summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorRobin H. Johnson <robbat2@gentoo.org>2015-08-08 13:49:04 -0700
committerRobin H. Johnson <robbat2@gentoo.org>2015-08-08 17:38:18 -0700
commit56bd759df1d0c750a065b8c845e93d5dfa6b549d (patch)
tree3f91093cdb475e565ae857f1c5a7fd339e2d781e /media-libs/jasper
downloadgentoo-56bd759df1d0c750a065b8c845e93d5dfa6b549d.tar.gz
gentoo-56bd759df1d0c750a065b8c845e93d5dfa6b549d.tar.bz2
gentoo-56bd759df1d0c750a065b8c845e93d5dfa6b549d.zip
proj/gentoo: Initial commit
This commit represents a new era for Gentoo: Storing the gentoo-x86 tree in Git, as converted from CVS. This commit is the start of the NEW history. Any historical data is intended to be grafted onto this point. Creation process: 1. Take final CVS checkout snapshot 2. Remove ALL ChangeLog* files 3. Transform all Manifests to thin 4. Remove empty Manifests 5. Convert all stale $Header$/$Id$ CVS keywords to non-expanded Git $Id$ 5.1. Do not touch files with -kb/-ko keyword flags. Signed-off-by: Robin H. Johnson <robbat2@gentoo.org> X-Thanks: Alec Warner <antarus@gentoo.org> - did the GSoC 2006 migration tests X-Thanks: Robin H. Johnson <robbat2@gentoo.org> - infra guy, herding this project X-Thanks: Nguyen Thai Ngoc Duy <pclouds@gentoo.org> - Former Gentoo developer, wrote Git features for the migration X-Thanks: Brian Harring <ferringb@gentoo.org> - wrote much python to improve cvs2svn X-Thanks: Rich Freeman <rich0@gentoo.org> - validation scripts X-Thanks: Patrick Lauer <patrick@gentoo.org> - Gentoo dev, running new 2014 work in migration X-Thanks: Michał Górny <mgorny@gentoo.org> - scripts, QA, nagging X-Thanks: All of other Gentoo developers - many ideas and lots of paint on the bikeshed
Diffstat (limited to 'media-libs/jasper')
-rw-r--r--media-libs/jasper/Manifest2
-rw-r--r--media-libs/jasper/files/CVE-2011-4516+7.patch24
-rw-r--r--media-libs/jasper/files/jasper-1.701.0-GL-ac.patch11
-rw-r--r--media-libs/jasper/files/jasper-1.701.0-GL.patch11
-rw-r--r--media-libs/jasper/files/jasper-CVE-2014-8137.patch57
-rw-r--r--media-libs/jasper/files/jasper-CVE-2014-8138.patch14
-rw-r--r--media-libs/jasper/files/jasper-CVE-2014-8157.patch12
-rw-r--r--media-libs/jasper/files/jasper-CVE-2014-8158.patch329
-rw-r--r--media-libs/jasper/files/jasper-CVE-2014-9029.patch29
-rw-r--r--media-libs/jasper/files/jasper-pkgconfig.patch48
-rw-r--r--media-libs/jasper/jasper-1.900.1-r9.ebuild54
-rw-r--r--media-libs/jasper/metadata.xml5
12 files changed, 596 insertions, 0 deletions
diff --git a/media-libs/jasper/Manifest b/media-libs/jasper/Manifest
new file mode 100644
index 000000000000..a9004f7f56dc
--- /dev/null
+++ b/media-libs/jasper/Manifest
@@ -0,0 +1,2 @@
+DIST jasper-1.900.1-fixes-20120611.patch.bz2 26303 SHA256 8727c94843f141c311be54eed97eca18f96542f52b991df6f7d4f005bad2ec59 SHA512 36ec1735a89008fa6be16698f78ca5ec52d4ef34f10653ba3bf081c665c4e2d747cdbd7bfc0d56859ad4dc0fac166cf08248336d25d3ba8e7feb57e65d5c5ef6 WHIRLPOOL 341639dc208c44eefb18d14b16bc74591989e4ec0bf6426bee1ed161f1c997a23dad487ac821f2bf8e1ae16ae74d6174dce39a913b44b4e24628a7a1510395a7
+DIST jasper-1.900.1.zip 1415752 SHA256 6b905a9c2aca2e275544212666eefc4eb44d95d0a57e4305457b407fe63f9494 SHA512 e3a3c803de848b50482f5bd693b1945197c6999285226c45b671855734d7bb2611fbe6f28cd8ba9c56a4ea59417795eba42d72516c9fec93b8fbaa21b8210cb6 WHIRLPOOL cd53901537bb8d32706e82326bf01f7f960af5172e2da738d1fcc9c5a4087829210a177d3df96617cf289e5db8ec97e06aa6cd60ada3b887db65418b90e9a86b
diff --git a/media-libs/jasper/files/CVE-2011-4516+7.patch b/media-libs/jasper/files/CVE-2011-4516+7.patch
new file mode 100644
index 000000000000..1f1c7bb35f63
--- /dev/null
+++ b/media-libs/jasper/files/CVE-2011-4516+7.patch
@@ -0,0 +1,24 @@
+diff -up jasper-1.900.1/src/libjasper/jpc/jpc_cs.c.CERT-VU-887409 jasper-1.900.1/src/libjasper/jpc/jpc_cs.c
+--- jasper-1.900.1/src/libjasper/jpc/jpc_cs.c.CERT-VU-887409 2011-10-25 17:25:39.000000000 +0200
++++ jasper-1.900.1/src/libjasper/jpc/jpc_cs.c 2011-10-25 17:29:14.379371908 +0200
+@@ -744,6 +744,10 @@ static int jpc_cox_getcompparms(jpc_ms_t
+ return -1;
+ }
+ compparms->numrlvls = compparms->numdlvls + 1;
++ if (compparms->numrlvls > JPC_MAXRLVLS) {
++ jpc_cox_destroycompparms(compparms);
++ return -1;
++ }
+ if (prtflag) {
+ for (i = 0; i < compparms->numrlvls; ++i) {
+ if (jpc_getuint8(in, &tmp)) {
+@@ -1331,7 +1335,7 @@ static int jpc_crg_getparms(jpc_ms_t *ms
+ jpc_crgcomp_t *comp;
+ uint_fast16_t compno;
+ crg->numcomps = cstate->numcomps;
+- if (!(crg->comps = jas_alloc2(cstate->numcomps, sizeof(uint_fast16_t)))) {
++ if (!(crg->comps = jas_alloc2(cstate->numcomps, sizeof(jpc_crgcomp_t)))) {
+ return -1;
+ }
+ for (compno = 0, comp = crg->comps; compno < cstate->numcomps;
+
diff --git a/media-libs/jasper/files/jasper-1.701.0-GL-ac.patch b/media-libs/jasper/files/jasper-1.701.0-GL-ac.patch
new file mode 100644
index 000000000000..bf571433c0b8
--- /dev/null
+++ b/media-libs/jasper/files/jasper-1.701.0-GL-ac.patch
@@ -0,0 +1,11 @@
+--- jasper-1.701.0.GEO/configure.ac.GL 2006-02-20 19:58:02.000000000 -0600
++++ jasper-1.701.0.GEO/configure.ac 2006-02-24 07:40:38.000000000 -0600
+@@ -242,7 +242,7 @@
+ OPENGL_LIBS=""
+ if test $ENABLE_OPENGL = yes; then
+ if test $HAVE_OPENGL = no; then
+- TMPLIBS="-lglut -lGL -lGLU $X_PRE_LIBS -lX11 -lXmu -lXi -lXext -lXt $X_EXTRA_LIBS $X_LIBS"
++ TMPLIBS="-lglut -lGL -lGLU"
+ AC_CHECK_LIB(glut, glutInit, [HAVE_OPENGL=yes;
+ OPENGL_LIBS=$TMPLIBS], HAVE_OPENGL=no, $TMPLIBS)
+ fi
diff --git a/media-libs/jasper/files/jasper-1.701.0-GL.patch b/media-libs/jasper/files/jasper-1.701.0-GL.patch
new file mode 100644
index 000000000000..ba199e226faf
--- /dev/null
+++ b/media-libs/jasper/files/jasper-1.701.0-GL.patch
@@ -0,0 +1,11 @@
+--- jasper-1.701.0.GEO/configure.GL 2006-02-20 20:01:30.000000000 -0600
++++ jasper-1.701.0.GEO/configure 2006-02-24 07:40:46.000000000 -0600
+@@ -9464,7 +9464,7 @@
+ OPENGL_LIBS=""
+ if test $ENABLE_OPENGL = yes; then
+ if test $HAVE_OPENGL = no; then
+- TMPLIBS="-lglut -lGL -lGLU $X_PRE_LIBS -lX11 -lXmu -lXi -lXext -lXt $X_EXTRA_LIBS $X_LIBS"
++ TMPLIBS="-lglut -lGL -lGLU"
+ echo "$as_me:$LINENO: checking for glutInit in -lglut" >&5
+ echo $ECHO_N "checking for glutInit in -lglut... $ECHO_C" >&6
+ if test "${ac_cv_lib_glut_glutInit+set}" = set; then
diff --git a/media-libs/jasper/files/jasper-CVE-2014-8137.patch b/media-libs/jasper/files/jasper-CVE-2014-8137.patch
new file mode 100644
index 000000000000..9600cd3231de
--- /dev/null
+++ b/media-libs/jasper/files/jasper-CVE-2014-8137.patch
@@ -0,0 +1,57 @@
+--- jasper-1.900.1.orig/src/libjasper/base/jas_icc.c 2014-12-11 14:06:44.000000000 +0100
++++ jasper-1.900.1/src/libjasper/base/jas_icc.c 2014-12-11 15:16:37.971272386 +0100
+@@ -1009,7 +1009,6 @@ static int jas_icccurv_input(jas_iccattr
+ return 0;
+
+ error:
+- jas_icccurv_destroy(attrval);
+ return -1;
+ }
+
+@@ -1127,7 +1126,6 @@ static int jas_icctxtdesc_input(jas_icca
+ #endif
+ return 0;
+ error:
+- jas_icctxtdesc_destroy(attrval);
+ return -1;
+ }
+
+@@ -1206,8 +1204,6 @@ static int jas_icctxt_input(jas_iccattrv
+ goto error;
+ return 0;
+ error:
+- if (txt->string)
+- jas_free(txt->string);
+ return -1;
+ }
+
+@@ -1328,7 +1324,6 @@ static int jas_icclut8_input(jas_iccattr
+ goto error;
+ return 0;
+ error:
+- jas_icclut8_destroy(attrval);
+ return -1;
+ }
+
+@@ -1497,7 +1492,6 @@ static int jas_icclut16_input(jas_iccatt
+ goto error;
+ return 0;
+ error:
+- jas_icclut16_destroy(attrval);
+ return -1;
+ }
+
+--- jasper-1.900.1.orig/src/libjasper/jp2/jp2_dec.c 2014-12-11 14:30:54.193209780 +0100
++++ jasper-1.900.1/src/libjasper/jp2/jp2_dec.c 2014-12-11 14:36:46.313217814 +0100
+@@ -291,7 +291,10 @@ jas_image_t *jp2_decode(jas_stream_t *in
+ case JP2_COLR_ICC:
+ iccprof = jas_iccprof_createfrombuf(dec->colr->data.colr.iccp,
+ dec->colr->data.colr.iccplen);
+- assert(iccprof);
++ if (!iccprof) {
++ jas_eprintf("error: failed to parse ICC profile\n");
++ goto error;
++ }
+ jas_iccprof_gethdr(iccprof, &icchdr);
+ jas_eprintf("ICC Profile CS %08x\n", icchdr.colorspc);
+ jas_image_setclrspc(dec->image, fromiccpcs(icchdr.colorspc));
diff --git a/media-libs/jasper/files/jasper-CVE-2014-8138.patch b/media-libs/jasper/files/jasper-CVE-2014-8138.patch
new file mode 100644
index 000000000000..5aaf8abb1d5e
--- /dev/null
+++ b/media-libs/jasper/files/jasper-CVE-2014-8138.patch
@@ -0,0 +1,14 @@
+--- jasper-1.900.1.orig/src/libjasper/jp2/jp2_dec.c 2014-12-11 14:06:44.000000000 +0100
++++ jasper-1.900.1/src/libjasper/jp2/jp2_dec.c 2014-12-11 14:06:26.000000000 +0100
+@@ -386,6 +386,11 @@ jas_image_t *jp2_decode(jas_stream_t *in
+ /* Determine the type of each component. */
+ if (dec->cdef) {
+ for (i = 0; i < dec->numchans; ++i) {
++ /* Is the channel number reasonable? */
++ if (dec->cdef->data.cdef.ents[i].channo >= dec->numchans) {
++ jas_eprintf("error: invalid channel number in CDEF box\n");
++ goto error;
++ }
+ jas_image_setcmpttype(dec->image,
+ dec->chantocmptlut[dec->cdef->data.cdef.ents[i].channo],
+ jp2_getct(jas_image_clrspc(dec->image),
diff --git a/media-libs/jasper/files/jasper-CVE-2014-8157.patch b/media-libs/jasper/files/jasper-CVE-2014-8157.patch
new file mode 100644
index 000000000000..ebfc1b2d0f25
--- /dev/null
+++ b/media-libs/jasper/files/jasper-CVE-2014-8157.patch
@@ -0,0 +1,12 @@
+diff -up jasper-1.900.1/src/libjasper/jpc/jpc_dec.c.CVE-2014-8157 jasper-1.900.1/src/libjasper/jpc/jpc_dec.c
+--- jasper-1.900.1/src/libjasper/jpc/jpc_dec.c.CVE-2014-8157 2015-01-19 16:59:36.000000000 +0100
++++ jasper-1.900.1/src/libjasper/jpc/jpc_dec.c 2015-01-19 17:07:41.609863268 +0100
+@@ -489,7 +489,7 @@ static int jpc_dec_process_sot(jpc_dec_t
+ dec->curtileendoff = 0;
+ }
+
+- if (JAS_CAST(int, sot->tileno) > dec->numtiles) {
++ if (JAS_CAST(int, sot->tileno) >= dec->numtiles) {
+ jas_eprintf("invalid tile number in SOT marker segment\n");
+ return -1;
+ }
diff --git a/media-libs/jasper/files/jasper-CVE-2014-8158.patch b/media-libs/jasper/files/jasper-CVE-2014-8158.patch
new file mode 100644
index 000000000000..ce9e4b497f39
--- /dev/null
+++ b/media-libs/jasper/files/jasper-CVE-2014-8158.patch
@@ -0,0 +1,329 @@
+diff -up jasper-1.900.1/src/libjasper/jpc/jpc_qmfb.c.CVE-2014-8158 jasper-1.900.1/src/libjasper/jpc/jpc_qmfb.c
+--- jasper-1.900.1/src/libjasper/jpc/jpc_qmfb.c.CVE-2014-8158 2015-01-19 17:25:28.730195502 +0100
++++ jasper-1.900.1/src/libjasper/jpc/jpc_qmfb.c 2015-01-19 17:27:20.214663127 +0100
+@@ -306,11 +306,7 @@ void jpc_qmfb_split_row(jpc_fix_t *a, in
+ {
+
+ int bufsize = JPC_CEILDIVPOW2(numcols, 1);
+-#if !defined(HAVE_VLA)
+ jpc_fix_t splitbuf[QMFB_SPLITBUFSIZE];
+-#else
+- jpc_fix_t splitbuf[bufsize];
+-#endif
+ jpc_fix_t *buf = splitbuf;
+ register jpc_fix_t *srcptr;
+ register jpc_fix_t *dstptr;
+@@ -318,7 +314,6 @@ void jpc_qmfb_split_row(jpc_fix_t *a, in
+ register int m;
+ int hstartcol;
+
+-#if !defined(HAVE_VLA)
+ /* Get a buffer. */
+ if (bufsize > QMFB_SPLITBUFSIZE) {
+ if (!(buf = jas_alloc2(bufsize, sizeof(jpc_fix_t)))) {
+@@ -326,7 +321,6 @@ void jpc_qmfb_split_row(jpc_fix_t *a, in
+ abort();
+ }
+ }
+-#endif
+
+ if (numcols >= 2) {
+ hstartcol = (numcols + 1 - parity) >> 1;
+@@ -360,12 +354,10 @@ void jpc_qmfb_split_row(jpc_fix_t *a, in
+ }
+ }
+
+-#if !defined(HAVE_VLA)
+ /* If the split buffer was allocated on the heap, free this memory. */
+ if (buf != splitbuf) {
+ jas_free(buf);
+ }
+-#endif
+
+ }
+
+@@ -374,11 +366,7 @@ void jpc_qmfb_split_col(jpc_fix_t *a, in
+ {
+
+ int bufsize = JPC_CEILDIVPOW2(numrows, 1);
+-#if !defined(HAVE_VLA)
+ jpc_fix_t splitbuf[QMFB_SPLITBUFSIZE];
+-#else
+- jpc_fix_t splitbuf[bufsize];
+-#endif
+ jpc_fix_t *buf = splitbuf;
+ register jpc_fix_t *srcptr;
+ register jpc_fix_t *dstptr;
+@@ -386,7 +374,6 @@ void jpc_qmfb_split_col(jpc_fix_t *a, in
+ register int m;
+ int hstartcol;
+
+-#if !defined(HAVE_VLA)
+ /* Get a buffer. */
+ if (bufsize > QMFB_SPLITBUFSIZE) {
+ if (!(buf = jas_alloc2(bufsize, sizeof(jpc_fix_t)))) {
+@@ -394,7 +381,6 @@ void jpc_qmfb_split_col(jpc_fix_t *a, in
+ abort();
+ }
+ }
+-#endif
+
+ if (numrows >= 2) {
+ hstartcol = (numrows + 1 - parity) >> 1;
+@@ -428,12 +414,10 @@ void jpc_qmfb_split_col(jpc_fix_t *a, in
+ }
+ }
+
+-#if !defined(HAVE_VLA)
+ /* If the split buffer was allocated on the heap, free this memory. */
+ if (buf != splitbuf) {
+ jas_free(buf);
+ }
+-#endif
+
+ }
+
+@@ -442,11 +426,7 @@ void jpc_qmfb_split_colgrp(jpc_fix_t *a,
+ {
+
+ int bufsize = JPC_CEILDIVPOW2(numrows, 1);
+-#if !defined(HAVE_VLA)
+ jpc_fix_t splitbuf[QMFB_SPLITBUFSIZE * JPC_QMFB_COLGRPSIZE];
+-#else
+- jpc_fix_t splitbuf[bufsize * JPC_QMFB_COLGRPSIZE];
+-#endif
+ jpc_fix_t *buf = splitbuf;
+ jpc_fix_t *srcptr;
+ jpc_fix_t *dstptr;
+@@ -457,7 +437,6 @@ void jpc_qmfb_split_colgrp(jpc_fix_t *a,
+ int m;
+ int hstartcol;
+
+-#if !defined(HAVE_VLA)
+ /* Get a buffer. */
+ if (bufsize > QMFB_SPLITBUFSIZE) {
+ if (!(buf = jas_alloc2(bufsize, sizeof(jpc_fix_t)))) {
+@@ -465,7 +444,6 @@ void jpc_qmfb_split_colgrp(jpc_fix_t *a,
+ abort();
+ }
+ }
+-#endif
+
+ if (numrows >= 2) {
+ hstartcol = (numrows + 1 - parity) >> 1;
+@@ -517,12 +495,10 @@ void jpc_qmfb_split_colgrp(jpc_fix_t *a,
+ }
+ }
+
+-#if !defined(HAVE_VLA)
+ /* If the split buffer was allocated on the heap, free this memory. */
+ if (buf != splitbuf) {
+ jas_free(buf);
+ }
+-#endif
+
+ }
+
+@@ -531,11 +507,7 @@ void jpc_qmfb_split_colres(jpc_fix_t *a,
+ {
+
+ int bufsize = JPC_CEILDIVPOW2(numrows, 1);
+-#if !defined(HAVE_VLA)
+ jpc_fix_t splitbuf[QMFB_SPLITBUFSIZE * JPC_QMFB_COLGRPSIZE];
+-#else
+- jpc_fix_t splitbuf[bufsize * numcols];
+-#endif
+ jpc_fix_t *buf = splitbuf;
+ jpc_fix_t *srcptr;
+ jpc_fix_t *dstptr;
+@@ -546,7 +518,6 @@ void jpc_qmfb_split_colres(jpc_fix_t *a,
+ int m;
+ int hstartcol;
+
+-#if !defined(HAVE_VLA)
+ /* Get a buffer. */
+ if (bufsize > QMFB_SPLITBUFSIZE) {
+ if (!(buf = jas_alloc2(bufsize, sizeof(jpc_fix_t)))) {
+@@ -554,7 +525,6 @@ void jpc_qmfb_split_colres(jpc_fix_t *a,
+ abort();
+ }
+ }
+-#endif
+
+ if (numrows >= 2) {
+ hstartcol = (numrows + 1 - parity) >> 1;
+@@ -606,12 +576,10 @@ void jpc_qmfb_split_colres(jpc_fix_t *a,
+ }
+ }
+
+-#if !defined(HAVE_VLA)
+ /* If the split buffer was allocated on the heap, free this memory. */
+ if (buf != splitbuf) {
+ jas_free(buf);
+ }
+-#endif
+
+ }
+
+@@ -619,18 +587,13 @@ void jpc_qmfb_join_row(jpc_fix_t *a, int
+ {
+
+ int bufsize = JPC_CEILDIVPOW2(numcols, 1);
+-#if !defined(HAVE_VLA)
+ jpc_fix_t joinbuf[QMFB_JOINBUFSIZE];
+-#else
+- jpc_fix_t joinbuf[bufsize];
+-#endif
+ jpc_fix_t *buf = joinbuf;
+ register jpc_fix_t *srcptr;
+ register jpc_fix_t *dstptr;
+ register int n;
+ int hstartcol;
+
+-#if !defined(HAVE_VLA)
+ /* Allocate memory for the join buffer from the heap. */
+ if (bufsize > QMFB_JOINBUFSIZE) {
+ if (!(buf = jas_alloc2(bufsize, sizeof(jpc_fix_t)))) {
+@@ -638,7 +601,6 @@ void jpc_qmfb_join_row(jpc_fix_t *a, int
+ abort();
+ }
+ }
+-#endif
+
+ hstartcol = (numcols + 1 - parity) >> 1;
+
+@@ -670,12 +632,10 @@ void jpc_qmfb_join_row(jpc_fix_t *a, int
+ ++srcptr;
+ }
+
+-#if !defined(HAVE_VLA)
+ /* If the join buffer was allocated on the heap, free this memory. */
+ if (buf != joinbuf) {
+ jas_free(buf);
+ }
+-#endif
+
+ }
+
+@@ -684,18 +644,13 @@ void jpc_qmfb_join_col(jpc_fix_t *a, int
+ {
+
+ int bufsize = JPC_CEILDIVPOW2(numrows, 1);
+-#if !defined(HAVE_VLA)
+ jpc_fix_t joinbuf[QMFB_JOINBUFSIZE];
+-#else
+- jpc_fix_t joinbuf[bufsize];
+-#endif
+ jpc_fix_t *buf = joinbuf;
+ register jpc_fix_t *srcptr;
+ register jpc_fix_t *dstptr;
+ register int n;
+ int hstartcol;
+
+-#if !defined(HAVE_VLA)
+ /* Allocate memory for the join buffer from the heap. */
+ if (bufsize > QMFB_JOINBUFSIZE) {
+ if (!(buf = jas_alloc2(bufsize, sizeof(jpc_fix_t)))) {
+@@ -703,7 +658,6 @@ void jpc_qmfb_join_col(jpc_fix_t *a, int
+ abort();
+ }
+ }
+-#endif
+
+ hstartcol = (numrows + 1 - parity) >> 1;
+
+@@ -735,12 +689,10 @@ void jpc_qmfb_join_col(jpc_fix_t *a, int
+ ++srcptr;
+ }
+
+-#if !defined(HAVE_VLA)
+ /* If the join buffer was allocated on the heap, free this memory. */
+ if (buf != joinbuf) {
+ jas_free(buf);
+ }
+-#endif
+
+ }
+
+@@ -749,11 +701,7 @@ void jpc_qmfb_join_colgrp(jpc_fix_t *a,
+ {
+
+ int bufsize = JPC_CEILDIVPOW2(numrows, 1);
+-#if !defined(HAVE_VLA)
+ jpc_fix_t joinbuf[QMFB_JOINBUFSIZE * JPC_QMFB_COLGRPSIZE];
+-#else
+- jpc_fix_t joinbuf[bufsize * JPC_QMFB_COLGRPSIZE];
+-#endif
+ jpc_fix_t *buf = joinbuf;
+ jpc_fix_t *srcptr;
+ jpc_fix_t *dstptr;
+@@ -763,7 +711,6 @@ void jpc_qmfb_join_colgrp(jpc_fix_t *a,
+ register int i;
+ int hstartcol;
+
+-#if !defined(HAVE_VLA)
+ /* Allocate memory for the join buffer from the heap. */
+ if (bufsize > QMFB_JOINBUFSIZE) {
+ if (!(buf = jas_alloc2(bufsize, JPC_QMFB_COLGRPSIZE * sizeof(jpc_fix_t)))) {
+@@ -771,7 +718,6 @@ void jpc_qmfb_join_colgrp(jpc_fix_t *a,
+ abort();
+ }
+ }
+-#endif
+
+ hstartcol = (numrows + 1 - parity) >> 1;
+
+@@ -821,12 +767,10 @@ void jpc_qmfb_join_colgrp(jpc_fix_t *a,
+ srcptr += JPC_QMFB_COLGRPSIZE;
+ }
+
+-#if !defined(HAVE_VLA)
+ /* If the join buffer was allocated on the heap, free this memory. */
+ if (buf != joinbuf) {
+ jas_free(buf);
+ }
+-#endif
+
+ }
+
+@@ -835,11 +779,7 @@ void jpc_qmfb_join_colres(jpc_fix_t *a,
+ {
+
+ int bufsize = JPC_CEILDIVPOW2(numrows, 1);
+-#if !defined(HAVE_VLA)
+ jpc_fix_t joinbuf[QMFB_JOINBUFSIZE * JPC_QMFB_COLGRPSIZE];
+-#else
+- jpc_fix_t joinbuf[bufsize * numcols];
+-#endif
+ jpc_fix_t *buf = joinbuf;
+ jpc_fix_t *srcptr;
+ jpc_fix_t *dstptr;
+@@ -849,7 +789,6 @@ void jpc_qmfb_join_colres(jpc_fix_t *a,
+ register int i;
+ int hstartcol;
+
+-#if !defined(HAVE_VLA)
+ /* Allocate memory for the join buffer from the heap. */
+ if (bufsize > QMFB_JOINBUFSIZE) {
+ if (!(buf = jas_alloc3(bufsize, numcols, sizeof(jpc_fix_t)))) {
+@@ -857,7 +796,6 @@ void jpc_qmfb_join_colres(jpc_fix_t *a,
+ abort();
+ }
+ }
+-#endif
+
+ hstartcol = (numrows + 1 - parity) >> 1;
+
+@@ -907,12 +845,10 @@ void jpc_qmfb_join_colres(jpc_fix_t *a,
+ srcptr += numcols;
+ }
+
+-#if !defined(HAVE_VLA)
+ /* If the join buffer was allocated on the heap, free this memory. */
+ if (buf != joinbuf) {
+ jas_free(buf);
+ }
+-#endif
+
+ }
+
diff --git a/media-libs/jasper/files/jasper-CVE-2014-9029.patch b/media-libs/jasper/files/jasper-CVE-2014-9029.patch
new file mode 100644
index 000000000000..98a2035999be
--- /dev/null
+++ b/media-libs/jasper/files/jasper-CVE-2014-9029.patch
@@ -0,0 +1,29 @@
+--- jasper-1.900.1.orig/src/libjasper/jpc/jpc_dec.c 2014-11-27 12:45:44.000000000 +0100
++++ jasper-1.900.1/src/libjasper/jpc/jpc_dec.c 2014-11-27 12:44:58.000000000 +0100
+@@ -1281,7 +1281,7 @@ static int jpc_dec_process_coc(jpc_dec_t
+ jpc_coc_t *coc = &ms->parms.coc;
+ jpc_dec_tile_t *tile;
+
+- if (JAS_CAST(int, coc->compno) > dec->numcomps) {
++ if (JAS_CAST(int, coc->compno) >= dec->numcomps) {
+ jas_eprintf("invalid component number in COC marker segment\n");
+ return -1;
+ }
+@@ -1307,7 +1307,7 @@ static int jpc_dec_process_rgn(jpc_dec_t
+ jpc_rgn_t *rgn = &ms->parms.rgn;
+ jpc_dec_tile_t *tile;
+
+- if (JAS_CAST(int, rgn->compno) > dec->numcomps) {
++ if (JAS_CAST(int, rgn->compno) >= dec->numcomps) {
+ jas_eprintf("invalid component number in RGN marker segment\n");
+ return -1;
+ }
+@@ -1356,7 +1356,7 @@ static int jpc_dec_process_qcc(jpc_dec_t
+ jpc_qcc_t *qcc = &ms->parms.qcc;
+ jpc_dec_tile_t *tile;
+
+- if (JAS_CAST(int, qcc->compno) > dec->numcomps) {
++ if (JAS_CAST(int, qcc->compno) >= dec->numcomps) {
+ jas_eprintf("invalid component number in QCC marker segment\n");
+ return -1;
+ }
diff --git a/media-libs/jasper/files/jasper-pkgconfig.patch b/media-libs/jasper/files/jasper-pkgconfig.patch
new file mode 100644
index 000000000000..c8af5ca83f49
--- /dev/null
+++ b/media-libs/jasper/files/jasper-pkgconfig.patch
@@ -0,0 +1,48 @@
+diff -Naur jasper-1.900.1/configure.ac jasper-1.900.1.new/configure.ac
+--- jasper-1.900.1/configure.ac 2007-01-19 21:47:11.000000000 +0000
++++ jasper-1.900.1.new/configure.ac 2009-10-29 13:37:02.000000000 +0000
+@@ -399,6 +399,8 @@
+ src/libjasper/pnm/Makefile
+ src/libjasper/ras/Makefile
+ src/msvc/Makefile
++pkgconfig/Makefile
++pkgconfig/jasper.pc
+ jasper.spec
+ ])
+ AC_OUTPUT
+diff -Naur jasper-1.900.1/Makefile.am jasper-1.900.1.new/Makefile.am
+--- jasper-1.900.1/Makefile.am 2007-01-19 21:43:14.000000000 +0000
++++ jasper-1.900.1.new/Makefile.am 2009-10-29 13:36:28.000000000 +0000
+@@ -64,7 +64,7 @@
+ # Note: We need to put the derived file "jasper.spec" in the distribution
+ # in order to facilitate RPM building.
+
+-SUBDIRS = src
++SUBDIRS = src pkgconfig
+
+ rpm: dist
+ for i in BUILD RPMS SRPMS SOURCES SPECS; do \
+diff -Naur jasper-1.900.1/pkgconfig/jasper.pc.in jasper-1.900.1.new/pkgconfig/jasper.pc.in
+--- jasper-1.900.1/pkgconfig/jasper.pc.in 1970-01-01 01:00:00.000000000 +0100
++++ jasper-1.900.1.new/pkgconfig/jasper.pc.in 2009-10-29 16:30:43.000000000 +0000
+@@ -0,0 +1,11 @@
++prefix=@prefix@
++exec_prefix=@exec_prefix@
++libdir=@libdir@
++includedir=@includedir@
++
++Name: Jasper
++Description: JPEG 2000 encoding and decoding library
++Version: @VERSION@
++
++Libs: -L${libdir} -ljasper
++Cflags: -I${includedir}/jasper
+diff -Naur jasper-1.900.1/pkgconfig/Makefile.am jasper-1.900.1.new/pkgconfig/Makefile.am
+--- jasper-1.900.1/pkgconfig/Makefile.am 1970-01-01 01:00:00.000000000 +0100
++++ jasper-1.900.1.new/pkgconfig/Makefile.am 2009-10-29 13:38:59.000000000 +0000
+@@ -0,0 +1,5 @@
++pkgconfigdir = $(libdir)/pkgconfig
++pkgconfig_DATA = jasper.pc
++
++EXTRA_DIST = \
++ jasper.pc.in
diff --git a/media-libs/jasper/jasper-1.900.1-r9.ebuild b/media-libs/jasper/jasper-1.900.1-r9.ebuild
new file mode 100644
index 000000000000..f7a4d565040f
--- /dev/null
+++ b/media-libs/jasper/jasper-1.900.1-r9.ebuild
@@ -0,0 +1,54 @@
+# Copyright 1999-2015 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+# $Id$
+
+EAPI=5
+
+# outdated './configure': breaks in 'USE=opengl ABI_X86="32 64"' case:
+# uses /usr/lib64 for 32-bit ABI.
+AUTOTOOLS_AUTORECONF=yes
+
+inherit autotools-multilib
+
+DESCRIPTION="software-based implementation of the codec specified in the JPEG-2000 Part-1 standard"
+HOMEPAGE="http://www.ece.uvic.ca/~mdadams/jasper/"
+SRC_URI="
+ http://www.ece.uvic.ca/~mdadams/${PN}/software/${P}.zip
+ mirror://gentoo/${P}-fixes-20120611.patch.bz2"
+
+LICENSE="JasPer2.0"
+SLOT="0"
+KEYWORDS="alpha amd64 arm ~arm64 hppa ia64 ~mips ppc ppc64 ~s390 ~sh sparc x86 ~amd64-fbsd ~sparc-fbsd ~x86-fbsd ~amd64-linux ~arm-linux ~x86-linux ~ppc-macos ~x64-macos ~x86-macos ~x64-solaris ~x86-solaris"
+IUSE="jpeg opengl static-libs"
+
+RDEPEND="
+ jpeg? ( >=virtual/jpeg-0-r2:0[${MULTILIB_USEDEP}] )
+ opengl? (
+ >=virtual/opengl-7.0-r1:0[${MULTILIB_USEDEP}]
+ >=media-libs/freeglut-2.8.1:0[${MULTILIB_USEDEP}]
+ virtual/glu
+ )"
+DEPEND="${RDEPEND}
+ app-arch/unzip"
+
+PATCHES=(
+ "${WORKDIR}"/${P}-fixes-20120611.patch
+ "${FILESDIR}"/${PN}-1.701.0-GL-ac.patch
+ "${FILESDIR}"/${PN}-1.701.0-GL.patch
+ "${FILESDIR}"/${PN}-CVE-2014-9029.patch
+ "${FILESDIR}"/${PN}-CVE-2014-8137.patch
+ "${FILESDIR}"/${PN}-CVE-2014-8138.patch
+ "${FILESDIR}"/${PN}-CVE-2014-8157.patch
+ "${FILESDIR}"/${PN}-CVE-2014-8158.patch
+ "${FILESDIR}"/${PN}-pkgconfig.patch
+ )
+
+DOCS=( NEWS README doc/. )
+
+src_configure() {
+ local myeconfargs=(
+ $(use_enable jpeg libjpeg)
+ $(use_enable opengl)
+ )
+ autotools-multilib_src_configure
+}
diff --git a/media-libs/jasper/metadata.xml b/media-libs/jasper/metadata.xml
new file mode 100644
index 000000000000..897aa2e6b59a
--- /dev/null
+++ b/media-libs/jasper/metadata.xml
@@ -0,0 +1,5 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE pkgmetadata SYSTEM "http://www.gentoo.org/dtd/metadata.dtd">
+<pkgmetadata>
+ <herd>sci</herd>
+</pkgmetadata>