diff options
| author | Francesco Colista <fcolista@alpinelinux.org> | 2017-08-07 12:59:38 +0000 |
|---|---|---|
| committer | Francesco Colista <fcolista@alpinelinux.org> | 2017-08-07 13:11:31 +0000 |
| commit | 8b73639606c778f052740208e9f4cb1c588e1f39 (patch) | |
| tree | c35da4de1bf669a81013c5194e092d1b7ea08454 /main/jasper | |
| parent | 67e7b92467569910713069db92d75a437463c837 (diff) | |
| download | aports-8b73639606c778f052740208e9f4cb1c588e1f39.tar.bz2 aports-8b73639606c778f052740208e9f4cb1c588e1f39.tar.xz | |
main/jasper: security fix CVE-2017-1000050. Fixes #7572
Diffstat (limited to 'main/jasper')
| -rw-r--r-- | main/jasper/APKBUILD | 14 | ||||
| -rw-r--r-- | main/jasper/CVE-2017-1000050.patch | 16 |
2 files changed, 26 insertions, 4 deletions
diff --git a/main/jasper/APKBUILD b/main/jasper/APKBUILD index 828885f809..3c4cfe45fd 100644 --- a/main/jasper/APKBUILD +++ b/main/jasper/APKBUILD @@ -1,7 +1,7 @@ # Maintainer: Natanael Copa <ncopa@alpinelinux.org> pkgname=jasper pkgver=2.0.12 -pkgrel=0 +pkgrel=1 pkgdesc="A software-based implementation of the codec specified in the emerging JPEG-2000 Part-1 standard" url="http://www.ece.uvic.ca/~mdadams/jasper/" arch="all" @@ -9,10 +9,15 @@ license="custom:JasPer2.0" depends= #"libjpeg>=8 freeglut libxi libxmu mesa" makedepends="libjpeg-turbo-dev cmake" subpackages="$pkgname-dev $pkgname-doc $pkgname-libs" -source="http://www.ece.uvic.ca/~frodo/jasper/software/jasper-$pkgver.tar.gz" - +source="http://www.ece.uvic.ca/~frodo/jasper/software/jasper-$pkgver.tar.gz + CVE-2017-1000050.patch + " builddir="$srcdir"/$pkgname-$pkgver +# secfixes: +# 2.0.12-r1: +# - CVE-2017-1000050 + build () { mkdir "$builddir"/obj cd "$builddir"/obj @@ -35,4 +40,5 @@ libs() { mv "$pkgdir"/usr/lib "$subpkgdir"/usr } -sha512sums="3b0f5a5640838b328d989a80461a23ca8ac98af054a7f15c13a543e769c98bb632b74114923c02c3b2de76747187747aec6e18a2cf14035a8d79eb3482fd553b jasper-2.0.12.tar.gz" +sha512sums="3b0f5a5640838b328d989a80461a23ca8ac98af054a7f15c13a543e769c98bb632b74114923c02c3b2de76747187747aec6e18a2cf14035a8d79eb3482fd553b jasper-2.0.12.tar.gz +2851d1cd7ed372cde5f9d6d6610e2c5507f5a8d571b1db9fc9afce64a1b35a78776d547b8281da770ab4d2f20c2e87cde989a16c17017c80ab12eedd8164cbb8 CVE-2017-1000050.patch" diff --git a/main/jasper/CVE-2017-1000050.patch b/main/jasper/CVE-2017-1000050.patch new file mode 100644 index 0000000000..9a6a611e6d --- /dev/null +++ b/main/jasper/CVE-2017-1000050.patch @@ -0,0 +1,16 @@ +diff --git a/src/libjasper/jp2/jp2_enc.c b/src/libjasper/jp2/jp2_enc.c +index 9a5e106..af4d9a4 100644 +--- a/src/libjasper/jp2/jp2_enc.c ++++ b/src/libjasper/jp2/jp2_enc.c +@@ -115,6 +115,11 @@ int jp2_encode(jas_image_t *image, jas_stream_t *out, const char *optstr) + iccstream = 0; + iccprof = 0; + ++ if (jas_image_numcmpts(image) < 1) { ++ jas_eprintf("image must have at least one component\n"); ++ goto error; ++ } ++ + allcmptssame = 1; + sgnd = jas_image_cmptsgnd(image, 0); + prec = jas_image_cmptprec(image, 0); |