Subject: CVS commit: [pkgsrc-2014Q1] pkgsrc/graphics/jbigkit
From: Matthias Scheler
Date: 2014-04-11 13:50:10
Message id: 20140411115010.C47D496@cvs.netbsd.org

Log Message:
Pullup ticket #4363 - requested by obache
graphics/jbigkit: security update

Revisions pulled up:
- graphics/jbigkit/Makefile                                     1.6
- graphics/jbigkit/distinfo                                     1.5
- graphics/jbigkit/patches/patch-Makefile                       1.2
- graphics/jbigkit/patches/patch-aa                             1.4
- graphics/jbigkit/patches/patch-ab                             1.5

---
   Module Name:	pkgsrc
   Committed By:	obache
   Date:		Thu Apr 10 12:04:16 UTC 2014

   Modified Files:
   	pkgsrc/graphics/jbigkit: Makefile distinfo
   	pkgsrc/graphics/jbigkit/patches: patch-Makefile patch-aa patch-ab

   Log Message:
   Update jbigkit to 2.1.

   Changes in version 2.1 (2014-04-08)

   This is a security-critical bug-fix release that remains API and ABI
   backwards compatible to version 2.0. Users who process BIE data from
   untrusted sources should upgrade.

     - fixed a buffer-overflow vulnerability in the jbig.c decoder,
       reported by Florian Weimer (Red Hat): CVE-2013-6369

     - fixed ability of corrupted input data to force jbig85.c decoder
       into an end-less loop

     - fixed a bug in the processing of private deterministic-prediction
       tables (DPPRIV=3D1) in jbig.c decoder

     - fixed integer-type mismatches in printf arguments on 64-bit systems

     - fuzz-testing script added

Files:
RevisionActionfile
1.5.2.1modifypkgsrc/graphics/jbigkit/Makefile
1.4.2.1modifypkgsrc/graphics/jbigkit/distinfo
1.1.2.1modifypkgsrc/graphics/jbigkit/patches/patch-Makefile
1.3.2.1modifypkgsrc/graphics/jbigkit/patches/patch-aa
1.4.2.1modifypkgsrc/graphics/jbigkit/patches/patch-ab