Add patch for CVE-2014-9029 from

https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2014-9029
author: tez <tez@pkgsrc.org> 2014-12-11 20:18:09 +0000
committer: tez <tez@pkgsrc.org> 2014-12-11 20:18:09 +0000
commit: 6d9d3b3eff88fdf259f27c4fa14e67d4951e9f74 (patch)
tree: 76601c34c1bd6f6b2ef828f7e8c0f6a87853ff58
parent: 45a57485e5e134e71de6c0ecc21b48a409916f8e (diff)
download: pkgsrc-6d9d3b3eff88fdf259f27c4fa14e67d4951e9f74.tar.gz
3 files changed, 38 insertions, 3 deletions
diff --git a/graphics/jasper/Makefile b/graphics/jasper/Makefile
index 30899f3f26e..0deff667b55 100644
--- a/graphics/jasper/Makefile
+++ b/graphics/jasper/Makefile
@@ -1,7 +1,7 @@
-# $NetBSD: Makefile,v 1.37 2014/10/09 14:06:35 wiz Exp $
+# $NetBSD: Makefile,v 1.38 2014/12/11 20:18:09 tez Exp $
 
 DISTNAME=	jasper-1.900.1
-PKGREVISION=	7
+PKGREVISION=	8
 CATEGORIES=	graphics
 MASTER_SITES=	http://www.ece.uvic.ca/~mdadams/jasper/software/
 EXTRACT_SUFX=	.zip
diff --git a/graphics/jasper/distinfo b/graphics/jasper/distinfo
index 198b33d582e..b21d14b533a 100644
--- a/graphics/jasper/distinfo
+++ b/graphics/jasper/distinfo
@@ -1,8 +1,9 @@
-$NetBSD: distinfo,v 1.14 2011/12/22 16:17:57 drochner Exp $
+$NetBSD: distinfo,v 1.15 2014/12/11 20:18:09 tez Exp $
 
 SHA1 (jasper-1.900.1.zip) = 9c5735f773922e580bf98c7c7dfda9bbed4c5191
 RMD160 (jasper-1.900.1.zip) = fb2c188abf5b8c297078ac1f913101734f72db5c
 Size (jasper-1.900.1.zip) = 1415752 bytes
+SHA1 (patch-CVE-2014-9029) = e8db6f31a06773dd385b40d684f4be8eb8676723
 SHA1 (patch-ad) = 85637e42cdb1245babd5736c2d039558025738a6
 SHA1 (patch-ae) = bfe00f76582a44ad748706c3fc81c4d6b8aede35
 SHA1 (patch-ag) = 0a3cf7ffff67001529198c23c3ca2499c71be7fa
diff --git a/graphics/jasper/patches/patch-CVE-2014-9029 b/graphics/jasper/patches/patch-CVE-2014-9029
new file mode 100644
index 00000000000..e1b650d826c
--- /dev/null
+++ b/graphics/jasper/patches/patch-CVE-2014-9029
@@ -0,0 +1,34 @@
+$NetBSD: patch-CVE-2014-9029,v 1.1 2014/12/11 20:18:09 tez Exp $
+
+Patch for CVE-2014-9029 from https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2014-9029
+
+
+--- src/libjasper/jpc/jpc_dec.c	2014-11-27 12:45:44.000000000 +0100
++++ src/libjasper/jpc/jpc_dec.c	2014-11-27 12:44:58.000000000 +0100
+@@ -1281,7 +1281,7 @@ static int jpc_dec_process_coc(jpc_dec_t
+ 	jpc_coc_t *coc = &ms->parms.coc;
+ 	jpc_dec_tile_t *tile;
+ 
+-	if (JAS_CAST(int, coc->compno) > dec->numcomps) {
++	if (JAS_CAST(int, coc->compno) >= dec->numcomps) {
+ 		jas_eprintf("invalid component number in COC marker segment\n");
+ 		return -1;
+ 	}
+@@ -1307,7 +1307,7 @@ static int jpc_dec_process_rgn(jpc_dec_t
+ 	jpc_rgn_t *rgn = &ms->parms.rgn;
+ 	jpc_dec_tile_t *tile;
+ 
+-	if (JAS_CAST(int, rgn->compno) > dec->numcomps) {
++	if (JAS_CAST(int, rgn->compno) >= dec->numcomps) {
+ 		jas_eprintf("invalid component number in RGN marker segment\n");
+ 		return -1;
+ 	}
+@@ -1356,7 +1356,7 @@ static int jpc_dec_process_qcc(jpc_dec_t
+ 	jpc_qcc_t *qcc = &ms->parms.qcc;
+ 	jpc_dec_tile_t *tile;
+ 
+-	if (JAS_CAST(int, qcc->compno) > dec->numcomps) {
++	if (JAS_CAST(int, qcc->compno) >= dec->numcomps) {
+ 		jas_eprintf("invalid component number in QCC marker segment\n");
+ 		return -1;
+ 	}
author	tez <tez@pkgsrc.org>	2014-12-11 20:18:09 +0000
committer	tez <tez@pkgsrc.org>	2014-12-11 20:18:09 +0000
commit	6d9d3b3eff88fdf259f27c4fa14e67d4951e9f74 (patch)
tree	76601c34c1bd6f6b2ef828f7e8c0f6a87853ff58
parent	45a57485e5e134e71de6c0ecc21b48a409916f8e (diff)
download	pkgsrc-6d9d3b3eff88fdf259f27c4fa14e67d4951e9f74.tar.gz