[arch-commits] Commit in openjpeg/trunk (11 files)
Date: Monday, April 28, 2014 @ 09:45:26 Author: jgc Revision: 211844 upgpkg: openjpeg 1.5.2-1 Bump to 1.5.2, remove all included security patches Modified: openjpeg/trunk/PKGBUILD Deleted: openjpeg/trunk/openjpeg-1.5-r2029.patch openjpeg/trunk/openjpeg-1.5-r2031.patch openjpeg/trunk/openjpeg-1.5-r2032.patch openjpeg/trunk/openjpeg-1.5-r2033.patch openjpeg/trunk/openjpeg-1.5.1-CVE-2013-1447.patch openjpeg/trunk/openjpeg-1.5.1-CVE-2013-6045.patch openjpeg/trunk/openjpeg-1.5.1-CVE-2013-6052.patch openjpeg/trunk/openjpeg-1.5.1-CVE-2013-6053.patch openjpeg/trunk/openjpeg-1.5.1-CVE-2013-6887.patch openjpeg/trunk/openjpeg-1.5.1-doxygen_timestamp.patch + PKGBUILD | 41 --- openjpeg-1.5-r2029.patch | 77 -- openjpeg-1.5-r2031.patch | 24 openjpeg-1.5-r2032.patch | 30 - openjpeg-1.5-r2033.patch | 49 - openjpeg-1.5.1-CVE-2013-1447.patch | 165 --- openjpeg-1.5.1-CVE-2013-6045.patch | 60 --- openjpeg-1.5.1-CVE-2013-6052.patch | 53 - openjpeg-1.5.1-CVE-2013-6053.patch | 12 -- openjpeg-1.5.1-CVE-2013-6887.patch | 30 - openjpeg-1.5.1-doxygen_timestamp.patch | 24 11 files changed, 4 insertions(+), 561 deletions(-) Modified: PKGBUILD === --- PKGBUILD2014-04-28 05:52:08 UTC (rev 211843) +++ PKGBUILD2014-04-28 07:45:26 UTC (rev 211844) @@ -2,8 +2,8 @@ # Maintainer: Jan de Groot j...@archlinux.org pkgname=openjpeg -pkgver=1.5.1 -pkgrel=2 +pkgver=1.5.2 +pkgrel=1 pkgdesc=An open source JPEG 2000 codec arch=(i686 x86_64) license=('BSD') @@ -12,42 +12,9 @@ makedepends=('libtiff' 'lcms2' 'libpng' 'doxygen') optdepends=('lcms2: j2k_to_image and image_to_j2k programs' 'libpng: j2k_to_image and image_to_j2k programs') -source=(http://openjpeg.googlecode.com/files/openjpeg-${pkgver}.tar.gz -openjpeg-1.5.1-CVE-2013-1447.patch -openjpeg-1.5.1-CVE-2013-6045.patch -openjpeg-1.5.1-CVE-2013-6052.patch -openjpeg-1.5.1-CVE-2013-6053.patch -openjpeg-1.5.1-CVE-2013-6887.patch -openjpeg-1.5.1-doxygen_timestamp.patch -openjpeg-1.5-r2029.patch -openjpeg-1.5-r2031.patch -openjpeg-1.5-r2032.patch -openjpeg-1.5-r2033.patch) -sha1sums=('1b0b74d1af4c297fd82806a9325bb544caf9bb8b' - 'f2baf9bde105c96c7016be907cd278f2878be2b9' - 'f3764e473bd35508e83643a9257979eaa2c89c36' - '1d600a13432b977c46a5b74bf87bf1b5a130abfb' - '8d2da4b912d7e930abec31a956b678f62566884c' - '038e471597decf36de0c7c78915744054704c601' - '339677795a567c0f91b62141847b8e5dda53e763' - '1cd97c1be5cedad136894db2b16f856a28387aeb' - 'f68108dd25c7ed278678de11d5713fba87ab6017' - '222769c17e69022902d4e49c9dc5294361a00c85' - '9ec5c1e0909c8946a174733a598fbe38675a0c9c') +source=(http://downloads.sourceforge.net/openjpeg.mirror/${pkgname}-${pkgver}.tar.gz) +sha1sums=('496e99ff1d37b73bbce6a066dd9bd3576ebca0a2') -prepare() { - cd $pkgname-$pkgver - patch -Np1 -i ../openjpeg-1.5.1-doxygen_timestamp.patch - patch -Np0 -i ../openjpeg-1.5-r2029.patch - patch -Np0 -i ../openjpeg-1.5-r2031.patch - patch -Np0 -i ../openjpeg-1.5-r2032.patch - patch -Np0 -i ../openjpeg-1.5-r2033.patch - patch -Np1 -i ../openjpeg-1.5.1-CVE-2013-6052.patch - patch -Np1 -i ../openjpeg-1.5.1-CVE-2013-6053.patch -# patch -Np1 -i ../openjpeg-1.5.1-CVE-2013-6045.patch - patch -Np1 -i ../openjpeg-1.5.1-CVE-2013-1447.patch - patch -Np1 -i ../openjpeg-1.5.1-CVE-2013-6887.patch -} build() { cd $pkgname-$pkgver Deleted: openjpeg-1.5-r2029.patch === --- openjpeg-1.5-r2029.patch2014-04-28 05:52:08 UTC (rev 211843) +++ openjpeg-1.5-r2029.patch2014-04-28 07:45:26 UTC (rev 211844) @@ -1,77 +0,0 @@ -Index: libopenjpeg/jp2.c -=== libopenjpeg/jp2.c (revision 2028) -+++ libopenjpeg/jp2.c (revision 2029) -@@ -173,6 +173,10 @@ - else if (box-length == 0) { - box-length = cio_numbytesleft(cio) + 8; - } -+ if (box-length 0) { -+ opj_event_msg(cinfo, EVT_ERROR, Integer overflow in box-length\n); -+ return OPJ_FALSE; // TODO: actually check jp2_read_boxhdr's return value -+ } - - return OPJ_TRUE; - } -@@ -654,6 +658,7 @@ - opj_event_msg(cinfo, EVT_ERROR, Expected JP2H Marker\n); - return OPJ_FALSE; - } -+if (box.length = 8) return OPJ_FALSE; - cio_skip(cio, box.length - 8); - - if(cio-bp = cio-end) return OPJ_FALSE; -@@ -679,6 +684,7 @@ - { - if( !jp2_read_colr(jp2, cio, box, color)) - { -+if
[arch-commits] Commit in openjpeg/trunk (11 files)
Date: Tuesday, February 11, 2014 @ 16:10:38 Author: jgc Revision: 205843 upgpkg: openjpeg 1.5.1-2 Fix several security issues (FS#38082) Leave out patch for CVE 2013-6045, as it causes regressions Added: openjpeg/trunk/openjpeg-1.5-r2029.patch openjpeg/trunk/openjpeg-1.5-r2031.patch openjpeg/trunk/openjpeg-1.5-r2032.patch openjpeg/trunk/openjpeg-1.5-r2033.patch openjpeg/trunk/openjpeg-1.5.1-CVE-2013-1447.patch openjpeg/trunk/openjpeg-1.5.1-CVE-2013-6045.patch openjpeg/trunk/openjpeg-1.5.1-CVE-2013-6052.patch openjpeg/trunk/openjpeg-1.5.1-CVE-2013-6053.patch openjpeg/trunk/openjpeg-1.5.1-CVE-2013-6887.patch openjpeg/trunk/openjpeg-1.5.1-doxygen_timestamp.patch Modified: openjpeg/trunk/PKGBUILD + PKGBUILD | 50 - openjpeg-1.5-r2029.patch | 77 ++ openjpeg-1.5-r2031.patch | 24 openjpeg-1.5-r2032.patch | 30 + openjpeg-1.5-r2033.patch | 49 + openjpeg-1.5.1-CVE-2013-1447.patch | 165 +++ openjpeg-1.5.1-CVE-2013-6045.patch | 60 +++ openjpeg-1.5.1-CVE-2013-6052.patch | 53 + openjpeg-1.5.1-CVE-2013-6053.patch | 12 ++ openjpeg-1.5.1-CVE-2013-6887.patch | 30 + openjpeg-1.5.1-doxygen_timestamp.patch | 24 11 files changed, 568 insertions(+), 6 deletions(-) Modified: PKGBUILD === --- PKGBUILD2014-02-11 14:09:02 UTC (rev 205842) +++ PKGBUILD2014-02-11 15:10:38 UTC (rev 205843) @@ -3,26 +3,64 @@ pkgname=openjpeg pkgver=1.5.1 -pkgrel=1 +pkgrel=2 pkgdesc=An open source JPEG 2000 codec arch=(i686 x86_64) license=('BSD') url=http://www.openjpeg.org; depends=('zlib') -source=(http://openjpeg.googlecode.com/files/openjpeg-${pkgver}.tar.gz) -sha1sums=('1b0b74d1af4c297fd82806a9325bb544caf9bb8b') +makedepends=('libtiff' 'lcms2' 'libpng' 'doxygen') +optdepends=('lcms2: j2k_to_image and image_to_j2k programs' +'libpng: j2k_to_image and image_to_j2k programs') +source=(http://openjpeg.googlecode.com/files/openjpeg-${pkgver}.tar.gz +openjpeg-1.5.1-CVE-2013-1447.patch +openjpeg-1.5.1-CVE-2013-6045.patch +openjpeg-1.5.1-CVE-2013-6052.patch +openjpeg-1.5.1-CVE-2013-6053.patch +openjpeg-1.5.1-CVE-2013-6887.patch +openjpeg-1.5.1-doxygen_timestamp.patch +openjpeg-1.5-r2029.patch +openjpeg-1.5-r2031.patch +openjpeg-1.5-r2032.patch +openjpeg-1.5-r2033.patch) +sha1sums=('1b0b74d1af4c297fd82806a9325bb544caf9bb8b' + 'f2baf9bde105c96c7016be907cd278f2878be2b9' + 'f3764e473bd35508e83643a9257979eaa2c89c36' + '1d600a13432b977c46a5b74bf87bf1b5a130abfb' + '8d2da4b912d7e930abec31a956b678f62566884c' + '038e471597decf36de0c7c78915744054704c601' + '339677795a567c0f91b62141847b8e5dda53e763' + '1cd97c1be5cedad136894db2b16f856a28387aeb' + 'f68108dd25c7ed278678de11d5713fba87ab6017' + '222769c17e69022902d4e49c9dc5294361a00c85' + '9ec5c1e0909c8946a174733a598fbe38675a0c9c') +prepare() { + cd $pkgname-$pkgver + patch -Np1 -i ../openjpeg-1.5.1-doxygen_timestamp.patch + patch -Np0 -i ../openjpeg-1.5-r2029.patch + patch -Np0 -i ../openjpeg-1.5-r2031.patch + patch -Np0 -i ../openjpeg-1.5-r2032.patch + patch -Np0 -i ../openjpeg-1.5-r2033.patch + patch -Np1 -i ../openjpeg-1.5.1-CVE-2013-6052.patch + patch -Np1 -i ../openjpeg-1.5.1-CVE-2013-6053.patch +# patch -Np1 -i ../openjpeg-1.5.1-CVE-2013-6045.patch + patch -Np1 -i ../openjpeg-1.5.1-CVE-2013-1447.patch + patch -Np1 -i ../openjpeg-1.5.1-CVE-2013-6887.patch +} + build() { - cd ${srcdir}/${pkgname}-${pkgver} + cd $pkgname-$pkgver + autoreconf -fi # make sure we use system libs rm -rf thirdparty ./configure --prefix=/usr \ - --disable-static --disable-silent-rules + --enable-shared --disable-static --disable-silent-rules make } package() { - cd ${srcdir}/${pkgname}-${pkgver} + cd $pkgname-$pkgver make DESTDIR=${pkgdir} install install -m755 -d ${pkgdir}/usr/share/licenses/openjpeg install -m644 LICENSE ${pkgdir}/usr/share/licenses/openjpeg/LICENSE Added: openjpeg-1.5-r2029.patch === --- openjpeg-1.5-r2029.patch(rev 0) +++ openjpeg-1.5-r2029.patch2014-02-11 15:10:38 UTC (rev 205843) @@ -0,0 +1,77 @@ +Index: libopenjpeg/jp2.c +=== +--- libopenjpeg/jp2.c (revision 2028) libopenjpeg/jp2.c (revision 2029) +@@ -173,6 +173,10 @@ + else if (box-length == 0) { + box-length = cio_numbytesleft(cio) + 8; + } ++ if (box-length 0) { ++ opj_event_msg(cinfo, EVT_ERROR, Integer overflow in box-length\n); ++