[Midnightbsd-cvs] mports [20925] trunk/graphics/jasper: Security patch jasper

laffer1 at midnightbsd.org laffer1 at midnightbsd.org
Mon Feb 1 16:01:47 EST 2016 

Revision: 20925
          http://svnweb.midnightbsd.org/mports/?rev=20925
Author:   laffer1
Date:     2016-02-01 16:01:47 -0500 (Mon, 01 Feb 2016)
Log Message:
-----------
Security patch jasper

 cvename:CVE-2008-3520
    cvename:CVE-2008-3522
    cvename:CVE-2011-4516
    cvename:CVE-2011-4517
    url:http://www.kb.cert.org/vuls/id/887409

Modified Paths:
--------------
    trunk/graphics/jasper/Makefile
    trunk/graphics/jasper/files/patch-jas_stream.c
    trunk/graphics/jasper/files/patch-jas_types.h
    trunk/graphics/jasper/files/patch-jpc_qmfb.c
    trunk/graphics/jasper/files/patch-mif_cod.c

Added Paths:
-----------
    trunk/graphics/jasper/files/patch-jas_stream.h

Modified: trunk/graphics/jasper/Makefile
===================================================================
--- trunk/graphics/jasper/Makefile	2016-02-01 20:48:26 UTC (rev 20924)
+++ trunk/graphics/jasper/Makefile	2016-02-01 21:01:47 UTC (rev 20925)
@@ -2,11 +2,10 @@
 
 PORTNAME=	jasper
 PORTVERSION=	1.900.1
-PORTREVISION=	5
+PORTREVISION=	15
 CATEGORIES=	graphics
 MASTER_SITES=	http://www.ece.uvic.ca/~mdadams/jasper/software/ \
-		${MASTER_SITE_IMAGEMAGICK}
-MASTER_SITE_SUBDIR=	ImageMagick/delegates
+		ftp://ftp.imagemagick.org/pub/ImageMagick/delegates/
 
 MAINTAINER=	ports at MidnightBSD.org
 COMMENT=	Implementation of the codec specified in the JPEG-2000 standard
@@ -22,11 +21,7 @@
 CONFIGURE_ARGS=	--enable-shared --enable-static
 USE_LDCONFIG=	yes
 
-MASTER_SITE_IMAGEMAGICK=	\
-	ftp://ftp.imagemagick.org/pub/%SUBDIR%/ \
-	${MASTER_SITE_RINGSERVER:S,%SUBDIR%,graphics/&,}
-
-OPTIONS_DEFINE= OPENGL UUID DOCS
+OPTIONS_DEFINE=	OPENGL UUID DOCS
 UUID_DESC=	UUID support (required by GDAL)
 
 .include <bsd.mport.options.mk>

Modified: trunk/graphics/jasper/files/patch-jas_stream.c
===================================================================
--- trunk/graphics/jasper/files/patch-jas_stream.c	2016-02-01 20:48:26 UTC (rev 20924)
+++ trunk/graphics/jasper/files/patch-jas_stream.c	2016-02-01 21:01:47 UTC (rev 20925)
@@ -1,5 +1,23 @@
 --- src/libjasper/base/jas_stream.c.orig	2007-01-19 22:43:05.000000000 +0100
-+++ src/libjasper/base/jas_stream.c	2013-04-17 21:57:41.000000000 +0200
++++ src/libjasper/base/jas_stream.c	2015-08-29 08:07:01.000000000 +0200
+@@ -99,7 +99,7 @@
+ static void jas_stream_destroy(jas_stream_t *stream);
+ static jas_stream_t *jas_stream_create(void);
+ static void jas_stream_initbuf(jas_stream_t *stream, int bufmode, char *buf,
+-  int bufsize);
++  size_t bufsize);
+ 
+ static int mem_read(jas_stream_obj_t *obj, char *buf, int cnt);
+ static int mem_write(jas_stream_obj_t *obj, char *buf, int cnt);
+@@ -168,7 +168,7 @@
+ 	return stream;
+ }
+ 
+-jas_stream_t *jas_stream_memopen(char *buf, int bufsize)
++jas_stream_t *jas_stream_memopen(char *buf, size_t bufsize)
+ {
+ 	jas_stream_t *stream;
+ 	jas_stream_memobj_t *obj;
 @@ -361,15 +361,14 @@
  	}
  	obj->fd = -1;
@@ -28,3 +46,30 @@
  	jas_stream_puts(stream, buf);
  	va_end(ap);
  	return ret;
+@@ -570,7 +569,7 @@
+ 	return 0;
+ }
+ 
+-char *jas_stream_gets(jas_stream_t *stream, char *buf, int bufsize)
++char *jas_stream_gets(jas_stream_t *stream, char *buf, size_t bufsize)
+ {
+ 	int c;
+ 	char *bufptr;
+@@ -694,7 +693,7 @@
+ \******************************************************************************/
+ 
+ static void jas_stream_initbuf(jas_stream_t *stream, int bufmode, char *buf,
+-  int bufsize)
++  size_t bufsize)
+ {
+ 	/* If this function is being called, the buffer should not have been
+ 	  initialized yet. */
+@@ -987,7 +986,7 @@
+ 	return cnt;
+ }
+ 
+-static int mem_resize(jas_stream_memobj_t *m, int bufsize)
++static int mem_resize(jas_stream_memobj_t *m, size_t bufsize)
+ {
+ 	unsigned char *buf;
+ 

Added: trunk/graphics/jasper/files/patch-jas_stream.h
===================================================================
--- trunk/graphics/jasper/files/patch-jas_stream.h	                        (rev 0)
+++ trunk/graphics/jasper/files/patch-jas_stream.h	2016-02-01 21:01:47 UTC (rev 20925)
@@ -0,0 +1,38 @@
+--- src/libjasper/include/jasper/jas_stream.h.orig	2007-01-19 22:43:04.000000000 +0100
++++ src/libjasper/include/jasper/jas_stream.h	2015-08-29 07:54:41.000000000 +0200
+@@ -215,7 +215,7 @@
+ 	uchar *bufstart_;
+ 
+ 	/* The buffer size. */
+-	int bufsize_;
++	size_t bufsize_;
+ 
+ 	/* The current position in the buffer. */
+ 	uchar *ptr_;
+@@ -267,7 +267,7 @@
+ 	uchar *buf_;
+ 
+ 	/* The allocated size of the buffer for holding file data. */
+-	int bufsize_;
++	size_t bufsize_;
+ 
+ 	/* The length of the file. */
+ 	int_fast32_t len_;
+@@ -291,7 +291,7 @@
+ jas_stream_t *jas_stream_fopen(const char *filename, const char *mode);
+ 
+ /* Open a memory buffer as a stream. */
+-jas_stream_t *jas_stream_memopen(char *buf, int bufsize);
++jas_stream_t *jas_stream_memopen(char *buf, size_t bufsize);
+ 
+ /* Open a file descriptor as a stream. */
+ jas_stream_t *jas_stream_fdopen(int fd, const char *mode);
+@@ -366,7 +366,7 @@
+ int jas_stream_puts(jas_stream_t *stream, const char *s);
+ 
+ /* Read a line of input from a stream. */
+-char *jas_stream_gets(jas_stream_t *stream, char *buf, int bufsize);
++char *jas_stream_gets(jas_stream_t *stream, char *buf, size_t bufsize);
+ 
+ /* Look at the next character to be read from a stream without actually
+   removing it from the stream. */


Property changes on: trunk/graphics/jasper/files/patch-jas_stream.h
___________________________________________________________________
Added: svn:eol-style
## -0,0 +1 ##
+native
\ No newline at end of property
Added: svn:mime-type
## -0,0 +1 ##
+text/plain
\ No newline at end of property
Modified: trunk/graphics/jasper/files/patch-jas_types.h
===================================================================
--- trunk/graphics/jasper/files/patch-jas_types.h	2016-02-01 20:48:26 UTC (rev 20924)
+++ trunk/graphics/jasper/files/patch-jas_types.h	2016-02-01 21:01:47 UTC (rev 20925)
@@ -1,5 +1,3 @@
-$FreeBSD: /tmp/pcvs/ports/graphics/jasper/files/patch-jas_types.h,v 1.1 2009-07-05 09:50:02 dinoex Exp $
-
 --- src/libjasper/include/jasper/jas_types.h	Sat Oct  4 12:57:58 2003
 +++ src/libjasper/include/jasper/jas_types.h	Wed Dec 17 10:29:46 2003
 @@ -223,13 +223,13 @@

Modified: trunk/graphics/jasper/files/patch-jpc_qmfb.c
===================================================================
--- trunk/graphics/jasper/files/patch-jpc_qmfb.c	2016-02-01 20:48:26 UTC (rev 20924)
+++ trunk/graphics/jasper/files/patch-jpc_qmfb.c	2016-02-01 21:01:47 UTC (rev 20925)
@@ -1,5 +1,14 @@
 --- src/libjasper/jpc/jpc_qmfb.c.orig	2007-01-19 22:43:07.000000000 +0100
-+++ src/libjasper/jpc/jpc_qmfb.c	2013-04-17 22:32:23.000000000 +0200
++++ src/libjasper/jpc/jpc_qmfb.c	2015-08-29 08:07:01.000000000 +0200
+@@ -305,7 +305,7 @@
+ void jpc_qmfb_split_row(jpc_fix_t *a, int numcols, int parity)
+ {
+ 
+-	int bufsize = JPC_CEILDIVPOW2(numcols, 1);
++	size_t bufsize = JPC_CEILDIVPOW2(numcols, 1);
+ #if !defined(HAVE_VLA)
+ 	jpc_fix_t splitbuf[QMFB_SPLITBUFSIZE];
+ #else
 @@ -321,7 +321,7 @@
  #if !defined(HAVE_VLA)
  	/* Get a buffer. */
@@ -9,6 +18,15 @@
  			/* We have no choice but to commit suicide in this case. */
  			abort();
  		}
+@@ -373,7 +373,7 @@
+   int parity)
+ {
+ 
+-	int bufsize = JPC_CEILDIVPOW2(numrows, 1);
++	size_t bufsize = JPC_CEILDIVPOW2(numrows, 1);
+ #if !defined(HAVE_VLA)
+ 	jpc_fix_t splitbuf[QMFB_SPLITBUFSIZE];
+ #else
 @@ -389,7 +389,7 @@
  #if !defined(HAVE_VLA)
  	/* Get a buffer. */
@@ -18,6 +36,15 @@
  			/* We have no choice but to commit suicide in this case. */
  			abort();
  		}
+@@ -441,7 +441,7 @@
+   int parity)
+ {
+ 
+-	int bufsize = JPC_CEILDIVPOW2(numrows, 1);
++	size_t bufsize = JPC_CEILDIVPOW2(numrows, 1);
+ #if !defined(HAVE_VLA)
+ 	jpc_fix_t splitbuf[QMFB_SPLITBUFSIZE * JPC_QMFB_COLGRPSIZE];
+ #else
 @@ -460,7 +460,7 @@
  #if !defined(HAVE_VLA)
  	/* Get a buffer. */
@@ -27,6 +54,15 @@
  			/* We have no choice but to commit suicide in this case. */
  			abort();
  		}
+@@ -530,7 +530,7 @@
+   int stride, int parity)
+ {
+ 
+-	int bufsize = JPC_CEILDIVPOW2(numrows, 1);
++	size_t bufsize = JPC_CEILDIVPOW2(numrows, 1);
+ #if !defined(HAVE_VLA)
+ 	jpc_fix_t splitbuf[QMFB_SPLITBUFSIZE * JPC_QMFB_COLGRPSIZE];
+ #else
 @@ -549,7 +549,7 @@
  #if !defined(HAVE_VLA)
  	/* Get a buffer. */
@@ -36,6 +72,15 @@
  			/* We have no choice but to commit suicide in this case. */
  			abort();
  		}
+@@ -618,7 +618,7 @@
+ void jpc_qmfb_join_row(jpc_fix_t *a, int numcols, int parity)
+ {
+ 
+-	int bufsize = JPC_CEILDIVPOW2(numcols, 1);
++	size_t bufsize = JPC_CEILDIVPOW2(numcols, 1);
+ #if !defined(HAVE_VLA)
+ 	jpc_fix_t joinbuf[QMFB_JOINBUFSIZE];
+ #else
 @@ -633,7 +633,7 @@
  #if !defined(HAVE_VLA)
  	/* Allocate memory for the join buffer from the heap. */
@@ -45,6 +90,15 @@
  			/* We have no choice but to commit suicide. */
  			abort();
  		}
+@@ -683,7 +683,7 @@
+   int parity)
+ {
+ 
+-	int bufsize = JPC_CEILDIVPOW2(numrows, 1);
++	size_t bufsize = JPC_CEILDIVPOW2(numrows, 1);
+ #if !defined(HAVE_VLA)
+ 	jpc_fix_t joinbuf[QMFB_JOINBUFSIZE];
+ #else
 @@ -698,7 +698,7 @@
  #if !defined(HAVE_VLA)
  	/* Allocate memory for the join buffer from the heap. */
@@ -54,6 +108,15 @@
  			/* We have no choice but to commit suicide. */
  			abort();
  		}
+@@ -748,7 +748,7 @@
+   int parity)
+ {
+ 
+-	int bufsize = JPC_CEILDIVPOW2(numrows, 1);
++	size_t bufsize = JPC_CEILDIVPOW2(numrows, 1);
+ #if !defined(HAVE_VLA)
+ 	jpc_fix_t joinbuf[QMFB_JOINBUFSIZE * JPC_QMFB_COLGRPSIZE];
+ #else
 @@ -766,7 +766,7 @@
  #if !defined(HAVE_VLA)
  	/* Allocate memory for the join buffer from the heap. */
@@ -63,6 +126,15 @@
  			/* We have no choice but to commit suicide. */
  			abort();
  		}
+@@ -834,7 +834,7 @@
+   int stride, int parity)
+ {
+ 
+-	int bufsize = JPC_CEILDIVPOW2(numrows, 1);
++	size_t bufsize = JPC_CEILDIVPOW2(numrows, 1);
+ #if !defined(HAVE_VLA)
+ 	jpc_fix_t joinbuf[QMFB_JOINBUFSIZE * JPC_QMFB_COLGRPSIZE];
+ #else
 @@ -852,7 +852,7 @@
  #if !defined(HAVE_VLA)
  	/* Allocate memory for the join buffer from the heap. */

Modified: trunk/graphics/jasper/files/patch-mif_cod.c
===================================================================
--- trunk/graphics/jasper/files/patch-mif_cod.c	2016-02-01 20:48:26 UTC (rev 20924)
+++ trunk/graphics/jasper/files/patch-mif_cod.c	2016-02-01 21:01:47 UTC (rev 20925)
@@ -1,5 +1,14 @@
 --- src/libjasper/mif/mif_cod.c.orig	2007-01-19 22:43:05.000000000 +0100
-+++ src/libjasper/mif/mif_cod.c	2013-04-17 22:32:23.000000000 +0200
++++ src/libjasper/mif/mif_cod.c	2015-08-29 08:07:01.000000000 +0200
+@@ -107,7 +107,7 @@
+ static int mif_hdr_addcmpt(mif_hdr_t *hdr, int cmptno, mif_cmpt_t *cmpt);
+ static mif_cmpt_t *mif_cmpt_create(void);
+ static void mif_cmpt_destroy(mif_cmpt_t *cmpt);
+-static char *mif_getline(jas_stream_t *jas_stream, char *buf, int bufsize);
++static char *mif_getline(jas_stream_t *jas_stream, char *buf, size_t bufsize);
+ static int mif_getc(jas_stream_t *in);
+ static mif_hdr_t *mif_makehdrfromimage(jas_image_t *image);
+ 
 @@ -438,8 +438,7 @@
  	int cmptno;
  	mif_cmpt_t **newcmpts;
@@ -10,3 +19,12 @@
  	if (!newcmpts) {
  		return -1;
  	}
+@@ -658,7 +657,7 @@
+ * MIF parsing code.
+ \******************************************************************************/
+ 
+-static char *mif_getline(jas_stream_t *stream, char *buf, int bufsize)
++static char *mif_getline(jas_stream_t *stream, char *buf, size_t bufsize)
+ {
+ 	int c;
+ 	char *bufptr;

More information about the Midnightbsd-cvs mailing list