diff options
-rw-r--r-- | .SRCINFO | 4 | ||||
-rw-r--r-- | PKGBUILD | 9 | ||||
-rw-r--r-- | jasper-1.900.1-CVE-2014-9029.patch | 29 |
3 files changed, 38 insertions, 4 deletions
@@ -3,7 +3,7 @@ pkgbase = jasper pkgdesc = A software-based implementation of the codec specified in the emerging JPEG-2000 Part-1 standard pkgver = 1.900.1 - pkgrel = 10 + pkgrel = 11 url = http://www.ece.uvic.ca/~mdadams/jasper/ arch = i686 arch = x86_64 @@ -19,11 +19,13 @@ pkgbase = jasper source = jasper-1.900.1-CVE-2008-3520.patch source = jpc_dec.c.patch source = jasper-1.900.1-CVE-2008-3522.patch + source = jasper-1.900.1-CVE-2014-9029.patch sha1sums = 9c5735f773922e580bf98c7c7dfda9bbed4c5191 sha1sums = f298566fef08c8a589d072582112cd51c72c3983 sha1sums = 2483dba925670bf29f531d85d73c4e5ada513b01 sha1sums = c1a0176a15210c0af14d85e55ce566921957d780 sha1sums = 0e7b6142cd9240ffb15a1ed7297c43c76fa09ee4 + sha1sums = f5fe80c8576379d34f372f6a7c6a76630ab9fdcd pkgname = jasper @@ -3,7 +3,7 @@ pkgname=jasper pkgver=1.900.1 -pkgrel=10 +pkgrel=11 pkgdesc="A software-based implementation of the codec specified in the emerging JPEG-2000 Part-1 standard" arch=('i686' 'x86_64') url="http://www.ece.uvic.ca/~mdadams/jasper/" @@ -13,12 +13,14 @@ makedepends=('freeglut' 'libxmu' 'glu') optdepends=('freeglut: for jiv support' 'glu: for jiv support') source=(http://www.ece.uvic.ca/~mdadams/${pkgname}/software/${pkgname}-${pkgver}.zip patch-libjasper-stepsizes-overflow.diff jasper-1.900.1-CVE-2008-3520.patch - jpc_dec.c.patch jasper-1.900.1-CVE-2008-3522.patch) + jpc_dec.c.patch jasper-1.900.1-CVE-2008-3522.patch + jasper-1.900.1-CVE-2014-9029.patch) sha1sums=('9c5735f773922e580bf98c7c7dfda9bbed4c5191' 'f298566fef08c8a589d072582112cd51c72c3983' '2483dba925670bf29f531d85d73c4e5ada513b01' 'c1a0176a15210c0af14d85e55ce566921957d780' - '0e7b6142cd9240ffb15a1ed7297c43c76fa09ee4') + '0e7b6142cd9240ffb15a1ed7297c43c76fa09ee4' + 'f5fe80c8576379d34f372f6a7c6a76630ab9fdcd') prepare() { cd ${pkgname}-${pkgver} @@ -26,6 +28,7 @@ prepare() { patch -p1 -i "${srcdir}/patch-libjasper-stepsizes-overflow.diff" patch -p1 -i "${srcdir}/jasper-1.900.1-CVE-2008-3520.patch" patch -p1 -i "${srcdir}/jasper-1.900.1-CVE-2008-3522.patch" + patch -p1 -i "${srcdir}/jasper-1.900.1-CVE-2014-9029.patch" } build() { diff --git a/jasper-1.900.1-CVE-2014-9029.patch b/jasper-1.900.1-CVE-2014-9029.patch new file mode 100644 index 000000000000..7590d64a4835 --- /dev/null +++ b/jasper-1.900.1-CVE-2014-9029.patch @@ -0,0 +1,29 @@ +--- jasper-1.900.1.orig/src/libjasper/jpc/jpc_dec.c 2014-11-27 12:45:44.000000000 +0100 ++++ jasper-1.900.1.orig/src/libjasper/jpc/jpc_dec.c 2014-11-27 12:44:58.000000000 +0100 +@@ -1281,7 +1281,7 @@ static int jpc_dec_process_coc(jpc_dec_t + jpc_coc_t *coc = &ms->parms.coc; + jpc_dec_tile_t *tile; + +- if (JAS_CAST(int, coc->compno) > dec->numcomps) { ++ if (JAS_CAST(int, coc->compno) >= dec->numcomps) { + jas_eprintf("invalid component number in COC marker segment\n"); + return -1; + } +@@ -1307,7 +1307,7 @@ static int jpc_dec_process_rgn(jpc_dec_t + jpc_rgn_t *rgn = &ms->parms.rgn; + jpc_dec_tile_t *tile; + +- if (JAS_CAST(int, rgn->compno) > dec->numcomps) { ++ if (JAS_CAST(int, rgn->compno) >= dec->numcomps) { + jas_eprintf("invalid component number in RGN marker segment\n"); + return -1; + } +@@ -1356,7 +1356,7 @@ static int jpc_dec_process_qcc(jpc_dec_t + jpc_qcc_t *qcc = &ms->parms.qcc; + jpc_dec_tile_t *tile; + +- if (JAS_CAST(int, qcc->compno) > dec->numcomps) { ++ if (JAS_CAST(int, qcc->compno) >= dec->numcomps) { + jas_eprintf("invalid component number in QCC marker segment\n"); + return -1; + } |