gnu: jasper: Add fixes for several security flaws.

* gnu/packages/patches/jasper-CVE-2007-2721.patch,
gnu/packages/patches/jasper-CVE-2008-3520.patch,
gnu/packages/patches/jasper-CVE-2011-4516-and-CVE-2011-4517.patch,
gnu/packages/patches/jasper-CVE-2014-8137.patch,
gnu/packages/patches/jasper-CVE-2014-8138.patch,
gnu/packages/patches/jasper-CVE-2014-8157.patch,
gnu/packages/patches/jasper-CVE-2014-8158.patch,
gnu/packages/patches/jasper-CVE-2014-9029.patch,
gnu/packages/patches/jasper-CVE-2016-1867.patch: New files.
* gnu-system.am (dist_patch_DATA): Add them.
* gnu/packages/image.scm (jasper)[source]: Add patches.

1 files changed, 20 insertions, 0 deletions

diff --git a/gnu/packages/patches/jasper-CVE-2007-2721.patch b/gnu/packages/patches/jasper-CVE-2007-2721.patch
new file mode 100644
index 0000000000..9838247894
--- /dev/null
+++ b/gnu/packages/patches/jasper-CVE-2007-2721.patch
@@ -0,0 +1,20 @@
+Fix CVE-2007-2721 (heap corruption in jpc_qcx_getcompparms()).
+
+Copied from Fedora.
+
+http://pkgs.fedoraproject.org/cgit/rpms/jasper.git/tree/patch-libjasper-stepsizes-overflow.diff
+
+--- jasper-1.900.1.orig/src/libjasper/jpc/jpc_cs.c	2007-01-19 22:43:07.000000000 +0100
++++ jasper-1.900.1/src/libjasper/jpc/jpc_cs.c	2007-04-06 01:29:02.000000000 +0200
+@@ -982,7 +982,10 @@ static int jpc_qcx_getcompparms(jpc_qcxc
+ 		compparms->numstepsizes = (len - n) / 2;
+ 		break;
+ 	}
+-	if (compparms->numstepsizes > 0) {
++	if (compparms->numstepsizes > 3 * JPC_MAXRLVLS + 1) {
++		jpc_qcx_destroycompparms(compparms);
++                return -1;
++        } else if (compparms->numstepsizes > 0) {
+ 		compparms->stepsizes = jas_malloc(compparms->numstepsizes *
+ 		  sizeof(uint_fast16_t));
+ 		assert(compparms->stepsizes);