X-Original-To: alpine-aports@lists.alpinelinux.org Received: from mail-oi0-f66.google.com (mail-oi0-f66.google.com [209.85.218.66]) by lists.alpinelinux.org (Postfix) with ESMTP id 622185C4878 for ; Thu, 15 Sep 2016 16:53:33 +0000 (GMT) Received: by mail-oi0-f66.google.com with SMTP id w11so4516335oia.0 for ; Thu, 15 Sep 2016 09:53:33 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=from:to:subject:date:message-id:in-reply-to:references; bh=mqJqGz6ZwRs4ZH0xeroJ9nLsHKh+h7S5cn4Z94S1lsE=; b=zaCoh7uz8X+uEhlMWUriwWFL2nF0e2XJZfJpAaIJngo+B0Y2F1CoBGSzl+m101u7xN qQWagbblBB0KeOT1e5mWMTeU3g2xFiec2O/0PeO2WH82lVmQxPI4PnR2cRH3KKp3jjAy 2Tp+lpE/MSMdsALTXCZ/9KFaU9S3SUOglGxXFQ8ZKf4qU3+iRKcvhu9Z8CYyiZ6IEktq rzWwTHKUHEYUB50LsRsgczWE4jAgX1x0ZFNQgZQSz1WWOTO5ZTTbKOzY7Y9IP2ZCL4h4 7ra3VSGXlJgieyBPAUKkzwDd4CGqcYpU746dMRsu8h1LkLs+JfnRO9tWSrNi3B5ZeFnb ObLw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:from:to:subject:date:message-id:in-reply-to :references; bh=mqJqGz6ZwRs4ZH0xeroJ9nLsHKh+h7S5cn4Z94S1lsE=; b=IWaMeqv4HGTxR2fCoINrvDCgyolG1bDUHPW/pprlJ7xUiOs8K/eDdOYfFFao0lyZiz k5OGD7OKT+ZWWx8UIGY9XIrtQgEq06xkwu0XLW3VZC25imdytw6u7sLeO7woblGKVlWh eCPpYGYc7UCWPrtMA9xrvWteIXwS6usYxgXs5EDhD5pOB9D32lu8YIjpgGXJhycIKlPG IPXhllk5jWE8OwQFwv6mVosdWzh+dDDH3IYcHaVqntGiT6Y5dKNnR5GiFA7jY29tLvBN opi+7m4V1ZfXUKWXSJqFSoAOdebsn5NDC4zHVA77RhYELvO7IgknzkIFIuOwfevYdfw/ VsvA== X-Gm-Message-State: AE9vXwMAce0naWeSGPbSFXNl/ET0zIqUzgrOyN4ckRpeku7oylTVbClVDCTR3dlxnmpFMg== X-Received: by 10.157.52.241 with SMTP id t46mr8010802otd.144.1473958413086; Thu, 15 Sep 2016 09:53:33 -0700 (PDT) Received: from alp.my.domain (ip72-196-114-247.ga.at.cox.net. [72.196.114.247]) by smtp.gmail.com with ESMTPSA id 70sm1352744otj.8.2016.09.15.09.53.32 for (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Thu, 15 Sep 2016 09:53:32 -0700 (PDT) From: Daniel Sabogal To: alpine-aports@lists.alpinelinux.org Subject: [alpine-aports] [PATCH] main/openjpeg: fix for CVE-2016-7163 Date: Thu, 15 Sep 2016 12:53:23 -0400 Message-Id: <20160915165323.5521-2-dsabogalcc@gmail.com> X-Mailer: git-send-email 2.10.0 In-Reply-To: <20160915165323.5521-1-dsabogalcc@gmail.com> References: <20160915165323.5521-1-dsabogalcc@gmail.com> X-Mailinglist: alpine-aports Precedence: list List-Id: Alpine Development List-Unsubscribe: List-Post: List-Help: List-Subscribe: --- main/openjpeg/APKBUILD | 18 +++++++++++++----- main/openjpeg/CVE-2016-7163-1.patch | 33 +++++++++++++++++++++++++++++++++ main/openjpeg/CVE-2016-7163-2.patch | 26 ++++++++++++++++++++++++++ 3 files changed, 72 insertions(+), 5 deletions(-) create mode 100644 main/openjpeg/CVE-2016-7163-1.patch create mode 100644 main/openjpeg/CVE-2016-7163-2.patch diff --git a/main/openjpeg/APKBUILD b/main/openjpeg/APKBUILD index 65453d4..ca2b5f9 100644 --- a/main/openjpeg/APKBUILD +++ b/main/openjpeg/APKBUILD @@ -2,7 +2,7 @@ # Maintainer: Francesco Colista pkgname=openjpeg pkgver=2.1.1 -pkgrel=0 +pkgrel=1 pkgdesc="Open-source implementation of JPEG2000 image codec" url="http://www.openjpeg.org/" arch="all" @@ -12,7 +12,9 @@ depends_dev="" makedepends="$depends_dev libpng-dev tiff-dev lcms-dev doxygen cmake" install="" subpackages="$pkgname-dev $pkgname-tools" -source="$pkgname-$pkgver.tar.gz::https://github.com/uclouvain/openjpeg/archive/v$pkgver.tar.gz" +source="$pkgname-$pkgver.tar.gz::https://github.com/uclouvain/openjpeg/archive/v$pkgver.tar.gz + CVE-2016-7163-1.patch + CVE-2016-7163-2.patch" builddir="${srcdir}/$pkgname-$pkgver" @@ -38,6 +40,12 @@ tools() { mv "$pkgdir"/usr/bin "$subpkgdir"/usr/ } -md5sums="0cc4b2aee0a9b6e9e21b7abcd201a3ec openjpeg-2.1.1.tar.gz" -sha256sums="82c27f47fc7219e2ed5537ac69545bf15ed8c6ba8e6e1e529f89f7356506dbaa openjpeg-2.1.1.tar.gz" -sha512sums="c7c5cd95a3b8bc643207fecdfbffd45c3d91e48196455ae42061862aebcd558c3e508c39513285b8ebb4f57b7316116d15cc74c0b9cc3e31c2a7b70d3e5e2cdd openjpeg-2.1.1.tar.gz" +md5sums="0cc4b2aee0a9b6e9e21b7abcd201a3ec openjpeg-2.1.1.tar.gz +0c0e55bc80b5cd6b163fbc041e4e7aae CVE-2016-7163-1.patch +4edb6725ac44bd254f385a78ad4faa98 CVE-2016-7163-2.patch" +sha256sums="82c27f47fc7219e2ed5537ac69545bf15ed8c6ba8e6e1e529f89f7356506dbaa openjpeg-2.1.1.tar.gz +65137ddd802e36893a52362da56de1b75c15c338f22e1c378c21288529008189 CVE-2016-7163-1.patch +a36c73da751049410e94a9f4e56bce572ef5005ec8637401da9c02be0253d0ce CVE-2016-7163-2.patch" +sha512sums="c7c5cd95a3b8bc643207fecdfbffd45c3d91e48196455ae42061862aebcd558c3e508c39513285b8ebb4f57b7316116d15cc74c0b9cc3e31c2a7b70d3e5e2cdd openjpeg-2.1.1.tar.gz +3ab55487147464caf428c28f2a8585983a3a203bba731d83411b0bb0bfb8765992874aa42de3fddd8be5245897224f292c9853dc6103c5e16a3aa5bc1737b5be CVE-2016-7163-1.patch +d091d6ccbdbc7a2e2308815c5448f94a8d7f854c04c137d99f49bb26d142b790008388b730d9d83891842211ec56f1833a954e3bdfa3130ce7dcc1021a15c87e CVE-2016-7163-2.patch" diff --git a/main/openjpeg/CVE-2016-7163-1.patch b/main/openjpeg/CVE-2016-7163-1.patch new file mode 100644 index 0000000..c7d277a --- /dev/null +++ b/main/openjpeg/CVE-2016-7163-1.patch @@ -0,0 +1,33 @@ +From c16bc057ba3f125051c9966cf1f5b68a05681de4 Mon Sep 17 00:00:00 2001 +From: trylab +Date: Tue, 6 Sep 2016 13:55:49 +0800 +Subject: [PATCH] Fix an integer overflow issue (#809) + +Prevent an integer overflow issue in function opj_pi_create_decode of +pi.c. +--- + src/lib/openjp2/pi.c | 8 +++++++- + 1 file changed, 7 insertions(+), 1 deletion(-) + +diff --git a/src/lib/openjp2/pi.c b/src/lib/openjp2/pi.c +index cffad66..36e2ff0 100644 +--- a/src/lib/openjp2/pi.c ++++ b/src/lib/openjp2/pi.c +@@ -1237,7 +1237,13 @@ opj_pi_iterator_t *opj_pi_create_decode(opj_image_t *p_image, + l_current_pi = l_pi; + + /* memory allocation for include */ +- l_current_pi->include = (OPJ_INT16*) opj_calloc((l_tcp->numlayers +1) * l_step_l, sizeof(OPJ_INT16)); ++ /* prevent an integer overflow issue */ ++ l_current_pi->include = 00; ++ if (l_step_l <= (SIZE_MAX / (l_tcp->numlayers + 1U))) ++ { ++ l_current_pi->include = (OPJ_INT16*) opj_calloc((l_tcp->numlayers +1) * l_step_l, sizeof(OPJ_INT16)); ++ } ++ + if + (!l_current_pi->include) + { +-- +2.10.0 + diff --git a/main/openjpeg/CVE-2016-7163-2.patch b/main/openjpeg/CVE-2016-7163-2.patch new file mode 100644 index 0000000..71af3d7 --- /dev/null +++ b/main/openjpeg/CVE-2016-7163-2.patch @@ -0,0 +1,26 @@ +From ef01f18dfc6780b776d0674ed3e7415c6ef54d24 Mon Sep 17 00:00:00 2001 +From: Matthieu Darbois +Date: Thu, 8 Sep 2016 07:34:46 +0200 +Subject: [PATCH] Cast to size_t before multiplication + +Need to cast to size_t before multiplication otherwise overflow check is useless. +--- + src/lib/openjp2/pi.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/src/lib/openjp2/pi.c b/src/lib/openjp2/pi.c +index 36e2ff0..809b33d 100644 +--- a/src/lib/openjp2/pi.c ++++ b/src/lib/openjp2/pi.c +@@ -1241,7 +1241,7 @@ opj_pi_iterator_t *opj_pi_create_decode(opj_image_t *p_image, + l_current_pi->include = 00; + if (l_step_l <= (SIZE_MAX / (l_tcp->numlayers + 1U))) + { +- l_current_pi->include = (OPJ_INT16*) opj_calloc((l_tcp->numlayers +1) * l_step_l, sizeof(OPJ_INT16)); ++ l_current_pi->include = (OPJ_INT16*) opj_calloc((size_t)(l_tcp->numlayers + 1U) * l_step_l, sizeof(OPJ_INT16)); + } + + if +-- +2.10.0 + -- 2.10.0 --- Unsubscribe: alpine-aports+unsubscribe@lists.alpinelinux.org Help: alpine-aports+help@lists.alpinelinux.org ---