[pkgsrc/trunk]: pkgsrc/graphics/jasper Add patch for CVE-2014-9029 from

[tez <tez%pkgsrc.org@localhost>]

details:   https://anonhg.NetBSD.org/pkgsrc/rev/fcf499d70c4a
branches:  trunk
changeset: 643123:fcf499d70c4a
user:      tez <tez%pkgsrc.org@localhost>
date:      Thu Dec 11 20:18:09 2014 +0000

description:
Add patch for CVE-2014-9029 from
 https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2014-9029

diffstat:

 graphics/jasper/Makefile                    |   4 +-
 graphics/jasper/distinfo                    |   3 +-
 graphics/jasper/patches/patch-CVE-2014-9029 |  34 +++++++++++++++++++++++++++++
 3 files changed, 38 insertions(+), 3 deletions(-)

diffs (65 lines):

diff -r e292cf318943 -r fcf499d70c4a graphics/jasper/Makefile
--- a/graphics/jasper/Makefile  Thu Dec 11 20:14:49 2014 +0000
+++ b/graphics/jasper/Makefile  Thu Dec 11 20:18:09 2014 +0000
@@ -1,7 +1,7 @@
-# $NetBSD: Makefile,v 1.37 2014/10/09 14:06:35 wiz Exp $
+# $NetBSD: Makefile,v 1.38 2014/12/11 20:18:09 tez Exp $
 
 DISTNAME=      jasper-1.900.1
-PKGREVISION=   7
+PKGREVISION=   8
 CATEGORIES=    graphics
 MASTER_SITES=  http://www.ece.uvic.ca/~mdadams/jasper/software/
 EXTRACT_SUFX=  .zip
diff -r e292cf318943 -r fcf499d70c4a graphics/jasper/distinfo
--- a/graphics/jasper/distinfo  Thu Dec 11 20:14:49 2014 +0000
+++ b/graphics/jasper/distinfo  Thu Dec 11 20:18:09 2014 +0000
@@ -1,8 +1,9 @@
-$NetBSD: distinfo,v 1.14 2011/12/22 16:17:57 drochner Exp $
+$NetBSD: distinfo,v 1.15 2014/12/11 20:18:09 tez Exp $
 
 SHA1 (jasper-1.900.1.zip) = 9c5735f773922e580bf98c7c7dfda9bbed4c5191
 RMD160 (jasper-1.900.1.zip) = fb2c188abf5b8c297078ac1f913101734f72db5c
 Size (jasper-1.900.1.zip) = 1415752 bytes
+SHA1 (patch-CVE-2014-9029) = e8db6f31a06773dd385b40d684f4be8eb8676723
 SHA1 (patch-ad) = 85637e42cdb1245babd5736c2d039558025738a6
 SHA1 (patch-ae) = bfe00f76582a44ad748706c3fc81c4d6b8aede35
 SHA1 (patch-ag) = 0a3cf7ffff67001529198c23c3ca2499c71be7fa
diff -r e292cf318943 -r fcf499d70c4a graphics/jasper/patches/patch-CVE-2014-9029
--- /dev/null   Thu Jan 01 00:00:00 1970 +0000
+++ b/graphics/jasper/patches/patch-CVE-2014-9029       Thu Dec 11 20:18:09 2014 +0000
@@ -0,0 +1,34 @@
+$NetBSD: patch-CVE-2014-9029,v 1.1 2014/12/11 20:18:09 tez Exp $
+
+Patch for CVE-2014-9029 from https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2014-9029
+
+
+--- src/libjasper/jpc/jpc_dec.c        2014-11-27 12:45:44.000000000 +0100
++++ src/libjasper/jpc/jpc_dec.c        2014-11-27 12:44:58.000000000 +0100
+@@ -1281,7 +1281,7 @@ static int jpc_dec_process_coc(jpc_dec_t
+       jpc_coc_t *coc = &ms->parms.coc;
+       jpc_dec_tile_t *tile;
+ 
+-      if (JAS_CAST(int, coc->compno) > dec->numcomps) {
++      if (JAS_CAST(int, coc->compno) >= dec->numcomps) {
+               jas_eprintf("invalid component number in COC marker segment\n");
+               return -1;
+       }
+@@ -1307,7 +1307,7 @@ static int jpc_dec_process_rgn(jpc_dec_t
+       jpc_rgn_t *rgn = &ms->parms.rgn;
+       jpc_dec_tile_t *tile;
+ 
+-      if (JAS_CAST(int, rgn->compno) > dec->numcomps) {
++      if (JAS_CAST(int, rgn->compno) >= dec->numcomps) {
+               jas_eprintf("invalid component number in RGN marker segment\n");
+               return -1;
+       }
+@@ -1356,7 +1356,7 @@ static int jpc_dec_process_qcc(jpc_dec_t
+       jpc_qcc_t *qcc = &ms->parms.qcc;
+       jpc_dec_tile_t *tile;
+ 
+-      if (JAS_CAST(int, qcc->compno) > dec->numcomps) {
++      if (JAS_CAST(int, qcc->compno) >= dec->numcomps) {
+               jas_eprintf("invalid component number in QCC marker segment\n");
+               return -1;
+       }