From 8ff4f2f51a6cf07fc33742ce3bee81328896e49b Mon Sep 17 00:00:00 2001 From: Patrick J Volkerding Date: Fri, 25 May 2018 23:29:36 +0000 Subject: Fri May 25 23:29:36 UTC 2018 patches/packages/glibc-zoneinfo-2018e-noarch-2_slack14.1.txz: Rebuilt. Handle removal of US/Pacific-New timezone. If we see that the machine is using this, it will be automatically switched to US/Pacific. --- patches/source/libjpeg/jpeg.CVE-2013-6629.diff | 32 +++++++ patches/source/libjpeg/libjpeg.SlackBuild | 112 +++++++++++++++++++++++++ patches/source/libjpeg/slack-desc | 19 +++++ 3 files changed, 163 insertions(+) create mode 100644 patches/source/libjpeg/jpeg.CVE-2013-6629.diff create mode 100755 patches/source/libjpeg/libjpeg.SlackBuild create mode 100644 patches/source/libjpeg/slack-desc (limited to 'patches/source/libjpeg') diff --git a/patches/source/libjpeg/jpeg.CVE-2013-6629.diff b/patches/source/libjpeg/jpeg.CVE-2013-6629.diff new file mode 100644 index 000000000..37c267a1d --- /dev/null +++ b/patches/source/libjpeg/jpeg.CVE-2013-6629.diff @@ -0,0 +1,32 @@ +From f457207b57d0e234cf7a174d20a7db424b82173d Mon Sep 17 00:00:00 2001 +From: mancha +Date: Fri, 22 Nov 2013 +Subject: CVE-2013-6629 + +get_sos() in jdmarker.c does not check for duplication of component data +while reading segments following Start Of Scan (SOS) JPEG markers. This +allows remote attackers to obtain sensitive information from uninitialized +memory locations via crafted JPEG images. + +Adapted from: +https://codereview.chromium.org/download/issue31603002_1.diff + +--- + jdmarker.c | 6 ++++++ + 1 file changed, 6 insertions(+) + +--- a/jdmarker.c ++++ b/jdmarker.c +@@ -347,6 +347,12 @@ get_sos (j_decompress_ptr cinfo) + + TRACEMS3(cinfo, 1, JTRC_SOS_COMPONENT, cc, + compptr->dc_tbl_no, compptr->ac_tbl_no); ++ ++ /* This CSi (cc) should differ from the previous CSi */ ++ for (ci = 0; ci < i; ci++) { ++ if (cinfo->cur_comp_info[ci] == compptr) ++ ERREXIT1(cinfo, JERR_BAD_COMPONENT_ID, cc); ++ } + } + + /* Collect the additional scan parameters Ss, Se, Ah/Al. */ diff --git a/patches/source/libjpeg/libjpeg.SlackBuild b/patches/source/libjpeg/libjpeg.SlackBuild new file mode 100755 index 000000000..37b9f67f6 --- /dev/null +++ b/patches/source/libjpeg/libjpeg.SlackBuild @@ -0,0 +1,112 @@ +#!/bin/sh + +# Copyright 2008, 2009, 2010, 2013 Patrick J. Volkerding, Sebeka, MN, USA +# All rights reserved. +# +# Redistribution and use of this script, with or without modification, is +# permitted provided that the following conditions are met: +# +# 1. Redistributions of this script must retain the above copyright +# notice, this list of conditions and the following disclaimer. +# +# THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR IMPLIED +# WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF +# MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO +# EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, +# SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, +# PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; +# OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, +# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR +# OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF +# ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + + +VERSION=${VERSION:-v8a} +BUILD=${BUILD:-2_slack14.1} + +# Automatically determine the architecture we're building on: +if [ -z "$ARCH" ]; then + case "$( uname -m )" in + i?86) export ARCH=i486 ;; + arm*) export ARCH=arm ;; + # Unless $ARCH is already set, use uname -m for all other archs: + *) export ARCH=$( uname -m ) ;; + esac +fi + +NUMJOBS=${NUMJOBS:-" -j7 "} + +CWD=$(pwd) +TMP=${TMP:-/tmp} +PKG=$TMP/package-libjpeg + +if [ "$ARCH" = "i486" ]; then + SLKCFLAGS="-O2 -march=i486 -mtune=i686" + LIBDIRSUFFIX="" +elif [ "$ARCH" = "s390" ]; then + SLKCFLAGS="-O2" + LIBDIRSUFFIX="" +elif [ "$ARCH" = "x86_64" ]; then + SLKCFLAGS="-O2 -fPIC" + LIBDIRSUFFIX="64" +else + SLKCFLAGS="-O2" + LIBDIRSUFFIX="" +fi + +rm -rf $PKG +mkdir -p $TMP $PKG + +cd $TMP +rm -rf jpeg-$(echo $VERSION | cut -f 2 -d v) +tar xvf $CWD/jpegsrc.${VERSION}.tar.?z* || exit 1 +cd jpeg-$(echo $VERSION | cut -f 2 -d v) + +chown -R root:root . +find . \ + \( -perm 777 -o -perm 775 -o -perm 711 -o -perm 555 -o -perm 511 \) \ + -exec chmod 755 {} \; -o \ + \( -perm 666 -o -perm 664 -o -perm 600 -o -perm 444 -o -perm 440 -o -perm 400 \) \ + -exec chmod 644 {} \; + +zcat $CWD/jpeg.CVE-2013-6629.diff.gz | patch -p1 --verbose || exit 1 + +export CFLAGS="$SLKCFLAGS" +./configure \ + --prefix=/usr \ + --mandir=/usr/man \ + --libdir=/usr/lib${LIBDIRSUFFIX} +make $NUMJOBS || make || exit 1 +make install DESTDIR=$PKG + +# Strip binaries: +( cd $PKG + find . | xargs file | grep "executable" | grep ELF | cut -f 1 -d : | xargs strip --strip-unneeded 2> /dev/null + find . | xargs file | grep "shared object" | grep ELF | cut -f 1 -d : | xargs strip --strip-unneeded 2> /dev/null +) + +# Compress and link manpages, if any: +if [ -d $PKG/usr/man ]; then + ( cd $PKG/usr/man + for manpagedir in $(find . -type d -name "man*") ; do + ( cd $manpagedir + for eachpage in $( find . -type l -maxdepth 1) ; do + ln -s $( readlink $eachpage ).gz $eachpage.gz + rm $eachpage + done + gzip -9 *.? + ) + done + ) +fi + +mkdir -p $PKG/usr/doc/libjpeg-$VERSION +cp -a README $PKG/usr/doc/libjpeg-$VERSION + +mkdir -p $PKG/install +cat $CWD/slack-desc > $PKG/install/slack-desc + +# Build the package: +cd $PKG +makepkg -c y -l y $TMP/libjpeg-$VERSION-$ARCH-$BUILD.txz + diff --git a/patches/source/libjpeg/slack-desc b/patches/source/libjpeg/slack-desc new file mode 100644 index 000000000..d1add7fdf --- /dev/null +++ b/patches/source/libjpeg/slack-desc @@ -0,0 +1,19 @@ +# HOW TO EDIT THIS FILE: +# The "handy ruler" below makes it easier to edit a package description. Line +# up the first '|' above the ':' following the base package name, and the '|' +# on the right side marks the last column you can put a character in. You must +# make exactly 11 lines for the formatting to be correct. It's also +# customary to leave one space after the ':'. + + |-----handy-ruler------------------------------------------------------| +libjpeg: libjpeg (Independent JPEG Group's JPEG software) +libjpeg: +libjpeg: Software to implement JPEG image compression and decompression. JPEG +libjpeg: (pronounced 'jay-peg') is a standardized compression method for +libjpeg: full-color and gray-scale images. JPEG is intended for compressing +libjpeg: 'real-world' scenes; cartoons and other non-realistic images are not +libjpeg: its strong suit. JPEG is lossy, however, on typical images of +libjpeg: real-world scenes, very good compression levels can be obtained with +libjpeg: no visible change, and amazingly high compression levels are possible +libjpeg: if you can tolerate a low-quality image. +libjpeg: -- cgit v1.2.3