Get Gentoo!
gentoo.org sites
gentoo.org Wiki Bugs Forums Packages
Planet Archives Sources
Infra Status
summaryrefslogtreecommitdiff
path: root/media-libs/jasper
diff options
context:
space:
mode:
Diffstat (limited to 'media-libs/jasper')
-rw-r--r--media-libs/jasper/ChangeLog8
-rw-r--r--media-libs/jasper/Manifest33
-rw-r--r--media-libs/jasper/files/jasper-CVE-2014-8157.patch12
-rw-r--r--media-libs/jasper/files/jasper-CVE-2014-8158.patch329
-rw-r--r--media-libs/jasper/jasper-1.900.1-r9.ebuild54
5 files changed, 420 insertions, 16 deletions
diff --git a/media-libs/jasper/ChangeLog b/media-libs/jasper/ChangeLog
index 3e94d14b0fdf..3f382f5f83ba 100644
--- a/media-libs/jasper/ChangeLog
+++ b/media-libs/jasper/ChangeLog
@@ -1,6 +1,12 @@
# ChangeLog for media-libs/jasper
# Copyright 1999-2015 Gentoo Foundation; Distributed under the GPL v2
-# $Header: /var/cvsroot/gentoo-x86/media-libs/jasper/ChangeLog,v 1.115 2015/01/16 08:21:27 jlec Exp $
+# $Header: /var/cvsroot/gentoo-x86/media-libs/jasper/ChangeLog,v 1.116 2015/01/24 13:14:57 jlec Exp $
+
+*jasper-1.900.1-r9 (24 Jan 2015)
+
+ 24 Jan 2015; Justin Lecher <jlec@gentoo.org> +jasper-1.900.1-r9.ebuild,
+ +files/jasper-CVE-2014-8157.patch, +files/jasper-CVE-2014-8158.patch:
+ Add fixes for CVE-2014-815{7,8}, #537530
16 Jan 2015; Justin Lecher <jlec@gentoo.org> -jasper-1.900.1-r7.ebuild:
Cleanup vulnerable versions for CVE-2014-{8137,8138}, #533744
diff --git a/media-libs/jasper/Manifest b/media-libs/jasper/Manifest
index b7c887a8cef4..847104da3e25 100644
--- a/media-libs/jasper/Manifest
+++ b/media-libs/jasper/Manifest
@@ -6,29 +6,32 @@ AUX jasper-1.701.0-GL-ac.patch 487 SHA256 f0c1794cca1fbee9f7a97f3b47b2a98250cb61
AUX jasper-1.701.0-GL.patch 553 SHA256 b99a48047f5ac8b8f8db4147a6938b8f918e0f671b76f8d17dc7068fda74d282 SHA512 6038d0a7fc3c3fb288d38eb7d87373aef15365dc2f11d4e985a30f4ba3e669238182f6fcad62e126d66ce51d9f255ec287919af17de0f2c28440c15e01d73994 WHIRLPOOL a460190fa4e20ed25143e649d197f3df67bcc372e55febbebbdea39b25f878036b5af9e2411383807d24fe58c07e997990e006d08d1126619f785c0b0258eec1
AUX jasper-CVE-2014-8137.patch 1547 SHA256 27350b9a72067e0325464b1e51f0fcab2701db26c918d82aac977dc345a02999 SHA512 b689b8fdc3dfa7f7ffcb9d7e94c7eb8d11127adf55e2f67cb2311fe1495eb7a4a234e34bc50315059b85a257b083670a383a7cc751705fcacc49727c11152510 WHIRLPOOL 514aaa7803ef7861b42374c4590740a34a768747e67c9e089b698b0a73750f8d5ff8c2dfc1a322b00797757c44eb81ada97d7949fb454ec2247114c100ff7adc
AUX jasper-CVE-2014-8138.patch 682 SHA256 597966eabef1eeb4155415352cee37492def0abb09349e1764ae92645f3a20c1 SHA512 ae9d1c85688f7711a5cd7765988e85c64bf5413dede80aa8c860caa505c079d6975410ccb3b0e18c65d84624226c5e12667bb7613a91e3856dab4f99483c2956 WHIRLPOOL c4e63768afc72cb63bef7136b7d0b6e803b582f698210668ed47ac601b375c729e27bffad906739dfe02fe2f2615ca553dddb5c53a5ec084c086f6a292debd3e
+AUX jasper-CVE-2014-8157.patch 569 SHA256 60160f1eecb4cbfe7d8277e091333e9c1b4af7eeaccdfa3b539ac9658bb6a474 SHA512 44fc87f8a85a5c0b1f3669ca5ec139afcb8971f2d5bfd40ed95913dcf34fee4874301b580134ddca900091ef3cbfdd791b365a5c3ba74d0e8deb855b54322f68 WHIRLPOOL 6ab8ccd5d87eb80dee5ae29f963292faa7de930d4db308030591b73c32abf0d01d93d29fea7baffd11f90bce0716615fdc8b39ec7d24dbf6cd6ec38b94f6e7b0
+AUX jasper-CVE-2014-8158.patch 7900 SHA256 1dce24d47bcfc599bde5fa625e8b9bfbd1c6c637e4358493276d8a96338ff8b7 SHA512 7f2f2a990ced181fd5755cc630a8c6d75e8172c926c08350505f6b8b5e8e1f8b0891b4603a4c43da35f913c079f2759975ee7ee1532ebb87f06d01c165299ecb WHIRLPOOL e7787fe8a170be486d0b9ce0d650f2526f9112a6a241284fcf180aec885a9e39302c88e074101ff4f01a41f1fd47a84384b35f21edb1d92eac9a42cc6c29c686
AUX jasper-CVE-2014-9029.patch 1116 SHA256 a43747e7597a2a5108befd4acd31a582101a66096a752e61de853bc860d2a8e1 SHA512 20bac10654ea1b16d741bcc71ca91e484c4238cb285f551a19b1bac4c4cf8ec39bc33f8d3c42dbadd03e85eb667a8e286f208e9b20a5b39429bf8e4454bd9b16 WHIRLPOOL 63244c1a4601de0c3ddcee00edc259062f1effa5e58180ac7e207e8ff71bb019990de6abe4cb1cdefb41dded1a96380aa0dd7bb46f729000c57c1e04abea9bb0
AUX jasper-pkgconfig.patch 1691 SHA256 325003c739023264f368db2ce30598038706f45a8ec8a5a1f81fa855496e0ed1 SHA512 3cb1fe20b34e46c2d04f17eac6e1831d226368e4a7037be8324eb469b0217e1ad0520bb9d321a0f7c510828ca8505c4c42d4c54045606d0e9f2dad81c8ee21eb WHIRLPOOL 13e97b718827a712a4ee65162e6adafec1672fd9f96e8d773124b91e43c4571d5ab0975802fbf44d10fa2d4f9a895ff1fbd6adeaf817c7e70cfa08198c9425cf
DIST jasper-1.900.1-fixes-20120611.patch.bz2 26303 SHA256 8727c94843f141c311be54eed97eca18f96542f52b991df6f7d4f005bad2ec59 SHA512 36ec1735a89008fa6be16698f78ca5ec52d4ef34f10653ba3bf081c665c4e2d747cdbd7bfc0d56859ad4dc0fac166cf08248336d25d3ba8e7feb57e65d5c5ef6 WHIRLPOOL 341639dc208c44eefb18d14b16bc74591989e4ec0bf6426bee1ed161f1c997a23dad487ac821f2bf8e1ae16ae74d6174dce39a913b44b4e24628a7a1510395a7
DIST jasper-1.900.1.zip 1415752 SHA256 6b905a9c2aca2e275544212666eefc4eb44d95d0a57e4305457b407fe63f9494 SHA512 e3a3c803de848b50482f5bd693b1945197c6999285226c45b671855734d7bb2611fbe6f28cd8ba9c56a4ea59417795eba42d72516c9fec93b8fbaa21b8210cb6 WHIRLPOOL cd53901537bb8d32706e82326bf01f7f960af5172e2da738d1fcc9c5a4087829210a177d3df96617cf289e5db8ec97e06aa6cd60ada3b887db65418b90e9a86b
EBUILD jasper-1.900.1-r8.ebuild 1602 SHA256 4f23a4e199b74223b750b1832006b4b64095412fdf3b04f548a36ec11bbbd0d5 SHA512 6b2296873dfe427835cbb0eaecfdebc908b9f794235f4a5002883225a8fd3c64a80693b6c426d38599a95d38ddfa9dff459715353dc912033e31fbfbde79948b WHIRLPOOL 45be1fdf03b9c68bfb176449c161da4abcd53f31ca7af8b0bb0ac12167ecac5ec6709ba99d90db207f6a8d550a0b01784c88fbf34e8728a5345ba8560b18b615
-MISC ChangeLog 14277 SHA256 11f8d80ccc2dd4834edaafbe0580c4bcfe352ce49345b434a34e642255eaaf15 SHA512 d9cec041ca08298e8270a7df4fe31b26c8d9c8775171ad5b00b4cf7bf497d475ecf3fca24880a408b29f79085835a34632f05e0d116ca82c42cae1cfca7d865e WHIRLPOOL eb0b291696fbece49b07a0486afe4c3650333a67a32ff2932e2b6d43791b4681f79c699a7f17322545063e22495815fe2ae2ffda6f9c854210fb6baf6ac74ded
+EBUILD jasper-1.900.1-r9.ebuild 1693 SHA256 1e6cdb1bd570ff67a8caeb4e597c9026ef994e8e335b25de13d1678de5fea5a2 SHA512 015d474fce555038c3d225ed7c89d1afedf7fe88818a8fcad0df29ee1abf44736ceff81fbf43fe82092c607500e51a10c2fa6feefb652992d2556d1c239f8731 WHIRLPOOL 606fa72bb5b837320135d55d2eca95a7b20b2f9b87cd5818d3b5dadec3a6574d5f49771dd2c7c0db281e0db0e87ae2b4c0a5a276ef9623df1c31801a99f44ac3
+MISC ChangeLog 14501 SHA256 c2eadb89fe694508da03214c4da5c6af8ea6354fb2e38c569185b55b62ea9ba4 SHA512 3324774c59cfa15cde49257e9a918623c97046edaf195a6cbb674e6d3e46dd44dc4818527ef9e560fe9437067bb9b8eb8079ce0bf7368e44c4823bb94ab5ea45 WHIRLPOOL fde0cf117bd73d6b90660f9f319ffe4ae1dc4f5c6ca82a5b449f3d22ad987e3697c60034753bcee8fc34d0431e52c891deb899a65e4837d6d8bb53b4826b9c06
MISC metadata.xml 158 SHA256 dae7918daac89b300804812d32584889aa1c4e8b9edeced06006900494457a6d SHA512 e4901a5df84502b46aa85ec01804ce680332cebe6148e4a9c8201a38935ee0d4a753bcdb3f18765b06019926a05bf099c0ed61395aa98211610ab7fdb8d7f895 WHIRLPOOL 2f12466ef66cc7b89ec428cd4b498b20f12ca6dbb219f180ac12985dfc4195882ea95809797828a720fe69a0e560d12de9c271f8aacaa06fba09c9c1ccd589e5
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0
-iQJ8BAEBCgBmBQJUuMoIXxSAAAAAAC4AKGlzc3Vlci1mcHJAbm90YXRpb25zLm9w
+iQJ8BAEBCgBmBQJUw5umXxSAAAAAAC4AKGlzc3Vlci1mcHJAbm90YXRpb25zLm9w
ZW5wZ3AuZmlmdGhob3JzZW1hbi5uZXQyQ0JDQjFGMzBDQ0UxMjFGNENDNDgxMDdC
-OUQ0RjIzMUJEMTU1OEFCAAoJELnU8jG9FVirbvAP/AwEmK66JrS24+vB+UoBJPah
-OEm2MGvbGDmvXLIbbKkNzhfjxlu7O1AyTZAnCvLqrCPDlWDxoa2Q1U9sSMWWZR66
-eKlPH41XQ2MBl6lo7i31ozuh8Ys6lvRtVoGANJ3EZHHgIROCl9tA1LfDwzozKdRj
-wQcD110CrzcOEhtVtlq90wTe4PMLYlkF9MA7GU9TIOviV+ThW0LCCrP5so974H/w
-FGD8QNrcX/vNXsxdqjLxvHAJx4bMMbV4zwSTWXDnzv9WOSNSjgS59Jft2Wda92s8
-ngqYlFEh+SmyLCNX5jqPRygBttvNpJYqReslKOFs/iYWnGo1FeJzoLK1+50ZfIjq
-dz/yUiOMe9/xg3ABLRw8kV2paJSVAFNzF8wise3yCpMp0qGuV4Nzh29bP/alYuYh
-636fvEcYs9aJmOqG9941lHPF3eC5Z0yLhUEHDQhSjFq1vPJ1yx90S382xa8Z3PDN
-xF+jsartLnmS23ZuhrQCOHjAoFxBHq9aMP0LFWprIniG9L4/3DRvaXh2XwLArNjm
-gg9kFulEJ6Y+PZ7B32KMc5LRMbRPHWKgUNJqmLWlKkpAcRedEbVpr7O8vrI0VDTw
-WpLgOwlwcVlkl4Qy+6AeZ8+HQFeAebQZNDCTxWXumdow/ht4xrMcTLKBdHFlWpv+
-y06FUha5ZH8O9oWPIYqV
-=K57Z
+OUQ0RjIzMUJEMTU1OEFCAAoJELnU8jG9FVirTpEP/j0wsJA+TvDnCwXj+SRa5glb
+it7F4pBhSwDB45UpeSi+FqkbvZ/ynmGsMLeeEf+dM47cC9YehhF60XwtAYuDLWXv
+j1tj+ry4RQtw/JyxQ4cCqlIuWWzOP8YqZxiN0g3ykPIAi0+mbGpqlOdUiNT/5aFp
+DnT4DmisTT2JRASLAoQ2W1YaRTsxTWTqmnoIBOCk1E9vJF1F39RT0GqmdWEUFdk/
+IuDBl+uEs+WMeEw0H/PO/M1K/6QxxWm3vnKHpOxm+CIaWokL48D+SiuZrUcuNFcQ
+cSzTE+vDSvJxsfywg3gvk92qkHrSYWwHlKn8xNCjh4h3qheZ6TjAN1H9QoXdM0YT
+vC9iMeIJnA87/9k5/U0+W9dbD3/a3dScLF2n8pEUr/Aibpg8CE9IgpzyTcOPDm8W
+42E7TYSMQpGS5nT8Jms6mvY7XFLRITopH7pg45mRCrQolyKLTlRN1HWg4y5IR7LM
+I7PXMB0qidoPbcjcM0e9DZaS7p7eUKytw26gk0jjj5gJZIXuvGndnLDc/ho/gSaR
+sbbfRjXeBk0cI0R1gBpQw0xieDo9o3GK8R3sCmFXoN5p3aFHbv5f8N50eFggWAcd
+v6EmijM8hEV3hPC1q8hEIo4paIH3+3NJULzk1LWl2KrQtO97BFhbw6mwWnmAL5dD
+1zK/wQ4VvjGuIHLL3UZM
+=v/1Z
-----END PGP SIGNATURE-----
diff --git a/media-libs/jasper/files/jasper-CVE-2014-8157.patch b/media-libs/jasper/files/jasper-CVE-2014-8157.patch
new file mode 100644
index 000000000000..ebfc1b2d0f25
--- /dev/null
+++ b/media-libs/jasper/files/jasper-CVE-2014-8157.patch
@@ -0,0 +1,12 @@
+diff -up jasper-1.900.1/src/libjasper/jpc/jpc_dec.c.CVE-2014-8157 jasper-1.900.1/src/libjasper/jpc/jpc_dec.c
+--- jasper-1.900.1/src/libjasper/jpc/jpc_dec.c.CVE-2014-8157 2015-01-19 16:59:36.000000000 +0100
++++ jasper-1.900.1/src/libjasper/jpc/jpc_dec.c 2015-01-19 17:07:41.609863268 +0100
+@@ -489,7 +489,7 @@ static int jpc_dec_process_sot(jpc_dec_t
+ dec->curtileendoff = 0;
+ }
+
+- if (JAS_CAST(int, sot->tileno) > dec->numtiles) {
++ if (JAS_CAST(int, sot->tileno) >= dec->numtiles) {
+ jas_eprintf("invalid tile number in SOT marker segment\n");
+ return -1;
+ }
diff --git a/media-libs/jasper/files/jasper-CVE-2014-8158.patch b/media-libs/jasper/files/jasper-CVE-2014-8158.patch
new file mode 100644
index 000000000000..ce9e4b497f39
--- /dev/null
+++ b/media-libs/jasper/files/jasper-CVE-2014-8158.patch
@@ -0,0 +1,329 @@
+diff -up jasper-1.900.1/src/libjasper/jpc/jpc_qmfb.c.CVE-2014-8158 jasper-1.900.1/src/libjasper/jpc/jpc_qmfb.c
+--- jasper-1.900.1/src/libjasper/jpc/jpc_qmfb.c.CVE-2014-8158 2015-01-19 17:25:28.730195502 +0100
++++ jasper-1.900.1/src/libjasper/jpc/jpc_qmfb.c 2015-01-19 17:27:20.214663127 +0100
+@@ -306,11 +306,7 @@ void jpc_qmfb_split_row(jpc_fix_t *a, in
+ {
+
+ int bufsize = JPC_CEILDIVPOW2(numcols, 1);
+-#if !defined(HAVE_VLA)
+ jpc_fix_t splitbuf[QMFB_SPLITBUFSIZE];
+-#else
+- jpc_fix_t splitbuf[bufsize];
+-#endif
+ jpc_fix_t *buf = splitbuf;
+ register jpc_fix_t *srcptr;
+ register jpc_fix_t *dstptr;
+@@ -318,7 +314,6 @@ void jpc_qmfb_split_row(jpc_fix_t *a, in
+ register int m;
+ int hstartcol;
+
+-#if !defined(HAVE_VLA)
+ /* Get a buffer. */
+ if (bufsize > QMFB_SPLITBUFSIZE) {
+ if (!(buf = jas_alloc2(bufsize, sizeof(jpc_fix_t)))) {
+@@ -326,7 +321,6 @@ void jpc_qmfb_split_row(jpc_fix_t *a, in
+ abort();
+ }
+ }
+-#endif
+
+ if (numcols >= 2) {
+ hstartcol = (numcols + 1 - parity) >> 1;
+@@ -360,12 +354,10 @@ void jpc_qmfb_split_row(jpc_fix_t *a, in
+ }
+ }
+
+-#if !defined(HAVE_VLA)
+ /* If the split buffer was allocated on the heap, free this memory. */
+ if (buf != splitbuf) {
+ jas_free(buf);
+ }
+-#endif
+
+ }
+
+@@ -374,11 +366,7 @@ void jpc_qmfb_split_col(jpc_fix_t *a, in
+ {
+
+ int bufsize = JPC_CEILDIVPOW2(numrows, 1);
+-#if !defined(HAVE_VLA)
+ jpc_fix_t splitbuf[QMFB_SPLITBUFSIZE];
+-#else
+- jpc_fix_t splitbuf[bufsize];
+-#endif
+ jpc_fix_t *buf = splitbuf;
+ register jpc_fix_t *srcptr;
+ register jpc_fix_t *dstptr;
+@@ -386,7 +374,6 @@ void jpc_qmfb_split_col(jpc_fix_t *a, in
+ register int m;
+ int hstartcol;
+
+-#if !defined(HAVE_VLA)
+ /* Get a buffer. */
+ if (bufsize > QMFB_SPLITBUFSIZE) {
+ if (!(buf = jas_alloc2(bufsize, sizeof(jpc_fix_t)))) {
+@@ -394,7 +381,6 @@ void jpc_qmfb_split_col(jpc_fix_t *a, in
+ abort();
+ }
+ }
+-#endif
+
+ if (numrows >= 2) {
+ hstartcol = (numrows + 1 - parity) >> 1;
+@@ -428,12 +414,10 @@ void jpc_qmfb_split_col(jpc_fix_t *a, in
+ }
+ }
+
+-#if !defined(HAVE_VLA)
+ /* If the split buffer was allocated on the heap, free this memory. */
+ if (buf != splitbuf) {
+ jas_free(buf);
+ }
+-#endif
+
+ }
+
+@@ -442,11 +426,7 @@ void jpc_qmfb_split_colgrp(jpc_fix_t *a,
+ {
+
+ int bufsize = JPC_CEILDIVPOW2(numrows, 1);
+-#if !defined(HAVE_VLA)
+ jpc_fix_t splitbuf[QMFB_SPLITBUFSIZE * JPC_QMFB_COLGRPSIZE];
+-#else
+- jpc_fix_t splitbuf[bufsize * JPC_QMFB_COLGRPSIZE];
+-#endif
+ jpc_fix_t *buf = splitbuf;
+ jpc_fix_t *srcptr;
+ jpc_fix_t *dstptr;
+@@ -457,7 +437,6 @@ void jpc_qmfb_split_colgrp(jpc_fix_t *a,
+ int m;
+ int hstartcol;
+
+-#if !defined(HAVE_VLA)
+ /* Get a buffer. */
+ if (bufsize > QMFB_SPLITBUFSIZE) {
+ if (!(buf = jas_alloc2(bufsize, sizeof(jpc_fix_t)))) {
+@@ -465,7 +444,6 @@ void jpc_qmfb_split_colgrp(jpc_fix_t *a,
+ abort();
+ }
+ }
+-#endif
+
+ if (numrows >= 2) {
+ hstartcol = (numrows + 1 - parity) >> 1;
+@@ -517,12 +495,10 @@ void jpc_qmfb_split_colgrp(jpc_fix_t *a,
+ }
+ }
+
+-#if !defined(HAVE_VLA)
+ /* If the split buffer was allocated on the heap, free this memory. */
+ if (buf != splitbuf) {
+ jas_free(buf);
+ }
+-#endif
+
+ }
+
+@@ -531,11 +507,7 @@ void jpc_qmfb_split_colres(jpc_fix_t *a,
+ {
+
+ int bufsize = JPC_CEILDIVPOW2(numrows, 1);
+-#if !defined(HAVE_VLA)
+ jpc_fix_t splitbuf[QMFB_SPLITBUFSIZE * JPC_QMFB_COLGRPSIZE];
+-#else
+- jpc_fix_t splitbuf[bufsize * numcols];
+-#endif
+ jpc_fix_t *buf = splitbuf;
+ jpc_fix_t *srcptr;
+ jpc_fix_t *dstptr;
+@@ -546,7 +518,6 @@ void jpc_qmfb_split_colres(jpc_fix_t *a,
+ int m;
+ int hstartcol;
+
+-#if !defined(HAVE_VLA)
+ /* Get a buffer. */
+ if (bufsize > QMFB_SPLITBUFSIZE) {
+ if (!(buf = jas_alloc2(bufsize, sizeof(jpc_fix_t)))) {
+@@ -554,7 +525,6 @@ void jpc_qmfb_split_colres(jpc_fix_t *a,
+ abort();
+ }
+ }
+-#endif
+
+ if (numrows >= 2) {
+ hstartcol = (numrows + 1 - parity) >> 1;
+@@ -606,12 +576,10 @@ void jpc_qmfb_split_colres(jpc_fix_t *a,
+ }
+ }
+
+-#if !defined(HAVE_VLA)
+ /* If the split buffer was allocated on the heap, free this memory. */
+ if (buf != splitbuf) {
+ jas_free(buf);
+ }
+-#endif
+
+ }
+
+@@ -619,18 +587,13 @@ void jpc_qmfb_join_row(jpc_fix_t *a, int
+ {
+
+ int bufsize = JPC_CEILDIVPOW2(numcols, 1);
+-#if !defined(HAVE_VLA)
+ jpc_fix_t joinbuf[QMFB_JOINBUFSIZE];
+-#else
+- jpc_fix_t joinbuf[bufsize];
+-#endif
+ jpc_fix_t *buf = joinbuf;
+ register jpc_fix_t *srcptr;
+ register jpc_fix_t *dstptr;
+ register int n;
+ int hstartcol;
+
+-#if !defined(HAVE_VLA)
+ /* Allocate memory for the join buffer from the heap. */
+ if (bufsize > QMFB_JOINBUFSIZE) {
+ if (!(buf = jas_alloc2(bufsize, sizeof(jpc_fix_t)))) {
+@@ -638,7 +601,6 @@ void jpc_qmfb_join_row(jpc_fix_t *a, int
+ abort();
+ }
+ }
+-#endif
+
+ hstartcol = (numcols + 1 - parity) >> 1;
+
+@@ -670,12 +632,10 @@ void jpc_qmfb_join_row(jpc_fix_t *a, int
+ ++srcptr;
+ }
+
+-#if !defined(HAVE_VLA)
+ /* If the join buffer was allocated on the heap, free this memory. */
+ if (buf != joinbuf) {
+ jas_free(buf);
+ }
+-#endif
+
+ }
+
+@@ -684,18 +644,13 @@ void jpc_qmfb_join_col(jpc_fix_t *a, int
+ {
+
+ int bufsize = JPC_CEILDIVPOW2(numrows, 1);
+-#if !defined(HAVE_VLA)
+ jpc_fix_t joinbuf[QMFB_JOINBUFSIZE];
+-#else
+- jpc_fix_t joinbuf[bufsize];
+-#endif
+ jpc_fix_t *buf = joinbuf;
+ register jpc_fix_t *srcptr;
+ register jpc_fix_t *dstptr;
+ register int n;
+ int hstartcol;
+
+-#if !defined(HAVE_VLA)
+ /* Allocate memory for the join buffer from the heap. */
+ if (bufsize > QMFB_JOINBUFSIZE) {
+ if (!(buf = jas_alloc2(bufsize, sizeof(jpc_fix_t)))) {
+@@ -703,7 +658,6 @@ void jpc_qmfb_join_col(jpc_fix_t *a, int
+ abort();
+ }
+ }
+-#endif
+
+ hstartcol = (numrows + 1 - parity) >> 1;
+
+@@ -735,12 +689,10 @@ void jpc_qmfb_join_col(jpc_fix_t *a, int
+ ++srcptr;
+ }
+
+-#if !defined(HAVE_VLA)
+ /* If the join buffer was allocated on the heap, free this memory. */
+ if (buf != joinbuf) {
+ jas_free(buf);
+ }
+-#endif
+
+ }
+
+@@ -749,11 +701,7 @@ void jpc_qmfb_join_colgrp(jpc_fix_t *a,
+ {
+
+ int bufsize = JPC_CEILDIVPOW2(numrows, 1);
+-#if !defined(HAVE_VLA)
+ jpc_fix_t joinbuf[QMFB_JOINBUFSIZE * JPC_QMFB_COLGRPSIZE];
+-#else
+- jpc_fix_t joinbuf[bufsize * JPC_QMFB_COLGRPSIZE];
+-#endif
+ jpc_fix_t *buf = joinbuf;
+ jpc_fix_t *srcptr;
+ jpc_fix_t *dstptr;
+@@ -763,7 +711,6 @@ void jpc_qmfb_join_colgrp(jpc_fix_t *a,
+ register int i;
+ int hstartcol;
+
+-#if !defined(HAVE_VLA)
+ /* Allocate memory for the join buffer from the heap. */
+ if (bufsize > QMFB_JOINBUFSIZE) {
+ if (!(buf = jas_alloc2(bufsize, JPC_QMFB_COLGRPSIZE * sizeof(jpc_fix_t)))) {
+@@ -771,7 +718,6 @@ void jpc_qmfb_join_colgrp(jpc_fix_t *a,
+ abort();
+ }
+ }
+-#endif
+
+ hstartcol = (numrows + 1 - parity) >> 1;
+
+@@ -821,12 +767,10 @@ void jpc_qmfb_join_colgrp(jpc_fix_t *a,
+ srcptr += JPC_QMFB_COLGRPSIZE;
+ }
+
+-#if !defined(HAVE_VLA)
+ /* If the join buffer was allocated on the heap, free this memory. */
+ if (buf != joinbuf) {
+ jas_free(buf);
+ }
+-#endif
+
+ }
+
+@@ -835,11 +779,7 @@ void jpc_qmfb_join_colres(jpc_fix_t *a,
+ {
+
+ int bufsize = JPC_CEILDIVPOW2(numrows, 1);
+-#if !defined(HAVE_VLA)
+ jpc_fix_t joinbuf[QMFB_JOINBUFSIZE * JPC_QMFB_COLGRPSIZE];
+-#else
+- jpc_fix_t joinbuf[bufsize * numcols];
+-#endif
+ jpc_fix_t *buf = joinbuf;
+ jpc_fix_t *srcptr;
+ jpc_fix_t *dstptr;
+@@ -849,7 +789,6 @@ void jpc_qmfb_join_colres(jpc_fix_t *a,
+ register int i;
+ int hstartcol;
+
+-#if !defined(HAVE_VLA)
+ /* Allocate memory for the join buffer from the heap. */
+ if (bufsize > QMFB_JOINBUFSIZE) {
+ if (!(buf = jas_alloc3(bufsize, numcols, sizeof(jpc_fix_t)))) {
+@@ -857,7 +796,6 @@ void jpc_qmfb_join_colres(jpc_fix_t *a,
+ abort();
+ }
+ }
+-#endif
+
+ hstartcol = (numrows + 1 - parity) >> 1;
+
+@@ -907,12 +845,10 @@ void jpc_qmfb_join_colres(jpc_fix_t *a,
+ srcptr += numcols;
+ }
+
+-#if !defined(HAVE_VLA)
+ /* If the join buffer was allocated on the heap, free this memory. */
+ if (buf != joinbuf) {
+ jas_free(buf);
+ }
+-#endif
+
+ }
+
diff --git a/media-libs/jasper/jasper-1.900.1-r9.ebuild b/media-libs/jasper/jasper-1.900.1-r9.ebuild
new file mode 100644
index 000000000000..ad5c7e0f488f
--- /dev/null
+++ b/media-libs/jasper/jasper-1.900.1-r9.ebuild
@@ -0,0 +1,54 @@
+# Copyright 1999-2015 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+# $Header: /var/cvsroot/gentoo-x86/media-libs/jasper/jasper-1.900.1-r9.ebuild,v 1.1 2015/01/24 13:14:57 jlec Exp $
+
+EAPI=5
+
+# outdated './configure': breaks in 'USE=opengl ABI_X86="32 64"' case:
+# uses /usr/lib64 for 32-bit ABI.
+AUTOTOOLS_AUTORECONF=yes
+
+inherit autotools-multilib
+
+DESCRIPTION="software-based implementation of the codec specified in the JPEG-2000 Part-1 standard"
+HOMEPAGE="http://www.ece.uvic.ca/~mdadams/jasper/"
+SRC_URI="
+ http://www.ece.uvic.ca/~mdadams/${PN}/software/${P}.zip
+ mirror://gentoo/${P}-fixes-20120611.patch.bz2"
+
+LICENSE="JasPer2.0"
+SLOT="0"
+KEYWORDS="~alpha ~amd64 ~arm ~hppa ~ia64 ~mips ~ppc ~ppc64 ~s390 ~sh ~sparc ~x86 ~amd64-fbsd ~sparc-fbsd ~x86-fbsd ~amd64-linux ~arm-linux ~x86-linux ~ppc-macos ~x64-macos ~x86-macos ~x64-solaris ~x86-solaris"
+IUSE="jpeg opengl static-libs"
+
+RDEPEND="
+ jpeg? ( >=virtual/jpeg-0-r2:0[${MULTILIB_USEDEP}] )
+ opengl? (
+ >=virtual/opengl-7.0-r1:0[${MULTILIB_USEDEP}]
+ >=media-libs/freeglut-2.8.1:0[${MULTILIB_USEDEP}]
+ virtual/glu
+ )"
+DEPEND="${RDEPEND}
+ app-arch/unzip"
+
+PATCHES=(
+ "${WORKDIR}"/${P}-fixes-20120611.patch
+ "${FILESDIR}"/${PN}-1.701.0-GL-ac.patch
+ "${FILESDIR}"/${PN}-1.701.0-GL.patch
+ "${FILESDIR}"/${PN}-CVE-2014-9029.patch
+ "${FILESDIR}"/${PN}-CVE-2014-8137.patch
+ "${FILESDIR}"/${PN}-CVE-2014-8138.patch
+ "${FILESDIR}"/${PN}-CVE-2014-8157.patch
+ "${FILESDIR}"/${PN}-CVE-2014-8158.patch
+ "${FILESDIR}"/${PN}-pkgconfig.patch
+ )
+
+DOCS=( NEWS README doc/. )
+
+src_configure() {
+ local myeconfargs=(
+ $(use_enable jpeg libjpeg)
+ $(use_enable opengl)
+ )
+ autotools-multilib_src_configure
+}