Merge 'staging' into closure-size

- there were many easy merge conflicts - cc-wrapper needed nontrivial changes Many other problems might've been created by interaction of the branches, but stdenv and a few other packages build fine now.
author: Vladimír Čunát <vcunat@gmail.com> 2015-04-18 11:00:58 +0200
committer: Vladimír Čunát <vcunat@gmail.com> 2015-04-18 11:22:20 +0200
commit: bf414c9d4f892fd4e392a5f42016b57e84402a8b (patch)
tree: 08c000d609ed8e608ca542fa78360e4217f3fc36 /pkgs/development/libraries/jasper/jasper-CVE-2014-8137-noabort.diff
parent: 29901451700a7382f3f9d5a0a23cd55b187e5585 (diff)
parent: 9de9669496a05f64ea436c01f9b66c057cd74f90 (diff)
download: nixpkgs-bf414c9d4f892fd4e392a5f42016b57e84402a8b.tar
nixpkgs-bf414c9d4f892fd4e392a5f42016b57e84402a8b.tar.gz
nixpkgs-bf414c9d4f892fd4e392a5f42016b57e84402a8b.tar.bz2
nixpkgs-bf414c9d4f892fd4e392a5f42016b57e84402a8b.tar.lz
nixpkgs-bf414c9d4f892fd4e392a5f42016b57e84402a8b.tar.xz
nixpkgs-bf414c9d4f892fd4e392a5f42016b57e84402a8b.tar.zst
nixpkgs-bf414c9d4f892fd4e392a5f42016b57e84402a8b.zip
1 files changed, 16 insertions, 0 deletions
diff --git a/pkgs/development/libraries/jasper/jasper-CVE-2014-8137-noabort.diff b/pkgs/development/libraries/jasper/jasper-CVE-2014-8137-noabort.diff
new file mode 100644
index 00000000000..47b57d5c809
--- /dev/null
+++ b/pkgs/development/libraries/jasper/jasper-CVE-2014-8137-noabort.diff
@@ -0,0 +1,16 @@
+From RedHat: https://bugzilla.redhat.com/attachment.cgi?id=967284&action=diff
+
+--- jasper-1.900.1.orig/src/libjasper/jp2/jp2_dec.c	2014-12-11 14:30:54.193209780 +0100
++++ jasper-1.900.1/src/libjasper/jp2/jp2_dec.c	2014-12-11 14:36:46.313217814 +0100
+@@ -291,7 +291,10 @@ jas_image_t *jp2_decode(jas_stream_t *in
+ 	case JP2_COLR_ICC:
+ 		iccprof = jas_iccprof_createfrombuf(dec->colr->data.colr.iccp,
+ 		  dec->colr->data.colr.iccplen);
+-		assert(iccprof);
++		if (!iccprof) {
++			jas_eprintf("error: failed to parse ICC profile\n");
++			goto error;
++		}
+ 		jas_iccprof_gethdr(iccprof, &icchdr);
+ 		jas_eprintf("ICC Profile CS %08x\n", icchdr.colorspc);
+ 		jas_image_setclrspc(dec->image, fromiccpcs(icchdr.colorspc));
author	Vladimír Čunát <vcunat@gmail.com>	2015-04-18 11:00:58 +0200
committer	Vladimír Čunát <vcunat@gmail.com>	2015-04-18 11:22:20 +0200
commit	bf414c9d4f892fd4e392a5f42016b57e84402a8b (patch)
tree	08c000d609ed8e608ca542fa78360e4217f3fc36 /pkgs/development/libraries/jasper/jasper-CVE-2014-8137-noabort.diff
parent	29901451700a7382f3f9d5a0a23cd55b187e5585 (diff)
parent	9de9669496a05f64ea436c01f9b66c057cd74f90 (diff)
download	nixpkgs-bf414c9d4f892fd4e392a5f42016b57e84402a8b.tar nixpkgs-bf414c9d4f892fd4e392a5f42016b57e84402a8b.tar.gz nixpkgs-bf414c9d4f892fd4e392a5f42016b57e84402a8b.tar.bz2 nixpkgs-bf414c9d4f892fd4e392a5f42016b57e84402a8b.tar.lz nixpkgs-bf414c9d4f892fd4e392a5f42016b57e84402a8b.tar.xz nixpkgs-bf414c9d4f892fd4e392a5f42016b57e84402a8b.tar.zst nixpkgs-bf414c9d4f892fd4e392a5f42016b57e84402a8b.zip