diff options
author | Nicolás Reynolds <fauno@endefensadelsl.org> | 2013-12-27 23:55:53 +0000 |
---|---|---|
committer | Nicolás Reynolds <fauno@endefensadelsl.org> | 2013-12-27 23:55:53 +0000 |
commit | 65eeff79fff8a1bfdf67ca51d147384f46f4d5c0 (patch) | |
tree | fbfdff322b28d9a3c37e6e31c94caf1d8e48dac1 /extra/libjpeg-turbo | |
parent | d53c44f055929b18d7d1b25f8367ee5836c435fc (diff) |
Fri Dec 27 23:54:04 UTC 2013
Diffstat (limited to 'extra/libjpeg-turbo')
-rw-r--r-- | extra/libjpeg-turbo/PKGBUILD | 15 | ||||
-rw-r--r-- | extra/libjpeg-turbo/cve-2013-6629.patch | 36 |
2 files changed, 47 insertions, 4 deletions
diff --git a/extra/libjpeg-turbo/PKGBUILD b/extra/libjpeg-turbo/PKGBUILD index 367f21633..75dbd544a 100644 --- a/extra/libjpeg-turbo/PKGBUILD +++ b/extra/libjpeg-turbo/PKGBUILD @@ -1,23 +1,30 @@ -# $Id: PKGBUILD 198190 2013-10-30 13:21:13Z allan $ +# $Id: PKGBUILD 201420 2013-12-11 04:56:37Z bisson $ # Maintainer: Gaetan Bisson <bisson@archlinux.org> # Contributor: Allan McRae <allan@archlinux.org> # Contributor: Simone Sclavi 'Ito' <darkhado@gmail.com> pkgname=libjpeg-turbo pkgver=1.3.0 -pkgrel=3 +pkgrel=4 pkgdesc='JPEG image codec with accelerated baseline compression and decompression' url='http://libjpeg-turbo.virtualgl.org/' license=('GPL' 'custom') arch=('i686' 'x86_64') makedepends=('nasm') -source=("http://downloads.sourceforge.net/project/${pkgname}/${pkgver}/${pkgname}-${pkgver}.tar.gz") -sha1sums=('1792c964b35604cebd3a8846f1ca6de5976e9c28') +source=("http://downloads.sourceforge.net/project/${pkgname}/${pkgver}/${pkgname}-${pkgver}.tar.gz" + 'cve-2013-6629.patch') +sha1sums=('1792c964b35604cebd3a8846f1ca6de5976e9c28' + '10f2cf2276244d2b94d35bfca24639bc83ce1185') provides=('libjpeg=8.0.2' 'turbojpeg') conflicts=('libjpeg' 'turbojpeg') replaces=('libjpeg' 'turbojpeg') +prepare() { + cd "${srcdir}/${pkgname}-${pkgver}" + patch -i ../cve-2013-6629.patch # FS#38094 +} + build() { cd "${srcdir}/${pkgname}-${pkgver}" ./configure --prefix=/usr --with-jpeg8 --mandir=/usr/share/man diff --git a/extra/libjpeg-turbo/cve-2013-6629.patch b/extra/libjpeg-turbo/cve-2013-6629.patch new file mode 100644 index 000000000..7fb02730f --- /dev/null +++ b/extra/libjpeg-turbo/cve-2013-6629.patch @@ -0,0 +1,36 @@ +Index: jdmarker.c +=================================================================== +--- jdmarker.c (revision 1088) ++++ jdmarker.c (revision 1089) +@@ -304,7 +304,7 @@ + /* Process a SOS marker */ + { + INT32 length; +- int i, ci, n, c, cc; ++ int i, ci, n, c, cc, pi; + jpeg_component_info * compptr; + INPUT_VARS(cinfo); + +@@ -348,6 +348,13 @@ + + TRACEMS3(cinfo, 1, JTRC_SOS_COMPONENT, cc, + compptr->dc_tbl_no, compptr->ac_tbl_no); ++ ++ /* This CSi (cc) should differ from the previous CSi */ ++ for (pi = 0; pi < i; pi++) { ++ if (cinfo->cur_comp_info[pi] == compptr) { ++ ERREXIT1(cinfo, JERR_BAD_COMPONENT_ID, cc); ++ } ++ } + } + + /* Collect the additional scan parameters Ss, Se, Ah/Al. */ +@@ -465,6 +472,8 @@ + for (i = 0; i < count; i++) + INPUT_BYTE(cinfo, huffval[i], return FALSE); + ++ MEMZERO(&huffval[count], (256 - count) * SIZEOF(UINT8)); ++ + length -= count; + + if (index & 0x10) { /* AC table definition */ |