diff options
| author | Renaud <c0bw3b@users.noreply.github.com> | 2019-05-13 23:13:28 +0200 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2019-05-13 23:13:28 +0200 |
| commit | 6722aafe7f6c2be15a8eec1fb5322b33b27c6fc4 (patch) | |
| tree | 5b60bca724e37ccf19711c8ec232309c07bcf57e | |
| parent | fc029a64411f5bf94e5b47fca978d84fcd1ead2c (diff) | |
| parent | a7b397295b7b93aa07b70ea1776e70c224aecc33 (diff) | |
| download | nixlib-6722aafe7f6c2be15a8eec1fb5322b33b27c6fc4.tar nixlib-6722aafe7f6c2be15a8eec1fb5322b33b27c6fc4.tar.gz nixlib-6722aafe7f6c2be15a8eec1fb5322b33b27c6fc4.tar.bz2 nixlib-6722aafe7f6c2be15a8eec1fb5322b33b27c6fc4.tar.lz nixlib-6722aafe7f6c2be15a8eec1fb5322b33b27c6fc4.tar.xz nixlib-6722aafe7f6c2be15a8eec1fb5322b33b27c6fc4.tar.zst nixlib-6722aafe7f6c2be15a8eec1fb5322b33b27c6fc4.zip | |
Merge pull request #61302 from risicle/ris-k2pdfopt-leptonica-cve
k2pdfopt: patch custom leptonica with security fixes
| -rw-r--r-- | pkgs/applications/misc/k2pdfopt/default.nix | 23 | ||||
| -rw-r--r-- | pkgs/applications/misc/k2pdfopt/leptonica-CVE-2018-3836.patch | 95 |
2 files changed, 117 insertions, 1 deletions
diff --git a/pkgs/applications/misc/k2pdfopt/default.nix b/pkgs/applications/misc/k2pdfopt/default.nix index 0049e9aca755..bf29e05db1b8 100644 --- a/pkgs/applications/misc/k2pdfopt/default.nix +++ b/pkgs/applications/misc/k2pdfopt/default.nix @@ -57,7 +57,28 @@ stdenv.mkDerivation rec { prePatch = '' cp ${src}/leptonica_mod/{allheaders.h,dewarp2.c,leptwin.c} src/ ''; - patches = []; + patches = [ + # stripped down copy of upstream commit b88c821f8d347bce0aea86d606c710303919f3d2 + ./leptonica-CVE-2018-3836.patch + (fetchpatch { + # CVE-2018-7186 + url = "https://github.com/DanBloomberg/leptonica/commit/" + + "ee301cb2029db8a6289c5295daa42bba7715e99a.patch"; + sha256 = "0cgb7mvz2px1rg5i80wk1wxxjvzjga617d8q6j7qygkp7jm6495d"; + }) + (fetchpatch { + # CVE-2018-7247 + url = "https://github.com/DanBloomberg/leptonica/commit/" + + "c1079bb8e77cdd426759e466729917ca37a3ed9f.patch"; + sha256 = "1z4iac5gwqggh7aa8cvyp6nl9fwd1v7wif26caxc9y5qr3jj34qf"; + }) + (fetchpatch { + # CVE-2018-7440 + url = "https://github.com/DanBloomberg/leptonica/commit/" + + "49ecb6c2dfd6ed5078c62f4a8eeff03e3beced3b.patch"; + sha256 = "1hjmva98iaw9xj7prg7aimykyayikcwnk4hk0380007hqb35lqmy"; + }) + ]; }); tesseract_modded = tesseract4.override { tesseractBase = tesseract4.tesseractBase.overrideAttrs (_: { diff --git a/pkgs/applications/misc/k2pdfopt/leptonica-CVE-2018-3836.patch b/pkgs/applications/misc/k2pdfopt/leptonica-CVE-2018-3836.patch new file mode 100644 index 000000000000..f1b4170fbaae --- /dev/null +++ b/pkgs/applications/misc/k2pdfopt/leptonica-CVE-2018-3836.patch @@ -0,0 +1,95 @@ +--- a/src/allheaders.h ++++ b/src/allheaders.h +@@ -2600,6 +2600,7 @@ + LEPT_DLL extern char * stringReverse ( const char *src ); + LEPT_DLL extern char * strtokSafe ( char *cstr, const char *seps, char **psaveptr ); + LEPT_DLL extern l_int32 stringSplitOnToken ( char *cstr, const char *seps, char **phead, char **ptail ); ++LEPT_DLL extern l_int32 stringCheckForChars ( const char *src, const char *chars, l_int32 *pfound ); + LEPT_DLL extern char * stringRemoveChars ( const char *src, const char *remchars ); + LEPT_DLL extern l_int32 stringFindSubstr ( const char *src, const char *sub, l_int32 *ploc ); + LEPT_DLL extern char * stringReplaceSubstr ( const char *src, const char *sub1, const char *sub2, l_int32 *pfound, l_int32 *ploc ); +--- a/src/gplot.c ++++ b/src/gplot.c +@@ -141,9 +141,10 @@ + const char *xlabel, + const char *ylabel) + { +-char *newroot; +-char buf[L_BUF_SIZE]; +-GPLOT *gplot; ++char *newroot; ++char buf[L_BUF_SIZE]; ++l_int32 badchar; ++GPLOT *gplot; + + PROCNAME("gplotCreate"); + +@@ -152,6 +153,9 @@ + if (outformat != GPLOT_PNG && outformat != GPLOT_PS && + outformat != GPLOT_EPS && outformat != GPLOT_LATEX) + return (GPLOT *)ERROR_PTR("outformat invalid", procName, NULL); ++ stringCheckForChars(rootname, "`;&|><\"?*", &badchar); ++ if (badchar) /* danger of command injection */ ++ return (GPLOT *)ERROR_PTR("invalid rootname", procName, NULL); + + if ((gplot = (GPLOT *)LEPT_CALLOC(1, sizeof(GPLOT))) == NULL) + return (GPLOT *)ERROR_PTR("gplot not made", procName, NULL); +--- a/src/utils2.c ++++ b/src/utils2.c +@@ -42,6 +42,7 @@ + * l_int32 stringSplitOnToken() + * + * Find and replace string and array procs ++ * l_int32 stringCheckForChars() + * char *stringRemoveChars() + * l_int32 stringFindSubstr() + * char *stringReplaceSubstr() +@@ -701,6 +702,48 @@ + /*--------------------------------------------------------------------* + * Find and replace procs * + *--------------------------------------------------------------------*/ ++/*! ++ * \brief stringCheckForChars() ++ * ++ * \param[in] src input string; can be of zero length ++ * \param[in] chars string of chars to be searched for in %src ++ * \param[out] pfound 1 if any characters are found; 0 otherwise ++ * \return 0 if OK, 1 on error ++ * ++ * <pre> ++ * Notes: ++ * (1) This can be used to sanitize an operation by checking for ++ * special characters that don't belong in a string. ++ * </pre> ++ */ ++l_int32 ++stringCheckForChars(const char *src, ++ const char *chars, ++ l_int32 *pfound) ++{ ++char ch; ++l_int32 i, n; ++ ++ PROCNAME("stringCheckForChars"); ++ ++ if (!pfound) ++ return ERROR_INT("&found not defined", procName, 1); ++ *pfound = FALSE; ++ if (!src || !chars) ++ return ERROR_INT("src and chars not both defined", procName, 1); ++ ++ n = strlen(src); ++ for (i = 0; i < n; i++) { ++ ch = src[i]; ++ if (strchr(chars, ch)) { ++ *pfound = TRUE; ++ break; ++ } ++ } ++ return 0; ++} ++ ++ + /*! + * \brief stringRemoveChars() + * |