head 1.3; access; symbols pkgsrc-2014Q4:1.2.0.26 pkgsrc-2014Q4-base:1.2 pkgsrc-2014Q3:1.2.0.24 pkgsrc-2014Q3-base:1.2 pkgsrc-2014Q2:1.2.0.22 pkgsrc-2014Q2-base:1.2 pkgsrc-2014Q1:1.2.0.20 pkgsrc-2014Q1-base:1.2 pkgsrc-2013Q4:1.2.0.18 pkgsrc-2013Q4-base:1.2 pkgsrc-2013Q3:1.2.0.16 pkgsrc-2013Q3-base:1.2 pkgsrc-2013Q2:1.2.0.14 pkgsrc-2013Q2-base:1.2 pkgsrc-2013Q1:1.2.0.12 pkgsrc-2013Q1-base:1.2 pkgsrc-2012Q4:1.2.0.10 pkgsrc-2012Q4-base:1.2 pkgsrc-2012Q3:1.2.0.8 pkgsrc-2012Q3-base:1.2 pkgsrc-2012Q2:1.2.0.6 pkgsrc-2012Q2-base:1.2 pkgsrc-2012Q1:1.2.0.4 pkgsrc-2012Q1-base:1.2 pkgsrc-2011Q4:1.2.0.2 pkgsrc-2011Q4-base:1.2 pkgsrc-2011Q3:1.1.0.34 pkgsrc-2011Q3-base:1.1 pkgsrc-2011Q2:1.1.0.32 pkgsrc-2011Q2-base:1.1 pkgsrc-2011Q1:1.1.0.30 pkgsrc-2011Q1-base:1.1 pkgsrc-2010Q4:1.1.0.28 pkgsrc-2010Q4-base:1.1 pkgsrc-2010Q3:1.1.0.26 pkgsrc-2010Q3-base:1.1 pkgsrc-2010Q2:1.1.0.24 pkgsrc-2010Q2-base:1.1 pkgsrc-2010Q1:1.1.0.22 pkgsrc-2010Q1-base:1.1 pkgsrc-2009Q4:1.1.0.20 pkgsrc-2009Q4-base:1.1 pkgsrc-2009Q3:1.1.0.18 pkgsrc-2009Q3-base:1.1 pkgsrc-2009Q2:1.1.0.16 pkgsrc-2009Q2-base:1.1 pkgsrc-2009Q1:1.1.0.14 pkgsrc-2009Q1-base:1.1 pkgsrc-2008Q4:1.1.0.12 pkgsrc-2008Q4-base:1.1 pkgsrc-2008Q3:1.1.0.10 pkgsrc-2008Q3-base:1.1 cube-native-xorg:1.1.0.8 cube-native-xorg-base:1.1 pkgsrc-2008Q2:1.1.0.6 pkgsrc-2008Q2-base:1.1 cwrapper:1.1.0.4 pkgsrc-2008Q1:1.1.0.2 pkgsrc-2008Q1-base:1.1; locks; strict; comment @# @; 1.3 date 2015.01.01.14.15.27; author he; state dead; branches; next 1.2; commitid PdStbIzr5wzRpk4y; 1.2 date 2011.12.22.16.17.57; author drochner; state Exp; branches 1.2.26.1; next 1.1; 1.1 date 2008.03.20.19.58.16; author drochner; state Exp; branches 1.1.34.1; next ; 1.2.26.1 date 2015.02.19.21.18.52; author tron; state dead; branches; next ; commitid 9KM6NPHYSCRLbFay; 1.1.34.1 date 2011.12.23.13.56.48; author tron; state Exp; branches; next ; desc @@ 1.3 log @Rename patches to conform to the "new" style. Add comments to the patches. Add fix for oCERT-2014-012, pulled from RedHat. Add fix from Debian bug 469786. Add LICENSE setting, I think modified-bsd is fitting. Bump PKGREVISION. @ text @$NetBSD: patch-ai,v 1.2 2011/12/22 16:17:57 drochner Exp $ --- src/libjasper/jpc/jpc_cs.c.orig 2007-01-19 21:43:07.000000000 +0000 +++ src/libjasper/jpc/jpc_cs.c @@@@ -744,6 +744,10 @@@@ static int jpc_cox_getcompparms(jpc_ms_t return -1; } compparms->numrlvls = compparms->numdlvls + 1; + if (compparms->numrlvls > JPC_MAXRLVLS) { + jpc_cox_destroycompparms(compparms); + return -1; + } if (prtflag) { for (i = 0; i < compparms->numrlvls; ++i) { if (jpc_getuint8(in, &tmp)) { @@@@ -982,7 +986,10 @@@@ static int jpc_qcx_getcompparms(jpc_qcxc compparms->numstepsizes = (len - n) / 2; break; } - if (compparms->numstepsizes > 0) { + if (compparms->numstepsizes > 3 * JPC_MAXRLVLS + 1) { + jpc_qcx_destroycompparms(compparms); + return -1; + } else if (compparms->numstepsizes > 0) { compparms->stepsizes = jas_malloc(compparms->numstepsizes * sizeof(uint_fast16_t)); assert(compparms->stepsizes); @@@@ -1328,7 +1335,7 @@@@ static int jpc_crg_getparms(jpc_ms_t *ms jpc_crgcomp_t *comp; uint_fast16_t compno; crg->numcomps = cstate->numcomps; - if (!(crg->comps = jas_malloc(cstate->numcomps * sizeof(uint_fast16_t)))) { + if (!(crg->comps = jas_malloc(cstate->numcomps * sizeof(jpc_crgcomp_t)))) { return -1; } for (compno = 0, comp = crg->comps; compno < cstate->numcomps; @ 1.2 log @add patches from Redhat to add some input validation and fix a memory allocation error; both could lead to heap buffer overflows (CVE-2011-4516, CVE-2011-4517) bump PKGREV @ text @d1 1 a1 1 $NetBSD$ @ 1.2.26.1 log @Pullup ticket #4624 - requested by taca graphics/jasper: security patch Revisions pulled up: - graphics/jasper/Makefile 1.39-1.40 - graphics/jasper/distinfo 1.16-1.17 - graphics/jasper/patches/patch-CVE-2014-9029 deleted - graphics/jasper/patches/patch-ad deleted - graphics/jasper/patches/patch-ae deleted - graphics/jasper/patches/patch-ag deleted - graphics/jasper/patches/patch-ah deleted - graphics/jasper/patches/patch-ai deleted - graphics/jasper/patches/patch-aj deleted - graphics/jasper/patches/patch-configure 1.1 - graphics/jasper/patches/patch-src_libjasper_jp2_jp2__cod.c 1.1 - graphics/jasper/patches/patch-src_libjasper_jp2_jp2__dec.c 1.1 - graphics/jasper/patches/patch-src_libjasper_jpc_jpc__cs.c 1.1 - graphics/jasper/patches/patch-src_libjasper_jpc_jpc__dec.c 1.1-1.2 - graphics/jasper/patches/patch-src_libjasper_jpc_jpc__qmfb.c 1.1 --- Module Name: pkgsrc Committed By: he Date: Thu Jan 1 14:15:27 UTC 2015 Modified Files: pkgsrc/graphics/jasper: Makefile distinfo Added Files: pkgsrc/graphics/jasper/patches: patch-configure patch-src_libjasper_jp2_jp2__cod.c patch-src_libjasper_jp2_jp2__dec.c patch-src_libjasper_jpc_jpc__cs.c patch-src_libjasper_jpc_jpc__dec.c Removed Files: pkgsrc/graphics/jasper/patches: patch-CVE-2014-9029 patch-ad patch-ae patch-ag patch-ah patch-ai patch-aj Log Message: Rename patches to conform to the "new" style. Add comments to the patches. Add fix for oCERT-2014-012, pulled from RedHat. Add fix from Debian bug 469786. Add LICENSE setting, I think modified-bsd is fitting. Bump PKGREVISION. --- Module Name: pkgsrc Committed By: snj Date: Sun Feb 8 23:04:22 UTC 2015 Modified Files: pkgsrc/graphics/jasper: Makefile distinfo pkgsrc/graphics/jasper/patches: patch-src_libjasper_jpc_jpc__dec.c Added Files: pkgsrc/graphics/jasper/patches: patch-src_libjasper_jpc_jpc__qmfb.c Log Message: Fix CVE-2014-8157 and CVE-2014-8158. Bump PKGREVISION to 10. @ text @d1 1 a1 1 $NetBSD: patch-ai,v 1.2 2011/12/22 16:17:57 drochner Exp $ @ 1.1 log @add a patch from Debian (bug #413041) to fix some heap corruption on malformed image input (CVE-2007-2721), also fix some initialisation which could cause random misbehaviour on cleanup, bump PKGREVISION @ text @d3 1 a3 1 --- src/libjasper/jpc/jpc_cs.c.orig 2007-01-19 22:43:07.000000000 +0100 d5 12 a16 1 @@@@ -982,7 +982,10 @@@@ static int jpc_qcx_getcompparms(jpc_qcxc d28 9 @ 1.1.34.1 log @Pullup ticket #3637 - requested by drochner graphics/jasper: security patch Revisions pulled up: - graphics/jasper/Makefile 1.34 - graphics/jasper/distinfo 1.14 - graphics/jasper/patches/patch-ai 1.2 --- Module Name: pkgsrc Committed By: drochner Date: Thu Dec 22 16:17:57 UTC 2011 Modified Files: pkgsrc/graphics/jasper: Makefile distinfo pkgsrc/graphics/jasper/patches: patch-ai Log Message: add patches from Redhat to add some input validation and fix a memory allocation error; both could lead to heap buffer overflows (CVE-2011-4516, CVE-2011-4517) bump PKGREV @ text @d3 1 a3 1 --- src/libjasper/jpc/jpc_cs.c.orig 2007-01-19 21:43:07.000000000 +0000 d5 1 a5 12 @@@@ -744,6 +744,10 @@@@ static int jpc_cox_getcompparms(jpc_ms_t return -1; } compparms->numrlvls = compparms->numdlvls + 1; + if (compparms->numrlvls > JPC_MAXRLVLS) { + jpc_cox_destroycompparms(compparms); + return -1; + } if (prtflag) { for (i = 0; i < compparms->numrlvls; ++i) { if (jpc_getuint8(in, &tmp)) { @@@@ -982,7 +986,10 @@@@ static int jpc_qcx_getcompparms(jpc_qcxc a16 9 @@@@ -1328,7 +1335,7 @@@@ static int jpc_crg_getparms(jpc_ms_t *ms jpc_crgcomp_t *comp; uint_fast16_t compno; crg->numcomps = cstate->numcomps; - if (!(crg->comps = jas_malloc(cstate->numcomps * sizeof(uint_fast16_t)))) { + if (!(crg->comps = jas_malloc(cstate->numcomps * sizeof(jpc_crgcomp_t)))) { return -1; } for (compno = 0, comp = crg->comps; compno < cstate->numcomps; @