slackware.ru
http://www.slackware.ru/forum/

Патч-сет для l/jasper
http://www.slackware.ru/forum/viewtopic.php?f=10&t=1648
Страница 1 из 1

Автор:  Ne01eX [ 30 июл 2015 08:54 ]
Заголовок сообщения:  Патч-сет для l/jasper

Компиляция патчей из репозиториев Fedora, Debian, Gentoo:

Краткое описание:

Код:
jasper-1.701.0-GL.patch

# autoconf/automake bits of patch1
jasper-1.701.0-GL-ac.patch

# CVE-2007-2721 (bug #240397)
# borrowed from http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=413041;msg=88
patch-libjasper-stepsizes-overflow.diff

# borrowed from http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=469786
jpc_dec.c.patch

# OpenBSD hardening patches addressing couple of possible integer overflows
# during the memory allocations
# https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2008-3520
jasper-1.900.1-CVE-2008-3520.patch

# https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2008-3522
jasper-1.900.1-CVE-2008-3522.patch

# add pkg-config support
jasper-pkgconfig.patch

#Description: Fix for CVE-2011-4516 and CVE-2011-4517
#This patch fixes a possible denial of service and code execution via
#heap-based buffer overflows.
#Bug-Debian: http://bugs.debian.org/652649
jasper-1.900.1-CVE-2011-4516-CVE-2011-4517-CERT-VU-887409.patch

#Description: CVE-2014-9029: Heap overflows in libjasper
#Origin: vendor, https://bugzilla.redhat.com/attachment.cgi?id=961994&action=diff
#Bug-Debian: https://bugs.debian.org/772036
#Bug-RedHat: https://bugzilla.redhat.com/show_bug.cgi?id=1167537
jasper-CVE-2014-9029.patch

#Description: CVE-2014-8137: double-free in in jas_iccattrval_destroy()
#Origin: vendor, https://bugzilla.redhat.com/attachment.cgi?id=967283,
#https://bugzilla.redhat.com/attachment.cgi?id=967284
#Bug-Debian: https://bugs.debian.org/773463
#Bug-RedHat: https://bugzilla.redhat.com/show_bug.cgi?id=1173157
jasper-CVE-2014-8137.patch

#Description: CVE-2014-8138: heap overflow in jp2_decode()
#Origin: vendor, https://bugzilla.redhat.com/attachment.cgi?id=967280
#Bug-Debian: https://bugs.debian.org/773463
#Bug-RedHat: https://bugzilla.redhat.com/show_bug.cgi?id=1173162
jasper-CVE-2014-8138.patch

#Description: CVE-2014-8157: dec->numtiles off-by-one check in jpc_dec_process_sot()
#Origin: vendor, http://pkgs.fedoraproject.org/cgit/jasper.git/tree/jasper-CVE-2014-8157.patch
#Bug-RedHat: https://bugzilla.redhat.com/show_bug.cgi?id=1179282
#Bug-Debian: https://bugs.debian.org/775970
jasper-CVE-2014-8157.patch

#Description: CVE-2014-8158: unrestricted stack memory use in jpc_qmfb.c
#Origin: vendor, http://pkgs.fedoraproject.org/cgit/jasper.git/tree/jasper-CVE-2014-8158.patch
#Bug-RedHat: https://bugzilla.redhat.com/show_bug.cgi?id=1179298
#Bug-Debian: https://bugs.debian.org/775970
jasper-CVE-2014-8158.patch

# Issues found by static analysis of code
jasper-1.900.1-Coverity-BAD_SIZEOF.patch
jasper-1.900.1-Coverity-CHECKED_RETURN.patch
jasper-1.900.1-Coverity-FORWARD_NULL.patch
jasper-1.900.1-Coverity-NULL_RETURNS.patch
jasper-1.900.1-Coverity-RESOURCE_LEAK.patch
jasper-1.900.1-Coverity-UNREACHABLE.patch
jasper-1.900.1-Coverity-UNUSED_VALUE.patch


Бонусом идут man-страницы из Debian "Sid".

Патч накладывается на директорию с jasper (не забудьте переименовать файл):

Код:
mv jasper.patches-set_for_slackware.patch.xz.txt jasper.patches-set_for_slackware.patch.xz
cd jasper
cat /путь/до/патча/jasper.patches-set_for_slackware.patch.xz | xz -d | patch -p1 --verbose


P.S. Фюреру отписал, жду ответа.
P.P.S. Да, будет включено в следующую сборку S.C.R. независимо от ответа Фюрера. :-):

С уважением, ваш Штандартенфюрер S, Ne01eX.

Страница 1 из 1 Часовой пояс: UTC + 3 часа
Powered by phpBB® Forum Software © phpBB Group
https://www.phpbb.com/