add patches from Redhat to add some input validation and fix a

memory allocation error; both could lead to heap buffer overflows (CVE-2011-4516, CVE-2011-4517) bump PKGREV
author: drochner <drochner> 2011-12-22 16:17:57 +0000
committer: drochner <drochner> 2011-12-22 16:17:57 +0000
commit: 1176cd69b174c58abcd67bb30e36e35c588f4b01 (patch)
tree: 1f7606f23278a35245d2588a74be95aa09728ad4 /graphics/jasper
parent: 93759b83930313cf4163ceec5be79a793ab90ce8 (diff)
download: pkgsrc-1176cd69b174c58abcd67bb30e36e35c588f4b01.tar.gz
3 files changed, 27 insertions, 7 deletions
diff --git a/graphics/jasper/Makefile b/graphics/jasper/Makefile
index ee5aafe5bd0..3a3d3e67b1a 100644
--- a/graphics/jasper/Makefile
+++ b/graphics/jasper/Makefile
@@ -1,7 +1,7 @@
-# $NetBSD: Makefile,v 1.33 2011/06/21 16:20:51 tez Exp $
+# $NetBSD: Makefile,v 1.34 2011/12/22 16:17:57 drochner Exp $
 
 DISTNAME=	jasper-1.900.1
-PKGREVISION=	5
+PKGREVISION=	6
 CATEGORIES=	graphics
 MASTER_SITES=	http://www.ece.uvic.ca/~mdadams/jasper/software/
 EXTRACT_SUFX=	.zip
diff --git a/graphics/jasper/distinfo b/graphics/jasper/distinfo
index 3a070cf1ba3..198b33d582e 100644
--- a/graphics/jasper/distinfo
+++ b/graphics/jasper/distinfo
@@ -1,4 +1,4 @@
-$NetBSD: distinfo,v 1.13 2009/11/23 11:53:20 drochner Exp $
+$NetBSD: distinfo,v 1.14 2011/12/22 16:17:57 drochner Exp $
 
 SHA1 (jasper-1.900.1.zip) = 9c5735f773922e580bf98c7c7dfda9bbed4c5191
 RMD160 (jasper-1.900.1.zip) = fb2c188abf5b8c297078ac1f913101734f72db5c
@@ -7,5 +7,5 @@ SHA1 (patch-ad) = 85637e42cdb1245babd5736c2d039558025738a6
 SHA1 (patch-ae) = bfe00f76582a44ad748706c3fc81c4d6b8aede35
 SHA1 (patch-ag) = 0a3cf7ffff67001529198c23c3ca2499c71be7fa
 SHA1 (patch-ah) = 5455854277ad52adb4a22be08219facd796bbf1a
-SHA1 (patch-ai) = 000e9e4fe04d7dd4b5982953c39dbbd311487348
+SHA1 (patch-ai) = 39a16368197d180d9d925bc12b9fc1c6985f06f0
 SHA1 (patch-aj) = a2f5b3b31220767cd6f22ff236e3789ab6a5ba4f
diff --git a/graphics/jasper/patches/patch-ai b/graphics/jasper/patches/patch-ai
index faf20a02620..d6b7b451a09 100644
--- a/graphics/jasper/patches/patch-ai
+++ b/graphics/jasper/patches/patch-ai
@@ -1,8 +1,19 @@
-$NetBSD: patch-ai,v 1.1 2008/03/20 19:58:16 drochner Exp $
+$NetBSD: patch-ai,v 1.2 2011/12/22 16:17:57 drochner Exp $
 
---- src/libjasper/jpc/jpc_cs.c.orig	2007-01-19 22:43:07.000000000 +0100
+--- src/libjasper/jpc/jpc_cs.c.orig	2007-01-19 21:43:07.000000000 +0000
 +++ src/libjasper/jpc/jpc_cs.c
-@@ -982,7 +982,10 @@ static int jpc_qcx_getcompparms(jpc_qcxc
+@@ -744,6 +744,10 @@ static int jpc_cox_getcompparms(jpc_ms_t
+ 		return -1;
+ 	}
+ 	compparms->numrlvls = compparms->numdlvls + 1;
++	if (compparms->numrlvls > JPC_MAXRLVLS) {
++		jpc_cox_destroycompparms(compparms);
++		return -1;
++	}
+ 	if (prtflag) {
+ 		for (i = 0; i < compparms->numrlvls; ++i) {
+ 			if (jpc_getuint8(in, &tmp)) {
+@@ -982,7 +986,10 @@ static int jpc_qcx_getcompparms(jpc_qcxc
  		compparms->numstepsizes = (len - n) / 2;
  		break;
  	}
@@ -14,3 +25,12 @@ $NetBSD: patch-ai,v 1.1 2008/03/20 19:58:16 drochner Exp $
  		compparms->stepsizes = jas_malloc(compparms->numstepsizes *
  		  sizeof(uint_fast16_t));
  		assert(compparms->stepsizes);
+@@ -1328,7 +1335,7 @@ static int jpc_crg_getparms(jpc_ms_t *ms
+ 	jpc_crgcomp_t *comp;
+ 	uint_fast16_t compno;
+ 	crg->numcomps = cstate->numcomps;
+-	if (!(crg->comps = jas_malloc(cstate->numcomps * sizeof(uint_fast16_t)))) {
++	if (!(crg->comps = jas_malloc(cstate->numcomps * sizeof(jpc_crgcomp_t)))) {
+ 		return -1;
+ 	}
+ 	for (compno = 0, comp = crg->comps; compno < cstate->numcomps;
author	drochner <drochner>	2011-12-22 16:17:57 +0000
committer	drochner <drochner>	2011-12-22 16:17:57 +0000
commit	1176cd69b174c58abcd67bb30e36e35c588f4b01 (patch)
tree	1f7606f23278a35245d2588a74be95aa09728ad4 /graphics/jasper
parent	93759b83930313cf4163ceec5be79a793ab90ce8 (diff)
download	pkgsrc-1176cd69b174c58abcd67bb30e36e35c588f4b01.tar.gz