nixpkgs/pkgs/development/libraries/openjpeg/2.1.nix

{ callPackage, fetchpatch, ... } @ args:

callPackage ./generic.nix (args // rec {
  version = "2.1.2";
  branch = "2.1";
  revision = "v2.1.2";
  sha256 = "0kdcl9sqjz0vagli4ad6bxq1r8ma086m0prpkm5x3dxp37hpjp8h";

  patches = [
    # Fetched from https://github.com/szukw000/openjpeg/commit/cadff5fb6e73398de26a92e96d3d7cac893af255
    # Referenced from https://bugzilla.redhat.com/show_bug.cgi?id=1405135
    # Put in our source code to make sure we don't lose it, since that
    # referenced commit is someone else's fork, and not actually up-stream.
    ./CVE-2016-9580-and-CVE-2016-9581.patch

    (fetchpatch {
      url = "https://bugzilla.suse.com/attachment.cgi?id=707359&action=diff&context=patch&collapsed=&headers=1&format=raw";
      name = "CVE-2016-9112.patch";
      sha256 = "18hqx73wdzfybr5n5k6pzhbhdlmawiqbjci8n82zykxiyfgp18pd";
    })
    (fetchpatch {
      url = "https://bugzilla.suse.com/attachment.cgi?id=707354&action=diff&context=patch&collapsed=&headers=1&format=raw";
      name = "CVE-2016-9114.patch";
      sha256 = "0qam3arw9kdbh4501xim2pyldl708dnpyjwvjmwc9gc7hcq4gfi3";
    })
    (fetchpatch {
      url = "https://bugzilla.suse.com/attachment.cgi?id=707356&action=diff&context=patch&collapsed=&headers=1&format=raw";
      name = "CVE-2016-9116.patch";
      sha256 = "0yyb3pxqi5sr44a48bacngzp206j4z49lzkg6hbkz1nra9na61a3";
    })
    (fetchpatch {
      url = "https://bugzilla.suse.com/attachment.cgi?id=707358&action=diff&context=patch&collapsed=&headers=1&format=raw";
      name = "CVE-2016-9118.patch";
      sha256 = "125n8bmh07y7697s0y82ypb39rxgj0bdn8rcywbvamscagwg2wy9";
    })
  ];
})
openjpeg2: patch for multiple CVEs - Floating Point Exception (aka FPE or divide by zero) in opj_pi_next_cprl function in openjp2/pi.c:523 in OpenJPEG 2.1.2. (CVE-2016-9112) - There is a NULL Pointer Access in function imagetopnm of convert.c:1943(jp2) of OpenJPEG 2.1.2. image->comps[compno].data is not assigned a value after initialization(NULL). Impact is Denial of Service. (CVE-2016-9114) - NULL Pointer Access in function imagetopnm of convert.c:2226(jp2) in OpenJPEG 2.1.2. Impact is Denial of Service. Someone must open a crafted j2k file. (CVE-2016-9116) - Heap Buffer Overflow (WRITE of size 4) in function pnmtoimage of convert.c:1719 in OpenJPEG 2.1.2. (CVE-2016-9118) 2017-01-07 11:50:02 +00:00			`{ callPackage, fetchpatch, ... } @ args:`
Resurrect openjpeg 2.0.x and use it for mupdf mupdf doesn't compile with 2.1 due to API changes cc @codyopel who made the openjpeg update 2015-02-25 01:50:06 +00:00
			`callPackage ./generic.nix (args // rec {`
openjpeg: 2.1.1 -> 2.1.2 for CVE-2016-7163 2016-10-05 23:34:14 +01:00			`version = "2.1.2";`
Resurrect openjpeg 2.0.x and use it for mupdf mupdf doesn't compile with 2.1 due to API changes cc @codyopel who made the openjpeg update 2015-02-25 01:50:06 +00:00			`branch = "2.1";`
openjpeg: 2.1.1 -> 2.1.2 for CVE-2016-7163 2016-10-05 23:34:14 +01:00			`revision = "v2.1.2";`
			`sha256 = "0kdcl9sqjz0vagli4ad6bxq1r8ma086m0prpkm5x3dxp37hpjp8h";`
openjpeg2: patch for CVE-2016-9580, and CVE-2016-9581 2016-12-21 13:16:43 +00:00
			`patches = [`
			`# Fetched from https://github.com/szukw000/openjpeg/commit/cadff5fb6e73398de26a92e96d3d7cac893af255`
			`# Referenced from https://bugzilla.redhat.com/show_bug.cgi?id=1405135`
			`# Put in our source code to make sure we don't lose it, since that`
			`# referenced commit is someone else's fork, and not actually up-stream.`
			`./CVE-2016-9580-and-CVE-2016-9581.patch`
openjpeg2: patch for multiple CVEs - Floating Point Exception (aka FPE or divide by zero) in opj_pi_next_cprl function in openjp2/pi.c:523 in OpenJPEG 2.1.2. (CVE-2016-9112) - There is a NULL Pointer Access in function imagetopnm of convert.c:1943(jp2) of OpenJPEG 2.1.2. image->comps[compno].data is not assigned a value after initialization(NULL). Impact is Denial of Service. (CVE-2016-9114) - NULL Pointer Access in function imagetopnm of convert.c:2226(jp2) in OpenJPEG 2.1.2. Impact is Denial of Service. Someone must open a crafted j2k file. (CVE-2016-9116) - Heap Buffer Overflow (WRITE of size 4) in function pnmtoimage of convert.c:1719 in OpenJPEG 2.1.2. (CVE-2016-9118) 2017-01-07 11:50:02 +00:00
			`(fetchpatch {`
			`url = "https://bugzilla.suse.com/attachment.cgi?id=707359&action=diff&context=patch&collapsed=&headers=1&format=raw";`
			`name = "CVE-2016-9112.patch";`
			`sha256 = "18hqx73wdzfybr5n5k6pzhbhdlmawiqbjci8n82zykxiyfgp18pd";`
			`})`
			`(fetchpatch {`
			`url = "https://bugzilla.suse.com/attachment.cgi?id=707354&action=diff&context=patch&collapsed=&headers=1&format=raw";`
			`name = "CVE-2016-9114.patch";`
			`sha256 = "0qam3arw9kdbh4501xim2pyldl708dnpyjwvjmwc9gc7hcq4gfi3";`
			`})`
			`(fetchpatch {`
			`url = "https://bugzilla.suse.com/attachment.cgi?id=707356&action=diff&context=patch&collapsed=&headers=1&format=raw";`
			`name = "CVE-2016-9116.patch";`
			`sha256 = "0yyb3pxqi5sr44a48bacngzp206j4z49lzkg6hbkz1nra9na61a3";`
			`})`
			`(fetchpatch {`
			`url = "https://bugzilla.suse.com/attachment.cgi?id=707358&action=diff&context=patch&collapsed=&headers=1&format=raw";`
			`name = "CVE-2016-9118.patch";`
			`sha256 = "125n8bmh07y7697s0y82ypb39rxgj0bdn8rcywbvamscagwg2wy9";`
			`})`
openjpeg2: patch for CVE-2016-9580, and CVE-2016-9581 2016-12-21 13:16:43 +00:00			`];`
Resurrect openjpeg 2.0.x and use it for mupdf mupdf doesn't compile with 2.1 due to API changes cc @codyopel who made the openjpeg update 2015-02-25 01:50:06 +00:00			`})`