Hello community, here is the log from the commit of package jasper for openSUSE:Factory checked in at 2015-01-24 22:19:42 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/jasper (Old) and /work/SRC/openSUSE:Factory/.jasper.new (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "jasper" Changes: -------- --- /work/SRC/openSUSE:Factory/jasper/jasper.changes 2014-12-21 12:02:37.000000000 +0100 +++ /work/SRC/openSUSE:Factory/.jasper.new/jasper.changes 2015-01-24 22:19:44.000000000 +0100 @@ -1,0 +2,7 @@ +Fri Jan 23 14:25:53 UTC 2015 - [email protected] + +- fixed CVE-2014-8157, CVE-2014-8158 (bnc#911837) + + jasper-CVE-2014-8157.patch + + jasper-CVE-2014-8158.patch + +------------------------------------------------------------------- New: ---- jasper-CVE-2014-8157.patch jasper-CVE-2014-8158.patch ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ jasper.spec ++++++ --- /var/tmp/diff_new_pack.GQjfqt/_old 2015-01-24 22:19:45.000000000 +0100 +++ /var/tmp/diff_new_pack.GQjfqt/_new 2015-01-24 22:19:45.000000000 +0100 @@ -1,7 +1,7 @@ # # spec file for package jasper # -# Copyright (c) 2014 SUSE LINUX Products GmbH, Nuernberg, Germany. +# Copyright (c) 2015 SUSE LINUX Products GmbH, Nuernberg, Germany. # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed @@ -38,6 +38,8 @@ Patch6: jasper-overflow-bnc906364.patch Patch7: jasper-CVE-2014-8137.patch Patch8: jasper-CVE-2014-8138.patch +Patch9: jasper-CVE-2014-8157.patch +Patch10: jasper-CVE-2014-8158.patch BuildRoot: %{_tmppath}/%{name}-%{version}-build %description @@ -86,6 +88,8 @@ %patch6 -p1 %patch7 -p1 %patch8 -p1 +%patch9 -p1 +%patch10 -p1 %build autoreconf -i -f ++++++ jasper-CVE-2014-8157.patch ++++++ diff -ru jasper-1.900.1.orig/src/libjasper/jpc/jpc_dec.c jasper-1.900.1/src/libjasper/jpc/jpc_dec.c --- jasper-1.900.1.orig/src/libjasper/jpc/jpc_dec.c 2007-01-19 22:43:07.000000000 +0100 +++ jasper-1.900.1/src/libjasper/jpc/jpc_dec.c 2015-01-14 11:45:26.601242398 +0100 @@ -1204,7 +1204,7 @@ dec->numhtiles = JPC_CEILDIV(dec->xend - dec->tilexoff, dec->tilewidth); dec->numvtiles = JPC_CEILDIV(dec->yend - dec->tileyoff, dec->tileheight); dec->numtiles = dec->numhtiles * dec->numvtiles; - if (!(dec->tiles = jas_alloc2(dec->numtiles, sizeof(jpc_dec_tile_t)))) { + if (dec->numtiles == 0 || !(dec->tiles = jas_alloc2(dec->numtiles, sizeof(jpc_dec_tile_t)))) { return -1; } ++++++ jasper-CVE-2014-8158.patch ++++++ diff -ru jasper-1.900.1.orig/src/libjasper/jpc/jpc_qmfb.c jasper-1.900.1/src/libjasper/jpc/jpc_qmfb.c --- jasper-1.900.1.orig/src/libjasper/jpc/jpc_qmfb.c 2015-01-14 15:36:00.000000000 +0100 +++ jasper-1.900.1/src/libjasper/jpc/jpc_qmfb.c 2015-01-14 15:36:37.222173618 +0100 @@ -306,11 +306,7 @@ { int bufsize = JPC_CEILDIVPOW2(numcols, 1); -#if !defined(HAVE_VLA) jpc_fix_t splitbuf[QMFB_SPLITBUFSIZE]; -#else - jpc_fix_t splitbuf[bufsize]; -#endif jpc_fix_t *buf = splitbuf; register jpc_fix_t *srcptr; register jpc_fix_t *dstptr; @@ -318,7 +314,6 @@ register int m; int hstartcol; -#if !defined(HAVE_VLA) /* Get a buffer. */ if (bufsize > QMFB_SPLITBUFSIZE) { if (!(buf = jas_alloc2(bufsize, sizeof(jpc_fix_t)))) { @@ -326,7 +321,6 @@ abort(); } } -#endif if (numcols >= 2) { hstartcol = (numcols + 1 - parity) >> 1; @@ -360,12 +354,10 @@ } } -#if !defined(HAVE_VLA) /* If the split buffer was allocated on the heap, free this memory. */ if (buf != splitbuf) { jas_free(buf); } -#endif } @@ -374,11 +366,7 @@ { int bufsize = JPC_CEILDIVPOW2(numrows, 1); -#if !defined(HAVE_VLA) jpc_fix_t splitbuf[QMFB_SPLITBUFSIZE]; -#else - jpc_fix_t splitbuf[bufsize]; -#endif jpc_fix_t *buf = splitbuf; register jpc_fix_t *srcptr; register jpc_fix_t *dstptr; @@ -386,7 +374,6 @@ register int m; int hstartcol; -#if !defined(HAVE_VLA) /* Get a buffer. */ if (bufsize > QMFB_SPLITBUFSIZE) { if (!(buf = jas_alloc2(bufsize, sizeof(jpc_fix_t)))) { @@ -394,7 +381,6 @@ abort(); } } -#endif if (numrows >= 2) { hstartcol = (numrows + 1 - parity) >> 1; @@ -428,12 +414,10 @@ } } -#if !defined(HAVE_VLA) /* If the split buffer was allocated on the heap, free this memory. */ if (buf != splitbuf) { jas_free(buf); } -#endif } @@ -442,11 +426,7 @@ { int bufsize = JPC_CEILDIVPOW2(numrows, 1); -#if !defined(HAVE_VLA) jpc_fix_t splitbuf[QMFB_SPLITBUFSIZE * JPC_QMFB_COLGRPSIZE]; -#else - jpc_fix_t splitbuf[bufsize * JPC_QMFB_COLGRPSIZE]; -#endif jpc_fix_t *buf = splitbuf; jpc_fix_t *srcptr; jpc_fix_t *dstptr; @@ -457,7 +437,6 @@ int m; int hstartcol; -#if !defined(HAVE_VLA) /* Get a buffer. */ if (bufsize > QMFB_SPLITBUFSIZE) { if (!(buf = jas_alloc2(bufsize, sizeof(jpc_fix_t)))) { @@ -465,7 +444,6 @@ abort(); } } -#endif if (numrows >= 2) { hstartcol = (numrows + 1 - parity) >> 1; @@ -517,12 +495,10 @@ } } -#if !defined(HAVE_VLA) /* If the split buffer was allocated on the heap, free this memory. */ if (buf != splitbuf) { jas_free(buf); } -#endif } @@ -531,11 +507,7 @@ { int bufsize = JPC_CEILDIVPOW2(numrows, 1); -#if !defined(HAVE_VLA) jpc_fix_t splitbuf[QMFB_SPLITBUFSIZE * JPC_QMFB_COLGRPSIZE]; -#else - jpc_fix_t splitbuf[bufsize * numcols]; -#endif jpc_fix_t *buf = splitbuf; jpc_fix_t *srcptr; jpc_fix_t *dstptr; @@ -546,7 +518,6 @@ int m; int hstartcol; -#if !defined(HAVE_VLA) /* Get a buffer. */ if (bufsize > QMFB_SPLITBUFSIZE) { if (!(buf = jas_alloc2(bufsize, sizeof(jpc_fix_t)))) { @@ -554,7 +525,6 @@ abort(); } } -#endif if (numrows >= 2) { hstartcol = (numrows + 1 - parity) >> 1; @@ -606,12 +576,10 @@ } } -#if !defined(HAVE_VLA) /* If the split buffer was allocated on the heap, free this memory. */ if (buf != splitbuf) { jas_free(buf); } -#endif } @@ -619,18 +587,13 @@ { int bufsize = JPC_CEILDIVPOW2(numcols, 1); -#if !defined(HAVE_VLA) jpc_fix_t joinbuf[QMFB_JOINBUFSIZE]; -#else - jpc_fix_t joinbuf[bufsize]; -#endif jpc_fix_t *buf = joinbuf; register jpc_fix_t *srcptr; register jpc_fix_t *dstptr; register int n; int hstartcol; -#if !defined(HAVE_VLA) /* Allocate memory for the join buffer from the heap. */ if (bufsize > QMFB_JOINBUFSIZE) { if (!(buf = jas_alloc2(bufsize, sizeof(jpc_fix_t)))) { @@ -638,7 +601,6 @@ abort(); } } -#endif hstartcol = (numcols + 1 - parity) >> 1; @@ -670,12 +632,10 @@ ++srcptr; } -#if !defined(HAVE_VLA) /* If the join buffer was allocated on the heap, free this memory. */ if (buf != joinbuf) { jas_free(buf); } -#endif } @@ -684,18 +644,13 @@ { int bufsize = JPC_CEILDIVPOW2(numrows, 1); -#if !defined(HAVE_VLA) jpc_fix_t joinbuf[QMFB_JOINBUFSIZE]; -#else - jpc_fix_t joinbuf[bufsize]; -#endif jpc_fix_t *buf = joinbuf; register jpc_fix_t *srcptr; register jpc_fix_t *dstptr; register int n; int hstartcol; -#if !defined(HAVE_VLA) /* Allocate memory for the join buffer from the heap. */ if (bufsize > QMFB_JOINBUFSIZE) { if (!(buf = jas_alloc2(bufsize, sizeof(jpc_fix_t)))) { @@ -703,7 +658,6 @@ abort(); } } -#endif hstartcol = (numrows + 1 - parity) >> 1; @@ -735,12 +689,10 @@ ++srcptr; } -#if !defined(HAVE_VLA) /* If the join buffer was allocated on the heap, free this memory. */ if (buf != joinbuf) { jas_free(buf); } -#endif } @@ -749,11 +701,7 @@ { int bufsize = JPC_CEILDIVPOW2(numrows, 1); -#if !defined(HAVE_VLA) jpc_fix_t joinbuf[QMFB_JOINBUFSIZE * JPC_QMFB_COLGRPSIZE]; -#else - jpc_fix_t joinbuf[bufsize * JPC_QMFB_COLGRPSIZE]; -#endif jpc_fix_t *buf = joinbuf; jpc_fix_t *srcptr; jpc_fix_t *dstptr; @@ -763,7 +711,6 @@ register int i; int hstartcol; -#if !defined(HAVE_VLA) /* Allocate memory for the join buffer from the heap. */ if (bufsize > QMFB_JOINBUFSIZE) { if (!(buf = jas_alloc2(bufsize, JPC_QMFB_COLGRPSIZE * sizeof(jpc_fix_t)))) { @@ -771,7 +718,6 @@ abort(); } } -#endif hstartcol = (numrows + 1 - parity) >> 1; @@ -821,12 +767,10 @@ srcptr += JPC_QMFB_COLGRPSIZE; } -#if !defined(HAVE_VLA) /* If the join buffer was allocated on the heap, free this memory. */ if (buf != joinbuf) { jas_free(buf); } -#endif } @@ -835,11 +779,7 @@ { int bufsize = JPC_CEILDIVPOW2(numrows, 1); -#if !defined(HAVE_VLA) jpc_fix_t joinbuf[QMFB_JOINBUFSIZE * JPC_QMFB_COLGRPSIZE]; -#else - jpc_fix_t joinbuf[bufsize * numcols]; -#endif jpc_fix_t *buf = joinbuf; jpc_fix_t *srcptr; jpc_fix_t *dstptr; @@ -849,7 +789,6 @@ register int i; int hstartcol; -#if !defined(HAVE_VLA) /* Allocate memory for the join buffer from the heap. */ if (bufsize > QMFB_JOINBUFSIZE) { if (!(buf = jas_alloc3(bufsize, numcols, sizeof(jpc_fix_t)))) { @@ -857,7 +796,6 @@ abort(); } } -#endif hstartcol = (numrows + 1 - parity) >> 1; @@ -907,12 +845,10 @@ srcptr += numcols; } -#if !defined(HAVE_VLA) /* If the join buffer was allocated on the heap, free this memory. */ if (buf != joinbuf) { jas_free(buf); } -#endif } -- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
