aboutsummaryrefslogtreecommitdiff
path: root/gnu/packages/patches
diff options
context:
space:
mode:
Diffstat (limited to 'gnu/packages/patches')
-rw-r--r--gnu/packages/patches/node-9077.patch31
-rw-r--r--gnu/packages/patches/openjpeg-CVE-2017-14040.patch83
-rw-r--r--gnu/packages/patches/openjpeg-CVE-2017-14041.patch25
3 files changed, 108 insertions, 31 deletions
diff --git a/gnu/packages/patches/node-9077.patch b/gnu/packages/patches/node-9077.patch
deleted file mode 100644
index 6b71d48c0e..0000000000
--- a/gnu/packages/patches/node-9077.patch
+++ /dev/null
@@ -1,31 +0,0 @@
-From fc164acbbb700fd50ab9c04b47fc1b2687e9c0f4 Mon Sep 17 00:00:00 2001
-From: "Bradley T. Hughes" <bradleythughes@fastmail.fm>
-Date: Thu, 13 Oct 2016 07:38:38 +0000
-Subject: [PATCH] build: add -DZLIB_CONST when building with --shared-zlib
-
-Commit 782620f added the define only when building with the bundled
-zlib. Using a shared zlib results in build breakage:
-
-../src/inspector_agent.cc:179:16: error: assigning to 'Bytef *' (aka 'unsigned char *') from incompatible type
- 'const uint8_t *' (aka 'const unsigned char *')
- strm.next_in = PROTOCOL_JSON + 3;
- ^ ~~~~~~~~~~~~~~~~~
-1 error generated.
----
- node.gyp | 3 ++-
- 1 file changed, 2 insertions(+), 1 deletion(-)
-
-diff --git a/node.gyp b/node.gyp
-index 272dc98..667c260 100644
---- a/node.gyp
-+++ b/node.gyp
-@@ -653,7 +653,8 @@
- [ 'node_shared_zlib=="false"', {
- 'dependencies': [
- 'deps/zlib/zlib.gyp:zlib',
-- ]
-+ ]}, {
-+ 'defines': [ 'ZLIB_CONST' ],
- }],
- [ 'node_shared_openssl=="false"', {
- 'dependencies': [
diff --git a/gnu/packages/patches/openjpeg-CVE-2017-14040.patch b/gnu/packages/patches/openjpeg-CVE-2017-14040.patch
new file mode 100644
index 0000000000..bd7473ba0d
--- /dev/null
+++ b/gnu/packages/patches/openjpeg-CVE-2017-14040.patch
@@ -0,0 +1,83 @@
+http://openwall.com/lists/oss-security/2017/08/28/3
+https://github.com/uclouvain/openjpeg/commit/2cd30c2b06ce332dede81cccad8b334cde997281.patch
+
+From 2cd30c2b06ce332dede81cccad8b334cde997281 Mon Sep 17 00:00:00 2001
+From: Even Rouault <even.rouault@spatialys.com>
+Date: Thu, 17 Aug 2017 11:47:40 +0200
+Subject: [PATCH] tgatoimage(): avoid excessive memory allocation attempt, and
+ fixes unaligned load (#995)
+
+---
+ src/bin/jp2/convert.c | 39 +++++++++++++++++++++++++++------------
+ 1 file changed, 27 insertions(+), 12 deletions(-)
+
+diff --git a/src/bin/jp2/convert.c b/src/bin/jp2/convert.c
+index a4eb81f6a..73dfc8d5f 100644
+--- a/src/bin/jp2/convert.c
++++ b/src/bin/jp2/convert.c
+@@ -580,13 +580,10 @@ struct tga_header {
+ };
+ #endif /* INFORMATION_ONLY */
+
+-static unsigned short get_ushort(const unsigned char *data)
++/* Returns a ushort from a little-endian serialized value */
++static unsigned short get_tga_ushort(const unsigned char *data)
+ {
+- unsigned short val = *(const unsigned short *)data;
+-#ifdef OPJ_BIG_ENDIAN
+- val = ((val & 0xffU) << 8) | (val >> 8);
+-#endif
+- return val;
++ return data[0] | (data[1] << 8);
+ }
+
+ #define TGA_HEADER_SIZE 18
+@@ -613,17 +610,17 @@ static int tga_readheader(FILE *fp, unsigned int *bits_per_pixel,
+ id_len = tga[0];
+ /*cmap_type = tga[1];*/
+ image_type = tga[2];
+- /*cmap_index = get_ushort(&tga[3]);*/
+- cmap_len = get_ushort(&tga[5]);
++ /*cmap_index = get_tga_ushort(&tga[3]);*/
++ cmap_len = get_tga_ushort(&tga[5]);
+ cmap_entry_size = tga[7];
+
+
+ #if 0
+- x_origin = get_ushort(&tga[8]);
+- y_origin = get_ushort(&tga[10]);
++ x_origin = get_tga_ushort(&tga[8]);
++ y_origin = get_tga_ushort(&tga[10]);
+ #endif
+- image_w = get_ushort(&tga[12]);
+- image_h = get_ushort(&tga[14]);
++ image_w = get_tga_ushort(&tga[12]);
++ image_h = get_tga_ushort(&tga[14]);
+ pixel_depth = tga[16];
+ image_desc = tga[17];
+
+@@ -817,6 +814,24 @@ opj_image_t* tgatoimage(const char *filename, opj_cparameters_t *parameters)
+ color_space = OPJ_CLRSPC_SRGB;
+ }
+
++ /* If the declared file size is > 10 MB, check that the file is big */
++ /* enough to avoid excessive memory allocations */
++ if (image_height != 0 && image_width > 10000000 / image_height / numcomps) {
++ char ch;
++ OPJ_UINT64 expected_file_size =
++ (OPJ_UINT64)image_width * image_height * numcomps;
++ long curpos = ftell(f);
++ if (expected_file_size > (OPJ_UINT64)INT_MAX) {
++ expected_file_size = (OPJ_UINT64)INT_MAX;
++ }
++ fseek(f, (long)expected_file_size - 1, SEEK_SET);
++ if (fread(&ch, 1, 1, f) != 1) {
++ fclose(f);
++ return NULL;
++ }
++ fseek(f, curpos, SEEK_SET);
++ }
++
+ subsampling_dx = parameters->subsampling_dx;
+ subsampling_dy = parameters->subsampling_dy;
+
diff --git a/gnu/packages/patches/openjpeg-CVE-2017-14041.patch b/gnu/packages/patches/openjpeg-CVE-2017-14041.patch
new file mode 100644
index 0000000000..6e3fccf3c0
--- /dev/null
+++ b/gnu/packages/patches/openjpeg-CVE-2017-14041.patch
@@ -0,0 +1,25 @@
+http://openwall.com/lists/oss-security/2017/08/28/4
+https://github.com/uclouvain/openjpeg/commit/e5285319229a5d77bf316bb0d3a6cbd3cb8666d9.patch
+
+From e5285319229a5d77bf316bb0d3a6cbd3cb8666d9 Mon Sep 17 00:00:00 2001
+From: Even Rouault <even.rouault@spatialys.com>
+Date: Fri, 18 Aug 2017 13:39:20 +0200
+Subject: [PATCH] pgxtoimage(): fix write stack buffer overflow (#997)
+
+---
+ src/bin/jp2/convert.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/src/bin/jp2/convert.c b/src/bin/jp2/convert.c
+index 5459f7d44..e606c9be7 100644
+--- a/src/bin/jp2/convert.c
++++ b/src/bin/jp2/convert.c
+@@ -1185,7 +1185,7 @@ opj_image_t* pgxtoimage(const char *filename, opj_cparameters_t *parameters)
+ }
+
+ fseek(f, 0, SEEK_SET);
+- if (fscanf(f, "PG%[ \t]%c%c%[ \t+-]%d%[ \t]%d%[ \t]%d", temp, &endian1,
++ if (fscanf(f, "PG%31[ \t]%c%c%31[ \t+-]%d%31[ \t]%d%31[ \t]%d", temp, &endian1,
+ &endian2, signtmp, &prec, temp, &w, temp, &h) != 9) {
+ fclose(f);
+ fprintf(stderr,