futurile/guix-play
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

gnu: libjpeg-turbo: Update to 2.0.4.

Browse Source 
* gnu/packages/patches/libjpeg-turbo-CVE-2019-2201.patch: Delete file.
* gnu/local.mk (dist_patch_DATA): Adjust accordingly.
* gnu/packages/image.scm (libjpeg-turbo): Update to 2.0.4.
[source](patches): Remove.
This commit is contained in:
Marius Bakke 2020-01-08 16:55:04 +01:00
parent ef2782d7b4
commit ceaf180526
No known key found for this signature in database
GPG Key ID: A2A06DF2A33A54FA
3 changed files with 2 additions and 35 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
gnu/local.mk
View File

@ -1086,7 +1086,6 @@ dist_patch_DATA = \
%D%/packages/patches/libgnome-encoding.patch \
%D%/packages/patches/libgnomeui-utf8.patch \
%D%/packages/patches/libgpg-error-gawk-compat.patch \
%D%/packages/patches/libjpeg-turbo-CVE-2019-2201.patch \
%D%/packages/patches/libjxr-fix-function-signature.patch \
%D%/packages/patches/libjxr-fix-typos.patch \
%D%/packages/patches/libotr-test-auth-fix.patch \

5
gnu/packages/image.scm
View File

@ -1487,15 +1487,14 @@ is hereby granted."))))
(define-public libjpeg-turbo
(package
(name "libjpeg-turbo")
(version "2.0.3")
(version "2.0.4")
(source (origin
(method url-fetch)
(uri (string-append "mirror://sourceforge/libjpeg-turbo/"
version "/libjpeg-turbo-" version ".tar.gz"))
(patches (search-patches "libjpeg-turbo-CVE-2019-2201.patch"))
(sha256
(base32
"1ds16bnj17v6hzd43w8pzijz3imd9am4hw75ir0fxm240m8dwij2"))))
"01ill8bgjyk582wipx7sh7gj2nidylpbzvwhx0wkcm6mxx3qbp9k"))))
(build-system cmake-build-system)
(native-inputs
`(("nasm" ,nasm)))

31
gnu/packages/patches/libjpeg-turbo-CVE-2019-2201.patch
View File

@ -1,31 +0,0 @@
Fix integer overflow which can potentially lead to RCE.
https://www.openwall.com/lists/oss-security/2019/11/11/1
https://nvd.nist.gov/vuln/detail/CVE-2019-2201
The problem was partially fixed in 2.0.3. This patch is a follow-up.
https://github.com/libjpeg-turbo/libjpeg-turbo/issues/388
https://github.com/libjpeg-turbo/libjpeg-turbo/commit/c30b1e72dac76343ef9029833d1561de07d29bad
diff --git a/tjbench.c b/tjbench.c
index a7d397318..13a5bde62 100644
--- a/tjbench.c
+++ b/tjbench.c
@@ -171,7 +171,7 @@ static int decomp(unsigned char *srcBuf, unsigned char **jpegBuf,
}
/* Set the destination buffer to gray so we know whether the decompressor
attempted to write to it */
- memset(dstBuf, 127, pitch * scaledh);
+ memset(dstBuf, 127, (size_t)pitch * scaledh);
if (doYUV) {
int width = doTile ? tilew : scaledw;
@@ -193,7 +193,7 @@ static int decomp(unsigned char *srcBuf, unsigned char **jpegBuf,
double start = getTime();
for (row = 0, dstPtr = dstBuf; row < ntilesh;
- row++, dstPtr += pitch * tileh) {
+ row++, dstPtr += (size_t)pitch * tileh) {
for (col = 0, dstPtr2 = dstPtr; col < ntilesw;
col++, tile++, dstPtr2 += ps * tilew) {
int width = doTile ? min(tilew, w - col * tilew) : scaledw;