/openjpeg-CVE-2015-6581.patch
deleted file mode 100644
index 7ce03501f4..0000000000
--- a/gnu/packages/patches/openjpeg-CVE-2015-6581.patch
+++ /dev/null
@@ -1,47 +0,0 @@
-From 0fa5a17c98c4b8f9ee2286f4f0a50cf52a5fccb0 Mon Sep 17 00:00:00 2001
-From: Matthieu Darbois <mayeut@users.noreply.github.com>
-Date: Tue, 19 May 2015 21:57:27 +0000
-Subject: [PATCH] [trunk] Correct potential double free on malloc failure in
- opj_j2k_copy_default_tcp_and_create_tcp (fixes issue 492)
-
----
- src/lib/openjp2/j2k.c | 9 +++++++++
- 1 file changed, 9 insertions(+)
-
-diff --git a/src/lib/openjp2/j2k.c b/src/lib/openjp2/j2k.c
-index 8c62a39..cbdd368 100644
---- a/src/lib/openjp2/j2k.c
-+++ b/src/lib/openjp2/j2k.c
-@@ -7365,6 +7365,12 @@ static OPJ_BOOL opj_j2k_copy_default_tcp_and_create_tcd ( opj_j2k_t * p_j2
- l_tcp->cod = 0;
- l_tcp->ppt = 0;
- l_tcp->ppt_data = 00;
-+ /* Remove memory not owned by this tile in case of early error return. */
-+ l_tcp->m_mct_decoding_matrix = 00;
-+ l_tcp->m_nb_max_mct_records = 0;
-+ l_tcp->m_mct_records = 00;
-+ l_tcp->m_nb_max_mcc_records = 0;
-+ l_tcp->m_mcc_records = 00;
- /* Reconnect the tile-compo coding parameters pointer to the current tile coding parameters*/
- l_tcp->tccps = l_current_tccp;
-
-@@ -7402,6 +7408,8 @@ static OPJ_BOOL opj_j2k_copy_default_tcp_and_create_tcd ( opj_j2k_t * p_j2
-
- ++l_src_mct_rec;
- ++l_dest_mct_rec;
-+ /* Update with each pass to free exactly what has been allocated on early return. */
-+ l_tcp->m_nb_max_mct_records += 1;
- }
-
- /* Get the mcc_record of the dflt_tile_cp and copy them into the current tile cp*/
-@@ -7411,6 +7419,7 @@ static OPJ_BOOL opj_j2k_copy_default_tcp_and_create_tcd ( opj_j2k_t * p_j2
- return OPJ_FALSE;
- }
- memcpy(l_tcp->m_mcc_records,l_default_tcp->m_mcc_records,l_mcc_records_size);
-+ l_tcp->m_nb_max_mcc_records = l_default_tcp->m_nb_max_mcc_records;
-
- /* Copy the mcc record data from dflt_tile_cp to the current tile*/
- l_src_mcc_rec = l_default_tcp->m_mcc_records;
---
-2.5.0
-
diff --git a/gnu/packages/patches/openjpeg-CVE-2016-9850-CVE-2016-9851.patch b/gnu/packages/patches/openjpeg-CVE-2016-9850-CVE-2016-9851.patch
new file mode 100644
index 0000000000..3f637fa88b
--- /dev/null
+++ b/gnu/packages/patches/openjpeg-CVE-2016-9850-CVE-2016-9851.patch
@@ -0,0 +1,245 @@
+From cadff5fb6e73398de26a92e96d3d7cac893af255 Mon Sep 17 00:00:00 2001
+From: szukw000 <szukw000@arcor.de>
+Date: Fri, 9 Dec 2016 08:29:55 +0100
+Subject: [PATCH] These changes repair bugs of #871 and #872
+
+email from http://openwall.com/lists/oss-security/2016/12/09/4
+patch is against openjpeg-2.1.2, applies cleanly to 2.1.1.
+
+---
+ src/bin/jp2/converttif.c | 107 +++++++++++++++++++++++++++++++----------------
+ 1 file changed, 70 insertions(+), 37 deletions(-)
+
+diff --git a/src/bin/jp2/converttif.c b/src/bin/jp2/converttif.c
+index 143d3be..c690f8b 100644
+--- a/src/bin/jp2/converttif.c
++++ b/src/bin/jp2/converttif.c
+@@ -553,20 +553,18 @@ static void tif_32sto16u(const OPJ_INT32* pSrc, OPJ_UINT16* pDst, OPJ_SIZE_T len
+
+ int imagetotif(opj_image_t * image, const char *outfile)
+ {
+- int width, height;
+- int bps,adjust, sgnd;
+- int tiPhoto;
++ uint32 width, height, bps, tiPhoto;
++ int adjust, sgnd;
+ TIFF *tif;
+ tdata_t buf;
+- tsize_t strip_size;
++ tmsize_t strip_size, rowStride;
+ OPJ_UINT32 i, numcomps;
+- OPJ_SIZE_T rowStride;
+ OPJ_INT32* buffer32s = NULL;
+ OPJ_INT32 const* planes[4];
+ convert_32s_PXCX cvtPxToCx = NULL;
+ convert_32sXXx_C1R cvt32sToTif = NULL;
+
+- bps = (int)image->comps[0].prec;
++ bps = (uint32)image->comps[0].prec;
+ planes[0] = image->comps[0].data;
+
+ numcomps = image->numcomps;
+@@ -674,13 +672,13 @@ int imagetotif(opj_image_t * image, const char *outfile)
+ break;
+ }
+ sgnd = (int)image->comps[0].sgnd;
+- adjust = sgnd ? 1 << (image->comps[0].prec - 1) : 0;
+- width = (int)image->comps[0].w;
+- height = (int)image->comps[0].h;
++ adjust = sgnd ? (int)(1 << (image->comps[0].prec - 1)) : 0;
++ width = (uint32)image->comps[0].w;
++ height = (uint32)image->comps[0].h;
+
+ TIFFSetField(tif, TIFFTAG_IMAGEWIDTH, width);
+ TIFFSetField(tif, TIFFTAG_IMAGELENGTH, height);
+- TIFFSetField(tif, TIFFTAG_SAMPLESPERPIXEL, numcomps);
++ TIFFSetField(tif, TIFFTAG_SAMPLESPERPIXEL, (uint32)numcomps);
+ TIFFSetField(tif, TIFFTAG_BITSPERSAMPLE, bps);
+ TIFFSetField(tif, TIFFTAG_ORIENTATION, ORIENTATION_TOPLEFT);
+ TIFFSetField(tif, TIFFTAG_PLANARCONFIG, PLANARCONFIG_CONTIG);
+@@ -688,8 +686,8 @@ int imagetotif(opj_image_t * image, const char *outfile)
+ TIFFSetField(tif, TIFFTAG_ROWSPERSTRIP, 1);
+
+ strip_size = TIFFStripSize(tif);
+- rowStride = ((OPJ_SIZE_T)width * numcomps * (OPJ_SIZE_T)bps + 7U) / 8U;
+- if (rowStride != (OPJ_SIZE_T)strip_size) {
++ rowStride = (width * numcomps * bps + 7U) / 8U;
++ if (rowStride != strip_size) {
+ fprintf(stderr, "Invalid TIFF strip size\n");
+ TIFFClose(tif);
+ return 1;
+@@ -699,7 +697,7 @@ int imagetotif(opj_image_t * image, const char *outfile)
+ TIFFClose(tif);
+ return 1;
+ }
+- buffer32s = (OPJ_INT32 *)malloc((OPJ_SIZE_T)width * numcomps * sizeof(OPJ_INT32));
++ buffer32s = (OPJ_INT32 *)malloc((OPJ_SIZE_T)(width * numcomps * sizeof(OPJ_INT32)));
+ if (buffer32s == NULL) {
+ _TIFFfree(buf);
+ TIFFClose(tif);
+@@ -1211,20 +1209,19 @@ opj_image_t* tiftoimage(const char *filename, opj_cparameters_t *parameters)
+ TIFF *tif;
+ tdata_t buf;
+ tstrip_t strip;
+- tsize_t strip_size;
++ tmsize_t strip_size;
+ int j, currentPlane, numcomps = 0, w, h;
+ OPJ_COLOR_SPACE color_space = OPJ_CLRSPC_UNKNOWN;
+ opj_image_cmptparm_t cmptparm[4]; /* RGBA */
+ opj_image_t *image = NULL;
+ int has_alpha = 0;
+- unsigned short tiBps, tiPhoto, tiSf, tiSpp, tiPC;
+- unsigned int tiWidth, tiHeight;
++ uint32 tiBps, tiPhoto, tiSf, tiSpp, tiPC, tiWidth, tiHeight;
+ OPJ_BOOL is_cinema = OPJ_IS_CINEMA(parameters->rsiz);
+ convert_XXx32s_C1R cvtTifTo32s = NULL;
+ convert_32s_CXPX cvtCxToPx = NULL;
+ OPJ_INT32* buffer32s = NULL;
+ OPJ_INT32* planes[4];
+- OPJ_SIZE_T rowStride;
++ tmsize_t rowStride;
+
+ tif = TIFFOpen(filename, "r");
+
+@@ -1243,22 +1240,35 @@ opj_image_t* tiftoimage(const char *filename, opj_cparameters_t *parameters)
+ TIFFGetField(tif, TIFFTAG_SAMPLESPERPIXEL, &tiSpp);
+ TIFFGetField(tif, TIFFTAG_PHOTOMETRIC, &tiPhoto);
+ TIFFGetField(tif, TIFFTAG_PLANARCONFIG, &tiPC);
+- w= (int)tiWidth;
+- h= (int)tiHeight;
+-
+- if(tiBps > 16U) {
+- fprintf(stderr,"tiftoimage: Bits=%d, Only 1 to 16 bits implemented\n",tiBps);
+- fprintf(stderr,"\tAborting\n");
++
++ if(tiSpp == 0 || tiSpp > 4) { /* should be 1 ... 4 */
++ fprintf(stderr,"tiftoimage: Bad value for samples per pixel == %hu.\n"
++ "\tAborting.\n", tiSpp);
++ TIFFClose(tif);
++ return NULL;
++ }
++ if(tiBps > 16U || tiBps == 0) {
++ fprintf(stderr,"tiftoimage: Bad values for Bits == %d.\n"
++ "\tMax. 16 Bits are allowed here.\n\tAborting.\n",tiBps);
+ TIFFClose(tif);
+ return NULL;
+ }
+ if(tiPhoto != PHOTOMETRIC_MINISBLACK && tiPhoto != PHOTOMETRIC_RGB) {
+- fprintf(stderr,"tiftoimage: Bad color format %d.\n\tOnly RGB(A) and GRAY(A) has been implemented\n",(int) tiPhoto);
++ fprintf(stderr,"tiftoimage: Bad color format %d.\n"
++ "\tOnly RGB(A) and GRAY(A) has been implemented\n",(int) tiPhoto);
+ fprintf(stderr,"\tAborting\n");
+ TIFFClose(tif);
+ return NULL;
+ }
+-
++ if(tiWidth == 0 || tiHeight == 0) {
++ fprintf(stderr,"tiftoimage: Bad values for width(%u) "
++ "and/or height(%u)\n\tAborting.\n",tiWidth,tiHeight);
++ TIFFClose(tif);
++ return NULL;
++ }
++ w= (int)tiWidth;
++ h= (int)tiHeight;
++
+ switch (tiBps) {
+ case 1:
+ case 2:
+@@ -1312,7 +1322,7 @@ opj_image_t* tiftoimage(const char *filename, opj_cparameters_t *parameters)
+
+ TIFFGetFieldDefaulted(tif, TIFFTAG_EXTRASAMPLES,
+ &extrasamples, &sampleinfo);
+-
++
+ if(extrasamples >= 1)
+ {
+ switch(sampleinfo[0])
+@@ -1333,7 +1343,7 @@ opj_image_t* tiftoimage(const char *filename, opj_cparameters_t *parameters)
+ else /* extrasamples == 0 */
+ if(tiSpp == 4 || tiSpp == 2) has_alpha = 1;
+ }
+-
++
+ /* initialize image components */
+ memset(&cmptparm[0], 0, 4 * sizeof(opj_image_cmptparm_t));
+
+@@ -1346,7 +1356,7 @@ opj_image_t* tiftoimage(const char *filename, opj_cparameters_t *parameters)
+ } else {
+ is_cinema = 0U;
+ }
+-
++
+ if(tiPhoto == PHOTOMETRIC_RGB) /* RGB(A) */
+ {
+ numcomps = 3 + has_alpha;
+@@ -1384,10 +1394,24 @@ opj_image_t* tiftoimage(const char *filename, opj_cparameters_t *parameters)
+ image->x0 = (OPJ_UINT32)parameters->image_offset_x0;
+ image->y0 = (OPJ_UINT32)parameters->image_offset_y0;
+ image->x1 = !image->x0 ? (OPJ_UINT32)(w - 1) * (OPJ_UINT32)subsampling_dx + 1 :
+- image->x0 + (OPJ_UINT32)(w - 1) * (OPJ_UINT32)subsampling_dx + 1;
++ image->x0 + (OPJ_UINT32)(w - 1) * (OPJ_UINT32)subsampling_dx + 1;
++ if(image->x1 <= image->x0) {
++ fprintf(stderr,"tiftoimage: Bad value for image->x1(%d) vs. "
++ "image->x0(%d)\n\tAborting.\n",image->x1,image->x0);
++ TIFFClose(tif);
++ opj_image_destroy(image);
++ return NULL;
++ }
+ image->y1 = !image->y0 ? (OPJ_UINT32)(h - 1) * (OPJ_UINT32)subsampling_dy + 1 :
+- image->y0 + (OPJ_UINT32)(h - 1) * (OPJ_UINT32)subsampling_dy + 1;
+-
++ image->y0 + (OPJ_UINT32)(h - 1) * (OPJ_UINT32)subsampling_dy + 1;
++ if(image->y1 <= image->y0) {
++ fprintf(stderr,"tiftoimage: Bad value for image->y1(%d) vs. "
++ "image->y0(%d)\n\tAborting.\n",image->y1,image->y0);
++ TIFFClose(tif);
++ opj_image_destroy(image);
++ return NULL;
++ }
++
+ for(j = 0; j < numcomps; j++)
+ {
+ planes[j] = image->comps[j].data;
+@@ -1395,15 +1419,15 @@ opj_image_t* tiftoimage(const char *filename, opj_cparameters_t *parameters)
+ image->comps[numcomps - 1].alpha = (OPJ_UINT16)(1 - (numcomps & 1));
+
+ strip_size = TIFFStripSize(tif);
+-
++
+ buf = _TIFFmalloc(strip_size);
+ if (buf == NULL) {
+ TIFFClose(tif);
+ opj_image_destroy(image);
+ return NULL;
+ }
+- rowStride = ((OPJ_SIZE_T)w * tiSpp * tiBps + 7U) / 8U;
+- buffer32s = (OPJ_INT32 *)malloc((OPJ_SIZE_T)w * tiSpp * sizeof(OPJ_INT32));
++ rowStride = (w * tiSpp * tiBps + 7U) / 8U;
++ buffer32s = (OPJ_INT32 *)malloc((OPJ_SIZE_T)(w * tiSpp * sizeof(OPJ_INT32)));
+ if (buffer32s == NULL) {
+ _TIFFfree(buf);
+ TIFFClose(tif);
+@@ -1421,11 +1445,20 @@ opj_image_t* tiftoimage(const char *filename, opj_cparameters_t *parameters)
+ for(; (h > 0) && (strip < TIFFNumberOfStrips(tif)); strip++)
+ {
+ const OPJ_UINT8 *dat8;
+- OPJ_SIZE_T ssize;
++ tmsize_t ssize;
+
+- ssize = (OPJ_SIZE_T)TIFFReadEncodedStrip(tif, strip, buf, strip_size);
++ ssize = TIFFReadEncodedStrip(tif, strip, buf, strip_size);
++ if(ssize < 1 || ssize > strip_size) {
++ fprintf(stderr,"tiftoimage: Bad value for ssize(%ld) "
++ "vs. strip_size(%ld).\n\tAborting.\n",ssize,strip_size);
++ _TIFFfree(buf);
++ _TIFFfree(buffer32s);
++ TIFFClose(tif);
++ opj_image_destroy(image);
++ return NULL;
++ }
+ dat8 = (const OPJ_UINT8*)buf;
+-
++
+ while (ssize >= rowStride) {
+ cvtTifTo32s(dat8, buffer32s, (OPJ_SIZE_T)w * tiSpp);
+ cvtCxToPx(buffer32s, planes, (OPJ_SIZE_T)w);