Script 'mail_helper' called by obssrc Hello community, here is the log from the commit of package jasper for openSUSE:Factory checked in at 2023-11-30 21:59:21 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/jasper (Old) and /work/SRC/openSUSE:Factory/.jasper.new.25432 (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "jasper" Thu Nov 30 21:59:21 2023 rev:25 rq:1129748 version:4.1.1 Changes: -------- --- /work/SRC/openSUSE:Factory/jasper/jasper.changes 2023-11-06 21:13:48.546228308 +0100 +++ /work/SRC/openSUSE:Factory/.jasper.new.25432/jasper.changes 2023-11-30 22:00:22.790978996 +0100 @@ -1,0 +2,8 @@ +Wed Nov 29 09:29:34 UTC 2023 - Michael Vetter <mvet...@suse.com> + +- Update to 4.1.1: + * Disallow in-source builds by default #364 + * Fix a potential integer overflow problem in the + jas_get_total_mem_size function (for the Windows platform) #363 + +------------------------------------------------------------------- Old: ---- version-4.1.0.tar.gz New: ---- version-4.1.1.tar.gz ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ jasper.spec ++++++ --- /var/tmp/diff_new_pack.3oZ1fg/_old 2023-11-30 22:00:23.623009647 +0100 +++ /var/tmp/diff_new_pack.3oZ1fg/_new 2023-11-30 22:00:23.627009795 +0100 @@ -20,7 +20,7 @@ %global __builddir obs_build Name: jasper -Version: 4.1.0 +Version: 4.1.1 Release: 0 Summary: An Implementation of the JPEG-2000 Standard, Part 1 License: JasPer-2.0 @@ -29,7 +29,7 @@ Source: https://github.com/jasper-software/jasper/archive/version-%{version}.tar.gz Source1: baselibs.conf BuildRequires: Mesa-libGL-devel -BuildRequires: cmake +BuildRequires: cmake >= 3.20 BuildRequires: doxygen BuildRequires: fdupes BuildRequires: freeglut-devel @@ -69,7 +69,7 @@ %build export CFLAGS="%{optflags} -Wall -std=c99 -D_BSD_SOURCE" -%cmake -DCMAKE_INSTALL_DOCDIR=%{_docdir}/%{name} +%cmake -DCMAKE_INSTALL_DOCDIR=%{_docdir}/%{name} -DALLOW_IN_SOURCE_BUILD=ON %make_build %install ++++++ version-4.1.0.tar.gz -> version-4.1.1.tar.gz ++++++ diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/jasper-version-4.1.0/.github/workflows/ci.yml new/jasper-version-4.1.1/.github/workflows/ci.yml --- old/jasper-version-4.1.0/.github/workflows/ci.yml 2023-11-05 05:39:06.000000000 +0100 +++ new/jasper-version-4.1.1/.github/workflows/ci.yml 2023-11-28 18:19:23.000000000 +0100 @@ -6,7 +6,7 @@ build: strategy: matrix: - os: [ubuntu-22.04, ubuntu-20.04, macos-12, macos-11] + os: [ubuntu-22.04, ubuntu-20.04, macos-13, macos-12] compiler: [ {cc: gcc, cxx: g++}, {cc: clang, cxx: clang++} ] include: - os: [windows-2022] diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/jasper-version-4.1.0/CMakeLists.txt new/jasper-version-4.1.1/CMakeLists.txt --- old/jasper-version-4.1.0/CMakeLists.txt 2023-11-05 05:39:06.000000000 +0100 +++ new/jasper-version-4.1.1/CMakeLists.txt 2023-11-28 18:19:23.000000000 +0100 @@ -1,4 +1,6 @@ -cmake_minimum_required(VERSION 3.12) +cmake_minimum_required(VERSION 3.20) +# Version 3.20 needed for cmake_path. +# Version 3.19 needed for file(REAL_PATH ...). # Version 3.12 needed for FindJPEG imported targets. # Version 3.10 needed for FindOpenGL imported targets. # Version 3.1 needed for FindGLUT imported targets. @@ -10,7 +12,7 @@ # The major, minor, and micro version numbers of the project. set(JAS_VERSION_MAJOR 4) set(JAS_VERSION_MINOR 1) -set(JAS_VERSION_PATCH 0) +set(JAS_VERSION_PATCH 1) # The shared library versioning information. # Guidelines on how to change this information can be found below. diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/jasper-version-4.1.0/NEWS.txt new/jasper-version-4.1.1/NEWS.txt --- old/jasper-version-4.1.0/NEWS.txt 2023-11-05 05:39:06.000000000 +0100 +++ new/jasper-version-4.1.1/NEWS.txt 2023-11-28 18:19:23.000000000 +0100 @@ -1,3 +1,10 @@ +4.1.1 (2023-11-28) +================== + +* Disallow in-source builds by default. +* Fix a potential integer overflow problem in the jas_get_total_mem_size + function (for the Windows platform). + 4.1.0 (2023-11-04) ================== @@ -110,6 +117,7 @@ =================== * Fix potential null pointer dereference in the JP2/JPC decoder. (#269) + (CVE-2021-3443) * Fix ignoring of JAS_STREAM_FILEOBJ_NOCLOSE at stream close time. (#286) * Fix integral type sizing problem in JP2 codec. (#284) diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/jasper-version-4.1.0/appveyor.yml new/jasper-version-4.1.1/appveyor.yml --- old/jasper-version-4.1.0/appveyor.yml 2023-11-05 05:39:06.000000000 +0100 +++ new/jasper-version-4.1.1/appveyor.yml 2023-11-28 18:19:23.000000000 +0100 @@ -3,8 +3,9 @@ # build worker image (VM template) image: - - Visual Studio 2015 - - Visual Studio 2013 + - Visual Studio 2022 + #- Visual Studio 2015 + #- Visual Studio 2013 configuration: - Release diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/jasper-version-4.1.0/build/appveyor/build.bat new/jasper-version-4.1.1/build/appveyor/build.bat --- old/jasper-version-4.1.0/build/appveyor/build.bat 2023-11-05 05:39:06.000000000 +0100 +++ new/jasper-version-4.1.1/build/appveyor/build.bat 2023-11-28 18:19:23.000000000 +0100 @@ -41,7 +41,8 @@ cmake ^ -H%source_dir% -B%build_dir_shared% %allow_in_source_build% ^ -DCMAKE_INSTALL_PREFIX=%install_dir_shared% ^ - -DJAS_ENABLE_SHARED=true || exit /B 1 + -DJAS_ENABLE_SHARED=true ^ + -DJAS_ENABLE_DOC=false || exit /B 1 rem msbuild %build_dir_shared%\INSTALL.vcxproj || exit /B 1 cmake --build %build_dir_shared% --clean-first || exit /B 1 diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/jasper-version-4.1.0/build/cmake/modules/InSourceBuild.cmake new/jasper-version-4.1.1/build/cmake/modules/InSourceBuild.cmake --- old/jasper-version-4.1.0/build/cmake/modules/InSourceBuild.cmake 2023-11-05 05:39:06.000000000 +0100 +++ new/jasper-version-4.1.1/build/cmake/modules/InSourceBuild.cmake 2023-11-28 18:19:23.000000000 +0100 @@ -1,15 +1,48 @@ option(ALLOW_IN_SOURCE_BUILD "Allow an in-source build" OFF) function(prevent_in_source_build) - get_filename_component(source_dir "${CMAKE_SOURCE_DIR}" REALPATH) - get_filename_component(binary_dir "${CMAKE_BINARY_DIR}" REALPATH) - if(source_dir STREQUAL binary_dir) - message(FATAL_ERROR - "The use of an in-source build is not recommended. " - "For this reason, the use of in-source build is disabled by default. " - "If you want to override this default behavior, add the -DALLOW_IN_SOURCE_BUILD option to cmake." - ) + + # Determine if an in-source build is in progress. + file(REAL_PATH "${CMAKE_SOURCE_DIR}" source_dir) + file(REAL_PATH "${CMAKE_BINARY_DIR}" binary_dir) + cmake_path(IS_PREFIX source_dir "${binary_dir}" result) + + # If an in-source build is in progress, and the build directory is not + # chosen in a very specific way, then stop the build. + if(result) + cmake_path(RELATIVE_PATH binary_dir BASE_DIRECTORY "${source_dir}" + OUTPUT_VARIABLE cur_path) + #message("cur_path ${cur_path}") + while(true) + cmake_path(HAS_PARENT_PATH cur_path has_parent) + if(NOT has_parent) + break() + endif() + cmake_path(GET cur_path PARENT_PATH cur_path) + #message("cur_path ${cur_path}") + endwhile() + cmake_path(GET cur_path FILENAME top_dir_name) + #message("top_dir_name ${top_dir_name}") + if(NOT (top_dir_name MATCHES "^tmp")) + message(FATAL_ERROR + "The use of an in-source build has been detected " + "(i.e., the binary directory specified to CMake is located " + "in or under the source directory). " + "This can potentially trash the source tree. " + "In fact, if you are seeing this message, you may have already " + "partially trashed the source tree. " + "The use of an in-source build is not officially supported and " + "is therefore disallowed by default. " + "If you like to live dangerously and would like to override " + "this default behavior, this can be accomplished via the " + "CMake option ALLOW_IN_SOURCE_BUILD.\n" + "CMake source directory: ${CMAKE_SOURCE_DIR}\n" + "CMake binary directory: ${CMAKE_BINARY_DIR}\n" + "CMake binary directory root: ${CMAKE_SOURCE_DIR}/${top_dir_name}\n" + ) + endif() endif() + endfunction() if(NOT ALLOW_IN_SOURCE_BUILD) diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/jasper-version-4.1.0/src/libjasper/base/jas_malloc.c new/jasper-version-4.1.1/src/libjasper/base/jas_malloc.c --- old/jasper-version-4.1.0/src/libjasper/base/jas_malloc.c 2023-11-05 05:39:06.000000000 +0100 +++ new/jasper-version-4.1.1/src/libjasper/base/jas_malloc.c 2023-11-28 18:19:23.000000000 +0100 @@ -661,11 +661,12 @@ Reference: https://docs.microsoft.com/en-us/windows/win32/api/sysinfoapi/nf-sysinfoapi-getphysicallyinstalledsystemmemory */ - ULONGLONG size; - if (!GetPhysicallyInstalledSystemMemory(&size)) { + ULONGLONG mem_size_in_kb; + if (!GetPhysicallyInstalledSystemMemory(&mem_size_in_kb)) { return 0; } - return 1024 * size; + return (mem_size_in_kb < SIZE_MAX / JAS_CAST(size_t, 1024)) ? + JAS_CAST(size_t, 1024) * mem_size_in_kb : SIZE_MAX; #else return 0; #endif
