From 428927ffa6e5c255ef97f62435b0777f8f9481df Mon Sep 17 00:00:00 2001 From: Graham Christensen Date: Sat, 7 Jan 2017 06:50:02 -0500 Subject: [PATCH] openjpeg2: patch for multiple CVEs - Floating Point Exception (aka FPE or divide by zero) in opj_pi_next_cprl function in openjp2/pi.c:523 in OpenJPEG 2.1.2. (CVE-2016-9112) - There is a NULL Pointer Access in function imagetopnm of convert.c:1943(jp2) of OpenJPEG 2.1.2. image->comps[compno].data is not assigned a value after initialization(NULL). Impact is Denial of Service. (CVE-2016-9114) - NULL Pointer Access in function imagetopnm of convert.c:2226(jp2) in OpenJPEG 2.1.2. Impact is Denial of Service. Someone must open a crafted j2k file. (CVE-2016-9116) - Heap Buffer Overflow (WRITE of size 4) in function pnmtoimage of convert.c:1719 in OpenJPEG 2.1.2. (CVE-2016-9118) --- pkgs/development/libraries/openjpeg/2.1.nix | 23 ++++++++++++++++++++- 1 file changed, 22 insertions(+), 1 deletion(-) diff --git a/pkgs/development/libraries/openjpeg/2.1.nix b/pkgs/development/libraries/openjpeg/2.1.nix index 9e3c4473b311..ae8710e58a28 100644 --- a/pkgs/development/libraries/openjpeg/2.1.nix +++ b/pkgs/development/libraries/openjpeg/2.1.nix @@ -1,4 +1,4 @@ -{ callPackage, ... } @ args: +{ callPackage, fetchpatch, ... } @ args: callPackage ./generic.nix (args // rec { version = "2.1.2"; @@ -12,5 +12,26 @@ callPackage ./generic.nix (args // rec { # Put in our source code to make sure we don't lose it, since that # referenced commit is someone else's fork, and not actually up-stream. ./CVE-2016-9580-and-CVE-2016-9581.patch + + (fetchpatch { + url = "https://bugzilla.suse.com/attachment.cgi?id=707359&action=diff&context=patch&collapsed=&headers=1&format=raw"; + name = "CVE-2016-9112.patch"; + sha256 = "18hqx73wdzfybr5n5k6pzhbhdlmawiqbjci8n82zykxiyfgp18pd"; + }) + (fetchpatch { + url = "https://bugzilla.suse.com/attachment.cgi?id=707354&action=diff&context=patch&collapsed=&headers=1&format=raw"; + name = "CVE-2016-9114.patch"; + sha256 = "0qam3arw9kdbh4501xim2pyldl708dnpyjwvjmwc9gc7hcq4gfi3"; + }) + (fetchpatch { + url = "https://bugzilla.suse.com/attachment.cgi?id=707356&action=diff&context=patch&collapsed=&headers=1&format=raw"; + name = "CVE-2016-9116.patch"; + sha256 = "0yyb3pxqi5sr44a48bacngzp206j4z49lzkg6hbkz1nra9na61a3"; + }) + (fetchpatch { + url = "https://bugzilla.suse.com/attachment.cgi?id=707358&action=diff&context=patch&collapsed=&headers=1&format=raw"; + name = "CVE-2016-9118.patch"; + sha256 = "125n8bmh07y7697s0y82ypb39rxgj0bdn8rcywbvamscagwg2wy9"; + }) ]; })