[arch-commits] Commit in jasper/repos (6 files)
Levente Polyak
anthraxx at archlinux.org
Wed Nov 9 23:15:54 UTC 2016
Date: Wednesday, November 9, 2016 @ 23:15:54
Author: anthraxx
Revision: 280275
archrelease: copy trunk to staging-i686, staging-x86_64
Added:
jasper/repos/staging-i686/
jasper/repos/staging-i686/PKGBUILD
(from rev 280274, jasper/trunk/PKGBUILD)
jasper/repos/staging-i686/jasper-1.900.1-fix-filename-buffer-overflow.patch
(from rev 280274, jasper/trunk/jasper-1.900.1-fix-filename-buffer-overflow.patch)
jasper/repos/staging-x86_64/
jasper/repos/staging-x86_64/PKGBUILD
(from rev 280274, jasper/trunk/PKGBUILD)
jasper/repos/staging-x86_64/jasper-1.900.1-fix-filename-buffer-overflow.patch
(from rev 280274, jasper/trunk/jasper-1.900.1-fix-filename-buffer-overflow.patch)
------------------------------------------------------------------+
staging-i686/PKGBUILD | 39 ++++++++++
staging-i686/jasper-1.900.1-fix-filename-buffer-overflow.patch | 37 +++++++++
staging-x86_64/PKGBUILD | 39 ++++++++++
staging-x86_64/jasper-1.900.1-fix-filename-buffer-overflow.patch | 37 +++++++++
4 files changed, 152 insertions(+)
Copied: jasper/repos/staging-i686/PKGBUILD (from rev 280274, jasper/trunk/PKGBUILD)
===================================================================
--- staging-i686/PKGBUILD (rev 0)
+++ staging-i686/PKGBUILD 2016-11-09 23:15:54 UTC (rev 280275)
@@ -0,0 +1,39 @@
+# Maintainer: Levente Polyak <anthraxx[at]archlinux[dot]org>
+# Maintainer: Eric Bélanger <eric at archlinux.org>
+
+pkgname=jasper
+pkgver=1.900.24
+pkgrel=1
+pkgdesc='Software-based implementation of the codec specified in the emerging JPEG-2000 Part-1 standard'
+url='http://www.ece.uvic.ca/~mdadams/jasper/'
+arch=('i686' 'x86_64')
+license=('custom:JasPer2.0')
+depends=('libjpeg')
+makedepends=('freeglut' 'libxmu' 'glu')
+optdepends=('freeglut: jiv support'
+ 'glu: jiv support')
+options=('staticlibs')
+source=(${pkgname}-${pkgver}.tar.gz::https://github.com/mdadams/jasper/archive/version-${pkgver}.tar.gz
+ jasper-1.900.1-fix-filename-buffer-overflow.patch)
+sha512sums=('8d9871a651d75290b7ee1172a295a5af9fe1772367ed67412cfbf47834f1628718100b4201b574c4fdd14ae74134e05756cae55b52ccb8590b96c6735c6e2426'
+ '741a2200b12e7ba4a06a312c44d08c35e05f312bed0b652c044bad3e080fde9865dbebbe76e4bf2436f1e27d3e4c1784240f530db7a7012a8da6fc89bf8e6978')
+
+prepare() {
+ cd ${pkgname}-version-${pkgver}
+ patch -p1 < "${srcdir}/jasper-1.900.1-fix-filename-buffer-overflow.patch"
+ autoreconf -fvi
+}
+
+build() {
+ cd ${pkgname}-version-${pkgver}
+ ./configure --prefix=/usr --mandir=/usr/share/man --enable-shared
+ make
+}
+
+package() {
+ cd ${pkgname}-version-${pkgver}
+ make DESTDIR="${pkgdir}" install
+ install -Dm 644 LICENSE "${pkgdir}/usr/share/licenses/${pkgname}/LICENSE"
+}
+
+# vim: ts=2 sw=2 et:
Copied: jasper/repos/staging-i686/jasper-1.900.1-fix-filename-buffer-overflow.patch (from rev 280274, jasper/trunk/jasper-1.900.1-fix-filename-buffer-overflow.patch)
===================================================================
--- staging-i686/jasper-1.900.1-fix-filename-buffer-overflow.patch (rev 0)
+++ staging-i686/jasper-1.900.1-fix-filename-buffer-overflow.patch 2016-11-09 23:15:54 UTC (rev 280275)
@@ -0,0 +1,37 @@
+Description: Filename buffer overflow fix
+ This patch fixes a security hole by a bad buffer size handling.
+Author: Roland Stigge <stigge at antcom.de>
+Bug-Debian: http://bugs.debian.org/645118
+
+--- a/src/libjasper/include/jasper/jas_stream.h
++++ b/src/libjasper/include/jasper/jas_stream.h
+@@ -77,6 +77,7 @@
+ #include <jasper/jas_config.h>
+
+ #include <stdio.h>
++#include <limits.h>
+ #if defined(HAVE_FCNTL_H)
+ #include <fcntl.h>
+ #endif
+@@ -99,6 +100,12 @@ extern "C" {
+ #define O_BINARY 0
+ #endif
+
++#ifdef PATH_MAX
++#define JAS_PATH_MAX PATH_MAX
++#else
++#define JAS_PATH_MAX 4096
++#endif
++
+ /*
+ * Stream open flags.
+ */
+@@ -251,7 +258,7 @@ typedef struct {
+ typedef struct {
+ int fd;
+ int flags;
+- char pathname[L_tmpnam + 1];
++ char pathname[JAS_PATH_MAX + 1];
+ } jas_stream_fileobj_t;
+
+ #define JAS_STREAM_FILEOBJ_DELONCLOSE 0x01
Copied: jasper/repos/staging-x86_64/PKGBUILD (from rev 280274, jasper/trunk/PKGBUILD)
===================================================================
--- staging-x86_64/PKGBUILD (rev 0)
+++ staging-x86_64/PKGBUILD 2016-11-09 23:15:54 UTC (rev 280275)
@@ -0,0 +1,39 @@
+# Maintainer: Levente Polyak <anthraxx[at]archlinux[dot]org>
+# Maintainer: Eric Bélanger <eric at archlinux.org>
+
+pkgname=jasper
+pkgver=1.900.24
+pkgrel=1
+pkgdesc='Software-based implementation of the codec specified in the emerging JPEG-2000 Part-1 standard'
+url='http://www.ece.uvic.ca/~mdadams/jasper/'
+arch=('i686' 'x86_64')
+license=('custom:JasPer2.0')
+depends=('libjpeg')
+makedepends=('freeglut' 'libxmu' 'glu')
+optdepends=('freeglut: jiv support'
+ 'glu: jiv support')
+options=('staticlibs')
+source=(${pkgname}-${pkgver}.tar.gz::https://github.com/mdadams/jasper/archive/version-${pkgver}.tar.gz
+ jasper-1.900.1-fix-filename-buffer-overflow.patch)
+sha512sums=('8d9871a651d75290b7ee1172a295a5af9fe1772367ed67412cfbf47834f1628718100b4201b574c4fdd14ae74134e05756cae55b52ccb8590b96c6735c6e2426'
+ '741a2200b12e7ba4a06a312c44d08c35e05f312bed0b652c044bad3e080fde9865dbebbe76e4bf2436f1e27d3e4c1784240f530db7a7012a8da6fc89bf8e6978')
+
+prepare() {
+ cd ${pkgname}-version-${pkgver}
+ patch -p1 < "${srcdir}/jasper-1.900.1-fix-filename-buffer-overflow.patch"
+ autoreconf -fvi
+}
+
+build() {
+ cd ${pkgname}-version-${pkgver}
+ ./configure --prefix=/usr --mandir=/usr/share/man --enable-shared
+ make
+}
+
+package() {
+ cd ${pkgname}-version-${pkgver}
+ make DESTDIR="${pkgdir}" install
+ install -Dm 644 LICENSE "${pkgdir}/usr/share/licenses/${pkgname}/LICENSE"
+}
+
+# vim: ts=2 sw=2 et:
Copied: jasper/repos/staging-x86_64/jasper-1.900.1-fix-filename-buffer-overflow.patch (from rev 280274, jasper/trunk/jasper-1.900.1-fix-filename-buffer-overflow.patch)
===================================================================
--- staging-x86_64/jasper-1.900.1-fix-filename-buffer-overflow.patch (rev 0)
+++ staging-x86_64/jasper-1.900.1-fix-filename-buffer-overflow.patch 2016-11-09 23:15:54 UTC (rev 280275)
@@ -0,0 +1,37 @@
+Description: Filename buffer overflow fix
+ This patch fixes a security hole by a bad buffer size handling.
+Author: Roland Stigge <stigge at antcom.de>
+Bug-Debian: http://bugs.debian.org/645118
+
+--- a/src/libjasper/include/jasper/jas_stream.h
++++ b/src/libjasper/include/jasper/jas_stream.h
+@@ -77,6 +77,7 @@
+ #include <jasper/jas_config.h>
+
+ #include <stdio.h>
++#include <limits.h>
+ #if defined(HAVE_FCNTL_H)
+ #include <fcntl.h>
+ #endif
+@@ -99,6 +100,12 @@ extern "C" {
+ #define O_BINARY 0
+ #endif
+
++#ifdef PATH_MAX
++#define JAS_PATH_MAX PATH_MAX
++#else
++#define JAS_PATH_MAX 4096
++#endif
++
+ /*
+ * Stream open flags.
+ */
+@@ -251,7 +258,7 @@ typedef struct {
+ typedef struct {
+ int fd;
+ int flags;
+- char pathname[L_tmpnam + 1];
++ char pathname[JAS_PATH_MAX + 1];
+ } jas_stream_fileobj_t;
+
+ #define JAS_STREAM_FILEOBJ_DELONCLOSE 0x01
More information about the arch-commits
mailing list