zbar: use better patches for CVE-2023-40889 & CVE-2023-40890

author: Robert Scott <code@humanleg.org.uk> 2023-12-16 18:44:31 +0000
committer: Robert Scott <code@humanleg.org.uk> 2023-12-16 18:44:31 +0000
commit: 73f7d4133993c53c199136571bb5b23f6d90b441 (patch)
tree: 747a29213f5456b04b4fb748af43a8b39250eafe /pkgs/tools
parent: 05fdbaa60295296790cddef6c2fe80e5329e06f7 (diff)
3 files changed, 10 insertions, 45 deletions
diff --git a/pkgs/tools/graphics/zbar/0.23.92-CVE-2023-40889.patch b/pkgs/tools/graphics/zbar/0.23.92-CVE-2023-40889.patch
deleted file mode 100644
index 7b7ca5a0befa5..0000000000000
--- a/pkgs/tools/graphics/zbar/0.23.92-CVE-2023-40889.patch
+++ /dev/null
@@ -1,17 +0,0 @@
-Simple bounds checks for CVE-2023-40889, based on third-party
-fix by Remi Meier @
-https://github.com/Raemi/zbar/commit/5e8acc6974f17e56c3ddaa5509870beb8d7a599c
-
---- a/zbar/qrcode/qrdec.c
-+++ b/zbar/qrcode/qrdec.c
-@@ -3900,8 +3900,8 @@ void qr_reader_match_centers(qr_reader *_reader,qr_code_data_list *_qrlist,
-     /*TODO: We might be able to accelerate this step significantly by
-        considering the remaining finder centers in a more intelligent order,
-        based on the first finder center we just chose.*/
--    for(j=i+1;!mark[i]&&j<_ncenters;j++){
--      for(k=j+1;!mark[j]&&k<_ncenters;k++)if(!mark[k]){
-+    for(j=i+1; i < _ncenters && !mark[i]&&j<_ncenters;j++){
-+      for(k=j+1; j < _ncenters && !mark[j]&&k<_ncenters;k++)if(!mark[k]){
-         qr_finder_center *c[3];
-         qr_code_data      qrdata;
-         int               version;
diff --git a/pkgs/tools/graphics/zbar/0.23.92-CVE-2023-40890.patch b/pkgs/tools/graphics/zbar/0.23.92-CVE-2023-40890.patch
deleted file mode 100644
index 3576df214ae1a..0000000000000
--- a/pkgs/tools/graphics/zbar/0.23.92-CVE-2023-40890.patch
+++ /dev/null
@@ -1,26 +0,0 @@
-Simple bounds checks for CVE-2023-40890
-
---- a/zbar/decoder/databar.c
-+++ b/zbar/decoder/databar.c
-@@ -23,6 +23,8 @@
- 
- #include <config.h>
- #include <zbar.h>
-+#include <stdlib.h>
-+#include <stdio.h>
- 
- #ifdef DEBUG_DATABAR
- # define DEBUG_LEVEL (DEBUG_DATABAR)
-@@ -691,6 +693,12 @@ lookup_sequence (databar_segment_t *seg,
-             fixed = -1;
-         s <<= 1;
-         dbprintf(2, "%x", s);
-+
-+        if (i > 20) {
-+            fprintf(stderr, "Bug: Out-of-bounds condition detected\n");
-+            exit(99);
-+        }
-+
-         seq[i++] = s++;
-         seq[i++] = s;
-     }
diff --git a/pkgs/tools/graphics/zbar/default.nix b/pkgs/tools/graphics/zbar/default.nix
index 5a1d7e94fdf6c..fe398bf533140 100644
--- a/pkgs/tools/graphics/zbar/default.nix
+++ b/pkgs/tools/graphics/zbar/default.nix
@@ -44,8 +44,16 @@ stdenv.mkDerivation rec {
   };
 
   patches = [
-    ./0.23.92-CVE-2023-40889.patch
-    ./0.23.92-CVE-2023-40890.patch
+    (fetchpatch {
+      name = "CVE-2023-40889.patch";
+      url = "https://salsa.debian.org/debian/zbar/-/raw/debian/0.23.92-9/debian/patches/0003-CVE-2023-40889-qrdec.c-Fix-array-out-of-bounds-acces.patch";
+      hash = "sha256-z0IADJwUt9PBoox5xJJN//5vrcRbIrWB9H7wtxNVUZU=";
+    })
+    (fetchpatch {
+      name = "CVE-2023-40890.patch";
+      url = "https://salsa.debian.org/debian/zbar/-/raw/debian/0.23.92-9/debian/patches/0004-Add-bounds-check-for-CVE-2023-40890.patch";
+      hash = "sha256-YgiptwXpRpz0qIcXBpARfIzSB8KYmksZR58o5yFPahs=";
+    })
   ];
 
   nativeBuildInputs = [
author	Robert Scott <code@humanleg.org.uk>	2023-12-16 18:44:31 +0000
committer	Robert Scott <code@humanleg.org.uk>	2023-12-16 18:44:31 +0000
commit	73f7d4133993c53c199136571bb5b23f6d90b441 (patch)
tree	747a29213f5456b04b4fb748af43a8b39250eafe /pkgs/tools
parent	05fdbaa60295296790cddef6c2fe80e5329e06f7 (diff)