Hello community, here is the log from the commit of package openjpeg for openSUSE:Factory checked in at 2014-08-13 08:48:07 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/openjpeg (Old) and /work/SRC/openSUSE:Factory/.openjpeg.new (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "openjpeg" Changes: -------- --- /work/SRC/openSUSE:Factory/openjpeg/openjpeg.changes 2014-02-15 17:17:32.000000000 +0100 +++ /work/SRC/openSUSE:Factory/.openjpeg.new/openjpeg.changes 2014-08-13 08:48:10.000000000 +0200 @@ -1,0 +2,29 @@ +Fri Aug 8 22:08:11 UTC 2014 - [email protected] + +- Update to version 1.5.2: + Security: + * Fixes: CVE-2013-4289 CVE-2013-4290 + * Fixes: CVE-2013-1447 CVE-2013-6045 CVE-2013-6052 CVE-2013-6054 + CVE-2013-6053 CVE-2013-6887 + New Features: + * Compile Java with source/target specific java version + * Do not set SONAME for Java module, fix linking (missing math lib) + * Support some BMP/RGB8 files + * Fix compilation on ARM + Misc: + * Remove BSD-4 license from getopt copy, since upstream switched to BSD-3 + * Support compilation against system installed getopt + * Fix Big Endian checking (autotools) + * Huge amount of bug fixes. See CHANGES for details. +- Removed the following patches (fixed upstream): + * openjpeg-1.5-r2029.patch + * openjpeg-1.5-r2032.patch + * openjpeg-1.5-r2033.patch + * openjpeg-1.5.1-cve-2013-6045-1.patch + * openjpeg-1.5.1-cve-2013-6045-2.patch + * CVE-2013-6052.patch + * CVE-2013-6053.patch + * CVE-2013-1447.patch + * CVE-2013-6887.patch + +------------------------------------------------------------------- Old: ---- CVE-2013-1447.patch CVE-2013-6052.patch CVE-2013-6053.patch CVE-2013-6887.patch openjpeg-1.5-r2029.patch openjpeg-1.5-r2032.patch openjpeg-1.5-r2033.patch openjpeg-1.5.1-cve-2013-6045-1.patch openjpeg-1.5.1-cve-2013-6045-2.patch openjpeg-1.5.1.tar.gz New: ---- openjpeg-1.5.2.tar.gz ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ openjpeg.spec ++++++ --- /var/tmp/diff_new_pack.ht8Vq3/_old 2014-08-13 08:48:11.000000000 +0200 +++ /var/tmp/diff_new_pack.ht8Vq3/_new 2014-08-13 08:48:11.000000000 +0200 @@ -19,37 +19,19 @@ %define so_ver 1 Name: openjpeg -Version: 1.5.1 +Version: 1.5.2 Release: 0 Summary: An open-source JPEG 2000 codec License: BSD-2-Clause Group: Productivity/Graphics/Other Url: http://www.openjpeg.org/ -Source0: http://openjpeg.googlecode.com/files/%{name}-%{version}.tar.gz +Source0: http://downloads.sourceforge.net/%{name}.mirror/%{name}-%{version}.tar.gz Source1: baselibs.conf # PATCH-FIX-UPSTREAM openjpeg-1.5.1-cmake_libdir.patch [email protected] -- Fix libopenjpeg.pc symlink (taken from Fedora) Patch0: openjpeg-1.5.1-cmake_libdir.patch # PATCH-FIX-OPENSUSE openjpeg-1.5.1-soname.patch [email protected] -- Revert soname bump compared to 1.5.0 release (for now, remove patch in 2.0 release) (taken from Fedora) # See "http://code.google.com/p/openjpeg/source/browse/tags/version.1.5.1/CMakeLists.txt";. The change was introduced in 1.5.1 but soname can remain the same between 1.5.0 and 1.5.1 versions. Patch1: openjpeg-1.5.1-soname.patch -# PATCH-FIX-UPSTREAM openjpeg-1.5-r2029.patch [email protected] -- From upstream. Fix issue 155, jp2_read_boxhdr() can trigger random pointer memory access -Patch2: openjpeg-1.5-r2029.patch -# PATCH-FIX-UPSTREAM openjpeg-1.5-r2032.patch [email protected] -- From upstream. Fix issue 169, division by zero in j2k_read_siz -Patch3: openjpeg-1.5-r2032.patch -# PATCH-FIX-UPSTREAM openjpeg-1.5-r2033.patch [email protected] -- From upstream. Fix issue 166, missing range check in j2k_read_coc et al -Patch4: openjpeg-1.5-r2033.patch -# PATCH-FIX-UPSTREAM openjpeg-1.5.1-cve-2013-6045-1.patch CVE-2013-6045 bnc#853838 -- Fix heap-based buffer overflows (rest of the fix is in openjpeg-1.5-r2033.patch) -Patch5: openjpeg-1.5.1-cve-2013-6045-1.patch -# PATCH-FIX-UPSTREAM openjpeg-1.5.1-cve-2013-6045-2.patch CVE-2013-6045 bnc#853838 -- Fix heap-based buffer overflows -Patch6: openjpeg-1.5.1-cve-2013-6045-2.patch -# PATCH-FIX-UPSTREAM CVE-2013-6052.patch CVE-2013-6052 bnc#853644 [email protected] -- Fix heap OOB reads, information leaks -Patch7: CVE-2013-6052.patch -# PATCH-FIX-UPSTREAM CVE-2013-6053.patch CVE-2013-6053 bnc#853644 [email protected] -- Fix heap OOB reads, information leaks -Patch8: CVE-2013-6053.patch -# PATCH-FIX-UPSTREAM CVE-2013-1447.patch CVE-2013-1447 bnc#853834 [email protected] -- Fix multiple denial of service flaws -Patch9: CVE-2013-1447.patch -# PATCH-FIX-UPSTREAM CVE-2013-6887.patch CVE-2013-6887 bnc#853644 [email protected] -- Fix multiple denial of service flaws -Patch10: CVE-2013-6887.patch BuildRequires: cmake BuildRequires: doxygen %if 0%{?suse_version} @@ -88,17 +70,9 @@ %setup -q %patch0 -p1 %patch1 -p1 -%patch2 -%patch3 -%patch4 -%patch5 -p1 -%patch6 -p1 -%patch7 -p1 -%patch8 -p1 -%patch9 -p1 -%patch10 -p1 + # Remove build time references so build-compare can do its work -sed -i "s/HTML_TIMESTAMP = YES/HTML_TIMESTAMP = NO/g" doc/Doxyfile.dox.cmake.in +echo "HTML_TIMESTAMP = NO" >> doc/Doxyfile.dox.cmake.in %build mkdir build @@ -112,6 +86,7 @@ -DBUILD_SHARED_LIBS=ON \ -DCMAKE_BUILD_TYPE=release \ -DBUILD_DOC=ON \ + -DUSE_SYSTEM_GETOPT=ON \ -DBUILD_THIRDPARTY=OFF .. make %{?_smp_mflags} VERBOSE=1 cd .. ++++++ openjpeg-1.5.1.tar.gz -> openjpeg-1.5.2.tar.gz ++++++ ++++ 117134 lines of diff (skipped) -- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
