Pullup ticket #3637 - requested by drochner

graphics/jasper: security patch

Revisions pulled up:
- graphics/jasper/Makefile                                      1.34
- graphics/jasper/distinfo                                      1.14
- graphics/jasper/patches/patch-ai                              1.2

---
   Module Name:    pkgsrc
   Committed By:   drochner
   Date:           Thu Dec 22 16:17:57 UTC 2011

   Modified Files:
           pkgsrc/graphics/jasper: Makefile distinfo
           pkgsrc/graphics/jasper/patches: patch-ai

   Log Message:
   add patches from Redhat to add some input validation and fix a
   memory allocation error; both could lead to heap buffer overflows
   (CVE-2011-4516, CVE-2011-4517)
   bump PKGREV

3 files changed, 27 insertions, 7 deletions

diff --git a/graphics/jasper/Makefile b/graphics/jasper/Makefile
index ee5aafe5bd0..b1a16b618d0 100644
--- a/graphics/jasper/Makefile
+++ b/graphics/jasper/Makefile
@@ -1,7 +1,7 @@
-# $NetBSD: Makefile,v 1.33 2011/06/21 16:20:51 tez Exp $
+# $NetBSD: Makefile,v 1.33.4.1 2011/12/23 13:56:48 tron Exp $
 
 DISTNAME=	jasper-1.900.1
-PKGREVISION=	5
+PKGREVISION=	6
 CATEGORIES=	graphics
 MASTER_SITES=	http://www.ece.uvic.ca/~mdadams/jasper/software/
 EXTRACT_SUFX=	.zip
diff --git a/graphics/jasper/distinfo b/graphics/jasper/distinfo
index 3a070cf1ba3..e1ba0f060b9 100644
--- a/graphics/jasper/distinfo
+++ b/graphics/jasper/distinfo
@@ -1,4 +1,4 @@
-$NetBSD: distinfo,v 1.13 2009/11/23 11:53:20 drochner Exp $
+$NetBSD: distinfo,v 1.13.16.1 2011/12/23 13:56:48 tron Exp $
 
 SHA1 (jasper-1.900.1.zip) = 9c5735f773922e580bf98c7c7dfda9bbed4c5191
 RMD160 (jasper-1.900.1.zip) = fb2c188abf5b8c297078ac1f913101734f72db5c
@@ -7,5 +7,5 @@ SHA1 (patch-ad) = 85637e42cdb1245babd5736c2d039558025738a6
 SHA1 (patch-ae) = bfe00f76582a44ad748706c3fc81c4d6b8aede35
 SHA1 (patch-ag) = 0a3cf7ffff67001529198c23c3ca2499c71be7fa
 SHA1 (patch-ah) = 5455854277ad52adb4a22be08219facd796bbf1a
-SHA1 (patch-ai) = 000e9e4fe04d7dd4b5982953c39dbbd311487348
+SHA1 (patch-ai) = 39a16368197d180d9d925bc12b9fc1c6985f06f0
 SHA1 (patch-aj) = a2f5b3b31220767cd6f22ff236e3789ab6a5ba4f
diff --git a/graphics/jasper/patches/patch-ai b/graphics/jasper/patches/patch-ai
index faf20a02620..608efcc27d0 100644
--- a/graphics/jasper/patches/patch-ai
+++ b/graphics/jasper/patches/patch-ai
@@ -1,8 +1,19 @@
-$NetBSD: patch-ai,v 1.1 2008/03/20 19:58:16 drochner Exp $
+$NetBSD: patch-ai,v 1.1.34.1 2011/12/23 13:56:48 tron Exp $
 
---- src/libjasper/jpc/jpc_cs.c.orig	2007-01-19 22:43:07.000000000 +0100
+--- src/libjasper/jpc/jpc_cs.c.orig	2007-01-19 21:43:07.000000000 +0000
 +++ src/libjasper/jpc/jpc_cs.c
-@@ -982,7 +982,10 @@ static int jpc_qcx_getcompparms(jpc_qcxc
+@@ -744,6 +744,10 @@ static int jpc_cox_getcompparms(jpc_ms_t
+ 		return -1;
+ 	}
+ 	compparms->numrlvls = compparms->numdlvls + 1;
++	if (compparms->numrlvls > JPC_MAXRLVLS) {
++		jpc_cox_destroycompparms(compparms);
++		return -1;
++	}
+ 	if (prtflag) {
+ 		for (i = 0; i < compparms->numrlvls; ++i) {
+ 			if (jpc_getuint8(in, &tmp)) {
+@@ -982,7 +986,10 @@ static int jpc_qcx_getcompparms(jpc_qcxc
  		compparms->numstepsizes = (len - n) / 2;
  		break;
  	}
@@ -14,3 +25,12 @@ $NetBSD: patch-ai,v 1.1 2008/03/20 19:58:16 drochner Exp $
  		compparms->stepsizes = jas_malloc(compparms->numstepsizes *
  		  sizeof(uint_fast16_t));
  		assert(compparms->stepsizes);
+@@ -1328,7 +1335,7 @@ static int jpc_crg_getparms(jpc_ms_t *ms
+ 	jpc_crgcomp_t *comp;
+ 	uint_fast16_t compno;
+ 	crg->numcomps = cstate->numcomps;
+-	if (!(crg->comps = jas_malloc(cstate->numcomps * sizeof(uint_fast16_t)))) {
++	if (!(crg->comps = jas_malloc(cstate->numcomps * sizeof(jpc_crgcomp_t)))) {
+ 		return -1;
+ 	}
+ 	for (compno = 0, comp = crg->comps; compno < cstate->numcomps;