[arch-commits] Commit in jasper/trunk (PKGBUILD jasper-1.900.1-CVE-2016-2089.patch)

Levente Polyak anthraxx at archlinux.org
Wed Nov 9 23:15:28 UTC 2016 

    Date: Wednesday, November 9, 2016 @ 23:15:27
  Author: anthraxx
Revision: 280274

upgpkg: jasper 1.900.24-1

Modified:
  jasper/trunk/PKGBUILD
Deleted:
  jasper/trunk/jasper-1.900.1-CVE-2016-2089.patch

------------------------------------+
 PKGBUILD                           |   36 ++++++++++++++++++-----------------
 jasper-1.900.1-CVE-2016-2089.patch |   33 --------------------------------
 2 files changed, 19 insertions(+), 50 deletions(-)

Modified: PKGBUILD
===================================================================
--- PKGBUILD	2016-11-09 21:10:51 UTC (rev 280273)
+++ PKGBUILD	2016-11-09 23:15:27 UTC (rev 280274)
@@ -1,37 +1,39 @@
-# $Id$
+# Maintainer: Levente Polyak <anthraxx[at]archlinux[dot]org>
 # Maintainer: Eric Bélanger <eric at archlinux.org>
 
 pkgname=jasper
-pkgver=1.900.5
+pkgver=1.900.24
 pkgrel=1
-pkgdesc="A software-based implementation of the codec specified in the emerging JPEG-2000 Part-1 standard"
+pkgdesc='Software-based implementation of the codec specified in the emerging JPEG-2000 Part-1 standard'
+url='http://www.ece.uvic.ca/~mdadams/jasper/'
 arch=('i686' 'x86_64')
-url="http://www.ece.uvic.ca/~mdadams/jasper/"
 license=('custom:JasPer2.0')
 depends=('libjpeg')
 makedepends=('freeglut' 'libxmu' 'glu')
-optdepends=('freeglut: for jiv support' 'glu: for jiv support')
-source=(http://www.ece.uvic.ca/~mdadams/${pkgname}/software/${pkgname}-${pkgver}.tar.gz
-        jasper-1.900.1-fix-filename-buffer-overflow.patch
-        jasper-1.900.1-CVE-2016-2089.patch)
-sha1sums=('ca335fc2eccbd01019bf402dac810de1f02f98ac'
-          '577dfce40da75818c4d32eb1c4532b1370950bee'
-          '981d622402f6ce82975489d76a373e4abd252418')
+optdepends=('freeglut: jiv support'
+            'glu: jiv support')
+options=('staticlibs')
+source=(${pkgname}-${pkgver}.tar.gz::https://github.com/mdadams/jasper/archive/version-${pkgver}.tar.gz
+        jasper-1.900.1-fix-filename-buffer-overflow.patch)
+sha512sums=('8d9871a651d75290b7ee1172a295a5af9fe1772367ed67412cfbf47834f1628718100b4201b574c4fdd14ae74134e05756cae55b52ccb8590b96c6735c6e2426'
+            '741a2200b12e7ba4a06a312c44d08c35e05f312bed0b652c044bad3e080fde9865dbebbe76e4bf2436f1e27d3e4c1784240f530db7a7012a8da6fc89bf8e6978')
 
 prepare() {
-  cd ${pkgname}-${pkgver}
-  patch -p1 -i "${srcdir}/jasper-1.900.1-fix-filename-buffer-overflow.patch"
-  patch -p1 -i "${srcdir}/jasper-1.900.1-CVE-2016-2089.patch"
+  cd ${pkgname}-version-${pkgver}
+  patch -p1 < "${srcdir}/jasper-1.900.1-fix-filename-buffer-overflow.patch"
+  autoreconf -fvi
 }
 
 build() {
-  cd ${pkgname}-${pkgver}
+  cd ${pkgname}-version-${pkgver}
   ./configure --prefix=/usr --mandir=/usr/share/man --enable-shared
   make
 }
 
 package() {
-  cd ${pkgname}-${pkgver}
+  cd ${pkgname}-version-${pkgver}
   make DESTDIR="${pkgdir}" install
-  install -Dm644 LICENSE "${pkgdir}/usr/share/licenses/${pkgname}/LICENSE"
+  install -Dm 644 LICENSE "${pkgdir}/usr/share/licenses/${pkgname}/LICENSE"
 }
+
+# vim: ts=2 sw=2 et:

Deleted: jasper-1.900.1-CVE-2016-2089.patch
===================================================================
--- jasper-1.900.1-CVE-2016-2089.patch	2016-11-09 21:10:51 UTC (rev 280273)
+++ jasper-1.900.1-CVE-2016-2089.patch	2016-11-09 23:15:27 UTC (rev 280274)
@@ -1,33 +0,0 @@
-Description: CVE-2016-2089: matrix rows_ NULL pointer dereference in jas_matrix_clip()
-Origin: vendor
-Bug-RedHat: https://bugzilla.redhat.com/show_bug.cgi?id=1302636
-Bug-Debian: https://bugs.debian.org/812978
-Forwarded: not-needed
-Author: Tomas Hoger <thoger at redhat.com>
-Reviewed-by: Salvatore Bonaccorso <carnil at debian.org>
-Last-Update: 2016-03-05
-
---- a/src/libjasper/base/jas_image.c
-+++ b/src/libjasper/base/jas_image.c
-@@ -426,6 +426,10 @@ int jas_image_readcmpt(jas_image_t *imag
- 		return -1;
- 	}
- 
-+	if (!data->rows_) {
-+		return -1;
-+	}
-+
- 	if (jas_matrix_numrows(data) != height || jas_matrix_numcols(data) != width) {
- 		if (jas_matrix_resize(data, height, width)) {
- 			return -1;
-@@ -479,6 +483,10 @@ int jas_image_writecmpt(jas_image_t *ima
- 		return -1;
- 	}
- 
-+	if (!data->rows_) {
-+		return -1;
-+	}
-+
- 	if (jas_matrix_numrows(data) != height || jas_matrix_numcols(data) != width) {
- 		return -1;
- 	}

More information about the arch-commits mailing list