upgpkg: jasper 1.900.1-12

Add CVE patches (close FS#43155)

git-svn-id: file:///srv/repos/svn-packages/svn@227774 eb2447ed-0c53-47e4-bac8-5bc4a241df78

1 files changed, 37 insertions, 0 deletions

diff --git a/jasper-1.900.1-fix-filename-buffer-overflow.patch b/jasper-1.900.1-fix-filename-buffer-overflow.patch
new file mode 100644
index 000000000000..eba6cbe49a8b
--- /dev/null
+++ b/jasper-1.900.1-fix-filename-buffer-overflow.patch
@@ -0,0 +1,37 @@
+Description: Filename buffer overflow fix
+ This patch fixes a security hole by a bad buffer size handling.
+Author: Roland Stigge <stigge@antcom.de>
+Bug-Debian: http://bugs.debian.org/645118
+
+--- a/src/libjasper/include/jasper/jas_stream.h
++++ b/src/libjasper/include/jasper/jas_stream.h
+@@ -77,6 +77,7 @@
+ #include <jasper/jas_config.h>
+ 
+ #include <stdio.h>
++#include <limits.h>
+ #if defined(HAVE_FCNTL_H)
+ #include <fcntl.h>
+ #endif
+@@ -99,6 +100,12 @@ extern "C" {
+ #define O_BINARY	0
+ #endif
+ 
++#ifdef PATH_MAX
++#define JAS_PATH_MAX PATH_MAX
++#else
++#define JAS_PATH_MAX 4096
++#endif
++
+ /*
+  * Stream open flags.
+  */
+@@ -251,7 +258,7 @@ typedef struct {
+ typedef struct {
+ 	int fd;
+ 	int flags;
+-	char pathname[L_tmpnam + 1];
++	char pathname[JAS_PATH_MAX + 1];
+ } jas_stream_fileobj_t;
+ 
+ #define	JAS_STREAM_FILEOBJ_DELONCLOSE	0x01