[Buildroot] [PATCH] jasper: security bump to version 1.900.22

Baruch Siach baruch at tkos.co.il
Thu Nov 10 17:54:39 UTC 2016


Fixes:
CVE-2016-8693: Double free vulnerability in mem_close
CVE-2016-8692: Divide by zero in jpc_dec_process_siz
CVE-2016-8691: Divide by zero in jpc_dec_process_siz
CVE-2016-8690: Null pointer dereference in bmp_getdata triggered by crafted
BMP image
CVE-2016-2089: matrix rows_ NULL pointer dereference in jas_matrix_clip()
CVE-2016-8886: memory allocation failure in jas_malloc
CVE-2016-8887: Null pointer dereference in jp2_colr_destroy
CVE-2016-8884, CVE-2016-8885: Null pointer dereference in bmp_getdata
(incomplete fix for CVE-2016-8690)
CVE-2016-8880: Heap buffer overflow in jpc_dec_cp_setfromcox()
CVE-2016-8881: Heap buffer overflow in jpc_getuint16()
CVE-2016-8882: Null pointer access in jpc_pi_destroy
CVE-2016-8883: Assert in jpc_dec_tiledecode()

Drop upstream patches.

Change SITE to the official download location, since the current one does not
have the updated version. Unfortunately, the official site only offers tar.gz.

Fix license. It is "based on the MIT license", but not exactly the same
(http://www.ece.uvic.ca/~frodo/jasper/; under "Legal Issues").

Drop autoreconf; the autotools version has been updated since commit
324ccec90d (jasper: autoreconf to fix rpath issue) that introduced it.

Cc: Maxime Hadjinlian <maxime.hadjinlian at gmail.com>
Signed-off-by: Baruch Siach <baruch at tkos.co.il>
---
 package/jasper/0001-fix-CVE-2014-9029.patch   |  36 ---
 package/jasper/0002-fix-CVE-2014-8138.patch   |  18 --
 package/jasper/0003-fix-CVE-2014-8137-1.patch |  47 ----
 package/jasper/0004-fix-CVE-2014-8137-2.patch |  18 --
 package/jasper/0005-fix-CVE-2014-8157.patch   |  17 --
 package/jasper/0006-fix-CVE-2014-8158.patch   | 334 --------------------------
 package/jasper/0007-preserve-cflags.patch     |  27 ---
 package/jasper/0008-fix-CVE-2016-2116.patch   |  18 --
 package/jasper/0009-fix-CVE-2016-1577.patch   |  18 --
 package/jasper/0010-fix-CVE-2016-1867.patch   |  16 --
 package/jasper/0011-fix-CVE-2015-5221.patch   |  23 --
 package/jasper/0012-fix-CVE-2015-5203.patch   | 187 --------------
 package/jasper/jasper.hash                    |   2 +-
 package/jasper/jasper.mk                      |   9 +-
 14 files changed, 4 insertions(+), 766 deletions(-)
 delete mode 100644 package/jasper/0001-fix-CVE-2014-9029.patch
 delete mode 100644 package/jasper/0002-fix-CVE-2014-8138.patch
 delete mode 100644 package/jasper/0003-fix-CVE-2014-8137-1.patch
 delete mode 100644 package/jasper/0004-fix-CVE-2014-8137-2.patch
 delete mode 100644 package/jasper/0005-fix-CVE-2014-8157.patch
 delete mode 100644 package/jasper/0006-fix-CVE-2014-8158.patch
 delete mode 100644 package/jasper/0007-preserve-cflags.patch
 delete mode 100644 package/jasper/0008-fix-CVE-2016-2116.patch
 delete mode 100644 package/jasper/0009-fix-CVE-2016-1577.patch
 delete mode 100644 package/jasper/0010-fix-CVE-2016-1867.patch
 delete mode 100644 package/jasper/0011-fix-CVE-2015-5221.patch
 delete mode 100644 package/jasper/0012-fix-CVE-2015-5203.patch

diff --git a/package/jasper/0001-fix-CVE-2014-9029.patch b/package/jasper/0001-fix-CVE-2014-9029.patch
deleted file mode 100644
index c2e95a8d1446..000000000000
--- a/package/jasper/0001-fix-CVE-2014-9029.patch
+++ /dev/null
@@ -1,36 +0,0 @@
-Fix CVE-2014-9029
-
-Patch taken from https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2014-9029
-
-Signed-off-by: Baruch Siach <baruch at tkos.co.il>
----
-
---- jasper-1.900.1.orig/src/libjasper/jpc/jpc_dec.c	2014-11-27 12:45:44.000000000 +0100
-+++ jasper-1.900.1.orig/src/libjasper/jpc/jpc_dec.c	2014-11-27 12:44:58.000000000 +0100
-@@ -1281,7 +1281,7 @@ static int jpc_dec_process_coc(jpc_dec_t
- 	jpc_coc_t *coc = &ms->parms.coc;
- 	jpc_dec_tile_t *tile;
- 
--	if (JAS_CAST(int, coc->compno) > dec->numcomps) {
-+	if (JAS_CAST(int, coc->compno) >= dec->numcomps) {
- 		jas_eprintf("invalid component number in COC marker segment\n");
- 		return -1;
- 	}
-@@ -1307,7 +1307,7 @@ static int jpc_dec_process_rgn(jpc_dec_t
- 	jpc_rgn_t *rgn = &ms->parms.rgn;
- 	jpc_dec_tile_t *tile;
- 
--	if (JAS_CAST(int, rgn->compno) > dec->numcomps) {
-+	if (JAS_CAST(int, rgn->compno) >= dec->numcomps) {
- 		jas_eprintf("invalid component number in RGN marker segment\n");
- 		return -1;
- 	}
-@@ -1356,7 +1356,7 @@ static int jpc_dec_process_qcc(jpc_dec_t
- 	jpc_qcc_t *qcc = &ms->parms.qcc;
- 	jpc_dec_tile_t *tile;
- 
--	if (JAS_CAST(int, qcc->compno) > dec->numcomps) {
-+	if (JAS_CAST(int, qcc->compno) >= dec->numcomps) {
- 		jas_eprintf("invalid component number in QCC marker segment\n");
- 		return -1;
- 	}
diff --git a/package/jasper/0002-fix-CVE-2014-8138.patch b/package/jasper/0002-fix-CVE-2014-8138.patch
deleted file mode 100644
index e107123ce884..000000000000
--- a/package/jasper/0002-fix-CVE-2014-8138.patch
+++ /dev/null
@@ -1,18 +0,0 @@
-See https://bugzilla.redhat.com/show_bug.cgi?id=1173162
-
-Signed-off-by: Gustavo Zacarias <gustavo at zacarias.com.ar>
-
---- jasper-1.900.1.orig/src/libjasper/jp2/jp2_dec.c	2014-12-11 14:06:44.000000000 +0100
-+++ jasper-1.900.1/src/libjasper/jp2/jp2_dec.c	2014-12-11 14:06:26.000000000 +0100
-@@ -386,6 +386,11 @@ jas_image_t *jp2_decode(jas_stream_t *in
- 	/* Determine the type of each component. */
- 	if (dec->cdef) {
- 		for (i = 0; i < dec->numchans; ++i) {
-+			/* Is the channel number reasonable? */
-+			if (dec->cdef->data.cdef.ents[i].channo >= dec->numchans) {
-+				jas_eprintf("error: invalid channel number in CDEF box\n");
-+				goto error;
-+			}
- 			jas_image_setcmpttype(dec->image,
- 			  dec->chantocmptlut[dec->cdef->data.cdef.ents[i].channo],
- 			  jp2_getct(jas_image_clrspc(dec->image),
diff --git a/package/jasper/0003-fix-CVE-2014-8137-1.patch b/package/jasper/0003-fix-CVE-2014-8137-1.patch
deleted file mode 100644
index 0253c6283937..000000000000
--- a/package/jasper/0003-fix-CVE-2014-8137-1.patch
+++ /dev/null
@@ -1,47 +0,0 @@
-See https://bugzilla.redhat.com/show_bug.cgi?id=1173157
-
-Signed-off-by: Gustavo Zacarias <gustavo at zacarias.com.ar>
-
---- jasper-1.900.1.orig/src/libjasper/base/jas_icc.c	2014-12-11 14:06:44.000000000 +0100
-+++ jasper-1.900.1/src/libjasper/base/jas_icc.c	2014-12-11 15:16:37.971272386 +0100
-@@ -1009,7 +1009,6 @@ static int jas_icccurv_input(jas_iccattr
- 	return 0;
- 
- error:
--	jas_icccurv_destroy(attrval);
- 	return -1;
- }
- 
-@@ -1127,7 +1126,6 @@ static int jas_icctxtdesc_input(jas_icca
- #endif
- 	return 0;
- error:
--	jas_icctxtdesc_destroy(attrval);
- 	return -1;
- }
- 
-@@ -1206,8 +1204,6 @@ static int jas_icctxt_input(jas_iccattrv
- 		goto error;
- 	return 0;
- error:
--	if (txt->string)
--		jas_free(txt->string);
- 	return -1;
- }
- 
-@@ -1328,7 +1324,6 @@ static int jas_icclut8_input(jas_iccattr
- 		goto error;
- 	return 0;
- error:
--	jas_icclut8_destroy(attrval);
- 	return -1;
- }
- 
-@@ -1497,7 +1492,6 @@ static int jas_icclut16_input(jas_iccatt
- 		goto error;
- 	return 0;
- error:
--	jas_icclut16_destroy(attrval);
- 	return -1;
- }
- 
diff --git a/package/jasper/0004-fix-CVE-2014-8137-2.patch b/package/jasper/0004-fix-CVE-2014-8137-2.patch
deleted file mode 100644
index e052709d5515..000000000000
--- a/package/jasper/0004-fix-CVE-2014-8137-2.patch
+++ /dev/null
@@ -1,18 +0,0 @@
-See https://bugzilla.redhat.com/show_bug.cgi?id=1173157
-
-Signed-off-by: Gustavo Zacarias <gustavo at zacarias.com.ar>
-
---- jasper-1.900.1.orig/src/libjasper/jp2/jp2_dec.c	2014-12-11 14:30:54.193209780 +0100
-+++ jasper-1.900.1/src/libjasper/jp2/jp2_dec.c	2014-12-11 14:36:46.313217814 +0100
-@@ -291,7 +291,10 @@ jas_image_t *jp2_decode(jas_stream_t *in
- 	case JP2_COLR_ICC:
- 		iccprof = jas_iccprof_createfrombuf(dec->colr->data.colr.iccp,
- 		  dec->colr->data.colr.iccplen);
--		assert(iccprof);
-+		if (!iccprof) {
-+			jas_eprintf("error: failed to parse ICC profile\n");
-+			goto error;
-+		}
- 		jas_iccprof_gethdr(iccprof, &icchdr);
- 		jas_eprintf("ICC Profile CS %08x\n", icchdr.colorspc);
- 		jas_image_setclrspc(dec->image, fromiccpcs(icchdr.colorspc));
diff --git a/package/jasper/0005-fix-CVE-2014-8157.patch b/package/jasper/0005-fix-CVE-2014-8157.patch
deleted file mode 100644
index ab81674f9318..000000000000
--- a/package/jasper/0005-fix-CVE-2014-8157.patch
+++ /dev/null
@@ -1,17 +0,0 @@
-Fix CVE-2014-8157 - dec->numtiles off-by-one check in jpc_dec_process_sot()
-From https://bugzilla.redhat.com/show_bug.cgi?id=1179282
-
-Signed-off-by: Gustavo Zacarias <gustavo at zacarias.com.ar>
-
-diff -up jasper-1.900.1/src/libjasper/jpc/jpc_dec.c.CVE-2014-8157 jasper-1.900.1/src/libjasper/jpc/jpc_dec.c
---- jasper-1.900.1/src/libjasper/jpc/jpc_dec.c.CVE-2014-8157	2015-01-19 16:59:36.000000000 +0100
-+++ jasper-1.900.1/src/libjasper/jpc/jpc_dec.c	2015-01-19 17:07:41.609863268 +0100
-@@ -489,7 +489,7 @@ static int jpc_dec_process_sot(jpc_dec_t
- 		dec->curtileendoff = 0;
- 	}
- 
--	if (JAS_CAST(int, sot->tileno) > dec->numtiles) {
-+	if (JAS_CAST(int, sot->tileno) >= dec->numtiles) {
- 		jas_eprintf("invalid tile number in SOT marker segment\n");
- 		return -1;
- 	}
diff --git a/package/jasper/0006-fix-CVE-2014-8158.patch b/package/jasper/0006-fix-CVE-2014-8158.patch
deleted file mode 100644
index 8413d2ef9363..000000000000
--- a/package/jasper/0006-fix-CVE-2014-8158.patch
+++ /dev/null
@@ -1,334 +0,0 @@
-Fix CVE-2014-8158 - unrestricted stack memory use in jpc_qmfb.c
-From https://bugzilla.redhat.com/show_bug.cgi?id=1179298
-
-Signed-off-by: Gustavo Zacarias <gustavo at zacarias.com.ar>
-
-diff -up jasper-1.900.1/src/libjasper/jpc/jpc_qmfb.c.CVE-2014-8158 jasper-1.900.1/src/libjasper/jpc/jpc_qmfb.c
---- jasper-1.900.1/src/libjasper/jpc/jpc_qmfb.c.CVE-2014-8158	2015-01-19 17:25:28.730195502 +0100
-+++ jasper-1.900.1/src/libjasper/jpc/jpc_qmfb.c	2015-01-19 17:27:20.214663127 +0100
-@@ -306,11 +306,7 @@ void jpc_qmfb_split_row(jpc_fix_t *a, in
- {
- 
- 	int bufsize = JPC_CEILDIVPOW2(numcols, 1);
--#if !defined(HAVE_VLA)
- 	jpc_fix_t splitbuf[QMFB_SPLITBUFSIZE];
--#else
--	jpc_fix_t splitbuf[bufsize];
--#endif
- 	jpc_fix_t *buf = splitbuf;
- 	register jpc_fix_t *srcptr;
- 	register jpc_fix_t *dstptr;
-@@ -318,7 +314,6 @@ void jpc_qmfb_split_row(jpc_fix_t *a, in
- 	register int m;
- 	int hstartcol;
- 
--#if !defined(HAVE_VLA)
- 	/* Get a buffer. */
- 	if (bufsize > QMFB_SPLITBUFSIZE) {
- 		if (!(buf = jas_alloc2(bufsize, sizeof(jpc_fix_t)))) {
-@@ -326,7 +321,6 @@ void jpc_qmfb_split_row(jpc_fix_t *a, in
- 			abort();
- 		}
- 	}
--#endif
- 
- 	if (numcols >= 2) {
- 		hstartcol = (numcols + 1 - parity) >> 1;
-@@ -360,12 +354,10 @@ void jpc_qmfb_split_row(jpc_fix_t *a, in
- 		}
- 	}
- 
--#if !defined(HAVE_VLA)
- 	/* If the split buffer was allocated on the heap, free this memory. */
- 	if (buf != splitbuf) {
- 		jas_free(buf);
- 	}
--#endif
- 
- }
- 
-@@ -374,11 +366,7 @@ void jpc_qmfb_split_col(jpc_fix_t *a, in
- {
- 
- 	int bufsize = JPC_CEILDIVPOW2(numrows, 1);
--#if !defined(HAVE_VLA)
- 	jpc_fix_t splitbuf[QMFB_SPLITBUFSIZE];
--#else
--	jpc_fix_t splitbuf[bufsize];
--#endif
- 	jpc_fix_t *buf = splitbuf;
- 	register jpc_fix_t *srcptr;
- 	register jpc_fix_t *dstptr;
-@@ -386,7 +374,6 @@ void jpc_qmfb_split_col(jpc_fix_t *a, in
- 	register int m;
- 	int hstartcol;
- 
--#if !defined(HAVE_VLA)
- 	/* Get a buffer. */
- 	if (bufsize > QMFB_SPLITBUFSIZE) {
- 		if (!(buf = jas_alloc2(bufsize, sizeof(jpc_fix_t)))) {
-@@ -394,7 +381,6 @@ void jpc_qmfb_split_col(jpc_fix_t *a, in
- 			abort();
- 		}
- 	}
--#endif
- 
- 	if (numrows >= 2) {
- 		hstartcol = (numrows + 1 - parity) >> 1;
-@@ -428,12 +414,10 @@ void jpc_qmfb_split_col(jpc_fix_t *a, in
- 		}
- 	}
- 
--#if !defined(HAVE_VLA)
- 	/* If the split buffer was allocated on the heap, free this memory. */
- 	if (buf != splitbuf) {
- 		jas_free(buf);
- 	}
--#endif
- 
- }
- 
-@@ -442,11 +426,7 @@ void jpc_qmfb_split_colgrp(jpc_fix_t *a,
- {
- 
- 	int bufsize = JPC_CEILDIVPOW2(numrows, 1);
--#if !defined(HAVE_VLA)
- 	jpc_fix_t splitbuf[QMFB_SPLITBUFSIZE * JPC_QMFB_COLGRPSIZE];
--#else
--	jpc_fix_t splitbuf[bufsize * JPC_QMFB_COLGRPSIZE];
--#endif
- 	jpc_fix_t *buf = splitbuf;
- 	jpc_fix_t *srcptr;
- 	jpc_fix_t *dstptr;
-@@ -457,7 +437,6 @@ void jpc_qmfb_split_colgrp(jpc_fix_t *a,
- 	int m;
- 	int hstartcol;
- 
--#if !defined(HAVE_VLA)
- 	/* Get a buffer. */
- 	if (bufsize > QMFB_SPLITBUFSIZE) {
- 		if (!(buf = jas_alloc2(bufsize, sizeof(jpc_fix_t)))) {
-@@ -465,7 +444,6 @@ void jpc_qmfb_split_colgrp(jpc_fix_t *a,
- 			abort();
- 		}
- 	}
--#endif
- 
- 	if (numrows >= 2) {
- 		hstartcol = (numrows + 1 - parity) >> 1;
-@@ -517,12 +495,10 @@ void jpc_qmfb_split_colgrp(jpc_fix_t *a,
- 		}
- 	}
- 
--#if !defined(HAVE_VLA)
- 	/* If the split buffer was allocated on the heap, free this memory. */
- 	if (buf != splitbuf) {
- 		jas_free(buf);
- 	}
--#endif
- 
- }
- 
-@@ -531,11 +507,7 @@ void jpc_qmfb_split_colres(jpc_fix_t *a,
- {
- 
- 	int bufsize = JPC_CEILDIVPOW2(numrows, 1);
--#if !defined(HAVE_VLA)
- 	jpc_fix_t splitbuf[QMFB_SPLITBUFSIZE * JPC_QMFB_COLGRPSIZE];
--#else
--	jpc_fix_t splitbuf[bufsize * numcols];
--#endif
- 	jpc_fix_t *buf = splitbuf;
- 	jpc_fix_t *srcptr;
- 	jpc_fix_t *dstptr;
-@@ -546,7 +518,6 @@ void jpc_qmfb_split_colres(jpc_fix_t *a,
- 	int m;
- 	int hstartcol;
- 
--#if !defined(HAVE_VLA)
- 	/* Get a buffer. */
- 	if (bufsize > QMFB_SPLITBUFSIZE) {
- 		if (!(buf = jas_alloc2(bufsize, sizeof(jpc_fix_t)))) {
-@@ -554,7 +525,6 @@ void jpc_qmfb_split_colres(jpc_fix_t *a,
- 			abort();
- 		}
- 	}
--#endif
- 
- 	if (numrows >= 2) {
- 		hstartcol = (numrows + 1 - parity) >> 1;
-@@ -606,12 +576,10 @@ void jpc_qmfb_split_colres(jpc_fix_t *a,
- 		}
- 	}
- 
--#if !defined(HAVE_VLA)
- 	/* If the split buffer was allocated on the heap, free this memory. */
- 	if (buf != splitbuf) {
- 		jas_free(buf);
- 	}
--#endif
- 
- }
- 
-@@ -619,18 +587,13 @@ void jpc_qmfb_join_row(jpc_fix_t *a, int
- {
- 
- 	int bufsize = JPC_CEILDIVPOW2(numcols, 1);
--#if !defined(HAVE_VLA)
- 	jpc_fix_t joinbuf[QMFB_JOINBUFSIZE];
--#else
--	jpc_fix_t joinbuf[bufsize];
--#endif
- 	jpc_fix_t *buf = joinbuf;
- 	register jpc_fix_t *srcptr;
- 	register jpc_fix_t *dstptr;
- 	register int n;
- 	int hstartcol;
- 
--#if !defined(HAVE_VLA)
- 	/* Allocate memory for the join buffer from the heap. */
- 	if (bufsize > QMFB_JOINBUFSIZE) {
- 		if (!(buf = jas_alloc2(bufsize, sizeof(jpc_fix_t)))) {
-@@ -638,7 +601,6 @@ void jpc_qmfb_join_row(jpc_fix_t *a, int
- 			abort();
- 		}
- 	}
--#endif
- 
- 	hstartcol = (numcols + 1 - parity) >> 1;
- 
-@@ -670,12 +632,10 @@ void jpc_qmfb_join_row(jpc_fix_t *a, int
- 		++srcptr;
- 	}
- 
--#if !defined(HAVE_VLA)
- 	/* If the join buffer was allocated on the heap, free this memory. */
- 	if (buf != joinbuf) {
- 		jas_free(buf);
- 	}
--#endif
- 
- }
- 
-@@ -684,18 +644,13 @@ void jpc_qmfb_join_col(jpc_fix_t *a, int
- {
- 
- 	int bufsize = JPC_CEILDIVPOW2(numrows, 1);
--#if !defined(HAVE_VLA)
- 	jpc_fix_t joinbuf[QMFB_JOINBUFSIZE];
--#else
--	jpc_fix_t joinbuf[bufsize];
--#endif
- 	jpc_fix_t *buf = joinbuf;
- 	register jpc_fix_t *srcptr;
- 	register jpc_fix_t *dstptr;
- 	register int n;
- 	int hstartcol;
- 
--#if !defined(HAVE_VLA)
- 	/* Allocate memory for the join buffer from the heap. */
- 	if (bufsize > QMFB_JOINBUFSIZE) {
- 		if (!(buf = jas_alloc2(bufsize, sizeof(jpc_fix_t)))) {
-@@ -703,7 +658,6 @@ void jpc_qmfb_join_col(jpc_fix_t *a, int
- 			abort();
- 		}
- 	}
--#endif
- 
- 	hstartcol = (numrows + 1 - parity) >> 1;
- 
-@@ -735,12 +689,10 @@ void jpc_qmfb_join_col(jpc_fix_t *a, int
- 		++srcptr;
- 	}
- 
--#if !defined(HAVE_VLA)
- 	/* If the join buffer was allocated on the heap, free this memory. */
- 	if (buf != joinbuf) {
- 		jas_free(buf);
- 	}
--#endif
- 
- }
- 
-@@ -749,11 +701,7 @@ void jpc_qmfb_join_colgrp(jpc_fix_t *a,
- {
- 
- 	int bufsize = JPC_CEILDIVPOW2(numrows, 1);
--#if !defined(HAVE_VLA)
- 	jpc_fix_t joinbuf[QMFB_JOINBUFSIZE * JPC_QMFB_COLGRPSIZE];
--#else
--	jpc_fix_t joinbuf[bufsize * JPC_QMFB_COLGRPSIZE];
--#endif
- 	jpc_fix_t *buf = joinbuf;
- 	jpc_fix_t *srcptr;
- 	jpc_fix_t *dstptr;
-@@ -763,7 +711,6 @@ void jpc_qmfb_join_colgrp(jpc_fix_t *a,
- 	register int i;
- 	int hstartcol;
- 
--#if !defined(HAVE_VLA)
- 	/* Allocate memory for the join buffer from the heap. */
- 	if (bufsize > QMFB_JOINBUFSIZE) {
- 		if (!(buf = jas_alloc2(bufsize, JPC_QMFB_COLGRPSIZE * sizeof(jpc_fix_t)))) {
-@@ -771,7 +718,6 @@ void jpc_qmfb_join_colgrp(jpc_fix_t *a,
- 			abort();
- 		}
- 	}
--#endif
- 
- 	hstartcol = (numrows + 1 - parity) >> 1;
- 
-@@ -821,12 +767,10 @@ void jpc_qmfb_join_colgrp(jpc_fix_t *a,
- 		srcptr += JPC_QMFB_COLGRPSIZE;
- 	}
- 
--#if !defined(HAVE_VLA)
- 	/* If the join buffer was allocated on the heap, free this memory. */
- 	if (buf != joinbuf) {
- 		jas_free(buf);
- 	}
--#endif
- 
- }
- 
-@@ -835,11 +779,7 @@ void jpc_qmfb_join_colres(jpc_fix_t *a,
- {
- 
- 	int bufsize = JPC_CEILDIVPOW2(numrows, 1);
--#if !defined(HAVE_VLA)
- 	jpc_fix_t joinbuf[QMFB_JOINBUFSIZE * JPC_QMFB_COLGRPSIZE];
--#else
--	jpc_fix_t joinbuf[bufsize * numcols];
--#endif
- 	jpc_fix_t *buf = joinbuf;
- 	jpc_fix_t *srcptr;
- 	jpc_fix_t *dstptr;
-@@ -849,7 +789,6 @@ void jpc_qmfb_join_colres(jpc_fix_t *a,
- 	register int i;
- 	int hstartcol;
- 
--#if !defined(HAVE_VLA)
- 	/* Allocate memory for the join buffer from the heap. */
- 	if (bufsize > QMFB_JOINBUFSIZE) {
- 		if (!(buf = jas_alloc3(bufsize, numcols, sizeof(jpc_fix_t)))) {
-@@ -857,7 +796,6 @@ void jpc_qmfb_join_colres(jpc_fix_t *a,
- 			abort();
- 		}
- 	}
--#endif
- 
- 	hstartcol = (numrows + 1 - parity) >> 1;
- 
-@@ -907,12 +845,10 @@ void jpc_qmfb_join_colres(jpc_fix_t *a,
- 		srcptr += numcols;
- 	}
- 
--#if !defined(HAVE_VLA)
- 	/* If the join buffer was allocated on the heap, free this memory. */
- 	if (buf != joinbuf) {
- 		jas_free(buf);
- 	}
--#endif
- 
- }
- 
diff --git a/package/jasper/0007-preserve-cflags.patch b/package/jasper/0007-preserve-cflags.patch
deleted file mode 100644
index 7e4c4a26f0d3..000000000000
--- a/package/jasper/0007-preserve-cflags.patch
+++ /dev/null
@@ -1,27 +0,0 @@
-From: Max Filippov <jcmvbkbc at gmail.com>
-Subject: Don't overwrite CFLAGS when configured with --enable-debug
-
-This drops architecture-specific ABI flags, which may be important.
-
-Signded-off-by: Max Filippov <jcmvbkbc at gmail.com>
-
---- jasper-1.900.1/configure.ac.orig	2015-05-18 22:27:53.057512760 +0300
-+++ jasper-1.900.1/configure.ac	2015-05-18 22:28:36.090415422 +0300
-@@ -327,7 +327,7 @@
- 	AC_DEFINE(DEBUG)
- 	AC_DEFINE(DEBUG_OVERFLOW)
- 	if test "$GCC" = yes; then
--		CFLAGS="-g -O0"
-+		CFLAGS="$CFLAGS -g -O0"
- 	fi
- 	;;
- no)
-@@ -357,7 +357,7 @@
- case "${enableval}" in
- yes)
- 	if test "$GCC" = yes; then
--		CFLAGS="-g -O0"
-+		CFLAGS="$CFLAGS -g -O0"
- 	fi
- 	;;
- no)
diff --git a/package/jasper/0008-fix-CVE-2016-2116.patch b/package/jasper/0008-fix-CVE-2016-2116.patch
deleted file mode 100644
index 1ceb3952c736..000000000000
--- a/package/jasper/0008-fix-CVE-2016-2116.patch
+++ /dev/null
@@ -1,18 +0,0 @@
-Description: Prevent jas_stream_t memory leak in jas_iccprof_createfrombuf()
-Author: Tyler Hicks <tyhicks () canonical com>
-
-From: http://seclists.org/oss-sec/2016/q1/att-507/CVE-2016-2116.patch
-
-Signed-off-by: Gustavo Zacarias <gustavo at zacarias.com.ar>
-
---- jasper-1.900.1-debian1.orig/src/libjasper/base/jas_icc.c
-+++ jasper-1.900.1-debian1/src/libjasper/base/jas_icc.c
-@@ -1693,6 +1693,8 @@ jas_iccprof_t *jas_iccprof_createfrombuf
- 	jas_stream_close(in);
- 	return prof;
- error:
-+	if (in)
-+		jas_stream_close(in);
- 	return 0;
- }
- 
diff --git a/package/jasper/0009-fix-CVE-2016-1577.patch b/package/jasper/0009-fix-CVE-2016-1577.patch
deleted file mode 100644
index cfe8b45e3057..000000000000
--- a/package/jasper/0009-fix-CVE-2016-1577.patch
+++ /dev/null
@@ -1,18 +0,0 @@
-Description: CVE-2016-1577: Prevent double-free in jas_iccattrval_destroy()
-Author: Tyler Hicks <tyhicks () canonical com>
-Bug-Ubuntu: https://launchpad.net/bugs/1547865
-
-From: http://seclists.org/oss-sec/2016/q1/att-507/CVE-2016-1577.patch
-
-Signed-off-by: Gustavo Zacarias <gustavo at zacarias.com.ar>
-
---- jasper-1.900.1-debian1.orig/src/libjasper/base/jas_icc.c
-+++ jasper-1.900.1-debian1/src/libjasper/base/jas_icc.c
-@@ -300,6 +300,7 @@ jas_iccprof_t *jas_iccprof_load(jas_stre
- 				if (jas_iccprof_setattr(prof, tagtabent->tag, attrval))
- 					goto error;
- 				jas_iccattrval_destroy(attrval);
-+				attrval = 0;
- 			} else {
- #if 0
- 				jas_eprintf("warning: skipping unknown tag type\n");
diff --git a/package/jasper/0010-fix-CVE-2016-1867.patch b/package/jasper/0010-fix-CVE-2016-1867.patch
deleted file mode 100644
index 33f34c356a32..000000000000
--- a/package/jasper/0010-fix-CVE-2016-1867.patch
+++ /dev/null
@@ -1,16 +0,0 @@
-From: http://pkgs.fedoraproject.org/cgit/rpms/jasper.git/plain/jasper-CVE-2016-1867.patch
-
-Signed-off-by: Gustavo Zacarias <gustavo at zacarias.com.ar>
-
-diff -urNp jasper-1.900.1.orig/src/libjasper/jpc/jpc_t2cod.c jasper-1.900.1.new/src/libjasper/jpc/jpc_t2cod.c
---- jasper-1.900.1.orig/src/libjasper/jpc/jpc_t2cod.c	2016-08-11 14:34:31.795661973 +0200
-+++ jasper-1.900.1.new/src/libjasper/jpc/jpc_t2cod.c	2016-08-12 07:02:40.044860209 +0200
-@@ -429,7 +429,7 @@ static int jpc_pi_nextcprl(register jpc_
- 	}
- 
- 	for (pi->compno = pchg->compnostart, pi->picomp =
--	  &pi->picomps[pi->compno]; pi->compno < JAS_CAST(int, pchg->compnoend); ++pi->compno,
-+	  &pi->picomps[pi->compno]; pi->compno < JAS_CAST(int, pchg->compnoend) && pi->compno < pi->numcomps; ++pi->compno,
- 	  ++pi->picomp) {
- 		pirlvl = pi->picomp->pirlvls;
- 		pi->xstep = pi->picomp->hsamp * (1 << (pirlvl->prcwidthexpn +
diff --git a/package/jasper/0011-fix-CVE-2015-5221.patch b/package/jasper/0011-fix-CVE-2015-5221.patch
deleted file mode 100644
index 7dcbdddd7b15..000000000000
--- a/package/jasper/0011-fix-CVE-2015-5221.patch
+++ /dev/null
@@ -1,23 +0,0 @@
-From: http://pkgs.fedoraproject.org/cgit/rpms/jasper.git/plain/jasper-CVE-2015-5221.patch
-
-Signed-off-by: Gustavo Zacarias <gustavo at zacarias.com.ar>
-
-diff -urNp jasper-1.900.1.orig/src/libjasper/mif/mif_cod.c jasper-1.900.1.new/src/libjasper/mif/mif_cod.c
---- jasper-1.900.1.orig/src/libjasper/mif/mif_cod.c	2016-08-11 13:46:26.166415464 +0200
-+++ jasper-1.900.1.new/src/libjasper/mif/mif_cod.c	2016-08-11 14:17:20.507144931 +0200
-@@ -569,13 +569,13 @@ static int mif_process_cmpt(mif_hdr_t *h
- 			break;
- 		}
- 	}
--	jas_tvparser_destroy(tvp);
- 	if (!cmpt->sampperx || !cmpt->samppery) {
- 		goto error;
- 	}
- 	if (mif_hdr_addcmpt(hdr, hdr->numcmpts, cmpt)) {
- 		goto error;
- 	}
-+	jas_tvparser_destroy(tvp);
- 	return 0;
- 
- error:
-
diff --git a/package/jasper/0012-fix-CVE-2015-5203.patch b/package/jasper/0012-fix-CVE-2015-5203.patch
deleted file mode 100644
index 50f0613cd802..000000000000
--- a/package/jasper/0012-fix-CVE-2015-5203.patch
+++ /dev/null
@@ -1,187 +0,0 @@
-From: http://pkgs.fedoraproject.org/cgit/rpms/jasper.git/plain/jasper-CVE-2015-5203.patch
-
-Signed-off-by: Gustavo Zacarias <gustavo at zacarias.com.ar>
-
-diff -urNp jasper-1.900.1.orig/src/libjasper/base/jas_stream.c jasper-1.900.1.new/src/libjasper/base/jas_stream.c
---- jasper-1.900.1.orig/src/libjasper/base/jas_stream.c	2016-08-11 13:35:09.160895769 +0200
-+++ jasper-1.900.1.new/src/libjasper/base/jas_stream.c	2016-08-11 13:39:33.800843489 +0200
-@@ -99,7 +99,7 @@ static int jas_strtoopenmode(const char
- static void jas_stream_destroy(jas_stream_t *stream);
- static jas_stream_t *jas_stream_create(void);
- static void jas_stream_initbuf(jas_stream_t *stream, int bufmode, char *buf,
--  int bufsize);
-+  size_t bufsize);
- 
- static int mem_read(jas_stream_obj_t *obj, char *buf, int cnt);
- static int mem_write(jas_stream_obj_t *obj, char *buf, int cnt);
-@@ -168,7 +168,7 @@ static jas_stream_t *jas_stream_create()
- 	return stream;
- }
- 
--jas_stream_t *jas_stream_memopen(char *buf, int bufsize)
-+jas_stream_t *jas_stream_memopen(char *buf, size_t bufsize)
- {
- 	jas_stream_t *stream;
- 	jas_stream_memobj_t *obj;
-@@ -570,7 +570,7 @@ int jas_stream_puts(jas_stream_t *stream
- 	return 0;
- }
- 
--char *jas_stream_gets(jas_stream_t *stream, char *buf, int bufsize)
-+char *jas_stream_gets(jas_stream_t *stream, char *buf, size_t bufsize)
- {
- 	int c;
- 	char *bufptr;
-@@ -694,7 +694,7 @@ long jas_stream_tell(jas_stream_t *strea
- \******************************************************************************/
- 
- static void jas_stream_initbuf(jas_stream_t *stream, int bufmode, char *buf,
--  int bufsize)
-+  size_t bufsize)
- {
- 	/* If this function is being called, the buffer should not have been
- 	  initialized yet. */
-@@ -987,7 +987,7 @@ static int mem_read(jas_stream_obj_t *ob
- 	return cnt;
- }
- 
--static int mem_resize(jas_stream_memobj_t *m, int bufsize)
-+static int mem_resize(jas_stream_memobj_t *m, size_t bufsize)
- {
- 	unsigned char *buf;
- 
-diff -urNp jasper-1.900.1.orig/src/libjasper/include/jasper/jas_stream.h jasper-1.900.1.new/src/libjasper/include/jasper/jas_stream.h
---- jasper-1.900.1.orig/src/libjasper/include/jasper/jas_stream.h	2007-01-19 22:43:04.000000000 +0100
-+++ jasper-1.900.1.new/src/libjasper/include/jasper/jas_stream.h	2016-08-11 13:41:27.841153595 +0200
-@@ -215,7 +215,7 @@ typedef struct {
- 	uchar *bufstart_;
- 
- 	/* The buffer size. */
--	int bufsize_;
-+	size_t bufsize_;
- 
- 	/* The current position in the buffer. */
- 	uchar *ptr_;
-@@ -267,7 +267,7 @@ typedef struct {
- 	uchar *buf_;
- 
- 	/* The allocated size of the buffer for holding file data. */
--	int bufsize_;
-+	size_t bufsize_;
- 
- 	/* The length of the file. */
- 	int_fast32_t len_;
-@@ -291,7 +291,7 @@ typedef struct {
- jas_stream_t *jas_stream_fopen(const char *filename, const char *mode);
- 
- /* Open a memory buffer as a stream. */
--jas_stream_t *jas_stream_memopen(char *buf, int bufsize);
-+jas_stream_t *jas_stream_memopen(char *buf, size_t bufsize);
- 
- /* Open a file descriptor as a stream. */
- jas_stream_t *jas_stream_fdopen(int fd, const char *mode);
-@@ -366,7 +366,7 @@ int jas_stream_printf(jas_stream_t *stre
- int jas_stream_puts(jas_stream_t *stream, const char *s);
- 
- /* Read a line of input from a stream. */
--char *jas_stream_gets(jas_stream_t *stream, char *buf, int bufsize);
-+char *jas_stream_gets(jas_stream_t *stream, char *buf, size_t bufsize);
- 
- /* Look at the next character to be read from a stream without actually
-   removing it from the stream. */
-diff -urNp jasper-1.900.1.orig/src/libjasper/jpc/jpc_qmfb.c jasper-1.900.1.new/src/libjasper/jpc/jpc_qmfb.c
---- jasper-1.900.1.orig/src/libjasper/jpc/jpc_qmfb.c	2016-08-11 13:35:09.170895681 +0200
-+++ jasper-1.900.1.new/src/libjasper/jpc/jpc_qmfb.c	2016-08-11 13:45:20.847809678 +0200
-@@ -305,7 +305,7 @@ jpc_qmfb2d_t jpc_ns_qmfb2d = {
- void jpc_qmfb_split_row(jpc_fix_t *a, int numcols, int parity)
- {
- 
--	int bufsize = JPC_CEILDIVPOW2(numcols, 1);
-+	size_t bufsize = JPC_CEILDIVPOW2(numcols, 1);
- 	jpc_fix_t splitbuf[QMFB_SPLITBUFSIZE];
- 	jpc_fix_t *buf = splitbuf;
- 	register jpc_fix_t *srcptr;
-@@ -365,7 +365,7 @@ void jpc_qmfb_split_col(jpc_fix_t *a, in
-   int parity)
- {
- 
--	int bufsize = JPC_CEILDIVPOW2(numrows, 1);
-+	size_t bufsize = JPC_CEILDIVPOW2(numrows, 1);
- 	jpc_fix_t splitbuf[QMFB_SPLITBUFSIZE];
- 	jpc_fix_t *buf = splitbuf;
- 	register jpc_fix_t *srcptr;
-@@ -425,7 +425,7 @@ void jpc_qmfb_split_colgrp(jpc_fix_t *a,
-   int parity)
- {
- 
--	int bufsize = JPC_CEILDIVPOW2(numrows, 1);
-+	size_t bufsize = JPC_CEILDIVPOW2(numrows, 1);
- 	jpc_fix_t splitbuf[QMFB_SPLITBUFSIZE * JPC_QMFB_COLGRPSIZE];
- 	jpc_fix_t *buf = splitbuf;
- 	jpc_fix_t *srcptr;
-@@ -506,7 +506,7 @@ void jpc_qmfb_split_colres(jpc_fix_t *a,
-   int stride, int parity)
- {
- 
--	int bufsize = JPC_CEILDIVPOW2(numrows, 1);
-+	size_t bufsize = JPC_CEILDIVPOW2(numrows, 1);
- 	jpc_fix_t splitbuf[QMFB_SPLITBUFSIZE * JPC_QMFB_COLGRPSIZE];
- 	jpc_fix_t *buf = splitbuf;
- 	jpc_fix_t *srcptr;
-@@ -586,7 +586,7 @@ void jpc_qmfb_split_colres(jpc_fix_t *a,
- void jpc_qmfb_join_row(jpc_fix_t *a, int numcols, int parity)
- {
- 
--	int bufsize = JPC_CEILDIVPOW2(numcols, 1);
-+	size_t bufsize = JPC_CEILDIVPOW2(numcols, 1);
- 	jpc_fix_t joinbuf[QMFB_JOINBUFSIZE];
- 	jpc_fix_t *buf = joinbuf;
- 	register jpc_fix_t *srcptr;
-@@ -643,7 +643,7 @@ void jpc_qmfb_join_col(jpc_fix_t *a, int
-   int parity)
- {
- 
--	int bufsize = JPC_CEILDIVPOW2(numrows, 1);
-+	size_t bufsize = JPC_CEILDIVPOW2(numrows, 1);
- 	jpc_fix_t joinbuf[QMFB_JOINBUFSIZE];
- 	jpc_fix_t *buf = joinbuf;
- 	register jpc_fix_t *srcptr;
-@@ -700,7 +700,7 @@ void jpc_qmfb_join_colgrp(jpc_fix_t *a,
-   int parity)
- {
- 
--	int bufsize = JPC_CEILDIVPOW2(numrows, 1);
-+	size_t bufsize = JPC_CEILDIVPOW2(numrows, 1);
- 	jpc_fix_t joinbuf[QMFB_JOINBUFSIZE * JPC_QMFB_COLGRPSIZE];
- 	jpc_fix_t *buf = joinbuf;
- 	jpc_fix_t *srcptr;
-@@ -778,7 +778,7 @@ void jpc_qmfb_join_colres(jpc_fix_t *a,
-   int stride, int parity)
- {
- 
--	int bufsize = JPC_CEILDIVPOW2(numrows, 1);
-+	size_t bufsize = JPC_CEILDIVPOW2(numrows, 1);
- 	jpc_fix_t joinbuf[QMFB_JOINBUFSIZE * JPC_QMFB_COLGRPSIZE];
- 	jpc_fix_t *buf = joinbuf;
- 	jpc_fix_t *srcptr;
-diff -urNp jasper-1.900.1.orig/src/libjasper/mif/mif_cod.c jasper-1.900.1.new/src/libjasper/mif/mif_cod.c
---- jasper-1.900.1.orig/src/libjasper/mif/mif_cod.c	2016-08-11 13:35:09.179895601 +0200
-+++ jasper-1.900.1.new/src/libjasper/mif/mif_cod.c	2016-08-11 13:46:26.166415464 +0200
-@@ -107,7 +107,7 @@ static int mif_hdr_put(mif_hdr_t *hdr, j
- static int mif_hdr_addcmpt(mif_hdr_t *hdr, int cmptno, mif_cmpt_t *cmpt);
- static mif_cmpt_t *mif_cmpt_create(void);
- static void mif_cmpt_destroy(mif_cmpt_t *cmpt);
--static char *mif_getline(jas_stream_t *jas_stream, char *buf, int bufsize);
-+static char *mif_getline(jas_stream_t *jas_stream, char *buf, size_t bufsize);
- static int mif_getc(jas_stream_t *in);
- static mif_hdr_t *mif_makehdrfromimage(jas_image_t *image);
- 
-@@ -657,7 +657,7 @@ static void mif_cmpt_destroy(mif_cmpt_t
- * MIF parsing code.
- \******************************************************************************/
- 
--static char *mif_getline(jas_stream_t *stream, char *buf, int bufsize)
-+static char *mif_getline(jas_stream_t *stream, char *buf, size_t bufsize)
- {
- 	int c;
- 	char *bufptr;
diff --git a/package/jasper/jasper.hash b/package/jasper/jasper.hash
index 4d9ed7432afa..fdadbb283d1c 100644
--- a/package/jasper/jasper.hash
+++ b/package/jasper/jasper.hash
@@ -1,2 +1,2 @@
 # Locally calculated
-sha256	6e9a959bf4f8cb02f77f42d1b9880b8e85d021ac51f43d8787b5438fd2b7a1c5	jasper-1.900.1.tar.bz2
+sha256	6c942ae79108cd6a359e5bc34ea03565bd33ac20f6814cb09c4f92298b6b1cb8	jasper-1.900.22.tar.gz
diff --git a/package/jasper/jasper.mk b/package/jasper/jasper.mk
index db86ae88e126..4616fed1885d 100644
--- a/package/jasper/jasper.mk
+++ b/package/jasper/jasper.mk
@@ -4,15 +4,12 @@
 #
 ################################################################################
 
-JASPER_VERSION = 1.900.1
-JASPER_SITE = http://sources.openelec.tv/devel
-JASPER_SOURCE = jasper-$(JASPER_VERSION).tar.bz2
+JASPER_VERSION = 1.900.22
+JASPER_SITE = http://www.ece.uvic.ca/~frodo/jasper/software
 JASPER_INSTALL_STAGING = YES
 JASPER_DEPENDENCIES = jpeg
-JASPER_LICENSE = MIT
+JASPER_LICENSE = JasPer License Version 2.0
 JASPER_LICENSE_FILES = LICENSE
-# needed to fix rpath issue (http://autobuild.buildroot.net/results/307/307cac65287420252a5bb64715d9a1edd90e72fa/)
-JASPER_AUTORECONF = YES
 
 # Xtensa gcc is unable to generate correct code with -O0 enabled by
 # --enable-debug. Allow package build but disable debug.
-- 
2.10.2



More information about the buildroot mailing list