+++ /dev/null
-Fix CVE-2014-9029
-
-Patch taken from https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2014-9029
-
-Signed-off-by: Baruch Siach <baruch@tkos.co.il>
----
-
---- jasper-1.900.1.orig/src/libjasper/jpc/jpc_dec.c 2014-11-27 12:45:44.000000000 +0100
-+++ jasper-1.900.1.orig/src/libjasper/jpc/jpc_dec.c 2014-11-27 12:44:58.000000000 +0100
-@@ -1281,7 +1281,7 @@ static int jpc_dec_process_coc(jpc_dec_t
- jpc_coc_t *coc = &ms->parms.coc;
- jpc_dec_tile_t *tile;
-
-- if (JAS_CAST(int, coc->compno) > dec->numcomps) {
-+ if (JAS_CAST(int, coc->compno) >= dec->numcomps) {
- jas_eprintf("invalid component number in COC marker segment\n");
- return -1;
- }
-@@ -1307,7 +1307,7 @@ static int jpc_dec_process_rgn(jpc_dec_t
- jpc_rgn_t *rgn = &ms->parms.rgn;
- jpc_dec_tile_t *tile;
-
-- if (JAS_CAST(int, rgn->compno) > dec->numcomps) {
-+ if (JAS_CAST(int, rgn->compno) >= dec->numcomps) {
- jas_eprintf("invalid component number in RGN marker segment\n");
- return -1;
- }
-@@ -1356,7 +1356,7 @@ static int jpc_dec_process_qcc(jpc_dec_t
- jpc_qcc_t *qcc = &ms->parms.qcc;
- jpc_dec_tile_t *tile;
-
-- if (JAS_CAST(int, qcc->compno) > dec->numcomps) {
-+ if (JAS_CAST(int, qcc->compno) >= dec->numcomps) {
- jas_eprintf("invalid component number in QCC marker segment\n");
- return -1;
- }
+++ /dev/null
-See https://bugzilla.redhat.com/show_bug.cgi?id=1173162
-
-Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar>
-
---- jasper-1.900.1.orig/src/libjasper/jp2/jp2_dec.c 2014-12-11 14:06:44.000000000 +0100
-+++ jasper-1.900.1/src/libjasper/jp2/jp2_dec.c 2014-12-11 14:06:26.000000000 +0100
-@@ -386,6 +386,11 @@ jas_image_t *jp2_decode(jas_stream_t *in
- /* Determine the type of each component. */
- if (dec->cdef) {
- for (i = 0; i < dec->numchans; ++i) {
-+ /* Is the channel number reasonable? */
-+ if (dec->cdef->data.cdef.ents[i].channo >= dec->numchans) {
-+ jas_eprintf("error: invalid channel number in CDEF box\n");
-+ goto error;
-+ }
- jas_image_setcmpttype(dec->image,
- dec->chantocmptlut[dec->cdef->data.cdef.ents[i].channo],
- jp2_getct(jas_image_clrspc(dec->image),
+++ /dev/null
-See https://bugzilla.redhat.com/show_bug.cgi?id=1173157
-
-Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar>
-
---- jasper-1.900.1.orig/src/libjasper/base/jas_icc.c 2014-12-11 14:06:44.000000000 +0100
-+++ jasper-1.900.1/src/libjasper/base/jas_icc.c 2014-12-11 15:16:37.971272386 +0100
-@@ -1009,7 +1009,6 @@ static int jas_icccurv_input(jas_iccattr
- return 0;
-
- error:
-- jas_icccurv_destroy(attrval);
- return -1;
- }
-
-@@ -1127,7 +1126,6 @@ static int jas_icctxtdesc_input(jas_icca
- #endif
- return 0;
- error:
-- jas_icctxtdesc_destroy(attrval);
- return -1;
- }
-
-@@ -1206,8 +1204,6 @@ static int jas_icctxt_input(jas_iccattrv
- goto error;
- return 0;
- error:
-- if (txt->string)
-- jas_free(txt->string);
- return -1;
- }
-
-@@ -1328,7 +1324,6 @@ static int jas_icclut8_input(jas_iccattr
- goto error;
- return 0;
- error:
-- jas_icclut8_destroy(attrval);
- return -1;
- }
-
-@@ -1497,7 +1492,6 @@ static int jas_icclut16_input(jas_iccatt
- goto error;
- return 0;
- error:
-- jas_icclut16_destroy(attrval);
- return -1;
- }
-
+++ /dev/null
-See https://bugzilla.redhat.com/show_bug.cgi?id=1173157
-
-Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar>
-
---- jasper-1.900.1.orig/src/libjasper/jp2/jp2_dec.c 2014-12-11 14:30:54.193209780 +0100
-+++ jasper-1.900.1/src/libjasper/jp2/jp2_dec.c 2014-12-11 14:36:46.313217814 +0100
-@@ -291,7 +291,10 @@ jas_image_t *jp2_decode(jas_stream_t *in
- case JP2_COLR_ICC:
- iccprof = jas_iccprof_createfrombuf(dec->colr->data.colr.iccp,
- dec->colr->data.colr.iccplen);
-- assert(iccprof);
-+ if (!iccprof) {
-+ jas_eprintf("error: failed to parse ICC profile\n");
-+ goto error;
-+ }
- jas_iccprof_gethdr(iccprof, &icchdr);
- jas_eprintf("ICC Profile CS %08x\n", icchdr.colorspc);
- jas_image_setclrspc(dec->image, fromiccpcs(icchdr.colorspc));
+++ /dev/null
-Fix CVE-2014-8157 - dec->numtiles off-by-one check in jpc_dec_process_sot()
-From https://bugzilla.redhat.com/show_bug.cgi?id=1179282
-
-Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar>
-
-diff -up jasper-1.900.1/src/libjasper/jpc/jpc_dec.c.CVE-2014-8157 jasper-1.900.1/src/libjasper/jpc/jpc_dec.c
---- jasper-1.900.1/src/libjasper/jpc/jpc_dec.c.CVE-2014-8157 2015-01-19 16:59:36.000000000 +0100
-+++ jasper-1.900.1/src/libjasper/jpc/jpc_dec.c 2015-01-19 17:07:41.609863268 +0100
-@@ -489,7 +489,7 @@ static int jpc_dec_process_sot(jpc_dec_t
- dec->curtileendoff = 0;
- }
-
-- if (JAS_CAST(int, sot->tileno) > dec->numtiles) {
-+ if (JAS_CAST(int, sot->tileno) >= dec->numtiles) {
- jas_eprintf("invalid tile number in SOT marker segment\n");
- return -1;
- }
+++ /dev/null
-Fix CVE-2014-8158 - unrestricted stack memory use in jpc_qmfb.c
-From https://bugzilla.redhat.com/show_bug.cgi?id=1179298
-
-Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar>
-
-diff -up jasper-1.900.1/src/libjasper/jpc/jpc_qmfb.c.CVE-2014-8158 jasper-1.900.1/src/libjasper/jpc/jpc_qmfb.c
---- jasper-1.900.1/src/libjasper/jpc/jpc_qmfb.c.CVE-2014-8158 2015-01-19 17:25:28.730195502 +0100
-+++ jasper-1.900.1/src/libjasper/jpc/jpc_qmfb.c 2015-01-19 17:27:20.214663127 +0100
-@@ -306,11 +306,7 @@ void jpc_qmfb_split_row(jpc_fix_t *a, in
- {
-
- int bufsize = JPC_CEILDIVPOW2(numcols, 1);
--#if !defined(HAVE_VLA)
- jpc_fix_t splitbuf[QMFB_SPLITBUFSIZE];
--#else
-- jpc_fix_t splitbuf[bufsize];
--#endif
- jpc_fix_t *buf = splitbuf;
- register jpc_fix_t *srcptr;
- register jpc_fix_t *dstptr;
-@@ -318,7 +314,6 @@ void jpc_qmfb_split_row(jpc_fix_t *a, in
- register int m;
- int hstartcol;
-
--#if !defined(HAVE_VLA)
- /* Get a buffer. */
- if (bufsize > QMFB_SPLITBUFSIZE) {
- if (!(buf = jas_alloc2(bufsize, sizeof(jpc_fix_t)))) {
-@@ -326,7 +321,6 @@ void jpc_qmfb_split_row(jpc_fix_t *a, in
- abort();
- }
- }
--#endif
-
- if (numcols >= 2) {
- hstartcol = (numcols + 1 - parity) >> 1;
-@@ -360,12 +354,10 @@ void jpc_qmfb_split_row(jpc_fix_t *a, in
- }
- }
-
--#if !defined(HAVE_VLA)
- /* If the split buffer was allocated on the heap, free this memory. */
- if (buf != splitbuf) {
- jas_free(buf);
- }
--#endif
-
- }
-
-@@ -374,11 +366,7 @@ void jpc_qmfb_split_col(jpc_fix_t *a, in
- {
-
- int bufsize = JPC_CEILDIVPOW2(numrows, 1);
--#if !defined(HAVE_VLA)
- jpc_fix_t splitbuf[QMFB_SPLITBUFSIZE];
--#else
-- jpc_fix_t splitbuf[bufsize];
--#endif
- jpc_fix_t *buf = splitbuf;
- register jpc_fix_t *srcptr;
- register jpc_fix_t *dstptr;
-@@ -386,7 +374,6 @@ void jpc_qmfb_split_col(jpc_fix_t *a, in
- register int m;
- int hstartcol;
-
--#if !defined(HAVE_VLA)
- /* Get a buffer. */
- if (bufsize > QMFB_SPLITBUFSIZE) {
- if (!(buf = jas_alloc2(bufsize, sizeof(jpc_fix_t)))) {
-@@ -394,7 +381,6 @@ void jpc_qmfb_split_col(jpc_fix_t *a, in
- abort();
- }
- }
--#endif
-
- if (numrows >= 2) {
- hstartcol = (numrows + 1 - parity) >> 1;
-@@ -428,12 +414,10 @@ void jpc_qmfb_split_col(jpc_fix_t *a, in
- }
- }
-
--#if !defined(HAVE_VLA)
- /* If the split buffer was allocated on the heap, free this memory. */
- if (buf != splitbuf) {
- jas_free(buf);
- }
--#endif
-
- }
-
-@@ -442,11 +426,7 @@ void jpc_qmfb_split_colgrp(jpc_fix_t *a,
- {
-
- int bufsize = JPC_CEILDIVPOW2(numrows, 1);
--#if !defined(HAVE_VLA)
- jpc_fix_t splitbuf[QMFB_SPLITBUFSIZE * JPC_QMFB_COLGRPSIZE];
--#else
-- jpc_fix_t splitbuf[bufsize * JPC_QMFB_COLGRPSIZE];
--#endif
- jpc_fix_t *buf = splitbuf;
- jpc_fix_t *srcptr;
- jpc_fix_t *dstptr;
-@@ -457,7 +437,6 @@ void jpc_qmfb_split_colgrp(jpc_fix_t *a,
- int m;
- int hstartcol;
-
--#if !defined(HAVE_VLA)
- /* Get a buffer. */
- if (bufsize > QMFB_SPLITBUFSIZE) {
- if (!(buf = jas_alloc2(bufsize, sizeof(jpc_fix_t)))) {
-@@ -465,7 +444,6 @@ void jpc_qmfb_split_colgrp(jpc_fix_t *a,
- abort();
- }
- }
--#endif
-
- if (numrows >= 2) {
- hstartcol = (numrows + 1 - parity) >> 1;
-@@ -517,12 +495,10 @@ void jpc_qmfb_split_colgrp(jpc_fix_t *a,
- }
- }
-
--#if !defined(HAVE_VLA)
- /* If the split buffer was allocated on the heap, free this memory. */
- if (buf != splitbuf) {
- jas_free(buf);
- }
--#endif
-
- }
-
-@@ -531,11 +507,7 @@ void jpc_qmfb_split_colres(jpc_fix_t *a,
- {
-
- int bufsize = JPC_CEILDIVPOW2(numrows, 1);
--#if !defined(HAVE_VLA)
- jpc_fix_t splitbuf[QMFB_SPLITBUFSIZE * JPC_QMFB_COLGRPSIZE];
--#else
-- jpc_fix_t splitbuf[bufsize * numcols];
--#endif
- jpc_fix_t *buf = splitbuf;
- jpc_fix_t *srcptr;
- jpc_fix_t *dstptr;
-@@ -546,7 +518,6 @@ void jpc_qmfb_split_colres(jpc_fix_t *a,
- int m;
- int hstartcol;
-
--#if !defined(HAVE_VLA)
- /* Get a buffer. */
- if (bufsize > QMFB_SPLITBUFSIZE) {
- if (!(buf = jas_alloc2(bufsize, sizeof(jpc_fix_t)))) {
-@@ -554,7 +525,6 @@ void jpc_qmfb_split_colres(jpc_fix_t *a,
- abort();
- }
- }
--#endif
-
- if (numrows >= 2) {
- hstartcol = (numrows + 1 - parity) >> 1;
-@@ -606,12 +576,10 @@ void jpc_qmfb_split_colres(jpc_fix_t *a,
- }
- }
-
--#if !defined(HAVE_VLA)
- /* If the split buffer was allocated on the heap, free this memory. */
- if (buf != splitbuf) {
- jas_free(buf);
- }
--#endif
-
- }
-
-@@ -619,18 +587,13 @@ void jpc_qmfb_join_row(jpc_fix_t *a, int
- {
-
- int bufsize = JPC_CEILDIVPOW2(numcols, 1);
--#if !defined(HAVE_VLA)
- jpc_fix_t joinbuf[QMFB_JOINBUFSIZE];
--#else
-- jpc_fix_t joinbuf[bufsize];
--#endif
- jpc_fix_t *buf = joinbuf;
- register jpc_fix_t *srcptr;
- register jpc_fix_t *dstptr;
- register int n;
- int hstartcol;
-
--#if !defined(HAVE_VLA)
- /* Allocate memory for the join buffer from the heap. */
- if (bufsize > QMFB_JOINBUFSIZE) {
- if (!(buf = jas_alloc2(bufsize, sizeof(jpc_fix_t)))) {
-@@ -638,7 +601,6 @@ void jpc_qmfb_join_row(jpc_fix_t *a, int
- abort();
- }
- }
--#endif
-
- hstartcol = (numcols + 1 - parity) >> 1;
-
-@@ -670,12 +632,10 @@ void jpc_qmfb_join_row(jpc_fix_t *a, int
- ++srcptr;
- }
-
--#if !defined(HAVE_VLA)
- /* If the join buffer was allocated on the heap, free this memory. */
- if (buf != joinbuf) {
- jas_free(buf);
- }
--#endif
-
- }
-
-@@ -684,18 +644,13 @@ void jpc_qmfb_join_col(jpc_fix_t *a, int
- {
-
- int bufsize = JPC_CEILDIVPOW2(numrows, 1);
--#if !defined(HAVE_VLA)
- jpc_fix_t joinbuf[QMFB_JOINBUFSIZE];
--#else
-- jpc_fix_t joinbuf[bufsize];
--#endif
- jpc_fix_t *buf = joinbuf;
- register jpc_fix_t *srcptr;
- register jpc_fix_t *dstptr;
- register int n;
- int hstartcol;
-
--#if !defined(HAVE_VLA)
- /* Allocate memory for the join buffer from the heap. */
- if (bufsize > QMFB_JOINBUFSIZE) {
- if (!(buf = jas_alloc2(bufsize, sizeof(jpc_fix_t)))) {
-@@ -703,7 +658,6 @@ void jpc_qmfb_join_col(jpc_fix_t *a, int
- abort();
- }
- }
--#endif
-
- hstartcol = (numrows + 1 - parity) >> 1;
-
-@@ -735,12 +689,10 @@ void jpc_qmfb_join_col(jpc_fix_t *a, int
- ++srcptr;
- }
-
--#if !defined(HAVE_VLA)
- /* If the join buffer was allocated on the heap, free this memory. */
- if (buf != joinbuf) {
- jas_free(buf);
- }
--#endif
-
- }
-
-@@ -749,11 +701,7 @@ void jpc_qmfb_join_colgrp(jpc_fix_t *a,
- {
-
- int bufsize = JPC_CEILDIVPOW2(numrows, 1);
--#if !defined(HAVE_VLA)
- jpc_fix_t joinbuf[QMFB_JOINBUFSIZE * JPC_QMFB_COLGRPSIZE];
--#else
-- jpc_fix_t joinbuf[bufsize * JPC_QMFB_COLGRPSIZE];
--#endif
- jpc_fix_t *buf = joinbuf;
- jpc_fix_t *srcptr;
- jpc_fix_t *dstptr;
-@@ -763,7 +711,6 @@ void jpc_qmfb_join_colgrp(jpc_fix_t *a,
- register int i;
- int hstartcol;
-
--#if !defined(HAVE_VLA)
- /* Allocate memory for the join buffer from the heap. */
- if (bufsize > QMFB_JOINBUFSIZE) {
- if (!(buf = jas_alloc2(bufsize, JPC_QMFB_COLGRPSIZE * sizeof(jpc_fix_t)))) {
-@@ -771,7 +718,6 @@ void jpc_qmfb_join_colgrp(jpc_fix_t *a,
- abort();
- }
- }
--#endif
-
- hstartcol = (numrows + 1 - parity) >> 1;
-
-@@ -821,12 +767,10 @@ void jpc_qmfb_join_colgrp(jpc_fix_t *a,
- srcptr += JPC_QMFB_COLGRPSIZE;
- }
-
--#if !defined(HAVE_VLA)
- /* If the join buffer was allocated on the heap, free this memory. */
- if (buf != joinbuf) {
- jas_free(buf);
- }
--#endif
-
- }
-
-@@ -835,11 +779,7 @@ void jpc_qmfb_join_colres(jpc_fix_t *a,
- {
-
- int bufsize = JPC_CEILDIVPOW2(numrows, 1);
--#if !defined(HAVE_VLA)
- jpc_fix_t joinbuf[QMFB_JOINBUFSIZE * JPC_QMFB_COLGRPSIZE];
--#else
-- jpc_fix_t joinbuf[bufsize * numcols];
--#endif
- jpc_fix_t *buf = joinbuf;
- jpc_fix_t *srcptr;
- jpc_fix_t *dstptr;
-@@ -849,7 +789,6 @@ void jpc_qmfb_join_colres(jpc_fix_t *a,
- register int i;
- int hstartcol;
-
--#if !defined(HAVE_VLA)
- /* Allocate memory for the join buffer from the heap. */
- if (bufsize > QMFB_JOINBUFSIZE) {
- if (!(buf = jas_alloc3(bufsize, numcols, sizeof(jpc_fix_t)))) {
-@@ -857,7 +796,6 @@ void jpc_qmfb_join_colres(jpc_fix_t *a,
- abort();
- }
- }
--#endif
-
- hstartcol = (numrows + 1 - parity) >> 1;
-
-@@ -907,12 +845,10 @@ void jpc_qmfb_join_colres(jpc_fix_t *a,
- srcptr += numcols;
- }
-
--#if !defined(HAVE_VLA)
- /* If the join buffer was allocated on the heap, free this memory. */
- if (buf != joinbuf) {
- jas_free(buf);
- }
--#endif
-
- }
-
+++ /dev/null
-From: Max Filippov <jcmvbkbc@gmail.com>
-Subject: Don't overwrite CFLAGS when configured with --enable-debug
-
-This drops architecture-specific ABI flags, which may be important.
-
-Signded-off-by: Max Filippov <jcmvbkbc@gmail.com>
-
---- jasper-1.900.1/configure.ac.orig 2015-05-18 22:27:53.057512760 +0300
-+++ jasper-1.900.1/configure.ac 2015-05-18 22:28:36.090415422 +0300
-@@ -327,7 +327,7 @@
- AC_DEFINE(DEBUG)
- AC_DEFINE(DEBUG_OVERFLOW)
- if test "$GCC" = yes; then
-- CFLAGS="-g -O0"
-+ CFLAGS="$CFLAGS -g -O0"
- fi
- ;;
- no)
-@@ -357,7 +357,7 @@
- case "${enableval}" in
- yes)
- if test "$GCC" = yes; then
-- CFLAGS="-g -O0"
-+ CFLAGS="$CFLAGS -g -O0"
- fi
- ;;
- no)
+++ /dev/null
-Description: Prevent jas_stream_t memory leak in jas_iccprof_createfrombuf()
-Author: Tyler Hicks <tyhicks () canonical com>
-
-From: http://seclists.org/oss-sec/2016/q1/att-507/CVE-2016-2116.patch
-
-Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar>
-
---- jasper-1.900.1-debian1.orig/src/libjasper/base/jas_icc.c
-+++ jasper-1.900.1-debian1/src/libjasper/base/jas_icc.c
-@@ -1693,6 +1693,8 @@ jas_iccprof_t *jas_iccprof_createfrombuf
- jas_stream_close(in);
- return prof;
- error:
-+ if (in)
-+ jas_stream_close(in);
- return 0;
- }
-
+++ /dev/null
-Description: CVE-2016-1577: Prevent double-free in jas_iccattrval_destroy()
-Author: Tyler Hicks <tyhicks () canonical com>
-Bug-Ubuntu: https://launchpad.net/bugs/1547865
-
-From: http://seclists.org/oss-sec/2016/q1/att-507/CVE-2016-1577.patch
-
-Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar>
-
---- jasper-1.900.1-debian1.orig/src/libjasper/base/jas_icc.c
-+++ jasper-1.900.1-debian1/src/libjasper/base/jas_icc.c
-@@ -300,6 +300,7 @@ jas_iccprof_t *jas_iccprof_load(jas_stre
- if (jas_iccprof_setattr(prof, tagtabent->tag, attrval))
- goto error;
- jas_iccattrval_destroy(attrval);
-+ attrval = 0;
- } else {
- #if 0
- jas_eprintf("warning: skipping unknown tag type\n");
+++ /dev/null
-From: http://pkgs.fedoraproject.org/cgit/rpms/jasper.git/plain/jasper-CVE-2016-1867.patch
-
-Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar>
-
-diff -urNp jasper-1.900.1.orig/src/libjasper/jpc/jpc_t2cod.c jasper-1.900.1.new/src/libjasper/jpc/jpc_t2cod.c
---- jasper-1.900.1.orig/src/libjasper/jpc/jpc_t2cod.c 2016-08-11 14:34:31.795661973 +0200
-+++ jasper-1.900.1.new/src/libjasper/jpc/jpc_t2cod.c 2016-08-12 07:02:40.044860209 +0200
-@@ -429,7 +429,7 @@ static int jpc_pi_nextcprl(register jpc_
- }
-
- for (pi->compno = pchg->compnostart, pi->picomp =
-- &pi->picomps[pi->compno]; pi->compno < JAS_CAST(int, pchg->compnoend); ++pi->compno,
-+ &pi->picomps[pi->compno]; pi->compno < JAS_CAST(int, pchg->compnoend) && pi->compno < pi->numcomps; ++pi->compno,
- ++pi->picomp) {
- pirlvl = pi->picomp->pirlvls;
- pi->xstep = pi->picomp->hsamp * (1 << (pirlvl->prcwidthexpn +
+++ /dev/null
-From: http://pkgs.fedoraproject.org/cgit/rpms/jasper.git/plain/jasper-CVE-2015-5221.patch
-
-Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar>
-
-diff -urNp jasper-1.900.1.orig/src/libjasper/mif/mif_cod.c jasper-1.900.1.new/src/libjasper/mif/mif_cod.c
---- jasper-1.900.1.orig/src/libjasper/mif/mif_cod.c 2016-08-11 13:46:26.166415464 +0200
-+++ jasper-1.900.1.new/src/libjasper/mif/mif_cod.c 2016-08-11 14:17:20.507144931 +0200
-@@ -569,13 +569,13 @@ static int mif_process_cmpt(mif_hdr_t *h
- break;
- }
- }
-- jas_tvparser_destroy(tvp);
- if (!cmpt->sampperx || !cmpt->samppery) {
- goto error;
- }
- if (mif_hdr_addcmpt(hdr, hdr->numcmpts, cmpt)) {
- goto error;
- }
-+ jas_tvparser_destroy(tvp);
- return 0;
-
- error:
-
+++ /dev/null
-From: http://pkgs.fedoraproject.org/cgit/rpms/jasper.git/plain/jasper-CVE-2015-5203.patch
-
-Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar>
-
-diff -urNp jasper-1.900.1.orig/src/libjasper/base/jas_stream.c jasper-1.900.1.new/src/libjasper/base/jas_stream.c
---- jasper-1.900.1.orig/src/libjasper/base/jas_stream.c 2016-08-11 13:35:09.160895769 +0200
-+++ jasper-1.900.1.new/src/libjasper/base/jas_stream.c 2016-08-11 13:39:33.800843489 +0200
-@@ -99,7 +99,7 @@ static int jas_strtoopenmode(const char
- static void jas_stream_destroy(jas_stream_t *stream);
- static jas_stream_t *jas_stream_create(void);
- static void jas_stream_initbuf(jas_stream_t *stream, int bufmode, char *buf,
-- int bufsize);
-+ size_t bufsize);
-
- static int mem_read(jas_stream_obj_t *obj, char *buf, int cnt);
- static int mem_write(jas_stream_obj_t *obj, char *buf, int cnt);
-@@ -168,7 +168,7 @@ static jas_stream_t *jas_stream_create()
- return stream;
- }
-
--jas_stream_t *jas_stream_memopen(char *buf, int bufsize)
-+jas_stream_t *jas_stream_memopen(char *buf, size_t bufsize)
- {
- jas_stream_t *stream;
- jas_stream_memobj_t *obj;
-@@ -570,7 +570,7 @@ int jas_stream_puts(jas_stream_t *stream
- return 0;
- }
-
--char *jas_stream_gets(jas_stream_t *stream, char *buf, int bufsize)
-+char *jas_stream_gets(jas_stream_t *stream, char *buf, size_t bufsize)
- {
- int c;
- char *bufptr;
-@@ -694,7 +694,7 @@ long jas_stream_tell(jas_stream_t *strea
- \******************************************************************************/
-
- static void jas_stream_initbuf(jas_stream_t *stream, int bufmode, char *buf,
-- int bufsize)
-+ size_t bufsize)
- {
- /* If this function is being called, the buffer should not have been
- initialized yet. */
-@@ -987,7 +987,7 @@ static int mem_read(jas_stream_obj_t *ob
- return cnt;
- }
-
--static int mem_resize(jas_stream_memobj_t *m, int bufsize)
-+static int mem_resize(jas_stream_memobj_t *m, size_t bufsize)
- {
- unsigned char *buf;
-
-diff -urNp jasper-1.900.1.orig/src/libjasper/include/jasper/jas_stream.h jasper-1.900.1.new/src/libjasper/include/jasper/jas_stream.h
---- jasper-1.900.1.orig/src/libjasper/include/jasper/jas_stream.h 2007-01-19 22:43:04.000000000 +0100
-+++ jasper-1.900.1.new/src/libjasper/include/jasper/jas_stream.h 2016-08-11 13:41:27.841153595 +0200
-@@ -215,7 +215,7 @@ typedef struct {
- uchar *bufstart_;
-
- /* The buffer size. */
-- int bufsize_;
-+ size_t bufsize_;
-
- /* The current position in the buffer. */
- uchar *ptr_;
-@@ -267,7 +267,7 @@ typedef struct {
- uchar *buf_;
-
- /* The allocated size of the buffer for holding file data. */
-- int bufsize_;
-+ size_t bufsize_;
-
- /* The length of the file. */
- int_fast32_t len_;
-@@ -291,7 +291,7 @@ typedef struct {
- jas_stream_t *jas_stream_fopen(const char *filename, const char *mode);
-
- /* Open a memory buffer as a stream. */
--jas_stream_t *jas_stream_memopen(char *buf, int bufsize);
-+jas_stream_t *jas_stream_memopen(char *buf, size_t bufsize);
-
- /* Open a file descriptor as a stream. */
- jas_stream_t *jas_stream_fdopen(int fd, const char *mode);
-@@ -366,7 +366,7 @@ int jas_stream_printf(jas_stream_t *stre
- int jas_stream_puts(jas_stream_t *stream, const char *s);
-
- /* Read a line of input from a stream. */
--char *jas_stream_gets(jas_stream_t *stream, char *buf, int bufsize);
-+char *jas_stream_gets(jas_stream_t *stream, char *buf, size_t bufsize);
-
- /* Look at the next character to be read from a stream without actually
- removing it from the stream. */
-diff -urNp jasper-1.900.1.orig/src/libjasper/jpc/jpc_qmfb.c jasper-1.900.1.new/src/libjasper/jpc/jpc_qmfb.c
---- jasper-1.900.1.orig/src/libjasper/jpc/jpc_qmfb.c 2016-08-11 13:35:09.170895681 +0200
-+++ jasper-1.900.1.new/src/libjasper/jpc/jpc_qmfb.c 2016-08-11 13:45:20.847809678 +0200
-@@ -305,7 +305,7 @@ jpc_qmfb2d_t jpc_ns_qmfb2d = {
- void jpc_qmfb_split_row(jpc_fix_t *a, int numcols, int parity)
- {
-
-- int bufsize = JPC_CEILDIVPOW2(numcols, 1);
-+ size_t bufsize = JPC_CEILDIVPOW2(numcols, 1);
- jpc_fix_t splitbuf[QMFB_SPLITBUFSIZE];
- jpc_fix_t *buf = splitbuf;
- register jpc_fix_t *srcptr;
-@@ -365,7 +365,7 @@ void jpc_qmfb_split_col(jpc_fix_t *a, in
- int parity)
- {
-
-- int bufsize = JPC_CEILDIVPOW2(numrows, 1);
-+ size_t bufsize = JPC_CEILDIVPOW2(numrows, 1);
- jpc_fix_t splitbuf[QMFB_SPLITBUFSIZE];
- jpc_fix_t *buf = splitbuf;
- register jpc_fix_t *srcptr;
-@@ -425,7 +425,7 @@ void jpc_qmfb_split_colgrp(jpc_fix_t *a,
- int parity)
- {
-
-- int bufsize = JPC_CEILDIVPOW2(numrows, 1);
-+ size_t bufsize = JPC_CEILDIVPOW2(numrows, 1);
- jpc_fix_t splitbuf[QMFB_SPLITBUFSIZE * JPC_QMFB_COLGRPSIZE];
- jpc_fix_t *buf = splitbuf;
- jpc_fix_t *srcptr;
-@@ -506,7 +506,7 @@ void jpc_qmfb_split_colres(jpc_fix_t *a,
- int stride, int parity)
- {
-
-- int bufsize = JPC_CEILDIVPOW2(numrows, 1);
-+ size_t bufsize = JPC_CEILDIVPOW2(numrows, 1);
- jpc_fix_t splitbuf[QMFB_SPLITBUFSIZE * JPC_QMFB_COLGRPSIZE];
- jpc_fix_t *buf = splitbuf;
- jpc_fix_t *srcptr;
-@@ -586,7 +586,7 @@ void jpc_qmfb_split_colres(jpc_fix_t *a,
- void jpc_qmfb_join_row(jpc_fix_t *a, int numcols, int parity)
- {
-
-- int bufsize = JPC_CEILDIVPOW2(numcols, 1);
-+ size_t bufsize = JPC_CEILDIVPOW2(numcols, 1);
- jpc_fix_t joinbuf[QMFB_JOINBUFSIZE];
- jpc_fix_t *buf = joinbuf;
- register jpc_fix_t *srcptr;
-@@ -643,7 +643,7 @@ void jpc_qmfb_join_col(jpc_fix_t *a, int
- int parity)
- {
-
-- int bufsize = JPC_CEILDIVPOW2(numrows, 1);
-+ size_t bufsize = JPC_CEILDIVPOW2(numrows, 1);
- jpc_fix_t joinbuf[QMFB_JOINBUFSIZE];
- jpc_fix_t *buf = joinbuf;
- register jpc_fix_t *srcptr;
-@@ -700,7 +700,7 @@ void jpc_qmfb_join_colgrp(jpc_fix_t *a,
- int parity)
- {
-
-- int bufsize = JPC_CEILDIVPOW2(numrows, 1);
-+ size_t bufsize = JPC_CEILDIVPOW2(numrows, 1);
- jpc_fix_t joinbuf[QMFB_JOINBUFSIZE * JPC_QMFB_COLGRPSIZE];
- jpc_fix_t *buf = joinbuf;
- jpc_fix_t *srcptr;
-@@ -778,7 +778,7 @@ void jpc_qmfb_join_colres(jpc_fix_t *a,
- int stride, int parity)
- {
-
-- int bufsize = JPC_CEILDIVPOW2(numrows, 1);
-+ size_t bufsize = JPC_CEILDIVPOW2(numrows, 1);
- jpc_fix_t joinbuf[QMFB_JOINBUFSIZE * JPC_QMFB_COLGRPSIZE];
- jpc_fix_t *buf = joinbuf;
- jpc_fix_t *srcptr;
-diff -urNp jasper-1.900.1.orig/src/libjasper/mif/mif_cod.c jasper-1.900.1.new/src/libjasper/mif/mif_cod.c
---- jasper-1.900.1.orig/src/libjasper/mif/mif_cod.c 2016-08-11 13:35:09.179895601 +0200
-+++ jasper-1.900.1.new/src/libjasper/mif/mif_cod.c 2016-08-11 13:46:26.166415464 +0200
-@@ -107,7 +107,7 @@ static int mif_hdr_put(mif_hdr_t *hdr, j
- static int mif_hdr_addcmpt(mif_hdr_t *hdr, int cmptno, mif_cmpt_t *cmpt);
- static mif_cmpt_t *mif_cmpt_create(void);
- static void mif_cmpt_destroy(mif_cmpt_t *cmpt);
--static char *mif_getline(jas_stream_t *jas_stream, char *buf, int bufsize);
-+static char *mif_getline(jas_stream_t *jas_stream, char *buf, size_t bufsize);
- static int mif_getc(jas_stream_t *in);
- static mif_hdr_t *mif_makehdrfromimage(jas_image_t *image);
-
-@@ -657,7 +657,7 @@ static void mif_cmpt_destroy(mif_cmpt_t
- * MIF parsing code.
- \******************************************************************************/
-
--static char *mif_getline(jas_stream_t *stream, char *buf, int bufsize)
-+static char *mif_getline(jas_stream_t *stream, char *buf, size_t bufsize)
- {
- int c;
- char *bufptr;
# Locally calculated
-sha256 6e9a959bf4f8cb02f77f42d1b9880b8e85d021ac51f43d8787b5438fd2b7a1c5 jasper-1.900.1.tar.bz2
+sha256 6c942ae79108cd6a359e5bc34ea03565bd33ac20f6814cb09c4f92298b6b1cb8 jasper-1.900.22.tar.gz
#
################################################################################
-JASPER_VERSION = 1.900.1
-JASPER_SITE = http://sources.openelec.tv/devel
-JASPER_SOURCE = jasper-$(JASPER_VERSION).tar.bz2
+JASPER_VERSION = 1.900.22
+JASPER_SITE = http://www.ece.uvic.ca/~frodo/jasper/software
JASPER_INSTALL_STAGING = YES
JASPER_DEPENDENCIES = jpeg
-JASPER_LICENSE = MIT
+JASPER_LICENSE = JasPer License Version 2.0
JASPER_LICENSE_FILES = LICENSE
-# needed to fix rpath issue (http://autobuild.buildroot.net/results/307/307cac65287420252a5bb64715d9a1edd90e72fa/)
-JASPER_AUTORECONF = YES
# Xtensa gcc is unable to generate correct code with -O0 enabled by
# --enable-debug. Allow package build but disable debug.
projects / coffee / buildroot.git / commitdiff