Author: arekm Date: Wed Jul 15 06:57:21 2009 GMT Module: packages Tag: HEAD ---- Log message: - up to 10.35.65. CVE-2007-2721 and CVE-2008-3520 fixed by linking to system jasper (as these CVEs affect jacper) instead of internal one.
---- Files affected: packages/netpbm: netpbm.spec (1.93 -> 1.94) , netpbm-build.patch (NONE -> 1.1) (NEW), netpbm-rgb-path.patch (1.1 -> NONE) (REMOVED) ---- Diffs: ================================================================ Index: packages/netpbm/netpbm.spec diff -u packages/netpbm/netpbm.spec:1.93 packages/netpbm/netpbm.spec:1.94 --- packages/netpbm/netpbm.spec:1.93 Fri Jul 10 21:53:25 2009 +++ packages/netpbm/netpbm.spec Wed Jul 15 08:57:16 2009 @@ -11,25 +11,24 @@ Summary(ru.UTF-8): Набор библиотек для работы с различными графическими файлами Summary(uk.UTF-8): Набір бібліотек для роботи з різними графічними файлами Name: netpbm -Version: 10.34 -Release: 6 +Version: 10.35.65 +Release: 1 License: Freeware Group: Libraries -Source0: http://dl.sourceforge.net/netpbm/%{name}-%{version}.tgz -# Source0-md5: 851137b746e9a08c46e6580743c036c4 +# svn export https://netpbm.svn.sourceforge.net/svnroot/netpbm/stable netpbm-%{version} (where version from doc/HISTORY) +# svn export https://netpbm.svn.sourceforge.net/svnroot/netpbm/userguide netpbm-%{version}/userguide +Source0: %{name}-%{version}.tar.bz2 +# Source0-md5: 8f8317643d6f729ebc30913d066be804 Source1: http://www.mif.pg.gda.pl/homepages/ankry/man-PLD/%{name}-non-english-man-pages.tar.bz2 # Source1-md5: 8fb174f8da02ea01bf72a9dc61be10f1 Source2: %{name}-docs-20030520.tar.bz2 # Source2-md5: 2d6a3965d493def21edfbc3e1aa262e9 Patch0: %{name}-make.patch -Patch1: %{name}-rgb-path.patch +Patch1: %{name}-build.patch URL: http://netpbm.sourceforge.net/ -# Patches in redhat: -# https://rhn.redhat.com/errata/RHSA-2009-0012.html -BuildRequires: security(CVE-2007-2721) -BuildRequires: security(CVE-2008-3520) BuildRequires: xorg-lib-libX11-devel BuildRequires: flex +BuildRequires: jasper-devel BuildRequires: jbigkit-devel BuildRequires: libjpeg-devel BuildRequires: libpng-devel @@ -215,6 +214,28 @@ %patch1 -p1 %build +./configure << EOF + + + + + + + + + + + + + + + + + + + +EOF + # it appends defines to pm_config.h twice if -j > 1 %{__make} -j1 \ CC="%{__cc}" \ @@ -225,7 +246,9 @@ PNGHDR_DIR=%{_includedir} \ TIFFHDR_DIR=%{_includedir} \ X11LIB=%{_libdir}/libX11.so \ - JBIGLIB=/usr/%{_lib}/libjbig.so << EOF + JBIGLIB=/usr/%{_lib}/libjbig.so \ + JASPERLIB="" \ + JASPERDEPLIBS="-ljasper" << EOF gnu regular @@ -259,7 +282,7 @@ install -d $RPM_BUILD_ROOT{%{_bindir},%{_libdir},%{_includedir},%{_mandir}/man{1,3,5}} rm -rf PKG -%{__make} package \ +%{__make} -j1 package \ pkgdir=$(pwd)/PKG rm -f PKG/bin/doc.url @@ -333,6 +356,9 @@ All persons listed below can be reached at <cvs_login>@pld-linux.org $Log$ +Revision 1.94 2009/07/15 06:57:16 arekm +- up to 10.35.65. CVE-2007-2721 and CVE-2008-3520 fixed by linking to system jasper (as these CVEs affect jacper) instead of internal one. + Revision 1.93 2009/07/10 19:53:25 arekm - release 6 ================================================================ Index: packages/netpbm/netpbm-build.patch diff -u /dev/null packages/netpbm/netpbm-build.patch:1.1 --- /dev/null Wed Jul 15 08:57:21 2009 +++ packages/netpbm/netpbm-build.patch Wed Jul 15 08:57:16 2009 @@ -0,0 +1,25 @@ +--- netpbm-10.35.65/buildtools/configure.pl~ 2009-06-26 03:35:42.000000000 +0200 ++++ netpbm-10.35.65/buildtools/configure.pl 2009-07-15 08:47:35.271968502 +0200 +@@ -1889,11 +1889,6 @@ + push(@Makefile_config, "CFLAGS += -fPIC\n"); + push(@Makefile_config, "LDSHLIB = -shared -fPIC\n"); + push(@Makefile_config, 'LDFLAGS += -Wl,+b,/usr/pubsw/lib', "\n"); +- } else { +- # We don't know what to do here. We used to (before 10.20) just +- # just assume the compiler was gcc. We know that the gcc stuff +- # above does NOT work for HP native compiler. +- push(@config_mk, "LDSHLIB =\n"); + } + } elsif ($platform eq "AIX") { + push(@Makefile_config, 'LDFLAGS = -L /usr/pubsw/lib', "\n"); +--- netpbm-10.35.65/converter/ppm/ppmtompeg/jpeg.c~ 2006-08-19 05:12:28.000000000 +0200 ++++ netpbm-10.35.65/converter/ppm/ppmtompeg/jpeg.c 2009-07-15 08:52:06.372101451 +0200 +@@ -469,7 +469,7 @@ + #ifdef JPEG4 + buffer_height = 8; /* could be 2, 4,8 rows high */ + #else +- buffer_height = cinfo.max_v_samp_factor * cinfo.min_DCT_scaled_size; ++ buffer_height = cinfo.max_v_samp_factor * cinfo.min_DCT_v_scaled_size; + #endif + + for(cp=0,compptr = cinfo.comp_info;cp<cinfo.num_components; ================================================================ ---- CVS-web: http://cvs.pld-linux.org/cgi-bin/cvsweb.cgi/packages/netpbm/netpbm.spec?r1=1.93&r2=1.94&f=u _______________________________________________ pld-cvs-commit mailing list [email protected] http://lists.pld-linux.org/mailman/listinfo/pld-cvs-commit
