Skip to content
Projects
Groups
Snippets
Help
Loading...
Help
Support
Keyboard shortcuts
?
Submit feedback
Contribute to GitLab
Sign in / Register
Toggle navigation
slapos
Project overview
Project overview
Details
Activity
Releases
Repository
Repository
Files
Commits
Branches
Tags
Contributors
Graph
Compare
Issues
0
Issues
0
List
Boards
Labels
Milestones
Merge Requests
0
Merge Requests
0
Analytics
Analytics
Repository
Value Stream
Wiki
Wiki
Snippets
Snippets
Members
Members
Collapse sidebar
Close sidebar
Activity
Graph
Create a new issue
Commits
Issue Boards
Open sidebar
Kwabena Antwi-Boasiako
slapos
Commits
86596d86
Commit
86596d86
authored
Jul 30, 2014
by
Arnaud Fontaine
Browse files
Options
Browse Files
Download
Email Patches
Plain Diff
jasper: Apply security patches from Debian package.
parent
a592fd44
Changes
4
Expand all
Hide whitespace changes
Inline
Side-by-side
Showing
4 changed files
with
3165 additions
and
0 deletions
+3165
-0
component/jasper/CVE-2011-4516-and-CVE-2011-4517.patch
component/jasper/CVE-2011-4516-and-CVE-2011-4517.patch
+31
-0
component/jasper/buildout.cfg
component/jasper/buildout.cfg
+5
-0
component/jasper/fix-filename-buffer-overflow.patch
component/jasper/fix-filename-buffer-overflow.patch
+37
-0
component/jasper/misc-fixes.patch
component/jasper/misc-fixes.patch
+3092
-0
No files found.
component/jasper/CVE-2011-4516-and-CVE-2011-4517.patch
0 → 100644
View file @
86596d86
Description: Fix for CVE-2011-4516 and CVE-2011-4517
This patch fixes a possible denial of service and code execution via
heap-based buffer overflows.
Author: Michael Gilbert <michael.s.gilbert@gmail.com>
Origin: Patch thanks to Red Hat
Bug-Debian: http://bugs.debian.org/652649
Index: jasper-1.900.1/src/libjasper/jpc/jpc_cs.c
===================================================================
--- jasper-1.900.1.orig/src/libjasper/jpc/jpc_cs.c 2011-12-19 09:35:34.186909298 -0500
+++ jasper-1.900.1/src/libjasper/jpc/jpc_cs.c 2011-12-19 09:35:51.198909832 -0500
@@ -744,6 +744,10 @@
return -1;
}
compparms->numrlvls = compparms->numdlvls + 1;
+ if (compparms->numrlvls > JPC_MAXRLVLS) {
+ jpc_cox_destroycompparms(compparms);
+ return -1;
+ }
if (prtflag) {
for (i = 0; i < compparms->numrlvls; ++i) {
if (jpc_getuint8(in, &tmp)) {
@@ -1331,7 +1335,7 @@
jpc_crgcomp_t *comp;
uint_fast16_t compno;
crg->numcomps = cstate->numcomps;
- if (!(crg->comps = jas_alloc2(cstate->numcomps, sizeof(uint_fast16_t)))) {
+ if (!(crg->comps = jas_alloc2(cstate->numcomps, sizeof(jpc_crgcomp_t)))) {
return -1;
}
for (compno = 0, comp = crg->comps; compno < cstate->numcomps;
component/jasper/buildout.cfg
View file @
86596d86
...
...
@@ -8,6 +8,11 @@ parts =
recipe = slapos.recipe.cmmi
url = http://www.ece.uvic.ca/~mdadams/jasper/software/jasper-1.900.1.zip
md5sum = a342b2b4495b3e1394e161eb5d85d754
patch-options = -p1
patches =
${:_profile_base_location_}/misc-fixes.patch#1202be8418907dfe58f819f7b47da24f
${:_profile_base_location_}/fix-filename-buffer-overflow.patch#38403f9c82a18547beca16c9c6f4ce7a
${:_profile_base_location_}/CVE-2011-4516-and-CVE-2011-4517.patch#a9676718ed016f66a3c76acf764c9e72
# jasper configure script is not executable by default
configure-command =
/bin/sh ./configure --prefix=${buildout:parts-directory}/${:_buildout_section_name_} --disable-static --enable-shared --disable-opengl
...
...
component/jasper/fix-filename-buffer-overflow.patch
0 → 100644
View file @
86596d86
Description: Filename buffer overflow fix
This patch fixes a security hole by a bad buffer size handling.
Author: Roland Stigge <stigge@antcom.de>
Bug-Debian: http://bugs.debian.org/645118
--- a/src/libjasper/include/jasper/jas_stream.h
+++ b/src/libjasper/include/jasper/jas_stream.h
@@ -77,6 +77,7 @@
#include <jasper/jas_config.h>
#include <stdio.h>
+#include <limits.h>
#if defined(HAVE_FCNTL_H)
#include <fcntl.h>
#endif
@@ -99,6 +100,12 @@
extern "C" {
#define O_BINARY 0
#endif
+#ifdef PATH_MAX
+#define JAS_PATH_MAX PATH_MAX
+#else
+#define JAS_PATH_MAX 4096
+#endif
+
/*
* Stream open flags.
*/
@@ -251,7 +258,7 @@
typedef struct {
typedef struct {
int fd;
int flags;
- char pathname[L_tmpnam + 1];
+ char pathname[JAS_PATH_MAX + 1];
} jas_stream_fileobj_t;
#define JAS_STREAM_FILEOBJ_DELONCLOSE 0x01
component/jasper/misc-fixes.patch
0 → 100644
View file @
86596d86
This diff is collapsed.
Click to expand it.
Write
Preview
Markdown
is supported
0%
Try again
or
attach a new file
Attach a file
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment