pkgsrc-Changes-HG archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
[pkgsrc/trunk]: pkgsrc/graphics/openjpeg Patch for CVE-2018-16376
details: https://anonhg.NetBSD.org/pkgsrc/rev/153b086b9706
branches: trunk
changeset: 344859:153b086b9706
user: sevan <sevan%pkgsrc.org@localhost>
date: Tue Nov 26 23:10:22 2019 +0000
description:
Patch for CVE-2018-16376
diffstat:
graphics/openjpeg/Makefile | 3 +-
graphics/openjpeg/distinfo | 3 +-
graphics/openjpeg/patches/patch-src_lib_openmj2_t2.c | 37 ++++++++++++++++++++
3 files changed, 41 insertions(+), 2 deletions(-)
diffs (67 lines):
diff -r ebf732098e06 -r 153b086b9706 graphics/openjpeg/Makefile
--- a/graphics/openjpeg/Makefile Tue Nov 26 22:42:03 2019 +0000
+++ b/graphics/openjpeg/Makefile Tue Nov 26 23:10:22 2019 +0000
@@ -1,6 +1,7 @@
-# $NetBSD: Makefile,v 1.17 2019/04/03 08:04:08 adam Exp $
+# $NetBSD: Makefile,v 1.18 2019/11/26 23:10:22 sevan Exp $
DISTNAME= openjpeg-2.3.1
+PKGREVISION= 1
CATEGORIES= graphics
MASTER_SITES= ${MASTER_SITE_GITHUB:=uclouvain/}
GITHUB_TAG= v${PKGVERSION_NOREV}
diff -r ebf732098e06 -r 153b086b9706 graphics/openjpeg/distinfo
--- a/graphics/openjpeg/distinfo Tue Nov 26 22:42:03 2019 +0000
+++ b/graphics/openjpeg/distinfo Tue Nov 26 23:10:22 2019 +0000
@@ -1,4 +1,4 @@
-$NetBSD: distinfo,v 1.14 2019/04/03 08:04:08 adam Exp $
+$NetBSD: distinfo,v 1.15 2019/11/26 23:10:22 sevan Exp $
SHA1 (openjpeg-2.3.1.tar.gz) = 38321fa9730252039ad0b7f247a160a8164f5871
RMD160 (openjpeg-2.3.1.tar.gz) = 31b75aa70f5d26dd1b7e374a9e4b6be1842fefe7
@@ -8,3 +8,4 @@
SHA1 (patch-src_bin_jp2_CMakeLists.txt) = c9f709c23d6bab7a3c705640d66a00ec90ddabc7
SHA1 (patch-src_lib_openjp2_CMakeLists.txt) = d839121ec2d008e5d3e1676d3e7ac3642bc946f7
SHA1 (patch-src_lib_openjp2_opj__config__private.h.cmake.in) = fc0c170789dbe0a2ebc9dce0ef0d21aa6b2edd49
+SHA1 (patch-src_lib_openmj2_t2.c) = 7689b3d82a5d346707a3519f183757356e118a8c
diff -r ebf732098e06 -r 153b086b9706 graphics/openjpeg/patches/patch-src_lib_openmj2_t2.c
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/graphics/openjpeg/patches/patch-src_lib_openmj2_t2.c Tue Nov 26 23:10:22 2019 +0000
@@ -0,0 +1,37 @@
+$NetBSD: patch-src_lib_openmj2_t2.c,v 1.1 2019/11/26 23:10:22 sevan Exp $
+
+CVE-2018-16376
+https://github.com/uclouvain/openjpeg/issues/1127
+https://nvd.nist.gov/vuln/detail/CVE-2018-16376
+
+--- src/lib/openmj2/t2.c.orig 2019-11-26 22:37:00.687890833 +0000
++++ src/lib/openmj2/t2.c
+@@ -166,6 +166,12 @@ static int t2_encode_packet(opj_tcd_tile
+
+ /* <SOP 0xff91> */
+ if (tcp->csty & J2K_CP_CSTY_SOP) {
++ if (length < 6) {
++ if (p_t2_mode == FINAL_PASS) {
++ opj_event_msg(p_manager, EVT_ERROR,
++ "opj_t2_encode_packet(): only %u bytes remaining in "
++ "output buffer. %u needed.\n",
++ length, 6);
+ c[0] = 255;
+ c[1] = 145;
+ c[2] = 0;
+@@ -272,6 +278,15 @@ static int t2_encode_packet(opj_tcd_tile
+
+ /* <EPH 0xff92> */
+ if (tcp->csty & J2K_CP_CSTY_EPH) {
++ if (length < 2) {
++ if (p_t2_mode == FINAL_PASS) {
++ opj_event_msg(p_manager, EVT_ERROR,
++ "opj_t2_encode_packet(): only %u bytes remaining in "
++ "output buffer. %u needed.\n",
++ length, 2);
++ }
++ return OPJ_FALSE;
++ }
+ c[0] = 255;
+ c[1] = 146;
+ c += 2;
Home |
Main Index |
Thread Index |
Old Index