From 90162e7dbd5b96f04e277e6d208c9a9940d818a9 Mon Sep 17 00:00:00 2001 From: James Cook Date: Sun, 21 Dec 2014 14:26:53 -0800 Subject: [PATCH] jasper: Patch for CVE-2014-9029 via RedHat. Also update homepage. --- pkgs/development/libraries/jasper/default.nix | 4 ++- .../jasper/jasper-CVE-2014-9029.diff | 31 +++++++++++++++++++ 2 files changed, 34 insertions(+), 1 deletion(-) create mode 100644 pkgs/development/libraries/jasper/jasper-CVE-2014-9029.diff diff --git a/pkgs/development/libraries/jasper/default.nix b/pkgs/development/libraries/jasper/default.nix index ed51a0a28206..fa332cc66d3c 100644 --- a/pkgs/development/libraries/jasper/default.nix +++ b/pkgs/development/libraries/jasper/default.nix @@ -8,13 +8,15 @@ stdenv.mkDerivation rec { sha256 = "154l7zk7yh3v8l2l6zm5s2alvd2fzkp6c9i18iajfbna5af5m43b"; }; + patches = [ ./jasper-CVE-2014-9029.diff ]; + nativeBuildInputs = [unzip]; propagatedBuildInputs = [ libjpeg ]; configureFlags = "--enable-shared"; meta = { - homepage = http://www.ece.uvic.ca/~mdadams/jasper/; + homepage = https://www.ece.uvic.ca/~frodo/jasper/; description = "JPEG2000 Library"; }; } diff --git a/pkgs/development/libraries/jasper/jasper-CVE-2014-9029.diff b/pkgs/development/libraries/jasper/jasper-CVE-2014-9029.diff new file mode 100644 index 000000000000..aa01324dba72 --- /dev/null +++ b/pkgs/development/libraries/jasper/jasper-CVE-2014-9029.diff @@ -0,0 +1,31 @@ +(From RedHat: https://bugzilla.redhat.com/attachment.cgi?id=961994&action=diff) + +--- jasper-1.900.1.orig/src/libjasper/jpc/jpc_dec.c 2014-11-27 12:45:44.000000000 +0100 ++++ jasper-1.900.1/src/libjasper/jpc/jpc_dec.c 2014-11-27 12:44:58.000000000 +0100 +@@ -1281,7 +1281,7 @@ static int jpc_dec_process_coc(jpc_dec_t + jpc_coc_t *coc = &ms->parms.coc; + jpc_dec_tile_t *tile; + +- if (JAS_CAST(int, coc->compno) > dec->numcomps) { ++ if (JAS_CAST(int, coc->compno) >= dec->numcomps) { + jas_eprintf("invalid component number in COC marker segment\n"); + return -1; + } +@@ -1307,7 +1307,7 @@ static int jpc_dec_process_rgn(jpc_dec_t + jpc_rgn_t *rgn = &ms->parms.rgn; + jpc_dec_tile_t *tile; + +- if (JAS_CAST(int, rgn->compno) > dec->numcomps) { ++ if (JAS_CAST(int, rgn->compno) >= dec->numcomps) { + jas_eprintf("invalid component number in RGN marker segment\n"); + return -1; + } +@@ -1356,7 +1356,7 @@ static int jpc_dec_process_qcc(jpc_dec_t + jpc_qcc_t *qcc = &ms->parms.qcc; + jpc_dec_tile_t *tile; + +- if (JAS_CAST(int, qcc->compno) > dec->numcomps) { ++ if (JAS_CAST(int, qcc->compno) >= dec->numcomps) { + jas_eprintf("invalid component number in QCC marker segment\n"); + return -1; + }