diff options
Diffstat (limited to 'nixpkgs/pkgs/tools/graphics')
5 files changed, 52 insertions, 3 deletions
diff --git a/nixpkgs/pkgs/tools/graphics/lsix/default.nix b/nixpkgs/pkgs/tools/graphics/lsix/default.nix index a9f8aa21bf1d..dcf078654b82 100644 --- a/nixpkgs/pkgs/tools/graphics/lsix/default.nix +++ b/nixpkgs/pkgs/tools/graphics/lsix/default.nix @@ -2,13 +2,13 @@ stdenvNoCC.mkDerivation rec { pname = "lsix"; - version = "1.8"; + version = "1.8.2"; src = fetchFromGitHub { owner = "hackerb9"; repo = pname; rev = version; - sha256 = "sha256-Qx6/PFm1XBmEI6iI+Ref9jNe6sXIhsVL4VQ1CX+caZE="; + sha256 = "sha256-xlOlAfZonSo/RERt5WxPqMvppVrY5/Yhh7SgCCsYDQE="; }; nativeBuildInputs = [ makeWrapper ]; diff --git a/nixpkgs/pkgs/tools/graphics/xcolor/default.nix b/nixpkgs/pkgs/tools/graphics/xcolor/default.nix index 1ef2c807bde7..dabe14d895fa 100644 --- a/nixpkgs/pkgs/tools/graphics/xcolor/default.nix +++ b/nixpkgs/pkgs/tools/graphics/xcolor/default.nix @@ -41,7 +41,7 @@ rustPlatform.buildRustPackage rec { meta = with lib; { description = "Lightweight color picker for X11"; homepage = "https://github.com/Soft/xcolor"; - maintainers = with lib.maintainers; [ fortuneteller2k ]; + maintainers = with lib.maintainers; [ moni ]; license = licenses.mit; }; } diff --git a/nixpkgs/pkgs/tools/graphics/zbar/0.23.92-CVE-2023-40889.patch b/nixpkgs/pkgs/tools/graphics/zbar/0.23.92-CVE-2023-40889.patch new file mode 100644 index 000000000000..7b7ca5a0befa --- /dev/null +++ b/nixpkgs/pkgs/tools/graphics/zbar/0.23.92-CVE-2023-40889.patch @@ -0,0 +1,17 @@ +Simple bounds checks for CVE-2023-40889, based on third-party +fix by Remi Meier @ +https://github.com/Raemi/zbar/commit/5e8acc6974f17e56c3ddaa5509870beb8d7a599c + +--- a/zbar/qrcode/qrdec.c ++++ b/zbar/qrcode/qrdec.c +@@ -3900,8 +3900,8 @@ void qr_reader_match_centers(qr_reader *_reader,qr_code_data_list *_qrlist, + /*TODO: We might be able to accelerate this step significantly by + considering the remaining finder centers in a more intelligent order, + based on the first finder center we just chose.*/ +- for(j=i+1;!mark[i]&&j<_ncenters;j++){ +- for(k=j+1;!mark[j]&&k<_ncenters;k++)if(!mark[k]){ ++ for(j=i+1; i < _ncenters && !mark[i]&&j<_ncenters;j++){ ++ for(k=j+1; j < _ncenters && !mark[j]&&k<_ncenters;k++)if(!mark[k]){ + qr_finder_center *c[3]; + qr_code_data qrdata; + int version; diff --git a/nixpkgs/pkgs/tools/graphics/zbar/0.23.92-CVE-2023-40890.patch b/nixpkgs/pkgs/tools/graphics/zbar/0.23.92-CVE-2023-40890.patch new file mode 100644 index 000000000000..3576df214ae1 --- /dev/null +++ b/nixpkgs/pkgs/tools/graphics/zbar/0.23.92-CVE-2023-40890.patch @@ -0,0 +1,26 @@ +Simple bounds checks for CVE-2023-40890 + +--- a/zbar/decoder/databar.c ++++ b/zbar/decoder/databar.c +@@ -23,6 +23,8 @@ + + #include <config.h> + #include <zbar.h> ++#include <stdlib.h> ++#include <stdio.h> + + #ifdef DEBUG_DATABAR + # define DEBUG_LEVEL (DEBUG_DATABAR) +@@ -691,6 +693,12 @@ lookup_sequence (databar_segment_t *seg, + fixed = -1; + s <<= 1; + dbprintf(2, "%x", s); ++ ++ if (i > 20) { ++ fprintf(stderr, "Bug: Out-of-bounds condition detected\n"); ++ exit(99); ++ } ++ + seq[i++] = s++; + seq[i++] = s; + } diff --git a/nixpkgs/pkgs/tools/graphics/zbar/default.nix b/nixpkgs/pkgs/tools/graphics/zbar/default.nix index f9b84d2656a3..5a1d7e94fdf6 100644 --- a/nixpkgs/pkgs/tools/graphics/zbar/default.nix +++ b/nixpkgs/pkgs/tools/graphics/zbar/default.nix @@ -1,6 +1,7 @@ { stdenv , lib , fetchFromGitHub +, fetchpatch , imagemagickBig , pkg-config , withXorg ? true @@ -42,6 +43,11 @@ stdenv.mkDerivation rec { sha256 = "sha256-VhVrngAX7pXZp+szqv95R6RGAJojp3svdbaRKigGb0w="; }; + patches = [ + ./0.23.92-CVE-2023-40889.patch + ./0.23.92-CVE-2023-40890.patch + ]; + nativeBuildInputs = [ pkg-config xmlto |