jasper: Apply security patches from Debian package.

79ce1254 · Arnaud Fontaine · Kazuhiko Shiozaki · ac13d4a7 · 79ce1254 · 79ce1254
Commit 79ce1254 authored Jul 30, 2014 by Arnaud Fontaine Committed by Kazuhiko Shiozaki Aug 07, 2014
4 changed files
--- a/component/jasper/CVE-2011-4516-and-CVE-2011-4517.patch
+++ b/component/jasper/CVE-2011-4516-and-CVE-2011-4517.patch
+Description: Fix for CVE-2011-4516 and CVE-2011-4517
+ This patch fixes a possible denial of service and code execution via
+ heap-based buffer overflows.
+Author: Michael Gilbert <michael.s.gilbert@gmail.com>
+Origin: Patch thanks to Red Hat
+Bug-Debian: http://bugs.debian.org/652649
+Index: jasper-1.900.1/src/libjasper/jpc/jpc_cs.c
+===================================================================
+--- jasper-1.900.1.orig/src/libjasper/jpc/jpc_cs.c	2011-12-19 09:35:34.186909298 -0500
+++ jasper-1.900.1/src/libjasper/jpc/jpc_cs.c	2011-12-19 09:35:51.198909832 -0500
+@@ -744,6 +744,10 @@
+ 		return -1;
+ 	}
+ 	compparms->numrlvls = compparms->numdlvls + 1;
+	if (compparms->numrlvls > JPC_MAXRLVLS) {
+		jpc_cox_destroycompparms(compparms);
+		return -1;
+	}
+ 	if (prtflag) {
+ 		for (i = 0; i < compparms->numrlvls; ++i) {
+ 			if (jpc_getuint8(in, &tmp)) {
+@@ -1331,7 +1335,7 @@
+ 	jpc_crgcomp_t *comp;
+ 	uint_fast16_t compno;
+ 	crg->numcomps = cstate->numcomps;
+-	if (!(crg->comps = jas_alloc2(cstate->numcomps, sizeof(uint_fast16_t)))) {
+	if (!(crg->comps = jas_alloc2(cstate->numcomps, sizeof(jpc_crgcomp_t)))) {
+ 		return -1;
+ 	}
+ 	for (compno = 0, comp = crg->comps; compno < cstate->numcomps;
--- a/component/jasper/buildout.cfg
+++ b/component/jasper/buildout.cfg
@@ -8,6 +8,11 @@ parts =
 recipe = slapos.recipe.cmmi
 url = http://www.ece.uvic.ca/~mdadams/jasper/software/jasper-1.900.1.zip
 md5sum = a342b2b4495b3e1394e161eb5d85d754
+patch-options = -p1
+patches =
+  ${:_profile_base_location_}/misc-fixes.patch#1202be8418907dfe58f819f7b47da24f
+  ${:_profile_base_location_}/fix-filename-buffer-overflow.patch#38403f9c82a18547beca16c9c6f4ce7a
+  ${:_profile_base_location_}/CVE-2011-4516-and-CVE-2011-4517.patch#a9676718ed016f66a3c76acf764c9e72
 # jasper configure script is not executable by default
 configure-command =
  /bin/sh ./configure --prefix=${buildout:parts-directory}/${:_buildout_section_name_} --disable-static --enable-shared --disable-opengl

--- a/component/jasper/fix-filename-buffer-overflow.patch
+++ b/component/jasper/fix-filename-buffer-overflow.patch
+Description: Filename buffer overflow fix
+ This patch fixes a security hole by a bad buffer size handling.
+Author: Roland Stigge <stigge@antcom.de>
+Bug-Debian: http://bugs.debian.org/645118
+--- a/src/libjasper/include/jasper/jas_stream.h
+++ b/src/libjasper/include/jasper/jas_stream.h
+@@ -77,6 +77,7 @@
+ #include <jasper/jas_config.h>
+ #include <stdio.h>
+#include <limits.h>
+ #if defined(HAVE_FCNTL_H)
+ #include <fcntl.h>
+ #endif
+@@ -99,6 +100,12 @@ extern "C" {
+ #define O_BINARY	0
+ #endif
+#ifdef PATH_MAX
+#define JAS_PATH_MAX PATH_MAX
+#else
+#define JAS_PATH_MAX 4096
+#endif
+
+ /*
+  * Stream open flags.
+  */
+@@ -251,7 +258,7 @@ typedef struct {
+ typedef struct {
+ 	int fd;
+ 	int flags;
+-	char pathname[L_tmpnam + 1];
+	char pathname[JAS_PATH_MAX + 1];
+ } jas_stream_fileobj_t;
+ #define	JAS_STREAM_FILEOBJ_DELONCLOSE	0x01
--- a/component/jasper/misc-fixes.patch
+++ b/component/jasper/misc-fixes.patch