From a304b6c362dcfadfaa2cfe2a67f5e948f247fd51 Mon Sep 17 00:00:00 2001
From: Efraim Flashner <efraim@flashner.co.il>
Date: Sat, 10 Dec 2016 21:45:29 +0200
Subject: gnu: openjpeg: Add fixes for CVE-2016-{9850,9851}.

* gnu/packages/image.scm (openjpeg)[replacement]: New field.
(openjpeg/fixed): New variable, patch against CVE-2016-9850,
CVE-2016-9851.
* gnu/packages/patches/openjpeg-CVE-2016-9850-CVE-2016-9851.patch: New file.
* gnu/local.mk (dist_patch_DATA): Register it.
---
 gnu/local.mk | 1 +
 1 file changed, 1 insertion(+)

(limited to 'gnu/local.mk')

diff --git a/gnu/local.mk b/gnu/local.mk
index 55dee48305..47c217bcc0 100644
--- a/gnu/local.mk
+++ b/gnu/local.mk
@@ -769,6 +769,7 @@ dist_patch_DATA =						\
   %D%/packages/patches/openjpeg-CVE-2015-6581.patch		\
   %D%/packages/patches/openjpeg-CVE-2016-5157.patch		\
   %D%/packages/patches/openjpeg-CVE-2016-7163.patch		\
+  %D%/packages/patches/openjpeg-CVE-2016-9850-CVE-2016-9851.patch		\
   %D%/packages/patches/openjpeg-use-after-free-fix.patch	\
   %D%/packages/patches/openocd-nrf52.patch			\
   %D%/packages/patches/openssh-memory-exhaustion.patch		\
-- 
cgit v1.2.3


From 67c539e21f75028f368edefdf3b1bb6a0b302640 Mon Sep 17 00:00:00 2001
From: Efraim Flashner <efraim@flashner.co.il>
Date: Sat, 10 Dec 2016 21:59:56 +0200
Subject: gnu: Remove unused patch.

* gnu/packages/patches/openjpeg-CVE-2015-6581.patch: Remove file.
* gnu/local.mk (dist_patch_DATA): Remove it.
---
 gnu/local.mk                                      |  1 -
 gnu/packages/patches/openjpeg-CVE-2015-6581.patch | 47 -----------------------
 2 files changed, 48 deletions(-)
 delete mode 100644 gnu/packages/patches/openjpeg-CVE-2015-6581.patch

(limited to 'gnu/local.mk')

diff --git a/gnu/local.mk b/gnu/local.mk
index 47c217bcc0..98a7f65ca4 100644
--- a/gnu/local.mk
+++ b/gnu/local.mk
@@ -766,7 +766,6 @@ dist_patch_DATA =						\
   %D%/packages/patches/ola-readdir-r.patch			\
   %D%/packages/patches/onionshare-fix-install-paths.patch		\
   %D%/packages/patches/openexr-missing-samples.patch		\
-  %D%/packages/patches/openjpeg-CVE-2015-6581.patch		\
   %D%/packages/patches/openjpeg-CVE-2016-5157.patch		\
   %D%/packages/patches/openjpeg-CVE-2016-7163.patch		\
   %D%/packages/patches/openjpeg-CVE-2016-9850-CVE-2016-9851.patch		\
diff --git a/gnu/packages/patches/openjpeg-CVE-2015-6581.patch b/gnu/packages/patches/openjpeg-CVE-2015-6581.patch
deleted file mode 100644
index 7ce03501f4..0000000000
--- a/gnu/packages/patches/openjpeg-CVE-2015-6581.patch
+++ /dev/null
@@ -1,47 +0,0 @@
-From 0fa5a17c98c4b8f9ee2286f4f0a50cf52a5fccb0 Mon Sep 17 00:00:00 2001
-From: Matthieu Darbois <mayeut@users.noreply.github.com>
-Date: Tue, 19 May 2015 21:57:27 +0000
-Subject: [PATCH] [trunk] Correct potential double free on malloc failure in
- opj_j2k_copy_default_tcp_and_create_tcp (fixes issue 492)
-
----
- src/lib/openjp2/j2k.c | 9 +++++++++
- 1 file changed, 9 insertions(+)
-
-diff --git a/src/lib/openjp2/j2k.c b/src/lib/openjp2/j2k.c
-index 8c62a39..cbdd368 100644
---- a/src/lib/openjp2/j2k.c
-+++ b/src/lib/openjp2/j2k.c
-@@ -7365,6 +7365,12 @@ static OPJ_BOOL opj_j2k_copy_default_tcp_and_create_tcd (       opj_j2k_t * p_j2
-                 l_tcp->cod = 0;
-                 l_tcp->ppt = 0;
-                 l_tcp->ppt_data = 00;
-+                /* Remove memory not owned by this tile in case of early error return. */
-+                l_tcp->m_mct_decoding_matrix = 00;
-+                l_tcp->m_nb_max_mct_records = 0;
-+                l_tcp->m_mct_records = 00;
-+                l_tcp->m_nb_max_mcc_records = 0;
-+                l_tcp->m_mcc_records = 00;
-                 /* Reconnect the tile-compo coding parameters pointer to the current tile coding parameters*/
-                 l_tcp->tccps = l_current_tccp;
- 
-@@ -7402,6 +7408,8 @@ static OPJ_BOOL opj_j2k_copy_default_tcp_and_create_tcd (       opj_j2k_t * p_j2
- 
-                         ++l_src_mct_rec;
-                         ++l_dest_mct_rec;
-+                        /* Update with each pass to free exactly what has been allocated on early return. */
-+                        l_tcp->m_nb_max_mct_records += 1;
-                 }
- 
-                 /* Get the mcc_record of the dflt_tile_cp and copy them into the current tile cp*/
-@@ -7411,6 +7419,7 @@ static OPJ_BOOL opj_j2k_copy_default_tcp_and_create_tcd (       opj_j2k_t * p_j2
-                         return OPJ_FALSE;
-                 }
-                 memcpy(l_tcp->m_mcc_records,l_default_tcp->m_mcc_records,l_mcc_records_size);
-+                l_tcp->m_nb_max_mcc_records = l_default_tcp->m_nb_max_mcc_records;
- 
-                 /* Copy the mcc record data from dflt_tile_cp to the current tile*/
-                 l_src_mcc_rec = l_default_tcp->m_mcc_records;
--- 
-2.5.0
-
-- 
cgit v1.2.3