commit b26142cc9a0f98e9c4b2cc5b7204ecc6897f4e92 · pyrox.dev/nixpkgs

pyrox.dev / nixpkgs

lol

fork atom

Merge pull request #274785 from risicle/ris-zbar-CVE-2023-40889-CVE-2023-40890-debian

zbar: use better patches for CVE-2023-40889 & CVE-2023-40890

authored by 7c6f434c and committed by GitHub 2 years ago b26142cc ac94ff34

+10 -45

3 changed files

expand all

unified split

pkgs

tools

graphics

zbar

0.23.92-CVE-2023-40889.patch

0.23.92-CVE-2023-40890.patch

default.nix

-17

pkgs/tools/graphics/zbar/0.23.92-CVE-2023-40889.patch

··· 1 - Simple bounds checks for CVE-2023-40889, based on third-party 2 - fix by Remi Meier @ 3 - https://github.com/Raemi/zbar/commit/5e8acc6974f17e56c3ddaa5509870beb8d7a599c 4 - 5 - --- a/zbar/qrcode/qrdec.c 6 - +++ b/zbar/qrcode/qrdec.c 7 - @@ -3900,8 +3900,8 @@ void qr_reader_match_centers(qr_reader *_reader,qr_code_data_list *_qrlist, 8 - /*TODO: We might be able to accelerate this step significantly by 9 - considering the remaining finder centers in a more intelligent order, 10 - based on the first finder center we just chose.*/ 11 - - for(j=i+1;!mark[i]&&j<_ncenters;j++){ 12 - - for(k=j+1;!mark[j]&&k<_ncenters;k++)if(!mark[k]){ 13 - + for(j=i+1; i < _ncenters && !mark[i]&&j<_ncenters;j++){ 14 - + for(k=j+1; j < _ncenters && !mark[j]&&k<_ncenters;k++)if(!mark[k]){ 15 - qr_finder_center *c[3]; 16 - qr_code_data qrdata; 17 - int version;

-26

pkgs/tools/graphics/zbar/0.23.92-CVE-2023-40890.patch

··· 1 - Simple bounds checks for CVE-2023-40890 2 - 3 - --- a/zbar/decoder/databar.c 4 - +++ b/zbar/decoder/databar.c 5 - @@ -23,6 +23,8 @@ 6 - 7 - #include <config.h> 8 - #include <zbar.h> 9 - +#include <stdlib.h> 10 - +#include <stdio.h> 11 - 12 - #ifdef DEBUG_DATABAR 13 - # define DEBUG_LEVEL (DEBUG_DATABAR) 14 - @@ -691,6 +693,12 @@ lookup_sequence (databar_segment_t *seg, 15 - fixed = -1; 16 - s <<= 1; 17 - dbprintf(2, "%x", s); 18 - + 19 - + if (i > 20) { 20 - + fprintf(stderr, "Bug: Out-of-bounds condition detected\n"); 21 - + exit(99); 22 - + } 23 - + 24 - seq[i++] = s++; 25 - seq[i++] = s; 26 - }

+10 -2

pkgs/tools/graphics/zbar/default.nix

··· 44 44 }; 45 45 46 46 patches = [ 47 - ./0.23.92-CVE-2023-40889.patch 48 - ./0.23.92-CVE-2023-40890.patch 47 + (fetchpatch { 48 + name = "CVE-2023-40889.patch"; 49 + url = "https://salsa.debian.org/debian/zbar/-/raw/debian/0.23.92-9/debian/patches/0003-CVE-2023-40889-qrdec.c-Fix-array-out-of-bounds-acces.patch"; 50 + hash = "sha256-z0IADJwUt9PBoox5xJJN//5vrcRbIrWB9H7wtxNVUZU="; 51 + }) 52 + (fetchpatch { 53 + name = "CVE-2023-40890.patch"; 54 + url = "https://salsa.debian.org/debian/zbar/-/raw/debian/0.23.92-9/debian/patches/0004-Add-bounds-check-for-CVE-2023-40890.patch"; 55 + hash = "sha256-YgiptwXpRpz0qIcXBpARfIzSB8KYmksZR58o5yFPahs="; 56 + }) 49 57 ]; 50 58 51 59 nativeBuildInputs = [