media-libs/jasper: Import security fix from fedora for CVE-2014-9029, #531688

(Portage version: 2.2.15/cvs/Linux x86_64, signed Manifest commit with key B9D4F231BD1558AB!)
author: Justin Lecher <jlec@gentoo.org> 2014-12-05 08:05:52 +0000
committer: Justin Lecher <jlec@gentoo.org> 2014-12-05 08:05:52 +0000
commit: 7088593e25df92d0674985506b27d9bd9d0d57e2 (patch)
tree: 79a3e04e257d58026dc9f5432711629d38a6915a /media-libs
parent: sci-chemistry/relax: Version BUmp (diff)
download: gentoo-2-7088593e25df92d0674985506b27d9bd9d0d57e2.tar.gz
gentoo-2-7088593e25df92d0674985506b27d9bd9d0d57e2.tar.bz2
gentoo-2-7088593e25df92d0674985506b27d9bd9d0d57e2.zip
6 files changed, 157 insertions, 1 deletions
diff --git a/media-libs/jasper/ChangeLog b/media-libs/jasper/ChangeLog
index 37e3489bd8ef..efae02fec4a6 100644
--- a/media-libs/jasper/ChangeLog
+++ b/media-libs/jasper/ChangeLog
@@ -1,6 +1,13 @@
 # ChangeLog for media-libs/jasper
 # Copyright 1999-2014 Gentoo Foundation; Distributed under the GPL v2
-# $Header: /var/cvsroot/gentoo-x86/media-libs/jasper/ChangeLog,v 1.93 2014/11/03 11:28:07 jlec Exp $
+# $Header: /var/cvsroot/gentoo-x86/media-libs/jasper/ChangeLog,v 1.94 2014/12/05 08:05:52 jlec Exp $
+
+*jasper-1.900.1-r7 (05 Dec 2014)
+
+  05 Dec 2014; Justin Lecher <jlec@gentoo.org> +jasper-1.900.1-r7.ebuild,
+  +files/jasper-1.701.0-GL.patch, +files/jasper-1.701.0-GL-ac.patch,
+  +files/jasper-CVE-2014-9029.patch, +files/jasper-pkgconfig.patch:
+  Import security fix from fedora for CVE-2014-9029, #531688
 
   03 Nov 2014; Justin Lecher <jlec@gentoo.org> -jasper-1.900.1-r5.ebuild:
   Drop old
diff --git a/media-libs/jasper/files/jasper-1.701.0-GL-ac.patch b/media-libs/jasper/files/jasper-1.701.0-GL-ac.patch
new file mode 100644
index 000000000000..bf571433c0b8
--- /dev/null
+++ b/media-libs/jasper/files/jasper-1.701.0-GL-ac.patch
@@ -0,0 +1,11 @@
+--- jasper-1.701.0.GEO/configure.ac.GL	2006-02-20 19:58:02.000000000 -0600
++++ jasper-1.701.0.GEO/configure.ac	2006-02-24 07:40:38.000000000 -0600
+@@ -242,7 +242,7 @@
+ OPENGL_LIBS=""
+ if test $ENABLE_OPENGL = yes; then
+ 	if test $HAVE_OPENGL = no; then
+-		TMPLIBS="-lglut -lGL -lGLU $X_PRE_LIBS -lX11 -lXmu -lXi -lXext -lXt $X_EXTRA_LIBS $X_LIBS"
++		TMPLIBS="-lglut -lGL -lGLU"
+ 		AC_CHECK_LIB(glut, glutInit, [HAVE_OPENGL=yes;
+ 		  OPENGL_LIBS=$TMPLIBS], HAVE_OPENGL=no, $TMPLIBS)
+ 	fi
diff --git a/media-libs/jasper/files/jasper-1.701.0-GL.patch b/media-libs/jasper/files/jasper-1.701.0-GL.patch
new file mode 100644
index 000000000000..ba199e226faf
--- /dev/null
+++ b/media-libs/jasper/files/jasper-1.701.0-GL.patch
@@ -0,0 +1,11 @@
+--- jasper-1.701.0.GEO/configure.GL	2006-02-20 20:01:30.000000000 -0600
++++ jasper-1.701.0.GEO/configure	2006-02-24 07:40:46.000000000 -0600
+@@ -9464,7 +9464,7 @@
+ OPENGL_LIBS=""
+ if test $ENABLE_OPENGL = yes; then
+ 	if test $HAVE_OPENGL = no; then
+-		TMPLIBS="-lglut -lGL -lGLU $X_PRE_LIBS -lX11 -lXmu -lXi -lXext -lXt $X_EXTRA_LIBS $X_LIBS"
++		TMPLIBS="-lglut -lGL -lGLU"
+ 		echo "$as_me:$LINENO: checking for glutInit in -lglut" >&5
+ echo $ECHO_N "checking for glutInit in -lglut... $ECHO_C" >&6
+ if test "${ac_cv_lib_glut_glutInit+set}" = set; then
diff --git a/media-libs/jasper/files/jasper-CVE-2014-9029.patch b/media-libs/jasper/files/jasper-CVE-2014-9029.patch
new file mode 100644
index 000000000000..98a2035999be
--- /dev/null
+++ b/media-libs/jasper/files/jasper-CVE-2014-9029.patch
@@ -0,0 +1,29 @@
+--- jasper-1.900.1.orig/src/libjasper/jpc/jpc_dec.c	2014-11-27 12:45:44.000000000 +0100
++++ jasper-1.900.1/src/libjasper/jpc/jpc_dec.c	2014-11-27 12:44:58.000000000 +0100
+@@ -1281,7 +1281,7 @@ static int jpc_dec_process_coc(jpc_dec_t
+ 	jpc_coc_t *coc = &ms->parms.coc;
+ 	jpc_dec_tile_t *tile;
+ 
+-	if (JAS_CAST(int, coc->compno) > dec->numcomps) {
++	if (JAS_CAST(int, coc->compno) >= dec->numcomps) {
+ 		jas_eprintf("invalid component number in COC marker segment\n");
+ 		return -1;
+ 	}
+@@ -1307,7 +1307,7 @@ static int jpc_dec_process_rgn(jpc_dec_t
+ 	jpc_rgn_t *rgn = &ms->parms.rgn;
+ 	jpc_dec_tile_t *tile;
+ 
+-	if (JAS_CAST(int, rgn->compno) > dec->numcomps) {
++	if (JAS_CAST(int, rgn->compno) >= dec->numcomps) {
+ 		jas_eprintf("invalid component number in RGN marker segment\n");
+ 		return -1;
+ 	}
+@@ -1356,7 +1356,7 @@ static int jpc_dec_process_qcc(jpc_dec_t
+ 	jpc_qcc_t *qcc = &ms->parms.qcc;
+ 	jpc_dec_tile_t *tile;
+ 
+-	if (JAS_CAST(int, qcc->compno) > dec->numcomps) {
++	if (JAS_CAST(int, qcc->compno) >= dec->numcomps) {
+ 		jas_eprintf("invalid component number in QCC marker segment\n");
+ 		return -1;
+ 	}
diff --git a/media-libs/jasper/files/jasper-pkgconfig.patch b/media-libs/jasper/files/jasper-pkgconfig.patch
new file mode 100644
index 000000000000..c8af5ca83f49
--- /dev/null
+++ b/media-libs/jasper/files/jasper-pkgconfig.patch
@@ -0,0 +1,48 @@
+diff -Naur jasper-1.900.1/configure.ac jasper-1.900.1.new/configure.ac
+--- jasper-1.900.1/configure.ac	2007-01-19 21:47:11.000000000 +0000
++++ jasper-1.900.1.new/configure.ac	2009-10-29 13:37:02.000000000 +0000
+@@ -399,6 +399,8 @@
+ src/libjasper/pnm/Makefile
+ src/libjasper/ras/Makefile
+ src/msvc/Makefile
++pkgconfig/Makefile
++pkgconfig/jasper.pc
+ jasper.spec
+ ])
+ AC_OUTPUT
+diff -Naur jasper-1.900.1/Makefile.am jasper-1.900.1.new/Makefile.am
+--- jasper-1.900.1/Makefile.am	2007-01-19 21:43:14.000000000 +0000
++++ jasper-1.900.1.new/Makefile.am	2009-10-29 13:36:28.000000000 +0000
+@@ -64,7 +64,7 @@
+ # Note: We need to put the derived file "jasper.spec" in the distribution
+ # in order to facilitate RPM building.
+ 
+-SUBDIRS = src
++SUBDIRS = src pkgconfig
+ 
+ rpm: dist
+ 	for i in BUILD RPMS SRPMS SOURCES SPECS; do \
+diff -Naur jasper-1.900.1/pkgconfig/jasper.pc.in jasper-1.900.1.new/pkgconfig/jasper.pc.in
+--- jasper-1.900.1/pkgconfig/jasper.pc.in	1970-01-01 01:00:00.000000000 +0100
++++ jasper-1.900.1.new/pkgconfig/jasper.pc.in	2009-10-29 16:30:43.000000000 +0000
+@@ -0,0 +1,11 @@
++prefix=@prefix@
++exec_prefix=@exec_prefix@
++libdir=@libdir@
++includedir=@includedir@
++
++Name: Jasper
++Description: JPEG 2000 encoding and decoding library
++Version: @VERSION@
++
++Libs: -L${libdir} -ljasper
++Cflags: -I${includedir}/jasper
+diff -Naur jasper-1.900.1/pkgconfig/Makefile.am jasper-1.900.1.new/pkgconfig/Makefile.am
+--- jasper-1.900.1/pkgconfig/Makefile.am	1970-01-01 01:00:00.000000000 +0100
++++ jasper-1.900.1.new/pkgconfig/Makefile.am	2009-10-29 13:38:59.000000000 +0000
+@@ -0,0 +1,5 @@
++pkgconfigdir = $(libdir)/pkgconfig
++pkgconfig_DATA = jasper.pc
++
++EXTRA_DIST = \
++        jasper.pc.in
diff --git a/media-libs/jasper/jasper-1.900.1-r7.ebuild b/media-libs/jasper/jasper-1.900.1-r7.ebuild
new file mode 100644
index 000000000000..8957410a54a1
--- /dev/null
+++ b/media-libs/jasper/jasper-1.900.1-r7.ebuild
@@ -0,0 +1,50 @@
+# Copyright 1999-2014 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+# $Header: /var/cvsroot/gentoo-x86/media-libs/jasper/jasper-1.900.1-r7.ebuild,v 1.1 2014/12/05 08:05:52 jlec Exp $
+
+EAPI=5
+
+# outdated './configure': breaks in 'USE=opengl ABI_X86="32 64"' case:
+#  uses /usr/lib64 for 32-bit ABI.
+AUTOTOOLS_AUTORECONF=yes
+
+inherit autotools-multilib
+
+DESCRIPTION="software-based implementation of the codec specified in the JPEG-2000 Part-1 standard"
+HOMEPAGE="http://www.ece.uvic.ca/~mdadams/jasper/"
+SRC_URI="
+	http://www.ece.uvic.ca/~mdadams/${PN}/software/${P}.zip
+	mirror://gentoo/${P}-fixes-20120611.patch.bz2"
+
+LICENSE="JasPer2.0"
+SLOT="0"
+KEYWORDS="~alpha ~amd64 ~arm ~hppa ~ia64 ~mips ~ppc ~ppc64 ~s390 ~sh ~sparc ~x86 ~amd64-fbsd ~sparc-fbsd ~x86-fbsd ~amd64-linux ~arm-linux ~x86-linux ~ppc-macos ~x64-macos ~x86-macos ~x64-solaris ~x86-solaris"
+IUSE="jpeg opengl static-libs"
+
+RDEPEND="
+	jpeg? ( >=virtual/jpeg-0-r2:0[${MULTILIB_USEDEP}] )
+	opengl? (
+		>=virtual/opengl-7.0-r1:0[${MULTILIB_USEDEP}]
+		>=media-libs/freeglut-2.8.1:0[${MULTILIB_USEDEP}]
+		virtual/glu
+		)"
+DEPEND="${RDEPEND}
+	app-arch/unzip"
+
+PATCHES=(
+	"${WORKDIR}"/${P}-fixes-20120611.patch
+	"${FILESDIR}"/${PN}-1.701.0-GL-ac.patch
+	"${FILESDIR}"/${PN}-1.701.0-GL.patch
+	"${FILESDIR}"/${PN}-CVE-2014-9029.patch
+	"${FILESDIR}"/${PN}-pkgconfig.patch
+	)
+
+DOCS=( NEWS README doc/. )
+
+src_configure() {
+	local myeconfargs=(
+		$(use_enable jpeg libjpeg)
+		$(use_enable opengl)
+		)
+	autotools-multilib_src_configure
+}
author	Justin Lecher <jlec@gentoo.org>	2014-12-05 08:05:52 +0000
committer	Justin Lecher <jlec@gentoo.org>	2014-12-05 08:05:52 +0000
commit	7088593e25df92d0674985506b27d9bd9d0d57e2 (patch)
tree	79a3e04e257d58026dc9f5432711629d38a6915a /media-libs
parent	sci-chemistry/relax: Version BUmp (diff)
download	gentoo-2-7088593e25df92d0674985506b27d9bd9d0d57e2.tar.gz gentoo-2-7088593e25df92d0674985506b27d9bd9d0d57e2.tar.bz2 gentoo-2-7088593e25df92d0674985506b27d9bd9d0d57e2.zip