diff options
author | Robert Scott <code@humanleg.org.uk> | 2023-12-16 18:44:31 +0000 |
---|---|---|
committer | Robert Scott <code@humanleg.org.uk> | 2023-12-16 18:44:31 +0000 |
commit | 73f7d4133993c53c199136571bb5b23f6d90b441 (patch) | |
tree | 747a29213f5456b04b4fb748af43a8b39250eafe | |
parent | 05fdbaa60295296790cddef6c2fe80e5329e06f7 (diff) |
zbar: use better patches for CVE-2023-40889 & CVE-2023-40890
-rw-r--r-- | pkgs/tools/graphics/zbar/0.23.92-CVE-2023-40889.patch | 17 | ||||
-rw-r--r-- | pkgs/tools/graphics/zbar/0.23.92-CVE-2023-40890.patch | 26 | ||||
-rw-r--r-- | pkgs/tools/graphics/zbar/default.nix | 12 |
3 files changed, 10 insertions, 45 deletions
diff --git a/pkgs/tools/graphics/zbar/0.23.92-CVE-2023-40889.patch b/pkgs/tools/graphics/zbar/0.23.92-CVE-2023-40889.patch deleted file mode 100644 index 7b7ca5a0befa5..0000000000000 --- a/pkgs/tools/graphics/zbar/0.23.92-CVE-2023-40889.patch +++ /dev/null @@ -1,17 +0,0 @@ -Simple bounds checks for CVE-2023-40889, based on third-party -fix by Remi Meier @ -https://github.com/Raemi/zbar/commit/5e8acc6974f17e56c3ddaa5509870beb8d7a599c - ---- a/zbar/qrcode/qrdec.c -+++ b/zbar/qrcode/qrdec.c -@@ -3900,8 +3900,8 @@ void qr_reader_match_centers(qr_reader *_reader,qr_code_data_list *_qrlist, - /*TODO: We might be able to accelerate this step significantly by - considering the remaining finder centers in a more intelligent order, - based on the first finder center we just chose.*/ -- for(j=i+1;!mark[i]&&j<_ncenters;j++){ -- for(k=j+1;!mark[j]&&k<_ncenters;k++)if(!mark[k]){ -+ for(j=i+1; i < _ncenters && !mark[i]&&j<_ncenters;j++){ -+ for(k=j+1; j < _ncenters && !mark[j]&&k<_ncenters;k++)if(!mark[k]){ - qr_finder_center *c[3]; - qr_code_data qrdata; - int version; diff --git a/pkgs/tools/graphics/zbar/0.23.92-CVE-2023-40890.patch b/pkgs/tools/graphics/zbar/0.23.92-CVE-2023-40890.patch deleted file mode 100644 index 3576df214ae1a..0000000000000 --- a/pkgs/tools/graphics/zbar/0.23.92-CVE-2023-40890.patch +++ /dev/null @@ -1,26 +0,0 @@ -Simple bounds checks for CVE-2023-40890 - ---- a/zbar/decoder/databar.c -+++ b/zbar/decoder/databar.c -@@ -23,6 +23,8 @@ - - #include <config.h> - #include <zbar.h> -+#include <stdlib.h> -+#include <stdio.h> - - #ifdef DEBUG_DATABAR - # define DEBUG_LEVEL (DEBUG_DATABAR) -@@ -691,6 +693,12 @@ lookup_sequence (databar_segment_t *seg, - fixed = -1; - s <<= 1; - dbprintf(2, "%x", s); -+ -+ if (i > 20) { -+ fprintf(stderr, "Bug: Out-of-bounds condition detected\n"); -+ exit(99); -+ } -+ - seq[i++] = s++; - seq[i++] = s; - } diff --git a/pkgs/tools/graphics/zbar/default.nix b/pkgs/tools/graphics/zbar/default.nix index 5a1d7e94fdf6c..fe398bf533140 100644 --- a/pkgs/tools/graphics/zbar/default.nix +++ b/pkgs/tools/graphics/zbar/default.nix @@ -44,8 +44,16 @@ stdenv.mkDerivation rec { }; patches = [ - ./0.23.92-CVE-2023-40889.patch - ./0.23.92-CVE-2023-40890.patch + (fetchpatch { + name = "CVE-2023-40889.patch"; + url = "https://salsa.debian.org/debian/zbar/-/raw/debian/0.23.92-9/debian/patches/0003-CVE-2023-40889-qrdec.c-Fix-array-out-of-bounds-acces.patch"; + hash = "sha256-z0IADJwUt9PBoox5xJJN//5vrcRbIrWB9H7wtxNVUZU="; + }) + (fetchpatch { + name = "CVE-2023-40890.patch"; + url = "https://salsa.debian.org/debian/zbar/-/raw/debian/0.23.92-9/debian/patches/0004-Add-bounds-check-for-CVE-2023-40890.patch"; + hash = "sha256-YgiptwXpRpz0qIcXBpARfIzSB8KYmksZR58o5yFPahs="; + }) ]; nativeBuildInputs = [ |