diff options
| author |   Samuli Suominen <ssuominen@gentoo.org> | 2014-01-24 12:00:22 +0000 |
|---|---|---|
| committer | Samuli Suominen <ssuominen@gentoo.org> | 2014-01-24 12:00:22 +0000 |
| commit | 574fed7ff1d45ab5571836f7e841d3e7fa235826 (patch) | |
| tree | aa4e47b817bb7e586a309c897b56ce4afe4ea70b /media-libs/jpeg | |
| parent | Version without libjpeg.so.8* (diff) | |
| download | gentoo-2-574fed7ff1d45ab5571836f7e841d3e7fa235826.tar.gz gentoo-2-574fed7ff1d45ab5571836f7e841d3e7fa235826.tar.bz2 gentoo-2-574fed7ff1d45ab5571836f7e841d3e7fa235826.zip | |
Fix security bug 491152 (CVE-2013-6629) for jpeg-8d. The patch still applies to jpeg-9 but causes a build failure and needs to be ported.
(Portage version: 2.2.7/cvs/Linux x86_64, signed Manifest commit with key 4868F14D)
Diffstat (limited to 'media-libs/jpeg')
| -rw-r--r-- | media-libs/jpeg/ChangeLog | 7 | ||||
| -rw-r--r-- | media-libs/jpeg/files/jpeg-8d-CVE-2013-6629.patch | 17 | ||||
| -rw-r--r-- | media-libs/jpeg/jpeg-8d-r1.ebuild | 6 |
3 files changed, 27 insertions, 3 deletions
diff --git a/media-libs/jpeg/ChangeLog b/media-libs/jpeg/ChangeLog index 789faa5082d8..7d19b15e3979 100644 --- a/media-libs/jpeg/ChangeLog +++ b/media-libs/jpeg/ChangeLog @@ -1,6 +1,11 @@ # ChangeLog for media-libs/jpeg # Copyright 1999-2014 Gentoo Foundation; Distributed under the GPL v2 -# $Header: /var/cvsroot/gentoo-x86/media-libs/jpeg/ChangeLog,v 1.147 2014/01/24 11:31:47 ssuominen Exp $ +# $Header: /var/cvsroot/gentoo-x86/media-libs/jpeg/ChangeLog,v 1.148 2014/01/24 12:00:22 ssuominen Exp $ + + 24 Jan 2014; Samuli Suominen <ssuominen@gentoo.org> + +files/jpeg-8d-CVE-2013-6629.patch, jpeg-8d-r1.ebuild: + Fix security bug 491152 (CVE-2013-6629) for jpeg-8d. The patch still applies + to jpeg-9 but causes a build failure and needs to be ported. 24 Jan 2014; Samuli Suominen <ssuominen@gentoo.org> -jpeg-9.ebuild, jpeg-8d-r1.ebuild: diff --git a/media-libs/jpeg/files/jpeg-8d-CVE-2013-6629.patch b/media-libs/jpeg/files/jpeg-8d-CVE-2013-6629.patch new file mode 100644 index 000000000000..a1535a79ffec --- /dev/null +++ b/media-libs/jpeg/files/jpeg-8d-CVE-2013-6629.patch @@ -0,0 +1,17 @@ +http://bugs.gentoo.org/491152 + +--- jdmarker.c ++++ jdmarker.c +@@ -347,6 +347,12 @@ + + TRACEMS3(cinfo, 1, JTRC_SOS_COMPONENT, cc, + compptr->dc_tbl_no, compptr->ac_tbl_no); ++ ++ /* This CSi (cc) should differ from the previous CSi */ ++ for (ci = 0; ci < i; ci++) { ++ if (cinfo->cur_comp_info[ci] == compptr) ++ ERREXIT1(cinfo, JERR_BAD_COMPONENT_ID, cc); ++ } + } + + /* Collect the additional scan parameters Ss, Se, Ah/Al. */ diff --git a/media-libs/jpeg/jpeg-8d-r1.ebuild b/media-libs/jpeg/jpeg-8d-r1.ebuild index b999516cb233..198d37f59f9b 100644 --- a/media-libs/jpeg/jpeg-8d-r1.ebuild +++ b/media-libs/jpeg/jpeg-8d-r1.ebuild @@ -1,6 +1,6 @@ # Copyright 1999-2014 Gentoo Foundation # Distributed under the terms of the GNU General Public License v2 -# $Header: /var/cvsroot/gentoo-x86/media-libs/jpeg/jpeg-8d-r1.ebuild,v 1.4 2014/01/24 11:30:23 ssuominen Exp $ +# $Header: /var/cvsroot/gentoo-x86/media-libs/jpeg/jpeg-8d-r1.ebuild,v 1.5 2014/01/24 12:00:22 ssuominen Exp $ EAPI=5 inherit eutils libtool toolchain-funcs multilib-minimal @@ -21,7 +21,9 @@ RDEPEND="!media-libs/libjpeg-turbo:0 DEPEND="${RDEPEND}" src_prepare() { - epatch "${FILESDIR}"/${PN}-7-maxmem_sysconf.patch + epatch \ + "${FILESDIR}"/${PN}-7-maxmem_sysconf.patch \ + "${FILESDIR}"/${PN}-9-CVE-2013-6629.patch elibtoolize } |