- CVE-2007-2721 (#240397)
This commit is contained in:
parent
0d6a03598e
commit
a52270f107
10
jasper.spec
10
jasper.spec
@ -11,7 +11,7 @@ Summary: Implementation of the JPEG-2000 standard, Part 1
|
||||
Name: jasper
|
||||
Group: System Environment/Libraries
|
||||
Version: 1.900.1
|
||||
Release: 1%{?dist}
|
||||
Release: 2%{?dist}
|
||||
|
||||
License: JasPer License Version 2.0
|
||||
%if "%{?geo:1}" == "1"
|
||||
@ -28,6 +28,9 @@ BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n)
|
||||
Patch1: jasper-1.701.0-GL.patch
|
||||
# autoconf/automake bits of patch1
|
||||
Patch2: jasper-1.701.0-GL-ac.patch
|
||||
# CVE-2007-2721 (bug #240397)
|
||||
# borrowed from http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=413041;msg=88
|
||||
Patch3: patch-libjasper-stepsizes-overflow.diff
|
||||
|
||||
BuildRequires: automake
|
||||
BuildRequires: libjpeg-devel
|
||||
@ -52,6 +55,7 @@ Requires: libjpeg-devel
|
||||
%setup -q -n %{name}-%{version}%{?geo:.GEO}
|
||||
|
||||
%patch1 -p1 -b .GL
|
||||
%patch3 -p1 -b .CVE-2007-2721
|
||||
|
||||
%if "%{?geo:1}" == "1"
|
||||
chmod +x configure configure.ac
|
||||
@ -64,6 +68,7 @@ automake -a
|
||||
%endif
|
||||
|
||||
|
||||
|
||||
%build
|
||||
|
||||
%configure \
|
||||
@ -115,6 +120,9 @@ rm -rf $RPM_BUILD_ROOT
|
||||
|
||||
|
||||
%changelog
|
||||
* Wed May 23 2007 Rex Dieter <rdieter[AT]fedoraproject.org> 1.900.1-2
|
||||
- CVE-2007-2721 (#240397)
|
||||
|
||||
* Thu Mar 29 2007 Rex Dieter <rdieter[AT]fedoraproject.org> 1.900.1-1
|
||||
- jasper-1.900.1
|
||||
|
||||
|
14
patch-libjasper-stepsizes-overflow.diff
Normal file
14
patch-libjasper-stepsizes-overflow.diff
Normal file
@ -0,0 +1,14 @@
|
||||
--- jasper-1.900.1.orig/src/libjasper/jpc/jpc_cs.c 2007-01-19 22:43:07.000000000 +0100
|
||||
+++ jasper-1.900.1/src/libjasper/jpc/jpc_cs.c 2007-04-06 01:29:02.000000000 +0200
|
||||
@@ -982,7 +982,10 @@ static int jpc_qcx_getcompparms(jpc_qcxc
|
||||
compparms->numstepsizes = (len - n) / 2;
|
||||
break;
|
||||
}
|
||||
- if (compparms->numstepsizes > 0) {
|
||||
+ if (compparms->numstepsizes > 3 * JPC_MAXRLVLS + 1) {
|
||||
+ jpc_qcx_destroycompparms(compparms);
|
||||
+ return -1;
|
||||
+ } else if (compparms->numstepsizes > 0) {
|
||||
compparms->stepsizes = jas_malloc(compparms->numstepsizes *
|
||||
sizeof(uint_fast16_t));
|
||||
assert(compparms->stepsizes);
|
Loading…
Reference in New Issue
Block a user