diff options
author | James Cook <james.cook@utoronto.ca> | 2013-12-19 20:44:52 -0800 |
---|---|---|
committer | Vladimír Čunát <vcunat@gmail.com> | 2013-12-21 10:20:02 +0100 |
commit | f6b3e2ca547639bd7bcacfe88022c123185cdd13 (patch) | |
tree | 22d3a503804a898171401b36cd48fbb8f6546f34 /pkgs/development/libraries/libjpeg-turbo | |
parent | 4c5a71f777769b1f2516096532424cd42531aa1f (diff) | |
download | nixlib-f6b3e2ca547639bd7bcacfe88022c123185cdd13.tar nixlib-f6b3e2ca547639bd7bcacfe88022c123185cdd13.tar.gz nixlib-f6b3e2ca547639bd7bcacfe88022c123185cdd13.tar.bz2 nixlib-f6b3e2ca547639bd7bcacfe88022c123185cdd13.tar.lz nixlib-f6b3e2ca547639bd7bcacfe88022c123185cdd13.tar.xz nixlib-f6b3e2ca547639bd7bcacfe88022c123185cdd13.tar.zst nixlib-f6b3e2ca547639bd7bcacfe88022c123185cdd13.zip |
libjpeg-turbo: Patch to fix CVE-2013-6629 and CVE-2013-6630.
Merge #1399.
Diffstat (limited to 'pkgs/development/libraries/libjpeg-turbo')
-rw-r--r-- | pkgs/development/libraries/libjpeg-turbo/default.nix | 2 | ||||
-rw-r--r-- | pkgs/development/libraries/libjpeg-turbo/libjpeg-turbo-1.3.0-CVE-2013-6629-and-6630.patch | 40 |
2 files changed, 42 insertions, 0 deletions
diff --git a/pkgs/development/libraries/libjpeg-turbo/default.nix b/pkgs/development/libraries/libjpeg-turbo/default.nix index a4aa1cf44b41..8976e7431928 100644 --- a/pkgs/development/libraries/libjpeg-turbo/default.nix +++ b/pkgs/development/libraries/libjpeg-turbo/default.nix @@ -8,6 +8,8 @@ stdenv.mkDerivation rec { sha256 = "0d0jwdmj3h89bxdxlwrys2mw18mqcj4rzgb5l2ndpah8zj600mr6"; }; + patches = [ ./libjpeg-turbo-1.3.0-CVE-2013-6629-and-6630.patch ]; + buildInputs = [ nasm ]; doCheck = true; diff --git a/pkgs/development/libraries/libjpeg-turbo/libjpeg-turbo-1.3.0-CVE-2013-6629-and-6630.patch b/pkgs/development/libraries/libjpeg-turbo/libjpeg-turbo-1.3.0-CVE-2013-6629-and-6630.patch new file mode 100644 index 000000000000..8c0f9c75054a --- /dev/null +++ b/pkgs/development/libraries/libjpeg-turbo/libjpeg-turbo-1.3.0-CVE-2013-6629-and-6630.patch @@ -0,0 +1,40 @@ +Thanks to the sources below; this patch discovered via Gentoo. + +http://bugzilla.redhat.com/show_bug.cgi?id=1031734 +http://bugzilla.redhat.com/show_bug.cgi?id=1031749 +http://sourceforge.net/p/libjpeg-turbo/code/1090/ + +--- libjpeg-turbo-1.3.0/jdmarker.c ++++ libjpeg-turbo-1.3.0/jdmarker.c +@@ -304,7 +304,7 @@ + /* Process a SOS marker */ + { + INT32 length; +- int i, ci, n, c, cc; ++ int i, ci, n, c, cc, pi; + jpeg_component_info * compptr; + INPUT_VARS(cinfo); + +@@ -348,6 +348,13 @@ + + TRACEMS3(cinfo, 1, JTRC_SOS_COMPONENT, cc, + compptr->dc_tbl_no, compptr->ac_tbl_no); ++ ++ /* This CSi (cc) should differ from the previous CSi */ ++ for (pi = 0; pi < i; pi++) { ++ if (cinfo->cur_comp_info[pi] == compptr) { ++ ERREXIT1(cinfo, JERR_BAD_COMPONENT_ID, cc); ++ } ++ } + } + + /* Collect the additional scan parameters Ss, Se, Ah/Al. */ +@@ -465,6 +472,8 @@ + for (i = 0; i < count; i++) + INPUT_BYTE(cinfo, huffval[i], return FALSE); + ++ MEMZERO(&huffval[count], (256 - count) * SIZEOF(UINT8)); ++ + length -= count; + + if (index & 0x10) { /* AC table definition */ |