CVS commit: pkgsrc/graphics/jbig2dec

To: pkgsrc-changes%NetBSD.org@localhost
Subject: CVS commit: pkgsrc/graphics/jbig2dec
From: "Niclas Rosenvik" <nros%netbsd.org@localhost>
Date: Sat, 5 Aug 2017 08:03:05 +0000

Module Name:    pkgsrc
Committed By:   nros
Date:           Sat Aug  5 08:03:05 UTC 2017

Modified Files:
        pkgsrc/graphics/jbig2dec: Makefile distinfo
Added Files:
        pkgsrc/graphics/jbig2dec/patches: patch-jbig2__huffman.c
            patch-jbig2__image.c patch-jbig2__symbol__dict.c

Log Message:
Add patches to fix CVEs:
CVE-2017-7885
CVE-2017-7975
CVE-2017-7976
CVE-2017-9216
Bump PKGREVISION.


To generate a diff of this commit:
cvs rdiff -u -r1.6 -r1.7 pkgsrc/graphics/jbig2dec/Makefile
cvs rdiff -u -r1.5 -r1.6 pkgsrc/graphics/jbig2dec/distinfo
cvs rdiff -u -r0 -r1.1 \
    pkgsrc/graphics/jbig2dec/patches/patch-jbig2__huffman.c \
    pkgsrc/graphics/jbig2dec/patches/patch-jbig2__image.c \
    pkgsrc/graphics/jbig2dec/patches/patch-jbig2__symbol__dict.c

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.

Modified files:

Index: pkgsrc/graphics/jbig2dec/Makefile
diff -u pkgsrc/graphics/jbig2dec/Makefile:1.6 pkgsrc/graphics/jbig2dec/Makefile:1.7
--- pkgsrc/graphics/jbig2dec/Makefile:1.6       Wed Apr 13 17:59:34 2016
+++ pkgsrc/graphics/jbig2dec/Makefile   Sat Aug  5 08:03:05 2017
@@ -1,6 +1,7 @@
-# $NetBSD: Makefile,v 1.6 2016/04/13 17:59:34 wiz Exp $
+# $NetBSD: Makefile,v 1.7 2017/08/05 08:03:05 nros Exp $
 
 DISTNAME=      jbig2dec-0.13
+PKGREVISION=   1
 CATEGORIES=    graphics
 MASTER_SITES=  http://downloads.ghostscript.com/public/jbig2dec/
 

Index: pkgsrc/graphics/jbig2dec/distinfo
diff -u pkgsrc/graphics/jbig2dec/distinfo:1.5 pkgsrc/graphics/jbig2dec/distinfo:1.6
--- pkgsrc/graphics/jbig2dec/distinfo:1.5       Wed Apr 13 17:59:34 2016
+++ pkgsrc/graphics/jbig2dec/distinfo   Sat Aug  5 08:03:05 2017
@@ -1,6 +1,9 @@
-$NetBSD: distinfo,v 1.5 2016/04/13 17:59:34 wiz Exp $
+$NetBSD: distinfo,v 1.6 2017/08/05 08:03:05 nros Exp $
 
 SHA1 (jbig2dec-0.13.tar.gz) = d7b07ef308e95dc44a83f2193ca4f445630e6355
 RMD160 (jbig2dec-0.13.tar.gz) = 84b4c9730d3a62e75524f4a251379b884cfe00d3
 SHA512 (jbig2dec-0.13.tar.gz) = ef64a65c54bec65f61602de7130dc9594aae58aaea7958f7cc987f25d0794511e15a423e86501ace4f40c0364796fb97ceab72edb0b69232926767ba16c1b05d
 Size (jbig2dec-0.13.tar.gz) = 442571 bytes
+SHA1 (patch-jbig2__huffman.c) = be3e48b6d324090ffd607babccc602003be54788
+SHA1 (patch-jbig2__image.c) = c0f18948e009be0dc3ba5f0ef67d51538c0cc932
+SHA1 (patch-jbig2__symbol__dict.c) = 5cf647fa56577e540f21772e64e6c2f89f1d647c

Added files:

Index: pkgsrc/graphics/jbig2dec/patches/patch-jbig2__huffman.c
diff -u /dev/null pkgsrc/graphics/jbig2dec/patches/patch-jbig2__huffman.c:1.1
--- /dev/null   Sat Aug  5 08:03:05 2017
+++ pkgsrc/graphics/jbig2dec/patches/patch-jbig2__huffman.c     Sat Aug  5 08:03:05 2017
@@ -0,0 +1,16 @@
+$NetBSD: patch-jbig2__huffman.c,v 1.1 2017/08/05 08:03:05 nros Exp $
+* fix CVE-2017-7975
+  fixed upstrema so remove this patch on the next version update.
+--- jbig2_huffman.c.orig       2017-08-05 07:27:45.000000000 +0000
++++ jbig2_huffman.c
+@@ -422,8 +422,8 @@ jbig2_build_huffman_table(Jbig2Ctx *ctx,
+ 
+             if (PREFLEN == CURLEN) {
+                 int RANGELEN = lines[CURTEMP].RANGELEN;
+-                int start_j = CURCODE << shift;
+-                int end_j = (CURCODE + 1) << shift;
++                uint32_t start_j = CURCODE << shift;
++                uint32_t end_j = (CURCODE + 1) << shift;
+                 byte eflags = 0;
+ 
+                 if (end_j > max_j) {
Index: pkgsrc/graphics/jbig2dec/patches/patch-jbig2__image.c
diff -u /dev/null pkgsrc/graphics/jbig2dec/patches/patch-jbig2__image.c:1.1
--- /dev/null   Sat Aug  5 08:03:05 2017
+++ pkgsrc/graphics/jbig2dec/patches/patch-jbig2__image.c       Sat Aug  5 08:03:05 2017
@@ -0,0 +1,15 @@
+$NetBSD: patch-jbig2__image.c,v 1.1 2017/08/05 08:03:05 nros Exp $
+* fix CVE-2017-7976
+  fixed upstream so remove this patch on the next version update
+--- jbig2_image.c.orig 2017-08-05 07:31:46.000000000 +0000
++++ jbig2_image.c
+@@ -256,7 +256,8 @@ jbig2_image_compose(Jbig2Ctx *ctx, Jbig2
+     /* general OR case */
+     s = ss;
+     d = dd = dst->data + y * dst->stride + leftbyte;
+-    if (d < dst->data || leftbyte > dst->stride || h * dst->stride < 0 || d - leftbyte + h * dst->stride > dst->data + dst->height * dst->stride) {
++    if (d < dst->data || leftbyte > dst->stride || h * dst->stride < 0 || d - leftbyte + h * dst->stride > dst->data + dst->height * dst->stride ||
++        s - leftbyte + (h - 1) * src->stride + rightbyte > src->data + src->height * src->stride) {
+         return jbig2_error(ctx, JBIG2_SEVERITY_FATAL, -1, "preventing heap overflow in jbig2_image_compose");
+     }
+     if (leftbyte == rightbyte) {
Index: pkgsrc/graphics/jbig2dec/patches/patch-jbig2__symbol__dict.c
diff -u /dev/null pkgsrc/graphics/jbig2dec/patches/patch-jbig2__symbol__dict.c:1.1
--- /dev/null   Sat Aug  5 08:03:05 2017
+++ pkgsrc/graphics/jbig2dec/patches/patch-jbig2__symbol__dict.c        Sat Aug  5 08:03:05 2017
@@ -0,0 +1,26 @@
+$NetBSD: patch-jbig2__symbol__dict.c,v 1.1 2017/08/05 08:03:05 nros Exp $
+* fix CVE-2017-7885 and CVE-2017-9216
+  fixed upstream so remove this patch on the next version update
+--- jbig2_symbol_dict.c.orig   2017-08-05 07:24:59.000000000 +0000
++++ jbig2_symbol_dict.c
+@@ -499,8 +499,10 @@ jbig2_decode_symbol_dict(Jbig2Ctx *ctx,
+                         }
+ 
+                         /* multiple symbols are handled as a text region */
+-                        jbig2_decode_text_region(ctx, segment, tparams, (const Jbig2SymbolDict * const *)refagg_dicts,
++                        code = jbig2_decode_text_region(ctx, segment, tparams, (const Jbig2SymbolDict * const *)refagg_dicts,
+                                                  n_refagg_dicts, image, data, size, GR_stats, as, ws);
++                        if (code < 0)
++                            goto cleanup4;
+ 
+                         SDNEWSYMS->glyphs[NSYMSDECODED] = image;
+                         refagg_dicts[0]->glyphs[params->SDNUMINSYMS + NSYMSDECODED] = jbig2_image_clone(ctx, SDNEWSYMS->glyphs[NSYMSDECODED]);
+@@ -633,7 +635,7 @@ jbig2_decode_symbol_dict(Jbig2Ctx *ctx,
+                 byte *dst = image->data;
+ 
+                 /* SumatraPDF: prevent read access violation */
+-                if (size - jbig2_huffman_offset(hs) < image->height * stride) {
++                if ((size - jbig2_huffman_offset(hs) < image->height * stride) || (size < jbig2_huffman_offset(hs))) {
+                     jbig2_error(ctx, JBIG2_SEVERITY_FATAL, segment->number, "not enough data for decoding (%d/%d)", image->height * stride,
+                                 size - jbig2_huffman_offset(hs));
+                     jbig2_image_release(ctx, image);

Prev by Date: CVS commit: pkgsrc/shells/rc
Next by Date: CVS commit: pkgsrc/ham/fldigi
Previous by Thread: CVS commit: pkgsrc/shells/rc
Next by Thread: CVS commit: pkgsrc/ham/fldigi
Indexes:

Home | Main Index | Thread Index | Old Index