summarylogtreecommitdiffstats
diff options
context:
space:
mode:
authoreric2014-12-19 00:57:47 +0000
committerJakob Gahde2016-09-26 11:27:19 +0200
commit9081218c1b90ce6c9423a698bce35bc5726daa90 (patch)
tree683e4c67e5dffa40636e5b0f1171085956aa0986
parentb3dc07d19662593d61f352ea895f86a339154f5a (diff)
downloadaur-9081218c1b90ce6c9423a698bce35bc5726daa90.tar.gz
upgpkg: jasper 1.900.1-11
Add patch for CVE-2014-9029 (close FS#43044) git-svn-id: file:///srv/repos/svn-packages/svn@227764 eb2447ed-0c53-47e4-bac8-5bc4a241df78
-rw-r--r--.SRCINFO4
-rw-r--r--PKGBUILD9
-rw-r--r--jasper-1.900.1-CVE-2014-9029.patch29
3 files changed, 38 insertions, 4 deletions
diff --git a/.SRCINFO b/.SRCINFO
index 43bfd18df69..4b90a836f2e 100644
--- a/.SRCINFO
+++ b/.SRCINFO
@@ -3,7 +3,7 @@
pkgbase = jasper
pkgdesc = A software-based implementation of the codec specified in the emerging JPEG-2000 Part-1 standard
pkgver = 1.900.1
- pkgrel = 10
+ pkgrel = 11
url = http://www.ece.uvic.ca/~mdadams/jasper/
arch = i686
arch = x86_64
@@ -19,11 +19,13 @@ pkgbase = jasper
source = jasper-1.900.1-CVE-2008-3520.patch
source = jpc_dec.c.patch
source = jasper-1.900.1-CVE-2008-3522.patch
+ source = jasper-1.900.1-CVE-2014-9029.patch
sha1sums = 9c5735f773922e580bf98c7c7dfda9bbed4c5191
sha1sums = f298566fef08c8a589d072582112cd51c72c3983
sha1sums = 2483dba925670bf29f531d85d73c4e5ada513b01
sha1sums = c1a0176a15210c0af14d85e55ce566921957d780
sha1sums = 0e7b6142cd9240ffb15a1ed7297c43c76fa09ee4
+ sha1sums = f5fe80c8576379d34f372f6a7c6a76630ab9fdcd
pkgname = jasper
diff --git a/PKGBUILD b/PKGBUILD
index 9fcf1070f82..a6846389e27 100644
--- a/PKGBUILD
+++ b/PKGBUILD
@@ -3,7 +3,7 @@
pkgname=jasper
pkgver=1.900.1
-pkgrel=10
+pkgrel=11
pkgdesc="A software-based implementation of the codec specified in the emerging JPEG-2000 Part-1 standard"
arch=('i686' 'x86_64')
url="http://www.ece.uvic.ca/~mdadams/jasper/"
@@ -13,12 +13,14 @@ makedepends=('freeglut' 'libxmu' 'glu')
optdepends=('freeglut: for jiv support' 'glu: for jiv support')
source=(http://www.ece.uvic.ca/~mdadams/${pkgname}/software/${pkgname}-${pkgver}.zip
patch-libjasper-stepsizes-overflow.diff jasper-1.900.1-CVE-2008-3520.patch
- jpc_dec.c.patch jasper-1.900.1-CVE-2008-3522.patch)
+ jpc_dec.c.patch jasper-1.900.1-CVE-2008-3522.patch
+ jasper-1.900.1-CVE-2014-9029.patch)
sha1sums=('9c5735f773922e580bf98c7c7dfda9bbed4c5191'
'f298566fef08c8a589d072582112cd51c72c3983'
'2483dba925670bf29f531d85d73c4e5ada513b01'
'c1a0176a15210c0af14d85e55ce566921957d780'
- '0e7b6142cd9240ffb15a1ed7297c43c76fa09ee4')
+ '0e7b6142cd9240ffb15a1ed7297c43c76fa09ee4'
+ 'f5fe80c8576379d34f372f6a7c6a76630ab9fdcd')
prepare() {
cd ${pkgname}-${pkgver}
@@ -26,6 +28,7 @@ prepare() {
patch -p1 -i "${srcdir}/patch-libjasper-stepsizes-overflow.diff"
patch -p1 -i "${srcdir}/jasper-1.900.1-CVE-2008-3520.patch"
patch -p1 -i "${srcdir}/jasper-1.900.1-CVE-2008-3522.patch"
+ patch -p1 -i "${srcdir}/jasper-1.900.1-CVE-2014-9029.patch"
}
build() {
diff --git a/jasper-1.900.1-CVE-2014-9029.patch b/jasper-1.900.1-CVE-2014-9029.patch
new file mode 100644
index 00000000000..7590d64a483
--- /dev/null
+++ b/jasper-1.900.1-CVE-2014-9029.patch
@@ -0,0 +1,29 @@
+--- jasper-1.900.1.orig/src/libjasper/jpc/jpc_dec.c 2014-11-27 12:45:44.000000000 +0100
++++ jasper-1.900.1.orig/src/libjasper/jpc/jpc_dec.c 2014-11-27 12:44:58.000000000 +0100
+@@ -1281,7 +1281,7 @@ static int jpc_dec_process_coc(jpc_dec_t
+ jpc_coc_t *coc = &ms->parms.coc;
+ jpc_dec_tile_t *tile;
+
+- if (JAS_CAST(int, coc->compno) > dec->numcomps) {
++ if (JAS_CAST(int, coc->compno) >= dec->numcomps) {
+ jas_eprintf("invalid component number in COC marker segment\n");
+ return -1;
+ }
+@@ -1307,7 +1307,7 @@ static int jpc_dec_process_rgn(jpc_dec_t
+ jpc_rgn_t *rgn = &ms->parms.rgn;
+ jpc_dec_tile_t *tile;
+
+- if (JAS_CAST(int, rgn->compno) > dec->numcomps) {
++ if (JAS_CAST(int, rgn->compno) >= dec->numcomps) {
+ jas_eprintf("invalid component number in RGN marker segment\n");
+ return -1;
+ }
+@@ -1356,7 +1356,7 @@ static int jpc_dec_process_qcc(jpc_dec_t
+ jpc_qcc_t *qcc = &ms->parms.qcc;
+ jpc_dec_tile_t *tile;
+
+- if (JAS_CAST(int, qcc->compno) > dec->numcomps) {
++ if (JAS_CAST(int, qcc->compno) >= dec->numcomps) {
+ jas_eprintf("invalid component number in QCC marker segment\n");
+ return -1;
+ }