[arch-commits] Commit in jasper/trunk (PKGBUILD jasper-1.900.1-CVE-2014-9029.patch)
Eric Bélanger
eric at archlinux.org
Fri Dec 19 00:57:47 UTC 2014
Date: Friday, December 19, 2014 @ 01:57:47
Author: eric
Revision: 227764
upgpkg: jasper 1.900.1-11
Add patch for CVE-2014-9029 (close FS#43044)
Added:
jasper/trunk/jasper-1.900.1-CVE-2014-9029.patch
Modified:
jasper/trunk/PKGBUILD
------------------------------------+
PKGBUILD | 9 ++++++---
jasper-1.900.1-CVE-2014-9029.patch | 29 +++++++++++++++++++++++++++++
2 files changed, 35 insertions(+), 3 deletions(-)
Modified: PKGBUILD
===================================================================
--- PKGBUILD 2014-12-18 22:33:05 UTC (rev 227763)
+++ PKGBUILD 2014-12-19 00:57:47 UTC (rev 227764)
@@ -3,7 +3,7 @@
pkgname=jasper
pkgver=1.900.1
-pkgrel=10
+pkgrel=11
pkgdesc="A software-based implementation of the codec specified in the emerging JPEG-2000 Part-1 standard"
arch=('i686' 'x86_64')
url="http://www.ece.uvic.ca/~mdadams/jasper/"
@@ -13,12 +13,14 @@
optdepends=('freeglut: for jiv support' 'glu: for jiv support')
source=(http://www.ece.uvic.ca/~mdadams/${pkgname}/software/${pkgname}-${pkgver}.zip
patch-libjasper-stepsizes-overflow.diff jasper-1.900.1-CVE-2008-3520.patch
- jpc_dec.c.patch jasper-1.900.1-CVE-2008-3522.patch)
+ jpc_dec.c.patch jasper-1.900.1-CVE-2008-3522.patch
+ jasper-1.900.1-CVE-2014-9029.patch)
sha1sums=('9c5735f773922e580bf98c7c7dfda9bbed4c5191'
'f298566fef08c8a589d072582112cd51c72c3983'
'2483dba925670bf29f531d85d73c4e5ada513b01'
'c1a0176a15210c0af14d85e55ce566921957d780'
- '0e7b6142cd9240ffb15a1ed7297c43c76fa09ee4')
+ '0e7b6142cd9240ffb15a1ed7297c43c76fa09ee4'
+ 'f5fe80c8576379d34f372f6a7c6a76630ab9fdcd')
prepare() {
cd ${pkgname}-${pkgver}
@@ -26,6 +28,7 @@
patch -p1 -i "${srcdir}/patch-libjasper-stepsizes-overflow.diff"
patch -p1 -i "${srcdir}/jasper-1.900.1-CVE-2008-3520.patch"
patch -p1 -i "${srcdir}/jasper-1.900.1-CVE-2008-3522.patch"
+ patch -p1 -i "${srcdir}/jasper-1.900.1-CVE-2014-9029.patch"
}
build() {
Added: jasper-1.900.1-CVE-2014-9029.patch
===================================================================
--- jasper-1.900.1-CVE-2014-9029.patch (rev 0)
+++ jasper-1.900.1-CVE-2014-9029.patch 2014-12-19 00:57:47 UTC (rev 227764)
@@ -0,0 +1,29 @@
+--- jasper-1.900.1.orig/src/libjasper/jpc/jpc_dec.c 2014-11-27 12:45:44.000000000 +0100
++++ jasper-1.900.1.orig/src/libjasper/jpc/jpc_dec.c 2014-11-27 12:44:58.000000000 +0100
+@@ -1281,7 +1281,7 @@ static int jpc_dec_process_coc(jpc_dec_t
+ jpc_coc_t *coc = &ms->parms.coc;
+ jpc_dec_tile_t *tile;
+
+- if (JAS_CAST(int, coc->compno) > dec->numcomps) {
++ if (JAS_CAST(int, coc->compno) >= dec->numcomps) {
+ jas_eprintf("invalid component number in COC marker segment\n");
+ return -1;
+ }
+@@ -1307,7 +1307,7 @@ static int jpc_dec_process_rgn(jpc_dec_t
+ jpc_rgn_t *rgn = &ms->parms.rgn;
+ jpc_dec_tile_t *tile;
+
+- if (JAS_CAST(int, rgn->compno) > dec->numcomps) {
++ if (JAS_CAST(int, rgn->compno) >= dec->numcomps) {
+ jas_eprintf("invalid component number in RGN marker segment\n");
+ return -1;
+ }
+@@ -1356,7 +1356,7 @@ static int jpc_dec_process_qcc(jpc_dec_t
+ jpc_qcc_t *qcc = &ms->parms.qcc;
+ jpc_dec_tile_t *tile;
+
+- if (JAS_CAST(int, qcc->compno) > dec->numcomps) {
++ if (JAS_CAST(int, qcc->compno) >= dec->numcomps) {
+ jas_eprintf("invalid component number in QCC marker segment\n");
+ return -1;
+ }
More information about the arch-commits
mailing list