Changes - SailfishOS Open Build Service

Changes of Revision 1

We truncated the diff of some files because they were too big. If you want to see the full diff for every file, click here.

[-] [+]	Added	jasper.spec
@@ -0,0 +1,495 @@ +# +# spec file for package jasper +# +# Copyright (c) 2017 SUSE LINUX GmbH, Nuernberg, Germany. +# +# All modifications and additions to the file contributed by third parties +# remain the property of their copyright owners, unless otherwise agreed +# upon. The license for this file, and modifications and additions to the +# file, is the same license as for the pristine package itself (unless the +# license for the pristine package is not an Open Source License, in which +# case the license is the MIT License). An "Open Source License" is a +# license that conforms to the Open Source Definition (Version 1.9) +# published by the Open Source Initiative. + +# Please submit bugfixes or comments via http://bugs.opensuse.org/ +# + + +Name: jasper +Version: 1.900.14 +Release: 231.1 +Summary: An Implementation of the JPEG-2000 Standard, Part 1 +License: SUSE-Public-Domain +Group: Productivity/Graphics/Convertors +Url: http://www.ece.uvic.ca/~mdadams/jasper/ +Source: %{name}-%{version}.tar.bz2 +Source2: baselibs.conf +Patch0: jasper-1.900.1-uninitialized.patch +Patch1: jasper-CVE-2016-8654.patch +Patch2: jasper-CVE-2016-9395.patch +Patch3: jasper-CVE-2016-9398.patch +Patch4: jasper-CVE-2016-9560.patch +Patch5: jasper-CVE-2016-9591.patch +Patch6: jasper-CVE-2016-10251.patch +Patch7: jasper-CVE-2017-5498.patch +Patch8: jasper-CVE-2016-9600.patch +Patch9: jasper-CVE-2016-9583.patch +Patch10: jasper-CVE-2017-6850.patch +BuildRequires: autoconf +BuildRequires: automake +BuildRequires: gcc-c++ +BuildRequires: libdrm-devel +BuildRequires: libjpeg-devel +BuildRequires: libtool +BuildRequires: pkgconfig +BuildRequires: unzip +BuildRoot: %{_tmppath}/%{name}-%{version}-build + +%description +This package contains an implementation of the image compression +standard, JPEG-2000, Part 1. It consists of tools for conversion to and +from the JP2 and JPC formats. + +%package -n libjasper1 +Summary: JPEG-2000 library +# bug437293 +# used in <= 11.3 +Group: Productivity/Graphics/Convertors +Obsoletes: libjasper < %{version}-%{release} +Provides: libjasper = %{version}-%{release} +%ifarch ppc64 +Obsoletes: libjasper-64bit +%endif +# + +%description -n libjasper1 +This package contains libjasper, a library implementing the JPEG-2000 +image compression standard Part 1. + +%package -n libjasper-devel +Summary: Development files for libjasper, a JPEG-2000 library +# bug437293 +# +Group: Development/Libraries/C and C++ +Requires: libjasper1 = %{version} +Requires: libjpeg-devel +%ifarch ppc64 +Obsoletes: libjasper-devel-64bit +%endif + +%description -n libjasper-devel +This package contains libjasper, a library implementing the JPEG-2000 +image compression standard Part 1. + +%prep +%setup -q +%patch0 +%patch1 -p1 +%patch2 -p1 +%patch3 -p1 +%patch4 -p1 +%patch5 -p1 +%patch6 -p1 +%patch7 -p1 +%patch8 -p1 +%patch9 -p1 +%patch10 -p1 + +%build +libtoolize --force --copy --install +autoreconf -fi +export CFLAGS="%{optflags} -Wall -std=c99 -D_BSD_SOURCE" +%configure --prefix="%{_prefix}" --enable-shared --disable-static --libdir=%{_libdir} +make %{?_smp_mflags} +# +# Sanity check +# With some CFLAGS sets, uint, ulong and ushort are not visible and jas_config.h +# refefines system types. It can trigger build failures after +# #include <jasper/jasper.h>. +if grep "#define ushort" src/libjasper/include/jasper/jas_config.h ; then + echo "jas_config.h redefines system types" >&2 + exit 1 +fi + +%install +# % make_install +make install DESTDIR=%{buildroot} +mv doc/README doc/README.doc +rm %{buildroot}%{_bindir}/tmrdemo +# compatibility link, there was no interface change +ln -s libjasper.so.1.0.0 %{buildroot}%{_libdir}/libjasper-1.701.so.1 + +%post -n libjasper1 -p /sbin/ldconfig +%postun -n libjasper1 -p /sbin/ldconfig + +%files +%defattr(-,root,root) +%doc COPYRIGHT LICENSE NEWS README doc/* +%{_bindir}/imgcmp +%{_bindir}/imginfo +%{_bindir}/jasper +%{_mandir}/man/ + +%files -n libjasper1 +%defattr(-,root,root) +%{_libdir}/libjasper.so. + +%files -n libjasper-devel +%defattr(-,root,root) +%{_includedir}/jasper +%{_libdir}/libjasper.so +%{_libdir}/libjasper.la +%{_libdir}/pkgconfig/jasper.pc + +%changelog +* Wed Mar 22 2017 fstrba@suse.com +- Added patches: + * jasper-CVE-2016-9583.patch + - Out of bounds heap read in jpc_pi_nextpcrl() (bsc#1015400, + CVE-2016-9583) + * jasper-CVE-2017-6850.patch + - NULL pointer dereference in jp2_cdef_destroy (jp2_cod.c) + (bsc#1021868, CVE-2017-6850) +* Fri Mar 17 2017 fstrba@suse.com +- Added patches: + * jasper-CVE-2017-5498.patch + - Upstream changes putting braces and belts around + CVE-2017-5498, bsc#1020353, left-shift undefined behaviour + * jasper-CVE-2016-9600.patch + - Upstream fix for "Null Pointer Dereference due to missing + check for UNKNOWN color space in JP2 encoder" (CVE-2016-9600, + bsc#1018088) +* Thu Mar 16 2017 fstrba@suse.com +- Added patch: + * jasper-CVE-2016-10251.patch + - Upstream fix for bsc#1029497, CVE-2016-10251: Use of + uninitialized value in jpc_pi_nextcprl (jpc_t2cod.c) +* Mon Mar 6 2017 sbrabec@suse.com +- Add -D_BSD_SOURCE to fix redefinition of system types in + jas_config.h and breakage in ppc64le, s390 and s390x + (bsc#1028070). +* Wed Dec 21 2016 fstrba@suse.com +- Added patch: + * jasper-CVE-2016-9591.patch + - Fix for bsc#1015993, CVE-2016-9591: Use-after-free on heap in + jas_matrix_destroy +* Tue Dec 13 2016 fstrba@suse.com +- Added patches: + * jasper-CVE-2016-8654.patch + - Upstream fix for bsc#1012530, CVE-2016-8654: Heap-based + buffer overflow in QMFB code in JPC codec + * jasper-CVE-2016-9395.patch + - Upstream fix for bsc#1010977, CVE-2016-9395: jas_seq.c:90: + jas_matrix_t jas_seq2d_create(int, int, int, int): Assertion + 'xstart <= xend && ystart <= yend' failed + jasper-CVE-2016-9398.patch + - Fix for bsc#1010979, CVE-2016-9398: jpc_math.c:94: int + jpc_floorlog2(int): Assertion 'x > 0' failed + * jasper-CVE-2016-9560.patch + - Upstream fix for bsc#1011830, CVE-2016-9560: stack-based + buffer overflow in jpc_tsfb_getbands2 (jpc_tsfb.c) +* Fri Oct 28 2016 jengelh@inai.de +- Update summaries. Use %%_smp_mflags for parallel build. +* Wed Oct 26 2016 fstrba@suse.com +- Updated to bugfix release 1.900.14 + * Security fixes + + bsc#941919, CVE-2015-5203 + + bsc#1006591, CVE-2016-8880 + + bsc#1006593, CVE-2016-8881
[-] [+]	Added	jasper-1.900.1-uninitialized.patch ^
@@ -0,0 +1,11 @@ +--- src/libjasper/pnm/pnm_enc.c ++++ src/libjasper/pnm/pnm_enc.c +@@ -424,7 +424,7 @@ + static int pnm_putuint(jas_stream_t out, int wordsize, uint_fast32_t val) + { + int n; +- uint_fast32_t tmpval; ++ uint_fast32_t tmpval=0; + int c; + + n = (wordsize + 7) / 8;
[-] [+]	Added	jasper-CVE-2016-10251.patch ^
@@ -0,0 +1,87 @@ +--- jasper-1.900.14/src/libjasper/jpc/jpc_t2cod.c 2017-03-16 09:23:44.445202359 +0100 ++++ jasper-1.900.14/src/libjasper/jpc/jpc_t2cod.c 2017-03-16 09:25:00.433202141 +0100 +@@ -432,18 +432,18 @@ + &pi->picomps[pi->compno]; pi->compno < JAS_CAST(int, pchg->compnoend) && pi->compno < pi->numcomps; ++pi->compno, + ++pi->picomp) { + pirlvl = pi->picomp->pirlvls; +- pi->xstep = pi->picomp->hsamp * (1 << (pirlvl->prcwidthexpn + +- pi->picomp->numrlvls - 1)); +- pi->ystep = pi->picomp->vsamp * (1 << (pirlvl->prcheightexpn + +- pi->picomp->numrlvls - 1)); ++ pi->xstep = pi->picomp->hsamp * (JAS_CAST(uint_fast32_t, 1) << ++ (pirlvl->prcwidthexpn + pi->picomp->numrlvls - 1)); ++ pi->ystep = pi->picomp->vsamp * (JAS_CAST(uint_fast32_t, 1) << ++ (pirlvl->prcheightexpn + pi->picomp->numrlvls - 1)); + for (rlvlno = 1, pirlvl = &pi->picomp->pirlvls[1]; + rlvlno < pi->picomp->numrlvls; ++rlvlno, ++pirlvl) { +- pi->xstep = JAS_MIN(pi->xstep, pi->picomp->hsamp * (1 << +- (pirlvl->prcwidthexpn + pi->picomp->numrlvls - +- rlvlno - 1))); +- pi->ystep = JAS_MIN(pi->ystep, pi->picomp->vsamp * (1 << +- (pirlvl->prcheightexpn + pi->picomp->numrlvls - +- rlvlno - 1))); ++ pi->xstep = JAS_MIN(pi->xstep, pi->picomp->hsamp * ++ (JAS_CAST(uint_fast32_t, 1) << (pirlvl->prcwidthexpn + ++ pi->picomp->numrlvls - rlvlno - 1))); ++ pi->ystep = JAS_MIN(pi->ystep, pi->picomp->vsamp * ++ (JAS_CAST(uint_fast32_t, 1) << (pirlvl->prcheightexpn + ++ pi->picomp->numrlvls - rlvlno - 1))); + } + for (pi->y = pi->ystart; pi->y < pi->yend; + pi->y += pi->ystep - (pi->y % pi->ystep)) { +--- jasper-1.900.14/src/libjasper/jpc/jpc_t2cod.h 2017-03-16 09:23:44.445202359 +0100 ++++ jasper-1.900.14/src/libjasper/jpc/jpc_t2cod.h 2017-03-16 09:25:00.433202141 +0100 +@@ -129,10 +129,10 @@ + jpc_pirlvl_t pirlvls; + + / The horizontal sampling period. / +- int hsamp; ++ uint_fast32_t hsamp; + + / The vertical sampling period. / +- int vsamp; ++ uint_fast32_t vsamp; + + } jpc_picomp_t; + +@@ -171,32 +171,32 @@ + int lyrno; + + / The x-coordinate of the current position. / +- int x; ++ uint_fast32_t x; + + / The y-coordinate of the current position. / +- int y; ++ uint_fast32_t y; + + / The horizontal step size. / +- int xstep; ++ uint_fast32_t xstep; + + / The vertical step size. / +- int ystep; ++ uint_fast32_t ystep; + + / The x-coordinate of the top-left corner of the tile on the reference + grid. / +- int xstart; ++ uint_fast32_t xstart; + + / The y-coordinate of the top-left corner of the tile on the reference + grid. / +- int ystart; ++ uint_fast32_t ystart; + + / The x-coordinate of the bottom-right corner of the tile on the + reference grid (plus one). / +- int xend; ++ uint_fast32_t xend; + + / The y-coordinate of the bottom-right corner of the tile on the + reference grid (plus one). / +- int yend; ++ uint_fast32_t yend; + + / The current progression change. / + jpc_pchg_t pchg;
[-] [+]	Added	jasper-CVE-2016-8654.patch ^
@@ -0,0 +1,88 @@ +--- jasper-1.900.14/src/libjasper/jpc/jpc_qmfb.c 2016-10-24 08:18:43.000000000 +0200 ++++ jasper-1.900.14/src/libjasper/jpc/jpc_qmfb.c 2016-12-13 10:45:00.879969920 +0100 +@@ -374,7 +374,7 @@ + register jpc_fix_t dstptr; + register int n; + register int m; +- int hstartcol; ++ int hstartrow; + + / Get a buffer. / + if (bufsize > QMFB_SPLITBUFSIZE) { +@@ -385,9 +385,9 @@ + } + + if (numrows >= 2) { +- hstartcol = (numrows + 1 - parity) >> 1; +- // ORIGINAL (WRONG): m = (parity) ? hstartcol : (numrows - hstartcol); +- m = numrows - hstartcol; ++ hstartrow = (numrows + 1 - parity) >> 1; ++ // ORIGINAL (WRONG): m = (parity) ? hstartrow : (numrows - hstartrow); ++ m = numrows - hstartrow; + + / Save the samples destined for the highpass channel. / + n = m; +@@ -408,7 +408,7 @@ + srcptr += stride << 1; + } + / Copy the saved samples into the highpass channel. / +- dstptr = &a[hstartcol stride]; ++ dstptr = &a[hstartrow * stride]; + srcptr = buf; + n = m; + while (n-- > 0) { +@@ -439,20 +439,21 @@ + register int n; + register int i; + int m; +- int hstartcol; ++ int hstartrow; + + /* Get a buffer. / + if (bufsize > QMFB_SPLITBUFSIZE) { +- if (!(buf = jas_alloc2(bufsize, sizeof(jpc_fix_t)))) { ++ if (!(buf = jas_alloc3(bufsize, JPC_QMFB_COLGRPSIZE, ++ sizeof(jpc_fix_t)))) { + / We have no choice but to commit suicide in this case. / + abort(); + } + } + + if (numrows >= 2) { +- hstartcol = (numrows + 1 - parity) >> 1; +- // ORIGINAL (WRONG): m = (parity) ? hstartcol : (numrows - hstartcol); +- m = numrows - hstartcol; ++ hstartrow = (numrows + 1 - parity) >> 1; ++ // ORIGINAL (WRONG): m = (parity) ? hstartrow : (numrows - hstartrow); ++ m = numrows - hstartrow; + + / Save the samples destined for the highpass channel. / + n = m; +@@ -485,7 +486,7 @@ + srcptr += stride << 1; + } + / Copy the saved samples into the highpass channel. / +- dstptr = &a[hstartcol stride]; ++ dstptr = &a[hstartrow * stride]; + srcptr = buf; + n = m; + while (n-- > 0) { +@@ -526,7 +527,7 @@ + + /* Get a buffer. / + if (bufsize > QMFB_SPLITBUFSIZE) { +- if (!(buf = jas_alloc2(bufsize, sizeof(jpc_fix_t)))) { ++ if (!(buf = jas_alloc3(bufsize, numcols, sizeof(jpc_fix_t)))) { + / We have no choice but to commit suicide in this case. / + abort(); + } +@@ -721,7 +722,8 @@ + + / Allocate memory for the join buffer from the heap. / + if (bufsize > QMFB_JOINBUFSIZE) { +- if (!(buf = jas_alloc3(bufsize, JPC_QMFB_COLGRPSIZE, sizeof(jpc_fix_t)))) { ++ if (!(buf = jas_alloc3(bufsize, JPC_QMFB_COLGRPSIZE, ++ sizeof(jpc_fix_t)))) { + / We have no choice but to commit suicide. */ + abort(); + }
[-] [+]	Added	jasper-CVE-2016-9395.patch ^
@@ -0,0 +1,96 @@ +--- jasper-1.900.14/src/libjasper/jpc/jpc_cs.c 2016-10-26 08:57:31.000000000 +0200 ++++ jasper-1.900.14/src/libjasper/jpc/jpc_cs.c 2016-12-13 10:49:36.673944174 +0100 +@@ -489,6 +489,8 @@ + unsigned int i; + uint_fast8_t tmp; + ++ siz->comps = 0; ++ + /* Eliminate compiler warning about unused variables. / + cstate = 0; + +@@ -502,44 +504,67 @@ + jpc_getuint32(in, &siz->tilexoff) \|\| + jpc_getuint32(in, &siz->tileyoff) \|\| + jpc_getuint16(in, &siz->numcomps)) { +- return -1; ++ goto error; + } +- if (!siz->width \|\| !siz->height \|\| !siz->tilewidth \|\| +- !siz->tileheight \|\| !siz->numcomps \|\| siz->numcomps > 16384) { +- return -1; +- } +- if (siz->tilexoff >= siz->width \|\| siz->tileyoff >= siz->height) { +- jas_eprintf("all tiles are outside the image area\n"); +- return -1; ++ if (!siz->width \|\| !siz->height) { ++ jas_eprintf("reference grid cannot have zero area\n"); ++ goto error; ++ } ++ if (!siz->tilewidth \|\| !siz->tileheight) { ++ jas_eprintf("tile cannot have zero area\n"); ++ goto error; ++ } ++ if (!siz->numcomps \|\| siz->numcomps > 16384) { ++ jas_eprintf("number of components not in permissible range\n"); ++ goto error; ++ } ++ if (siz->xoff >= siz->width) { ++ jas_eprintf("XOsiz not in permissible range\n"); ++ goto error; ++ } ++ if (siz->yoff >= siz->height) { ++ jas_eprintf("YOsiz not in permissible range\n"); ++ goto error; ++ } ++ if (siz->tilexoff > siz->xoff \|\| siz->tilexoff + siz->tilewidth <= siz->xoff) { ++ jas_eprintf("XTOsiz not in permissible range\n"); ++ goto error; ++ } ++ if (siz->tileyoff > siz->yoff \|\| siz->tileyoff + siz->tileheight <= siz->yoff) { ++ jas_eprintf("YTOsiz not in permissible range\n"); ++ goto error; + } ++ + if (!(siz->comps = jas_alloc2(siz->numcomps, sizeof(jpc_sizcomp_t)))) { +- return -1; ++ goto error; + } + for (i = 0; i < siz->numcomps; ++i) { + if (jpc_getuint8(in, &tmp) \|\| + jpc_getuint8(in, &siz->comps[i].hsamp) \|\| + jpc_getuint8(in, &siz->comps[i].vsamp)) { +- jas_free(siz->comps); +- return -1; ++ goto error; + } + if (siz->comps[i].hsamp == 0 \|\| siz->comps[i].hsamp > 255) { + jas_eprintf("invalid XRsiz value %d\n", siz->comps[i].hsamp); +- jas_free(siz->comps); +- return -1; ++ goto error; + } + if (siz->comps[i].vsamp == 0 \|\| siz->comps[i].vsamp > 255) { + jas_eprintf("invalid YRsiz value %d\n", siz->comps[i].vsamp); +- jas_free(siz->comps); +- return -1; ++ goto error; + } + siz->comps[i].sgnd = (tmp >> 7) & 1; + siz->comps[i].prec = (tmp & 0x7f) + 1; + } + if (jas_stream_eof(in)) { +- jas_free(siz->comps); +- return -1; ++ goto error; + } + return 0; ++ ++error: ++ if (siz->comps) { ++ jas_free(siz->comps); ++ } ++ return -1; + } + + static int jpc_siz_putparms(jpc_ms_t ms, jpc_cstate_t cstate, jas_stream_t out)
[-] [+]	Added	jasper-CVE-2016-9398.patch ^
@@ -0,0 +1,12 @@ +--- jasper-1.900.14/src/libjasper/jpc/jpc_t2dec.c 2016-10-18 08:27:00.000000000 +0200 ++++ jasper-1.900.14/src/libjasper/jpc/jpc_t2dec.c 2016-12-13 10:42:02.827869570 +0100 +@@ -296,6 +296,9 @@ + passno = cblk->firstpassno + cblk->numpasses + mycounter; + /* XXX - the maxpasses is not set precisely but this doesn't matter... */ + maxpasses = JPC_SEGPASSCNT(passno, cblk->firstpassno, 10000, (ccp->cblkctx & JPC_COX_LAZY) != 0, (ccp->cblkctx & JPC_COX_TERMALL) != 0); ++ // Avoid maxpasses to be negative ++ if (maxpasses < 0) ++ maxpasses = -maxpasses; + if (!discard && !seg) { + if (!(seg = jpc_seg_alloc())) { + return -1;
[-] [+]	Added	jasper-CVE-2016-9560.patch ^
@@ -0,0 +1,12 @@ +--- jasper-1.900.14/src/libjasper/jpc/jpc_dec.c 2016-10-26 08:57:31.000000000 +0200 ++++ jasper-1.900.14/src/libjasper/jpc/jpc_dec.c 2016-12-13 10:46:55.441456344 +0100 +@@ -678,7 +678,7 @@ + uint_fast32_t tmpxend; + uint_fast32_t tmpyend; + jpc_dec_cp_t cp; +- jpc_tsfb_band_t bnds[64]; ++ jpc_tsfb_band_t bnds[JPC_MAXBANDS]; + jpc_pchg_t pchg; + int pchgno; + jpc_dec_cmpt_t *cmpt; +Only in jasper-1.900.14/src/libjasper/jpc: jpc_dec.c.orig
[-] [+]	Added	jasper-CVE-2016-9583.patch ^
@@ -0,0 +1,219 @@ +--- jasper-1.900.14/src/libjasper/include/jasper/jas_types.h 2017-03-22 10:14:30.098037013 +0100 ++++ jasper-1.900.14/src/libjasper/include/jasper/jas_types.h 2017-03-22 10:15:11.619685037 +0100 +@@ -128,6 +128,10 @@ + #define JAS_CAST(t, e) \ + ((t) (e)) + ++/* The number of bits in the integeral type uint_fast32_t. / ++/ NOTE: This could underestimate the size on some exotic architectures. / ++#define JAS_UINTFAST32_NUMBITS (8 sizeof(uint_fast32_t)) ++ + #ifdef __cplusplus + extern "C" { + #endif +--- jasper-1.900.14/src/libjasper/jpc/jpc_t2cod.c 2017-03-22 10:14:30.102037013 +0100 ++++ jasper-1.900.14/src/libjasper/jpc/jpc_t2cod.c 2017-03-22 10:15:11.619685037 +0100 +@@ -200,7 +200,8 @@ + JAS_CAST(int, pchg->lyrnoend); ++pi->lyrno) { + for (pi->compno = pchg->compnostart, pi->picomp = + &pi->picomps[pi->compno]; pi->compno < pi->numcomps && +- pi->compno < JAS_CAST(int, pchg->compnoend); ++pi->compno, ++pi->picomp) { ++ pi->compno < JAS_CAST(int, pchg->compnoend); ++pi->compno, ++ ++pi->picomp) { + if (pi->rlvlno >= pi->picomp->numrlvls) { + continue; + } +@@ -249,10 +250,17 @@ + ++compno, ++picomp) { + for (rlvlno = 0, pirlvl = picomp->pirlvls; rlvlno < + picomp->numrlvls; ++rlvlno, ++pirlvl) { +- xstep = picomp->hsamp * (1 << (pirlvl->prcwidthexpn + +- picomp->numrlvls - rlvlno - 1)); +- ystep = picomp->vsamp * (1 << (pirlvl->prcheightexpn + +- picomp->numrlvls - rlvlno - 1)); ++ // Check for the potential for overflow problems. ++ if (pirlvl->prcwidthexpn + pi->picomp->numrlvls > ++ JAS_UINTFAST32_NUMBITS - 2 \|\| ++ pirlvl->prcheightexpn + pi->picomp->numrlvls > ++ JAS_UINTFAST32_NUMBITS - 2) { ++ return -1; ++ } ++ xstep = picomp->hsamp * (JAS_CAST(uint_fast32_t, 1) << ++ (pirlvl->prcwidthexpn + picomp->numrlvls - rlvlno - 1)); ++ ystep = picomp->vsamp * (JAS_CAST(uint_fast32_t, 1) << ++ (pirlvl->prcheightexpn + picomp->numrlvls - rlvlno - 1)); + pi->xstep = (!pi->xstep) ? xstep : JAS_MIN(pi->xstep, xstep); + pi->ystep = (!pi->ystep) ? ystep : JAS_MIN(pi->ystep, ystep); + } +@@ -282,21 +290,24 @@ + rpy = r + pi->pirlvl->prcheightexpn; + trx0 = JPC_CEILDIV(pi->xstart, pi->picomp->hsamp << r); + try0 = JPC_CEILDIV(pi->ystart, pi->picomp->vsamp << r); +- if (((pi->x == pi->xstart && ((trx0 << r) % (1 << rpx))) +- \|\| !(pi->x % (1 << rpx))) && +- ((pi->y == pi->ystart && ((try0 << r) % (1 << rpy))) +- \|\| !(pi->y % (1 << rpy)))) { +- prchind = JPC_FLOORDIVPOW2(JPC_CEILDIV(pi->x, pi->picomp->hsamp +- << r), pi->pirlvl->prcwidthexpn) - JPC_FLOORDIVPOW2(trx0, +- pi->pirlvl->prcwidthexpn); +- prcvind = JPC_FLOORDIVPOW2(JPC_CEILDIV(pi->y, pi->picomp->vsamp +- << r), pi->pirlvl->prcheightexpn) - JPC_FLOORDIVPOW2(try0, +- pi->pirlvl->prcheightexpn); ++ if (((pi->x == pi->xstart && ++ ((trx0 << r) % (JAS_CAST(uint_fast32_t, 1) << rpx))) ++ \|\| !(pi->x % (JAS_CAST(uint_fast32_t, 1) << rpx))) && ++ ((pi->y == pi->ystart && ++ ((try0 << r) % (JAS_CAST(uint_fast32_t, 1) << rpy))) ++ \|\| !(pi->y % (JAS_CAST(uint_fast32_t, 1) << rpy)))) { ++ prchind = JPC_FLOORDIVPOW2(JPC_CEILDIV(pi->x, ++ pi->picomp->hsamp << r), pi->pirlvl->prcwidthexpn) - ++ JPC_FLOORDIVPOW2(trx0, pi->pirlvl->prcwidthexpn); ++ prcvind = JPC_FLOORDIVPOW2(JPC_CEILDIV(pi->y, ++ pi->picomp->vsamp << r), pi->pirlvl->prcheightexpn) - ++ JPC_FLOORDIVPOW2(try0, pi->pirlvl->prcheightexpn); + pi->prcno = prcvind * pi->pirlvl->numhprcs + prchind; + + assert(pi->prcno < pi->pirlvl->numprcs); + for (pi->lyrno = 0; pi->lyrno < +- pi->numlyrs && pi->lyrno < JAS_CAST(int, pchg->lyrnoend); ++pi->lyrno) { ++ pi->numlyrs && pi->lyrno < JAS_CAST(int, ++ pchg->lyrnoend); ++pi->lyrno) { + prclyrno = &pi->pirlvl->prclyrnos[pi->prcno]; + if (pi->lyrno >= prclyrno) { + ++(prclyrno); +@@ -341,16 +352,19 @@ + ++compno, ++picomp) { + for (rlvlno = 0, pirlvl = picomp->pirlvls; rlvlno < + picomp->numrlvls; ++rlvlno, ++pirlvl) { +- xstep = picomp->hsamp * (1 << +- (pirlvl->prcwidthexpn + picomp->numrlvls - +- rlvlno - 1)); +- ystep = picomp->vsamp * (1 << +- (pirlvl->prcheightexpn + picomp->numrlvls - +- rlvlno - 1)); +- pi->xstep = (!pi->xstep) ? xstep : +- JAS_MIN(pi->xstep, xstep); +- pi->ystep = (!pi->ystep) ? ystep : +- JAS_MIN(pi->ystep, ystep); ++ // Check for the potential for overflow problems. ++ if (pirlvl->prcwidthexpn + pi->picomp->numrlvls > ++ JAS_UINTFAST32_NUMBITS - 2 \|\| ++ pirlvl->prcheightexpn + pi->picomp->numrlvls > ++ JAS_UINTFAST32_NUMBITS - 2) { ++ return -1; ++ } ++ xstep = picomp->hsamp * (JAS_CAST(uint_fast32_t, 1) << ++ (pirlvl->prcwidthexpn + picomp->numrlvls - rlvlno - 1)); ++ ystep = picomp->vsamp * (JAS_CAST(uint_fast32_t, 1) << ++ (pirlvl->prcheightexpn + picomp->numrlvls - rlvlno - 1)); ++ pi->xstep = (!pi->xstep) ? xstep : JAS_MIN(pi->xstep, xstep); ++ pi->ystep = (!pi->ystep) ? ystep : JAS_MIN(pi->ystep, ystep); + } + } + pi->prgvolfirst = 0; +@@ -377,20 +391,23 @@ + try0 = JPC_CEILDIV(pi->ystart, pi->picomp->vsamp << r); + rpx = r + pi->pirlvl->prcwidthexpn; + rpy = r + pi->pirlvl->prcheightexpn; +- if (((pi->x == pi->xstart && ((trx0 << r) % (1 << rpx))) \|\| ++ if (((pi->x == pi->xstart && ++ ((trx0 << r) % (JAS_CAST(uint_fast32_t, 1) << rpx))) \|\| + !(pi->x % (pi->picomp->hsamp << rpx))) && +- ((pi->y == pi->ystart && ((try0 << r) % (1 << rpy))) \|\| ++ ((pi->y == pi->ystart && ++ ((try0 << r) % (JAS_CAST(uint_fast32_t, 1) << rpy))) \|\| + !(pi->y % (pi->picomp->vsamp << rpy)))) { +- prchind = JPC_FLOORDIVPOW2(JPC_CEILDIV(pi->x, pi->picomp->hsamp +- << r), pi->pirlvl->prcwidthexpn) - JPC_FLOORDIVPOW2(trx0, +- pi->pirlvl->prcwidthexpn); +- prcvind = JPC_FLOORDIVPOW2(JPC_CEILDIV(pi->y, pi->picomp->vsamp +- << r), pi->pirlvl->prcheightexpn) - JPC_FLOORDIVPOW2(try0, +- pi->pirlvl->prcheightexpn); ++ prchind = JPC_FLOORDIVPOW2(JPC_CEILDIV(pi->x, ++ pi->picomp->hsamp << r), pi->pirlvl->prcwidthexpn) - ++ JPC_FLOORDIVPOW2(trx0, pi->pirlvl->prcwidthexpn); ++ prcvind = JPC_FLOORDIVPOW2(JPC_CEILDIV(pi->y, ++ pi->picomp->vsamp << r), pi->pirlvl->prcheightexpn) - ++ JPC_FLOORDIVPOW2(try0, pi->pirlvl->prcheightexpn); + pi->prcno = prcvind * pi->pirlvl->numhprcs + prchind; + assert(pi->prcno < pi->pirlvl->numprcs); + for (pi->lyrno = 0; pi->lyrno < pi->numlyrs && +- pi->lyrno < JAS_CAST(int, pchg->lyrnoend); ++pi->lyrno) { ++ pi->lyrno < JAS_CAST(int, pchg->lyrnoend); ++ ++pi->lyrno) { + prclyrno = &pi->pirlvl->prclyrnos[pi->prcno]; + if (pi->lyrno >= prclyrno) { + ++(prclyrno); +@@ -428,10 +445,17 @@ + pi->prgvolfirst = 0; + } + +- for (pi->compno = pchg->compnostart, pi->picomp = +- &pi->picomps[pi->compno]; pi->compno < JAS_CAST(int, pchg->compnoend) && pi->compno < pi->numcomps; ++pi->compno, +- ++pi->picomp) { ++ for (pi->compno = pchg->compnostart, pi->picomp = &pi->picomps[pi->compno]; ++ pi->compno < JAS_CAST(int, pchg->compnoend) && pi->compno < pi->numcomps; ++ ++pi->compno, ++pi->picomp) { + pirlvl = pi->picomp->pirlvls; ++ // Check for the potential for overflow problems. ++ if (pirlvl->prcwidthexpn + pi->picomp->numrlvls > ++ JAS_UINTFAST32_NUMBITS - 2 \|\| ++ pirlvl->prcheightexpn + pi->picomp->numrlvls > ++ JAS_UINTFAST32_NUMBITS - 2) { ++ return -1; ++ } + pi->xstep = pi->picomp->hsamp * (JAS_CAST(uint_fast32_t, 1) << + (pirlvl->prcwidthexpn + pi->picomp->numrlvls - 1)); + pi->ystep = pi->picomp->vsamp * (JAS_CAST(uint_fast32_t, 1) << +@@ -461,23 +485,23 @@ + try0 = JPC_CEILDIV(pi->ystart, pi->picomp->vsamp << r); + rpx = r + pi->pirlvl->prcwidthexpn; + rpy = r + pi->pirlvl->prcheightexpn; +- if (((pi->x == pi->xstart && ((trx0 << r) % (1 << rpx))) \|\| ++ if (((pi->x == pi->xstart && ++ ((trx0 << r) % (JAS_CAST(uint_fast32_t, 1) << rpx))) \|\| + !(pi->x % (pi->picomp->hsamp << rpx))) && +- ((pi->y == pi->ystart && ((try0 << r) % (1 << rpy))) \|\| ++ ((pi->y == pi->ystart && ++ ((try0 << r) % (JAS_CAST(uint_fast32_t, 1) << rpy))) \|\| + !(pi->y % (pi->picomp->vsamp << rpy)))) { +- prchind = JPC_FLOORDIVPOW2(JPC_CEILDIV(pi->x, pi->picomp->hsamp +- << r), pi->pirlvl->prcwidthexpn) - JPC_FLOORDIVPOW2(trx0, +- pi->pirlvl->prcwidthexpn); +- prcvind = JPC_FLOORDIVPOW2(JPC_CEILDIV(pi->y, pi->picomp->vsamp +- << r), pi->pirlvl->prcheightexpn) - JPC_FLOORDIVPOW2(try0, +- pi->pirlvl->prcheightexpn); +- pi->prcno = prcvind * +- pi->pirlvl->numhprcs + +- prchind; +- assert(pi->prcno < +- pi->pirlvl->numprcs); +- for (pi->lyrno = 0; pi->lyrno < +- pi->numlyrs && pi->lyrno < JAS_CAST(int, pchg->lyrnoend); ++pi->lyrno) { ++ prchind = JPC_FLOORDIVPOW2(JPC_CEILDIV(pi->x, ++ pi->picomp->hsamp << r), pi->pirlvl->prcwidthexpn) - ++ JPC_FLOORDIVPOW2(trx0, pi->pirlvl->prcwidthexpn); ++ prcvind = JPC_FLOORDIVPOW2(JPC_CEILDIV(pi->y, ++ pi->picomp->vsamp << r), pi->pirlvl->prcheightexpn) - ++ JPC_FLOORDIVPOW2(try0, pi->pirlvl->prcheightexpn); ++ pi->prcno = prcvind * pi->pirlvl->numhprcs + prchind;
[-] [+]	Added	jasper-CVE-2016-9591.patch ^
@@ -0,0 +1,106 @@ +--- jasper-1.900.14/src/libjasper/jpc/jpc_enc.c 2016-10-26 08:57:31.000000000 +0200 ++++ jasper-1.900.14/src/libjasper/jpc/jpc_enc.c 2016-12-21 09:13:46.503347680 +0100 +@@ -2027,14 +2027,18 @@ + tcmpt_destroy(tcmpt); + } + jas_free(tile->tcmpts); ++ tile->tcmpts = NULL; + } + if (tile->lyrsizes) { + jas_free(tile->lyrsizes); ++ tile->lyrsizes = NULL; + } + if (tile->pi) { + jpc_pi_destroy(tile->pi); ++ tile->pi = NULL; + } + jas_free(tile); ++ tile = NULL; + } + + static jpc_enc_tcmpt_t tcmpt_create(jpc_enc_tcmpt_t tcmpt, jpc_enc_cp_t *cp, +@@ -2143,13 +2147,16 @@ + rlvl_destroy(rlvl); + } + jas_free(tcmpt->rlvls); ++ tcmpt->rlvls = NULL; + } + + if (tcmpt->data) { + jas_seq2d_destroy(tcmpt->data); ++ tcmpt->data = NULL; + } + if (tcmpt->tsfb) { + jpc_tsfb_destroy(tcmpt->tsfb); ++ tcmpt->tsfb = NULL; + } + } + +@@ -2245,6 +2252,7 @@ + band_destroy(band); + } + jas_free(rlvl->bands); ++ rlvl->bands = NULL; + } + } + +@@ -2328,9 +2336,11 @@ + prc_destroy(prc); + } + jas_free(band->prcs); ++ band->prcs = NULL; + } + if (band->data) { + jas_seq2d_destroy(band->data); ++ band->data = NULL; + } + } + +@@ -2470,18 +2480,23 @@ + cblk_destroy(cblk); + } + jas_free(prc->cblks); ++ prc->cblks = NULL; + } + if (prc->incltree) { + jpc_tagtree_destroy(prc->incltree); ++ prc->incltree = NULL; + } + if (prc->nlibtree) { + jpc_tagtree_destroy(prc->nlibtree); ++ prc->nlibtree = NULL; + } + if (prc->savincltree) { + jpc_tagtree_destroy(prc->savincltree); ++ prc->savincltree = NULL; + } + if (prc->savnlibtree) { + jpc_tagtree_destroy(prc->savnlibtree); ++ prc->savnlibtree = NULL; + } + } + +@@ -2553,18 +2568,23 @@ + pass_destroy(pass); + } + jas_free(cblk->passes); ++ cblk->passes = NULL; + } + if (cblk->stream) { + jas_stream_close(cblk->stream); ++ cblk->stream = NULL; + } + if (cblk->mqenc) { + jpc_mqenc_destroy(cblk->mqenc); ++ cblk->mqenc = NULL; + } + if (cblk->data) { + jas_seq2d_destroy(cblk->data); ++ cblk->data = NULL; + } + if (cblk->flags) { + jas_seq2d_destroy(cblk->flags); ++ cblk->flags = NULL; + } + } +
[-] [+]	Added	jasper-CVE-2016-9600.patch ^
@@ -0,0 +1,73 @@ +--- jasper-1.900.14/src/libjasper/jp2/jp2_enc.c 2017-03-17 09:43:12.997336723 +0100 ++++ jasper-1.900.14/src/libjasper/jp2/jp2_enc.c 2017-03-17 09:44:09.605336937 +0100 +@@ -112,6 +112,8 @@ + + box = 0; + tmpstream = 0; ++ iccstream = 0; ++ iccprof = 0; + + allcmptssame = 1; + sgnd = jas_image_cmptsgnd(image, 0); +@@ -225,22 +227,36 @@ + colr->method = JP2_COLR_ICC; + colr->pri = JP2_COLR_PRI; + colr->approx = 0; +- iccprof = jas_iccprof_createfromcmprof(jas_image_cmprof(image)); +- assert(iccprof); +- iccstream = jas_stream_memopen(0, 0); +- assert(iccstream); +- if (jas_iccprof_save(iccprof, iccstream)) +- abort(); +- if ((pos = jas_stream_tell(iccstream)) < 0) +- abort(); ++ /* Ensure that cmprof_ is not null. */ ++ if (!jas_image_cmprof(image)) { ++ goto error; ++ } ++ if (!(iccprof = jas_iccprof_createfromcmprof( ++ jas_image_cmprof(image)))) { ++ goto error; ++ } ++ if (!(iccstream = jas_stream_memopen(0, 0))) { ++ goto error; ++ } ++ if (jas_iccprof_save(iccprof, iccstream)) { ++ goto error; ++ } ++ if ((pos = jas_stream_tell(iccstream)) < 0) { ++ goto error; ++ } + colr->iccplen = pos; +- colr->iccp = jas_malloc(pos); +- assert(colr->iccp); ++ if (!(colr->iccp = jas_malloc(pos))) { ++ goto error; ++ } + jas_stream_rewind(iccstream); +- if (jas_stream_read(iccstream, colr->iccp, colr->iccplen) != colr->iccplen) +- abort(); ++ if (jas_stream_read(iccstream, colr->iccp, colr->iccplen) != ++ colr->iccplen) { ++ goto error; ++ } + jas_stream_close(iccstream); ++ iccstream = 0; + jas_iccprof_destroy(iccprof); ++ iccprof = 0; + break; + } + if (jp2_box_put(box, tmpstream)) { +@@ -354,6 +370,12 @@ + + error: + ++ if (iccprof) { ++ jas_iccprof_destroy(iccprof); ++ } ++ if (iccstream) { ++ jas_stream_close(iccstream); ++ } + if (box) { + jp2_box_destroy(box); + }
[-] [+]	Added	jasper-CVE-2017-5498.patch ^
@@ -0,0 +1,254 @@ +--- jasper-1.900.14/configure.ac 2017-03-17 08:43:25.687753771 +0100 ++++ jasper-1.900.14/configure.ac 2017-03-17 09:16:38.537161365 +0100 +@@ -130,6 +130,16 @@ + /* If configure is being used, this symbol will be defined automatically + at this point in the configuration header file. / + ++#if defined(__GNUC__) ++#define JAS_ATTRIBUTE_DISABLE_USAN \ ++ __attribute__((no_sanitize_undefined)) ++#elif defined(__clang__) ++#define JAS_ATTRIBUTE_DISABLE_USAN \ ++ __attribute__((no_sanitize("undefined"))) ++#else ++#define JAS_ATTRIBUTE_DISABLE_USAN ++#endif ++ + / The preprocessor symbol JAS_WIN_MSVC_BUILD should not be defined + unless the JasPer software is being built under Microsoft Windows + using Microsoft Visual C. / +--- jasper-1.900.14/src/appl/imgcmp.c 2017-03-17 08:43:25.687753771 +0100 ++++ jasper-1.900.14/src/appl/imgcmp.c 2017-03-17 09:17:02.777161456 +0100 +@@ -439,7 +439,7 @@ + s = 0.0; + for (i = 0; i < jas_matrix_numrows(x); i++) { + for (j = 0; j < jas_matrix_numcols(x); j++) { +- d = abs(jas_matrix_get(y, i, j) - jas_matrix_get(x, i, j)); ++ d = JAS_ABS(jas_matrix_get(y, i, j) - jas_matrix_get(x, i, j)); + if (d > s) { + s = d; + } +--- jasper-1.900.14/src/appl/jiv.c 2017-03-17 08:43:25.687753771 +0100 ++++ jasper-1.900.14/src/appl/jiv.c 2017-03-17 09:17:02.777161456 +0100 +@@ -377,7 +377,7 @@ + + assert(regwidth > 0); + assert(regheight > 0); +- assert(abs(((double) regheight / regwidth) - ((double) gs.viewportheight / gs.viewportwidth)) < 1e-5); ++ assert(JAS_ABS(((double) regheight / regwidth) - ((double) gs.viewportheight / gs.viewportwidth)) < 1e-5); + + glClear(GL_COLOR_BUFFER_BIT); + glPixelStorei(GL_UNPACK_ALIGNMENT, sizeof(GLshort)); +--- jasper-1.900.14/src/libjasper/include/jasper/jas_image.h 2017-03-17 08:43:25.667753771 +0100 ++++ jasper-1.900.14/src/libjasper/include/jasper/jas_image.h 2017-03-17 09:17:02.777161456 +0100 +@@ -93,8 +93,12 @@ + Miscellaneous constants. + / + ++/ Basic units / ++#define JAS_IMAGE_KIBI (JAS_CAST(size_t, 1024)) ++#define JAS_IMAGE_MEBI (JAS_IMAGE_KIBI JAS_IMAGE_KIBI) ++ + /* The threshold at which image data is no longer stored in memory. / +-#define JAS_IMAGE_INMEMTHRESH (16 1024 * 1024) ++#define JAS_IMAGE_INMEMTHRESH (256 * JAS_IMAGE_MEBI) + + /* + * Component types +--- jasper-1.900.14/src/libjasper/include/jasper/jas_math.h 2017-03-17 08:43:25.667753771 +0100 ++++ jasper-1.900.14/src/libjasper/include/jasper/jas_math.h 2017-03-17 09:17:02.777161456 +0100 +@@ -75,6 +75,7 @@ + \*****************************************************************************/ + + #include <jasper/jas_config.h> ++#include <jasper/jas_types.h> + + #include <assert.h> + #include <stdio.h> +@@ -116,9 +117,12 @@ + + \*****************************************************************************/ + +-__attribute__ ((no_sanitize_undefined)) ++JAS_ATTRIBUTE_DISABLE_USAN + inline static int jas_int_asr(int x, int n) + { ++ // Ensure that the shift of a negative value appears to behave as a ++ // signed arithmetic shift. ++ assert(((-1) >> 1) == -1); + assert(n >= 0); + // The behavior is undefined when x is negative. / + // We tacitly assume the behavior is equivalent to a signed +@@ -126,9 +130,12 @@ + return x >> n; + } + +-__attribute__ ((no_sanitize_undefined)) ++JAS_ATTRIBUTE_DISABLE_USAN + inline static int jas_int_asl(int x, int n) + { ++ // Ensure that the shift of a negative value appears to behave as a ++ // signed arithmetic shift. ++ assert(((-1) << 1) == -2); + assert(n >= 0); + // The behavior is undefined when x is negative. / + // We tacitly assume the behavior is equivalent to a signed +@@ -136,9 +143,12 @@ + return x << n; + } + +-__attribute__ ((no_sanitize_undefined)) ++JAS_ATTRIBUTE_DISABLE_USAN + inline static int jas_fast32_asr(int_fast32_t x, int n) + { ++ // Ensure that the shift of a negative value appears to behave as a ++ // signed arithmetic shift. ++ assert(((JAS_CAST(int_fast32_t, -1)) >> 1) == JAS_CAST(int_fast32_t, -1)); + assert(n >= 0); + // The behavior is undefined when x is negative. / + // We tacitly assume the behavior is equivalent to a signed +@@ -146,9 +156,12 @@ + return x >> n; + } + +-__attribute__ ((no_sanitize_undefined)) ++JAS_ATTRIBUTE_DISABLE_USAN + inline static int jas_fast32_asl(int_fast32_t x, int n) + { ++ // Ensure that the shift of a negative value appears to behave as a ++ // signed arithmetic shift. ++ assert(((JAS_CAST(int_fast32_t, -1)) << 1) == JAS_CAST(int_fast32_t, -2)); + assert(n >= 0); + // The behavior is undefined when x is negative. / + // We tacitly assume the behavior is equivalent to a signed +--- jasper-1.900.14/src/libjasper/jpc/jpc_enc.c 2017-03-17 08:43:25.671753771 +0100 ++++ jasper-1.900.14/src/libjasper/jpc/jpc_enc.c 2017-03-17 09:17:02.777161456 +0100 +@@ -1215,7 +1215,7 @@ + mxmag = 0; + for (y = 0; y < JAS_CAST(uint_fast32_t, jas_matrix_numrows(band->data)); ++y) { + for (x = 0; x < JAS_CAST(uint_fast32_t, jas_matrix_numcols(band->data)); ++x) { +- mag = abs(jas_matrix_get(band->data, y, x)); ++ mag = JAS_ABS(jas_matrix_get(band->data, y, x)); + if (mag > mxmag) { + mxmag = mag; + } +--- jasper-1.900.14/src/libjasper/jpc/jpc_t1enc.c 2017-03-17 08:43:25.671753771 +0100 ++++ jasper-1.900.14/src/libjasper/jpc/jpc_t1enc.c 2017-03-17 09:17:02.777161456 +0100 +@@ -117,9 +117,9 @@ + jpc_enc_cblk_t endcblks; + int i; + int j; +- int mx; +- int bmx; +- int v; ++ jpc_fix_t mx; ++ jpc_fix_t bmx; ++ jpc_fix_t v; + jpc_enc_tile_t tile; + uint_fast32_t prcno; + jpc_enc_prc_t prc; +@@ -148,7 +148,7 @@ + mx = 0; + for (i = 0; i < jas_matrix_numrows(cblk->data); ++i) { + for (j = 0; j < jas_matrix_numcols(cblk->data); ++j) { +- v = abs(jas_matrix_get(cblk->data, i, j)); ++ v = JAS_ABS(jas_matrix_get(cblk->data, i, j)); + if (v > mx) { + mx = v; + } +@@ -407,15 +407,15 @@ + + #define sigpass_step(fp, frowstep, dp, bitpos, one, nmsedec, orient, mqenc, vcausalflag) \ + { \ +- int f; \ ++ jpc_fix_t f; \ + int v; \ + f = (fp); \ + if ((f & JPC_OTHSIGMSK) && !(f & (JPC_SIG \| JPC_VISIT))) { \ +- v = (abs((dp)) & (one)) ? 1 : 0; \ ++ v = (JAS_ABS((dp)) & (one)) ? 1 : 0; \ + jpc_mqenc_setcurctx(mqenc, JPC_GETZCCTXNO(f, (orient))); \ + jpc_mqenc_putbit(mqenc, v); \ + if (v) { \ +- (nmsedec) += JPC_GETSIGNMSEDEC(abs((dp)), (bitpos) + JPC_NUMEXTRABITS); \ ++ (nmsedec) += JPC_GETSIGNMSEDEC(JAS_ABS((dp)), (bitpos) + JPC_NUMEXTRABITS); \ + v = (((dp) < 0) ? 1 : 0); \ + jpc_mqenc_setcurctx(mqenc, JPC_GETSCCTXNO(f)); \ + jpc_mqenc_putbit(mqenc, v ^ JPC_GETSPB(f)); \ +@@ -506,14 +506,14 @@ + #define rawsigpass_step(fp, frowstep, dp, bitpos, one, nmsedec, out, vcausalflag) \ + { \ + jpc_fix_t f = (fp); \ +- jpc_fix_t v; \ ++ int v; \ + if ((f & JPC_OTHSIGMSK) && !(f & (JPC_SIG \| JPC_VISIT))) { \ +- v = (abs((dp)) & (one)) ? 1 : 0; \ ++ v = (JAS_ABS((dp)) & (one)) ? 1 : 0; \ + if ((jpc_bitstream_putbit((out), v)) == EOF) { \ + return -1; \ + } \ + if (v) { \ +- (nmsedec) += JPC_GETSIGNMSEDEC(abs((dp)), (bitpos) + JPC_NUMEXTRABITS); \ ++ (nmsedec) += JPC_GETSIGNMSEDEC(JAS_ABS((dp)), (bitpos) + JPC_NUMEXTRABITS); \ + v = (((dp) < 0) ? 1 : 0); \ + if (jpc_bitstream_putbit(out, v) == EOF) { \ + return -1; \ +@@ -619,9 +619,9 @@ + int v; \ + if ((((fp)) & (JPC_SIG \| JPC_VISIT)) == JPC_SIG) { \ + (d) = (dp); \
[-] [+]	Added	jasper-CVE-2017-6850.patch ^
@@ -0,0 +1,251 @@ +--- jasper-1.900.14/src/libjasper/base/jas_stream.c 2017-03-22 10:18:22.195685757 +0100 ++++ jasper-1.900.14/src/libjasper/base/jas_stream.c 2017-03-22 10:20:15.366313051 +0100 +@@ -507,6 +507,7 @@ + return 0; + } + ++/* FIXME integral type / + int jas_stream_read(jas_stream_t stream, void buf, int cnt) + { + int n; +@@ -527,6 +528,7 @@ + return n; + } + ++/ FIXME integral type / + int jas_stream_write(jas_stream_t stream, const void buf, int cnt) + { + int n; +@@ -573,6 +575,7 @@ + return 0; + } + ++/ FIXME integral type / + char jas_stream_gets(jas_stream_t stream, char buf, int bufsize) + { + int c; +@@ -594,6 +597,7 @@ + return buf; + } + ++/* FIXME integral type / + int jas_stream_gobble(jas_stream_t stream, int n) + { + int m; +@@ -606,6 +610,7 @@ + return n; + } + ++/* FIXME integral type / + int jas_stream_pad(jas_stream_t stream, int n, int c) + { + int m; +@@ -696,6 +701,7 @@ + * Buffer initialization code. + \*****************************************************************************/ + ++/ FIXME integral type / + static void jas_stream_initbuf(jas_stream_t stream, int bufmode, char buf, + int bufsize) + { +@@ -871,6 +877,7 @@ + return openmode; + } + ++/ FIXME integral type / + int jas_stream_copy(jas_stream_t out, jas_stream_t in, int n) + { + int all; +@@ -896,6 +903,7 @@ + return 0; + } + ++/ FIXME integral type / + long jas_stream_setrwcount(jas_stream_t stream, long rwcnt) + { + int old; +@@ -905,6 +913,7 @@ + return old; + } + ++/* FIXME integral type / + int jas_stream_display(jas_stream_t stream, FILE fp, int n) + { + unsigned char buf[16]; +@@ -979,6 +988,7 @@ + Memory stream object. + \*****************************************************************************/ + ++/ FIXME integral type / + static int mem_read(jas_stream_obj_t obj, char buf, int cnt) + { + int n; +@@ -1007,6 +1017,7 @@ + return 0; + } + ++/ FIXME integral type / + static int mem_write(jas_stream_obj_t obj, char buf, int cnt) + { + int n; +@@ -1054,6 +1065,7 @@ + return ret; + } + ++/ FIXME integral type / + static long mem_seek(jas_stream_obj_t obj, long offset, int origin) + { + jas_stream_memobj_t m = (jas_stream_memobj_t )obj; +@@ -1096,18 +1108,21 @@ + * File stream object. + \*****************************************************************************/ + ++/ FIXME integral type / + static int file_read(jas_stream_obj_t obj, char buf, int cnt) + { + jas_stream_fileobj_t fileobj = JAS_CAST(jas_stream_fileobj_t , obj); + return read(fileobj->fd, buf, cnt); + } + ++/ FIXME integral type / + static int file_write(jas_stream_obj_t obj, char buf, int cnt) + { + jas_stream_fileobj_t fileobj = JAS_CAST(jas_stream_fileobj_t , obj); + return write(fileobj->fd, buf, cnt); + } + ++/ FIXME integral type / + static long file_seek(jas_stream_obj_t obj, long offset, int origin) + { + jas_stream_fileobj_t fileobj = JAS_CAST(jas_stream_fileobj_t , obj); +@@ -1130,6 +1145,7 @@ + * Stdio file stream object. + \*****************************************************************************/ + ++/ FIXME integral type / + static int sfile_read(jas_stream_obj_t obj, char buf, int cnt) + { + FILE fp; +@@ -1144,6 +1160,7 @@ + return result; + } + ++/* FIXME integral type / + static int sfile_write(jas_stream_obj_t obj, char buf, int cnt) + { + FILE fp; +@@ -1153,6 +1170,7 @@ + return (n != JAS_CAST(size_t, cnt)) ? (-1) : cnt; + } + ++/* FIXME integral type / + static long sfile_seek(jas_stream_obj_t obj, long offset, int origin) + { + FILE fp; +--- jasper-1.900.14/src/libjasper/jp2/jp2_cod.c 2017-03-22 10:18:22.191685757 +0100 ++++ jasper-1.900.14/src/libjasper/jp2/jp2_cod.c 2017-03-22 10:20:15.366313051 +0100 +@@ -183,15 +183,28 @@ + Box constructor. + \*****************************************************************************/ + +-jp2_box_t jp2_box_create(int type) ++jp2_box_t jp2_box_create0() + { + jp2_box_t box; +- jp2_boxinfo_t boxinfo; +- + if (!(box = jas_malloc(sizeof(jp2_box_t)))) { + return 0; + } + memset(box, 0, sizeof(jp2_box_t)); ++ box->type = 0; ++ box->len = 0; ++ // Mark the box data as never having been constructed ++ // so that we will not errantly attempt to destroy it later. ++ box->ops = &jp2_boxinfo_unk.ops; ++ return box; ++} ++ ++jp2_box_t jp2_box_create(int type) ++{ ++ jp2_box_t box; ++ jp2_boxinfo_t boxinfo; ++ if (!(box = jp2_box_create0())) { ++ return 0; ++ } + box->type = type; + box->len = 0; + if (!(boxinfo = jp2_boxinfolookup(type))) { +@@ -248,14 +261,9 @@ + box = 0; + tmpstream = 0; + +- if (!(box = jas_malloc(sizeof(jp2_box_t)))) { ++ if (!(box = jp2_box_create0())) { + goto error; + } +- +- // Mark the box data as never having been constructed +- // so that we will not errantly attempt to destroy it later. +- box->ops = &jp2_boxinfo_unk.ops; +- + if (jp2_getuint32(in, &len) \|\| jp2_getuint32(in, &box->type)) { + goto error; + } +@@ -263,10 +271,12 @@ + box->info = boxinfo; + box->len = len; + JAS_DBGLOG(10, ( +- "preliminary processing of JP2 box: type=%c%s%c (0x%08x); length=%d\n",
[-] [+]	Added	baselibs.conf ^
@@ -0,0 +1,3 @@ +libjasper1 + obsoletes "libjasper-<targettype>" + provides "libjasper-<targettype>"
	Added	jasper-1.900.14.tar.bz2 ^