pkgsrc-Changes archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
CVS commit: pkgsrc/graphics/jasper
Module Name: pkgsrc
Committed By: he
Date: Fri Dec 16 09:44:44 UTC 2016
Modified Files:
pkgsrc/graphics/jasper: Makefile PLIST distinfo
pkgsrc/graphics/jasper/patches: patch-configure
patch-src_libjasper_base_jas__seq.c
patch-src_libjasper_base_jas__stream.c
patch-src_libjasper_jp2_jp2__cod.c
patch-src_libjasper_jp2_jp2__dec.c
patch-src_libjasper_jp2_jp2__enc.c
patch-src_libjasper_jpc_jpc__dec.c
patch-src_libjasper_jpc_jpc__enc.c
patch-src_libjasper_pnm_pnm__enc.c
Removed Files:
pkgsrc/graphics/jasper/patches: patch-src_libjasper_base_jas__cm.c
patch-src_libjasper_base_jas__icc.c
patch-src_libjasper_base_jas__image.c
patch-src_libjasper_base_jas__malloc.c
patch-src_libjasper_bmp_bmp__dec.c
patch-src_libjasper_include_jasper_jas__malloc.h
patch-src_libjasper_jpc_jpc__cs.c
patch-src_libjasper_jpc_jpc__mqdec.c
patch-src_libjasper_jpc_jpc__mqenc.c
patch-src_libjasper_jpc_jpc__qmfb.c
patch-src_libjasper_jpc_jpc__t1enc.c
patch-src_libjasper_jpc_jpc__t2cod.c
patch-src_libjasper_jpc_jpc__t2dec.c
patch-src_libjasper_jpc_jpc__t2enc.c
patch-src_libjasper_jpc_jpc__tagtree.c
patch-src_libjasper_jpc_jpc__util.c
patch-src_libjasper_mif_mif__cod.c
Log Message:
Upgrade jasper from 1.900.1 to 1.900.29.
This integrates most of the patches we had applied in pkgsrc.
The changes are in ChangeLog, and are not well summarized anywhere
I can find, sorry...
OK from adam@
To generate a diff of this commit:
cvs rdiff -u -r1.43 -r1.44 pkgsrc/graphics/jasper/Makefile
cvs rdiff -u -r1.9 -r1.10 pkgsrc/graphics/jasper/PLIST
cvs rdiff -u -r1.20 -r1.21 pkgsrc/graphics/jasper/distinfo
cvs rdiff -u -r1.1 -r1.2 pkgsrc/graphics/jasper/patches/patch-configure \
pkgsrc/graphics/jasper/patches/patch-src_libjasper_base_jas__stream.c \
pkgsrc/graphics/jasper/patches/patch-src_libjasper_jp2_jp2__enc.c \
pkgsrc/graphics/jasper/patches/patch-src_libjasper_jpc_jpc__enc.c \
pkgsrc/graphics/jasper/patches/patch-src_libjasper_pnm_pnm__enc.c
cvs rdiff -u -r1.1 -r0 \
pkgsrc/graphics/jasper/patches/patch-src_libjasper_base_jas__cm.c \
pkgsrc/graphics/jasper/patches/patch-src_libjasper_base_jas__malloc.c \
pkgsrc/graphics/jasper/patches/patch-src_libjasper_bmp_bmp__dec.c \
pkgsrc/graphics/jasper/patches/patch-src_libjasper_include_jasper_jas__malloc.h \
pkgsrc/graphics/jasper/patches/patch-src_libjasper_jpc_jpc__mqdec.c \
pkgsrc/graphics/jasper/patches/patch-src_libjasper_jpc_jpc__mqenc.c \
pkgsrc/graphics/jasper/patches/patch-src_libjasper_jpc_jpc__t1enc.c \
pkgsrc/graphics/jasper/patches/patch-src_libjasper_jpc_jpc__t2cod.c \
pkgsrc/graphics/jasper/patches/patch-src_libjasper_jpc_jpc__t2dec.c \
pkgsrc/graphics/jasper/patches/patch-src_libjasper_jpc_jpc__t2enc.c \
pkgsrc/graphics/jasper/patches/patch-src_libjasper_jpc_jpc__tagtree.c \
pkgsrc/graphics/jasper/patches/patch-src_libjasper_jpc_jpc__util.c \
pkgsrc/graphics/jasper/patches/patch-src_libjasper_mif_mif__cod.c
cvs rdiff -u -r1.2 -r0 \
pkgsrc/graphics/jasper/patches/patch-src_libjasper_base_jas__icc.c \
pkgsrc/graphics/jasper/patches/patch-src_libjasper_base_jas__image.c \
pkgsrc/graphics/jasper/patches/patch-src_libjasper_jpc_jpc__cs.c \
pkgsrc/graphics/jasper/patches/patch-src_libjasper_jpc_jpc__qmfb.c
cvs rdiff -u -r1.2 -r1.3 \
pkgsrc/graphics/jasper/patches/patch-src_libjasper_base_jas__seq.c \
pkgsrc/graphics/jasper/patches/patch-src_libjasper_jp2_jp2__cod.c \
pkgsrc/graphics/jasper/patches/patch-src_libjasper_jp2_jp2__dec.c
cvs rdiff -u -r1.3 -r1.4 \
pkgsrc/graphics/jasper/patches/patch-src_libjasper_jpc_jpc__dec.c
Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.
Modified files:
Index: pkgsrc/graphics/jasper/Makefile
diff -u pkgsrc/graphics/jasper/Makefile:1.43 pkgsrc/graphics/jasper/Makefile:1.44
--- pkgsrc/graphics/jasper/Makefile:1.43 Mon May 16 14:03:40 2016
+++ pkgsrc/graphics/jasper/Makefile Fri Dec 16 09:44:44 2016
@@ -1,10 +1,8 @@
-# $NetBSD: Makefile,v 1.43 2016/05/16 14:03:40 he Exp $
+# $NetBSD: Makefile,v 1.44 2016/12/16 09:44:44 he Exp $
-DISTNAME= jasper-1.900.1
-PKGREVISION= 12
+DISTNAME= jasper-1.900.29
CATEGORIES= graphics
MASTER_SITES= http://www.ece.uvic.ca/~mdadams/jasper/software/
-EXTRACT_SUFX= .zip
MAINTAINER= adam%NetBSD.org@localhost
HOMEPAGE= http://www.ece.uvic.ca/~mdadams/jasper/
@@ -16,6 +14,11 @@ USE_LIBTOOL= yes
GNU_CONFIGURE= yes
CONFIGURE_ARGS+= --enable-shared --without-x --disable-opengl
+USE_TOOLS+= gmake
+USE_TOOLS+= pkg-config
+
+PKGCONFIG_OVERRIDE= pkgconfig/jasper.pc
+
# The solaris stdbool.h requires c99 which is fine for jasper, but
# not so good for things that depend upon jasper. See PR#43901
CONFIGURE_ENV.SunOS+= ac_cv_header_stdbool_h=no
Index: pkgsrc/graphics/jasper/PLIST
diff -u pkgsrc/graphics/jasper/PLIST:1.9 pkgsrc/graphics/jasper/PLIST:1.10
--- pkgsrc/graphics/jasper/PLIST:1.9 Sun Jun 14 17:59:19 2009
+++ pkgsrc/graphics/jasper/PLIST Fri Dec 16 09:44:44 2016
@@ -1,11 +1,10 @@
-@comment $NetBSD: PLIST,v 1.9 2009/06/14 17:59:19 joerg Exp $
+@comment $NetBSD: PLIST,v 1.10 2016/12/16 09:44:44 he Exp $
bin/imgcmp
bin/imginfo
bin/jasper
bin/tmrdemo
include/jasper/jas_cm.h
include/jasper/jas_config.h
-include/jasper/jas_config2.h
include/jasper/jas_debug.h
include/jasper/jas_fix.h
include/jasper/jas_getopt.h
@@ -29,3 +28,4 @@ man/man1/jasper.1
man/man1/jiv.1
share/doc/jasper/jasper.pdf
share/doc/jasper/jpeg2000.pdf
+lib/pkgconfig/jasper.pc
Index: pkgsrc/graphics/jasper/distinfo
diff -u pkgsrc/graphics/jasper/distinfo:1.20 pkgsrc/graphics/jasper/distinfo:1.21
--- pkgsrc/graphics/jasper/distinfo:1.20 Mon May 16 14:03:40 2016
+++ pkgsrc/graphics/jasper/distinfo Fri Dec 16 09:44:44 2016
@@ -1,32 +1,15 @@
-$NetBSD: distinfo,v 1.20 2016/05/16 14:03:40 he Exp $
+$NetBSD: distinfo,v 1.21 2016/12/16 09:44:44 he Exp $
-SHA1 (jasper-1.900.1.zip) = 9c5735f773922e580bf98c7c7dfda9bbed4c5191
-RMD160 (jasper-1.900.1.zip) = fb2c188abf5b8c297078ac1f913101734f72db5c
-SHA512 (jasper-1.900.1.zip) = e3a3c803de848b50482f5bd693b1945197c6999285226c45b671855734d7bb2611fbe6f28cd8ba9c56a4ea59417795eba42d72516c9fec93b8fbaa21b8210cb6
-Size (jasper-1.900.1.zip) = 1415752 bytes
-SHA1 (patch-configure) = c8aa09f8432f0e3f5667ecb3ccd738c3c03f3f05
-SHA1 (patch-src_libjasper_base_jas__cm.c) = 51bcaa7d992616c4caf764d190d42c8c802324f8
-SHA1 (patch-src_libjasper_base_jas__icc.c) = 855e8b733a4a043d06cea60deaa497784e55838c
-SHA1 (patch-src_libjasper_base_jas__image.c) = d9119ab45d95f954604167374f5f97c1d94d508f
-SHA1 (patch-src_libjasper_base_jas__malloc.c) = 887509258c8a957932bb212b747aa5b8932e82af
-SHA1 (patch-src_libjasper_base_jas__seq.c) = bc1c38439eb61e3c50a5900e38e4a8992bc790fe
-SHA1 (patch-src_libjasper_base_jas__stream.c) = 1e6cbd1cf0a273f94144e1f12624b9a5d612dd84
-SHA1 (patch-src_libjasper_bmp_bmp__dec.c) = 162f760235fba871c48afc273276fad884250ed6
-SHA1 (patch-src_libjasper_include_jasper_jas__malloc.h) = 3d6e873f11074bc54bd6dc5665d3c80413ef89fe
-SHA1 (patch-src_libjasper_jp2_jp2__cod.c) = 656f23983f97e3b5eea49898e9f29d6b3eef5b19
-SHA1 (patch-src_libjasper_jp2_jp2__dec.c) = 9b8fbb8e947e403fed6c610a0d4a0c63640462e5
-SHA1 (patch-src_libjasper_jp2_jp2__enc.c) = f6a86101e04a2efdb0840b44a2b892de18683c59
-SHA1 (patch-src_libjasper_jpc_jpc__cs.c) = 603ee1ac6089bd190581fd0e00efabc18a41f48a
-SHA1 (patch-src_libjasper_jpc_jpc__dec.c) = 026235b7f59ecaa8ee148f0301dd96dc9a570e80
-SHA1 (patch-src_libjasper_jpc_jpc__enc.c) = 81cf4df888d1542cf52fadb202b82a05c8bdfd83
-SHA1 (patch-src_libjasper_jpc_jpc__mqdec.c) = bcf41d1da270478a731494a913bd626ba7d533f4
-SHA1 (patch-src_libjasper_jpc_jpc__mqenc.c) = b6c80212129f82268c43e5a3e39a7c7e1c12655a
-SHA1 (patch-src_libjasper_jpc_jpc__qmfb.c) = 6e7b5180047c6c8855aa22a3dd94d8deeb39b560
-SHA1 (patch-src_libjasper_jpc_jpc__t1enc.c) = 3aade36d3a171ad08f7be93c48bb51ab9fb9126f
-SHA1 (patch-src_libjasper_jpc_jpc__t2cod.c) = ce1a300066db7adfed03f55fc47d6392dd2d2221
-SHA1 (patch-src_libjasper_jpc_jpc__t2dec.c) = 06a2e58843b59bbf698a5aa15ba253fa51f18568
-SHA1 (patch-src_libjasper_jpc_jpc__t2enc.c) = 0a6119b4fc5a6305a8adb92357805af1fb55f1d9
-SHA1 (patch-src_libjasper_jpc_jpc__tagtree.c) = 9f0594c4aa576ef5d0cb85ec2c01c364efecf855
-SHA1 (patch-src_libjasper_jpc_jpc__util.c) = e7069e6106d7dd883aab18a1fa20c9dbfe1bebf1
-SHA1 (patch-src_libjasper_mif_mif__cod.c) = 7c34864c0c9f82eee89795673014feb5824fc7b5
-SHA1 (patch-src_libjasper_pnm_pnm__enc.c) = 3279f184f6191ea69d1b5ef8fb270ffcc6a69640
+SHA1 (jasper-1.900.29.tar.gz) = 6d50e5ea9e822ad5f88f4451819acab2e3b47f8e
+RMD160 (jasper-1.900.29.tar.gz) = 4ae47353f3dc086b3a11eff86ec7fb57d598c6fb
+SHA512 (jasper-1.900.29.tar.gz) = fdf557889660b9068e3712ff809fe7d4ab0855e1afff9a39eb19763599b4e747472743e4c49a42f7d38beadc6a0aa7a7b402422422853e8bb6d683def81b1544
+Size (jasper-1.900.29.tar.gz) = 1746319 bytes
+SHA1 (patch-configure) = 14039911be04b88559e40f20a01bb46fd0db4488
+SHA1 (patch-src_libjasper_base_jas__seq.c) = a0208cd0271388ae0fdc2e359da3223a35a7ae14
+SHA1 (patch-src_libjasper_base_jas__stream.c) = 2e9ad538ab2c0191063fef06202949b435b0085e
+SHA1 (patch-src_libjasper_jp2_jp2__cod.c) = bfbe752e105d75fbad71a01080013c7a5a8645d8
+SHA1 (patch-src_libjasper_jp2_jp2__dec.c) = 3cbf3a6355168aaa60a68ff8042f7cb4f6d847c4
+SHA1 (patch-src_libjasper_jp2_jp2__enc.c) = 4f23040e7039514bbbc60360121f1820e82017cc
+SHA1 (patch-src_libjasper_jpc_jpc__dec.c) = f76765ff7656af6b44cd4035b26656909abe45f9
+SHA1 (patch-src_libjasper_jpc_jpc__enc.c) = 10fbe41e67da4f2575fb541013833ed85992efea
+SHA1 (patch-src_libjasper_pnm_pnm__enc.c) = a2d5d53cd28f653f9e6e302f76c187fba50b1ce2
Index: pkgsrc/graphics/jasper/patches/patch-configure
diff -u pkgsrc/graphics/jasper/patches/patch-configure:1.1 pkgsrc/graphics/jasper/patches/patch-configure:1.2
--- pkgsrc/graphics/jasper/patches/patch-configure:1.1 Thu Jan 1 14:15:27 2015
+++ pkgsrc/graphics/jasper/patches/patch-configure Fri Dec 16 09:44:44 2016
@@ -1,10 +1,10 @@
-$NetBSD: patch-configure,v 1.1 2015/01/01 14:15:27 he Exp $
+$NetBSD: patch-configure,v 1.2 2016/12/16 09:44:44 he Exp $
Check for C99 conformance for stdbool.h, don't just test its presence.
--- configure.orig 2007-01-19 21:54:48.000000000 +0000
+++ configure 2007-08-12 20:56:30.000000000 +0000
-@@ -20979,6 +20979,163 @@ _ACEOF
+@@ -8286,6 +8286,163 @@ fi
fi
@@ -168,12 +168,174 @@ Check for C99 conformance for stdbool.h,
-@@ -20990,7 +21147,7 @@ fi
-
+@@ -13727,6 +13884,170 @@ _ACEOF
+ fi
--for ac_header in fcntl.h limits.h unistd.h stdint.h stdbool.h io.h windows.h sys/types.h sys/time.h stdlib.h stddef.h
-+for ac_header in fcntl.h limits.h unistd.h stdint.h io.h windows.h sys/types.h sys/time.h stdlib.h stddef.h
- do
- as_ac_Header=`echo "ac_cv_header_$ac_header" | $as_tr_sh`
- if eval "test \"\${$as_ac_Header+set}\" = set"; then
++echo "$as_me:$LINENO: checking for stdbool.h that conforms to C99" >&5
++echo $ECHO_N "checking for stdbool.h that conforms to C99... $ECHO_C" >&6
++if test "${ac_cv_header_stdbool_h+set}" = set; then
++ echo $ECHO_N "(cached) $ECHO_C" >&6
++else
++ cat >conftest.$ac_ext <<_ACEOF
++/* confdefs.h. */
++_ACEOF
++cat confdefs.h >>conftest.$ac_ext
++cat >>conftest.$ac_ext <<_ACEOF
++/* end confdefs.h. */
++
++#include <stdbool.h>
++#ifndef bool
++# error bool is not defined
++#endif
++#ifndef false
++# error false is not defined
++#endif
++#if false
++# error false is not 0
++#endif
++#ifndef true
++# error true is not defined
++#endif
++#if true != 1
++# error true is not 1
++#endif
++#ifndef __bool_true_false_are_defined
++# error __bool_true_false_are_defined is not defined
++#endif
++
++ struct s { _Bool s: 1; _Bool t; } s;
++
++ char a[true == 1 ? 1 : -1];
++ char b[false == 0 ? 1 : -1];
++ char c[__bool_true_false_are_defined == 1 ? 1 : -1];
++ char d[(bool) -0.5 == true ? 1 : -1];
++ bool e = &s;
++ char f[(_Bool) -0.0 == false ? 1 : -1];
++ char g[true];
++ char h[sizeof (_Bool)];
++ char i[sizeof s.t];
++
++int
++main ()
++{
++ return !a + !b + !c + !d + !e + !f + !g + !h + !i;
++ ;
++ return 0;
++}
++_ACEOF
++rm -f conftest.$ac_objext
++if { (eval echo "$as_me:$LINENO: \"$ac_compile\"") >&5
++ (eval $ac_compile) 2>conftest.er1
++ ac_status=$?
++ grep -v '^ *+' conftest.er1 >conftest.err
++ rm -f conftest.er1
++ cat conftest.err >&5
++ echo "$as_me:$LINENO: \$? = $ac_status" >&5
++ (exit $ac_status); } &&
++ { ac_try='test -z "$ac_c_werror_flag"
++ || test ! -s conftest.err'
++ { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
++ (eval $ac_try) 2>&5
++ ac_status=$?
++ echo "$as_me:$LINENO: \$? = $ac_status" >&5
++ (exit $ac_status); }; } &&
++ { ac_try='test -s conftest.$ac_objext'
++ { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
++ (eval $ac_try) 2>&5
++ ac_status=$?
++ echo "$as_me:$LINENO: \$? = $ac_status" >&5
++ (exit $ac_status); }; }; then
++ ac_cv_header_stdbool_h=yes
++else
++ echo "$as_me: failed program was:" >&5
++sed 's/^/| /' conftest.$ac_ext >&5
++
++ac_cv_header_stdbool_h=no
++fi
++rm -f conftest.err conftest.$ac_objext conftest.$ac_ext
++fi
++echo "$as_me:$LINENO: result: $ac_cv_header_stdbool_h" >&5
++echo "${ECHO_T}$ac_cv_header_stdbool_h" >&6
++echo "$as_me:$LINENO: checking for _Bool" >&5
++echo $ECHO_N "checking for _Bool... $ECHO_C" >&6
++if test "${ac_cv_type__Bool+set}" = set; then
++ echo $ECHO_N "(cached) $ECHO_C" >&6
++else
++ cat >conftest.$ac_ext <<_ACEOF
++/* confdefs.h. */
++_ACEOF
++cat confdefs.h >>conftest.$ac_ext
++cat >>conftest.$ac_ext <<_ACEOF
++/* end confdefs.h. */
++$ac_includes_default
++int
++main ()
++{
++if ((_Bool *) 0)
++ return 0;
++if (sizeof (_Bool))
++ return 0;
++ ;
++ return 0;
++}
++_ACEOF
++rm -f conftest.$ac_objext
++if { (eval echo "$as_me:$LINENO: \"$ac_compile\"") >&5
++ (eval $ac_compile) 2>conftest.er1
++ ac_status=$?
++ grep -v '^ *+' conftest.er1 >conftest.err
++ rm -f conftest.er1
++ cat conftest.err >&5
++ echo "$as_me:$LINENO: \$? = $ac_status" >&5
++ (exit $ac_status); } &&
++ { ac_try='test -z "$ac_c_werror_flag"
++ || test ! -s conftest.err'
++ { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
++ (eval $ac_try) 2>&5
++ ac_status=$?
++ echo "$as_me:$LINENO: \$? = $ac_status" >&5
++ (exit $ac_status); }; } &&
++ { ac_try='test -s conftest.$ac_objext'
++ { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
++ (eval $ac_try) 2>&5
++ ac_status=$?
++ echo "$as_me:$LINENO: \$? = $ac_status" >&5
++ (exit $ac_status); }; }; then
++ ac_cv_type__Bool=yes
++else
++ echo "$as_me: failed program was:" >&5
++sed 's/^/| /' conftest.$ac_ext >&5
++
++ac_cv_type__Bool=no
++fi
++rm -f conftest.err conftest.$ac_objext conftest.$ac_ext
++fi
++echo "$as_me:$LINENO: result: $ac_cv_type__Bool" >&5
++echo "${ECHO_T}$ac_cv_type__Bool" >&6
++if test $ac_cv_type__Bool = yes; then
++
++cat >>confdefs.h <<_ACEOF
++#define HAVE__BOOL 1
++_ACEOF
++
++
++fi
++
++if test $ac_cv_header_stdbool_h = yes; then
++
++cat >>confdefs.h <<\_ACEOF
++#define HAVE_STDBOOL_H 1
++_ACEOF
++
++fi
++
++
++
++
++
++
++
+ ############################################################
+ # Check for header files.
+ ############################################################
Index: pkgsrc/graphics/jasper/patches/patch-src_libjasper_base_jas__stream.c
diff -u pkgsrc/graphics/jasper/patches/patch-src_libjasper_base_jas__stream.c:1.1 pkgsrc/graphics/jasper/patches/patch-src_libjasper_base_jas__stream.c:1.2
--- pkgsrc/graphics/jasper/patches/patch-src_libjasper_base_jas__stream.c:1.1 Mon May 16 14:03:40 2016
+++ pkgsrc/graphics/jasper/patches/patch-src_libjasper_base_jas__stream.c Fri Dec 16 09:44:44 2016
@@ -1,24 +1,10 @@
-$NetBSD: patch-src_libjasper_base_jas__stream.c,v 1.1 2016/05/16 14:03:40 he Exp $
+$NetBSD: patch-src_libjasper_base_jas__stream.c,v 1.2 2016/12/16 09:44:44 he Exp $
-Fix CVE-2008-3521 and CVE-2008-3522, patches from
-https://bugs.gentoo.org/show_bug.cgi?id=222819
+Use mkstemp instead of tmpnam-based temp file creation.
--- src/libjasper/base/jas_stream.c.orig 2007-01-19 21:43:05.000000000 +0000
+++ src/libjasper/base/jas_stream.c
-@@ -212,7 +212,7 @@ jas_stream_t *jas_stream_memopen(char *b
- if (buf) {
- obj->buf_ = (unsigned char *) buf;
- } else {
-- obj->buf_ = jas_malloc(obj->bufsize_ * sizeof(char));
-+ obj->buf_ = jas_malloc(obj->bufsize_);
- obj->myalloc_ = 1;
- }
- if (!obj->buf_) {
-@@ -361,28 +361,22 @@ jas_stream_t *jas_stream_tmpfile()
- }
- obj->fd = -1;
- obj->flags = 0;
-- obj->pathname[0] = '\0';
+@@ -517,11 +517,10 @@ jas_stream_t *jas_stream_tmpfile()
stream->obj_ = obj;
/* Choose a file name. */
@@ -32,13 +18,9 @@ https://bugs.gentoo.org/show_bug.cgi?id=
jas_stream_destroy(stream);
return 0;
}
-
- /* Unlink the file so that it will disappear if the program
- terminates abnormally. */
-- /* Under UNIX, one can unlink an open file and continue to do I/O
-- on it. Not all operating systems support this functionality, however.
-- For example, under Microsoft Windows the unlink operation will fail,
-- since the file is open. */
+@@ -533,8 +532,8 @@ jas_stream_t *jas_stream_tmpfile()
+ For example, under Microsoft Windows the unlink operation will fail,
+ since the file is open. */
if (unlink(obj->pathname)) {
- /* We will try unlinking the file again after it is closed. */
- obj->flags |= JAS_STREAM_FILEOBJ_DELONCLOSE;
@@ -47,21 +29,3 @@ https://bugs.gentoo.org/show_bug.cgi?id=
}
/* Use full buffering. */
-@@ -553,7 +547,7 @@ int jas_stream_printf(jas_stream_t *stre
- int ret;
-
- va_start(ap, fmt);
-- ret = vsprintf(buf, fmt, ap);
-+ ret = vsnprintf(buf, sizeof buf, fmt, ap);
- jas_stream_puts(stream, buf);
- va_end(ap);
- return ret;
-@@ -992,7 +986,7 @@ static int mem_resize(jas_stream_memobj_
- unsigned char *buf;
-
- assert(m->buf_);
-- if (!(buf = jas_realloc(m->buf_, bufsize * sizeof(unsigned char)))) {
-+ if (!(buf = jas_realloc(m->buf_, bufsize))) {
- return -1;
- }
- m->buf_ = buf;
Index: pkgsrc/graphics/jasper/patches/patch-src_libjasper_jp2_jp2__enc.c
diff -u pkgsrc/graphics/jasper/patches/patch-src_libjasper_jp2_jp2__enc.c:1.1 pkgsrc/graphics/jasper/patches/patch-src_libjasper_jp2_jp2__enc.c:1.2
--- pkgsrc/graphics/jasper/patches/patch-src_libjasper_jp2_jp2__enc.c:1.1 Mon May 16 14:03:40 2016
+++ pkgsrc/graphics/jasper/patches/patch-src_libjasper_jp2_jp2__enc.c Fri Dec 16 09:44:44 2016
@@ -1,35 +1,18 @@
-$NetBSD: patch-src_libjasper_jp2_jp2__enc.c,v 1.1 2016/05/16 14:03:40 he Exp $
+$NetBSD: patch-src_libjasper_jp2_jp2__enc.c,v 1.2 2016/12/16 09:44:44 he Exp $
-Fix CVE-2008-3520, patches from
-https://bugs.gentoo.org/show_bug.cgi?id=222819
+Replace an sprintf() with snprintf().
--- src/libjasper/jp2/jp2_enc.c.orig 2007-01-19 21:43:05.000000000 +0000
+++ src/libjasper/jp2/jp2_enc.c
-@@ -191,7 +191,7 @@ int sgnd;
- }
- bpcc = &box->data.bpcc;
- bpcc->numcmpts = jas_image_numcmpts(image);
-- if (!(bpcc->bpcs = jas_malloc(bpcc->numcmpts *
-+ if (!(bpcc->bpcs = jas_alloc2(bpcc->numcmpts,
- sizeof(uint_fast8_t)))) {
- goto error;
- }
-@@ -285,7 +285,7 @@ int sgnd;
- }
- cdef = &box->data.cdef;
- cdef->numchans = jas_image_numcmpts(image);
-- cdef->ents = jas_malloc(cdef->numchans * sizeof(jp2_cdefchan_t));
-+ cdef->ents = jas_alloc2(cdef->numchans, sizeof(jp2_cdefchan_t));
- for (i = 0; i < jas_image_numcmpts(image); ++i) {
- cdefchanent = &cdef->ents[i];
- cdefchanent->channo = i;
-@@ -343,7 +343,8 @@ int sgnd;
+@@ -343,8 +343,9 @@ int jp2_encode(jas_image_t *image, jas_s
/* Output the JPEG-2000 code stream. */
overhead = jas_stream_getrwcount(out);
- sprintf(buf, "%s\n_jp2overhead=%lu\n", (optstr ? optstr : ""),
-+ snprintf(buf, sizeof buf, "%s\n_jp2overhead=%lu\n",
-+ (optstr ? optstr : ""),
- (unsigned long) overhead);
+- (unsigned long) overhead);
++ snprintf(buf, sizeof buf, "%s\n_jp2overhead=%lu\n",
++ (optstr ? optstr : ""),
++ (unsigned long) overhead);
if (jpc_encode(image, out, buf)) {
+ goto error;
Index: pkgsrc/graphics/jasper/patches/patch-src_libjasper_jpc_jpc__enc.c
diff -u pkgsrc/graphics/jasper/patches/patch-src_libjasper_jpc_jpc__enc.c:1.1 pkgsrc/graphics/jasper/patches/patch-src_libjasper_jpc_jpc__enc.c:1.2
--- pkgsrc/graphics/jasper/patches/patch-src_libjasper_jpc_jpc__enc.c:1.1 Mon May 16 14:03:40 2016
+++ pkgsrc/graphics/jasper/patches/patch-src_libjasper_jpc_jpc__enc.c Fri Dec 16 09:44:44 2016
@@ -1,107 +1,16 @@
-$NetBSD: patch-src_libjasper_jpc_jpc__enc.c,v 1.1 2016/05/16 14:03:40 he Exp $
+$NetBSD: patch-src_libjasper_jpc_jpc__enc.c,v 1.2 2016/12/16 09:44:44 he Exp $
-Fix CVE-2008-3520, patches from
-https://bugs.gentoo.org/show_bug.cgi?id=222819
+Replace an sprintf() with snprintf().
--- src/libjasper/jpc/jpc_enc.c.orig 2007-01-19 21:43:07.000000000 +0000
+++ src/libjasper/jpc/jpc_enc.c
-@@ -403,7 +403,7 @@ static jpc_enc_cp_t *cp_create(char *opt
- vsteplcm *= jas_image_cmptvstep(image, cmptno);
- }
-
-- if (!(cp->ccps = jas_malloc(cp->numcmpts * sizeof(jpc_enc_ccp_t)))) {
-+ if (!(cp->ccps = jas_alloc2(cp->numcmpts, sizeof(jpc_enc_ccp_t)))) {
- goto error;
- }
- for (cmptno = 0, ccp = cp->ccps; cmptno < JAS_CAST(int, cp->numcmpts); ++cmptno,
-@@ -656,7 +656,7 @@ static jpc_enc_cp_t *cp_create(char *opt
-
- if (ilyrrates && numilyrrates > 0) {
- tcp->numlyrs = numilyrrates + 1;
-- if (!(tcp->ilyrrates = jas_malloc((tcp->numlyrs - 1) *
-+ if (!(tcp->ilyrrates = jas_alloc2((tcp->numlyrs - 1),
- sizeof(jpc_fix_t)))) {
- goto error;
- }
-@@ -940,7 +940,7 @@ startoff = jas_stream_getrwcount(enc->ou
- siz->tilewidth = cp->tilewidth;
- siz->tileheight = cp->tileheight;
- siz->numcomps = cp->numcmpts;
-- siz->comps = jas_malloc(siz->numcomps * sizeof(jpc_sizcomp_t));
-+ siz->comps = jas_alloc2(siz->numcomps, sizeof(jpc_sizcomp_t));
- assert(siz->comps);
- for (i = 0; i < JAS_CAST(int, cp->numcmpts); ++i) {
- siz->comps[i].prec = cp->ccps[i].prec;
-@@ -958,7 +958,8 @@ startoff = jas_stream_getrwcount(enc->ou
+@@ -957,7 +957,8 @@ startoff = jas_stream_getrwcount(enc->ou
if (!(enc->mrk = jpc_ms_create(JPC_MS_COM))) {
return -1;
}
- sprintf(buf, "Creator: JasPer Version %s", jas_getversion());
-+ snprintf(buf, sizeof buf, "Creator: JasPer Version %s",
-+ jas_getversion());
++ snprintf(buf, sizeof buf, "Creator: JasPer Version %s",
++ jas_getversion());
com = &enc->mrk->parms.com;
- com->len = strlen(buf);
+ com->len = JAS_CAST(uint_fast16_t, strlen(buf));
com->regid = JPC_COM_LATIN;
-@@ -977,7 +978,7 @@ startoff = jas_stream_getrwcount(enc->ou
- return -1;
- }
- crg = &enc->mrk->parms.crg;
-- crg->comps = jas_malloc(crg->numcomps * sizeof(jpc_crgcomp_t));
-+ crg->comps = jas_alloc2(crg->numcomps, sizeof(jpc_crgcomp_t));
- if (jpc_putms(enc->out, enc->cstate, enc->mrk)) {
- jas_eprintf("cannot write CRG marker\n");
- return -1;
-@@ -1955,7 +1956,7 @@ jpc_enc_tile_t *jpc_enc_tile_create(jpc_
- tile->mctid = cp->tcp.mctid;
-
- tile->numlyrs = cp->tcp.numlyrs;
-- if (!(tile->lyrsizes = jas_malloc(tile->numlyrs *
-+ if (!(tile->lyrsizes = jas_alloc2(tile->numlyrs,
- sizeof(uint_fast32_t)))) {
- goto error;
- }
-@@ -1964,7 +1965,7 @@ jpc_enc_tile_t *jpc_enc_tile_create(jpc_
- }
-
- /* Allocate an array for the per-tile-component information. */
-- if (!(tile->tcmpts = jas_malloc(cp->numcmpts * sizeof(jpc_enc_tcmpt_t)))) {
-+ if (!(tile->tcmpts = jas_alloc2(cp->numcmpts, sizeof(jpc_enc_tcmpt_t)))) {
- goto error;
- }
- /* Initialize a few members critical for error recovery. */
-@@ -2110,7 +2111,7 @@ static jpc_enc_tcmpt_t *tcmpt_create(jpc
- jas_seq2d_ystart(tcmpt->data), jas_seq2d_xend(tcmpt->data),
- jas_seq2d_yend(tcmpt->data), bandinfos);
-
-- if (!(tcmpt->rlvls = jas_malloc(tcmpt->numrlvls * sizeof(jpc_enc_rlvl_t)))) {
-+ if (!(tcmpt->rlvls = jas_alloc2(tcmpt->numrlvls, sizeof(jpc_enc_rlvl_t)))) {
- goto error;
- }
- for (rlvlno = 0, rlvl = tcmpt->rlvls; rlvlno < tcmpt->numrlvls;
-@@ -2213,7 +2214,7 @@ static jpc_enc_rlvl_t *rlvl_create(jpc_e
- rlvl->numvprcs = JPC_FLOORDIVPOW2(brprcbry - tlprctly, rlvl->prcheightexpn);
- rlvl->numprcs = rlvl->numhprcs * rlvl->numvprcs;
-
-- if (!(rlvl->bands = jas_malloc(rlvl->numbands * sizeof(jpc_enc_band_t)))) {
-+ if (!(rlvl->bands = jas_alloc2(rlvl->numbands, sizeof(jpc_enc_band_t)))) {
- goto error;
- }
- for (bandno = 0, band = rlvl->bands; bandno < rlvl->numbands;
-@@ -2290,7 +2291,7 @@ if (bandinfo->xstart != bandinfo->xend &
- band->synweight = bandinfo->synenergywt;
-
- if (band->data) {
-- if (!(band->prcs = jas_malloc(rlvl->numprcs * sizeof(jpc_enc_prc_t)))) {
-+ if (!(band->prcs = jas_alloc2(rlvl->numprcs, sizeof(jpc_enc_prc_t)))) {
- goto error;
- }
- for (prcno = 0, prc = band->prcs; prcno < rlvl->numprcs; ++prcno,
-@@ -2422,7 +2423,7 @@ if (!rlvlno) {
- goto error;
- }
-
-- if (!(prc->cblks = jas_malloc(prc->numcblks * sizeof(jpc_enc_cblk_t)))) {
-+ if (!(prc->cblks = jas_alloc2(prc->numcblks, sizeof(jpc_enc_cblk_t)))) {
- goto error;
- }
- for (cblkno = 0, cblk = prc->cblks; cblkno < prc->numcblks;
Index: pkgsrc/graphics/jasper/patches/patch-src_libjasper_pnm_pnm__enc.c
diff -u pkgsrc/graphics/jasper/patches/patch-src_libjasper_pnm_pnm__enc.c:1.1 pkgsrc/graphics/jasper/patches/patch-src_libjasper_pnm_pnm__enc.c:1.2
--- pkgsrc/graphics/jasper/patches/patch-src_libjasper_pnm_pnm__enc.c:1.1 Mon May 16 14:03:40 2016
+++ pkgsrc/graphics/jasper/patches/patch-src_libjasper_pnm_pnm__enc.c Fri Dec 16 09:44:44 2016
@@ -1,7 +1,6 @@
-$NetBSD: patch-src_libjasper_pnm_pnm__enc.c,v 1.1 2016/05/16 14:03:40 he Exp $
+$NetBSD: patch-src_libjasper_pnm_pnm__enc.c,v 1.2 2016/12/16 09:44:44 he Exp $
-Fix CVE-2008-3520, patches from
-https://bugs.gentoo.org/show_bug.cgi?id=222819
+Replace one sprintf() with snprintf().
--- src/libjasper/pnm/pnm_enc.c.orig 2007-01-19 21:43:05.000000000 +0000
+++ src/libjasper/pnm/pnm_enc.c
Index: pkgsrc/graphics/jasper/patches/patch-src_libjasper_base_jas__seq.c
diff -u pkgsrc/graphics/jasper/patches/patch-src_libjasper_base_jas__seq.c:1.2 pkgsrc/graphics/jasper/patches/patch-src_libjasper_base_jas__seq.c:1.3
--- pkgsrc/graphics/jasper/patches/patch-src_libjasper_base_jas__seq.c:1.2 Mon May 16 14:03:40 2016
+++ pkgsrc/graphics/jasper/patches/patch-src_libjasper_base_jas__seq.c Fri Dec 16 09:44:44 2016
@@ -1,101 +1,16 @@
-$NetBSD: patch-src_libjasper_base_jas__seq.c,v 1.2 2016/05/16 14:03:40 he Exp $
+$NetBSD: patch-src_libjasper_base_jas__seq.c,v 1.3 2016/12/16 09:44:44 he Exp $
-CVE-2016-2089 denial of service. Via Debian.
+Replace one sprintf with snprintf.
-Fix CVE-2008-3520, patches from
-https://bugs.gentoo.org/show_bug.cgi?id=222819
-
---- src/libjasper/base/jas_seq.c.old 2016-03-31 14:47:00.000000000 +0200
+--- src/libjasper/base/jas_seq.c.orig 2016-03-31 14:47:00.000000000 +0200
+++ src/libjasper/base/jas_seq.c 2016-03-31 14:47:50.000000000 +0200
-@@ -114,7 +114,7 @@
- matrix->datasize_ = numrows * numcols;
-
- if (matrix->maxrows_ > 0) {
-- if (!(matrix->rows_ = jas_malloc(matrix->maxrows_ *
-+ if (!(matrix->rows_ = jas_alloc2(matrix->maxrows_,
- sizeof(jas_seqent_t *)))) {
- jas_matrix_destroy(matrix);
- return 0;
-@@ -122,7 +122,7 @@
- }
-
- if (matrix->datasize_ > 0) {
-- if (!(matrix->data_ = jas_malloc(matrix->datasize_ *
-+ if (!(matrix->data_ = jas_alloc2(matrix->datasize_,
- sizeof(jas_seqent_t)))) {
- jas_matrix_destroy(matrix);
- return 0;
-@@ -220,7 +220,7 @@
- mat0->numrows_ = r1 - r0 + 1;
- mat0->numcols_ = c1 - c0 + 1;
- mat0->maxrows_ = mat0->numrows_;
-- mat0->rows_ = jas_malloc(mat0->maxrows_ * sizeof(jas_seqent_t *));
-+ mat0->rows_ = jas_alloc2(mat0->maxrows_, sizeof(jas_seqent_t *));
- for (i = 0; i < mat0->numrows_; ++i) {
- mat0->rows_[i] = mat1->rows_[r0 + i] + c0;
- }
-@@ -262,6 +262,10 @@
- int rowstep;
- jas_seqent_t *data;
-
-+ if (!matrix->rows_) {
-+ return;
-+ }
-+
- rowstep = jas_matrix_rowstep(matrix);
- for (i = matrix->numrows_, rowstart = matrix->rows_[0]; i > 0; --i,
- rowstart += rowstep) {
-@@ -282,6 +286,10 @@
- jas_seqent_t *data;
- int rowstep;
-
-+ if (!matrix->rows_) {
-+ return;
-+ }
-+
- rowstep = jas_matrix_rowstep(matrix);
- for (i = matrix->numrows_, rowstart = matrix->rows_[0]; i > 0; --i,
- rowstart += rowstep) {
-@@ -306,6 +314,10 @@
- int rowstep;
- jas_seqent_t *data;
-
-+ if (!matrix->rows_) {
-+ return;
-+ }
-+
- assert(n >= 0);
- rowstep = jas_matrix_rowstep(matrix);
- for (i = matrix->numrows_, rowstart = matrix->rows_[0]; i > 0; --i,
-@@ -325,6 +337,10 @@
- int rowstep;
- jas_seqent_t *data;
-
-+ if (!matrix->rows_) {
-+ return;
-+ }
-+
- rowstep = jas_matrix_rowstep(matrix);
- for (i = matrix->numrows_, rowstart = matrix->rows_[0]; i > 0; --i,
- rowstart += rowstep) {
-@@ -367,6 +383,10 @@
- int rowstep;
- jas_seqent_t *data;
-
-+ if (!matrix->rows_) {
-+ return;
-+ }
-+
- rowstep = jas_matrix_rowstep(matrix);
- for (i = matrix->numrows_, rowstart = matrix->rows_[0]; i > 0; --i,
- rowstart += rowstep) {
-@@ -432,7 +452,8 @@
+@@ -493,7 +493,8 @@ int jas_seq2d_output(jas_matrix_t *matri
for (i = 0; i < jas_matrix_numrows(matrix); ++i) {
for (j = 0; j < jas_matrix_numcols(matrix); ++j) {
x = jas_matrix_get(matrix, i, j);
- sprintf(sbuf, "%s%4ld", (strlen(buf) > 0) ? " " : "",
-+ snprintf(sbuf, sizeof sbuf,
-+ "%s%4ld", (strlen(buf) > 0) ? " " : "",
++ snprintf(sbuf, sizeof sbuf,
++ "%s%4ld", (strlen(buf) > 0) ? " " : "",
JAS_CAST(long, x));
- n = strlen(buf);
- if (n + strlen(sbuf) > MAXLINELEN) {
+ n = JAS_CAST(int, strlen(buf));
+ if (n + JAS_CAST(int, strlen(sbuf)) > MAXLINELEN) {
Index: pkgsrc/graphics/jasper/patches/patch-src_libjasper_jp2_jp2__cod.c
diff -u pkgsrc/graphics/jasper/patches/patch-src_libjasper_jp2_jp2__cod.c:1.2 pkgsrc/graphics/jasper/patches/patch-src_libjasper_jp2_jp2__cod.c:1.3
--- pkgsrc/graphics/jasper/patches/patch-src_libjasper_jp2_jp2__cod.c:1.2 Mon May 16 14:03:40 2016
+++ pkgsrc/graphics/jasper/patches/patch-src_libjasper_jp2_jp2__cod.c Fri Dec 16 09:44:44 2016
@@ -1,49 +1,10 @@
-$NetBSD: patch-src_libjasper_jp2_jp2__cod.c,v 1.2 2016/05/16 14:03:40 he Exp $
+$NetBSD: patch-src_libjasper_jp2_jp2__cod.c,v 1.3 2016/12/16 09:44:44 he Exp $
Only output debug info if debuglevel >= 1.
-Fix CVE-2008-3520, patches from
-https://bugs.gentoo.org/show_bug.cgi?id=222819
-
---- src/libjasper/jp2/jp2_cod.c.old 2016-03-31 14:47:00.000000000 +0200
-+++ src/libjasper/jp2/jp2_cod.c 2016-03-31 14:48:20.000000000 +0200
-@@ -372,7 +372,7 @@
- jp2_bpcc_t *bpcc = &box->data.bpcc;
- unsigned int i;
- bpcc->numcmpts = box->datalen;
-- if (!(bpcc->bpcs = jas_malloc(bpcc->numcmpts * sizeof(uint_fast8_t)))) {
-+ if (!(bpcc->bpcs = jas_alloc2(bpcc->numcmpts, sizeof(uint_fast8_t)))) {
- return -1;
- }
- for (i = 0; i < bpcc->numcmpts; ++i) {
-@@ -416,7 +416,7 @@
- break;
- case JP2_COLR_ICC:
- colr->iccplen = box->datalen - 3;
-- if (!(colr->iccp = jas_malloc(colr->iccplen * sizeof(uint_fast8_t)))) {
-+ if (!(colr->iccp = jas_alloc2(colr->iccplen, sizeof(uint_fast8_t)))) {
- return -1;
- }
- if (jas_stream_read(in, colr->iccp, colr->iccplen) != colr->iccplen) {
-@@ -453,7 +453,7 @@
- if (jp2_getuint16(in, &cdef->numchans)) {
- return -1;
- }
-- if (!(cdef->ents = jas_malloc(cdef->numchans * sizeof(jp2_cdefchan_t)))) {
-+ if (!(cdef->ents = jas_alloc2(cdef->numchans, sizeof(jp2_cdefchan_t)))) {
- return -1;
- }
- for (channo = 0; channo < cdef->numchans; ++channo) {
-@@ -766,7 +766,7 @@
- unsigned int i;
-
- cmap->numchans = (box->datalen) / 4;
-- if (!(cmap->ents = jas_malloc(cmap->numchans * sizeof(jp2_cmapent_t)))) {
-+ if (!(cmap->ents = jas_alloc2(cmap->numchans, sizeof(jp2_cmapent_t)))) {
- return -1;
- }
- for (i = 0; i < cmap->numchans; ++i) {
-@@ -795,11 +795,15 @@
+--- src/libjasper/jp2/jp2_cod.c.orig 2016-11-16 15:03:41.000000000 +0000
++++ src/libjasper/jp2/jp2_cod.c
+@@ -808,11 +808,15 @@ static void jp2_cmap_dumpdata(jp2_box_t
jp2_cmap_t *cmap = &box->data.cmap;
unsigned int i;
jp2_cmapent_t *ent;
@@ -57,21 +18,8 @@ https://bugs.gentoo.org/show_bug.cgi?id=
- (int) ent->cmptno, (int) ent->map, (int) ent->pcol);
+ if (jas_getdbglevel() >= 1) {
+ fprintf(out, "cmptno=%d; map=%d; pcol=%d\n",
-+ (int) ent->cmptno, (int) ent->map, (int) ent->pcol);
++ (int) ent->cmptno, (int) ent->map, (int) ent->pcol);
+ }
}
}
-@@ -828,10 +832,10 @@
- return -1;
- }
- lutsize = pclr->numlutents * pclr->numchans;
-- if (!(pclr->lutdata = jas_malloc(lutsize * sizeof(int_fast32_t)))) {
-+ if (!(pclr->lutdata = jas_alloc2(lutsize, sizeof(int_fast32_t)))) {
- return -1;
- }
-- if (!(pclr->bpc = jas_malloc(pclr->numchans * sizeof(uint_fast8_t)))) {
-+ if (!(pclr->bpc = jas_alloc2(pclr->numchans, sizeof(uint_fast8_t)))) {
- return -1;
- }
- for (i = 0; i < pclr->numchans; ++i) {
Index: pkgsrc/graphics/jasper/patches/patch-src_libjasper_jp2_jp2__dec.c
diff -u pkgsrc/graphics/jasper/patches/patch-src_libjasper_jp2_jp2__dec.c:1.2 pkgsrc/graphics/jasper/patches/patch-src_libjasper_jp2_jp2__dec.c:1.3
--- pkgsrc/graphics/jasper/patches/patch-src_libjasper_jp2_jp2__dec.c:1.2 Mon May 16 14:03:40 2016
+++ pkgsrc/graphics/jasper/patches/patch-src_libjasper_jp2_jp2__dec.c Fri Dec 16 09:44:44 2016
@@ -1,17 +1,12 @@
-$NetBSD: patch-src_libjasper_jp2_jp2__dec.c,v 1.2 2016/05/16 14:03:40 he Exp $
+$NetBSD: patch-src_libjasper_jp2_jp2__dec.c,v 1.3 2016/12/16 09:44:44 he Exp $
Only output debug info if debuglevel >= 1.
-Apply fix for oCERT-2014-012, from
-https://bugzilla.redhat.com/show_bug.cgi?id=1173162
-Fix CVE-2008-3520, patches from
-https://bugs.gentoo.org/show_bug.cgi?id=222819
-
---- src/libjasper/jp2/jp2_dec.c.old 2016-03-31 14:47:00.000000000 +0200
-+++ src/libjasper/jp2/jp2_dec.c 2016-03-31 14:48:20.000000000 +0200
-@@ -293,7 +293,9 @@
- dec->colr->data.colr.iccplen);
- assert(iccprof);
+--- src/libjasper/jp2/jp2_dec.c.orig 2016-11-16 15:03:41.000000000 +0000
++++ src/libjasper/jp2/jp2_dec.c
+@@ -302,7 +302,9 @@ jas_image_t *jp2_decode(jas_stream_t *in
+ goto error;
+ }
jas_iccprof_gethdr(iccprof, &icchdr);
- jas_eprintf("ICC Profile CS %08x\n", icchdr.colorspc);
+ if (jas_getdbglevel() >= 1) {
@@ -20,35 +15,3 @@ https://bugs.gentoo.org/show_bug.cgi?id=
jas_image_setclrspc(dec->image, fromiccpcs(icchdr.colorspc));
dec->image->cmprof_ = jas_cmprof_createfromiccprof(iccprof);
assert(dec->image->cmprof_);
-@@ -336,7 +338,7 @@
- }
-
- /* Allocate space for the channel-number to component-number LUT. */
-- if (!(dec->chantocmptlut = jas_malloc(dec->numchans * sizeof(uint_fast16_t)))) {
-+ if (!(dec->chantocmptlut = jas_alloc2(dec->numchans, sizeof(uint_fast16_t)))) {
- jas_eprintf("error: no memory\n");
- goto error;
- }
-@@ -354,7 +356,7 @@
- if (cmapent->map == JP2_CMAP_DIRECT) {
- dec->chantocmptlut[channo] = channo;
- } else if (cmapent->map == JP2_CMAP_PALETTE) {
-- lutents = jas_malloc(pclrd->numlutents * sizeof(int_fast32_t));
-+ lutents = jas_alloc2(pclrd->numlutents, sizeof(int_fast32_t));
- for (i = 0; i < pclrd->numlutents; ++i) {
- lutents[i] = pclrd->lutdata[cmapent->pcol + i * pclrd->numchans];
- }
-@@ -386,6 +388,13 @@
- /* Determine the type of each component. */
- if (dec->cdef) {
- for (i = 0; i < dec->numchans; ++i) {
-+ /* Is the channel number reasonable? */
-+ if (dec->cdef->data.cdef.ents[i].channo >= dec->numchans) {
-+ jas_eprintf("error: invalid channel number in CDEF box\n");
-+
-+ goto error;
-+
-+ }
- jas_image_setcmpttype(dec->image,
- dec->chantocmptlut[dec->cdef->data.cdef.ents[i].channo],
- jp2_getct(jas_image_clrspc(dec->image),
Index: pkgsrc/graphics/jasper/patches/patch-src_libjasper_jpc_jpc__dec.c
diff -u pkgsrc/graphics/jasper/patches/patch-src_libjasper_jpc_jpc__dec.c:1.3 pkgsrc/graphics/jasper/patches/patch-src_libjasper_jpc_jpc__dec.c:1.4
--- pkgsrc/graphics/jasper/patches/patch-src_libjasper_jpc_jpc__dec.c:1.3 Mon May 16 14:03:40 2016
+++ pkgsrc/graphics/jasper/patches/patch-src_libjasper_jpc_jpc__dec.c Fri Dec 16 09:44:44 2016
@@ -1,154 +1,13 @@
$NetBSD$
-Apply fixes from
-http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=469786
-and
-https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2014-9029
-
-Also add a patch from Debian (bug #413041) to fix some heap corruption
-on malformed image input (CVE-2007-2721),
-
-Apply fix for CVE-2014-8157, taken from
-https://bugzilla.redhat.com/show_bug.cgi?id=1179282
-
-Fix CVE-2008-3520, patches from
-https://bugs.gentoo.org/show_bug.cgi?id=222819
+Only print on debug >= 1.
--- src/libjasper/jpc/jpc_dec.c.old 2016-03-31 14:47:00.000000000 +0200
+++ src/libjasper/jpc/jpc_dec.c 2016-03-31 14:48:20.000000000 +0200
-@@ -449,7 +449,7 @@
-
- if (dec->state == JPC_MH) {
-
-- compinfos = jas_malloc(dec->numcomps * sizeof(jas_image_cmptparm_t));
-+ compinfos = jas_alloc2(dec->numcomps, sizeof(jas_image_cmptparm_t));
- assert(compinfos);
- for (cmptno = 0, cmpt = dec->cmpts, compinfo = compinfos;
- cmptno < dec->numcomps; ++cmptno, ++cmpt, ++compinfo) {
-@@ -489,7 +489,7 @@
- dec->curtileendoff = 0;
- }
-
-- if (JAS_CAST(int, sot->tileno) > dec->numtiles) {
-+ if (JAS_CAST(int, sot->tileno) >= dec->numtiles) {
- jas_eprintf("invalid tile number in SOT marker segment\n");
- return -1;
- }
-@@ -692,7 +692,7 @@
- tile->realmode = 1;
- }
- tcomp->numrlvls = ccp->numrlvls;
-- if (!(tcomp->rlvls = jas_malloc(tcomp->numrlvls *
-+ if (!(tcomp->rlvls = jas_alloc2(tcomp->numrlvls,
- sizeof(jpc_dec_rlvl_t)))) {
- return -1;
- }
-@@ -764,7 +764,7 @@
- rlvl->cbgheightexpn);
-
- rlvl->numbands = (!rlvlno) ? 1 : 3;
-- if (!(rlvl->bands = jas_malloc(rlvl->numbands *
-+ if (!(rlvl->bands = jas_alloc2(rlvl->numbands,
- sizeof(jpc_dec_band_t)))) {
- return -1;
- }
-@@ -797,7 +797,7 @@
-
- assert(rlvl->numprcs);
-
-- if (!(band->prcs = jas_malloc(rlvl->numprcs * sizeof(jpc_dec_prc_t)))) {
-+ if (!(band->prcs = jas_alloc2(rlvl->numprcs, sizeof(jpc_dec_prc_t)))) {
- return -1;
- }
-
-@@ -834,7 +834,7 @@
- if (!(prc->numimsbstagtree = jpc_tagtree_create(prc->numhcblks, prc->numvcblks))) {
- return -1;
- }
-- if (!(prc->cblks = jas_malloc(prc->numcblks * sizeof(jpc_dec_cblk_t)))) {
-+ if (!(prc->cblks = jas_alloc2(prc->numcblks, sizeof(jpc_dec_cblk_t)))) {
- return -1;
- }
-
-@@ -1069,12 +1069,12 @@
- /* Apply an inverse intercomponent transform if necessary. */
- switch (tile->cp->mctid) {
- case JPC_MCT_RCT:
-- assert(dec->numcomps == 3);
-+ assert(dec->numcomps >= 3);
- jpc_irct(tile->tcomps[0].data, tile->tcomps[1].data,
- tile->tcomps[2].data);
- break;
- case JPC_MCT_ICT:
-- assert(dec->numcomps == 3);
-+ assert(dec->numcomps >= 3);
- jpc_iict(tile->tcomps[0].data, tile->tcomps[1].data,
- tile->tcomps[2].data);
- break;
-@@ -1181,7 +1181,7 @@
- return -1;
- }
-
-- if (!(dec->cmpts = jas_malloc(dec->numcomps * sizeof(jpc_dec_cmpt_t)))) {
-+ if (!(dec->cmpts = jas_alloc2(dec->numcomps, sizeof(jpc_dec_cmpt_t)))) {
- return -1;
- }
-
-@@ -1204,7 +1204,7 @@
- dec->numhtiles = JPC_CEILDIV(dec->xend - dec->tilexoff, dec->tilewidth);
- dec->numvtiles = JPC_CEILDIV(dec->yend - dec->tileyoff, dec->tileheight);
- dec->numtiles = dec->numhtiles * dec->numvtiles;
-- if (!(dec->tiles = jas_malloc(dec->numtiles * sizeof(jpc_dec_tile_t)))) {
-+ if (!(dec->tiles = jas_alloc2(dec->numtiles, sizeof(jpc_dec_tile_t)))) {
- return -1;
- }
-
-@@ -1228,12 +1228,13 @@
- tile->pkthdrstreampos = 0;
- tile->pptstab = 0;
- tile->cp = 0;
-- if (!(tile->tcomps = jas_malloc(dec->numcomps *
-+ if (!(tile->tcomps = jas_alloc2(dec->numcomps,
- sizeof(jpc_dec_tcomp_t)))) {
- return -1;
- }
- for (compno = 0, cmpt = dec->cmpts, tcomp = tile->tcomps;
- compno < dec->numcomps; ++compno, ++cmpt, ++tcomp) {
-+ tcomp->numrlvls = 0;
- tcomp->rlvls = 0;
- tcomp->data = 0;
- tcomp->xstart = JPC_CEILDIV(tile->xstart, cmpt->hstep);
-@@ -1280,7 +1281,7 @@
- jpc_coc_t *coc = &ms->parms.coc;
- jpc_dec_tile_t *tile;
-
-- if (JAS_CAST(int, coc->compno) > dec->numcomps) {
-+ if (JAS_CAST(int, coc->compno) >= dec->numcomps) {
- jas_eprintf("invalid component number in COC marker segment\n");
- return -1;
- }
-@@ -1306,7 +1307,7 @@
- jpc_rgn_t *rgn = &ms->parms.rgn;
- jpc_dec_tile_t *tile;
-
-- if (JAS_CAST(int, rgn->compno) > dec->numcomps) {
-+ if (JAS_CAST(int, rgn->compno) >= dec->numcomps) {
- jas_eprintf("invalid component number in RGN marker segment\n");
- return -1;
- }
-@@ -1355,7 +1356,7 @@
- jpc_qcc_t *qcc = &ms->parms.qcc;
- jpc_dec_tile_t *tile;
-
-- if (JAS_CAST(int, qcc->compno) > dec->numcomps) {
-+ if (JAS_CAST(int, qcc->compno) >= dec->numcomps) {
- jas_eprintf("invalid component number in QCC marker segment\n");
- return -1;
- }
-@@ -1466,7 +1467,9 @@
- dec = 0;
+@@ -1565,7 +1565,9 @@ static int jpc_dec_process_unk(jpc_dec_t
- jas_eprintf("warning: ignoring unknown marker segment\n");
+ jas_eprintf("warning: ignoring unknown marker segment (0x%x)\n",
+ ms->id);
- jpc_ms_dump(ms, stderr);
+ if (jas_getdbglevel() >= 1) {
+ jpc_ms_dump(ms, stderr);
@@ -156,42 +15,3 @@ https://bugs.gentoo.org/show_bug.cgi?id=
return 0;
}
-@@ -1489,7 +1492,7 @@
- cp->numlyrs = 0;
- cp->mctid = 0;
- cp->csty = 0;
-- if (!(cp->ccps = jas_malloc(cp->numcomps * sizeof(jpc_dec_ccp_t)))) {
-+ if (!(cp->ccps = jas_alloc2(cp->numcomps, sizeof(jpc_dec_ccp_t)))) {
- return 0;
- }
- if (!(cp->pchglist = jpc_pchglist_create())) {
-@@ -2048,7 +2051,7 @@
- }
- streamlist->numstreams = 0;
- streamlist->maxstreams = 100;
-- if (!(streamlist->streams = jas_malloc(streamlist->maxstreams *
-+ if (!(streamlist->streams = jas_alloc2(streamlist->maxstreams,
- sizeof(jas_stream_t *)))) {
- jas_free(streamlist);
- return 0;
-@@ -2068,8 +2071,8 @@
- /* Grow the array of streams if necessary. */
- if (streamlist->numstreams >= streamlist->maxstreams) {
- newmaxstreams = streamlist->maxstreams + 1024;
-- if (!(newstreams = jas_realloc(streamlist->streams,
-- (newmaxstreams + 1024) * sizeof(jas_stream_t *)))) {
-+ if (!(newstreams = jas_realloc2(streamlist->streams,
-+ (newmaxstreams + 1024), sizeof(jas_stream_t *)))) {
- return -1;
- }
- for (i = streamlist->numstreams; i < streamlist->maxstreams; ++i) {
-@@ -2155,8 +2158,7 @@
- {
- jpc_ppxstabent_t **newents;
- if (tab->maxents < maxents) {
-- newents = (tab->ents) ? jas_realloc(tab->ents, maxents *
-- sizeof(jpc_ppxstabent_t *)) : jas_malloc(maxents * sizeof(jpc_ppxstabent_t *));
-+ newents = jas_realloc2(tab->ents, maxents, sizeof(jpc_ppxstabent_t *));
- if (!newents) {
- return -1;
- }
Home |
Main Index |
Thread Index |
Old Index