[PATCH] gnu: optipng: Fix CVE-2017-1000229.

  • Done
  • quality assurance status badge
Details
3 participants
  • Leo Famulari
  • Ludovic Courtès
  • Marius Bakke
Owner
unassigned
Submitted by
Marius Bakke
Severity
normal

Debbugs page

M
M
Marius Bakke wrote on 28 Nov 2017 09:01
(address . guix-patches@gnu.org)(name . Marius Bakke)(address . mbakke@fastmail.com)
20171128170150.29946-1-mbakke@fastmail.com
* gnu/packages/image.scm (optipng)[source](patches): New field.
* gnu/packages/patches/optipng-CVE-2017-1000229.patch: New file.
* gnu/local.mk (dist_patch_DATA): Register it.
---
gnu/local.mk | 1 +
gnu/packages/image.scm | 1 +
.../patches/optipng-CVE-2017-1000229.patch | 22 ++++++++++++++++++++++
3 files changed, 24 insertions(+)
create mode 100644 gnu/packages/patches/optipng-CVE-2017-1000229.patch

Toggle diff (54 lines)
diff --git a/gnu/local.mk b/gnu/local.mk
index ebff7084b..26845954e 100644
--- a/gnu/local.mk
+++ b/gnu/local.mk
@@ -938,6 +938,7 @@ dist_patch_DATA = \
%D%/packages/patches/openssl-runpath.patch \
%D%/packages/patches/openssl-1.1.0-c-rehash-in.patch \
%D%/packages/patches/openssl-c-rehash-in.patch \
+ %D%/packages/patches/optipng-CVE-2017-1000229.patch \
%D%/packages/patches/orpheus-cast-errors-and-includes.patch \
%D%/packages/patches/osip-CVE-2017-7853.patch \
%D%/packages/patches/ots-no-include-missing-file.patch \
diff --git a/gnu/packages/image.scm b/gnu/packages/image.scm
index 0e1f02556..b9f1ef234 100644
--- a/gnu/packages/image.scm
+++ b/gnu/packages/image.scm
@@ -1095,6 +1095,7 @@ installed as @code{stb_image}.")
(method url-fetch)
(uri (string-append "http://prdownloads.sourceforge.net/optipng/optipng-"
version ".tar.gz"))
+ (patches (search-patches "optipng-CVE-2017-1000229.patch"))
(sha256
(base32
"105yk5qykvhiahzag67gm36s2kplxf6qn5hay02md0nkrcgn6w28"))))
diff --git a/gnu/packages/patches/optipng-CVE-2017-1000229.patch b/gnu/packages/patches/optipng-CVE-2017-1000229.patch
new file mode 100644
index 000000000..2cb3b2f21
--- /dev/null
+++ b/gnu/packages/patches/optipng-CVE-2017-1000229.patch
@@ -0,0 +1,22 @@
+Fix CVE-2017-1000229:
+
+https://security-tracker.debian.org/tracker/CVE-2017-1000229
+https://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-1000229.html
+https://nvd.nist.gov/vuln/detail/CVE-2017-1000229
+
+Patch copied from upstream bug tracker:
+https://sourceforge.net/p/optipng/bugs/65/
+
+diff --git a/src/minitiff/tiffread.c b/src/minitiff/tiffread.c
+index b4910ec..5f9b376 100644
+--- a/src/minitiff/tiffread.c
++++ b/src/minitiff/tiffread.c
+@@ -350,6 +350,8 @@ minitiff_read_info(struct minitiff_info *tiff_ptr, FILE *fp)
+ count = tiff_ptr->strip_offsets_count;
+ if (count == 0 || count > tiff_ptr->height)
+ goto err_invalid;
++ if (count > (size_t)-1 / sizeof(long))
++ goto err_memory;
+ tiff_ptr->strip_offsets = (long *)malloc(count * sizeof(long));
+ if (tiff_ptr->strip_offsets == NULL)
+ goto err_memory;
--
2.15.0
L
L
Leo Famulari wrote on 28 Nov 2017 10:20
(name . Marius Bakke)(address . mbakke@fastmail.com)(address . 29486@debbugs.gnu.org)
20171128182002.GE14200@jasmine.lan
On Tue, Nov 28, 2017 at 06:01:50PM +0100, Marius Bakke wrote:
Toggle quote (4 lines)
> * gnu/packages/image.scm (optipng)[source](patches): New field.
> * gnu/packages/patches/optipng-CVE-2017-1000229.patch: New file.
> * gnu/local.mk (dist_patch_DATA): Register it.

LGTM, thanks!
-----BEGIN PGP SIGNATURE-----

iQIzBAABCAAdFiEEsFFZSPHn08G5gDigJkb6MLrKfwgFAlodqNIACgkQJkb6MLrK
fwjdmhAAzB8kZCIDSPBfUz+IY8nwyb8WfdgxsUO7rs4t6qXNjhbBi/QKDvz7Nhq8
QdeNdicd5Z0yaDL0c4pa/GTfZuIILHZ18lf7n0WbpqIGdeuXR7F7dKB//SrcwzNx
pm98X+QpEUivq8bY0Klw1nozZZRmPmFlCYDH4UHTobO/fK6BtqTEeT8dTpSdL2ep
sFKX4yugoemWR6lASEC0bSOY0SSShxVKHvib2VSErrYtcNpkwQ0fDhRxYEevpzbd
otldHpcfAt6w4Da90GExQ+WpDKzzzwS9s7qEnkRPHhm+C3eoMAYzA59zLhrhVuQr
VIbV48UMGe7Fe4uYfvY3IORjLtrvVdHjRJui52YQDyeRs16rod0ke62Noy75aKpr
ZlEmBfpNBw0r5cAIvY3y1Tu72Tn+AgBhNXDUe1fG/kRlKUWu2Ll+oR1wsPFIOUrX
wfr8F2es8Gf3KKxPQ3EXenWyKZuohX3oLy2ooFLPIbKvBJbdENqIownEZf61cWHN
9ml1K4oykn+jkXNi9GJBA+vp9vAPKBU/jhKGmqwZcBPg4rWxgwV35xWJEuDmqRih
NpmhhIItO0vWZbYNvYWQmmEpPOq68AeZXhH+oqa0N+qil2qmN2Mu0oWzDBp0pA2Q
Y1ENe3h3wjF7tPGw7ZN11xgoXls64PZZBt27Y2sNFB4CVGuqEzA=
=BuCS
-----END PGP SIGNATURE-----


L
L
Ludovic Courtès wrote on 30 Nov 2017 07:03
control message for bug #29486
(address . control@debbugs.gnu.org)
87wp273j1y.fsf@gnu.org
tags 29486 fixed
close 29486
?
Your comment

This issue is archived.

To comment on this conversation send an email to 29486@patchwise.org

To respond to this issue using the mumi CLI, first switch to it
mumi current 29486
Then, you may apply the latest patchset in this issue (with sign off)
mumi am -- -s
Or, compose a reply to this issue
mumi compose
Or, send patches to this issue
mumi send-email *.patch