Commits
Baruch Siach committed 7a21e6e9e30
jasper: security bump to version 1.900.22 Fixes: CVE-2016-8693: Double free vulnerability in mem_close CVE-2016-8692: Divide by zero in jpc_dec_process_siz CVE-2016-8691: Divide by zero in jpc_dec_process_siz CVE-2016-8690: Null pointer dereference in bmp_getdata triggered by crafted BMP image CVE-2016-2089: matrix rows_ NULL pointer dereference in jas_matrix_clip() CVE-2016-8886: memory allocation failure in jas_malloc CVE-2016-8887: Null pointer dereference in jp2_colr_destroy CVE-2016-8884, CVE-2016-8885: Null pointer dereference in bmp_getdata (incomplete fix for CVE-2016-8690) CVE-2016-8880: Heap buffer overflow in jpc_dec_cp_setfromcox() CVE-2016-8881: Heap buffer overflow in jpc_getuint16() CVE-2016-8882: Null pointer access in jpc_pi_destroy CVE-2016-8883: Assert in jpc_dec_tiledecode() Drop upstream patches. Change SITE to the official download location, since the current one does not have the updated version. Unfortunately, the official site only offers tar.gz. Fix license. It is "based on the MIT license", but not exactly the same (http://www.ece.uvic.ca/~frodo/jasper/; under "Legal Issues"). Drop autoreconf; the autotools version has been updated since commit 324ccec90d (jasper: autoreconf to fix rpath issue) that introduced it. Cc: Maxime Hadjinlian <maxime.hadjinlian@gmail.com> Signed-off-by: Baruch Siach <baruch@tkos.co.il> Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>