[arch-commits] Commit in openjpeg/trunk (11 files)
Date: Monday, April 28, 2014 @ 09:45:26
Author: jgc
Revision: 211844
upgpkg: openjpeg 1.5.2-1
Bump to 1.5.2, remove all included security patches
Modified:
openjpeg/trunk/PKGBUILD
Deleted:
openjpeg/trunk/openjpeg-1.5-r2029.patch
openjpeg/trunk/openjpeg-1.5-r2031.patch
openjpeg/trunk/openjpeg-1.5-r2032.patch
openjpeg/trunk/openjpeg-1.5-r2033.patch
openjpeg/trunk/openjpeg-1.5.1-CVE-2013-1447.patch
openjpeg/trunk/openjpeg-1.5.1-CVE-2013-6045.patch
openjpeg/trunk/openjpeg-1.5.1-CVE-2013-6052.patch
openjpeg/trunk/openjpeg-1.5.1-CVE-2013-6053.patch
openjpeg/trunk/openjpeg-1.5.1-CVE-2013-6887.patch
openjpeg/trunk/openjpeg-1.5.1-doxygen_timestamp.patch
+
PKGBUILD | 41 ---
openjpeg-1.5-r2029.patch | 77 --
openjpeg-1.5-r2031.patch | 24
openjpeg-1.5-r2032.patch | 30 -
openjpeg-1.5-r2033.patch | 49 -
openjpeg-1.5.1-CVE-2013-1447.patch | 165 ---
openjpeg-1.5.1-CVE-2013-6045.patch | 60 ---
openjpeg-1.5.1-CVE-2013-6052.patch | 53 -
openjpeg-1.5.1-CVE-2013-6053.patch | 12 --
openjpeg-1.5.1-CVE-2013-6887.patch | 30 -
openjpeg-1.5.1-doxygen_timestamp.patch | 24
11 files changed, 4 insertions(+), 561 deletions(-)
Modified: PKGBUILD
===
--- PKGBUILD2014-04-28 05:52:08 UTC (rev 211843)
+++ PKGBUILD2014-04-28 07:45:26 UTC (rev 211844)
@@ -2,8 +2,8 @@
# Maintainer: Jan de Groot j...@archlinux.org
pkgname=openjpeg
-pkgver=1.5.1
-pkgrel=2
+pkgver=1.5.2
+pkgrel=1
pkgdesc=An open source JPEG 2000 codec
arch=(i686 x86_64)
license=('BSD')
@@ -12,42 +12,9 @@
makedepends=('libtiff' 'lcms2' 'libpng' 'doxygen')
optdepends=('lcms2: j2k_to_image and image_to_j2k programs'
'libpng: j2k_to_image and image_to_j2k programs')
-source=(http://openjpeg.googlecode.com/files/openjpeg-${pkgver}.tar.gz
-openjpeg-1.5.1-CVE-2013-1447.patch
-openjpeg-1.5.1-CVE-2013-6045.patch
-openjpeg-1.5.1-CVE-2013-6052.patch
-openjpeg-1.5.1-CVE-2013-6053.patch
-openjpeg-1.5.1-CVE-2013-6887.patch
-openjpeg-1.5.1-doxygen_timestamp.patch
-openjpeg-1.5-r2029.patch
-openjpeg-1.5-r2031.patch
-openjpeg-1.5-r2032.patch
-openjpeg-1.5-r2033.patch)
-sha1sums=('1b0b74d1af4c297fd82806a9325bb544caf9bb8b'
- 'f2baf9bde105c96c7016be907cd278f2878be2b9'
- 'f3764e473bd35508e83643a9257979eaa2c89c36'
- '1d600a13432b977c46a5b74bf87bf1b5a130abfb'
- '8d2da4b912d7e930abec31a956b678f62566884c'
- '038e471597decf36de0c7c78915744054704c601'
- '339677795a567c0f91b62141847b8e5dda53e763'
- '1cd97c1be5cedad136894db2b16f856a28387aeb'
- 'f68108dd25c7ed278678de11d5713fba87ab6017'
- '222769c17e69022902d4e49c9dc5294361a00c85'
- '9ec5c1e0909c8946a174733a598fbe38675a0c9c')
+source=(http://downloads.sourceforge.net/openjpeg.mirror/${pkgname}-${pkgver}.tar.gz)
+sha1sums=('496e99ff1d37b73bbce6a066dd9bd3576ebca0a2')
-prepare() {
- cd $pkgname-$pkgver
- patch -Np1 -i ../openjpeg-1.5.1-doxygen_timestamp.patch
- patch -Np0 -i ../openjpeg-1.5-r2029.patch
- patch -Np0 -i ../openjpeg-1.5-r2031.patch
- patch -Np0 -i ../openjpeg-1.5-r2032.patch
- patch -Np0 -i ../openjpeg-1.5-r2033.patch
- patch -Np1 -i ../openjpeg-1.5.1-CVE-2013-6052.patch
- patch -Np1 -i ../openjpeg-1.5.1-CVE-2013-6053.patch
-# patch -Np1 -i ../openjpeg-1.5.1-CVE-2013-6045.patch
- patch -Np1 -i ../openjpeg-1.5.1-CVE-2013-1447.patch
- patch -Np1 -i ../openjpeg-1.5.1-CVE-2013-6887.patch
-}
build() {
cd $pkgname-$pkgver
Deleted: openjpeg-1.5-r2029.patch
===
--- openjpeg-1.5-r2029.patch2014-04-28 05:52:08 UTC (rev 211843)
+++ openjpeg-1.5-r2029.patch2014-04-28 07:45:26 UTC (rev 211844)
@@ -1,77 +0,0 @@
-Index: libopenjpeg/jp2.c
-===
libopenjpeg/jp2.c (revision 2028)
-+++ libopenjpeg/jp2.c (revision 2029)
-@@ -173,6 +173,10 @@
- else if (box-length == 0) {
- box-length = cio_numbytesleft(cio) + 8;
- }
-+ if (box-length 0) {
-+ opj_event_msg(cinfo, EVT_ERROR, Integer overflow in
box-length\n);
-+ return OPJ_FALSE; // TODO: actually check jp2_read_boxhdr's
return value
-+ }
-
- return OPJ_TRUE;
- }
-@@ -654,6 +658,7 @@
- opj_event_msg(cinfo, EVT_ERROR, Expected JP2H Marker\n);
- return OPJ_FALSE;
- }
-+if (box.length = 8) return OPJ_FALSE;
- cio_skip(cio, box.length - 8);
-
- if(cio-bp = cio-end) return OPJ_FALSE;
-@@ -679,6 +684,7 @@
- {
- if( !jp2_read_colr(jp2, cio, box, color))
- {
-+if
[arch-commits] Commit in openjpeg/trunk (11 files)
Date: Tuesday, February 11, 2014 @ 16:10:38
Author: jgc
Revision: 205843
upgpkg: openjpeg 1.5.1-2
Fix several security issues (FS#38082)
Leave out patch for CVE 2013-6045, as it causes regressions
Added:
openjpeg/trunk/openjpeg-1.5-r2029.patch
openjpeg/trunk/openjpeg-1.5-r2031.patch
openjpeg/trunk/openjpeg-1.5-r2032.patch
openjpeg/trunk/openjpeg-1.5-r2033.patch
openjpeg/trunk/openjpeg-1.5.1-CVE-2013-1447.patch
openjpeg/trunk/openjpeg-1.5.1-CVE-2013-6045.patch
openjpeg/trunk/openjpeg-1.5.1-CVE-2013-6052.patch
openjpeg/trunk/openjpeg-1.5.1-CVE-2013-6053.patch
openjpeg/trunk/openjpeg-1.5.1-CVE-2013-6887.patch
openjpeg/trunk/openjpeg-1.5.1-doxygen_timestamp.patch
Modified:
openjpeg/trunk/PKGBUILD
+
PKGBUILD | 50 -
openjpeg-1.5-r2029.patch | 77 ++
openjpeg-1.5-r2031.patch | 24
openjpeg-1.5-r2032.patch | 30 +
openjpeg-1.5-r2033.patch | 49 +
openjpeg-1.5.1-CVE-2013-1447.patch | 165 +++
openjpeg-1.5.1-CVE-2013-6045.patch | 60 +++
openjpeg-1.5.1-CVE-2013-6052.patch | 53 +
openjpeg-1.5.1-CVE-2013-6053.patch | 12 ++
openjpeg-1.5.1-CVE-2013-6887.patch | 30 +
openjpeg-1.5.1-doxygen_timestamp.patch | 24
11 files changed, 568 insertions(+), 6 deletions(-)
Modified: PKGBUILD
===
--- PKGBUILD2014-02-11 14:09:02 UTC (rev 205842)
+++ PKGBUILD2014-02-11 15:10:38 UTC (rev 205843)
@@ -3,26 +3,64 @@
pkgname=openjpeg
pkgver=1.5.1
-pkgrel=1
+pkgrel=2
pkgdesc=An open source JPEG 2000 codec
arch=(i686 x86_64)
license=('BSD')
url=http://www.openjpeg.org;
depends=('zlib')
-source=(http://openjpeg.googlecode.com/files/openjpeg-${pkgver}.tar.gz)
-sha1sums=('1b0b74d1af4c297fd82806a9325bb544caf9bb8b')
+makedepends=('libtiff' 'lcms2' 'libpng' 'doxygen')
+optdepends=('lcms2: j2k_to_image and image_to_j2k programs'
+'libpng: j2k_to_image and image_to_j2k programs')
+source=(http://openjpeg.googlecode.com/files/openjpeg-${pkgver}.tar.gz
+openjpeg-1.5.1-CVE-2013-1447.patch
+openjpeg-1.5.1-CVE-2013-6045.patch
+openjpeg-1.5.1-CVE-2013-6052.patch
+openjpeg-1.5.1-CVE-2013-6053.patch
+openjpeg-1.5.1-CVE-2013-6887.patch
+openjpeg-1.5.1-doxygen_timestamp.patch
+openjpeg-1.5-r2029.patch
+openjpeg-1.5-r2031.patch
+openjpeg-1.5-r2032.patch
+openjpeg-1.5-r2033.patch)
+sha1sums=('1b0b74d1af4c297fd82806a9325bb544caf9bb8b'
+ 'f2baf9bde105c96c7016be907cd278f2878be2b9'
+ 'f3764e473bd35508e83643a9257979eaa2c89c36'
+ '1d600a13432b977c46a5b74bf87bf1b5a130abfb'
+ '8d2da4b912d7e930abec31a956b678f62566884c'
+ '038e471597decf36de0c7c78915744054704c601'
+ '339677795a567c0f91b62141847b8e5dda53e763'
+ '1cd97c1be5cedad136894db2b16f856a28387aeb'
+ 'f68108dd25c7ed278678de11d5713fba87ab6017'
+ '222769c17e69022902d4e49c9dc5294361a00c85'
+ '9ec5c1e0909c8946a174733a598fbe38675a0c9c')
+prepare() {
+ cd $pkgname-$pkgver
+ patch -Np1 -i ../openjpeg-1.5.1-doxygen_timestamp.patch
+ patch -Np0 -i ../openjpeg-1.5-r2029.patch
+ patch -Np0 -i ../openjpeg-1.5-r2031.patch
+ patch -Np0 -i ../openjpeg-1.5-r2032.patch
+ patch -Np0 -i ../openjpeg-1.5-r2033.patch
+ patch -Np1 -i ../openjpeg-1.5.1-CVE-2013-6052.patch
+ patch -Np1 -i ../openjpeg-1.5.1-CVE-2013-6053.patch
+# patch -Np1 -i ../openjpeg-1.5.1-CVE-2013-6045.patch
+ patch -Np1 -i ../openjpeg-1.5.1-CVE-2013-1447.patch
+ patch -Np1 -i ../openjpeg-1.5.1-CVE-2013-6887.patch
+}
+
build() {
- cd ${srcdir}/${pkgname}-${pkgver}
+ cd $pkgname-$pkgver
+ autoreconf -fi
# make sure we use system libs
rm -rf thirdparty
./configure --prefix=/usr \
- --disable-static --disable-silent-rules
+ --enable-shared --disable-static --disable-silent-rules
make
}
package() {
- cd ${srcdir}/${pkgname}-${pkgver}
+ cd $pkgname-$pkgver
make DESTDIR=${pkgdir} install
install -m755 -d ${pkgdir}/usr/share/licenses/openjpeg
install -m644 LICENSE ${pkgdir}/usr/share/licenses/openjpeg/LICENSE
Added: openjpeg-1.5-r2029.patch
===
--- openjpeg-1.5-r2029.patch(rev 0)
+++ openjpeg-1.5-r2029.patch2014-02-11 15:10:38 UTC (rev 205843)
@@ -0,0 +1,77 @@
+Index: libopenjpeg/jp2.c
+===
+--- libopenjpeg/jp2.c (revision 2028)
libopenjpeg/jp2.c (revision 2029)
+@@ -173,6 +173,10 @@
+ else if (box-length == 0) {
+ box-length = cio_numbytesleft(cio) + 8;
+ }
++ if (box-length 0) {
++ opj_event_msg(cinfo, EVT_ERROR, Integer overflow in
box-length\n);
++
