diff options
Diffstat (limited to 'patches/source/libjpeg')
| -rw-r--r-- | patches/source/libjpeg/jpeg-6b.diff | 59 | ||||
| -rw-r--r-- | patches/source/libjpeg/jpeg.CVE-2013-6629.diff | 32 | ||||
| -rwxr-xr-x | patches/source/libjpeg/libjpeg.SlackBuild | 103 | ||||
| -rw-r--r-- | patches/source/libjpeg/slack-desc | 19 |
4 files changed, 213 insertions, 0 deletions
diff --git a/patches/source/libjpeg/jpeg-6b.diff b/patches/source/libjpeg/jpeg-6b.diff new file mode 100644 index 000000000..8ad8bb5db --- /dev/null +++ b/patches/source/libjpeg/jpeg-6b.diff @@ -0,0 +1,59 @@ +--- makefile.cfg.orig Sat Mar 21 13:08:57 1998 ++++ makefile.cfg Tue Oct 6 19:15:26 1998 +@@ -21,6 +21,8 @@ + + # The name of your C compiler: + CC= @CC@ ++SONAME=libjpeg.so.62 ++SHLIBNAME=libjpeg.so.62.0.0 + + # You may need to adjust these cc options: + CFLAGS= @CFLAGS@ @CPPFLAGS@ @INCLUDEFLAGS@ +@@ -125,6 +127,7 @@ + jdsample.$(O) jdcolor.$(O) jquant1.$(O) jquant2.$(O) jdmerge.$(O) + # These objectfiles are included in libjpeg.a + LIBOBJECTS= $(CLIBOBJECTS) $(DLIBOBJECTS) $(COMOBJECTS) ++SHLIBOBJECTS= $(LIBOBJECTS:%.o=%.so) + # object files for sample applications (excluding library files) + COBJECTS= cjpeg.$(O) rdppm.$(O) rdgif.$(O) rdtarga.$(O) rdrle.$(O) \ + rdbmp.$(O) rdswitch.$(O) cdjpeg.$(O) +@@ -133,7 +136,7 @@ + TROBJECTS= jpegtran.$(O) rdswitch.$(O) cdjpeg.$(O) transupp.$(O) + + +-all: @A2K_DEPS@ libjpeg.$(A) cjpeg djpeg jpegtran rdjpgcom wrjpgcom ++all: @A2K_DEPS@ libjpeg.$(A) $(SHLIBNAME) cjpeg djpeg jpegtran rdjpgcom wrjpgcom + + # Special compilation rules to support ansi2knr and libtool. + .SUFFIXES: .lo .la +@@ -171,6 +174,11 @@ + $(LIBTOOL) --mode=link $(CC) -o libjpeg.la $(LIBOBJECTS) \ + -rpath $(libdir) -version-info $(JPEG_LIB_VERSION) + ++# shared library ++ ++$(SHLIBNAME): @A2K_DEPS@ $(SHLIBOBJECTS) ++ gcc -o $(SHLIBNAME) -Wl,-soname,$(SONAME) -shared $(SHLIBOBJECTS) ++ + # sample programs: + + cjpeg: $(COBJECTS) libjpeg.$(A) +@@ -214,7 +222,7 @@ + clean: + $(RM) *.o *.lo libjpeg.a libjpeg.la + $(RM) cjpeg djpeg jpegtran rdjpgcom wrjpgcom +- $(RM) ansi2knr core testout* config.log config.status ++ $(RM) ansi2knr core testout* config.log config.status $(SHLIBNAME) + $(RM) -r knr .libs _libs + + distclean: clean +@@ -289,6 +297,9 @@ + jidctfst.$(O): jidctfst.c jinclude.h jconfig.h jpeglib.h jmorecfg.h jpegint.h jerror.h jdct.h + jidctint.$(O): jidctint.c jinclude.h jconfig.h jpeglib.h jmorecfg.h jpegint.h jerror.h jdct.h + jidctred.$(O): jidctred.c jinclude.h jconfig.h jpeglib.h jmorecfg.h jpegint.h jerror.h jdct.h ++ ++%.so : %.c ++ $(CC) -c -fPIC $(CFLAGS) $(CPPFLAGS) $< -o $@ + jquant1.$(O): jquant1.c jinclude.h jconfig.h jpeglib.h jmorecfg.h jpegint.h jerror.h + jquant2.$(O): jquant2.c jinclude.h jconfig.h jpeglib.h jmorecfg.h jpegint.h jerror.h + jutils.$(O): jutils.c jinclude.h jconfig.h jpeglib.h jmorecfg.h jpegint.h jerror.h diff --git a/patches/source/libjpeg/jpeg.CVE-2013-6629.diff b/patches/source/libjpeg/jpeg.CVE-2013-6629.diff new file mode 100644 index 000000000..37c267a1d --- /dev/null +++ b/patches/source/libjpeg/jpeg.CVE-2013-6629.diff @@ -0,0 +1,32 @@ +From f457207b57d0e234cf7a174d20a7db424b82173d Mon Sep 17 00:00:00 2001 +From: mancha <mancha1@hush.com> +Date: Fri, 22 Nov 2013 +Subject: CVE-2013-6629 + +get_sos() in jdmarker.c does not check for duplication of component data +while reading segments following Start Of Scan (SOS) JPEG markers. This +allows remote attackers to obtain sensitive information from uninitialized +memory locations via crafted JPEG images. + +Adapted from: +https://codereview.chromium.org/download/issue31603002_1.diff + +--- + jdmarker.c | 6 ++++++ + 1 file changed, 6 insertions(+) + +--- a/jdmarker.c ++++ b/jdmarker.c +@@ -347,6 +347,12 @@ get_sos (j_decompress_ptr cinfo) + + TRACEMS3(cinfo, 1, JTRC_SOS_COMPONENT, cc, + compptr->dc_tbl_no, compptr->ac_tbl_no); ++ ++ /* This CSi (cc) should differ from the previous CSi */ ++ for (ci = 0; ci < i; ci++) { ++ if (cinfo->cur_comp_info[ci] == compptr) ++ ERREXIT1(cinfo, JERR_BAD_COMPONENT_ID, cc); ++ } + } + + /* Collect the additional scan parameters Ss, Se, Ah/Al. */ diff --git a/patches/source/libjpeg/libjpeg.SlackBuild b/patches/source/libjpeg/libjpeg.SlackBuild new file mode 100755 index 000000000..21063ce68 --- /dev/null +++ b/patches/source/libjpeg/libjpeg.SlackBuild @@ -0,0 +1,103 @@ +#!/bin/sh + +# Copyright 2008, 2009, 2013 Patrick J. Volkerding, Sebeka, MN, USA +# All rights reserved. +# +# Redistribution and use of this script, with or without modification, is +# permitted provided that the following conditions are met: +# +# 1. Redistributions of this script must retain the above copyright +# notice, this list of conditions and the following disclaimer. +# +# THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR IMPLIED +# WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF +# MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO +# EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, +# SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, +# PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; +# OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, +# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR +# OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF +# ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + + +VERSION=${VERSION:-6b} +BUILD=${BUILD:-6_slack13.0} + +# Automatically determine the architecture we're building on: +if [ -z "$ARCH" ]; then + case "$(uname -m)" in + i?86) ARCH=i486 ;; + arm*) readelf /usr/bin/file -A | egrep -q "Tag_CPU.*[4,5]" && ARCH=arm || ARCH=armv7lh ;; + # Unless $ARCH is already set, use uname -m for all other archs: + *) ARCH=$(uname -m) ;; + esac + export ARCH +fi + +CWD=$(pwd) +TMP=${TMP:-/tmp} +PKG=$TMP/package-libjpeg + +if [ "$ARCH" = "i486" ]; then + SLKCFLAGS="-O2 -march=i486 -mtune=i686" + LIBDIRSUFFIX="" +elif [ "$ARCH" = "s390" ]; then + SLKCFLAGS="-O2" + LIBDIRSUFFIX="" +elif [ "$ARCH" = "x86_64" ]; then + SLKCFLAGS="-O2 -fPIC" + LIBDIRSUFFIX="64" +fi + +rm -rf $PKG +mkdir -p $TMP $PKG + +# Explode the package framework: +cd $PKG +explodepkg $CWD/_libjpeg.tar.gz +if [ "$ARCH" = "x86_64" ]; then + mv usr/lib usr/lib${LIBDIRSUFFIX} + sed -i -e "s#usr/lib#usr/lib${LIBDIRSUFFIX}#g" install/doinst.sh +fi + +cd $TMP +rm -rf jpeg-6b +tar xzvf $CWD/jpegsrc.v6b.tar.gz +cd jpeg-6b +chown -R root:root . +zcat $CWD/jpeg-6b.diff.gz | patch -p0 -E +zcat $CWD/jpeg.CVE-2013-6629.diff.gz | patch -p1 --verbose || exit 1 +export CFLAGS="$SLKCFLAGS" +./configure \ + --libdir=/usr/lib${LIBDIRSUFFIX} +make -j3 || exit 1 +strip cjpeg djpeg rdjpgcom wrjpgcom jpegtran +cat cjpeg > $PKG/usr/bin/cjpeg +cat djpeg > $PKG/usr/bin/djpeg +cat jpegtran > $PKG/usr/bin/jpegtran +cat rdjpgcom > $PKG/usr/bin/rdjpgcom +cat wrjpgcom > $PKG/usr/bin/wrjpgcom +for page in cjpeg.1 djpeg.1 jpegtran.1 rdjpgcom.1 wrjpgcom.1 ; do + cat $page | gzip -9c > $PKG/usr/man/man1/$page.gz +done +strip --strip-unneeded libjpeg.so.62.0.0 +cat libjpeg.so.62.0.0 > $PKG/usr/lib${LIBDIRSUFFIX}/libjpeg.so.62.0.0 +cat libjpeg.a > $PKG/usr/lib${LIBDIRSUFFIX}/libjpeg.a +cp -a jconfig.h jpeglib.h jmorecfg.h jerror.h $PKG/usr/include +# KDE includes this complete header list, but the libjpeg source doesn't +# suggest it, and we trust them. :) +#for file in jchuff.h jdhuff.h jdct.h jerror.h jinclude.h jmemsys.h \ +# jmorecfg.h jpegint.h jpeglib.h jversion.h cdjpeg.h cderror.h jconfig.h ; do +# cp -a $file $PKG/usr/include +#done +mkdir -p $PKG/usr/doc/libjpeg-$VERSION +cp -a README *.doc $PKG/usr/doc/libjpeg-$VERSION +chmod 644 $PKG/usr/doc/libjpeg-$VERSION/* +mkdir -p $PKG/install +cat $CWD/slack-desc > $PKG/install/slack-desc + +# Build the package: +cd $PKG +makepkg -c y -l y $TMP/libjpeg-$VERSION-$ARCH-$BUILD.txz + diff --git a/patches/source/libjpeg/slack-desc b/patches/source/libjpeg/slack-desc new file mode 100644 index 000000000..d1add7fdf --- /dev/null +++ b/patches/source/libjpeg/slack-desc @@ -0,0 +1,19 @@ +# HOW TO EDIT THIS FILE: +# The "handy ruler" below makes it easier to edit a package description. Line +# up the first '|' above the ':' following the base package name, and the '|' +# on the right side marks the last column you can put a character in. You must +# make exactly 11 lines for the formatting to be correct. It's also +# customary to leave one space after the ':'. + + |-----handy-ruler------------------------------------------------------| +libjpeg: libjpeg (Independent JPEG Group's JPEG software) +libjpeg: +libjpeg: Software to implement JPEG image compression and decompression. JPEG +libjpeg: (pronounced 'jay-peg') is a standardized compression method for +libjpeg: full-color and gray-scale images. JPEG is intended for compressing +libjpeg: 'real-world' scenes; cartoons and other non-realistic images are not +libjpeg: its strong suit. JPEG is lossy, however, on typical images of +libjpeg: real-world scenes, very good compression levels can be obtained with +libjpeg: no visible change, and amazingly high compression levels are possible +libjpeg: if you can tolerate a low-quality image. +libjpeg: |