diff --git a/.gitignore b/.gitignore index 4b7b6df..2082a37 100644 --- a/.gitignore +++ b/.gitignore @@ -1 +1 @@ -jasper-1.900.1.zip +/jasper-1.900.28.tar.gz diff --git a/jasper-1.900.1-CVE-2008-3520.patch b/jasper-1.900.1-CVE-2008-3520.patch index 0f5e3b7..bd6f56c 100644 --- a/jasper-1.900.1-CVE-2008-3520.patch +++ b/jasper-1.900.1-CVE-2008-3520.patch @@ -1,339 +1,8 @@ -https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2008-3520 - -OpenBSD jas_malloc hardening patches - -diff -pruN jasper-1.900.1.orig/src/libjasper/base/jas_cm.c jasper-1.900.1/src/libjasper/base/jas_cm.c ---- jasper-1.900.1.orig/src/libjasper/base/jas_cm.c 2007-01-19 22:43:05.000000000 +0100 -+++ jasper-1.900.1/src/libjasper/base/jas_cm.c 2009-10-22 10:27:45.000000000 +0200 -@@ -704,8 +704,7 @@ static int jas_cmpxformseq_resize(jas_cm - { - jas_cmpxform_t **p; - assert(n >= pxformseq->numpxforms); -- p = (!pxformseq->pxforms) ? jas_malloc(n * sizeof(jas_cmpxform_t *)) : -- jas_realloc(pxformseq->pxforms, n * sizeof(jas_cmpxform_t *)); -+ p = jas_realloc2(pxformseq->pxforms, n, sizeof(jas_cmpxform_t *)); - if (!p) { - return -1; - } -@@ -889,13 +888,13 @@ static int jas_cmshapmatlut_set(jas_cmsh - jas_cmshapmatlut_cleanup(lut); - if (curv->numents == 0) { - lut->size = 2; -- if (!(lut->data = jas_malloc(lut->size * sizeof(jas_cmreal_t)))) -+ if (!(lut->data = jas_alloc2(lut->size, sizeof(jas_cmreal_t)))) - goto error; - lut->data[0] = 0.0; - lut->data[1] = 1.0; - } else if (curv->numents == 1) { - lut->size = 256; -- if (!(lut->data = jas_malloc(lut->size * sizeof(jas_cmreal_t)))) -+ if (!(lut->data = jas_alloc2(lut->size, sizeof(jas_cmreal_t)))) - goto error; - gamma = curv->ents[0] / 256.0; - for (i = 0; i < lut->size; ++i) { -@@ -903,7 +902,7 @@ static int jas_cmshapmatlut_set(jas_cmsh - } - } else { - lut->size = curv->numents; -- if (!(lut->data = jas_malloc(lut->size * sizeof(jas_cmreal_t)))) -+ if (!(lut->data = jas_alloc2(lut->size, sizeof(jas_cmreal_t)))) - goto error; - for (i = 0; i < lut->size; ++i) { - lut->data[i] = curv->ents[i] / 65535.0; -@@ -953,7 +952,7 @@ static int jas_cmshapmatlut_invert(jas_c - return -1; - } - } -- if (!(invlut->data = jas_malloc(n * sizeof(jas_cmreal_t)))) -+ if (!(invlut->data = jas_alloc2(n, sizeof(jas_cmreal_t)))) - return -1; - invlut->size = n; - for (i = 0; i < invlut->size; ++i) { -diff -pruN jasper-1.900.1.orig/src/libjasper/base/jas_icc.c jasper-1.900.1/src/libjasper/base/jas_icc.c ---- jasper-1.900.1.orig/src/libjasper/base/jas_icc.c 2007-01-19 22:43:05.000000000 +0100 -+++ jasper-1.900.1/src/libjasper/base/jas_icc.c 2009-10-22 10:27:45.000000000 +0200 -@@ -373,7 +373,7 @@ int jas_iccprof_save(jas_iccprof_t *prof - jas_icctagtab_t *tagtab; - - tagtab = &prof->tagtab; -- if (!(tagtab->ents = jas_malloc(prof->attrtab->numattrs * -+ if (!(tagtab->ents = jas_alloc2(prof->attrtab->numattrs, - sizeof(jas_icctagtabent_t)))) - goto error; - tagtab->numents = prof->attrtab->numattrs; -@@ -522,7 +522,7 @@ static int jas_iccprof_gettagtab(jas_str - } - if (jas_iccgetuint32(in, &tagtab->numents)) - goto error; -- if (!(tagtab->ents = jas_malloc(tagtab->numents * -+ if (!(tagtab->ents = jas_alloc2(tagtab->numents, - sizeof(jas_icctagtabent_t)))) - goto error; - tagtabent = tagtab->ents; -@@ -743,8 +743,7 @@ static int jas_iccattrtab_resize(jas_icc - { - jas_iccattr_t *newattrs; - assert(maxents >= tab->numattrs); -- newattrs = tab->attrs ? jas_realloc(tab->attrs, maxents * -- sizeof(jas_iccattr_t)) : jas_malloc(maxents * sizeof(jas_iccattr_t)); -+ newattrs = jas_realloc2(tab->attrs, maxents, sizeof(jas_iccattr_t)); - if (!newattrs) - return -1; - tab->attrs = newattrs; -@@ -999,7 +998,7 @@ static int jas_icccurv_input(jas_iccattr - - if (jas_iccgetuint32(in, &curv->numents)) - goto error; -- if (!(curv->ents = jas_malloc(curv->numents * sizeof(jas_iccuint16_t)))) -+ if (!(curv->ents = jas_alloc2(curv->numents, sizeof(jas_iccuint16_t)))) - goto error; - for (i = 0; i < curv->numents; ++i) { - if (jas_iccgetuint16(in, &curv->ents[i])) -@@ -1100,7 +1099,7 @@ static int jas_icctxtdesc_input(jas_icca - if (jas_iccgetuint32(in, &txtdesc->uclangcode) || - jas_iccgetuint32(in, &txtdesc->uclen)) - goto error; -- if (!(txtdesc->ucdata = jas_malloc(txtdesc->uclen * 2))) -+ if (!(txtdesc->ucdata = jas_alloc2(txtdesc->uclen, 2))) - goto error; - if (jas_stream_read(in, txtdesc->ucdata, txtdesc->uclen * 2) != - JAS_CAST(int, txtdesc->uclen * 2)) -@@ -1292,17 +1291,17 @@ static int jas_icclut8_input(jas_iccattr - jas_iccgetuint16(in, &lut8->numouttabents)) - goto error; - clutsize = jas_iccpowi(lut8->clutlen, lut8->numinchans) * lut8->numoutchans; -- if (!(lut8->clut = jas_malloc(clutsize * sizeof(jas_iccuint8_t))) || -- !(lut8->intabsbuf = jas_malloc(lut8->numinchans * -- lut8->numintabents * sizeof(jas_iccuint8_t))) || -- !(lut8->intabs = jas_malloc(lut8->numinchans * -+ if (!(lut8->clut = jas_alloc2(clutsize, sizeof(jas_iccuint8_t))) || -+ !(lut8->intabsbuf = jas_alloc3(lut8->numinchans, -+ lut8->numintabents, sizeof(jas_iccuint8_t))) || -+ !(lut8->intabs = jas_alloc2(lut8->numinchans, - sizeof(jas_iccuint8_t *)))) - goto error; - for (i = 0; i < lut8->numinchans; ++i) - lut8->intabs[i] = &lut8->intabsbuf[i * lut8->numintabents]; -- if (!(lut8->outtabsbuf = jas_malloc(lut8->numoutchans * -- lut8->numouttabents * sizeof(jas_iccuint8_t))) || -- !(lut8->outtabs = jas_malloc(lut8->numoutchans * -+ if (!(lut8->outtabsbuf = jas_alloc3(lut8->numoutchans, -+ lut8->numouttabents, sizeof(jas_iccuint8_t))) || -+ !(lut8->outtabs = jas_alloc2(lut8->numoutchans, - sizeof(jas_iccuint8_t *)))) - goto error; - for (i = 0; i < lut8->numoutchans; ++i) -@@ -1461,17 +1460,17 @@ static int jas_icclut16_input(jas_iccatt - jas_iccgetuint16(in, &lut16->numouttabents)) - goto error; - clutsize = jas_iccpowi(lut16->clutlen, lut16->numinchans) * lut16->numoutchans; -- if (!(lut16->clut = jas_malloc(clutsize * sizeof(jas_iccuint16_t))) || -- !(lut16->intabsbuf = jas_malloc(lut16->numinchans * -- lut16->numintabents * sizeof(jas_iccuint16_t))) || -- !(lut16->intabs = jas_malloc(lut16->numinchans * -+ if (!(lut16->clut = jas_alloc2(clutsize, sizeof(jas_iccuint16_t))) || -+ !(lut16->intabsbuf = jas_alloc3(lut16->numinchans, -+ lut16->numintabents, sizeof(jas_iccuint16_t))) || -+ !(lut16->intabs = jas_alloc2(lut16->numinchans, - sizeof(jas_iccuint16_t *)))) - goto error; - for (i = 0; i < lut16->numinchans; ++i) - lut16->intabs[i] = &lut16->intabsbuf[i * lut16->numintabents]; -- if (!(lut16->outtabsbuf = jas_malloc(lut16->numoutchans * -- lut16->numouttabents * sizeof(jas_iccuint16_t))) || -- !(lut16->outtabs = jas_malloc(lut16->numoutchans * -+ if (!(lut16->outtabsbuf = jas_alloc3(lut16->numoutchans, -+ lut16->numouttabents, sizeof(jas_iccuint16_t))) || -+ !(lut16->outtabs = jas_alloc2(lut16->numoutchans, - sizeof(jas_iccuint16_t *)))) - goto error; - for (i = 0; i < lut16->numoutchans; ++i) -diff -pruN jasper-1.900.1.orig/src/libjasper/base/jas_image.c jasper-1.900.1/src/libjasper/base/jas_image.c ---- jasper-1.900.1.orig/src/libjasper/base/jas_image.c 2007-01-19 22:43:05.000000000 +0100 -+++ jasper-1.900.1/src/libjasper/base/jas_image.c 2009-10-22 10:27:45.000000000 +0200 -@@ -142,7 +142,7 @@ jas_image_t *jas_image_create(int numcmp - image->inmem_ = true; - - /* Allocate memory for the per-component information. */ -- if (!(image->cmpts_ = jas_malloc(image->maxcmpts_ * -+ if (!(image->cmpts_ = jas_alloc2(image->maxcmpts_, - sizeof(jas_image_cmpt_t *)))) { - jas_image_destroy(image); - return 0; -@@ -774,8 +774,7 @@ static int jas_image_growcmpts(jas_image - jas_image_cmpt_t **newcmpts; - int cmptno; - -- newcmpts = (!image->cmpts_) ? jas_malloc(maxcmpts * sizeof(jas_image_cmpt_t *)) : -- jas_realloc(image->cmpts_, maxcmpts * sizeof(jas_image_cmpt_t *)); -+ newcmpts = jas_realloc2(image->cmpts_, maxcmpts, sizeof(jas_image_cmpt_t *)); - if (!newcmpts) { - return -1; - } -diff -pruN jasper-1.900.1.orig/src/libjasper/base/jas_malloc.c jasper-1.900.1/src/libjasper/base/jas_malloc.c ---- jasper-1.900.1.orig/src/libjasper/base/jas_malloc.c 2007-01-19 22:43:05.000000000 +0100 -+++ jasper-1.900.1/src/libjasper/base/jas_malloc.c 2009-10-22 10:27:45.000000000 +0200 -@@ -76,6 +76,9 @@ - - /* We need the prototype for memset. */ - #include -+#include -+#include -+#include - - #include "jasper/jas_malloc.h" - -@@ -113,18 +116,50 @@ void jas_free(void *ptr) - - void *jas_realloc(void *ptr, size_t size) - { -- return realloc(ptr, size); -+ return ptr ? realloc(ptr, size) : malloc(size); - } - --void *jas_calloc(size_t nmemb, size_t size) -+void *jas_realloc2(void *ptr, size_t nmemb, size_t size) -+{ -+ if (!ptr) -+ return jas_alloc2(nmemb, size); -+ if (nmemb && SIZE_MAX / nmemb < size) { -+ errno = ENOMEM; -+ return NULL; -+ } -+ return jas_realloc(ptr, nmemb * size); -+ -+} -+ -+void *jas_alloc2(size_t nmemb, size_t size) -+{ -+ if (nmemb && SIZE_MAX / nmemb < size) { -+ errno = ENOMEM; -+ return NULL; -+ } -+ -+ return jas_malloc(nmemb * size); -+} -+ -+void *jas_alloc3(size_t a, size_t b, size_t c) - { -- void *ptr; - size_t n; -- n = nmemb * size; -- if (!(ptr = jas_malloc(n * sizeof(char)))) { -- return 0; -+ -+ if (a && SIZE_MAX / a < b) { -+ errno = ENOMEM; -+ return NULL; - } -- memset(ptr, 0, n); -+ -+ return jas_alloc2(a*b, c); -+} -+ -+void *jas_calloc(size_t nmemb, size_t size) -+{ -+ void *ptr; -+ -+ ptr = jas_alloc2(nmemb, size); -+ if (ptr) -+ memset(ptr, 0, nmemb*size); - return ptr; - } - -diff -pruN jasper-1.900.1.orig/src/libjasper/base/jas_seq.c jasper-1.900.1/src/libjasper/base/jas_seq.c ---- jasper-1.900.1.orig/src/libjasper/base/jas_seq.c 2007-01-19 22:43:05.000000000 +0100 -+++ jasper-1.900.1/src/libjasper/base/jas_seq.c 2009-10-22 10:27:45.000000000 +0200 -@@ -114,7 +114,7 @@ jas_matrix_t *jas_matrix_create(int numr - matrix->datasize_ = numrows * numcols; - - if (matrix->maxrows_ > 0) { -- if (!(matrix->rows_ = jas_malloc(matrix->maxrows_ * -+ if (!(matrix->rows_ = jas_alloc2(matrix->maxrows_, - sizeof(jas_seqent_t *)))) { - jas_matrix_destroy(matrix); - return 0; -@@ -122,7 +122,7 @@ jas_matrix_t *jas_matrix_create(int numr - } - - if (matrix->datasize_ > 0) { -- if (!(matrix->data_ = jas_malloc(matrix->datasize_ * -+ if (!(matrix->data_ = jas_alloc2(matrix->datasize_, - sizeof(jas_seqent_t)))) { - jas_matrix_destroy(matrix); - return 0; -@@ -220,7 +220,7 @@ void jas_matrix_bindsub(jas_matrix_t *ma - mat0->numrows_ = r1 - r0 + 1; - mat0->numcols_ = c1 - c0 + 1; - mat0->maxrows_ = mat0->numrows_; -- mat0->rows_ = jas_malloc(mat0->maxrows_ * sizeof(jas_seqent_t *)); -+ mat0->rows_ = jas_alloc2(mat0->maxrows_, sizeof(jas_seqent_t *)); - for (i = 0; i < mat0->numrows_; ++i) { - mat0->rows_[i] = mat1->rows_[r0 + i] + c0; - } -diff -pruN jasper-1.900.1.orig/src/libjasper/base/jas_stream.c jasper-1.900.1/src/libjasper/base/jas_stream.c ---- jasper-1.900.1.orig/src/libjasper/base/jas_stream.c 2007-01-19 22:43:05.000000000 +0100 -+++ jasper-1.900.1/src/libjasper/base/jas_stream.c 2009-10-22 10:27:45.000000000 +0200 -@@ -212,7 +212,7 @@ jas_stream_t *jas_stream_memopen(char *b - if (buf) { - obj->buf_ = (unsigned char *) buf; - } else { -- obj->buf_ = jas_malloc(obj->bufsize_ * sizeof(char)); -+ obj->buf_ = jas_malloc(obj->bufsize_); - obj->myalloc_ = 1; - } - if (!obj->buf_) { -@@ -992,7 +992,7 @@ static int mem_resize(jas_stream_memobj_ - unsigned char *buf; - - assert(m->buf_); -- if (!(buf = jas_realloc(m->buf_, bufsize * sizeof(unsigned char)))) { -+ if (!(buf = jas_realloc(m->buf_, bufsize))) { - return -1; - } - m->buf_ = buf; -diff -pruN jasper-1.900.1.orig/src/libjasper/bmp/bmp_dec.c jasper-1.900.1/src/libjasper/bmp/bmp_dec.c ---- jasper-1.900.1.orig/src/libjasper/bmp/bmp_dec.c 2007-01-19 22:43:07.000000000 +0100 -+++ jasper-1.900.1/src/libjasper/bmp/bmp_dec.c 2009-10-22 10:27:45.000000000 +0200 -@@ -283,7 +283,7 @@ static bmp_info_t *bmp_getinfo(jas_strea - } - - if (info->numcolors > 0) { -- if (!(info->palents = jas_malloc(info->numcolors * -+ if (!(info->palents = jas_alloc2(info->numcolors, - sizeof(bmp_palent_t)))) { - bmp_info_destroy(info); - return 0; -diff -pruN jasper-1.900.1.orig/src/libjasper/include/jasper/jas_malloc.h jasper-1.900.1/src/libjasper/include/jasper/jas_malloc.h ---- jasper-1.900.1.orig/src/libjasper/include/jasper/jas_malloc.h 2007-01-19 22:43:04.000000000 +0100 -+++ jasper-1.900.1/src/libjasper/include/jasper/jas_malloc.h 2009-10-22 10:27:45.000000000 +0200 -@@ -95,6 +95,9 @@ extern "C" { - #define jas_free MEMFREE - #define jas_realloc MEMREALLOC - #define jas_calloc MEMCALLOC -+#define jas_alloc2(a, b) MEMALLOC((a)*(b)) -+#define jas_alloc3(a, b, c) MEMALLOC((a)*(b)*(c)) -+#define jas_realloc2(p, a, b) MEMREALLOC((p), (a)*(b)) - #endif - - /******************************************************************************\ -@@ -115,6 +118,12 @@ void *jas_realloc(void *ptr, size_t size - /* Allocate a block of memory and initialize the contents to zero. */ - void *jas_calloc(size_t nmemb, size_t size); - -+/* size-checked double allocation .*/ -+void *jas_alloc2(size_t, size_t); -+ -+void *jas_alloc3(size_t, size_t, size_t); -+ -+void *jas_realloc2(void *, size_t, size_t); - #endif - - #ifdef __cplusplus -diff -pruN jasper-1.900.1.orig/src/libjasper/jp2/jp2_cod.c jasper-1.900.1/src/libjasper/jp2/jp2_cod.c ---- jasper-1.900.1.orig/src/libjasper/jp2/jp2_cod.c 2007-01-19 22:43:05.000000000 +0100 -+++ jasper-1.900.1/src/libjasper/jp2/jp2_cod.c 2009-10-22 10:30:24.000000000 +0200 -@@ -247,7 +247,7 @@ jp2_box_t *jp2_box_get(jas_stream_t *in) +diff --git a/src/libjasper/jp2/jp2_cod.c b/src/libjasper/jp2/jp2_cod.c +index 7f3608a..c4ba73c 100644 +--- a/src/libjasper/jp2/jp2_cod.c ++++ b/src/libjasper/jp2/jp2_cod.c +@@ -248,7 +248,7 @@ jp2_box_t *jp2_box_get(jas_stream_t *in) box = 0; tmpstream = 0; @@ -341,588 +10,4 @@ diff -pruN jasper-1.900.1.orig/src/libjasper/jp2/jp2_cod.c jasper-1.900.1/src/li + if (!(box = jas_calloc(1, sizeof(jp2_box_t)))) { goto error; } - box->ops = &jp2_boxinfo_unk.ops; -@@ -372,7 +372,7 @@ static int jp2_bpcc_getdata(jp2_box_t *b - jp2_bpcc_t *bpcc = &box->data.bpcc; - unsigned int i; - bpcc->numcmpts = box->datalen; -- if (!(bpcc->bpcs = jas_malloc(bpcc->numcmpts * sizeof(uint_fast8_t)))) { -+ if (!(bpcc->bpcs = jas_alloc2(bpcc->numcmpts, sizeof(uint_fast8_t)))) { - return -1; - } - for (i = 0; i < bpcc->numcmpts; ++i) { -@@ -416,7 +416,7 @@ static int jp2_colr_getdata(jp2_box_t *b - break; - case JP2_COLR_ICC: - colr->iccplen = box->datalen - 3; -- if (!(colr->iccp = jas_malloc(colr->iccplen * sizeof(uint_fast8_t)))) { -+ if (!(colr->iccp = jas_alloc2(colr->iccplen, sizeof(uint_fast8_t)))) { - return -1; - } - if (jas_stream_read(in, colr->iccp, colr->iccplen) != colr->iccplen) { -@@ -453,7 +453,7 @@ static int jp2_cdef_getdata(jp2_box_t *b - if (jp2_getuint16(in, &cdef->numchans)) { - return -1; - } -- if (!(cdef->ents = jas_malloc(cdef->numchans * sizeof(jp2_cdefchan_t)))) { -+ if (!(cdef->ents = jas_alloc2(cdef->numchans, sizeof(jp2_cdefchan_t)))) { - return -1; - } - for (channo = 0; channo < cdef->numchans; ++channo) { -@@ -766,7 +766,7 @@ static int jp2_cmap_getdata(jp2_box_t *b - unsigned int i; - - cmap->numchans = (box->datalen) / 4; -- if (!(cmap->ents = jas_malloc(cmap->numchans * sizeof(jp2_cmapent_t)))) { -+ if (!(cmap->ents = jas_alloc2(cmap->numchans, sizeof(jp2_cmapent_t)))) { - return -1; - } - for (i = 0; i < cmap->numchans; ++i) { -@@ -828,10 +828,10 @@ static int jp2_pclr_getdata(jp2_box_t *b - return -1; - } - lutsize = pclr->numlutents * pclr->numchans; -- if (!(pclr->lutdata = jas_malloc(lutsize * sizeof(int_fast32_t)))) { -+ if (!(pclr->lutdata = jas_alloc2(lutsize, sizeof(int_fast32_t)))) { - return -1; - } -- if (!(pclr->bpc = jas_malloc(pclr->numchans * sizeof(uint_fast8_t)))) { -+ if (!(pclr->bpc = jas_alloc2(pclr->numchans, sizeof(uint_fast8_t)))) { - return -1; - } - for (i = 0; i < pclr->numchans; ++i) { -diff -pruN jasper-1.900.1.orig/src/libjasper/jp2/jp2_dec.c jasper-1.900.1/src/libjasper/jp2/jp2_dec.c ---- jasper-1.900.1.orig/src/libjasper/jp2/jp2_dec.c 2007-01-19 22:43:05.000000000 +0100 -+++ jasper-1.900.1/src/libjasper/jp2/jp2_dec.c 2009-10-22 10:27:45.000000000 +0200 -@@ -336,7 +336,7 @@ jas_image_t *jp2_decode(jas_stream_t *in - } - - /* Allocate space for the channel-number to component-number LUT. */ -- if (!(dec->chantocmptlut = jas_malloc(dec->numchans * sizeof(uint_fast16_t)))) { -+ if (!(dec->chantocmptlut = jas_alloc2(dec->numchans, sizeof(uint_fast16_t)))) { - jas_eprintf("error: no memory\n"); - goto error; - } -@@ -354,7 +354,7 @@ jas_image_t *jp2_decode(jas_stream_t *in - if (cmapent->map == JP2_CMAP_DIRECT) { - dec->chantocmptlut[channo] = channo; - } else if (cmapent->map == JP2_CMAP_PALETTE) { -- lutents = jas_malloc(pclrd->numlutents * sizeof(int_fast32_t)); -+ lutents = jas_alloc2(pclrd->numlutents, sizeof(int_fast32_t)); - for (i = 0; i < pclrd->numlutents; ++i) { - lutents[i] = pclrd->lutdata[cmapent->pcol + i * pclrd->numchans]; - } -diff -pruN jasper-1.900.1.orig/src/libjasper/jp2/jp2_enc.c jasper-1.900.1/src/libjasper/jp2/jp2_enc.c ---- jasper-1.900.1.orig/src/libjasper/jp2/jp2_enc.c 2007-01-19 22:43:05.000000000 +0100 -+++ jasper-1.900.1/src/libjasper/jp2/jp2_enc.c 2009-10-22 10:27:45.000000000 +0200 -@@ -191,7 +191,7 @@ int sgnd; - } - bpcc = &box->data.bpcc; - bpcc->numcmpts = jas_image_numcmpts(image); -- if (!(bpcc->bpcs = jas_malloc(bpcc->numcmpts * -+ if (!(bpcc->bpcs = jas_alloc2(bpcc->numcmpts, - sizeof(uint_fast8_t)))) { - goto error; - } -@@ -285,7 +285,7 @@ int sgnd; - } - cdef = &box->data.cdef; - cdef->numchans = jas_image_numcmpts(image); -- cdef->ents = jas_malloc(cdef->numchans * sizeof(jp2_cdefchan_t)); -+ cdef->ents = jas_alloc2(cdef->numchans, sizeof(jp2_cdefchan_t)); - for (i = 0; i < jas_image_numcmpts(image); ++i) { - cdefchanent = &cdef->ents[i]; - cdefchanent->channo = i; -diff -pruN jasper-1.900.1.orig/src/libjasper/jpc/jpc_cs.c jasper-1.900.1/src/libjasper/jpc/jpc_cs.c ---- jasper-1.900.1.orig/src/libjasper/jpc/jpc_cs.c 2009-10-22 09:58:16.000000000 +0200 -+++ jasper-1.900.1/src/libjasper/jpc/jpc_cs.c 2009-10-22 10:27:45.000000000 +0200 -@@ -502,7 +502,7 @@ static int jpc_siz_getparms(jpc_ms_t *ms - !siz->tileheight || !siz->numcomps) { - return -1; - } -- if (!(siz->comps = jas_malloc(siz->numcomps * sizeof(jpc_sizcomp_t)))) { -+ if (!(siz->comps = jas_alloc2(siz->numcomps, sizeof(jpc_sizcomp_t)))) { - return -1; - } - for (i = 0; i < siz->numcomps; ++i) { -@@ -986,7 +986,7 @@ static int jpc_qcx_getcompparms(jpc_qcxc - jpc_qcx_destroycompparms(compparms); - return -1; - } else if (compparms->numstepsizes > 0) { -- compparms->stepsizes = jas_malloc(compparms->numstepsizes * -+ compparms->stepsizes = jas_alloc2(compparms->numstepsizes, - sizeof(uint_fast16_t)); - assert(compparms->stepsizes); - for (i = 0; i < compparms->numstepsizes; ++i) { -@@ -1094,7 +1094,7 @@ static int jpc_ppm_getparms(jpc_ms_t *ms - - ppm->len = ms->len - 1; - if (ppm->len > 0) { -- if (!(ppm->data = jas_malloc(ppm->len * sizeof(unsigned char)))) { -+ if (!(ppm->data = jas_malloc(ppm->len))) { - goto error; - } - if (JAS_CAST(uint, jas_stream_read(in, ppm->data, ppm->len)) != ppm->len) { -@@ -1163,7 +1163,7 @@ static int jpc_ppt_getparms(jpc_ms_t *ms - } - ppt->len = ms->len - 1; - if (ppt->len > 0) { -- if (!(ppt->data = jas_malloc(ppt->len * sizeof(unsigned char)))) { -+ if (!(ppt->data = jas_malloc(ppt->len))) { - goto error; - } - if (jas_stream_read(in, (char *) ppt->data, ppt->len) != JAS_CAST(int, ppt->len)) { -@@ -1226,7 +1226,7 @@ static int jpc_poc_getparms(jpc_ms_t *ms - uint_fast8_t tmp; - poc->numpchgs = (cstate->numcomps > 256) ? (ms->len / 9) : - (ms->len / 7); -- if (!(poc->pchgs = jas_malloc(poc->numpchgs * sizeof(jpc_pocpchg_t)))) { -+ if (!(poc->pchgs = jas_alloc2(poc->numpchgs, sizeof(jpc_pocpchg_t)))) { - goto error; - } - for (pchgno = 0, pchg = poc->pchgs; pchgno < poc->numpchgs; ++pchgno, -@@ -1331,7 +1331,7 @@ static int jpc_crg_getparms(jpc_ms_t *ms - jpc_crgcomp_t *comp; - uint_fast16_t compno; - crg->numcomps = cstate->numcomps; -- if (!(crg->comps = jas_malloc(cstate->numcomps * sizeof(uint_fast16_t)))) { -+ if (!(crg->comps = jas_alloc2(cstate->numcomps, sizeof(uint_fast16_t)))) { - return -1; - } - for (compno = 0, comp = crg->comps; compno < cstate->numcomps; -@@ -1470,7 +1470,7 @@ static int jpc_unk_getparms(jpc_ms_t *ms - cstate = 0; - - if (ms->len > 0) { -- if (!(unk->data = jas_malloc(ms->len * sizeof(unsigned char)))) { -+ if (!(unk->data = jas_malloc(ms->len))) { - return -1; - } - if (jas_stream_read(in, (char *) unk->data, ms->len) != JAS_CAST(int, ms->len)) { -diff -pruN jasper-1.900.1.orig/src/libjasper/jpc/jpc_dec.c jasper-1.900.1/src/libjasper/jpc/jpc_dec.c ---- jasper-1.900.1.orig/src/libjasper/jpc/jpc_dec.c 2009-10-22 09:58:16.000000000 +0200 -+++ jasper-1.900.1/src/libjasper/jpc/jpc_dec.c 2009-10-22 10:30:50.000000000 +0200 -@@ -449,7 +449,7 @@ static int jpc_dec_process_sot(jpc_dec_t - - if (dec->state == JPC_MH) { - -- compinfos = jas_malloc(dec->numcomps * sizeof(jas_image_cmptparm_t)); -+ compinfos = jas_alloc2(dec->numcomps, sizeof(jas_image_cmptparm_t)); - assert(compinfos); - for (cmptno = 0, cmpt = dec->cmpts, compinfo = compinfos; - cmptno < dec->numcomps; ++cmptno, ++cmpt, ++compinfo) { -@@ -692,7 +692,7 @@ static int jpc_dec_tileinit(jpc_dec_t *d - tile->realmode = 1; - } - tcomp->numrlvls = ccp->numrlvls; -- if (!(tcomp->rlvls = jas_malloc(tcomp->numrlvls * -+ if (!(tcomp->rlvls = jas_alloc2(tcomp->numrlvls, - sizeof(jpc_dec_rlvl_t)))) { - return -1; - } -@@ -764,7 +764,7 @@ rlvl->bands = 0; - rlvl->cbgheightexpn); - - rlvl->numbands = (!rlvlno) ? 1 : 3; -- if (!(rlvl->bands = jas_malloc(rlvl->numbands * -+ if (!(rlvl->bands = jas_alloc2(rlvl->numbands, - sizeof(jpc_dec_band_t)))) { - return -1; - } -@@ -797,7 +797,7 @@ rlvl->bands = 0; - - assert(rlvl->numprcs); - -- if (!(band->prcs = jas_malloc(rlvl->numprcs * sizeof(jpc_dec_prc_t)))) { -+ if (!(band->prcs = jas_alloc2(rlvl->numprcs, sizeof(jpc_dec_prc_t)))) { - return -1; - } - -@@ -834,7 +834,7 @@ rlvl->bands = 0; - if (!(prc->numimsbstagtree = jpc_tagtree_create(prc->numhcblks, prc->numvcblks))) { - return -1; - } -- if (!(prc->cblks = jas_malloc(prc->numcblks * sizeof(jpc_dec_cblk_t)))) { -+ if (!(prc->cblks = jas_alloc2(prc->numcblks, sizeof(jpc_dec_cblk_t)))) { - return -1; - } - -@@ -1181,7 +1181,7 @@ static int jpc_dec_process_siz(jpc_dec_t - return -1; - } - -- if (!(dec->cmpts = jas_malloc(dec->numcomps * sizeof(jpc_dec_cmpt_t)))) { -+ if (!(dec->cmpts = jas_alloc2(dec->numcomps, sizeof(jpc_dec_cmpt_t)))) { - return -1; - } - -@@ -1204,7 +1204,7 @@ static int jpc_dec_process_siz(jpc_dec_t - dec->numhtiles = JPC_CEILDIV(dec->xend - dec->tilexoff, dec->tilewidth); - dec->numvtiles = JPC_CEILDIV(dec->yend - dec->tileyoff, dec->tileheight); - dec->numtiles = dec->numhtiles * dec->numvtiles; -- if (!(dec->tiles = jas_malloc(dec->numtiles * sizeof(jpc_dec_tile_t)))) { -+ if (!(dec->tiles = jas_calloc(dec->numtiles, sizeof(jpc_dec_tile_t)))) { - return -1; - } - -@@ -1228,7 +1228,7 @@ static int jpc_dec_process_siz(jpc_dec_t - tile->pkthdrstreampos = 0; - tile->pptstab = 0; - tile->cp = 0; -- if (!(tile->tcomps = jas_malloc(dec->numcomps * -+ if (!(tile->tcomps = jas_calloc(dec->numcomps, - sizeof(jpc_dec_tcomp_t)))) { - return -1; - } -@@ -1489,7 +1489,7 @@ static jpc_dec_cp_t *jpc_dec_cp_create(u - cp->numlyrs = 0; - cp->mctid = 0; - cp->csty = 0; -- if (!(cp->ccps = jas_malloc(cp->numcomps * sizeof(jpc_dec_ccp_t)))) { -+ if (!(cp->ccps = jas_alloc2(cp->numcomps, sizeof(jpc_dec_ccp_t)))) { - return 0; - } - if (!(cp->pchglist = jpc_pchglist_create())) { -@@ -2048,7 +2048,7 @@ jpc_streamlist_t *jpc_streamlist_create( - } - streamlist->numstreams = 0; - streamlist->maxstreams = 100; -- if (!(streamlist->streams = jas_malloc(streamlist->maxstreams * -+ if (!(streamlist->streams = jas_alloc2(streamlist->maxstreams, - sizeof(jas_stream_t *)))) { - jas_free(streamlist); - return 0; -@@ -2068,8 +2068,8 @@ int jpc_streamlist_insert(jpc_streamlist - /* Grow the array of streams if necessary. */ - if (streamlist->numstreams >= streamlist->maxstreams) { - newmaxstreams = streamlist->maxstreams + 1024; -- if (!(newstreams = jas_realloc(streamlist->streams, -- (newmaxstreams + 1024) * sizeof(jas_stream_t *)))) { -+ if (!(newstreams = jas_realloc2(streamlist->streams, -+ (newmaxstreams + 1024), sizeof(jas_stream_t *)))) { - return -1; - } - for (i = streamlist->numstreams; i < streamlist->maxstreams; ++i) { -@@ -2155,8 +2155,7 @@ int jpc_ppxstab_grow(jpc_ppxstab_t *tab, - { - jpc_ppxstabent_t **newents; - if (tab->maxents < maxents) { -- newents = (tab->ents) ? jas_realloc(tab->ents, maxents * -- sizeof(jpc_ppxstabent_t *)) : jas_malloc(maxents * sizeof(jpc_ppxstabent_t *)); -+ newents = jas_realloc2(tab->ents, maxents, sizeof(jpc_ppxstabent_t *)); - if (!newents) { - return -1; - } -diff -pruN jasper-1.900.1.orig/src/libjasper/jpc/jpc_enc.c jasper-1.900.1/src/libjasper/jpc/jpc_enc.c ---- jasper-1.900.1.orig/src/libjasper/jpc/jpc_enc.c 2007-01-19 22:43:07.000000000 +0100 -+++ jasper-1.900.1/src/libjasper/jpc/jpc_enc.c 2009-10-22 10:27:45.000000000 +0200 -@@ -403,7 +403,7 @@ static jpc_enc_cp_t *cp_create(char *opt - vsteplcm *= jas_image_cmptvstep(image, cmptno); - } - -- if (!(cp->ccps = jas_malloc(cp->numcmpts * sizeof(jpc_enc_ccp_t)))) { -+ if (!(cp->ccps = jas_alloc2(cp->numcmpts, sizeof(jpc_enc_ccp_t)))) { - goto error; - } - for (cmptno = 0, ccp = cp->ccps; cmptno < JAS_CAST(int, cp->numcmpts); ++cmptno, -@@ -656,7 +656,7 @@ static jpc_enc_cp_t *cp_create(char *opt - - if (ilyrrates && numilyrrates > 0) { - tcp->numlyrs = numilyrrates + 1; -- if (!(tcp->ilyrrates = jas_malloc((tcp->numlyrs - 1) * -+ if (!(tcp->ilyrrates = jas_alloc2((tcp->numlyrs - 1), - sizeof(jpc_fix_t)))) { - goto error; - } -@@ -940,7 +940,7 @@ startoff = jas_stream_getrwcount(enc->ou - siz->tilewidth = cp->tilewidth; - siz->tileheight = cp->tileheight; - siz->numcomps = cp->numcmpts; -- siz->comps = jas_malloc(siz->numcomps * sizeof(jpc_sizcomp_t)); -+ siz->comps = jas_alloc2(siz->numcomps, sizeof(jpc_sizcomp_t)); - assert(siz->comps); - for (i = 0; i < JAS_CAST(int, cp->numcmpts); ++i) { - siz->comps[i].prec = cp->ccps[i].prec; -@@ -977,7 +977,7 @@ startoff = jas_stream_getrwcount(enc->ou - return -1; - } - crg = &enc->mrk->parms.crg; -- crg->comps = jas_malloc(crg->numcomps * sizeof(jpc_crgcomp_t)); -+ crg->comps = jas_alloc2(crg->numcomps, sizeof(jpc_crgcomp_t)); - if (jpc_putms(enc->out, enc->cstate, enc->mrk)) { - jas_eprintf("cannot write CRG marker\n"); - return -1; -@@ -1955,7 +1955,7 @@ jpc_enc_tile_t *jpc_enc_tile_create(jpc_ - tile->mctid = cp->tcp.mctid; - - tile->numlyrs = cp->tcp.numlyrs; -- if (!(tile->lyrsizes = jas_malloc(tile->numlyrs * -+ if (!(tile->lyrsizes = jas_alloc2(tile->numlyrs, - sizeof(uint_fast32_t)))) { - goto error; - } -@@ -1964,7 +1964,7 @@ jpc_enc_tile_t *jpc_enc_tile_create(jpc_ - } - - /* Allocate an array for the per-tile-component information. */ -- if (!(tile->tcmpts = jas_malloc(cp->numcmpts * sizeof(jpc_enc_tcmpt_t)))) { -+ if (!(tile->tcmpts = jas_alloc2(cp->numcmpts, sizeof(jpc_enc_tcmpt_t)))) { - goto error; - } - /* Initialize a few members critical for error recovery. */ -@@ -2110,7 +2110,7 @@ static jpc_enc_tcmpt_t *tcmpt_create(jpc - jas_seq2d_ystart(tcmpt->data), jas_seq2d_xend(tcmpt->data), - jas_seq2d_yend(tcmpt->data), bandinfos); - -- if (!(tcmpt->rlvls = jas_malloc(tcmpt->numrlvls * sizeof(jpc_enc_rlvl_t)))) { -+ if (!(tcmpt->rlvls = jas_alloc2(tcmpt->numrlvls, sizeof(jpc_enc_rlvl_t)))) { - goto error; - } - for (rlvlno = 0, rlvl = tcmpt->rlvls; rlvlno < tcmpt->numrlvls; -@@ -2213,7 +2213,7 @@ static jpc_enc_rlvl_t *rlvl_create(jpc_e - rlvl->numvprcs = JPC_FLOORDIVPOW2(brprcbry - tlprctly, rlvl->prcheightexpn); - rlvl->numprcs = rlvl->numhprcs * rlvl->numvprcs; -- if (!(rlvl->bands = jas_malloc(rlvl->numbands * sizeof(jpc_enc_band_t)))) { -+ if (!(rlvl->bands = jas_alloc2(rlvl->numbands, sizeof(jpc_enc_band_t)))) { - goto error; - } - for (bandno = 0, band = rlvl->bands; bandno < rlvl->numbands; -@@ -2290,7 +2290,7 @@ if (bandinfo->xstart != bandinfo->xend & - band->synweight = bandinfo->synenergywt; - - if (band->data) { -- if (!(band->prcs = jas_malloc(rlvl->numprcs * sizeof(jpc_enc_prc_t)))) { -+ if (!(band->prcs = jas_alloc2(rlvl->numprcs, sizeof(jpc_enc_prc_t)))) { - goto error; - } - for (prcno = 0, prc = band->prcs; prcno < rlvl->numprcs; ++prcno, -@@ -2422,7 +2422,7 @@ if (!rlvlno) { - goto error; - } - -- if (!(prc->cblks = jas_malloc(prc->numcblks * sizeof(jpc_enc_cblk_t)))) { -+ if (!(prc->cblks = jas_alloc2(prc->numcblks, sizeof(jpc_enc_cblk_t)))) { - goto error; - } - for (cblkno = 0, cblk = prc->cblks; cblkno < prc->numcblks; -diff -pruN jasper-1.900.1.orig/src/libjasper/jpc/jpc_mqdec.c jasper-1.900.1/src/libjasper/jpc/jpc_mqdec.c ---- jasper-1.900.1.orig/src/libjasper/jpc/jpc_mqdec.c 2007-01-19 22:43:07.000000000 +0100 -+++ jasper-1.900.1/src/libjasper/jpc/jpc_mqdec.c 2009-10-22 10:27:45.000000000 +0200 -@@ -118,7 +118,7 @@ jpc_mqdec_t *jpc_mqdec_create(int maxctx - mqdec->in = in; - mqdec->maxctxs = maxctxs; - /* Allocate memory for the per-context state information. */ -- if (!(mqdec->ctxs = jas_malloc(mqdec->maxctxs * sizeof(jpc_mqstate_t *)))) { -+ if (!(mqdec->ctxs = jas_alloc2(mqdec->maxctxs, sizeof(jpc_mqstate_t *)))) { - goto error; - } - /* Set the current context to the first context. */ -diff -pruN jasper-1.900.1.orig/src/libjasper/jpc/jpc_mqenc.c jasper-1.900.1/src/libjasper/jpc/jpc_mqenc.c ---- jasper-1.900.1.orig/src/libjasper/jpc/jpc_mqenc.c 2007-01-19 22:43:07.000000000 +0100 -+++ jasper-1.900.1/src/libjasper/jpc/jpc_mqenc.c 2009-10-22 10:27:45.000000000 +0200 -@@ -197,7 +197,7 @@ jpc_mqenc_t *jpc_mqenc_create(int maxctx - mqenc->maxctxs = maxctxs; - - /* Allocate memory for the per-context state information. */ -- if (!(mqenc->ctxs = jas_malloc(mqenc->maxctxs * sizeof(jpc_mqstate_t *)))) { -+ if (!(mqenc->ctxs = jas_alloc2(mqenc->maxctxs, sizeof(jpc_mqstate_t *)))) { - goto error; - } - -diff -pruN jasper-1.900.1.orig/src/libjasper/jpc/jpc_qmfb.c jasper-1.900.1/src/libjasper/jpc/jpc_qmfb.c ---- jasper-1.900.1.orig/src/libjasper/jpc/jpc_qmfb.c 2007-01-19 22:43:07.000000000 +0100 -+++ jasper-1.900.1/src/libjasper/jpc/jpc_qmfb.c 2009-10-22 10:27:45.000000000 +0200 -@@ -321,7 +321,7 @@ void jpc_qmfb_split_row(jpc_fix_t *a, in - #if !defined(HAVE_VLA) - /* Get a buffer. */ - if (bufsize > QMFB_SPLITBUFSIZE) { -- if (!(buf = jas_malloc(bufsize * sizeof(jpc_fix_t)))) { -+ if (!(buf = jas_alloc2(bufsize, sizeof(jpc_fix_t)))) { - /* We have no choice but to commit suicide in this case. */ - abort(); - } -@@ -389,7 +389,7 @@ void jpc_qmfb_split_col(jpc_fix_t *a, in - #if !defined(HAVE_VLA) - /* Get a buffer. */ - if (bufsize > QMFB_SPLITBUFSIZE) { -- if (!(buf = jas_malloc(bufsize * sizeof(jpc_fix_t)))) { -+ if (!(buf = jas_alloc2(bufsize, sizeof(jpc_fix_t)))) { - /* We have no choice but to commit suicide in this case. */ - abort(); - } -@@ -460,7 +460,7 @@ void jpc_qmfb_split_colgrp(jpc_fix_t *a, - #if !defined(HAVE_VLA) - /* Get a buffer. */ - if (bufsize > QMFB_SPLITBUFSIZE) { -- if (!(buf = jas_malloc(bufsize * sizeof(jpc_fix_t)))) { -+ if (!(buf = jas_alloc2(bufsize, sizeof(jpc_fix_t)))) { - /* We have no choice but to commit suicide in this case. */ - abort(); - } -@@ -549,7 +549,7 @@ void jpc_qmfb_split_colres(jpc_fix_t *a, - #if !defined(HAVE_VLA) - /* Get a buffer. */ - if (bufsize > QMFB_SPLITBUFSIZE) { -- if (!(buf = jas_malloc(bufsize * sizeof(jpc_fix_t)))) { -+ if (!(buf = jas_alloc2(bufsize, sizeof(jpc_fix_t)))) { - /* We have no choice but to commit suicide in this case. */ - abort(); - } -@@ -633,7 +633,7 @@ void jpc_qmfb_join_row(jpc_fix_t *a, int - #if !defined(HAVE_VLA) - /* Allocate memory for the join buffer from the heap. */ - if (bufsize > QMFB_JOINBUFSIZE) { -- if (!(buf = jas_malloc(bufsize * sizeof(jpc_fix_t)))) { -+ if (!(buf = jas_alloc2(bufsize, sizeof(jpc_fix_t)))) { - /* We have no choice but to commit suicide. */ - abort(); - } -@@ -698,7 +698,7 @@ void jpc_qmfb_join_col(jpc_fix_t *a, int - #if !defined(HAVE_VLA) - /* Allocate memory for the join buffer from the heap. */ - if (bufsize > QMFB_JOINBUFSIZE) { -- if (!(buf = jas_malloc(bufsize * sizeof(jpc_fix_t)))) { -+ if (!(buf = jas_alloc2(bufsize, sizeof(jpc_fix_t)))) { - /* We have no choice but to commit suicide. */ - abort(); - } -@@ -766,7 +766,7 @@ void jpc_qmfb_join_colgrp(jpc_fix_t *a, - #if !defined(HAVE_VLA) - /* Allocate memory for the join buffer from the heap. */ - if (bufsize > QMFB_JOINBUFSIZE) { -- if (!(buf = jas_malloc(bufsize * JPC_QMFB_COLGRPSIZE * sizeof(jpc_fix_t)))) { -+ if (!(buf = jas_alloc2(bufsize, JPC_QMFB_COLGRPSIZE * sizeof(jpc_fix_t)))) { - /* We have no choice but to commit suicide. */ - abort(); - } -@@ -852,7 +852,7 @@ void jpc_qmfb_join_colres(jpc_fix_t *a, - #if !defined(HAVE_VLA) - /* Allocate memory for the join buffer from the heap. */ - if (bufsize > QMFB_JOINBUFSIZE) { -- if (!(buf = jas_malloc(bufsize * numcols * sizeof(jpc_fix_t)))) { -+ if (!(buf = jas_alloc3(bufsize, numcols, sizeof(jpc_fix_t)))) { - /* We have no choice but to commit suicide. */ - abort(); - } -diff -pruN jasper-1.900.1.orig/src/libjasper/jpc/jpc_t1enc.c jasper-1.900.1/src/libjasper/jpc/jpc_t1enc.c ---- jasper-1.900.1.orig/src/libjasper/jpc/jpc_t1enc.c 2007-01-19 22:43:07.000000000 +0100 -+++ jasper-1.900.1/src/libjasper/jpc/jpc_t1enc.c 2009-10-22 10:27:45.000000000 +0200 -@@ -219,7 +219,7 @@ int jpc_enc_enccblk(jpc_enc_t *enc, jas_ - - cblk->numpasses = (cblk->numbps > 0) ? (3 * cblk->numbps - 2) : 0; - if (cblk->numpasses > 0) { -- cblk->passes = jas_malloc(cblk->numpasses * sizeof(jpc_enc_pass_t)); -+ cblk->passes = jas_alloc2(cblk->numpasses, sizeof(jpc_enc_pass_t)); - assert(cblk->passes); - } else { - cblk->passes = 0; -diff -pruN jasper-1.900.1.orig/src/libjasper/jpc/jpc_t2cod.c jasper-1.900.1/src/libjasper/jpc/jpc_t2cod.c ---- jasper-1.900.1.orig/src/libjasper/jpc/jpc_t2cod.c 2007-01-19 22:43:07.000000000 +0100 -+++ jasper-1.900.1/src/libjasper/jpc/jpc_t2cod.c 2009-10-22 10:27:45.000000000 +0200 -@@ -573,7 +573,7 @@ int jpc_pchglist_insert(jpc_pchglist_t * - } - if (pchglist->numpchgs >= pchglist->maxpchgs) { - newmaxpchgs = pchglist->maxpchgs + 128; -- if (!(newpchgs = jas_realloc(pchglist->pchgs, newmaxpchgs * sizeof(jpc_pchg_t *)))) { -+ if (!(newpchgs = jas_realloc2(pchglist->pchgs, newmaxpchgs, sizeof(jpc_pchg_t *)))) { - return -1; - } - pchglist->maxpchgs = newmaxpchgs; -diff -pruN jasper-1.900.1.orig/src/libjasper/jpc/jpc_t2dec.c jasper-1.900.1/src/libjasper/jpc/jpc_t2dec.c ---- jasper-1.900.1.orig/src/libjasper/jpc/jpc_t2dec.c 2007-01-19 22:43:07.000000000 +0100 -+++ jasper-1.900.1/src/libjasper/jpc/jpc_t2dec.c 2009-10-22 10:27:45.000000000 +0200 -@@ -478,7 +478,7 @@ jpc_pi_t *jpc_dec_pi_create(jpc_dec_t *d - return 0; - } - pi->numcomps = dec->numcomps; -- if (!(pi->picomps = jas_malloc(pi->numcomps * sizeof(jpc_picomp_t)))) { -+ if (!(pi->picomps = jas_alloc2(pi->numcomps, sizeof(jpc_picomp_t)))) { - jpc_pi_destroy(pi); - return 0; - } -@@ -490,7 +490,7 @@ jpc_pi_t *jpc_dec_pi_create(jpc_dec_t *d - for (compno = 0, tcomp = tile->tcomps, picomp = pi->picomps; - compno < pi->numcomps; ++compno, ++tcomp, ++picomp) { - picomp->numrlvls = tcomp->numrlvls; -- if (!(picomp->pirlvls = jas_malloc(picomp->numrlvls * -+ if (!(picomp->pirlvls = jas_alloc2(picomp->numrlvls, - sizeof(jpc_pirlvl_t)))) { - jpc_pi_destroy(pi); - return 0; -@@ -503,7 +503,7 @@ jpc_pi_t *jpc_dec_pi_create(jpc_dec_t *d - rlvlno < picomp->numrlvls; ++rlvlno, ++pirlvl, ++rlvl) { - /* XXX sizeof(long) should be sizeof different type */ - pirlvl->numprcs = rlvl->numprcs; -- if (!(pirlvl->prclyrnos = jas_malloc(pirlvl->numprcs * -+ if (!(pirlvl->prclyrnos = jas_alloc2(pirlvl->numprcs, - sizeof(long)))) { - jpc_pi_destroy(pi); - return 0; -diff -pruN jasper-1.900.1.orig/src/libjasper/jpc/jpc_t2enc.c jasper-1.900.1/src/libjasper/jpc/jpc_t2enc.c ---- jasper-1.900.1.orig/src/libjasper/jpc/jpc_t2enc.c 2007-01-19 22:43:07.000000000 +0100 -+++ jasper-1.900.1/src/libjasper/jpc/jpc_t2enc.c 2009-10-22 10:27:45.000000000 +0200 -@@ -565,7 +565,7 @@ jpc_pi_t *jpc_enc_pi_create(jpc_enc_cp_t - } - pi->pktno = -1; - pi->numcomps = cp->numcmpts; -- if (!(pi->picomps = jas_malloc(pi->numcomps * sizeof(jpc_picomp_t)))) { -+ if (!(pi->picomps = jas_alloc2(pi->numcomps, sizeof(jpc_picomp_t)))) { - jpc_pi_destroy(pi); - return 0; - } -@@ -577,7 +577,7 @@ jpc_pi_t *jpc_enc_pi_create(jpc_enc_cp_t - for (compno = 0, tcomp = tile->tcmpts, picomp = pi->picomps; - compno < pi->numcomps; ++compno, ++tcomp, ++picomp) { - picomp->numrlvls = tcomp->numrlvls; -- if (!(picomp->pirlvls = jas_malloc(picomp->numrlvls * -+ if (!(picomp->pirlvls = jas_alloc2(picomp->numrlvls, - sizeof(jpc_pirlvl_t)))) { - jpc_pi_destroy(pi); - return 0; -@@ -591,7 +591,7 @@ jpc_pi_t *jpc_enc_pi_create(jpc_enc_cp_t - /* XXX sizeof(long) should be sizeof different type */ - pirlvl->numprcs = rlvl->numprcs; - if (rlvl->numprcs) { -- if (!(pirlvl->prclyrnos = jas_malloc(pirlvl->numprcs * -+ if (!(pirlvl->prclyrnos = jas_alloc2(pirlvl->numprcs, - sizeof(long)))) { - jpc_pi_destroy(pi); - return 0; -diff -pruN jasper-1.900.1.orig/src/libjasper/jpc/jpc_tagtree.c jasper-1.900.1/src/libjasper/jpc/jpc_tagtree.c ---- jasper-1.900.1.orig/src/libjasper/jpc/jpc_tagtree.c 2007-01-19 22:43:07.000000000 +0100 -+++ jasper-1.900.1/src/libjasper/jpc/jpc_tagtree.c 2009-10-22 10:27:45.000000000 +0200 -@@ -125,7 +125,7 @@ jpc_tagtree_t *jpc_tagtree_create(int nu - ++numlvls; - } while (n > 1); - -- if (!(tree->nodes_ = jas_malloc(tree->numnodes_ * sizeof(jpc_tagtreenode_t)))) { -+ if (!(tree->nodes_ = jas_alloc2(tree->numnodes_, sizeof(jpc_tagtreenode_t)))) { - return 0; - } - -diff -pruN jasper-1.900.1.orig/src/libjasper/jpc/jpc_util.c jasper-1.900.1/src/libjasper/jpc/jpc_util.c ---- jasper-1.900.1.orig/src/libjasper/jpc/jpc_util.c 2007-01-19 22:43:07.000000000 +0100 -+++ jasper-1.900.1/src/libjasper/jpc/jpc_util.c 2009-10-22 10:27:45.000000000 +0200 -@@ -109,7 +109,7 @@ int jpc_atoaf(char *s, int *numvalues, d - } - - if (n) { -- if (!(vs = jas_malloc(n * sizeof(double)))) { -+ if (!(vs = jas_alloc2(n, sizeof(double)))) { - return -1; - } - -diff -pruN jasper-1.900.1.orig/src/libjasper/mif/mif_cod.c jasper-1.900.1/src/libjasper/mif/mif_cod.c ---- jasper-1.900.1.orig/src/libjasper/mif/mif_cod.c 2007-01-19 22:43:05.000000000 +0100 -+++ jasper-1.900.1/src/libjasper/mif/mif_cod.c 2009-10-22 10:27:45.000000000 +0200 -@@ -438,8 +438,7 @@ static int mif_hdr_growcmpts(mif_hdr_t * - int cmptno; - mif_cmpt_t **newcmpts; - assert(maxcmpts >= hdr->numcmpts); -- newcmpts = (!hdr->cmpts) ? jas_malloc(maxcmpts * sizeof(mif_cmpt_t *)) : -- jas_realloc(hdr->cmpts, maxcmpts * sizeof(mif_cmpt_t *)); -+ newcmpts = jas_realloc2(hdr->cmpts, maxcmpts, sizeof(mif_cmpt_t *)); - if (!newcmpts) { - return -1; - } diff --git a/jasper-1.900.1-CVE-2008-3522.patch b/jasper-1.900.1-CVE-2008-3522.patch deleted file mode 100644 index 4bf2e9b..0000000 --- a/jasper-1.900.1-CVE-2008-3522.patch +++ /dev/null @@ -1,14 +0,0 @@ -https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2008-3522 - -diff -pruN jasper-1.900.1.orig/src/libjasper/base/jas_stream.c jasper-1.900.1/src/libjasper/base/jas_stream.c ---- jasper-1.900.1.orig/src/libjasper/base/jas_stream.c 2009-10-22 10:27:45.000000000 +0200 -+++ jasper-1.900.1/src/libjasper/base/jas_stream.c 2009-10-22 10:35:53.000000000 +0200 -@@ -553,7 +553,7 @@ int jas_stream_printf(jas_stream_t *stre - int ret; - - va_start(ap, fmt); -- ret = vsprintf(buf, fmt, ap); -+ ret = vsnprintf(buf, sizeof buf, fmt, ap); - jas_stream_puts(stream, buf); - va_end(ap); - return ret; diff --git a/jasper-1.900.1-CVE-2011-4516-CVE-2011-4517-CERT-VU-887409.patch b/jasper-1.900.1-CVE-2011-4516-CVE-2011-4517-CERT-VU-887409.patch deleted file mode 100644 index f753080..0000000 --- a/jasper-1.900.1-CVE-2011-4516-CVE-2011-4517-CERT-VU-887409.patch +++ /dev/null @@ -1,23 +0,0 @@ -diff -up jasper-1.900.1/src/libjasper/jpc/jpc_cs.c.CERT-VU-887409 jasper-1.900.1/src/libjasper/jpc/jpc_cs.c ---- jasper-1.900.1/src/libjasper/jpc/jpc_cs.c.CERT-VU-887409 2011-10-25 17:25:39.000000000 +0200 -+++ jasper-1.900.1/src/libjasper/jpc/jpc_cs.c 2011-10-25 17:29:14.379371908 +0200 -@@ -744,6 +744,10 @@ static int jpc_cox_getcompparms(jpc_ms_t - return -1; - } - compparms->numrlvls = compparms->numdlvls + 1; -+ if (compparms->numrlvls > JPC_MAXRLVLS) { -+ jpc_cox_destroycompparms(compparms); -+ return -1; -+ } - if (prtflag) { - for (i = 0; i < compparms->numrlvls; ++i) { - if (jpc_getuint8(in, &tmp)) { -@@ -1331,7 +1335,7 @@ static int jpc_crg_getparms(jpc_ms_t *ms - jpc_crgcomp_t *comp; - uint_fast16_t compno; - crg->numcomps = cstate->numcomps; -- if (!(crg->comps = jas_alloc2(cstate->numcomps, sizeof(uint_fast16_t)))) { -+ if (!(crg->comps = jas_alloc2(cstate->numcomps, sizeof(jpc_crgcomp_t)))) { - return -1; - } - for (compno = 0, comp = crg->comps; compno < cstate->numcomps; diff --git a/jasper-1.900.1-Coverity-BAD_SIZEOF.patch b/jasper-1.900.1-Coverity-BAD_SIZEOF.patch deleted file mode 100644 index 1977400..0000000 --- a/jasper-1.900.1-Coverity-BAD_SIZEOF.patch +++ /dev/null @@ -1,17 +0,0 @@ -Error: BAD_SIZEOF -jpc/jpc_enc.c:2105: bad_sizeof: Taking the size of binary expression "tcmpt->numstepsizes * sizeof (uint_fast16_t) /*8*/" is suspicious. - Did you intend "sizeof(tcmpt->numstepsizes) * sizeof (uint_fast16_t) /*8*/"? - -diff -up jasper-1.900.1/src/libjasper/jpc/jpc_enc.c.bad_sizeof jasper-1.900.1/src/libjasper/jpc/jpc_enc.c ---- jasper-1.900.1/src/libjasper/jpc/jpc_enc.c.bad_sizeof 2007-01-19 22:43:07.000000000 +0100 -+++ jasper-1.900.1/src/libjasper/jpc/jpc_enc.c 2011-06-23 17:28:17.085690561 +0200 -@@ -2102,8 +2102,7 @@ static jpc_enc_tcmpt_t *tcmpt_create(jpc - - tcmpt->numstepsizes = tcmpt->numbands; - assert(tcmpt->numstepsizes <= JPC_MAXBANDS); -- memset(tcmpt->stepsizes, 0, sizeof(tcmpt->numstepsizes * -- sizeof(uint_fast16_t))); -+ memset(tcmpt->stepsizes, 0, tcmpt->numstepsizes * sizeof(uint_fast16_t)); - - /* Retrieve information about the various bands. */ - jpc_tsfb_getbands(tcmpt->tsfb, jas_seq2d_xstart(tcmpt->data), diff --git a/jasper-1.900.1-Coverity-CHECKED_RETURN.patch b/jasper-1.900.1-Coverity-CHECKED_RETURN.patch deleted file mode 100644 index ea330f2..0000000 --- a/jasper-1.900.1-Coverity-CHECKED_RETURN.patch +++ /dev/null @@ -1,141 +0,0 @@ -Error: CHECKED_RETURN -jpc/jpc_cs.c:924: check_return: Calling function "jpc_putuint16" without checking return value (as is done elsewhere 11 out of 13 times). -jpc/jpc_cs.c:924: unchecked_value: No check of the return value of "jpc_putuint16(out, qcc->compno)". - -jpc/jpc_cs.c:1021: check_return: Calling function "jpc_putuint16" without checking return value (as is done elsewhere 11 out of 13 times). -jpc/jpc_cs.c:1021: unchecked_value: No check of the return value of "jpc_putuint16(out, compparms->stepsizes[i])". - -jpc/jpc_cs.c:994: check_return: Calling function "jpc_getuint16" without checking return value (as is done elsewhere 14 out of 16 times). -jpc/jpc_cs.c:994: unchecked_value: No check of the return value of "jpc_getuint16(in, compparms->stepsizes + i)". - -jpc/jpc_cs.c:905: check_return: Calling function "jpc_getuint16" without checking return value (as is done elsewhere 14 out of 16 times). -jpc/jpc_cs.c:905: unchecked_value: No check of the return value of "jpc_getuint16(in, &qcc->compno)". - -jpc/jpc_cs.c:969: check_return: Calling function "jpc_getuint8" without checking return value (as is done elsewhere 17 out of 20 times). -jpc/jpc_cs.c:969: unchecked_value: No check of the return value of "jpc_getuint8(in, &tmp)". - -jpc/jpc_cs.c:991: check_return: Calling function "jpc_getuint8" without checking return value (as is done elsewhere 17 out of 20 times). -jpc/jpc_cs.c:991: unchecked_value: No check of the return value of "jpc_getuint8(in, &tmp)". - -jpc/jpc_cs.c:901: check_return: Calling function "jpc_getuint8" without checking return value (as is done elsewhere 17 out of 20 times). -jpc/jpc_cs.c:901: unchecked_value: No check of the return value of "jpc_getuint8(in, &tmp)". - -jpc/jpc_t2enc.c:338: check_return: Calling function "jpc_putms" without checking return value (as is done elsewhere 12 out of 13 times). -jpc/jpc_t2enc.c:338: unchecked_value: No check of the return value of "jpc_putms(out, enc->cstate, ms)". - -ras/ras_enc.c:245: check_return: Calling function "jas_image_readcmpt" without checking return value (as is done elsewhere 9 out of 10 times). -ras/ras_enc.c:245: unchecked_value: No check of the return value of "jas_image_readcmpt(image, cmpts[i], 0L, y, image->brx_ - image->tlx_, 1L, data[i])". - -diff -up jasper-1.900.1/src/libjasper/jpc/jpc_cs.c.checked_return jasper-1.900.1/src/libjasper/jpc/jpc_cs.c ---- jasper-1.900.1/src/libjasper/jpc/jpc_cs.c.checked_return 2007-01-19 22:43:07.000000000 +0100 -+++ jasper-1.900.1/src/libjasper/jpc/jpc_cs.c 2011-06-24 13:52:25.636551844 +0200 -@@ -898,11 +898,15 @@ static int jpc_qcc_getparms(jpc_ms_t *ms - int len; - len = ms->len; - if (cstate->numcomps <= 256) { -- jpc_getuint8(in, &tmp); -+ if (jpc_getuint8(in, &tmp)) { -+ return -1; -+ } - qcc->compno = tmp; - --len; - } else { -- jpc_getuint16(in, &qcc->compno); -+ if (jpc_getuint16(in, &qcc->compno)) { -+ return -1; -+ } - len -= 2; - } - if (jpc_qcx_getcompparms(&qcc->compparms, cstate, in, len)) { -@@ -919,9 +923,13 @@ static int jpc_qcc_putparms(jpc_ms_t *ms - { - jpc_qcc_t *qcc = &ms->parms.qcc; - if (cstate->numcomps <= 256) { -- jpc_putuint8(out, qcc->compno); -+ if (jpc_putuint8(out, qcc->compno)) { -+ return -1; -+ } - } else { -- jpc_putuint16(out, qcc->compno); -+ if (jpc_putuint16(out, qcc->compno)) { -+ return -1; -+ } - } - if (jpc_qcx_putcompparms(&qcc->compparms, cstate, out)) { - return -1; -@@ -966,7 +974,9 @@ static int jpc_qcx_getcompparms(jpc_qcxc - cstate = 0; - - n = 0; -- jpc_getuint8(in, &tmp); -+ if (jpc_getuint8(in, &tmp)) { -+ return -1; -+ } - ++n; - compparms->qntsty = tmp & 0x1f; - compparms->numguard = (tmp >> 5) & 7; -@@ -988,10 +998,14 @@ static int jpc_qcx_getcompparms(jpc_qcxc - assert(compparms->stepsizes); - for (i = 0; i < compparms->numstepsizes; ++i) { - if (compparms->qntsty == JPC_QCX_NOQNT) { -- jpc_getuint8(in, &tmp); -+ if (jpc_getuint8(in, &tmp)) { -+ return -1; -+ } - compparms->stepsizes[i] = JPC_QCX_EXPN(tmp >> 3); - } else { -- jpc_getuint16(in, &compparms->stepsizes[i]); -+ if (jpc_getuint16(in, &compparms->stepsizes[i])) { -+ return -1; -+ } - } - } - } else { -@@ -1015,10 +1029,14 @@ static int jpc_qcx_putcompparms(jpc_qcxc - jpc_putuint8(out, ((compparms->numguard & 7) << 5) | compparms->qntsty); - for (i = 0; i < compparms->numstepsizes; ++i) { - if (compparms->qntsty == JPC_QCX_NOQNT) { -- jpc_putuint8(out, JPC_QCX_GETEXPN( -- compparms->stepsizes[i]) << 3); -+ if (jpc_putuint8(out, JPC_QCX_GETEXPN( -+ compparms->stepsizes[i]) << 3)) { -+ return -1; -+ } - } else { -- jpc_putuint16(out, compparms->stepsizes[i]); -+ if (jpc_putuint16(out, compparms->stepsizes[i])) { -+ return -1; -+ } - } - } - return 0; -diff -up jasper-1.900.1/src/libjasper/jpc/jpc_t2enc.c.checked_return jasper-1.900.1/src/libjasper/jpc/jpc_t2enc.c ---- jasper-1.900.1/src/libjasper/jpc/jpc_t2enc.c.checked_return 2007-01-19 22:43:07.000000000 +0100 -+++ jasper-1.900.1/src/libjasper/jpc/jpc_t2enc.c 2011-06-24 12:29:32.069578992 +0200 -@@ -335,7 +335,9 @@ assert(jpc_firstone(datalen) < cblk->num - if (!(ms = jpc_ms_create(JPC_MS_EPH))) { - return -1; - } -- jpc_putms(out, enc->cstate, ms); -+ if (jpc_putms(out, enc->cstate, ms)) { -+ return -1; -+ } - jpc_ms_destroy(ms); - } - -diff -up jasper-1.900.1/src/libjasper/ras/ras_enc.c.checked_return jasper-1.900.1/src/libjasper/ras/ras_enc.c ---- jasper-1.900.1/src/libjasper/ras/ras_enc.c.checked_return 2007-01-19 22:43:04.000000000 +0100 -+++ jasper-1.900.1/src/libjasper/ras/ras_enc.c 2011-06-24 14:05:31.233482612 +0200 -@@ -242,8 +242,10 @@ static int ras_putdatastd(jas_stream_t * - - for (y = 0; y < hdr->height; y++) { - for (i = 0; i < numcmpts; ++i) { -- jas_image_readcmpt(image, cmpts[i], 0, y, jas_image_width(image), -- 1, data[i]); -+ if (jas_image_readcmpt(image, cmpts[i], 0, y, -+ jas_image_width(image), 1, data[i])) { -+ return -1; -+ } - } - z = 0; - nz = 0; diff --git a/jasper-1.900.1-Coverity-FORWARD_NULL.patch b/jasper-1.900.1-Coverity-FORWARD_NULL.patch deleted file mode 100644 index ff526b4..0000000 --- a/jasper-1.900.1-Coverity-FORWARD_NULL.patch +++ /dev/null @@ -1,44 +0,0 @@ -Error: FORWARD_NULL -jpc/jpc_dec.c:2207: var_compare_op: Comparing "streams" to null implies that "streams" might be null. -jpc/jpc_dec.c:2270: var_deref_model: Passing null variable "streams" to function "jpc_streamlist_destroy", which dereferences it. -jpc/jpc_dec.c:2108: deref_parm: Directly dereferencing parameter "streamlist". - -jpc/jpc_t1enc.c:225: assign_zero: Assigning: "cblk->passes" = 0. -jpc/jpc_t1enc.c:228: alias_transfer: Assigning null: "pass" = "cblk->passes". -jpc/jpc_t1enc.c:229: var_deref_op: Dereferencing null variable "pass". - -diff -up jasper-1.900.1/src/libjasper/jpc/jpc_dec.c.forward_null jasper-1.900.1/src/libjasper/jpc/jpc_dec.c ---- jasper-1.900.1/src/libjasper/jpc/jpc_dec.c.forward_null 2007-01-19 22:43:07.000000000 +0100 -+++ jasper-1.900.1/src/libjasper/jpc/jpc_dec.c 2011-06-24 15:01:39.200600146 +0200 -@@ -2267,7 +2267,9 @@ jpc_streamlist_t *jpc_ppmstabtostreams(j - return streams; - - error: -- jpc_streamlist_destroy(streams); -+ if (streams) { -+ jpc_streamlist_destroy(streams); -+ } - return 0; - } - -diff -up jasper-1.900.1/src/libjasper/jpc/jpc_t1enc.c.forward_null jasper-1.900.1/src/libjasper/jpc/jpc_t1enc.c ---- jasper-1.900.1/src/libjasper/jpc/jpc_t1enc.c.forward_null 2007-01-19 22:43:07.000000000 +0100 -+++ jasper-1.900.1/src/libjasper/jpc/jpc_t1enc.c 2011-06-24 14:58:33.061248133 +0200 -@@ -224,7 +224,7 @@ int jpc_enc_enccblk(jpc_enc_t *enc, jas_ - } else { - cblk->passes = 0; - } -- endpasses = &cblk->passes[cblk->numpasses]; -+ endpasses = (cblk->passes) ? &cblk->passes[cblk->numpasses] : 0; - for (pass = cblk->passes; pass != endpasses; ++pass) { - pass->start = 0; - pass->end = 0; -@@ -352,7 +352,7 @@ dump_passes(cblk->passes, cblk->numpasse - #endif - - n = 0; -- endpasses = &cblk->passes[cblk->numpasses]; -+ endpasses = (cblk->passes) ? &cblk->passes[cblk->numpasses] : 0; - for (pass = cblk->passes; pass != endpasses; ++pass) { - if (pass->start < n) { - pass->start = n; diff --git a/jasper-1.900.1-Coverity-NULL_RETURNS.patch b/jasper-1.900.1-Coverity-NULL_RETURNS.patch deleted file mode 100644 index 4c72270..0000000 --- a/jasper-1.900.1-Coverity-NULL_RETURNS.patch +++ /dev/null @@ -1,61 +0,0 @@ -Error: NULL_RETURNS -base/jas_image.c:213: returned_null: Function "jas_image_create0" returns null (checked 6 out of 7 times). -base/jas_image.c:213: var_assigned: Assigning: "newimage" = null return value from "jas_image_create0". -base/jas_image.c:214: dereference: Dereferencing a pointer that might be null "newimage" when calling "jas_image_growcmpts". -base/jas_image.c:777: deref_parm: Directly dereferencing parameter "image". - -base/jas_seq.c:223: returned_null: Function "jas_malloc" returns null (checked 110 out of 119 times). -base/jas_seq.c:223: var_assigned: Assigning: "mat0->rows_" = null return value from "jas_malloc". -base/jas_seq.c:225: dereference: Dereferencing a null pointer "mat0->rows_". - -jp2/jp2_cod.c:484: returned_null: Function "jas_stream_memopen" returns null (checked 12 out of 15 times). -jp2/jp2_cod.c:484: var_assigned: Assigning: "tmpstream" = null return value from "jas_stream_memopen". -jp2/jp2_cod.c:490: dereference: Dereferencing a pointer that might be null "tmpstream" when calling "jas_stream_tell". -base/jas_stream.c:677: deref_parm: Directly dereferencing parameter "stream". - - -diff -up jasper-1.900.1/src/libjasper/base/jas_image.c.NULL_RETURNS jasper-1.900.1/src/libjasper/base/jas_image.c ---- jasper-1.900.1/src/libjasper/base/jas_image.c.NULL_RETURNS 2011-12-08 14:00:05.350020869 +0100 -+++ jasper-1.900.1/src/libjasper/base/jas_image.c 2011-12-08 14:00:06.638004766 +0100 -@@ -210,7 +210,10 @@ jas_image_t *jas_image_copy(jas_image_t - jas_image_t *newimage; - int cmptno; - -- newimage = jas_image_create0(); -+ if (!(newimage = jas_image_create0())) { -+ goto error; -+ } -+ - if (jas_image_growcmpts(newimage, image->numcmpts_)) { - goto error; - } -diff -up jasper-1.900.1/src/libjasper/base/jas_seq.c.NULL_RETURNS jasper-1.900.1/src/libjasper/base/jas_seq.c ---- jasper-1.900.1/src/libjasper/base/jas_seq.c.NULL_RETURNS 2011-12-08 14:00:05.000000000 +0100 -+++ jasper-1.900.1/src/libjasper/base/jas_seq.c 2011-12-08 14:15:12.449680562 +0100 -@@ -220,7 +220,11 @@ void jas_matrix_bindsub(jas_matrix_t *ma - mat0->numrows_ = r1 - r0 + 1; - mat0->numcols_ = c1 - c0 + 1; - mat0->maxrows_ = mat0->numrows_; -- mat0->rows_ = jas_alloc2(mat0->maxrows_, sizeof(jas_seqent_t *)); -+ if (!(mat0->rows_ = jas_alloc2(mat0->maxrows_, sizeof(jas_seqent_t *)))) { -+ jas_matrix_destroy(mat0); -+ return; -+ } -+ - for (i = 0; i < mat0->numrows_; ++i) { - mat0->rows_[i] = mat1->rows_[r0 + i] + c0; - } -diff -up jasper-1.900.1/src/libjasper/jp2/jp2_cod.c.NULL_RETURNS jasper-1.900.1/src/libjasper/jp2/jp2_cod.c ---- jasper-1.900.1/src/libjasper/jp2/jp2_cod.c.NULL_RETURNS 2011-12-08 14:00:05.633017331 +0100 -+++ jasper-1.900.1/src/libjasper/jp2/jp2_cod.c 2011-12-08 14:00:06.677004279 +0100 -@@ -481,7 +481,9 @@ int jp2_box_put(jp2_box_t *box, jas_stre - dataflag = !(box->info->flags & (JP2_BOX_SUPER | JP2_BOX_NODATA)); - - if (dataflag) { -- tmpstream = jas_stream_memopen(0, 0); -+ if (!(tmpstream = jas_stream_memopen(0, 0))) { -+ goto error; -+ } - if (box->ops->putdata) { - if ((*box->ops->putdata)(box, tmpstream)) { - goto error; diff --git a/jasper-1.900.1-Coverity-RESOURCE_LEAK.patch b/jasper-1.900.1-Coverity-RESOURCE_LEAK.patch deleted file mode 100644 index 76f5da7..0000000 --- a/jasper-1.900.1-Coverity-RESOURCE_LEAK.patch +++ /dev/null @@ -1,202 +0,0 @@ -Error: RESOURCE_LEAK -src/appl/imgcmp.c:504: var_assign: Assigning: "diffimage" = storage returned from "jas_image_create(3, compparms, 1025)". -src/appl/imgcmp.c:511: leaked_storage: Variable "diffimage" going out of scope leaks the storage it points to. -src/appl/imgcmp.c:537: leaked_storage: Variable "diffimage" going out of scope leaks the storage it points to. - -base/jas_image.c:254: var_assign: Assigning: "newcmpt" = storage returned from "jas_image_cmpt_create0()". -base/jas_image.c:268: leaked_storage: Variable "newcmpt" going out of scope leaks the storage it points to. -base/jas_image.c:271: leaked_storage: Variable "newcmpt" going out of scope leaks the storage it points to. -base/jas_image.c:274: leaked_storage: Variable "newcmpt" going out of scope leaks the storage it points to. -base/jas_image.c:277: leaked_storage: Variable "newcmpt" going out of scope leaks the storage it points to. - -base/jas_cm.c:611: var_assign: Assigning: "newpxformseq" = storage returned from "jas_cmpxformseq_create()". -base/jas_cm.c:617: leaked_storage: Variable "newpxformseq" going out of scope leaks the storage it points to. - -base/jas_cm.c:343: var_assign: Assigning: "newprof" = storage returned from "jas_cmprof_create()". -base/jas_cm.c:358: leaked_storage: Variable "newprof" going out of scope leaks the storage it points to. - -base/jas_cm.c:380: var_assign: Assigning: "xform" = storage returned from "jas_malloc(sizeof (jas_cmxform_t) /*16*/)". -base/jas_cm.c:461: leaked_storage: Variable "xform" going out of scope leaks the storage it points to. - -base/jas_image.c:1379: var_assign: Assigning: "xform" = storage returned from "jas_cmxform_create(inprof, outprof, NULL, 0, intent, 0)". -base/jas_image.c:1444: leaked_storage: Variable "xform" going out of scope leaks the storage it points to. - -base/jas_image.c:1306: var_assign: Assigning: "inimage" = storage returned from "jas_image_copy(image)". -base/jas_image.c:1444: leaked_storage: Variable "inimage" going out of scope leaks the storage it points to. - -base/jas_image.c:1345: var_assign: Assigning: "outimage" = storage returned from "jas_image_create0()". -base/jas_image.c:1444: leaked_storage: Variable "outimage" going out of scope leaks the storage it points to. - -bmp/bmp_enc.c:187: var_assign: Assigning: "info" = storage returned from "bmp_info_create()". -bmp/bmp_enc.c:208: leaked_storage: Variable "info" going out of scope leaks the storage it points to. - -jpc/jpc_tagtree.c:111: var_assign: Assigning: "tree" = storage returned from "jpc_tagtree_alloc()". -jpc/jpc_tagtree.c:129: leaked_storage: Variable "tree" going out of scope leaks the storage it points to. - -jpc/jpc_dec.c:452: var_assign: Assigning: "compinfos" = storage returned from "jas_malloc(dec->numcomps * sizeof (jas_image_cmptparm_t) /*56*/)". -jpc/jpc_dec.c:468: leaked_storage: Variable "compinfos" going out of scope leaks the storage it points to. - -jpc/jpc_dec.c:1483: var_assign: Assigning: "cp" = storage returned from "jas_malloc(sizeof (jpc_dec_cp_t) /*48*/)". -jpc/jpc_dec.c:1493: leaked_storage: Variable "cp" going out of scope leaks the storage it points to. -jpc/jpc_dec.c:1497: leaked_storage: Variable "cp" going out of scope leaks the storage it points to. - -mif/mif_cod.c:523: var_assign: Assigning: "cmpt" = storage returned from "mif_cmpt_create()". -mif/mif_cod.c:568: leaked_storage: Variable "cmpt" going out of scope leaks the storage it points to. - -mif/mif_cod.c:568: leaked_storage: Variable "tvp" going out of scope leaks the storage it points to. - - -diff -up jasper-1.900.1/src/appl/imgcmp.c.RESOURCE_LEAK jasper-1.900.1/src/appl/imgcmp.c ---- jasper-1.900.1/src/appl/imgcmp.c.RESOURCE_LEAK 2007-01-19 22:43:08.000000000 +0100 -+++ jasper-1.900.1/src/appl/imgcmp.c 2011-12-08 14:16:04.727027007 +0100 -@@ -507,6 +507,7 @@ jas_image_t *makediffimage(jas_matrix_t - - for (i = 0; i < 3; ++i) { - if (!(diffdata[i] = jas_matrix_create(height, width))) { -+ jas_image_destroy(diffimage); - fprintf(stderr, "internal error\n"); - return 0; - } -@@ -534,6 +535,7 @@ jas_image_t *makediffimage(jas_matrix_t - - for (i = 0; i < 3; ++i) { - if (jas_image_writecmpt(diffimage, i, 0, 0, width, height, diffdata[i])) { -+ jas_image_destroy(diffimage); - return 0; - } - } -diff -up jasper-1.900.1/src/libjasper/base/jas_cm.c.RESOURCE_LEAK jasper-1.900.1/src/libjasper/base/jas_cm.c ---- jasper-1.900.1/src/libjasper/base/jas_cm.c.RESOURCE_LEAK 2011-12-08 14:16:03.387043758 +0100 -+++ jasper-1.900.1/src/libjasper/base/jas_cm.c 2011-12-08 14:16:04.728026994 +0100 -@@ -355,6 +355,8 @@ jas_cmprof_t *jas_cmprof_copy(jas_cmprof - } - return newprof; - error: -+ if (newprof) -+ jas_cmprof_destroy(newprof); - return 0; - } - -@@ -458,6 +460,8 @@ jas_cmxform_t *jas_cmxform_create(jas_cm - } - return xform; - error: -+ if (xform) -+ jas_cmxform_destroy(xform); - return 0; - } - -@@ -614,6 +618,8 @@ static jas_cmpxformseq_t *jas_cmpxformse - goto error; - return newpxformseq; - error: -+ if (newpxformseq) -+ jas_cmpxformseq_destroy(newpxformseq); - return 0; - } - -diff -up jasper-1.900.1/src/libjasper/base/jas_image.c.RESOURCE_LEAK jasper-1.900.1/src/libjasper/base/jas_image.c ---- jasper-1.900.1/src/libjasper/base/jas_image.c.RESOURCE_LEAK 2011-12-08 14:16:04.635028156 +0100 -+++ jasper-1.900.1/src/libjasper/base/jas_image.c 2011-12-08 14:16:04.776026394 +0100 -@@ -268,15 +268,19 @@ static jas_image_cmpt_t *jas_image_cmpt_ - newcmpt->cps_ = cmpt->cps_; - newcmpt->type_ = cmpt->type_; - if (!(newcmpt->stream_ = jas_stream_memopen(0, 0))) { -+ jas_image_cmpt_destroy(newcmpt); - return 0; - } - if (jas_stream_seek(cmpt->stream_, 0, SEEK_SET)) { -+ jas_image_cmpt_destroy(newcmpt); - return 0; - } - if (jas_stream_copy(newcmpt->stream_, cmpt->stream_, -1)) { -+ jas_image_cmpt_destroy(newcmpt); - return 0; - } - if (jas_stream_seek(newcmpt->stream_, 0, SEEK_SET)) { -+ jas_image_cmpt_destroy(newcmpt); - return 0; - } - return newcmpt; -@@ -1443,5 +1447,11 @@ jas_image_dump(outimage, stderr); - #endif - return outimage; - error: -+ if (xform) -+ jas_cmxform_destroy(xform); -+ if (inimage) -+ jas_image_destroy(inimage); -+ if (outimage) -+ jas_image_destroy(outimage); - return 0; - } -diff -up jasper-1.900.1/src/libjasper/bmp/bmp_enc.c.RESOURCE_LEAK jasper-1.900.1/src/libjasper/bmp/bmp_enc.c ---- jasper-1.900.1/src/libjasper/bmp/bmp_enc.c.RESOURCE_LEAK 2007-01-19 22:43:07.000000000 +0100 -+++ jasper-1.900.1/src/libjasper/bmp/bmp_enc.c 2011-12-08 14:16:04.826025768 +0100 -@@ -205,16 +205,19 @@ int bmp_encode(jas_image_t *image, jas_s - - /* Write the bitmap header. */ - if (bmp_puthdr(out, &hdr)) { -+ bmp_info_destroy(info); - return -1; - } - - /* Write the bitmap information. */ - if (bmp_putinfo(out, info)) { -+ bmp_info_destroy(info); - return -1; - } - - /* Write the bitmap data. */ - if (bmp_putdata(out, info, image, enc->cmpts)) { -+ bmp_info_destroy(info); - return -1; - } - -diff -up jasper-1.900.1/src/libjasper/jpc/jpc_dec.c.RESOURCE_LEAK jasper-1.900.1/src/libjasper/jpc/jpc_dec.c ---- jasper-1.900.1/src/libjasper/jpc/jpc_dec.c.RESOURCE_LEAK 2011-12-08 14:16:04.594028668 +0100 -+++ jasper-1.900.1/src/libjasper/jpc/jpc_dec.c 2011-12-08 14:17:25.677014992 +0100 -@@ -465,6 +465,7 @@ static int jpc_dec_process_sot(jpc_dec_t - - if (!(dec->image = jas_image_create(dec->numcomps, compinfos, - JAS_CLRSPC_UNKNOWN))) { -+ jas_free(compinfos); - return -1; - } - jas_free(compinfos); -@@ -1490,10 +1491,11 @@ static jpc_dec_cp_t *jpc_dec_cp_create(u - cp->mctid = 0; - cp->csty = 0; - if (!(cp->ccps = jas_alloc2(cp->numcomps, sizeof(jpc_dec_ccp_t)))) { -+ jpc_dec_cp_destroy(cp); - return 0; - } - if (!(cp->pchglist = jpc_pchglist_create())) { -- jas_free(cp->ccps); -+ jpc_dec_cp_destroy(cp); - return 0; - } - for (compno = 0, ccp = cp->ccps; compno < cp->numcomps; -diff -up jasper-1.900.1/src/libjasper/jpc/jpc_tagtree.c.RESOURCE_LEAK jasper-1.900.1/src/libjasper/jpc/jpc_tagtree.c ---- jasper-1.900.1/src/libjasper/jpc/jpc_tagtree.c.RESOURCE_LEAK 2011-12-08 14:16:04.000000000 +0100 -+++ jasper-1.900.1/src/libjasper/jpc/jpc_tagtree.c 2011-12-08 14:17:55.905637082 +0100 -@@ -126,6 +126,7 @@ jpc_tagtree_t *jpc_tagtree_create(int nu - } while (n > 1); - - if (!(tree->nodes_ = jas_alloc2(tree->numnodes_, sizeof(jpc_tagtreenode_t)))) { -+ jpc_tagtree_destroy(tree); - return 0; - } - -diff -up jasper-1.900.1/src/libjasper/mif/mif_cod.c.RESOURCE_LEAK jasper-1.900.1/src/libjasper/mif/mif_cod.c ---- jasper-1.900.1/src/libjasper/mif/mif_cod.c.RESOURCE_LEAK 2011-12-08 14:16:04.250032970 +0100 -+++ jasper-1.900.1/src/libjasper/mif/mif_cod.c 2011-12-08 14:16:04.967024005 +0100 -@@ -564,7 +564,7 @@ static int mif_process_cmpt(mif_hdr_t *h - break; - case MIF_DATA: - if (!(cmpt->data = jas_strdup(jas_tvparser_getval(tvp)))) { -- return -1; -+ goto error; - } - break; - } diff --git a/jasper-1.900.1-Coverity-UNREACHABLE.patch b/jasper-1.900.1-Coverity-UNREACHABLE.patch deleted file mode 100644 index 3cae294..0000000 --- a/jasper-1.900.1-Coverity-UNREACHABLE.patch +++ /dev/null @@ -1,37 +0,0 @@ -Error: UNREACHABLE -jp2/jp2_cod.c:304: unreachable: This code cannot be reached: "abort();". - -jp2/jp2_cod.c:514: unreachable: This code cannot be reached: "abort();". - -jp2/jp2_enc.c:354: unreachable: This code cannot be reached: "abort();". - -diff -up jasper-1.900.1/src/libjasper/jp2/jp2_cod.c.unreachable jasper-1.900.1/src/libjasper/jp2/jp2_cod.c ---- jasper-1.900.1/src/libjasper/jp2/jp2_cod.c.unreachable 2007-01-19 22:43:05.000000000 +0100 -+++ jasper-1.900.1/src/libjasper/jp2/jp2_cod.c 2011-06-27 15:28:13.083137952 +0200 -@@ -301,7 +301,6 @@ jp2_box_t *jp2_box_get(jas_stream_t *in) - } - - return box; -- abort(); - - error: - if (box) { -@@ -511,7 +510,6 @@ int jp2_box_put(jp2_box_t *box, jas_stre - } - - return 0; -- abort(); - - error: - -diff -up jasper-1.900.1/src/libjasper/jp2/jp2_enc.c.unreachable jasper-1.900.1/src/libjasper/jp2/jp2_enc.c ---- jasper-1.900.1/src/libjasper/jp2/jp2_enc.c.unreachable 2007-01-19 22:43:05.000000000 +0100 -+++ jasper-1.900.1/src/libjasper/jp2/jp2_enc.c 2011-06-27 15:27:58.858353979 +0200 -@@ -351,7 +351,6 @@ int sgnd; - } - - return 0; -- abort(); - - error: - diff --git a/jasper-1.900.1-Coverity-UNUSED_VALUE.patch b/jasper-1.900.1-Coverity-UNUSED_VALUE.patch deleted file mode 100644 index e7d4cb5..0000000 --- a/jasper-1.900.1-Coverity-UNUSED_VALUE.patch +++ /dev/null @@ -1,41 +0,0 @@ -Error: UNUSED_VALUE -base/jas_icc.c:328: returned_pointer: Pointer "attrvalinfo" returned by "jas_iccattrvalinfo_lookup(type)" is never used. - -jpc/jpc_enc.c:788: returned_pointer: Pointer "cp" returned by "strchr(s, 66)" is never used. - -diff -up jasper-1.900.1/src/libjasper/base/jas_icc.c.unused_value jasper-1.900.1/src/libjasper/base/jas_icc.c ---- jasper-1.900.1/src/libjasper/base/jas_icc.c.unused_value 2007-01-19 22:43:05.000000000 +0100 -+++ jasper-1.900.1/src/libjasper/base/jas_icc.c 2011-06-27 15:35:52.815263000 +0200 -@@ -266,7 +266,6 @@ jas_iccprof_t *jas_iccprof_load(jas_stre - jas_iccattrval_t *attrval; - jas_iccattrval_t *prevattrval; - jas_icctagtabent_t *tagtabent; -- jas_iccattrvalinfo_t *attrvalinfo; - int i; - int len; - -@@ -325,7 +324,7 @@ jas_iccprof_t *jas_iccprof_load(jas_stre - goto error; - } - curoff += 8; -- if (!(attrvalinfo = jas_iccattrvalinfo_lookup(type))) { -+ if (!jas_iccattrvalinfo_lookup(type)) { - #if 0 - jas_eprintf("warning: skipping unknown tag type\n"); - #endif -diff -up jasper-1.900.1/src/libjasper/jpc/jpc_enc.c.unused_value jasper-1.900.1/src/libjasper/jpc/jpc_enc.c ---- jasper-1.900.1/src/libjasper/jpc/jpc_enc.c.unused_value 2007-01-19 22:43:07.000000000 +0100 -+++ jasper-1.900.1/src/libjasper/jpc/jpc_enc.c 2011-06-27 15:36:17.437900180 +0200 -@@ -781,11 +781,10 @@ void jpc_enc_cp_destroy(jpc_enc_cp_t *cp - - int ratestrtosize(char *s, uint_fast32_t rawsize, uint_fast32_t *size) - { -- char *cp; - jpc_flt_t f; - - /* Note: This function must not modify output size on failure. */ -- if ((cp = strchr(s, 'B'))) { -+ if (strchr(s, 'B')) { - *size = atoi(s); - } else { - f = atof(s); diff --git a/jasper-CVE-2014-8137.patch b/jasper-CVE-2014-8137.patch deleted file mode 100644 index 9600cd3..0000000 --- a/jasper-CVE-2014-8137.patch +++ /dev/null @@ -1,57 +0,0 @@ ---- jasper-1.900.1.orig/src/libjasper/base/jas_icc.c 2014-12-11 14:06:44.000000000 +0100 -+++ jasper-1.900.1/src/libjasper/base/jas_icc.c 2014-12-11 15:16:37.971272386 +0100 -@@ -1009,7 +1009,6 @@ static int jas_icccurv_input(jas_iccattr - return 0; - - error: -- jas_icccurv_destroy(attrval); - return -1; - } - -@@ -1127,7 +1126,6 @@ static int jas_icctxtdesc_input(jas_icca - #endif - return 0; - error: -- jas_icctxtdesc_destroy(attrval); - return -1; - } - -@@ -1206,8 +1204,6 @@ static int jas_icctxt_input(jas_iccattrv - goto error; - return 0; - error: -- if (txt->string) -- jas_free(txt->string); - return -1; - } - -@@ -1328,7 +1324,6 @@ static int jas_icclut8_input(jas_iccattr - goto error; - return 0; - error: -- jas_icclut8_destroy(attrval); - return -1; - } - -@@ -1497,7 +1492,6 @@ static int jas_icclut16_input(jas_iccatt - goto error; - return 0; - error: -- jas_icclut16_destroy(attrval); - return -1; - } - ---- jasper-1.900.1.orig/src/libjasper/jp2/jp2_dec.c 2014-12-11 14:30:54.193209780 +0100 -+++ jasper-1.900.1/src/libjasper/jp2/jp2_dec.c 2014-12-11 14:36:46.313217814 +0100 -@@ -291,7 +291,10 @@ jas_image_t *jp2_decode(jas_stream_t *in - case JP2_COLR_ICC: - iccprof = jas_iccprof_createfrombuf(dec->colr->data.colr.iccp, - dec->colr->data.colr.iccplen); -- assert(iccprof); -+ if (!iccprof) { -+ jas_eprintf("error: failed to parse ICC profile\n"); -+ goto error; -+ } - jas_iccprof_gethdr(iccprof, &icchdr); - jas_eprintf("ICC Profile CS %08x\n", icchdr.colorspc); - jas_image_setclrspc(dec->image, fromiccpcs(icchdr.colorspc)); diff --git a/jasper-CVE-2014-8138.patch b/jasper-CVE-2014-8138.patch deleted file mode 100644 index 5aaf8ab..0000000 --- a/jasper-CVE-2014-8138.patch +++ /dev/null @@ -1,14 +0,0 @@ ---- jasper-1.900.1.orig/src/libjasper/jp2/jp2_dec.c 2014-12-11 14:06:44.000000000 +0100 -+++ jasper-1.900.1/src/libjasper/jp2/jp2_dec.c 2014-12-11 14:06:26.000000000 +0100 -@@ -386,6 +386,11 @@ jas_image_t *jp2_decode(jas_stream_t *in - /* Determine the type of each component. */ - if (dec->cdef) { - for (i = 0; i < dec->numchans; ++i) { -+ /* Is the channel number reasonable? */ -+ if (dec->cdef->data.cdef.ents[i].channo >= dec->numchans) { -+ jas_eprintf("error: invalid channel number in CDEF box\n"); -+ goto error; -+ } - jas_image_setcmpttype(dec->image, - dec->chantocmptlut[dec->cdef->data.cdef.ents[i].channo], - jp2_getct(jas_image_clrspc(dec->image), diff --git a/jasper-CVE-2014-8157.patch b/jasper-CVE-2014-8157.patch deleted file mode 100644 index ebfc1b2..0000000 --- a/jasper-CVE-2014-8157.patch +++ /dev/null @@ -1,12 +0,0 @@ -diff -up jasper-1.900.1/src/libjasper/jpc/jpc_dec.c.CVE-2014-8157 jasper-1.900.1/src/libjasper/jpc/jpc_dec.c ---- jasper-1.900.1/src/libjasper/jpc/jpc_dec.c.CVE-2014-8157 2015-01-19 16:59:36.000000000 +0100 -+++ jasper-1.900.1/src/libjasper/jpc/jpc_dec.c 2015-01-19 17:07:41.609863268 +0100 -@@ -489,7 +489,7 @@ static int jpc_dec_process_sot(jpc_dec_t - dec->curtileendoff = 0; - } - -- if (JAS_CAST(int, sot->tileno) > dec->numtiles) { -+ if (JAS_CAST(int, sot->tileno) >= dec->numtiles) { - jas_eprintf("invalid tile number in SOT marker segment\n"); - return -1; - } diff --git a/jasper-CVE-2014-8158.patch b/jasper-CVE-2014-8158.patch deleted file mode 100644 index ce9e4b4..0000000 --- a/jasper-CVE-2014-8158.patch +++ /dev/null @@ -1,329 +0,0 @@ -diff -up jasper-1.900.1/src/libjasper/jpc/jpc_qmfb.c.CVE-2014-8158 jasper-1.900.1/src/libjasper/jpc/jpc_qmfb.c ---- jasper-1.900.1/src/libjasper/jpc/jpc_qmfb.c.CVE-2014-8158 2015-01-19 17:25:28.730195502 +0100 -+++ jasper-1.900.1/src/libjasper/jpc/jpc_qmfb.c 2015-01-19 17:27:20.214663127 +0100 -@@ -306,11 +306,7 @@ void jpc_qmfb_split_row(jpc_fix_t *a, in - { - - int bufsize = JPC_CEILDIVPOW2(numcols, 1); --#if !defined(HAVE_VLA) - jpc_fix_t splitbuf[QMFB_SPLITBUFSIZE]; --#else -- jpc_fix_t splitbuf[bufsize]; --#endif - jpc_fix_t *buf = splitbuf; - register jpc_fix_t *srcptr; - register jpc_fix_t *dstptr; -@@ -318,7 +314,6 @@ void jpc_qmfb_split_row(jpc_fix_t *a, in - register int m; - int hstartcol; - --#if !defined(HAVE_VLA) - /* Get a buffer. */ - if (bufsize > QMFB_SPLITBUFSIZE) { - if (!(buf = jas_alloc2(bufsize, sizeof(jpc_fix_t)))) { -@@ -326,7 +321,6 @@ void jpc_qmfb_split_row(jpc_fix_t *a, in - abort(); - } - } --#endif - - if (numcols >= 2) { - hstartcol = (numcols + 1 - parity) >> 1; -@@ -360,12 +354,10 @@ void jpc_qmfb_split_row(jpc_fix_t *a, in - } - } - --#if !defined(HAVE_VLA) - /* If the split buffer was allocated on the heap, free this memory. */ - if (buf != splitbuf) { - jas_free(buf); - } --#endif - - } - -@@ -374,11 +366,7 @@ void jpc_qmfb_split_col(jpc_fix_t *a, in - { - - int bufsize = JPC_CEILDIVPOW2(numrows, 1); --#if !defined(HAVE_VLA) - jpc_fix_t splitbuf[QMFB_SPLITBUFSIZE]; --#else -- jpc_fix_t splitbuf[bufsize]; --#endif - jpc_fix_t *buf = splitbuf; - register jpc_fix_t *srcptr; - register jpc_fix_t *dstptr; -@@ -386,7 +374,6 @@ void jpc_qmfb_split_col(jpc_fix_t *a, in - register int m; - int hstartcol; - --#if !defined(HAVE_VLA) - /* Get a buffer. */ - if (bufsize > QMFB_SPLITBUFSIZE) { - if (!(buf = jas_alloc2(bufsize, sizeof(jpc_fix_t)))) { -@@ -394,7 +381,6 @@ void jpc_qmfb_split_col(jpc_fix_t *a, in - abort(); - } - } --#endif - - if (numrows >= 2) { - hstartcol = (numrows + 1 - parity) >> 1; -@@ -428,12 +414,10 @@ void jpc_qmfb_split_col(jpc_fix_t *a, in - } - } - --#if !defined(HAVE_VLA) - /* If the split buffer was allocated on the heap, free this memory. */ - if (buf != splitbuf) { - jas_free(buf); - } --#endif - - } - -@@ -442,11 +426,7 @@ void jpc_qmfb_split_colgrp(jpc_fix_t *a, - { - - int bufsize = JPC_CEILDIVPOW2(numrows, 1); --#if !defined(HAVE_VLA) - jpc_fix_t splitbuf[QMFB_SPLITBUFSIZE * JPC_QMFB_COLGRPSIZE]; --#else -- jpc_fix_t splitbuf[bufsize * JPC_QMFB_COLGRPSIZE]; --#endif - jpc_fix_t *buf = splitbuf; - jpc_fix_t *srcptr; - jpc_fix_t *dstptr; -@@ -457,7 +437,6 @@ void jpc_qmfb_split_colgrp(jpc_fix_t *a, - int m; - int hstartcol; - --#if !defined(HAVE_VLA) - /* Get a buffer. */ - if (bufsize > QMFB_SPLITBUFSIZE) { - if (!(buf = jas_alloc2(bufsize, sizeof(jpc_fix_t)))) { -@@ -465,7 +444,6 @@ void jpc_qmfb_split_colgrp(jpc_fix_t *a, - abort(); - } - } --#endif - - if (numrows >= 2) { - hstartcol = (numrows + 1 - parity) >> 1; -@@ -517,12 +495,10 @@ void jpc_qmfb_split_colgrp(jpc_fix_t *a, - } - } - --#if !defined(HAVE_VLA) - /* If the split buffer was allocated on the heap, free this memory. */ - if (buf != splitbuf) { - jas_free(buf); - } --#endif - - } - -@@ -531,11 +507,7 @@ void jpc_qmfb_split_colres(jpc_fix_t *a, - { - - int bufsize = JPC_CEILDIVPOW2(numrows, 1); --#if !defined(HAVE_VLA) - jpc_fix_t splitbuf[QMFB_SPLITBUFSIZE * JPC_QMFB_COLGRPSIZE]; --#else -- jpc_fix_t splitbuf[bufsize * numcols]; --#endif - jpc_fix_t *buf = splitbuf; - jpc_fix_t *srcptr; - jpc_fix_t *dstptr; -@@ -546,7 +518,6 @@ void jpc_qmfb_split_colres(jpc_fix_t *a, - int m; - int hstartcol; - --#if !defined(HAVE_VLA) - /* Get a buffer. */ - if (bufsize > QMFB_SPLITBUFSIZE) { - if (!(buf = jas_alloc2(bufsize, sizeof(jpc_fix_t)))) { -@@ -554,7 +525,6 @@ void jpc_qmfb_split_colres(jpc_fix_t *a, - abort(); - } - } --#endif - - if (numrows >= 2) { - hstartcol = (numrows + 1 - parity) >> 1; -@@ -606,12 +576,10 @@ void jpc_qmfb_split_colres(jpc_fix_t *a, - } - } - --#if !defined(HAVE_VLA) - /* If the split buffer was allocated on the heap, free this memory. */ - if (buf != splitbuf) { - jas_free(buf); - } --#endif - - } - -@@ -619,18 +587,13 @@ void jpc_qmfb_join_row(jpc_fix_t *a, int - { - - int bufsize = JPC_CEILDIVPOW2(numcols, 1); --#if !defined(HAVE_VLA) - jpc_fix_t joinbuf[QMFB_JOINBUFSIZE]; --#else -- jpc_fix_t joinbuf[bufsize]; --#endif - jpc_fix_t *buf = joinbuf; - register jpc_fix_t *srcptr; - register jpc_fix_t *dstptr; - register int n; - int hstartcol; - --#if !defined(HAVE_VLA) - /* Allocate memory for the join buffer from the heap. */ - if (bufsize > QMFB_JOINBUFSIZE) { - if (!(buf = jas_alloc2(bufsize, sizeof(jpc_fix_t)))) { -@@ -638,7 +601,6 @@ void jpc_qmfb_join_row(jpc_fix_t *a, int - abort(); - } - } --#endif - - hstartcol = (numcols + 1 - parity) >> 1; - -@@ -670,12 +632,10 @@ void jpc_qmfb_join_row(jpc_fix_t *a, int - ++srcptr; - } - --#if !defined(HAVE_VLA) - /* If the join buffer was allocated on the heap, free this memory. */ - if (buf != joinbuf) { - jas_free(buf); - } --#endif - - } - -@@ -684,18 +644,13 @@ void jpc_qmfb_join_col(jpc_fix_t *a, int - { - - int bufsize = JPC_CEILDIVPOW2(numrows, 1); --#if !defined(HAVE_VLA) - jpc_fix_t joinbuf[QMFB_JOINBUFSIZE]; --#else -- jpc_fix_t joinbuf[bufsize]; --#endif - jpc_fix_t *buf = joinbuf; - register jpc_fix_t *srcptr; - register jpc_fix_t *dstptr; - register int n; - int hstartcol; - --#if !defined(HAVE_VLA) - /* Allocate memory for the join buffer from the heap. */ - if (bufsize > QMFB_JOINBUFSIZE) { - if (!(buf = jas_alloc2(bufsize, sizeof(jpc_fix_t)))) { -@@ -703,7 +658,6 @@ void jpc_qmfb_join_col(jpc_fix_t *a, int - abort(); - } - } --#endif - - hstartcol = (numrows + 1 - parity) >> 1; - -@@ -735,12 +689,10 @@ void jpc_qmfb_join_col(jpc_fix_t *a, int - ++srcptr; - } - --#if !defined(HAVE_VLA) - /* If the join buffer was allocated on the heap, free this memory. */ - if (buf != joinbuf) { - jas_free(buf); - } --#endif - - } - -@@ -749,11 +701,7 @@ void jpc_qmfb_join_colgrp(jpc_fix_t *a, - { - - int bufsize = JPC_CEILDIVPOW2(numrows, 1); --#if !defined(HAVE_VLA) - jpc_fix_t joinbuf[QMFB_JOINBUFSIZE * JPC_QMFB_COLGRPSIZE]; --#else -- jpc_fix_t joinbuf[bufsize * JPC_QMFB_COLGRPSIZE]; --#endif - jpc_fix_t *buf = joinbuf; - jpc_fix_t *srcptr; - jpc_fix_t *dstptr; -@@ -763,7 +711,6 @@ void jpc_qmfb_join_colgrp(jpc_fix_t *a, - register int i; - int hstartcol; - --#if !defined(HAVE_VLA) - /* Allocate memory for the join buffer from the heap. */ - if (bufsize > QMFB_JOINBUFSIZE) { - if (!(buf = jas_alloc2(bufsize, JPC_QMFB_COLGRPSIZE * sizeof(jpc_fix_t)))) { -@@ -771,7 +718,6 @@ void jpc_qmfb_join_colgrp(jpc_fix_t *a, - abort(); - } - } --#endif - - hstartcol = (numrows + 1 - parity) >> 1; - -@@ -821,12 +767,10 @@ void jpc_qmfb_join_colgrp(jpc_fix_t *a, - srcptr += JPC_QMFB_COLGRPSIZE; - } - --#if !defined(HAVE_VLA) - /* If the join buffer was allocated on the heap, free this memory. */ - if (buf != joinbuf) { - jas_free(buf); - } --#endif - - } - -@@ -835,11 +779,7 @@ void jpc_qmfb_join_colres(jpc_fix_t *a, - { - - int bufsize = JPC_CEILDIVPOW2(numrows, 1); --#if !defined(HAVE_VLA) - jpc_fix_t joinbuf[QMFB_JOINBUFSIZE * JPC_QMFB_COLGRPSIZE]; --#else -- jpc_fix_t joinbuf[bufsize * numcols]; --#endif - jpc_fix_t *buf = joinbuf; - jpc_fix_t *srcptr; - jpc_fix_t *dstptr; -@@ -849,7 +789,6 @@ void jpc_qmfb_join_colres(jpc_fix_t *a, - register int i; - int hstartcol; - --#if !defined(HAVE_VLA) - /* Allocate memory for the join buffer from the heap. */ - if (bufsize > QMFB_JOINBUFSIZE) { - if (!(buf = jas_alloc3(bufsize, numcols, sizeof(jpc_fix_t)))) { -@@ -857,7 +796,6 @@ void jpc_qmfb_join_colres(jpc_fix_t *a, - abort(); - } - } --#endif - - hstartcol = (numrows + 1 - parity) >> 1; - -@@ -907,12 +845,10 @@ void jpc_qmfb_join_colres(jpc_fix_t *a, - srcptr += numcols; - } - --#if !defined(HAVE_VLA) - /* If the join buffer was allocated on the heap, free this memory. */ - if (buf != joinbuf) { - jas_free(buf); - } --#endif - - } - diff --git a/jasper-CVE-2014-9029.patch b/jasper-CVE-2014-9029.patch deleted file mode 100644 index 98a2035..0000000 --- a/jasper-CVE-2014-9029.patch +++ /dev/null @@ -1,29 +0,0 @@ ---- jasper-1.900.1.orig/src/libjasper/jpc/jpc_dec.c 2014-11-27 12:45:44.000000000 +0100 -+++ jasper-1.900.1/src/libjasper/jpc/jpc_dec.c 2014-11-27 12:44:58.000000000 +0100 -@@ -1281,7 +1281,7 @@ static int jpc_dec_process_coc(jpc_dec_t - jpc_coc_t *coc = &ms->parms.coc; - jpc_dec_tile_t *tile; - -- if (JAS_CAST(int, coc->compno) > dec->numcomps) { -+ if (JAS_CAST(int, coc->compno) >= dec->numcomps) { - jas_eprintf("invalid component number in COC marker segment\n"); - return -1; - } -@@ -1307,7 +1307,7 @@ static int jpc_dec_process_rgn(jpc_dec_t - jpc_rgn_t *rgn = &ms->parms.rgn; - jpc_dec_tile_t *tile; - -- if (JAS_CAST(int, rgn->compno) > dec->numcomps) { -+ if (JAS_CAST(int, rgn->compno) >= dec->numcomps) { - jas_eprintf("invalid component number in RGN marker segment\n"); - return -1; - } -@@ -1356,7 +1356,7 @@ static int jpc_dec_process_qcc(jpc_dec_t - jpc_qcc_t *qcc = &ms->parms.qcc; - jpc_dec_tile_t *tile; - -- if (JAS_CAST(int, qcc->compno) > dec->numcomps) { -+ if (JAS_CAST(int, qcc->compno) >= dec->numcomps) { - jas_eprintf("invalid component number in QCC marker segment\n"); - return -1; - } diff --git a/jasper-pkgconfig.patch b/jasper-pkgconfig.patch deleted file mode 100644 index c8af5ca..0000000 --- a/jasper-pkgconfig.patch +++ /dev/null @@ -1,48 +0,0 @@ -diff -Naur jasper-1.900.1/configure.ac jasper-1.900.1.new/configure.ac ---- jasper-1.900.1/configure.ac 2007-01-19 21:47:11.000000000 +0000 -+++ jasper-1.900.1.new/configure.ac 2009-10-29 13:37:02.000000000 +0000 -@@ -399,6 +399,8 @@ - src/libjasper/pnm/Makefile - src/libjasper/ras/Makefile - src/msvc/Makefile -+pkgconfig/Makefile -+pkgconfig/jasper.pc - jasper.spec - ]) - AC_OUTPUT -diff -Naur jasper-1.900.1/Makefile.am jasper-1.900.1.new/Makefile.am ---- jasper-1.900.1/Makefile.am 2007-01-19 21:43:14.000000000 +0000 -+++ jasper-1.900.1.new/Makefile.am 2009-10-29 13:36:28.000000000 +0000 -@@ -64,7 +64,7 @@ - # Note: We need to put the derived file "jasper.spec" in the distribution - # in order to facilitate RPM building. - --SUBDIRS = src -+SUBDIRS = src pkgconfig - - rpm: dist - for i in BUILD RPMS SRPMS SOURCES SPECS; do \ -diff -Naur jasper-1.900.1/pkgconfig/jasper.pc.in jasper-1.900.1.new/pkgconfig/jasper.pc.in ---- jasper-1.900.1/pkgconfig/jasper.pc.in 1970-01-01 01:00:00.000000000 +0100 -+++ jasper-1.900.1.new/pkgconfig/jasper.pc.in 2009-10-29 16:30:43.000000000 +0000 -@@ -0,0 +1,11 @@ -+prefix=@prefix@ -+exec_prefix=@exec_prefix@ -+libdir=@libdir@ -+includedir=@includedir@ -+ -+Name: Jasper -+Description: JPEG 2000 encoding and decoding library -+Version: @VERSION@ -+ -+Libs: -L${libdir} -ljasper -+Cflags: -I${includedir}/jasper -diff -Naur jasper-1.900.1/pkgconfig/Makefile.am jasper-1.900.1.new/pkgconfig/Makefile.am ---- jasper-1.900.1/pkgconfig/Makefile.am 1970-01-01 01:00:00.000000000 +0100 -+++ jasper-1.900.1.new/pkgconfig/Makefile.am 2009-10-29 13:38:59.000000000 +0000 -@@ -0,0 +1,5 @@ -+pkgconfigdir = $(libdir)/pkgconfig -+pkgconfig_DATA = jasper.pc -+ -+EXTRA_DIST = \ -+ jasper.pc.in diff --git a/jpc_dec.c.patch b/jpc_dec.c.patch deleted file mode 100644 index ae1cd06..0000000 --- a/jpc_dec.c.patch +++ /dev/null @@ -1,18 +0,0 @@ -diff -urN jasper-1.900.1/src/libjasper/jpc/jpc_dec.c jasper-1.900.1-fix/src/libjasper/jpc/jpc_dec.c ---- jasper-1.900.1/src/libjasper/jpc/jpc_dec.c 2007-01-19 14:43:07.000000000 -0700 -+++ jasper-1.900.1-fix/src/libjasper/jpc/jpc_dec.c 2008-03-06 16:51:12.000000000 -0700 -@@ -1069,12 +1069,12 @@ - /* Apply an inverse intercomponent transform if necessary. */ - switch (tile->cp->mctid) { - case JPC_MCT_RCT: -- assert(dec->numcomps == 3); -+ assert(dec->numcomps >= 3); - jpc_irct(tile->tcomps[0].data, tile->tcomps[1].data, - tile->tcomps[2].data); - break; - case JPC_MCT_ICT: -- assert(dec->numcomps == 3); -+ assert(dec->numcomps >= 3); - jpc_iict(tile->tcomps[0].data, tile->tcomps[1].data, - tile->tcomps[2].data); - break; diff --git a/mingw-jasper.spec b/mingw-jasper.spec index 6628b2c..2c5088c 100644 --- a/mingw-jasper.spec +++ b/mingw-jasper.spec @@ -4,52 +4,21 @@ %global mingw_build_win64 1 Name: mingw-jasper -Version: 1.900.1 -Release: 28%{?dist} +Version: 1.900.28 +Release: 1%{?dist} Summary: MinGW Windows Jasper library License: JasPer Group: Development/Libraries URL: http://www.ece.uvic.ca/~frodo/jasper/ -Source0: http://www.ece.uvic.ca/~frodo/jasper/software/jasper-%{version}.zip +Source0: http://www.ece.uvic.ca/~frodo/jasper/software/jasper-%{version}.tar.gz # Patches from Fedora native package. -# OpenGL is disabled in this build, so we don't need this patch: -#Patch1: jasper-1.701.0-GL.patch -# Note patch2 appears in native package, but is not applied: -#Patch2: jasper-1.701.0-GL-ac.patch - -# CVE-2007-2721 (bug #240397) -# borrowed from http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=413041;msg=88 -Patch3: patch-libjasper-stepsizes-overflow.diff -# borrowed from http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=469786 -Patch4: jpc_dec.c.patch # OpenBSD hardening patches addressing couple of possible integer overflows # during the memory allocations # https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2008-3520 Patch5: jasper-1.900.1-CVE-2008-3520.patch -# https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2008-3522 -Patch6: jasper-1.900.1-CVE-2008-3522.patch -# add pkg-config support -Patch7: jasper-pkgconfig.patch - -Patch8: jasper-1.900.1-CVE-2011-4516-CVE-2011-4517-CERT-VU-887409.patch - -Patch9: jasper-CVE-2014-9029.patch -Patch10: jasper-CVE-2014-8137.patch -Patch11: jasper-CVE-2014-8138.patch -Patch12: jasper-CVE-2014-8157.patch -Patch13: jasper-CVE-2014-8158.patch - -# Issues found by static analysis of code -Patch100: jasper-1.900.1-Coverity-BAD_SIZEOF.patch -Patch101: jasper-1.900.1-Coverity-CHECKED_RETURN.patch -Patch102: jasper-1.900.1-Coverity-FORWARD_NULL.patch -Patch103: jasper-1.900.1-Coverity-NULL_RETURNS.patch -Patch104: jasper-1.900.1-Coverity-RESOURCE_LEAK.patch -Patch105: jasper-1.900.1-Coverity-UNREACHABLE.patch -Patch106: jasper-1.900.1-Coverity-UNUSED_VALUE.patch # MinGW-specific patches. # This patch adds '-no-undefined' flag to libtool line: @@ -112,25 +81,7 @@ Static version of the MinGW Windows Jasper library. %prep %setup -q -n jasper-%{version} -%patch3 -p1 -b .CVE-2007-2721 -%patch4 -p1 -b .jpc_dec_assertion %patch5 -p1 -b .CVE-2008-3520 -%patch6 -p1 -b .CVE-2008-3522 -%patch7 -p1 -b .pkgconfig -%patch8 -p1 -b .CVE-2011-4516-4517 -%patch9 -p1 -b .CVE-2014-9029 -%patch10 -p1 -b .CVE-2014-8137-variant2 -%patch11 -p1 -b .CVE-2014-8138 -%patch12 -p1 -b .CVE-2014-8157 -%patch13 -p1 -b .CVE-2014-8158 - -%patch100 -p1 -b .BAD_SIZEOF -%patch101 -p1 -b .CHECKED_RETURN -%patch102 -p1 -b .FORWARD_NULL -%patch103 -p1 -b .NULL_RETURNS -%patch104 -p1 -b .RESOURCE_LEAK -%patch105 -p1 -b .UNREACHABLE -%patch106 -p1 -b .UNUSED_VALUE # The libtool bundled with this package is too old for win64 support autoreconf -i --force @@ -140,6 +91,16 @@ autoreconf -i --force %build +# comment from Red Hat Security Response Team: +# gcc inlines jas_iccattrtab_resize into jas_iccattrtab_add. Additionally, it +# essentially removes the "assert(maxents >= tab->numattrs);" assertion in +# jas_iccattrtab_resize, because it assumes that "maxents >= tab->numattrs" will +# always be true due to jas_iccattrtab_resize(attrtab, attrtab->numattrs + 32), +# especially the + 32. This assumption can only be true if it completely ignores +# the problem of signed integer overflows. I don't think it's a smart idea to +# accept that. +# -fno-strict-overflow forces gcc into keeping the assertion there. +CFLAGS="%{optflags} -fno-strict-overflow" \ %mingw_configure \ --disable-opengl --enable-libjpeg --enable-static --enable-shared %mingw_make %{?_smp_mflags} @@ -159,11 +120,11 @@ rm $RPM_BUILD_ROOT%{mingw32_mandir}/man1/* %files -n mingw32-jasper %doc COPYRIGHT LICENSE NEWS README -%{mingw32_bindir}/%{mingw32_target}-imgcmp.exe -%{mingw32_bindir}/%{mingw32_target}-imginfo.exe -%{mingw32_bindir}/%{mingw32_target}-jasper.exe -%{mingw32_bindir}/%{mingw32_target}-tmrdemo.exe -%{mingw32_bindir}/libjasper-1.dll +%{mingw32_bindir}/imgcmp.exe +%{mingw32_bindir}/imginfo.exe +%{mingw32_bindir}/jasper.exe +%{mingw32_bindir}/tmrdemo.exe +%{mingw32_bindir}/libjasper-4.dll %{mingw32_libdir}/libjasper.dll.a %{mingw32_libdir}/pkgconfig/jasper.pc %{mingw32_includedir}/jasper/ @@ -173,11 +134,11 @@ rm $RPM_BUILD_ROOT%{mingw32_mandir}/man1/* %files -n mingw64-jasper %doc COPYRIGHT LICENSE NEWS README -%{mingw64_bindir}/%{mingw64_target}-imgcmp.exe -%{mingw64_bindir}/%{mingw64_target}-imginfo.exe -%{mingw64_bindir}/%{mingw64_target}-jasper.exe -%{mingw64_bindir}/%{mingw64_target}-tmrdemo.exe -%{mingw64_bindir}/libjasper-1.dll +%{mingw64_bindir}/imgcmp.exe +%{mingw64_bindir}/imginfo.exe +%{mingw64_bindir}/jasper.exe +%{mingw64_bindir}/tmrdemo.exe +%{mingw64_bindir}/libjasper-4.dll %{mingw64_libdir}/libjasper.dll.a %{mingw64_libdir}/pkgconfig/jasper.pc %{mingw64_includedir}/jasper/ @@ -187,6 +148,13 @@ rm $RPM_BUILD_ROOT%{mingw32_mandir}/man1/* %changelog +* Wed Nov 23 2016 Michael Cronenworth - 1.900.28-1 +- Upstream release. +- Many security fixes: + CVE-2016-9395, CVE-2016-9262, CVE-2016-8690, CVE-2016-8691, + CVE-2016-8693, CVE-2016-2089, CVE-2015-5203, CVE-2015-5221, CVE-2016-8692, + CVE-2016-1867, CVE-2016-1577, CVE-2016-2116 + * Thu Feb 04 2016 Fedora Release Engineering - 1.900.1-28 - Rebuilt for https://fedoraproject.org/wiki/Fedora_24_Mass_Rebuild diff --git a/patch-libjasper-stepsizes-overflow.diff b/patch-libjasper-stepsizes-overflow.diff deleted file mode 100644 index 097559f..0000000 --- a/patch-libjasper-stepsizes-overflow.diff +++ /dev/null @@ -1,14 +0,0 @@ ---- jasper-1.900.1.orig/src/libjasper/jpc/jpc_cs.c 2007-01-19 22:43:07.000000000 +0100 -+++ jasper-1.900.1/src/libjasper/jpc/jpc_cs.c 2007-04-06 01:29:02.000000000 +0200 -@@ -982,7 +982,10 @@ static int jpc_qcx_getcompparms(jpc_qcxc - compparms->numstepsizes = (len - n) / 2; - break; - } -- if (compparms->numstepsizes > 0) { -+ if (compparms->numstepsizes > 3 * JPC_MAXRLVLS + 1) { -+ jpc_qcx_destroycompparms(compparms); -+ return -1; -+ } else if (compparms->numstepsizes > 0) { - compparms->stepsizes = jas_malloc(compparms->numstepsizes * - sizeof(uint_fast16_t)); - assert(compparms->stepsizes); diff --git a/sources b/sources index 5b418e1..d872fa0 100644 --- a/sources +++ b/sources @@ -1 +1 @@ -a342b2b4495b3e1394e161eb5d85d754 jasper-1.900.1.zip +979fd58a439ccaba8eb3b806d7e6a87e jasper-1.900.28.tar.gz