diff options
| author | Francesco Colista <fcolista@alpinelinux.org> | 2017-08-07 12:59:38 +0000 |
|---|---|---|
| committer | Francesco Colista <fcolista@alpinelinux.org> | 2017-08-07 13:09:37 +0000 |
| commit | 1b7174583b49104dca2f9f09b72e3dcb5244fb32 (patch) | |
| tree | b15fcb5d3b1df0ea3194228b0bae4fb770285957 /main/jasper | |
| parent | 3b0fbd0f00a8c02d42425aea32792329cc8ed65c (diff) | |
| download | aports-1b7174583b49104dca2f9f09b72e3dcb5244fb32.tar.bz2 aports-1b7174583b49104dca2f9f09b72e3dcb5244fb32.tar.xz | |
main/jasper: security fix CVE-2017-1000050. Fixes #7573
Diffstat (limited to 'main/jasper')
| -rw-r--r-- | main/jasper/APKBUILD | 19 | ||||
| -rw-r--r-- | main/jasper/CVE-2017-1000050.patch | 16 |
2 files changed, 24 insertions, 11 deletions
diff --git a/main/jasper/APKBUILD b/main/jasper/APKBUILD index d526dfcebc..f890c4bff1 100644 --- a/main/jasper/APKBUILD +++ b/main/jasper/APKBUILD @@ -1,7 +1,7 @@ # Maintainer: Natanael Copa <ncopa@alpinelinux.org> pkgname=jasper pkgver=2.0.10 -pkgrel=1 +pkgrel=2 pkgdesc="A software-based implementation of the codec specified in the emerging JPEG-2000 Part-1 standard" url="http://www.ece.uvic.ca/~mdadams/jasper/" arch="all" @@ -10,17 +10,13 @@ depends= #"libjpeg>=8 freeglut libxi libxmu mesa" makedepends="libjpeg-turbo-dev cmake" subpackages="$pkgname-dev $pkgname-doc $pkgname-libs" source="http://www.ece.uvic.ca/~frodo/jasper/software/jasper-$pkgver.tar.gz + CVE-2017-1000050.patch " - builddir="$srcdir"/$pkgname-$pkgver -prepare() { - cd "$builddir" - for i in $source; do - case $i in - *.patch) msg $i; patch -Np1 -i "$srcdir"/$i || return 1;; - esac - done -} + +# secfixes: +# 2.0.10-r2: +# - CVE-2017-1000050 build () { mkdir "$builddir"/obj @@ -45,4 +41,5 @@ libs() { mv "$pkgdir"/usr/lib "$subpkgdir"/usr } -sha512sums="3cc08c9bc1f9ad1e4bac78a3246d6ee1a35a75d5b89b3b0f27cb5980420101256a2e05eeb7bf8a0c73d1a73c044b83b4cbca441c1418dced53d7a142e69129ed jasper-2.0.10.tar.gz" +sha512sums="3cc08c9bc1f9ad1e4bac78a3246d6ee1a35a75d5b89b3b0f27cb5980420101256a2e05eeb7bf8a0c73d1a73c044b83b4cbca441c1418dced53d7a142e69129ed jasper-2.0.10.tar.gz +2851d1cd7ed372cde5f9d6d6610e2c5507f5a8d571b1db9fc9afce64a1b35a78776d547b8281da770ab4d2f20c2e87cde989a16c17017c80ab12eedd8164cbb8 CVE-2017-1000050.patch" diff --git a/main/jasper/CVE-2017-1000050.patch b/main/jasper/CVE-2017-1000050.patch new file mode 100644 index 0000000000..9a6a611e6d --- /dev/null +++ b/main/jasper/CVE-2017-1000050.patch @@ -0,0 +1,16 @@ +diff --git a/src/libjasper/jp2/jp2_enc.c b/src/libjasper/jp2/jp2_enc.c +index 9a5e106..af4d9a4 100644 +--- a/src/libjasper/jp2/jp2_enc.c ++++ b/src/libjasper/jp2/jp2_enc.c +@@ -115,6 +115,11 @@ int jp2_encode(jas_image_t *image, jas_stream_t *out, const char *optstr) + iccstream = 0; + iccprof = 0; + ++ if (jas_image_numcmpts(image) < 1) { ++ jas_eprintf("image must have at least one component\n"); ++ goto error; ++ } ++ + allcmptssame = 1; + sgnd = jas_image_cmptsgnd(image, 0); + prec = jas_image_cmptprec(image, 0); |