head 1.1; access; symbols pkgsrc-2026Q1:1.1.0.92 pkgsrc-2026Q1-base:1.1 pkgsrc-2025Q4:1.1.0.90 pkgsrc-2025Q4-base:1.1 pkgsrc-2025Q3:1.1.0.88 pkgsrc-2025Q3-base:1.1 pkgsrc-2025Q2:1.1.0.86 pkgsrc-2025Q2-base:1.1 pkgsrc-2025Q1:1.1.0.84 pkgsrc-2025Q1-base:1.1 pkgsrc-2024Q4:1.1.0.82 pkgsrc-2024Q4-base:1.1 pkgsrc-2024Q3:1.1.0.80 pkgsrc-2024Q3-base:1.1 pkgsrc-2024Q2:1.1.0.78 pkgsrc-2024Q2-base:1.1 pkgsrc-2024Q1:1.1.0.76 pkgsrc-2024Q1-base:1.1 pkgsrc-2023Q4:1.1.0.74 pkgsrc-2023Q4-base:1.1 pkgsrc-2023Q3:1.1.0.72 pkgsrc-2023Q3-base:1.1 pkgsrc-2023Q2:1.1.0.70 pkgsrc-2023Q2-base:1.1 pkgsrc-2023Q1:1.1.0.68 pkgsrc-2023Q1-base:1.1 pkgsrc-2022Q4:1.1.0.66 pkgsrc-2022Q4-base:1.1 pkgsrc-2022Q3:1.1.0.64 pkgsrc-2022Q3-base:1.1 pkgsrc-2022Q2:1.1.0.62 pkgsrc-2022Q2-base:1.1 pkgsrc-2022Q1:1.1.0.60 pkgsrc-2022Q1-base:1.1 pkgsrc-2021Q4:1.1.0.58 pkgsrc-2021Q4-base:1.1 pkgsrc-2021Q3:1.1.0.56 pkgsrc-2021Q3-base:1.1 pkgsrc-2021Q2:1.1.0.54 pkgsrc-2021Q2-base:1.1 pkgsrc-2021Q1:1.1.0.52 pkgsrc-2021Q1-base:1.1 pkgsrc-2020Q4:1.1.0.50 pkgsrc-2020Q4-base:1.1 pkgsrc-2020Q3:1.1.0.48 pkgsrc-2020Q3-base:1.1 pkgsrc-2020Q2:1.1.0.44 pkgsrc-2020Q2-base:1.1 pkgsrc-2020Q1:1.1.0.24 pkgsrc-2020Q1-base:1.1 pkgsrc-2019Q4:1.1.0.46 pkgsrc-2019Q4-base:1.1 pkgsrc-2019Q3:1.1.0.42 pkgsrc-2019Q3-base:1.1 pkgsrc-2019Q2:1.1.0.40 pkgsrc-2019Q2-base:1.1 pkgsrc-2019Q1:1.1.0.38 pkgsrc-2019Q1-base:1.1 pkgsrc-2018Q4:1.1.0.36 pkgsrc-2018Q4-base:1.1 pkgsrc-2018Q3:1.1.0.34 pkgsrc-2018Q3-base:1.1 pkgsrc-2018Q2:1.1.0.32 pkgsrc-2018Q2-base:1.1 pkgsrc-2018Q1:1.1.0.30 pkgsrc-2018Q1-base:1.1 pkgsrc-2017Q4:1.1.0.28 pkgsrc-2017Q4-base:1.1 pkgsrc-2017Q3:1.1.0.26 pkgsrc-2017Q3-base:1.1 pkgsrc-2017Q2:1.1.0.22 pkgsrc-2017Q2-base:1.1 pkgsrc-2017Q1:1.1.0.20 pkgsrc-2017Q1-base:1.1 pkgsrc-2016Q4:1.1.0.18 pkgsrc-2016Q4-base:1.1 pkgsrc-2016Q3:1.1.0.16 pkgsrc-2016Q3-base:1.1 pkgsrc-2016Q2:1.1.0.14 pkgsrc-2016Q2-base:1.1 pkgsrc-2016Q1:1.1.0.12 pkgsrc-2016Q1-base:1.1 pkgsrc-2015Q4:1.1.0.10 pkgsrc-2015Q4-base:1.1 pkgsrc-2015Q3:1.1.0.8 pkgsrc-2015Q3-base:1.1 pkgsrc-2015Q2:1.1.0.6 pkgsrc-2015Q2-base:1.1 pkgsrc-2015Q1:1.1.0.4 pkgsrc-2015Q1-base:1.1 pkgsrc-2014Q4:1.1.0.2; locks; strict; comment @# @; 1.1 date 2014.12.30.07.52.41; author dholland; state Exp; branches 1.1.2.1; next ; commitid PUMA0eB6An0vm24y; 1.1.2.1 date 2014.12.30.07.52.41; author tron; state dead; branches; next 1.1.2.2; commitid HLCqeXWmtqCUc64y; 1.1.2.2 date 2014.12.30.19.26.39; author tron; state Exp; branches; next ; commitid HLCqeXWmtqCUc64y; desc @@ 1.1 log @Clone patch from graphics/jasper for CVE-2014-9029, and adjust slightly to match the older jasper that ships with ghostscript. (Unfortunately, it's been modified so we can't have ghostscript use the pkgsrc version.) @ text @$NetBSD: patch-CVE-2014-9029,v 1.1 2014/12/11 20:18:09 tez Exp $ Patch for CVE-2014-9029 from https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2014-9029 (adjusted very slightly to match the jasper shipped with ghostscript) --- jasper/src/libjasper/jpc/jpc_dec.c.orig 2012-08-08 08:01:36.000000000 +0000 +++ jasper/src/libjasper/jpc/jpc_dec.c @@@@ -1294,7 +1294,7 @@@@ static int jpc_dec_process_coc(jpc_dec_t jpc_coc_t *coc = &ms->parms.coc; jpc_dec_tile_t *tile; - if (JAS_CAST(int, coc->compno) > dec->numcomps) { + if (JAS_CAST(int, coc->compno) >= dec->numcomps) { jas_eprintf( "invalid component number in COC marker segment\n"); return -1; @@@@ -1321,7 +1321,7 @@@@ static int jpc_dec_process_rgn(jpc_dec_t jpc_rgn_t *rgn = &ms->parms.rgn; jpc_dec_tile_t *tile; - if (JAS_CAST(int, rgn->compno) > dec->numcomps) { + if (JAS_CAST(int, rgn->compno) >= dec->numcomps) { jas_eprintf( "invalid component number in RGN marker segment\n"); return -1; @@@@ -1371,7 +1371,7 @@@@ static int jpc_dec_process_qcc(jpc_dec_t jpc_qcc_t *qcc = &ms->parms.qcc; jpc_dec_tile_t *tile; - if (JAS_CAST(int, qcc->compno) > dec->numcomps) { + if (JAS_CAST(int, qcc->compno) >= dec->numcomps) { jas_eprintf( "invalid component number in QCC marker segment\n"); return -1; @ 1.1.2.1 log @file patch-CVE-2014-9029 was added on branch pkgsrc-2014Q4 on 2014-12-30 19:26:39 +0000 @ text @d1 35 @ 1.1.2.2 log @Pullup ticket #4580 - requested by dholland print/ghostscript-gpl: security patch Revisions pulled up: - print/ghostscript-gpl/Makefile 1.15 - print/ghostscript-gpl/distinfo 1.7 - print/ghostscript-gpl/patches/patch-CVE-2014-9029 1.1 --- Module Name: pkgsrc Committed By: dholland Date: Tue Dec 30 07:52:41 UTC 2014 Modified Files: pkgsrc/print/ghostscript-gpl: Makefile distinfo Added Files: pkgsrc/print/ghostscript-gpl/patches: patch-CVE-2014-9029 Log Message: Clone patch from graphics/jasper for CVE-2014-9029, and adjust slightly to match the older jasper that ships with ghostscript. (Unfortunately, it's been modified so we can't have ghostscript use the pkgsrc version.) @ text @a0 35 $NetBSD$ Patch for CVE-2014-9029 from https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2014-9029 (adjusted very slightly to match the jasper shipped with ghostscript) --- jasper/src/libjasper/jpc/jpc_dec.c.orig 2012-08-08 08:01:36.000000000 +0000 +++ jasper/src/libjasper/jpc/jpc_dec.c @@@@ -1294,7 +1294,7 @@@@ static int jpc_dec_process_coc(jpc_dec_t jpc_coc_t *coc = &ms->parms.coc; jpc_dec_tile_t *tile; - if (JAS_CAST(int, coc->compno) > dec->numcomps) { + if (JAS_CAST(int, coc->compno) >= dec->numcomps) { jas_eprintf( "invalid component number in COC marker segment\n"); return -1; @@@@ -1321,7 +1321,7 @@@@ static int jpc_dec_process_rgn(jpc_dec_t jpc_rgn_t *rgn = &ms->parms.rgn; jpc_dec_tile_t *tile; - if (JAS_CAST(int, rgn->compno) > dec->numcomps) { + if (JAS_CAST(int, rgn->compno) >= dec->numcomps) { jas_eprintf( "invalid component number in RGN marker segment\n"); return -1; @@@@ -1371,7 +1371,7 @@@@ static int jpc_dec_process_qcc(jpc_dec_t jpc_qcc_t *qcc = &ms->parms.qcc; jpc_dec_tile_t *tile; - if (JAS_CAST(int, qcc->compno) > dec->numcomps) { + if (JAS_CAST(int, qcc->compno) >= dec->numcomps) { jas_eprintf( "invalid component number in QCC marker segment\n"); return -1; @