Hello community, here is the log from the commit of package jasper for openSUSE:Factory checked in at 2020-12-08 13:24:45 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/jasper (Old) and /work/SRC/openSUSE:Factory/.jasper.new.5913 (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "jasper" Tue Dec 8 13:24:45 2020 rev:4 rq:853711 version:2.0.23 Changes: -------- --- /work/SRC/openSUSE:Factory/jasper/jasper.changes 2020-10-06 17:12:47.513614424 +0200 +++ /work/SRC/openSUSE:Factory/.jasper.new.5913/jasper.changes 2020-12-08 13:25:57.466764506 +0100 @@ -1,0 +2,6 @@ +Tue Dec 8 07:45:28 UTC 2020 - Michael Vetter <[email protected]> + +- Update to 2.0.23: + * Fix CVE-2020-27828, heap-overflow in cp_create() in jpc_enc.c (#252) + +------------------------------------------------------------------- Old: ---- version-2.0.22.tar.gz New: ---- version-2.0.23.tar.gz ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ jasper.spec ++++++ --- /var/tmp/diff_new_pack.xGt4ml/_old 2020-12-08 13:25:58.038765356 +0100 +++ /var/tmp/diff_new_pack.xGt4ml/_new 2020-12-08 13:25:58.042765361 +0100 @@ -17,7 +17,7 @@ Name: jasper -Version: 2.0.22 +Version: 2.0.23 Release: 0 Summary: An Implementation of the JPEG-2000 Standard, Part 1 License: SUSE-Public-Domain ++++++ version-2.0.22.tar.gz -> version-2.0.23.tar.gz ++++++ diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/jasper-version-2.0.22/.travis.yml new/jasper-version-2.0.23/.travis.yml --- old/jasper-version-2.0.22/.travis.yml 2020-10-05 18:41:38.000000000 +0200 +++ new/jasper-version-2.0.23/.travis.yml 2020-12-08 08:41:45.000000000 +0100 @@ -32,7 +32,8 @@ arch: - amd64 - #- arm64 + - arm64 + - ppc64le ################################################################################ # Specify extra packages needed. diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/jasper-version-2.0.22/CMakeLists.txt new/jasper-version-2.0.23/CMakeLists.txt --- old/jasper-version-2.0.22/CMakeLists.txt 2020-10-05 18:41:38.000000000 +0200 +++ new/jasper-version-2.0.23/CMakeLists.txt 2020-12-08 08:41:45.000000000 +0100 @@ -17,7 +17,7 @@ # The major, minor, and micro version numbers of the project. set(JAS_VERSION_MAJOR 2) set(JAS_VERSION_MINOR 0) -set(JAS_VERSION_PATCH 22) +set(JAS_VERSION_PATCH 23) # The project version. set(JAS_VERSION diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/jasper-version-2.0.22/NEWS new/jasper-version-2.0.23/NEWS --- old/jasper-version-2.0.22/NEWS 2020-10-05 18:41:38.000000000 +0200 +++ new/jasper-version-2.0.23/NEWS 2020-12-08 08:41:45.000000000 +0100 @@ -1,3 +1,20 @@ +2.0.23 (2020-12-08) +=================== + +* Fix CVE-2020-27828, heap-overflow in cp_create() in jpc_enc.c + https://github.com/jasper-software/jasper/issues/252 + +2.0.22 (2020-10-05) +=================== + +* Update manual + +* Remove JPEG dummy codec. Jasper needs libjpeg for JPEG support + +* Fix test suite build failure regarding disabled MIF codec (#249) + +* Fix OpenGL/glut detection (#247) + 2.0.21 (2020-09-20) =================== diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/jasper-version-2.0.22/src/libjasper/jpc/jpc_enc.c new/jasper-version-2.0.23/src/libjasper/jpc/jpc_enc.c --- old/jasper-version-2.0.22/src/libjasper/jpc/jpc_enc.c 2020-10-05 18:41:38.000000000 +0200 +++ new/jasper-version-2.0.23/src/libjasper/jpc/jpc_enc.c 2020-12-08 08:41:45.000000000 +0100 @@ -509,6 +509,11 @@ break; case OPT_MAXRLVLS: tccp->maxrlvls = atoi(jas_tvparser_getval(tvp)); + if (tccp->maxrlvls > JPC_MAXRLVLS) { + jas_eprintf("number of resolution levels exceeds maximum %d\n", + JPC_MAXRLVLS); + goto error; + } break; case OPT_SOP: cp->tcp.csty |= JPC_COD_SOP; _______________________________________________ openSUSE Commits mailing list -- [email protected] To unsubscribe, email [email protected] List Netiquette: https://en.opensuse.org/openSUSE:Mailing_list_netiquette List Archives: https://lists.opensuse.org/archives/list/[email protected]
