diff options
| author | he <he> | 2015-01-01 14:15:27 +0000 |
|---|---|---|
| committer | he <he> | 2015-01-01 14:15:27 +0000 |
| commit | 5b55256fded53e3b830f24dc72f261c0dccc3ac6 (patch) | |
| tree | 55cade9717fd01858636851abcba9b7503c15094 | |
| parent | 2681202ed820211c9e2b1362b40f57fc4ccd28e3 (diff) | |
| download | pkgsrc-5b55256fded53e3b830f24dc72f261c0dccc3ac6.tar.gz | |
Rename patches to conform to the "new" style.
Add comments to the patches.
Add fix for oCERT-2014-012, pulled from RedHat.
Add fix from Debian bug 469786.
Add LICENSE setting, I think modified-bsd is fitting.
Bump PKGREVISION.
| -rw-r--r-- | graphics/jasper/Makefile | 5 | ||||
| -rw-r--r-- | graphics/jasper/distinfo | 14 | ||||
| -rw-r--r-- | graphics/jasper/patches/patch-CVE-2014-9029 | 34 | ||||
| -rw-r--r-- | graphics/jasper/patches/patch-ae | 15 | ||||
| -rw-r--r-- | graphics/jasper/patches/patch-ag | 23 | ||||
| -rw-r--r-- | graphics/jasper/patches/patch-aj | 21 | ||||
| -rw-r--r-- | graphics/jasper/patches/patch-configure (renamed from graphics/jasper/patches/patch-ah) | 4 | ||||
| -rw-r--r-- | graphics/jasper/patches/patch-src_libjasper_jp2_jp2__cod.c (renamed from graphics/jasper/patches/patch-ad) | 4 | ||||
| -rw-r--r-- | graphics/jasper/patches/patch-src_libjasper_jp2_jp2__dec.c | 33 | ||||
| -rw-r--r-- | graphics/jasper/patches/patch-src_libjasper_jpc_jpc__cs.c (renamed from graphics/jasper/patches/patch-ai) | 4 | ||||
| -rw-r--r-- | graphics/jasper/patches/patch-src_libjasper_jpc_jpc__dec.c | 73 |
11 files changed, 124 insertions, 106 deletions
diff --git a/graphics/jasper/Makefile b/graphics/jasper/Makefile index 0deff667b55..0b8be9546d4 100644 --- a/graphics/jasper/Makefile +++ b/graphics/jasper/Makefile @@ -1,7 +1,7 @@ -# $NetBSD: Makefile,v 1.38 2014/12/11 20:18:09 tez Exp $ +# $NetBSD: Makefile,v 1.39 2015/01/01 14:15:27 he Exp $ DISTNAME= jasper-1.900.1 -PKGREVISION= 8 +PKGREVISION= 9 CATEGORIES= graphics MASTER_SITES= http://www.ece.uvic.ca/~mdadams/jasper/software/ EXTRACT_SUFX= .zip @@ -9,6 +9,7 @@ EXTRACT_SUFX= .zip MAINTAINER= adam@NetBSD.org HOMEPAGE= http://www.ece.uvic.ca/~mdadams/jasper/ COMMENT= Software-based reference implementation of the JPEG-2000 codec +LICENSE= modified-bsd USE_LANGUAGES= c99 USE_LIBTOOL= yes diff --git a/graphics/jasper/distinfo b/graphics/jasper/distinfo index b21d14b533a..10195c95acd 100644 --- a/graphics/jasper/distinfo +++ b/graphics/jasper/distinfo @@ -1,12 +1,10 @@ -$NetBSD: distinfo,v 1.15 2014/12/11 20:18:09 tez Exp $ +$NetBSD: distinfo,v 1.16 2015/01/01 14:15:27 he Exp $ SHA1 (jasper-1.900.1.zip) = 9c5735f773922e580bf98c7c7dfda9bbed4c5191 RMD160 (jasper-1.900.1.zip) = fb2c188abf5b8c297078ac1f913101734f72db5c Size (jasper-1.900.1.zip) = 1415752 bytes -SHA1 (patch-CVE-2014-9029) = e8db6f31a06773dd385b40d684f4be8eb8676723 -SHA1 (patch-ad) = 85637e42cdb1245babd5736c2d039558025738a6 -SHA1 (patch-ae) = bfe00f76582a44ad748706c3fc81c4d6b8aede35 -SHA1 (patch-ag) = 0a3cf7ffff67001529198c23c3ca2499c71be7fa -SHA1 (patch-ah) = 5455854277ad52adb4a22be08219facd796bbf1a -SHA1 (patch-ai) = 39a16368197d180d9d925bc12b9fc1c6985f06f0 -SHA1 (patch-aj) = a2f5b3b31220767cd6f22ff236e3789ab6a5ba4f +SHA1 (patch-configure) = c8aa09f8432f0e3f5667ecb3ccd738c3c03f3f05 +SHA1 (patch-src_libjasper_jp2_jp2__cod.c) = 7902e9900130f466fa60a5389409cc9495b6260c +SHA1 (patch-src_libjasper_jp2_jp2__dec.c) = 5a795502f9241829afa1acf0a2a341155b954108 +SHA1 (patch-src_libjasper_jpc_jpc__cs.c) = 794de4dcf8f809275a5bee5cb60d95cf9608e0a7 +SHA1 (patch-src_libjasper_jpc_jpc__dec.c) = f51f025c9756ed0751f24997926cccefc2ef8afe diff --git a/graphics/jasper/patches/patch-CVE-2014-9029 b/graphics/jasper/patches/patch-CVE-2014-9029 deleted file mode 100644 index e1b650d826c..00000000000 --- a/graphics/jasper/patches/patch-CVE-2014-9029 +++ /dev/null @@ -1,34 +0,0 @@ -$NetBSD: patch-CVE-2014-9029,v 1.1 2014/12/11 20:18:09 tez Exp $ - -Patch for CVE-2014-9029 from https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2014-9029 - - ---- src/libjasper/jpc/jpc_dec.c 2014-11-27 12:45:44.000000000 +0100 -+++ src/libjasper/jpc/jpc_dec.c 2014-11-27 12:44:58.000000000 +0100 -@@ -1281,7 +1281,7 @@ static int jpc_dec_process_coc(jpc_dec_t - jpc_coc_t *coc = &ms->parms.coc; - jpc_dec_tile_t *tile; - -- if (JAS_CAST(int, coc->compno) > dec->numcomps) { -+ if (JAS_CAST(int, coc->compno) >= dec->numcomps) { - jas_eprintf("invalid component number in COC marker segment\n"); - return -1; - } -@@ -1307,7 +1307,7 @@ static int jpc_dec_process_rgn(jpc_dec_t - jpc_rgn_t *rgn = &ms->parms.rgn; - jpc_dec_tile_t *tile; - -- if (JAS_CAST(int, rgn->compno) > dec->numcomps) { -+ if (JAS_CAST(int, rgn->compno) >= dec->numcomps) { - jas_eprintf("invalid component number in RGN marker segment\n"); - return -1; - } -@@ -1356,7 +1356,7 @@ static int jpc_dec_process_qcc(jpc_dec_t - jpc_qcc_t *qcc = &ms->parms.qcc; - jpc_dec_tile_t *tile; - -- if (JAS_CAST(int, qcc->compno) > dec->numcomps) { -+ if (JAS_CAST(int, qcc->compno) >= dec->numcomps) { - jas_eprintf("invalid component number in QCC marker segment\n"); - return -1; - } diff --git a/graphics/jasper/patches/patch-ae b/graphics/jasper/patches/patch-ae deleted file mode 100644 index 0ee71641667..00000000000 --- a/graphics/jasper/patches/patch-ae +++ /dev/null @@ -1,15 +0,0 @@ -$NetBSD: patch-ae,v 1.2 2004/03/02 10:28:18 adam Exp $ - ---- src/libjasper/jp2/jp2_dec.c.orig 2004-02-09 01:34:40.000000000 +0000 -+++ src/libjasper/jp2/jp2_dec.c -@@ -293,7 +293,9 @@ jas_image_t *jp2_decode(jas_stream_t *in - dec->colr->data.colr.iccplen); - assert(iccprof); - jas_iccprof_gethdr(iccprof, &icchdr); -- jas_eprintf("ICC Profile CS %08x\n", icchdr.colorspc); -+ if (jas_getdbglevel() >= 1) { -+ jas_eprintf("ICC Profile CS %08x\n", icchdr.colorspc); -+ } - jas_image_setclrspc(dec->image, fromiccpcs(icchdr.colorspc)); - dec->image->cmprof_ = jas_cmprof_createfromiccprof(iccprof); - assert(dec->image->cmprof_); diff --git a/graphics/jasper/patches/patch-ag b/graphics/jasper/patches/patch-ag deleted file mode 100644 index 140c335c55e..00000000000 --- a/graphics/jasper/patches/patch-ag +++ /dev/null @@ -1,23 +0,0 @@ -$NetBSD: patch-ag,v 1.4 2008/03/20 19:58:16 drochner Exp $ - ---- ./src/libjasper/jpc/jpc_dec.c.orig 2007-01-19 22:43:07.000000000 +0100 -+++ ./src/libjasper/jpc/jpc_dec.c -@@ -1234,6 +1234,7 @@ static int jpc_dec_process_siz(jpc_dec_t - } - for (compno = 0, cmpt = dec->cmpts, tcomp = tile->tcomps; - compno < dec->numcomps; ++compno, ++cmpt, ++tcomp) { -+ tcomp->numrlvls = 0; - tcomp->rlvls = 0; - tcomp->data = 0; - tcomp->xstart = JPC_CEILDIV(tile->xstart, cmpt->hstep); -@@ -1466,7 +1467,9 @@ static int jpc_dec_process_unk(jpc_dec_t - dec = 0; - - jas_eprintf("warning: ignoring unknown marker segment\n"); -- jpc_ms_dump(ms, stderr); -+ if (jas_getdbglevel() >= 1) { -+ jpc_ms_dump(ms, stderr); -+ } - return 0; - } - diff --git a/graphics/jasper/patches/patch-aj b/graphics/jasper/patches/patch-aj deleted file mode 100644 index a17e3f04527..00000000000 --- a/graphics/jasper/patches/patch-aj +++ /dev/null @@ -1,21 +0,0 @@ -$NetBSD: patch-aj,v 1.1 2009/11/23 11:53:20 drochner Exp $ - -http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=469786 - ---- src/libjasper/jpc/jpc_dec.c.orig 2009-11-23 12:48:33.000000000 +0100 -+++ src/libjasper/jpc/jpc_dec.c -@@ -1069,12 +1069,12 @@ static int jpc_dec_tiledecode(jpc_dec_t - /* Apply an inverse intercomponent transform if necessary. */ - switch (tile->cp->mctid) { - case JPC_MCT_RCT: -- assert(dec->numcomps == 3); -+ assert(dec->numcomps >= 3); - jpc_irct(tile->tcomps[0].data, tile->tcomps[1].data, - tile->tcomps[2].data); - break; - case JPC_MCT_ICT: -- assert(dec->numcomps == 3); -+ assert(dec->numcomps >= 3); - jpc_iict(tile->tcomps[0].data, tile->tcomps[1].data, - tile->tcomps[2].data); - break; diff --git a/graphics/jasper/patches/patch-ah b/graphics/jasper/patches/patch-configure index 5d8cb7c6d6c..73a16445600 100644 --- a/graphics/jasper/patches/patch-ah +++ b/graphics/jasper/patches/patch-configure @@ -1,4 +1,6 @@ -$NetBSD: patch-ah,v 1.3 2007/08/12 21:53:42 salo Exp $ +$NetBSD: patch-configure,v 1.1 2015/01/01 14:15:27 he Exp $ + +Check for C99 conformance for stdbool.h, don't just test its presence. --- configure.orig 2007-01-19 21:54:48.000000000 +0000 +++ configure 2007-08-12 20:56:30.000000000 +0000 diff --git a/graphics/jasper/patches/patch-ad b/graphics/jasper/patches/patch-src_libjasper_jp2_jp2__cod.c index da1607d2969..38463ea05eb 100644 --- a/graphics/jasper/patches/patch-ad +++ b/graphics/jasper/patches/patch-src_libjasper_jp2_jp2__cod.c @@ -1,4 +1,6 @@ -$NetBSD: patch-ad,v 1.3 2007/01/06 23:28:07 wiz Exp $ +$NetBSD: patch-src_libjasper_jp2_jp2__cod.c,v 1.1 2015/01/01 14:15:27 he Exp $ + +Only output debug info if debuglevel >= 1. --- src/libjasper/jp2/jp2_cod.c.orig 2006-12-08 00:23:36.000000000 +0000 +++ src/libjasper/jp2/jp2_cod.c diff --git a/graphics/jasper/patches/patch-src_libjasper_jp2_jp2__dec.c b/graphics/jasper/patches/patch-src_libjasper_jp2_jp2__dec.c new file mode 100644 index 00000000000..fa1c873d0b1 --- /dev/null +++ b/graphics/jasper/patches/patch-src_libjasper_jp2_jp2__dec.c @@ -0,0 +1,33 @@ +$NetBSD: patch-src_libjasper_jp2_jp2__dec.c,v 1.1 2015/01/01 14:15:27 he Exp $ + +Only output debug info if debuglevel >= 1. +Apply fix for oCERT-2014-012, from +https://bugzilla.redhat.com/show_bug.cgi?id=1173162 + +--- src/libjasper/jp2/jp2_dec.c.orig 2004-02-09 01:34:40.000000000 +0000 ++++ src/libjasper/jp2/jp2_dec.c +@@ -293,7 +293,9 @@ jas_image_t *jp2_decode(jas_stream_t *in + dec->colr->data.colr.iccplen); + assert(iccprof); + jas_iccprof_gethdr(iccprof, &icchdr); +- jas_eprintf("ICC Profile CS %08x\n", icchdr.colorspc); ++ if (jas_getdbglevel() >= 1) { ++ jas_eprintf("ICC Profile CS %08x\n", icchdr.colorspc); ++ } + jas_image_setclrspc(dec->image, fromiccpcs(icchdr.colorspc)); + dec->image->cmprof_ = jas_cmprof_createfromiccprof(iccprof); + assert(dec->image->cmprof_); +@@ -386,6 +388,13 @@ jas_image_t *jp2_decode(jas_stream_t *in + /* Determine the type of each component. */ + if (dec->cdef) { + for (i = 0; i < dec->numchans; ++i) { ++ /* Is the channel number reasonable? */ ++ if (dec->cdef->data.cdef.ents[i].channo >= dec->numchans) { ++ jas_eprintf("error: invalid channel number in CDEF box\n"); ++ ++ goto error; ++ ++ } + jas_image_setcmpttype(dec->image, + dec->chantocmptlut[dec->cdef->data.cdef.ents[i].channo], + jp2_getct(jas_image_clrspc(dec->image), diff --git a/graphics/jasper/patches/patch-ai b/graphics/jasper/patches/patch-src_libjasper_jpc_jpc__cs.c index d6b7b451a09..afffca3fc6f 100644 --- a/graphics/jasper/patches/patch-ai +++ b/graphics/jasper/patches/patch-src_libjasper_jpc_jpc__cs.c @@ -1,4 +1,6 @@ -$NetBSD: patch-ai,v 1.2 2011/12/22 16:17:57 drochner Exp $ +$NetBSD: patch-src_libjasper_jpc_jpc__cs.c,v 1.1 2015/01/01 14:15:27 he Exp $ + +Add fixes for CVE-2011-4516 and CVE-2011-4517. --- src/libjasper/jpc/jpc_cs.c.orig 2007-01-19 21:43:07.000000000 +0000 +++ src/libjasper/jpc/jpc_cs.c diff --git a/graphics/jasper/patches/patch-src_libjasper_jpc_jpc__dec.c b/graphics/jasper/patches/patch-src_libjasper_jpc_jpc__dec.c new file mode 100644 index 00000000000..887f6fcbde2 --- /dev/null +++ b/graphics/jasper/patches/patch-src_libjasper_jpc_jpc__dec.c @@ -0,0 +1,73 @@ +$NetBSD$ + +Apply fixes from +http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=469786 +and +https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2014-9029 + +Also add a patch from Debian (bug #413041) to fix some heap corruption +on malformed image input (CVE-2007-2721), + +--- src/libjasper/jpc/jpc_dec.c.orig 2014-12-05 12:10:45.000000000 +0000 ++++ src/libjasper/jpc/jpc_dec.c +@@ -1069,12 +1069,12 @@ static int jpc_dec_tiledecode(jpc_dec_t + /* Apply an inverse intercomponent transform if necessary. */ + switch (tile->cp->mctid) { + case JPC_MCT_RCT: +- assert(dec->numcomps == 3); ++ assert(dec->numcomps >= 3); + jpc_irct(tile->tcomps[0].data, tile->tcomps[1].data, + tile->tcomps[2].data); + break; + case JPC_MCT_ICT: +- assert(dec->numcomps == 3); ++ assert(dec->numcomps >= 3); + jpc_iict(tile->tcomps[0].data, tile->tcomps[1].data, + tile->tcomps[2].data); + break; +@@ -1234,6 +1234,7 @@ static int jpc_dec_process_siz(jpc_dec_t + } + for (compno = 0, cmpt = dec->cmpts, tcomp = tile->tcomps; + compno < dec->numcomps; ++compno, ++cmpt, ++tcomp) { ++ tcomp->numrlvls = 0; + tcomp->rlvls = 0; + tcomp->data = 0; + tcomp->xstart = JPC_CEILDIV(tile->xstart, cmpt->hstep); +@@ -1280,7 +1281,7 @@ static int jpc_dec_process_coc(jpc_dec_t + jpc_coc_t *coc = &ms->parms.coc; + jpc_dec_tile_t *tile; + +- if (JAS_CAST(int, coc->compno) > dec->numcomps) { ++ if (JAS_CAST(int, coc->compno) >= dec->numcomps) { + jas_eprintf("invalid component number in COC marker segment\n"); + return -1; + } +@@ -1306,7 +1307,7 @@ static int jpc_dec_process_rgn(jpc_dec_t + jpc_rgn_t *rgn = &ms->parms.rgn; + jpc_dec_tile_t *tile; + +- if (JAS_CAST(int, rgn->compno) > dec->numcomps) { ++ if (JAS_CAST(int, rgn->compno) >= dec->numcomps) { + jas_eprintf("invalid component number in RGN marker segment\n"); + return -1; + } +@@ -1355,7 +1356,7 @@ static int jpc_dec_process_qcc(jpc_dec_t + jpc_qcc_t *qcc = &ms->parms.qcc; + jpc_dec_tile_t *tile; + +- if (JAS_CAST(int, qcc->compno) > dec->numcomps) { ++ if (JAS_CAST(int, qcc->compno) >= dec->numcomps) { + jas_eprintf("invalid component number in QCC marker segment\n"); + return -1; + } +@@ -1466,7 +1467,9 @@ static int jpc_dec_process_unk(jpc_dec_t + dec = 0; + + jas_eprintf("warning: ignoring unknown marker segment\n"); +- jpc_ms_dump(ms, stderr); ++ if (jas_getdbglevel() >= 1) { ++ jpc_ms_dump(ms, stderr); ++ } + return 0; + } + |