summary refs log tree commit diff
diff options
context:
space:
mode:
authorLudovic Courtès <ludo@gnu.org>2015-11-28 16:29:11 +0100
committerLudovic Courtès <ludo@gnu.org>2015-11-28 16:29:11 +0100
commitf79a576e776eb299af52d60cdd51f4a4f79beee3 (patch)
tree7c1f919f568d555d7c74905178594bf1c5379dde
parent4e70fe4d0efbb29d47e3d83d36d6c15f92baebb0 (diff)
downloadguix-f79a576e776eb299af52d60cdd51f4a4f79beee3.tar.gz
gnu: jasper: Patch CVE-2008-3522.
* gnu/packages/patches/jasper-CVE-2008-3522.patch: New file.
* gnu/packages/image.scm (jasper)[source]: Use it.
* gnu-system.am (dist_patch_DATA): Add it.
-rw-r--r--gnu-system.am1
-rw-r--r--gnu/packages/image.scm3
-rw-r--r--gnu/packages/patches/jasper-CVE-2008-3522.patch14
3 files changed, 17 insertions, 1 deletions
diff --git a/gnu-system.am b/gnu-system.am
index f69645ba1a..e6af49bd0c 100644
--- a/gnu-system.am
+++ b/gnu-system.am
@@ -535,6 +535,7 @@ dist_patch_DATA =						\
   gnu/packages/patches/icu4c-CVE-2015-4760.patch		\
   gnu/packages/patches/imagemagick-test-segv.patch		\
   gnu/packages/patches/irrlicht-mesa-10.patch			\
+  gnu/packages/patches/jasper-CVE-2008-3522.patch		\
   gnu/packages/patches/jbig2dec-ignore-testtest.patch		\
   gnu/packages/patches/julia-0.3.10-fix-empty-array.patch	\
   gnu/packages/patches/kmod-module-directory.patch		\
diff --git a/gnu/packages/image.scm b/gnu/packages/image.scm
index 8a4a42a295..f3f89f6be6 100644
--- a/gnu/packages/image.scm
+++ b/gnu/packages/image.scm
@@ -714,7 +714,8 @@ convert, manipulate, filter and display a wide variety of image formats.")
                                   "/software/jasper-" version ".zip"))
               (sha256
                (base32
-                "154l7zk7yh3v8l2l6zm5s2alvd2fzkp6c9i18iajfbna5af5m43b"))))
+                "154l7zk7yh3v8l2l6zm5s2alvd2fzkp6c9i18iajfbna5af5m43b"))
+              (patches (list (search-patch "jasper-CVE-2008-3522.patch")))))
     (build-system gnu-build-system)
     (native-inputs
      `(("unzip" ,unzip)))
diff --git a/gnu/packages/patches/jasper-CVE-2008-3522.patch b/gnu/packages/patches/jasper-CVE-2008-3522.patch
new file mode 100644
index 0000000000..10cfec99a5
--- /dev/null
+++ b/gnu/packages/patches/jasper-CVE-2008-3522.patch
@@ -0,0 +1,14 @@
+Fix CVE-2008-3522 (buffer overflow in 'jas_stream_printf').
+Patch from <https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2008-3522>.
+
+--- jasper-1.900.1/src/libjasper/base/jas_stream.c	2008-09-08 14:56:01.000000000 +0200
++++ jasper-1.900.1/src/libjasper/base/jas_stream.c	2008-09-08 14:58:16.000000000 +0200
+@@ -553,7 +553,7 @@ int jas_stream_printf(jas_stream_t *stre
+ 	int ret;
+ 
+ 	va_start(ap, fmt);
+-	ret = vsprintf(buf, fmt, ap);
++	ret = vsnprintf(buf, sizeof buf, fmt, ap);
+ 	jas_stream_puts(stream, buf);
+ 	va_end(ap);
+ 	return ret;