diff options
| author | Efraim Flashner <efraim@flashner.co.il> | 2016-10-17 23:47:14 +0300 |
|---|---|---|
| committer | Efraim Flashner <efraim@flashner.co.il> | 2016-10-17 23:51:38 +0300 |
| commit | b333d00c3566a8a6b058a35426da96200ebf2c6d (patch) | |
| tree | fcca109def21a232cb8a8ea88acb01a9dcd08162 /gnu/packages/patches/jasper-CVE-2011-4516-and-CVE-2011-4517.patch | |
| parent | 6ace9f80f15f7d5fc35e76b0dad7c0d298ad04ad (diff) | |
| download | guix-b333d00c3566a8a6b058a35426da96200ebf2c6d.tar.gz guix-b333d00c3566a8a6b058a35426da96200ebf2c6d.zip | |
gnu: jasper: Update to 1.900.5.
* gnu/packages/image.scm (jasper): Update to 1.900.5.
[source]: Remove patches.
[native-inputs]: Remove unzip.
* gnu/packages/patches/jasper-CVE-2007-2721.patch,
gnu/packages/patches/jasper-CVE-2008-3520.patch,
gnu/packages/patches/jasper-CVE-2008-3522.patch,
gnu/packages/patches/jasper-CVE-2011-4516-and-CVE-2011-4517.patch,
gnu/packages/patches/jasper-CVE-2014-8137.patch,
gnu/packages/patches/jasper-CVE-2014-8138.patch,
gnu/packages/patches/jasper-CVE-2014-8157.patch,
gnu/packages/patches/jasper-CVE-2014-8158.patch,
gnu/packages/patches/jasper-CVE-2014-9029.patch,
gnu/packages/patches/jasper-CVE-2016-1577.patch,
gnu/packages/patches/jasper-CVE-2016-1867.patch,
gnu/packages/patches/jasper-CVE-2016-2089.patch,
gnu/packages/patches/jasper-CVE-2016-2116.patch: Delete files.
* gnu/local.mk (dist_patch_DATA): Remove them.
Diffstat (limited to 'gnu/packages/patches/jasper-CVE-2011-4516-and-CVE-2011-4517.patch')
| -rw-r--r-- | gnu/packages/patches/jasper-CVE-2011-4516-and-CVE-2011-4517.patch | 31 |
1 files changed, 0 insertions, 31 deletions
diff --git a/gnu/packages/patches/jasper-CVE-2011-4516-and-CVE-2011-4517.patch b/gnu/packages/patches/jasper-CVE-2011-4516-and-CVE-2011-4517.patch deleted file mode 100644 index 4b5917fd28..0000000000 --- a/gnu/packages/patches/jasper-CVE-2011-4516-and-CVE-2011-4517.patch +++ /dev/null @@ -1,31 +0,0 @@ -Fix CVE-2011-4516 and CVE-2011-4517 (heap buffer overflow flaws lead to -arbitrary code execution). - -Copied from Fedora. - -http://pkgs.fedoraproject.org/cgit/rpms/jasper.git/tree/jasper-1.900.1-CVE-2011-4516-CVE-2011-4517-CERT-VU-887409.patch -https://bugzilla.redhat.com/show_bug.cgi?id=747726 - -diff -up jasper-1.900.1/src/libjasper/jpc/jpc_cs.c.CERT-VU-887409 jasper-1.900.1/src/libjasper/jpc/jpc_cs.c ---- jasper-1.900.1/src/libjasper/jpc/jpc_cs.c.CERT-VU-887409 2011-10-25 17:25:39.000000000 +0200 -+++ jasper-1.900.1/src/libjasper/jpc/jpc_cs.c 2011-10-25 17:29:14.379371908 +0200 -@@ -744,6 +744,10 @@ static int jpc_cox_getcompparms(jpc_ms_t - return -1; - } - compparms->numrlvls = compparms->numdlvls + 1; -+ if (compparms->numrlvls > JPC_MAXRLVLS) { -+ jpc_cox_destroycompparms(compparms); -+ return -1; -+ } - if (prtflag) { - for (i = 0; i < compparms->numrlvls; ++i) { - if (jpc_getuint8(in, &tmp)) { -@@ -1331,7 +1335,7 @@ static int jpc_crg_getparms(jpc_ms_t *ms - jpc_crgcomp_t *comp; - uint_fast16_t compno; - crg->numcomps = cstate->numcomps; -- if (!(crg->comps = jas_alloc2(cstate->numcomps, sizeof(uint_fast16_t)))) { -+ if (!(crg->comps = jas_alloc2(cstate->numcomps, sizeof(jpc_crgcomp_t)))) { - return -1; - } - for (compno = 0, comp = crg->comps; compno < cstate->numcomps; |