diff options
| author | tnn <tnn@pkgsrc.org> | 2016-03-13 04:11:18 +0000 |
|---|---|---|
| committer | tnn <tnn@pkgsrc.org> | 2016-03-13 04:11:18 +0000 |
| commit | d5e675816076d482789d0793162c4211296e197b (patch) | |
| tree | 480d0790f59b42dd4345b3472e3b24b4142b2b4e /graphics/jasper/patches | |
| parent | 91fb340480f6573ab04383c49de730dcc748e7fa (diff) | |
| download | pkgsrc-d5e675816076d482789d0793162c4211296e197b.tar.gz | |
patch denial of service issues CVE-2016-1577 CVE-2016-2116 CVE-2016-2089
via debian
Diffstat (limited to 'graphics/jasper/patches')
3 files changed, 113 insertions, 0 deletions
diff --git a/graphics/jasper/patches/patch-src_libjasper_base_jas__icc.c b/graphics/jasper/patches/patch-src_libjasper_base_jas__icc.c new file mode 100644 index 00000000000..54a070b24b7 --- /dev/null +++ b/graphics/jasper/patches/patch-src_libjasper_base_jas__icc.c @@ -0,0 +1,24 @@ +$NetBSD: patch-src_libjasper_base_jas__icc.c,v 1.1 2016/03/13 04:11:18 tnn Exp $ + +CVE-2016-1577 prevent double free. Via Debian. +CVE-2016-2116 memory leak / DoS. Via Debian. + +--- src/libjasper/base/jas_icc.c.orig 2016-03-13 04:09:54.821655643 +0000 ++++ src/libjasper/base/jas_icc.c +@@ -300,6 +300,7 @@ jas_iccprof_t *jas_iccprof_load(jas_stre + if (jas_iccprof_setattr(prof, tagtabent->tag, attrval)) + goto error; + jas_iccattrval_destroy(attrval); ++ attrval = 0; + } else { + #if 0 + jas_eprintf("warning: skipping unknown tag type\n"); +@@ -1699,6 +1700,8 @@ jas_iccprof_t *jas_iccprof_createfrombuf + jas_stream_close(in); + return prof; + error: ++ if (in) ++ jas_stream_close(in); + return 0; + } + diff --git a/graphics/jasper/patches/patch-src_libjasper_base_jas__image.c b/graphics/jasper/patches/patch-src_libjasper_base_jas__image.c new file mode 100644 index 00000000000..e82eff39ef5 --- /dev/null +++ b/graphics/jasper/patches/patch-src_libjasper_base_jas__image.c @@ -0,0 +1,28 @@ +$NetBSD: patch-src_libjasper_base_jas__image.c,v 1.1 2016/03/13 04:11:18 tnn Exp $ + +CVE-2016-2089 denial of service. Via Debian. + +--- src/libjasper/base/jas_image.c.orig 2007-01-19 21:43:05.000000000 +0000 ++++ src/libjasper/base/jas_image.c +@@ -426,6 +426,10 @@ int jas_image_readcmpt(jas_image_t *imag + return -1; + } + ++ if (!data->rows_) { ++ return -1; ++ } ++ + if (jas_matrix_numrows(data) != height || jas_matrix_numcols(data) != width) { + if (jas_matrix_resize(data, height, width)) { + return -1; +@@ -479,6 +483,10 @@ int jas_image_writecmpt(jas_image_t *ima + return -1; + } + ++ if (!data->rows_) { ++ return -1; ++ } ++ + if (jas_matrix_numrows(data) != height || jas_matrix_numcols(data) != width) { + return -1; + } diff --git a/graphics/jasper/patches/patch-src_libjasper_base_jas__seq.c b/graphics/jasper/patches/patch-src_libjasper_base_jas__seq.c new file mode 100644 index 00000000000..a79b05eac13 --- /dev/null +++ b/graphics/jasper/patches/patch-src_libjasper_base_jas__seq.c @@ -0,0 +1,61 @@ +$NetBSD: patch-src_libjasper_base_jas__seq.c,v 1.1 2016/03/13 04:11:18 tnn Exp $ + +CVE-2016-2089 denial of service. Via Debian. + +--- src/libjasper/base/jas_seq.c.orig 2007-01-19 21:43:05.000000000 +0000 ++++ src/libjasper/base/jas_seq.c +@@ -262,6 +262,10 @@ void jas_matrix_divpow2(jas_matrix_t *ma + int rowstep; + jas_seqent_t *data; + ++ if (!matrix->rows_) { ++ return; ++ } ++ + rowstep = jas_matrix_rowstep(matrix); + for (i = matrix->numrows_, rowstart = matrix->rows_[0]; i > 0; --i, + rowstart += rowstep) { +@@ -282,6 +286,10 @@ void jas_matrix_clip(jas_matrix_t *matri + jas_seqent_t *data; + int rowstep; + ++ if (!matrix->rows_) { ++ return; ++ } ++ + rowstep = jas_matrix_rowstep(matrix); + for (i = matrix->numrows_, rowstart = matrix->rows_[0]; i > 0; --i, + rowstart += rowstep) { +@@ -306,6 +314,10 @@ void jas_matrix_asr(jas_matrix_t *matrix + int rowstep; + jas_seqent_t *data; + ++ if (!matrix->rows_) { ++ return; ++ } ++ + assert(n >= 0); + rowstep = jas_matrix_rowstep(matrix); + for (i = matrix->numrows_, rowstart = matrix->rows_[0]; i > 0; --i, +@@ -325,6 +337,10 @@ void jas_matrix_asl(jas_matrix_t *matrix + int rowstep; + jas_seqent_t *data; + ++ if (!matrix->rows_) { ++ return; ++ } ++ + rowstep = jas_matrix_rowstep(matrix); + for (i = matrix->numrows_, rowstart = matrix->rows_[0]; i > 0; --i, + rowstart += rowstep) { +@@ -367,6 +383,10 @@ void jas_matrix_setall(jas_matrix_t *mat + int rowstep; + jas_seqent_t *data; + ++ if (!matrix->rows_) { ++ return; ++ } ++ + rowstep = jas_matrix_rowstep(matrix); + for (i = matrix->numrows_, rowstart = matrix->rows_[0]; i > 0; --i, + rowstart += rowstep) { |