pkgsrc-Changes-HG archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

[pkgsrc/trunk]: pkgsrc/graphics/openjpeg apply patch from upstream



details:   https://anonhg.NetBSD.org/pkgsrc/rev/4a7d8ad71760
branches:  trunk
changeset: 610449:4a7d8ad71760
user:      drochner <drochner%pkgsrc.org@localhost>
date:      Thu Oct 25 11:33:40 2012 +0000

description:
apply patch from upstream
(http://code.google.com/p/openjpeg/source/detail?r=1919)
to fix Heap-based buffer-overflow when decoding openjpeg image
(CVE-2012-3535)
bump PKGREV

diffstat:

 graphics/openjpeg/Makefile                        |   4 ++--
 graphics/openjpeg/distinfo                        |   4 ++--
 graphics/openjpeg/patches/patch-libopenjpeg_j2k.c |  21 +++++++++++++++++----
 3 files changed, 21 insertions(+), 8 deletions(-)

diffs (76 lines):

diff -r db09e164b846 -r 4a7d8ad71760 graphics/openjpeg/Makefile
--- a/graphics/openjpeg/Makefile        Thu Oct 25 11:31:44 2012 +0000
+++ b/graphics/openjpeg/Makefile        Thu Oct 25 11:33:40 2012 +0000
@@ -1,8 +1,8 @@
-# $NetBSD: Makefile,v 1.4 2012/10/06 14:11:09 asau Exp $
+# $NetBSD: Makefile,v 1.5 2012/10/25 11:33:40 drochner Exp $
 #
 
 DISTNAME=              openjpeg-1.5.0
-PKGREVISION=           1
+PKGREVISION=           2
 CATEGORIES=            graphics
 MASTER_SITES=          http://openjpeg.googlecode.com/files/
 
diff -r db09e164b846 -r 4a7d8ad71760 graphics/openjpeg/distinfo
--- a/graphics/openjpeg/distinfo        Thu Oct 25 11:31:44 2012 +0000
+++ b/graphics/openjpeg/distinfo        Thu Oct 25 11:33:40 2012 +0000
@@ -1,7 +1,7 @@
-$NetBSD: distinfo,v 1.3 2012/07/11 09:07:21 wiz Exp $
+$NetBSD: distinfo,v 1.4 2012/10/25 11:33:41 drochner Exp $
 
 SHA1 (openjpeg-1.5.0.tar.gz) = dce705ae45f137e4698a8cf39d1fbf22bc434fa8
 RMD160 (openjpeg-1.5.0.tar.gz) = ffa85dbb0a3ba1545bc6974f4950f466789c04ef
 Size (openjpeg-1.5.0.tar.gz) = 2117572 bytes
 SHA1 (patch-aa) = 503b565958dc74a17b68f968a44c5c861d84b343
-SHA1 (patch-libopenjpeg_j2k.c) = 3ea7816b479dbba7822d20b187a6916e4d882e37
+SHA1 (patch-libopenjpeg_j2k.c) = 4660bb06d2655879ea7b479b024ca5cd978c4a01
diff -r db09e164b846 -r 4a7d8ad71760 graphics/openjpeg/patches/patch-libopenjpeg_j2k.c
--- a/graphics/openjpeg/patches/patch-libopenjpeg_j2k.c Thu Oct 25 11:31:44 2012 +0000
+++ b/graphics/openjpeg/patches/patch-libopenjpeg_j2k.c Thu Oct 25 11:33:40 2012 +0000
@@ -1,4 +1,4 @@
-$NetBSD: patch-libopenjpeg_j2k.c,v 1.1 2012/07/11 09:07:21 wiz Exp $
+$NetBSD: patch-libopenjpeg_j2k.c,v 1.2 2012/10/25 11:33:41 drochner Exp $
 
 CVE-2012-3358:
 A heap-based buffer overflow was found in the way OpenJPEG, an
@@ -13,7 +13,20 @@
 
 --- libopenjpeg/j2k.c.orig     2012-02-07 10:49:55.000000000 +0000
 +++ libopenjpeg/j2k.c
-@@ -1269,7 +1269,7 @@ static void j2k_read_sot(opj_j2k_t *j2k)
+@@ -684,6 +684,12 @@ static void j2k_read_cox(opj_j2k_t *j2k,
+                                       "of resolutions of this component\nModify the cp_reduce parameter.\n\n", compno);
+               j2k->state |= J2K_STATE_ERR;
+       }
++  if( tccp->numresolutions > J2K_MAXRLVLS ) {
++    opj_event_msg(j2k->cinfo, EVT_ERROR, "Error decoding component %d.\nThe number of resolutions is too big: %d vs max= %d. Truncating.\n\n",
++      compno, tccp->numresolutions, J2K_MAXRLVLS);
++              j2k->state |= J2K_STATE_ERR;
++    tccp->numresolutions = J2K_MAXRLVLS;
++  }
+ 
+       tccp->cblkw = cio_read(cio, 1) + 2;     /* SPcox (E) */
+       tccp->cblkh = cio_read(cio, 1) + 2;     /* SPcox (F) */
+@@ -1269,7 +1275,7 @@ static void j2k_read_sot(opj_j2k_t *j2k)
                static int backup_tileno = 0;
  
                /* tileno is negative or larger than the number of tiles!!! */
@@ -22,7 +35,7 @@
                        opj_event_msg(j2k->cinfo, EVT_ERROR,
                                "JPWL: bad tile number (%d out of a maximum of %d)\n",
                                tileno, (cp->tw * cp->th));
-@@ -1286,8 +1286,18 @@ static void j2k_read_sot(opj_j2k_t *j2k)
+@@ -1286,8 +1292,18 @@ static void j2k_read_sot(opj_j2k_t *j2k)
  
                /* keep your private count of tiles */
                backup_tileno++;
@@ -42,7 +55,7 @@
        
        if (cp->tileno_size == 0) {
                cp->tileno[cp->tileno_size] = tileno;
-@@ -1325,8 +1335,18 @@ static void j2k_read_sot(opj_j2k_t *j2k)
+@@ -1325,8 +1341,18 @@ static void j2k_read_sot(opj_j2k_t *j2k)
                                totlen);
                }
  



Home | Main Index | Thread Index | Old Index