[arch-commits] Commit in jasper/trunk (PKGBUILD jasper-1.900.1-CVE-2014-9029.patch)

Eric Bélanger eric at archlinux.org
Fri Dec 19 00:57:47 UTC 2014


    Date: Friday, December 19, 2014 @ 01:57:47
  Author: eric
Revision: 227764

upgpkg: jasper 1.900.1-11

Add patch for CVE-2014-9029 (close FS#43044)

Added:
  jasper/trunk/jasper-1.900.1-CVE-2014-9029.patch
Modified:
  jasper/trunk/PKGBUILD

------------------------------------+
 PKGBUILD                           |    9 ++++++---
 jasper-1.900.1-CVE-2014-9029.patch |   29 +++++++++++++++++++++++++++++
 2 files changed, 35 insertions(+), 3 deletions(-)

Modified: PKGBUILD
===================================================================
--- PKGBUILD	2014-12-18 22:33:05 UTC (rev 227763)
+++ PKGBUILD	2014-12-19 00:57:47 UTC (rev 227764)
@@ -3,7 +3,7 @@
 
 pkgname=jasper
 pkgver=1.900.1
-pkgrel=10
+pkgrel=11
 pkgdesc="A software-based implementation of the codec specified in the emerging JPEG-2000 Part-1 standard"
 arch=('i686' 'x86_64')
 url="http://www.ece.uvic.ca/~mdadams/jasper/"
@@ -13,12 +13,14 @@
 optdepends=('freeglut: for jiv support' 'glu: for jiv support')
 source=(http://www.ece.uvic.ca/~mdadams/${pkgname}/software/${pkgname}-${pkgver}.zip
         patch-libjasper-stepsizes-overflow.diff jasper-1.900.1-CVE-2008-3520.patch
-        jpc_dec.c.patch jasper-1.900.1-CVE-2008-3522.patch)
+        jpc_dec.c.patch jasper-1.900.1-CVE-2008-3522.patch
+	jasper-1.900.1-CVE-2014-9029.patch)
 sha1sums=('9c5735f773922e580bf98c7c7dfda9bbed4c5191'
           'f298566fef08c8a589d072582112cd51c72c3983'
           '2483dba925670bf29f531d85d73c4e5ada513b01'
           'c1a0176a15210c0af14d85e55ce566921957d780'
-          '0e7b6142cd9240ffb15a1ed7297c43c76fa09ee4')
+          '0e7b6142cd9240ffb15a1ed7297c43c76fa09ee4'
+          'f5fe80c8576379d34f372f6a7c6a76630ab9fdcd')
 
 prepare() {
   cd ${pkgname}-${pkgver}
@@ -26,6 +28,7 @@
   patch -p1 -i "${srcdir}/patch-libjasper-stepsizes-overflow.diff"
   patch -p1 -i "${srcdir}/jasper-1.900.1-CVE-2008-3520.patch"
   patch -p1 -i "${srcdir}/jasper-1.900.1-CVE-2008-3522.patch"
+  patch -p1 -i "${srcdir}/jasper-1.900.1-CVE-2014-9029.patch"
 }
 
 build() {

Added: jasper-1.900.1-CVE-2014-9029.patch
===================================================================
--- jasper-1.900.1-CVE-2014-9029.patch	                        (rev 0)
+++ jasper-1.900.1-CVE-2014-9029.patch	2014-12-19 00:57:47 UTC (rev 227764)
@@ -0,0 +1,29 @@
+--- jasper-1.900.1.orig/src/libjasper/jpc/jpc_dec.c	2014-11-27 12:45:44.000000000 +0100
++++ jasper-1.900.1.orig/src/libjasper/jpc/jpc_dec.c	2014-11-27 12:44:58.000000000 +0100
+@@ -1281,7 +1281,7 @@ static int jpc_dec_process_coc(jpc_dec_t
+ 	jpc_coc_t *coc = &ms->parms.coc;
+ 	jpc_dec_tile_t *tile;
+ 
+-	if (JAS_CAST(int, coc->compno) > dec->numcomps) {
++	if (JAS_CAST(int, coc->compno) >= dec->numcomps) {
+ 		jas_eprintf("invalid component number in COC marker segment\n");
+ 		return -1;
+ 	}
+@@ -1307,7 +1307,7 @@ static int jpc_dec_process_rgn(jpc_dec_t
+ 	jpc_rgn_t *rgn = &ms->parms.rgn;
+ 	jpc_dec_tile_t *tile;
+ 
+-	if (JAS_CAST(int, rgn->compno) > dec->numcomps) {
++	if (JAS_CAST(int, rgn->compno) >= dec->numcomps) {
+ 		jas_eprintf("invalid component number in RGN marker segment\n");
+ 		return -1;
+ 	}
+@@ -1356,7 +1356,7 @@ static int jpc_dec_process_qcc(jpc_dec_t
+ 	jpc_qcc_t *qcc = &ms->parms.qcc;
+ 	jpc_dec_tile_t *tile;
+ 
+-	if (JAS_CAST(int, qcc->compno) > dec->numcomps) {
++	if (JAS_CAST(int, qcc->compno) >= dec->numcomps) {
+ 		jas_eprintf("invalid component number in QCC marker segment\n");
+ 		return -1;
+ 	}



More information about the arch-commits mailing list