commit jasper for openSUSE:Factory
Hello community,
here is the log from the commit of package jasper for openSUSE:Factory checked
in at 2020-10-06 17:10:07
Comparing /work/SRC/openSUSE:Factory/jasper (Old)
and /work/SRC/openSUSE:Factory/.jasper.new.4249 (New)
Package is "jasper"
Tue Oct 6 17:10:07 2020 rev:3 rq:839698 version:2.0.22
Changes:
--- /work/SRC/openSUSE:Factory/jasper/jasper.changes2020-09-23
18:46:46.913673559 +0200
+++ /work/SRC/openSUSE:Factory/.jasper.new.4249/jasper.changes 2020-10-06
17:12:47.513614424 +0200
@@ -1,0 +2,10 @@
+Tue Oct 6 07:16:41 UTC 2020 - Michael Vetter
+
+- Update to 2.0.22:
+ * Update manual
+ * Remove JPEG dummy codec
+ * Fix test suite build failure regarding disabled MIF codec (#249)
+ * Fix OpenGL/glut detection (#247)
+- Remove jasper-2.0.21-glut.patch: upstreamed
+
+---
Old:
jasper-2.0.21-glut.patch
version-2.0.21.tar.gz
New:
version-2.0.22.tar.gz
Other differences:
--
++ jasper.spec ++
--- /var/tmp/diff_new_pack.y2Mo88/_old 2020-10-06 17:12:50.821617281 +0200
+++ /var/tmp/diff_new_pack.y2Mo88/_new 2020-10-06 17:12:50.825617284 +0200
@@ -17,7 +17,7 @@
Name: jasper
-Version:2.0.21
+Version:2.0.22
Release:0
Summary:An Implementation of the JPEG-2000 Standard, Part 1
License:SUSE-Public-Domain
@@ -25,8 +25,6 @@
URL:https://jasper-software.github.io/jasper
Source:
https://github.com/jasper-software/jasper/archive/version-%{version}.tar.gz
Source2:baselibs.conf
-# https://github.com/jasper-software/jasper/issues/247
-Patch0: jasper-2.0.21-glut.patch
BuildRequires: Mesa-libGL-devel
BuildRequires: cmake
BuildRequires: doxygen
@@ -78,7 +76,6 @@
%prep
%setup -q -n %{name}-version-%{version}
-%patch0 -p1
%build
export CFLAGS="%{optflags} -Wall -std=c99 -D_BSD_SOURCE"
++ version-2.0.21.tar.gz -> version-2.0.22.tar.gz ++
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/jasper-version-2.0.21/CMakeLists.txt
new/jasper-version-2.0.22/CMakeLists.txt
--- old/jasper-version-2.0.21/CMakeLists.txt2020-09-20 20:55:35.0
+0200
+++ new/jasper-version-2.0.22/CMakeLists.txt2020-10-05 18:41:38.0
+0200
@@ -17,7 +17,7 @@
# The major, minor, and micro version numbers of the project.
set(JAS_VERSION_MAJOR 2)
set(JAS_VERSION_MINOR 0)
-set(JAS_VERSION_PATCH 21)
+set(JAS_VERSION_PATCH 22)
# The project version.
set(JAS_VERSION
@@ -79,8 +79,6 @@
include(CTest)
include(Sanitizers)
-include(JasOpenGL)
-
cmake_policy(SET CMP0012 NEW)
@@ -205,6 +203,8 @@
# Perform plaform checks.
+include(JasOpenGL)
+
find_program(BASH_PROGRAM bash)
check_include_files(fcntl.h JAS_HAVE_FCNTL_H)
@@ -266,6 +266,9 @@
set(JPEG_INCLUDE_DIR "")
set(JPEG_LIBRARIES "")
endif()
+if (NOT JAS_HAVE_LIBJPEG)
+ set(JAS_INCLUDE_JPG_CODEC 0)
+endif()
# Check for the Math library.
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/jasper-version-2.0.21/NEWS
new/jasper-version-2.0.22/NEWS
--- old/jasper-version-2.0.21/NEWS 2020-09-20 20:55:35.0 +0200
+++ new/jasper-version-2.0.22/NEWS 2020-10-05 18:41:38.0 +0200
@@ -1,23 +1,25 @@
2.0.21 (2020-09-20)
===
-* fixed ZDI-15-529
+* Fix ZDI-15-529
+ https://github.com/jasper-software/jasper/pull/245
-* fixed CVE-2018-19541
+* Fix CVE-2018-19541 in decoder
+ https://github.com/jasper-software/jasper/pull/244
2.0.20 (2020-09-05)
===
-* fixed several ISO/IEC 15444-4 conformance bugs
+* Fix several ISO/IEC 15444-4 conformance bugs
-* fixed new variant of CVE-2016-9398
+* Fix new variant of CVE-2016-9398
-* disabled the MIF codec by default for security reasons (but it is still
+* Disable the MIF codec by default for security reasons (but it is still
included in the library);
in a future release, the MIF codec may also be excluded from the
library by default
-* added documentation for the I/O streams library API
+* Add documentation for the I/O streams library API
2.0.19 (2020-07-11)
===
@@ -28,7 +30,7 @@
https://github.com/jasper-software/jasper/issues/175
https://github.com/jasper-maint/jasper/issues/8
-* Fix CVE-2018-19541
+* Fix CVE-2018-19541 in encoder
https://github.com/jasper-software/jasper/pull/199
commit jasper for openSUSE:Factory
Hello community,
here is the log from the commit of package jasper for openSUSE:Factory checked
in at 2020-09-23 18:45:15
Comparing /work/SRC/openSUSE:Factory/jasper (Old)
and /work/SRC/openSUSE:Factory/.jasper.new.4249 (New)
Package is "jasper"
Wed Sep 23 18:45:15 2020 rev:2 rq:836230 version:2.0.21
Changes:
--- /work/SRC/openSUSE:Factory/jasper/jasper.changes2020-07-28
17:28:07.070093946 +0200
+++ /work/SRC/openSUSE:Factory/.jasper.new.4249/jasper.changes 2020-09-23
18:46:46.913673559 +0200
@@ -1,0 +2,30 @@
+Wed Sep 23 07:40:22 UTC 2020 - Michael Vetter
+
+- Add jasper-2.0.21-glut.patch: Fix glut.h detection
+ See https://github.com/jasper-software/jasper/issues/247
+
+---
+Tue Sep 22 12:10:54 UTC 2020 - Michael Vetter
+
+- Update to 2.0.21:
+ * Fix ZDI-15-529
+https://github.com/jasper-software/jasper/pull/245
+ * Fix CVE-2018-19541 in decoder
+https://github.com/jasper-software/jasper/pull/244
+
+---
+Mon Sep 7 08:15:35 UTC 2020 - Michael Vetter
+
+- Update to 2.0.20:
+ * Fixed several ISO/IEC 15444-4 conformance bugs
+ * Fixed new variant of CVE-2016-9398
+ * Disabled the MIF codec by default for security reasons (but it is still
+included in the library);
+in a future release, the MIF codec may also be excluded from the
+library by default
+ * Added documentation for the I/O streams library API
+ * Improved adherance to specification
+- Move to GitHub repo https://github.com/jasper-software/jasper
+- Update URL to https://jasper-software.github.io/jasper
+
+---
Old:
version-2.0.19.tar.gz
New:
jasper-2.0.21-glut.patch
version-2.0.21.tar.gz
Other differences:
--
++ jasper.spec ++
--- /var/tmp/diff_new_pack.8WRHTQ/_old 2020-09-23 18:46:59.017684695 +0200
+++ /var/tmp/diff_new_pack.8WRHTQ/_new 2020-09-23 18:46:59.017684695 +0200
@@ -1,7 +1,7 @@
#
# spec file for package jasper
#
-# Copyright (c) 2019 SUSE LINUX GmbH, Nuernberg, Germany.
+# Copyright (c) 2020 SUSE LLC
#
# All modifications and additions to the file contributed by third parties
# remain the property of their copyright owners, unless otherwise agreed
@@ -17,14 +17,16 @@
Name: jasper
-Version:2.0.19
+Version:2.0.21
Release:0
Summary:An Implementation of the JPEG-2000 Standard, Part 1
License:SUSE-Public-Domain
Group: Productivity/Graphics/Convertors
-URL:http://www.ece.uvic.ca/~mdadams/jasper/
-Source:
https://github.com/mdadams/jasper/archive/version-%{version}.tar.gz
+URL:https://jasper-software.github.io/jasper
+Source:
https://github.com/jasper-software/jasper/archive/version-%{version}.tar.gz
Source2:baselibs.conf
+# https://github.com/jasper-software/jasper/issues/247
+Patch0: jasper-2.0.21-glut.patch
BuildRequires: Mesa-libGL-devel
BuildRequires: cmake
BuildRequires: doxygen
@@ -76,6 +78,7 @@
%prep
%setup -q -n %{name}-version-%{version}
+%patch0 -p1
%build
export CFLAGS="%{optflags} -Wall -std=c99 -D_BSD_SOURCE"
++ jasper-2.0.21-glut.patch ++
>From 059bcac469a06767179771aebbbe65dacd676111 Mon Sep 17 00:00:00 2001
From: Michael Adams
Date: Tue, 22 Sep 2020 07:46:26 -0700
Subject: [PATCH] Moved the point at which the JasPer OpenGL cmake module is
included in the top-level CMakeLists.txt file so that the main JasPer config
header is generated correctly and all of the initialization required for this
module is performed prior to its inclusion.
---
CMakeLists.txt | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/CMakeLists.txt b/CMakeLists.txt
index 20dbd8a..adf45ca 100644
--- a/CMakeLists.txt
+++ b/CMakeLists.txt
@@ -79,8 +79,6 @@ include(CheckCSourceCompiles)
include(CTest)
include(Sanitizers)
-include(JasOpenGL)
-
cmake_policy(SET CMP0012 NEW)
@@ -205,6 +203,8 @@ endif()
# Perform plaform checks.
+include(JasOpenGL)
+
find_program(BASH_PROGRAM bash)
check_include_files(fcntl.h JAS_HAVE_FCNTL_H)
++ version-2.0.19.tar.gz -> version-2.0.21.tar.gz ++
15151 lines of diff (skipped)
commit jasper for openSUSE:Factory
Hello community,
here is the log from the commit of package jasper for openSUSE:Factory checked
in at 2019-11-06 15:19:28
Comparing /work/SRC/openSUSE:Factory/jasper (Old)
and /work/SRC/openSUSE:Factory/.jasper.new.2990 (New)
Package is "jasper"
Wed Nov 6 15:19:28 2019 rev:45 rq:745234 version:2.0.16
Changes:
--- /work/SRC/openSUSE:Factory/jasper/jasper.changes2019-06-13
22:36:34.672318311 +0200
+++ /work/SRC/openSUSE:Factory/.jasper.new.2990/jasper.changes 2019-11-06
15:19:30.541374390 +0100
@@ -1,0 +2,7 @@
+Mon Nov 4 17:10:14 UTC 2019 - Michael Vetter
+
+- bsc#1117507 CVE-2018-19541: Properly fix heap based overread
+ in jas_image_depalettize. Original fix caused segfaults.
+ Update jasper-CVE-2018-19541.patch
+
+---
Other differences:
--
++ jasper.spec ++
--- /var/tmp/diff_new_pack.JCTyjf/_old 2019-11-06 15:19:32.141375965 +0100
+++ /var/tmp/diff_new_pack.JCTyjf/_new 2019-11-06 15:19:32.145375969 +0100
@@ -12,7 +12,7 @@
# license that conforms to the Open Source Definition (Version 1.9)
# published by the Open Source Initiative.
-# Please submit bugfixes or comments via http://bugs.opensuse.org/
+# Please submit bugfixes or comments via https://bugs.opensuse.org/
#
++ jasper-CVE-2018-19541.patch ++
--- /var/tmp/diff_new_pack.JCTyjf/_old 2019-11-06 15:19:32.189376013 +0100
+++ /var/tmp/diff_new_pack.JCTyjf/_new 2019-11-06 15:19:32.189376013 +0100
@@ -1,15 +1,17 @@
-Index: jasper-version-2.0.16/src/libjasper/base/jas_image.c
+Index: jasper-version-2.0.16/src/libjasper/jp2/jp2_cod.c
===
jasper-version-2.0.16.orig/src/libjasper/base/jas_image.c
-+++ jasper-version-2.0.16/src/libjasper/base/jas_image.c
-@@ -979,6 +979,10 @@ int jas_image_depalettize(jas_image_t *i
- cmptparms.prec = JAS_IMAGE_CDT_GETPREC(dtype);
- cmptparms.sgnd = JAS_IMAGE_CDT_GETSGND(dtype);
-
-+ if (numlutents < 1) {
+--- jasper-version-2.0.16.orig/src/libjasper/jp2/jp2_cod.c
jasper-version-2.0.16/src/libjasper/jp2/jp2_cod.c
+@@ -855,6 +855,12 @@ static int jp2_pclr_getdata(jp2_box_t *b
+ jp2_getuint8(in, >numchans)) {
+ return -1;
+ }
++
++ // verify in range data as per I.5.3.4 - Palette box
++ if (pclr->numchans < 1 || pclr->numlutents < 1 || pclr->numlutents >
1024) {
+ return -1;
+ }
-+
- if (jas_image_addcmpt(image, newcmptno, )) {
++
+ lutsize = pclr->numlutents * pclr->numchans;
+ if (!(pclr->lutdata = jas_alloc2(lutsize, sizeof(int_fast32_t {
return -1;
- }
commit jasper for openSUSE:Factory
Hello community,
here is the log from the commit of package jasper for openSUSE:Factory checked
in at 2019-06-13 22:36:33
Comparing /work/SRC/openSUSE:Factory/jasper (Old)
and /work/SRC/openSUSE:Factory/.jasper.new.4811 (New)
Package is "jasper"
Thu Jun 13 22:36:33 2019 rev:44 rq:708034 version:2.0.16
Changes:
--- /work/SRC/openSUSE:Factory/jasper/jasper.changes2019-03-27
16:13:44.451631780 +0100
+++ /work/SRC/openSUSE:Factory/.jasper.new.4811/jasper.changes 2019-06-13
22:36:34.672318311 +0200
@@ -1,0 +2,8 @@
+Thu Jun 6 07:43:02 UTC 2019 - mvet...@suse.com
+
+- bsc#1117508 CVE-2018-19540: Fix heap based overflow in jas_icctxtdesc_input
+ Add jasper-CVE-2018-19540.patch: Make sure asclen is at least 1
+- bsc#1117507 CVE-2018-19541: Fix heap based overread in jas_image_depalettize
+ Add jasper-CVE-2018-19541.patch: Check number of lutents
+
+---
New:
jasper-CVE-2018-19540.patch
jasper-CVE-2018-19541.patch
Other differences:
--
++ jasper.spec ++
--- /var/tmp/diff_new_pack.aNYCVZ/_old 2019-06-13 22:36:36.376317757 +0200
+++ /var/tmp/diff_new_pack.aNYCVZ/_new 2019-06-13 22:36:36.412317745 +0200
@@ -30,6 +30,10 @@
Patch4: jasper-CVE-2018-9055.patch
# https://github.com/mdadams/jasper/pull/200
Patch6: jasper-CVE-2018-19542.patch
+# https://github.com/mdadams/jasper/pull/198
+Patch7: jasper-CVE-2018-19540.patch
+# https://github.com/mdadams/jasper/pull/199
+Patch8: jasper-CVE-2018-19541.patch
BuildRequires: Mesa-libGL-devel
BuildRequires: cmake
BuildRequires: doxygen
@@ -84,6 +88,8 @@
%patch1 -p1
%patch4 -p1
%patch6 -p1
+%patch7 -p1
+%patch8 -p1
%build
export CFLAGS="%{optflags} -Wall -std=c99 -D_BSD_SOURCE"
++ jasper-CVE-2018-19540.patch ++
Index: jasper-version-2.0.16/src/libjasper/base/jas_icc.c
===
--- jasper-version-2.0.16.orig/src/libjasper/base/jas_icc.c
+++ jasper-version-2.0.16/src/libjasper/base/jas_icc.c
@@ -1104,6 +1104,8 @@ static int jas_icctxtdesc_input(jas_icca
if (jas_stream_read(in, txtdesc->ascdata, txtdesc->asclen) !=
JAS_CAST(int, txtdesc->asclen))
goto error;
+ if (txtdesc->asclen < 1)
+ goto error;
txtdesc->ascdata[txtdesc->asclen - 1] = '\0';
if (jas_iccgetuint32(in, >uclangcode) ||
jas_iccgetuint32(in, >uclen))
++ jasper-CVE-2018-19541.patch ++
Index: jasper-version-2.0.16/src/libjasper/base/jas_image.c
===
--- jasper-version-2.0.16.orig/src/libjasper/base/jas_image.c
+++ jasper-version-2.0.16/src/libjasper/base/jas_image.c
@@ -979,6 +979,10 @@ int jas_image_depalettize(jas_image_t *i
cmptparms.prec = JAS_IMAGE_CDT_GETPREC(dtype);
cmptparms.sgnd = JAS_IMAGE_CDT_GETSGND(dtype);
+ if (numlutents < 1) {
+ return -1;
+ }
+
if (jas_image_addcmpt(image, newcmptno, )) {
return -1;
}
commit jasper for openSUSE:Factory
Hello community,
here is the log from the commit of package jasper for openSUSE:Factory checked
in at 2019-03-27 16:13:43
Comparing /work/SRC/openSUSE:Factory/jasper (Old)
and /work/SRC/openSUSE:Factory/.jasper.new.25356 (New)
Package is "jasper"
Wed Mar 27 16:13:43 2019 rev:43 rq:688203 version:2.0.16
Changes:
--- /work/SRC/openSUSE:Factory/jasper/jasper.changes2019-03-22
14:52:18.114135392 +0100
+++ /work/SRC/openSUSE:Factory/.jasper.new.25356/jasper.changes 2019-03-27
16:13:44.451631780 +0100
@@ -1,0 +2,16 @@
+Mon Mar 25 10:23:40 UTC 2019 - mvet...@suse.com
+
+- Update to 2.0.16:
+ * Fix assertion failure JPC_NOMINALGAIN (CVE-2016-9396) (#50)
+ * Fix build on Windows 10 (#162)
+ * Improve README
+ * Fix build with CMake 2.x
+ * Add missing dereference operators (#178, #157)
+ * Check data in jas_image (CVE-2018-19539) (#196)
+- Remove because contained in new release:
+ * jasper-CVE-2018-19539.patch
+ * 0001-jpc_cs-reject-all-but-JPC_COX_INS-and-JPC_COX_RFT.patch
+ * Remove 0001-Added-a-fix-from-nrusch-to-allow-JasPer-to-be-build-.patch
+- Run spec-cleaner
+
+---
Old:
0001-Added-a-fix-from-nrusch-to-allow-JasPer-to-be-build-.patch
0001-jpc_cs-reject-all-but-JPC_COX_INS-and-JPC_COX_RFT.patch
jasper-2.0.14.tar.gz
jasper-CVE-2018-19539.patch
New:
version-2.0.16.tar.gz
Other differences:
--
++ jasper.spec ++
--- /var/tmp/diff_new_pack.lC0gpy/_old 2019-03-27 16:13:45.563631496 +0100
+++ /var/tmp/diff_new_pack.lC0gpy/_new 2019-03-27 16:13:45.567631495 +0100
@@ -12,25 +12,22 @@
# license that conforms to the Open Source Definition (Version 1.9)
# published by the Open Source Initiative.
-# Please submit bugfixes or comments via https://bugs.opensuse.org/
+# Please submit bugfixes or comments via http://bugs.opensuse.org/
#
Name: jasper
-Version:2.0.14
+Version:2.0.16
Release:0
Summary:An Implementation of the JPEG-2000 Standard, Part 1
License:SUSE-Public-Domain
Group: Productivity/Graphics/Convertors
-Url:http://www.ece.uvic.ca/~mdadams/jasper/
-Source: %{name}-%{version}.tar.gz
+URL:http://www.ece.uvic.ca/~mdadams/jasper/
+Source:
https://github.com/mdadams/jasper/archive/version-%{version}.tar.gz
Source2:baselibs.conf
Patch1: jasper-CVE-2016-9398.patch
-Patch2: 0001-jpc_cs-reject-all-but-JPC_COX_INS-and-JPC_COX_RFT.patch
-Patch3: 0001-Added-a-fix-from-nrusch-to-allow-JasPer-to-be-build-.patch
+# https://github.com/mdadams/jasper/pull/204
Patch4: jasper-CVE-2018-9055.patch
-# https://github.com/mdadams/jasper/pull/196
-Patch5: jasper-CVE-2018-19539.patch
# https://github.com/mdadams/jasper/pull/200
Patch6: jasper-CVE-2018-19542.patch
BuildRequires: Mesa-libGL-devel
@@ -45,7 +42,6 @@
BuildRequires: libdrm-devel
BuildRequires: libjpeg-devel
BuildRequires: pkgconfig
-BuildRoot: %{_tmppath}/%{name}-%{version}-build
%description
This package contains an implementation of the image compression
@@ -84,12 +80,9 @@
image compression standard Part 1.
%prep
-%setup -q
+%setup -q -n %{name}-version-%{version}
%patch1 -p1
-%patch2 -p1
-%patch3 -p1
%patch4 -p1
-%patch5 -p1
%patch6 -p1
%build
@@ -106,8 +99,9 @@
%postun -n libjasper4 -p /sbin/ldconfig
%files
-%defattr(-,root,root)
-%doc COPYRIGHT LICENSE README doc/*
+%license LICENSE
+%doc COPYRIGHT README doc/*
+%doc %{_docdir}/jasper
%{_bindir}/imgcmp
%{_bindir}/imginfo
%{_bindir}/jasper
@@ -115,11 +109,9 @@
%{_mandir}/man*/*
%files -n libjasper4
-%defattr(-,root,root)
%{_libdir}/libjasper*.so.*
%files -n libjasper-devel
-%defattr(-,root,root)
%{_includedir}/jasper
%{_libdir}/libjasper.so
%{_libdir}/pkgconfig/jasper.pc
commit jasper for openSUSE:Factory
Hello community,
here is the log from the commit of package jasper for openSUSE:Factory checked
in at 2019-03-22 14:52:14
Comparing /work/SRC/openSUSE:Factory/jasper (Old)
and /work/SRC/openSUSE:Factory/.jasper.new.25356 (New)
Package is "jasper"
Fri Mar 22 14:52:14 2019 rev:42 rq:687178 version:2.0.14
Changes:
--- /work/SRC/openSUSE:Factory/jasper/jasper.changes2019-03-14
14:50:57.803800057 +0100
+++ /work/SRC/openSUSE:Factory/.jasper.new.25356/jasper.changes 2019-03-22
14:52:18.114135392 +0100
@@ -1,0 +2,6 @@
+Thu Mar 21 09:38:27 UTC 2019 - Michael Vetter
+
+- bsc#1117505 CVE-2018-19542:
+ * Add jasper-CVE-2018-19542.patch
+
+---
New:
jasper-CVE-2018-19542.patch
Other differences:
--
++ jasper.spec ++
--- /var/tmp/diff_new_pack.ZBFELb/_old 2019-03-22 14:52:19.750134416 +0100
+++ /var/tmp/diff_new_pack.ZBFELb/_new 2019-03-22 14:52:19.754134414 +0100
@@ -12,7 +12,7 @@
# license that conforms to the Open Source Definition (Version 1.9)
# published by the Open Source Initiative.
-# Please submit bugfixes or comments via http://bugs.opensuse.org/
+# Please submit bugfixes or comments via https://bugs.opensuse.org/
#
@@ -29,7 +29,10 @@
Patch2: 0001-jpc_cs-reject-all-but-JPC_COX_INS-and-JPC_COX_RFT.patch
Patch3: 0001-Added-a-fix-from-nrusch-to-allow-JasPer-to-be-build-.patch
Patch4: jasper-CVE-2018-9055.patch
+# https://github.com/mdadams/jasper/pull/196
Patch5: jasper-CVE-2018-19539.patch
+# https://github.com/mdadams/jasper/pull/200
+Patch6: jasper-CVE-2018-19542.patch
BuildRequires: Mesa-libGL-devel
BuildRequires: cmake
BuildRequires: doxygen
@@ -87,6 +90,7 @@
%patch3 -p1
%patch4 -p1
%patch5 -p1
+%patch6 -p1
%build
export CFLAGS="%{optflags} -Wall -std=c99 -D_BSD_SOURCE"
++ jasper-CVE-2018-19542.patch ++
See: https://github.com/mdadams/jasper/pull/200
Index: jasper-2.0.14/src/libjasper/jp2/jp2_dec.c
===
--- jasper-2.0.14.orig/src/libjasper/jp2/jp2_dec.c
+++ jasper-2.0.14/src/libjasper/jp2/jp2_dec.c
@@ -388,6 +388,9 @@ jas_image_t *jp2_decode(jas_stream_t *in
jas_image_setcmpttype(dec->image, newcmptno,
jp2_getct(jas_image_clrspc(dec->image), 0, channo + 1));
}
#endif
+ } else {
+ jas_eprintf("error: invalid MTYP in CMAP
box\n");
+ goto error;
}
}
}
commit jasper for openSUSE:Factory
Hello community,
here is the log from the commit of package jasper for openSUSE:Factory checked
in at 2019-03-14 14:50:56
Comparing /work/SRC/openSUSE:Factory/jasper (Old)
and /work/SRC/openSUSE:Factory/.jasper.new.28833 (New)
Package is "jasper"
Thu Mar 14 14:50:56 2019 rev:41 rq:684439 version:2.0.14
Changes:
--- /work/SRC/openSUSE:Factory/jasper/jasper.changes2018-04-05
15:27:26.141275522 +0200
+++ /work/SRC/openSUSE:Factory/.jasper.new.28833/jasper.changes 2019-03-14
14:50:57.803800057 +0100
@@ -1,0 +2,6 @@
+Tue Mar 12 16:35:04 UTC 2019 - mvet...@suse.com
+
+- bsc#1117511 CVE-2018-19539:
+ * Add jasper-CVE-2018-19539.patch
+
+---
New:
jasper-CVE-2018-19539.patch
Other differences:
--
++ jasper.spec ++
--- /var/tmp/diff_new_pack.Fbq7yD/_old 2019-03-14 14:50:58.351799978 +0100
+++ /var/tmp/diff_new_pack.Fbq7yD/_new 2019-03-14 14:50:58.351799978 +0100
@@ -1,7 +1,7 @@
#
# spec file for package jasper
#
-# Copyright (c) 2018 SUSE LINUX GmbH, Nuernberg, Germany.
+# Copyright (c) 2019 SUSE LINUX GmbH, Nuernberg, Germany.
#
# All modifications and additions to the file contributed by third parties
# remain the property of their copyright owners, unless otherwise agreed
@@ -29,6 +29,7 @@
Patch2: 0001-jpc_cs-reject-all-but-JPC_COX_INS-and-JPC_COX_RFT.patch
Patch3: 0001-Added-a-fix-from-nrusch-to-allow-JasPer-to-be-build-.patch
Patch4: jasper-CVE-2018-9055.patch
+Patch5: jasper-CVE-2018-19539.patch
BuildRequires: Mesa-libGL-devel
BuildRequires: cmake
BuildRequires: doxygen
@@ -85,6 +86,7 @@
%patch2 -p1
%patch3 -p1
%patch4 -p1
+%patch5 -p1
%build
export CFLAGS="%{optflags} -Wall -std=c99 -D_BSD_SOURCE"
++ jasper-CVE-2018-19539.patch ++
Index: jasper-2.0.14/src/libjasper/base/jas_image.c
===
--- jasper-2.0.14.orig/src/libjasper/base/jas_image.c
+++ jasper-2.0.14/src/libjasper/base/jas_image.c
@@ -491,6 +491,10 @@ int jas_image_readcmpt(jas_image_t *imag
image, cmptno, JAS_CAST(long, x), JAS_CAST(long, y),
JAS_CAST(long, width), JAS_CAST(long, height), data));
+ if(data == NULL) {
+ return -1;
+ }
+
if (cmptno < 0 || cmptno >= image->numcmpts_) {
return -1;
}
commit jasper for openSUSE:Factory
Hello community,
here is the log from the commit of package jasper for openSUSE:Factory checked
in at 2018-04-05 15:27:19
Comparing /work/SRC/openSUSE:Factory/jasper (Old)
and /work/SRC/openSUSE:Factory/.jasper.new (New)
Package is "jasper"
Thu Apr 5 15:27:19 2018 rev:40 rq:593093 version:2.0.14
Changes:
--- /work/SRC/openSUSE:Factory/jasper/jasper.changes2017-07-17
09:02:00.289283406 +0200
+++ /work/SRC/openSUSE:Factory/.jasper.new/jasper.changes 2018-04-05
15:27:26.141275522 +0200
@@ -1,0 +2,38 @@
+Thu Mar 29 14:40:02 UTC 2018 - fst...@suse.com
+
+- Added patch:
+ * jasper-CVE-2018-9055.patch
++ fix CVE-2018-9055, bsc#1087020: jasper: denial of service via
+ a reachable assertion in the function jpc_firstone in
+ libjasper/jpc/jpc_math.c.
+
+---
+Thu Mar 29 08:12:30 UTC 2018 - fst...@suse.com
+
+- Upgrade to 2.0.14
+ * Soname and package name change libjasper1 to libjasper4
+ * Security fixes:
++ CVE-2016-9557 jasper: Signed integer overflow in jas_image.c
+- Removed patches:
+ * jasper-1.900.1-uninitialized.patch
++ not needed any more
+ * jasper-CVE-2016-10251.patch
+ * jasper-CVE-2016-8654.patch
+ * jasper-CVE-2016-9262.patch
+ * jasper-CVE-2016-9395.patch
+ * jasper-CVE-2016-9560.patch
+ * jasper-CVE-2016-9583.patch
+ * jasper-CVE-2016-9591.patch
+ * jasper-CVE-2016-9600.patch
+ * jasper-CVE-2017-150.patch
+ * jasper-CVE-2017-5498.patch
+ * jasper-CVE-2017-6850.patch
++ Fixed upstream
+- Added patches:
+ * 0001-jpc_cs-reject-all-but-JPC_COX_INS-and-JPC_COX_RFT.patch
++ fix assertion failure JPC_NOMINALGAIN() which can be caused
+ by a crafted JP2 file.
+ * 0001-Added-a-fix-from-nrusch-to-allow-JasPer-to-be-build-.patch
++ allow JasPer to be build with CMake 2.x as well as CMake 3.x.
+
+---
Old:
jasper-1.900.1-uninitialized.patch
jasper-1.900.14.tar.bz2
jasper-CVE-2016-10251.patch
jasper-CVE-2016-8654.patch
jasper-CVE-2016-9262.patch
jasper-CVE-2016-9395.patch
jasper-CVE-2016-9560.patch
jasper-CVE-2016-9583.patch
jasper-CVE-2016-9591.patch
jasper-CVE-2016-9600.patch
jasper-CVE-2017-150.patch
jasper-CVE-2017-5498.patch
jasper-CVE-2017-6850.patch
New:
0001-Added-a-fix-from-nrusch-to-allow-JasPer-to-be-build-.patch
0001-jpc_cs-reject-all-but-JPC_COX_INS-and-JPC_COX_RFT.patch
jasper-2.0.14.tar.gz
jasper-CVE-2018-9055.patch
Other differences:
--
++ jasper.spec ++
--- /var/tmp/diff_new_pack.HuoFlL/_old 2018-04-05 15:27:26.733254125 +0200
+++ /var/tmp/diff_new_pack.HuoFlL/_new 2018-04-05 15:27:26.737253980 +0200
@@ -1,7 +1,7 @@
#
# spec file for package jasper
#
-# Copyright (c) 2017 SUSE LINUX GmbH, Nuernberg, Germany.
+# Copyright (c) 2018 SUSE LINUX GmbH, Nuernberg, Germany.
#
# All modifications and additions to the file contributed by third parties
# remain the property of their copyright owners, unless otherwise agreed
@@ -17,35 +17,30 @@
Name: jasper
-Version:1.900.14
+Version:2.0.14
Release:0
Summary:An Implementation of the JPEG-2000 Standard, Part 1
License:SUSE-Public-Domain
Group: Productivity/Graphics/Convertors
Url:http://www.ece.uvic.ca/~mdadams/jasper/
-Source: %{name}-%{version}.tar.bz2
+Source: %{name}-%{version}.tar.gz
Source2:baselibs.conf
-Patch0: jasper-1.900.1-uninitialized.patch
-Patch1: jasper-CVE-2016-8654.patch
-Patch2: jasper-CVE-2016-9395.patch
-Patch3: jasper-CVE-2016-9398.patch
-Patch4: jasper-CVE-2016-9560.patch
-Patch5: jasper-CVE-2016-9591.patch
-Patch6: jasper-CVE-2016-10251.patch
-Patch7: jasper-CVE-2017-5498.patch
-Patch8: jasper-CVE-2016-9600.patch
-Patch9: jasper-CVE-2016-9583.patch
-Patch10:jasper-CVE-2017-6850.patch
-Patch11:jasper-CVE-2017-150.patch
-Patch12:jasper-CVE-2016-9262.patch
-BuildRequires: autoconf
-BuildRequires: automake
+Patch1: jasper-CVE-2016-9398.patch
+Patch2: 0001-jpc_cs-reject-all-but-JPC_COX_INS-and-JPC_COX_RFT.patch
+Patch3: 0001-Added-a-fix-from-nrusch-to-allow-JasPer-to-be-build-.patch
+Patch4: jasper-CVE-2018-9055.patch
+BuildRequires: Mesa-libGL-devel
+BuildRequires: cmake
+BuildRequires: doxygen
+BuildRequires: fdupes
+BuildRequires: freeglut-devel
BuildRequires: gcc-c++
+BuildRequires: glu-devel
+BuildRequires: libXi-devel
+BuildRequires: libXmu-devel
BuildRequires: libdrm-devel
BuildRequires: libjpeg-devel
-BuildRequires: libtool
BuildRequires: pkgconfig
commit jasper for openSUSE:Factory
Hello community,
here is the log from the commit of package jasper for openSUSE:Factory checked
in at 2017-07-17 09:01:59
Comparing /work/SRC/openSUSE:Factory/jasper (Old)
and /work/SRC/openSUSE:Factory/.jasper.new (New)
Package is "jasper"
Mon Jul 17 09:01:59 2017 rev:39 rq:509748 version:1.900.14
Changes:
--- /work/SRC/openSUSE:Factory/jasper/jasper.changes2017-03-31
15:01:20.369498459 +0200
+++ /work/SRC/openSUSE:Factory/.jasper.new/jasper.changes 2017-07-17
09:02:00.289283406 +0200
@@ -1,0 +2,50 @@
+Wed Jul 12 07:43:06 UTC 2017 - fst...@suse.com
+
+- Other bugs fixed by existing patches:
+ * jasper-CVE-2016-9395.patch
+- bsc#1010756, CVE-2016-9394: assertion in jas_matrix_t
+ *jas_seq2d_create(int, int, int, int): Assertion
+ `xstart <= xend && ystart <= yend'
+- bsc#1010757, CVE-2016-9392: pc_dec.c:1637: void
+ calcstepsizes(uint_fast16_t, int, uint_fast16_t *):
+ Assertion `!((expn + (numrlvls - 1) - (numrlvls - 1 -
+ ((bandno > 0) ? ((bandno + 2) / 3) : (0 & (~0x1f))'
+ failed.
+- bsc#1010766, CVE-2016-9393: jpc_t2cod.c:297: int
+ jpc_pi_nextrpcl(jpc_pi_t *): Assertion
+ `pi->prcno pirlvl->numprcs' failed.
+- bsc#1010977, CVE-2016-9395: jas_seq.c:90: jas_matrix_t
+ *jas_seq2d_create(int, int, int, int): Assertion `xstart
+ <= xend && ystart <= yend' failed.
+- Other bugs fixed in current version:
+ * bsc#1010774, CVE-2016-9390: jas_seq.c:90: jas_matrix_t
+*jas_seq2d_create(int, int, int, int): Assertion `xstart <=
+xend && ystart <= yend' failed.
+ * bsc#1010782, CVE-2016-9391: jpc_bs.c:197: long
+jpc_bitstream_getbits(jpc_bitstream_t *, int): Assertion
+`n >= 0 && n < 32' failed.
+ * bsc#1010968, CVE-2016-9389: Assertion `((c1)->numcols_) ==
+numcols && ((c2)->numcols_) == numcols' failed.
+ * bsc#1010975, CVE-2016-9388: ras_dec.c:330: int
+ras_getcmap(jas_stream_t *, ras_hdr_t *, ras_cmap_t *):
+Assertion `numcolors <= 256' failed.
+ * bsc#1010960, CVE-2016-9387: jas_seq.c:90: jas_matrix<= yend'
+failed.
+
+---
+Tue Jul 11 10:45:59 UTC 2017 - fst...@suse.com
+
+- Added patch:
+ * jasper-CVE-2016-9262.patch
++ Fix for Multiple overflow vulnerabilities leading to use
+ after free (bsc#1009994, CVE-2016-9262)
+
+---
+Tue Jul 11 09:02:39 UTC 2017 - fst...@suse.com
+
+- Added patch:
+ * jasper-CVE-2017-150.patch
++ Upstream fix for NULL Pointer Dereference jp2_encode
+ (bsc#1047958, CVE-2017-150)
+
+---
New:
jasper-CVE-2016-9262.patch
jasper-CVE-2017-150.patch
Other differences:
--
++ jasper.spec ++
--- /var/tmp/diff_new_pack.54fZeR/_old 2017-07-17 09:02:01.021180344 +0200
+++ /var/tmp/diff_new_pack.54fZeR/_new 2017-07-17 09:02:01.021180344 +0200
@@ -36,6 +36,8 @@
Patch8: jasper-CVE-2016-9600.patch
Patch9: jasper-CVE-2016-9583.patch
Patch10:jasper-CVE-2017-6850.patch
+Patch11:jasper-CVE-2017-150.patch
+Patch12:jasper-CVE-2016-9262.patch
BuildRequires: autoconf
BuildRequires: automake
BuildRequires: gcc-c++
@@ -95,6 +97,8 @@
%patch8 -p1
%patch9 -p1
%patch10 -p1
+%patch11 -p1
+%patch12 -p1
%build
libtoolize --force --copy --install
++ jasper-CVE-2016-9262.patch ++
diff -urEbwB jasper-1.900.14/src/libjasper/base/jas_image.c
jasper-1.900.14.new/src/libjasper/base/jas_image.c
--- jasper-1.900.14/src/libjasper/base/jas_image.c 2017-07-11
12:01:22.628016305 +0200
+++ jasper-1.900.14.new/src/libjasper/base/jas_image.c 2017-07-11
12:38:10.115887712 +0200
@@ -78,6 +78,7 @@
#include
#include
#include
+#include
#include "jasper/jas_math.h"
#include "jasper/jas_image.h"
@@ -333,8 +334,8 @@
// Compute the number of samples in the image component, while
protecting
// against overflow.
// size = cmpt->width_ * cmpt->height_ * cmpt->cps_;
- if (!jas_safe_size_mul(cmpt->width_, cmpt->height_, ) ||
- !jas_safe_size_mul(size, cmpt->cps_, )) {
+ if (!jas_safe_size_mul3(cmpt->width_, cmpt->height_, cmpt->cps_, )
||
+ size > INT_MAX) {
goto error;
}
cmpt->stream_ = (inmem) ? jas_stream_memopen(0, size) :
diff -urEbwB jasper-1.900.14/src/libjasper/include/jasper/jas_math.h
jasper-1.900.14.new/src/libjasper/include/jasper/jas_math.h
--- jasper-1.900.14/src/libjasper/include/jasper/jas_math.h 2017-07-11
12:01:22.616016305 +0200
+++ jasper-1.900.14.new/src/libjasper/include/jasper/jas_math.h 2017-07-11
12:42:52.798047647 +0200
@@
commit jasper for openSUSE:Factory
Hello community,
here is the log from the commit of package jasper for openSUSE:Factory checked
in at 2017-03-31 15:01:19
Comparing /work/SRC/openSUSE:Factory/jasper (Old)
and /work/SRC/openSUSE:Factory/.jasper.new (New)
Package is "jasper"
Fri Mar 31 15:01:19 2017 rev:38 rq:483773 version:1.900.14
Changes:
--- /work/SRC/openSUSE:Factory/jasper/jasper.changes2017-03-18
20:49:35.542022975 +0100
+++ /work/SRC/openSUSE:Factory/.jasper.new/jasper.changes 2017-03-31
15:01:20.369498459 +0200
@@ -1,0 +2,20 @@
+Thu Mar 30 09:51:07 UTC 2017 - fst...@suse.com
+
+- Modified patch:
+ * jasper-CVE-2016-9583.patch
++ integrate upstream change
+ 99a50593254d1b53002719bbecfc946c84b23d27, which fixed a null
+ pointer dereferencing crash.
+
+---
+Wed Mar 22 09:30:41 UTC 2017 - fst...@suse.com
+
+- Added patches:
+ * jasper-CVE-2016-9583.patch
+- Out of bounds heap read in jpc_pi_nextpcrl() (bsc#1015400,
+ CVE-2016-9583)
+ * jasper-CVE-2017-6850.patch
+- NULL pointer dereference in jp2_cdef_destroy (jp2_cod.c)
+ (bsc#1021868, CVE-2017-6850)
+
+---
New:
jasper-CVE-2016-9583.patch
jasper-CVE-2017-6850.patch
Other differences:
--
++ jasper.spec ++
--- /var/tmp/diff_new_pack.CTR5x2/_old 2017-03-31 15:01:21.397353158 +0200
+++ /var/tmp/diff_new_pack.CTR5x2/_new 2017-03-31 15:01:21.397353158 +0200
@@ -34,6 +34,8 @@
Patch6: jasper-CVE-2016-10251.patch
Patch7: jasper-CVE-2017-5498.patch
Patch8: jasper-CVE-2016-9600.patch
+Patch9: jasper-CVE-2016-9583.patch
+Patch10:jasper-CVE-2017-6850.patch
BuildRequires: autoconf
BuildRequires: automake
BuildRequires: gcc-c++
@@ -91,6 +93,8 @@
%patch6 -p1
%patch7 -p1
%patch8 -p1
+%patch9 -p1
+%patch10 -p1
%build
libtoolize --force --copy --install
++ jasper-CVE-2016-9583.patch ++
--- jasper-1.900.14/src/libjasper/include/jasper/jas_types.h2017-03-22
10:14:30.098037013 +0100
+++ jasper-1.900.14/src/libjasper/include/jasper/jas_types.h2017-03-22
10:15:11.619685037 +0100
@@ -128,6 +128,10 @@
#defineJAS_CAST(t, e) \
((t) (e))
+/* The number of bits in the integeral type uint_fast32_t. */
+/* NOTE: This could underestimate the size on some exotic architectures. */
+#define JAS_UINTFAST32_NUMBITS (8 * sizeof(uint_fast32_t))
+
#ifdef __cplusplus
extern "C" {
#endif
--- jasper-1.900.14/src/libjasper/jpc/jpc_t2cod.c 2017-03-22
10:14:30.102037013 +0100
+++ jasper-1.900.14/src/libjasper/jpc/jpc_t2cod.c 2017-03-22
10:15:11.619685037 +0100
@@ -200,7 +200,8 @@
JAS_CAST(int, pchg->lyrnoend); ++pi->lyrno) {
for (pi->compno = pchg->compnostart, pi->picomp =
>picomps[pi->compno]; pi->compno < pi->numcomps &&
- pi->compno < JAS_CAST(int, pchg->compnoend);
++pi->compno, ++pi->picomp) {
+ pi->compno < JAS_CAST(int, pchg->compnoend);
++pi->compno,
+ ++pi->picomp) {
if (pi->rlvlno >= pi->picomp->numrlvls) {
continue;
}
@@ -249,10 +250,17 @@
++compno, ++picomp) {
for (rlvlno = 0, pirlvl = picomp->pirlvls; rlvlno <
picomp->numrlvls; ++rlvlno, ++pirlvl) {
- xstep = picomp->hsamp * (1 <<
(pirlvl->prcwidthexpn +
- picomp->numrlvls - rlvlno - 1));
- ystep = picomp->vsamp * (1 <<
(pirlvl->prcheightexpn +
- picomp->numrlvls - rlvlno - 1));
+ // Check for the potential for overflow
problems.
+ if (pirlvl->prcwidthexpn + pi->picomp->numrlvls
>
+ JAS_UINTFAST32_NUMBITS - 2 ||
+ pirlvl->prcheightexpn + pi->picomp->numrlvls >
+ JAS_UINTFAST32_NUMBITS - 2) {
+ return -1;
+ }
+ xstep = picomp->hsamp *
(JAS_CAST(uint_fast32_t, 1) <<
+ (pirlvl->prcwidthexpn + picomp->numrlvls -
rlvlno - 1));
+ ystep = picomp->vsamp *
(JAS_CAST(uint_fast32_t, 1) <<
+ (pirlvl->prcheightexpn + picomp->numrlvls -
rlvlno - 1));
pi->xstep = (!pi->xstep) ? xstep :
JAS_MIN(pi->xstep, xstep);
commit jasper for openSUSE:Factory
Hello community,
here is the log from the commit of package jasper for openSUSE:Factory checked
in at 2017-03-18 20:49:34
Comparing /work/SRC/openSUSE:Factory/jasper (Old)
and /work/SRC/openSUSE:Factory/.jasper.new (New)
Package is "jasper"
Sat Mar 18 20:49:34 2017 rev:37 rq:480785 version:1.900.14
Changes:
--- /work/SRC/openSUSE:Factory/jasper/jasper.changes2017-03-10
21:00:27.344275359 +0100
+++ /work/SRC/openSUSE:Factory/.jasper.new/jasper.changes 2017-03-18
20:49:35.542022975 +0100
@@ -1,0 +2,20 @@
+Fri Mar 17 08:25:35 UTC 2017 - fst...@suse.com
+
+- Added patches:
+ * jasper-CVE-2017-5498.patch
+- Upstream changes putting braces and belts around
+ CVE-2017-5498, bsc#1020353, left-shift undefined behaviour
+ * jasper-CVE-2016-9600.patch
+- Upstream fix for "Null Pointer Dereference due to missing
+ check for UNKNOWN color space in JP2 encoder" (CVE-2016-9600,
+ bsc#1018088)
+
+---
+Thu Mar 16 08:28:31 UTC 2017 - fst...@suse.com
+
+- Added patch:
+ * jasper-CVE-2016-10251.patch
+- Upstream fix for bsc#1029497, CVE-2016-10251: Use of
+ uninitialized value in jpc_pi_nextcprl (jpc_t2cod.c)
+
+---
New:
jasper-CVE-2016-10251.patch
jasper-CVE-2016-9600.patch
jasper-CVE-2017-5498.patch
Other differences:
--
++ jasper.spec ++
--- /var/tmp/diff_new_pack.wuSCfv/_old 2017-03-18 20:49:36.321912490 +0100
+++ /var/tmp/diff_new_pack.wuSCfv/_new 2017-03-18 20:49:36.321912490 +0100
@@ -17,16 +17,12 @@
Name: jasper
-BuildRequires: gcc-c++
-BuildRequires: libdrm-devel
-BuildRequires: libjpeg-devel
-BuildRequires: unzip
-Url:http://www.ece.uvic.ca/~mdadams/jasper/
Version:1.900.14
Release:0
Summary:An Implementation of the JPEG-2000 Standard, Part 1
License:SUSE-Public-Domain
Group: Productivity/Graphics/Convertors
+Url:http://www.ece.uvic.ca/~mdadams/jasper/
Source: %{name}-%{version}.tar.bz2
Source2:baselibs.conf
Patch0: jasper-1.900.1-uninitialized.patch
@@ -35,7 +31,17 @@
Patch3: jasper-CVE-2016-9398.patch
Patch4: jasper-CVE-2016-9560.patch
Patch5: jasper-CVE-2016-9591.patch
-
+Patch6: jasper-CVE-2016-10251.patch
+Patch7: jasper-CVE-2017-5498.patch
+Patch8: jasper-CVE-2016-9600.patch
+BuildRequires: autoconf
+BuildRequires: automake
+BuildRequires: gcc-c++
+BuildRequires: libdrm-devel
+BuildRequires: libjpeg-devel
+BuildRequires: libtool
+BuildRequires: pkgconfig
+BuildRequires: unzip
BuildRoot: %{_tmppath}/%{name}-%{version}-build
%description
@@ -46,13 +52,13 @@
%package -n libjasper1
Summary:JPEG-2000 library
# bug437293
+# used in <= 11.3
Group: Productivity/Graphics/Convertors
+Obsoletes: libjasper < %{version}-%{release}
+Provides: libjasper = %{version}-%{release}
%ifarch ppc64
Obsoletes: libjasper-64bit
%endif
-# used in <= 11.3
-Obsoletes: libjasper < %{version}-%{release}
-Provides: libjasper = %{version}-%{release}
#
%description -n libjasper1
@@ -62,13 +68,13 @@
%package -n libjasper-devel
Summary:Development files for libjasper, a JPEG-2000 library
# bug437293
+#
Group: Development/Libraries/C and C++
+Requires: libjasper1 = %{version}
+Requires: libjpeg-devel
%ifarch ppc64
Obsoletes: libjasper-devel-64bit
%endif
-#
-Requires: libjasper1 = %{version}
-Requires: libjpeg-devel
%description -n libjasper-devel
This package contains libjasper, a library implementing the JPEG-2000
@@ -82,9 +88,14 @@
%patch3 -p1
%patch4 -p1
%patch5 -p1
+%patch6 -p1
+%patch7 -p1
+%patch8 -p1
%build
-export CFLAGS="$RPM_OPT_FLAGS -Wall -std=c99 -D_BSD_SOURCE"
+libtoolize --force --copy --install
+autoreconf -fi
+export CFLAGS="%{optflags} -Wall -std=c99 -D_BSD_SOURCE"
%configure --prefix="%{_prefix}" --enable-shared --disable-static
--libdir=%{_libdir}
make %{?_smp_mflags}
#
@@ -98,22 +109,21 @@
fi
%install
-make install DESTDIR=$RPM_BUILD_ROOT
+%make_install
mv doc/README doc/README.doc
-rm $RPM_BUILD_ROOT/usr/bin/tmrdemo
+rm %{buildroot}%{_bindir}/tmrdemo
# compatibility link, there was no interface change
-ln -s libjasper.so.1.0.0 $RPM_BUILD_ROOT%{_libdir}/libjasper-1.701.so.1
+ln -s libjasper.so.1.0.0 %{buildroot}%{_libdir}/libjasper-1.701.so.1
%post -n libjasper1 -p /sbin/ldconfig
-
%postun -n libjasper1 -p /sbin/ldconfig
%files
%defattr(-,root,root)
-%doc COPYRIGHT INSTALL LICENSE NEWS README doc/*
-/usr/bin/imgcmp
-/usr/bin/imginfo
-/usr/bin/jasper
+%doc COPYRIGHT
commit jasper for openSUSE:Factory
Hello community,
here is the log from the commit of package jasper for openSUSE:Factory checked
in at 2017-03-10 21:00:26
Comparing /work/SRC/openSUSE:Factory/jasper (Old)
and /work/SRC/openSUSE:Factory/.jasper.new (New)
Package is "jasper"
Fri Mar 10 21:00:26 2017 rev:36 rq:477393 version:1.900.14
Changes:
--- /work/SRC/openSUSE:Factory/jasper/jasper.changes2016-12-26
21:37:48.048149529 +0100
+++ /work/SRC/openSUSE:Factory/.jasper.new/jasper.changes 2017-03-10
21:00:27.344275359 +0100
@@ -1,0 +2,7 @@
+Mon Mar 6 14:19:57 CET 2017 - sbra...@suse.com
+
+- Add -D_BSD_SOURCE to fix redefinition of system types in
+ jas_config.h and breakage in ppc64le, s390 and s390x
+ (bsc#1028070).
+
+---
Other differences:
--
++ jasper.spec ++
--- /var/tmp/diff_new_pack.TOPWZg/_old 2017-03-10 21:00:28.144162007 +0100
+++ /var/tmp/diff_new_pack.TOPWZg/_new 2017-03-10 21:00:28.148161440 +0100
@@ -1,7 +1,7 @@
#
# spec file for package jasper
#
-# Copyright (c) 2016 SUSE LINUX GmbH, Nuernberg, Germany.
+# Copyright (c) 2017 SUSE LINUX GmbH, Nuernberg, Germany.
#
# All modifications and additions to the file contributed by third parties
# remain the property of their copyright owners, unless otherwise agreed
@@ -84,9 +84,18 @@
%patch5 -p1
%build
-export CFLAGS="$RPM_OPT_FLAGS -Wall -std=c99"
+export CFLAGS="$RPM_OPT_FLAGS -Wall -std=c99 -D_BSD_SOURCE"
%configure --prefix="%{_prefix}" --enable-shared --disable-static
--libdir=%{_libdir}
make %{?_smp_mflags}
+#
+# Sanity check
+# With some CFLAGS sets, uint, ulong and ushort are not visible and
jas_config.h
+# refefines system types. It can trigger build failures after
+# #include .
+if grep "#define ushort" src/libjasper/include/jasper/jas_config.h ; then
+ echo "jas_config.h redefines system types" >&2
+ exit 1
+fi
%install
make install DESTDIR=$RPM_BUILD_ROOT
commit jasper for openSUSE:Factory
Hello community,
here is the log from the commit of package jasper for openSUSE:Factory checked
in at 2016-11-03 11:09:04
Comparing /work/SRC/openSUSE:Factory/jasper (Old)
and /work/SRC/openSUSE:Factory/.jasper.new (New)
Package is "jasper"
Changes:
--- /work/SRC/openSUSE:Factory/jasper/jasper.changes2016-10-28
10:42:57.0 +0200
+++ /work/SRC/openSUSE:Factory/.jasper.new/jasper.changes 2016-11-03
11:09:05.0 +0100
@@ -1,0 +2,5 @@
+Fri Oct 28 11:55:35 UTC 2016 - jeng...@inai.de
+
+- Update summaries. Use %_smp_mflags for parallel build.
+
+---
Other differences:
--
++ jasper.spec ++
--- /var/tmp/diff_new_pack.An10bs/_old 2016-11-03 11:09:06.0 +0100
+++ /var/tmp/diff_new_pack.An10bs/_new 2016-11-03 11:09:06.0 +0100
@@ -39,8 +39,8 @@
%package -n libjasper1
Summary:JPEG-2000 library
-# bug437293
Group: Productivity/Graphics/Convertors
+# bug437293
%ifarch ppc64
Obsoletes: libjasper-64bit
%endif
@@ -54,9 +54,9 @@
image compression standard Part 1.
%package -n libjasper-devel
-Summary:JPEG-2000 library - files mandatory for development
-# bug437293
+Summary:Development files for libjasper, a JPEG-2000 library
Group: Development/Libraries/C and C++
+# bug437293
%ifarch ppc64
Obsoletes: libjasper-devel-64bit
%endif
@@ -74,8 +74,8 @@
%build
export CFLAGS="$RPM_OPT_FLAGS -Wall -std=c99"
-%configure --prefix=/usr --enable-shared --disable-static --libdir=%{_libdir}
-make %{?jobs:-j%jobs}
+%configure --prefix="%{_prefix}" --enable-shared --disable-static
--libdir=%{_libdir}
+make %{?_smp_mflags}
%install
make install DESTDIR=$RPM_BUILD_ROOT
commit jasper for openSUSE:Factory
Hello community, here is the log from the commit of package jasper for openSUSE:Factory checked in at 2016-10-28 10:42:56 Comparing /work/SRC/openSUSE:Factory/jasper (Old) and /work/SRC/openSUSE:Factory/.jasper.new (New) Package is "jasper" Changes: --- /work/SRC/openSUSE:Factory/jasper/jasper.changes2016-02-07 09:22:36.0 +0100 +++ /work/SRC/openSUSE:Factory/.jasper.new/jasper.changes 2016-10-28 10:42:57.0 +0200 @@ -1,0 +2,204 @@ +Wed Oct 26 14:18:40 UTC 2016 - fst...@suse.com + +- Updated to bugfix release 1.900.14 + * Security fixes ++ bsc#941919, CVE-2015-5203 ++ bsc#1006591, CVE-2016-8880 ++ bsc#1006593, CVE-2016-8881 ++ bsc#1006597, CVE-2016-8882 ++ bsc#1006598, CVE-2016-8883 ++ bsc#1007009, CVE-2016-8884, CVE-2016-8885 ++ bsc#1006599, CVE-2016-8886 ++ bsc#1006836, bsc#1006839, CVE-2016-8887 + * Changes ++ Add another data file for testing (Michael Adams) ++ Ensure that not all tiles lie outside the image area (Michael + Adams) ++ Added a note on sanitizer options (Michael Adams) ++ Added a simple test script (Michael Adams) ++ Added an --enable-memory-limit configure option (Michael + Adams) ++ Manually merged and edited a few changes from Bob Friesenhahn + (GraphicsMagick Maintainer) for Windows (Michael Adams) ++ Added some new mostly small image files (many of which are + corrupt/invalid) that are useful for testing purposes + (Michael Adams) ++ The debugging function jpc_dec_dump did not consider the case + that a band can have a null data pointer (when a band + contains no samples). This caused a null pointer to be + dereferenced (Michael Adams) ++ Changed the JPC bitstream code to more gracefully handle a + request for a larger sized integer than what can be handled + (i.e., return with an error instead of failing an assert). + (Michael Adams) ++ The component domains must be the same for the ICT/RCT in the + JPC codec. This was previously enforced with an assertion. + Now, it is handled in a more graceful manner (Michael Adams) ++ Fixed a few bugs in the RAS encoder and decoder where errors + were tested with assertions instead of being gracefully + handled (Michael Adams) + +--- +Mon Oct 24 06:50:38 UTC 2016 - fst...@suse.com + +- Updated to bugfix release 1.900.13 + * Changes ++ Fixed another problem with incorrect cleanup of JP2 box data + upon error. (Michael Adams) ++ Fixed another integer overflow problem. (Michael Adams) ++ Replaced the remaining left and right shifts in the QMFB/MCT + code that can result in undefined behavior (due to shifting + negative values) with call to inline functions. + These functions collect all of the undefined behavior in one + place and also allow code sanitizers to ignore this ugliness + (via function attributes). (Michael Adams) ++ Fixed a bug in the row/column split operations for QMFBs. + (Michael Adams) ++ Made the PNM decoder more gracefully handle the not-fully- + supported feature of signed sample data. (Michael Adams) ++ The PNM decoder did not gracefully handle an invalid magic + number in the PNM header. (Michael Adams) ++ Fixed a MIF decoder bug. (Michael Adams) ++ The imginfo command did not correctly handle an image with + zero components. (Michael Adams) ++ Fixed an integer overflow problem. (Michael Adams) ++ A new experimental memory allocator has been introduced. The + allocator is experimental in the sense that its API is not + considered stable and the allocator may change or disappear + entirely in future versions of the code. This new allocator + tracks how much memory is being used by jas_malloc and friends. + A maximum upper bound on the memory usage can be set via the + experimental API provided and a default value can be set at + build time as well. Such functionality may be useful in + run-time environments where the user wants to be able to limit + the amount of memory used by JasPer. This allocator is not + used by default. (Michael Adams) ++ Changed the configure setup so that if GCC is used warnings + and pedantic errors are enabled. (Michael Adams) ++ Fixed a bug that resulted in the destruction of JP2 box data + that had never been constructed in the first place. (Michael + Adams) ++ The memory stream interface allows for a buffer size of zero. + The case of a zero-sized buffer was not handled correctly, as + it could lead to a double free (bsc#1005242, CVE-2016-8693). + (Michael Adams) ++ Fixed a small memory leak for CRG marker
commit jasper for openSUSE:Factory
Hello community,
here is the log from the commit of package jasper for openSUSE:Factory checked
in at 2016-02-07 09:22:35
Comparing /work/SRC/openSUSE:Factory/jasper (Old)
and /work/SRC/openSUSE:Factory/.jasper.new (New)
Package is "jasper"
Changes:
--- /work/SRC/openSUSE:Factory/jasper/jasper.changes2016-01-23
01:15:36.0 +0100
+++ /work/SRC/openSUSE:Factory/.jasper.new/jasper.changes 2016-02-07
09:22:36.0 +0100
@@ -1,0 +2,18 @@
+Tue Feb 2 07:48:21 UTC 2016 - fst...@suse.com
+
+- Modified patch
+ * jasper-CVE-2016-2089.patch
++ Use the new version of patch from
+ https://bugzilla.redhat.com/show_bug.cgi?id=1302636
+ with more targetted checks.
+- Version the Obsoletes/Provides so that the package does not
+ obsolete itself
+
+---
+Thu Jan 28 14:59:27 UTC 2016 - fst...@suse.com
+
+- Add jasper-CVE-2016-2089.patch
+ * CVE-2016-2089: invalid read in the JasPer's jas_matrix_clip()
+function (bsc#963983)
+
+---
New:
jasper-CVE-2016-2089.patch
Other differences:
--
++ jasper.spec ++
--- /var/tmp/diff_new_pack.qdnWda/_old 2016-02-07 09:22:37.0 +0100
+++ /var/tmp/diff_new_pack.qdnWda/_new 2016-02-07 09:22:37.0 +0100
@@ -43,6 +43,7 @@
# PATCH-FIX-UPSTREAM jasper-jpc_dec.patch deb#469786 badshah...@gmail.com --
Fix failure when manipulating images with 4 component color using reversible
color translation (patch taken from Fedora)
Patch11:jasper-jpc_dec.patch
Patch12:jasper-CVE-2016-1867.patch
+Patch13:jasper-CVE-2016-2089.patch
BuildRoot: %{_tmppath}/%{name}-%{version}-build
%description
@@ -58,8 +59,8 @@
Obsoletes: libjasper-64bit
%endif
# used in <= 11.3
-Obsoletes: libjasper
-Provides: libjasper
+Obsoletes: libjasper < %{version}-%{release}
+Provides: libjasper = %{version}-%{release}
#
%description -n libjasper1
@@ -95,6 +96,7 @@
%patch10 -p1
%patch11 -p1
%patch12 -p1
+%patch13 -p1
%build
autoreconf -i -f
++ jasper-CVE-2016-2089.patch ++
diff -pru jasper-1.900.1.orig/src/libjasper/base/jas_image.c
jasper-1.900.1/src/libjasper/base/jas_image.c
--- jasper-1.900.1.orig/src/libjasper/base/jas_image.c 2016-02-01
14:53:56.0 +0100
+++ jasper-1.900.1/src/libjasper/base/jas_image.c 2016-02-01
21:49:58.746006339 +0100
@@ -433,6 +433,10 @@ int jas_image_readcmpt(jas_image_t *imag
return -1;
}
+ if (!data->rows_) {
+ return -1;
+ }
+
if (jas_matrix_numrows(data) != height || jas_matrix_numcols(data) !=
width) {
if (jas_matrix_resize(data, height, width)) {
return -1;
@@ -486,6 +490,10 @@ int jas_image_writecmpt(jas_image_t *ima
return -1;
}
+ if (!data->rows_) {
+ return -1;
+ }
+
if (jas_matrix_numrows(data) != height || jas_matrix_numcols(data) !=
width) {
return -1;
}
diff -pru jasper-1.900.1.orig/src/libjasper/base/jas_seq.c
jasper-1.900.1/src/libjasper/base/jas_seq.c
--- jasper-1.900.1.orig/src/libjasper/base/jas_seq.c2016-02-01
14:53:56.0 +0100
+++ jasper-1.900.1/src/libjasper/base/jas_seq.c 2016-02-01 21:53:45.149193159
+0100
@@ -266,6 +266,10 @@ void jas_matrix_divpow2(jas_matrix_t *ma
int rowstep;
jas_seqent_t *data;
+ if (!matrix->rows_) {
+ return;
+ }
+
rowstep = jas_matrix_rowstep(matrix);
for (i = matrix->numrows_, rowstart = matrix->rows_[0]; i > 0; --i,
rowstart += rowstep) {
@@ -286,6 +290,10 @@ void jas_matrix_clip(jas_matrix_t *matri
jas_seqent_t *data;
int rowstep;
+ if (!matrix->rows_) {
+ return;
+ }
+
rowstep = jas_matrix_rowstep(matrix);
for (i = matrix->numrows_, rowstart = matrix->rows_[0]; i > 0; --i,
rowstart += rowstep) {
@@ -310,6 +318,10 @@ void jas_matrix_asr(jas_matrix_t *matrix
int rowstep;
jas_seqent_t *data;
+ if (!matrix->rows_) {
+ return;
+ }
+
assert(n >= 0);
rowstep = jas_matrix_rowstep(matrix);
for (i = matrix->numrows_, rowstart = matrix->rows_[0]; i > 0; --i,
@@ -329,6 +341,10 @@ void jas_matrix_asl(jas_matrix_t *matrix
int rowstep;
jas_seqent_t *data;
+ if (!matrix->rows_) {
+ return;
+ }
+
rowstep = jas_matrix_rowstep(matrix);
for (i = matrix->numrows_, rowstart = matrix->rows_[0]; i > 0; --i,
rowstart += rowstep) {
@@ -371,6 +387,10 @@ void
commit jasper for openSUSE:Factory
Hello community,
here is the log from the commit of package jasper for openSUSE:Factory checked
in at 2016-01-23 01:15:17
Comparing /work/SRC/openSUSE:Factory/jasper (Old)
and /work/SRC/openSUSE:Factory/.jasper.new (New)
Package is "jasper"
Changes:
--- /work/SRC/openSUSE:Factory/jasper/jasper.changes2015-07-19
11:45:21.0 +0200
+++ /work/SRC/openSUSE:Factory/.jasper.new/jasper.changes 2016-01-23
01:15:36.0 +0100
@@ -1,0 +2,7 @@
+Thu Jan 14 13:55:04 UTC 2016 - fst...@suse.com
+
+- Add jasper-CVE-2016-1867.patch
+ * CVE-2016-1867: Out-of-bounds Read in the JasPer's
+jpc_pi_nextcprl() function (bsc#961886)
+
+---
@@ -18 +25 @@
-- fixed CVE-2014-8137, CVE-2014-8137 (bnc#909474, bnc#909475)
+- fixed CVE-2014-8137, CVE-2014-8138 (bnc#909474, bnc#909475)
@@ -26,0 +34,5 @@
+
+---
+Thu Jun 12 11:06:02 UTC 2014 - nadvor...@suse.com
+
+- added obsoletes and provides of libjasper-32bit (bnc#881716)
New:
jasper-CVE-2016-1867.patch
Other differences:
--
++ jasper.spec ++
--- /var/tmp/diff_new_pack.QOCIuR/_old 2016-01-23 01:15:37.0 +0100
+++ /var/tmp/diff_new_pack.QOCIuR/_new 2016-01-23 01:15:37.0 +0100
@@ -1,7 +1,7 @@
#
# spec file for package jasper
#
-# Copyright (c) 2015 SUSE LINUX GmbH, Nuernberg, Germany.
+# Copyright (c) 2016 SUSE LINUX GmbH, Nuernberg, Germany.
#
# All modifications and additions to the file contributed by third parties
# remain the property of their copyright owners, unless otherwise agreed
@@ -42,6 +42,7 @@
Patch10:jasper-CVE-2014-8158.patch
# PATCH-FIX-UPSTREAM jasper-jpc_dec.patch deb#469786 badshah...@gmail.com --
Fix failure when manipulating images with 4 component color using reversible
color translation (patch taken from Fedora)
Patch11:jasper-jpc_dec.patch
+Patch12:jasper-CVE-2016-1867.patch
BuildRoot: %{_tmppath}/%{name}-%{version}-build
%description
@@ -93,6 +94,7 @@
%patch9 -p1
%patch10 -p1
%patch11 -p1
+%patch12 -p1
%build
autoreconf -i -f
++ baselibs.conf ++
--- /var/tmp/diff_new_pack.QOCIuR/_old 2016-01-23 01:15:37.0 +0100
+++ /var/tmp/diff_new_pack.QOCIuR/_new 2016-01-23 01:15:37.0 +0100
@@ -1 +1,3 @@
libjasper1
+obsoletes "libjasper-"
+provides "libjasper-"
++ jasper-CVE-2016-1867.patch ++
--- jasper-1.900.1/src/libjasper/jpc/jpc_t2cod.c2007-01-19
22:43:07.0 +0100
+++ jasper-1.900.1/src/libjasper/jpc/jpc_t2cod.c2016-01-14
14:22:24.569056412 +0100
@@ -429,7 +429,7 @@
}
for (pi->compno = pchg->compnostart, pi->picomp =
- >picomps[pi->compno]; pi->compno < JAS_CAST(int,
pchg->compnoend); ++pi->compno,
+ >picomps[pi->compno]; pi->compno < JAS_CAST(int, pchg->compnoend)
&& pi->compno < pi->numcomps; ++pi->compno,
++pi->picomp) {
pirlvl = pi->picomp->pirlvls;
pi->xstep = pi->picomp->hsamp * (1 << (pirlvl->prcwidthexpn +
commit jasper for openSUSE:Factory
Hello community,
here is the log from the commit of package jasper for openSUSE:Factory checked
in at 2015-07-19 11:45:20
Comparing /work/SRC/openSUSE:Factory/jasper (Old)
and /work/SRC/openSUSE:Factory/.jasper.new (New)
Package is jasper
Changes:
--- /work/SRC/openSUSE:Factory/jasper/jasper.changes2015-01-24
22:19:44.0 +0100
+++ /work/SRC/openSUSE:Factory/.jasper.new/jasper.changes 2015-07-19
11:45:21.0 +0200
@@ -1,0 +2,7 @@
+Sun Jul 12 09:03:19 UTC 2015 - badshah...@gmail.com
+
+- Add jasper-jpc_dec.patch to fix failure when manipulating images
+ with 4 component color using reversible color translation
+ (deb#469786); patch taken from Fedora.
+
+---
New:
jasper-jpc_dec.patch
Other differences:
--
++ jasper.spec ++
--- /var/tmp/diff_new_pack.sti43I/_old 2015-07-19 11:45:22.0 +0200
+++ /var/tmp/diff_new_pack.sti43I/_new 2015-07-19 11:45:22.0 +0200
@@ -1,7 +1,7 @@
#
# spec file for package jasper
#
-# Copyright (c) 2015 SUSE LINUX Products GmbH, Nuernberg, Germany.
+# Copyright (c) 2015 SUSE LINUX GmbH, Nuernberg, Germany.
#
# All modifications and additions to the file contributed by third parties
# remain the property of their copyright owners, unless otherwise agreed
@@ -40,6 +40,8 @@
Patch8: jasper-CVE-2014-8138.patch
Patch9: jasper-CVE-2014-8157.patch
Patch10:jasper-CVE-2014-8158.patch
+# PATCH-FIX-UPSTREAM jasper-jpc_dec.patch deb#469786 badshah...@gmail.com --
Fix failure when manipulating images with 4 component color using reversible
color translation (patch taken from Fedora)
+Patch11:jasper-jpc_dec.patch
BuildRoot: %{_tmppath}/%{name}-%{version}-build
%description
@@ -90,6 +92,7 @@
%patch8 -p1
%patch9 -p1
%patch10 -p1
+%patch11 -p1
%build
autoreconf -i -f
++ jasper-jpc_dec.patch ++
diff -urN jasper-1.900.1/src/libjasper/jpc/jpc_dec.c
jasper-1.900.1-fix/src/libjasper/jpc/jpc_dec.c
--- jasper-1.900.1/src/libjasper/jpc/jpc_dec.c 2007-01-19 14:43:07.0
-0700
+++ jasper-1.900.1-fix/src/libjasper/jpc/jpc_dec.c 2008-03-06
16:51:12.0 -0700
@@ -1069,12 +1069,12 @@
/* Apply an inverse intercomponent transform if necessary. */
switch (tile-cp-mctid) {
case JPC_MCT_RCT:
- assert(dec-numcomps == 3);
+ assert(dec-numcomps = 3);
jpc_irct(tile-tcomps[0].data, tile-tcomps[1].data,
tile-tcomps[2].data);
break;
case JPC_MCT_ICT:
- assert(dec-numcomps == 3);
+ assert(dec-numcomps = 3);
jpc_iict(tile-tcomps[0].data, tile-tcomps[1].data,
tile-tcomps[2].data);
break;
commit jasper for openSUSE:Factory
Hello community,
here is the log from the commit of package jasper for openSUSE:Factory checked
in at 2015-01-24 22:19:42
Comparing /work/SRC/openSUSE:Factory/jasper (Old)
and /work/SRC/openSUSE:Factory/.jasper.new (New)
Package is jasper
Changes:
--- /work/SRC/openSUSE:Factory/jasper/jasper.changes2014-12-21
12:02:37.0 +0100
+++ /work/SRC/openSUSE:Factory/.jasper.new/jasper.changes 2015-01-24
22:19:44.0 +0100
@@ -1,0 +2,7 @@
+Fri Jan 23 14:25:53 UTC 2015 - nadvor...@suse.com
+
+- fixed CVE-2014-8157, CVE-2014-8158 (bnc#911837)
+ + jasper-CVE-2014-8157.patch
+ + jasper-CVE-2014-8158.patch
+
+---
New:
jasper-CVE-2014-8157.patch
jasper-CVE-2014-8158.patch
Other differences:
--
++ jasper.spec ++
--- /var/tmp/diff_new_pack.GQjfqt/_old 2015-01-24 22:19:45.0 +0100
+++ /var/tmp/diff_new_pack.GQjfqt/_new 2015-01-24 22:19:45.0 +0100
@@ -1,7 +1,7 @@
#
# spec file for package jasper
#
-# Copyright (c) 2014 SUSE LINUX Products GmbH, Nuernberg, Germany.
+# Copyright (c) 2015 SUSE LINUX Products GmbH, Nuernberg, Germany.
#
# All modifications and additions to the file contributed by third parties
# remain the property of their copyright owners, unless otherwise agreed
@@ -38,6 +38,8 @@
Patch6: jasper-overflow-bnc906364.patch
Patch7: jasper-CVE-2014-8137.patch
Patch8: jasper-CVE-2014-8138.patch
+Patch9: jasper-CVE-2014-8157.patch
+Patch10:jasper-CVE-2014-8158.patch
BuildRoot: %{_tmppath}/%{name}-%{version}-build
%description
@@ -86,6 +88,8 @@
%patch6 -p1
%patch7 -p1
%patch8 -p1
+%patch9 -p1
+%patch10 -p1
%build
autoreconf -i -f
++ jasper-CVE-2014-8157.patch ++
diff -ru jasper-1.900.1.orig/src/libjasper/jpc/jpc_dec.c
jasper-1.900.1/src/libjasper/jpc/jpc_dec.c
--- jasper-1.900.1.orig/src/libjasper/jpc/jpc_dec.c 2007-01-19
22:43:07.0 +0100
+++ jasper-1.900.1/src/libjasper/jpc/jpc_dec.c 2015-01-14 11:45:26.601242398
+0100
@@ -1204,7 +1204,7 @@
dec-numhtiles = JPC_CEILDIV(dec-xend - dec-tilexoff, dec-tilewidth);
dec-numvtiles = JPC_CEILDIV(dec-yend - dec-tileyoff,
dec-tileheight);
dec-numtiles = dec-numhtiles * dec-numvtiles;
- if (!(dec-tiles = jas_alloc2(dec-numtiles, sizeof(jpc_dec_tile_t {
+ if (dec-numtiles == 0 || !(dec-tiles = jas_alloc2(dec-numtiles,
sizeof(jpc_dec_tile_t {
return -1;
}
++ jasper-CVE-2014-8158.patch ++
diff -ru jasper-1.900.1.orig/src/libjasper/jpc/jpc_qmfb.c
jasper-1.900.1/src/libjasper/jpc/jpc_qmfb.c
--- jasper-1.900.1.orig/src/libjasper/jpc/jpc_qmfb.c2015-01-14
15:36:00.0 +0100
+++ jasper-1.900.1/src/libjasper/jpc/jpc_qmfb.c 2015-01-14 15:36:37.222173618
+0100
@@ -306,11 +306,7 @@
{
int bufsize = JPC_CEILDIVPOW2(numcols, 1);
-#if !defined(HAVE_VLA)
jpc_fix_t splitbuf[QMFB_SPLITBUFSIZE];
-#else
- jpc_fix_t splitbuf[bufsize];
-#endif
jpc_fix_t *buf = splitbuf;
register jpc_fix_t *srcptr;
register jpc_fix_t *dstptr;
@@ -318,7 +314,6 @@
register int m;
int hstartcol;
-#if !defined(HAVE_VLA)
/* Get a buffer. */
if (bufsize QMFB_SPLITBUFSIZE) {
if (!(buf = jas_alloc2(bufsize, sizeof(jpc_fix_t {
@@ -326,7 +321,6 @@
abort();
}
}
-#endif
if (numcols = 2) {
hstartcol = (numcols + 1 - parity) 1;
@@ -360,12 +354,10 @@
}
}
-#if !defined(HAVE_VLA)
/* If the split buffer was allocated on the heap, free this memory. */
if (buf != splitbuf) {
jas_free(buf);
}
-#endif
}
@@ -374,11 +366,7 @@
{
int bufsize = JPC_CEILDIVPOW2(numrows, 1);
-#if !defined(HAVE_VLA)
jpc_fix_t splitbuf[QMFB_SPLITBUFSIZE];
-#else
- jpc_fix_t splitbuf[bufsize];
-#endif
jpc_fix_t *buf = splitbuf;
register jpc_fix_t *srcptr;
register jpc_fix_t *dstptr;
@@ -386,7 +374,6 @@
register int m;
int hstartcol;
-#if !defined(HAVE_VLA)
/* Get a buffer. */
if (bufsize QMFB_SPLITBUFSIZE) {
if (!(buf = jas_alloc2(bufsize, sizeof(jpc_fix_t {
@@ -394,7 +381,6 @@
abort();
}
}
-#endif
if (numrows = 2) {
hstartcol = (numrows + 1 - parity) 1;
@@ -428,12 +414,10 @@
}
}
-#if !defined(HAVE_VLA)
/* If the split buffer was allocated on the heap, free this memory. */
if (buf != splitbuf) {
jas_free(buf);
}
-#endif
}
commit jasper for openSUSE:Factory
Hello community,
here is the log from the commit of package jasper for openSUSE:Factory checked
in at 2014-12-21 12:03:28
Comparing /work/SRC/openSUSE:Factory/jasper (Old)
and /work/SRC/openSUSE:Factory/.jasper.new (New)
Package is jasper
Changes:
--- /work/SRC/openSUSE:Factory/jasper/jasper.changes2014-03-18
16:21:24.0 +0100
+++ /work/SRC/openSUSE:Factory/.jasper.new/jasper.changes 2014-12-21
12:02:37.0 +0100
@@ -1,0 +2,13 @@
+Fri Dec 19 10:31:14 UTC 2014 - nadvor...@suse.com
+
+- fixed CVE-2014-8137, CVE-2014-8137 (bnc#909474, bnc#909475)
+ + jasper-CVE-2014-8137.patch
+ + jasper-CVE-2014-8138.patch
+
+---
+Fri Dec 5 09:56:39 UTC 2014 - nadvor...@suse.com
+
+- fixed possible overflow CVE-2014-9029 (bnc#906364)
+ + jasper-overflow-bnc906364.patch
+
+---
New:
jasper-CVE-2014-8137.patch
jasper-CVE-2014-8138.patch
jasper-overflow-bnc906364.patch
Other differences:
--
++ jasper.spec ++
--- /var/tmp/diff_new_pack.R0UmEH/_old 2014-12-21 12:02:38.0 +0100
+++ /var/tmp/diff_new_pack.R0UmEH/_new 2014-12-21 12:02:38.0 +0100
@@ -35,6 +35,9 @@
Patch3: %{name}-%{version}-bug392410.patch
Patch4: %{name}-%{version}-no-undef-true-false.patch
Patch5: jasper-1.900.1-bug725758.patch
+Patch6: jasper-overflow-bnc906364.patch
+Patch7: jasper-CVE-2014-8137.patch
+Patch8: jasper-CVE-2014-8138.patch
BuildRoot: %{_tmppath}/%{name}-%{version}-build
%description
@@ -80,6 +83,9 @@
%patch3
%patch4
%patch5 -p1
+%patch6 -p1
+%patch7 -p1
+%patch8 -p1
%build
autoreconf -i -f
++ jasper-CVE-2014-8137.patch ++
--- jasper-1.900.1.orig/src/libjasper/base/jas_icc.c2014-12-11
14:06:44.0 +0100
+++ jasper-1.900.1/src/libjasper/base/jas_icc.c 2014-12-11 15:16:37.971272386
+0100
@@ -1009,7 +1009,6 @@ static int jas_icccurv_input(jas_iccattr
return 0;
error:
- jas_icccurv_destroy(attrval);
return -1;
}
@@ -1127,7 +1126,6 @@ static int jas_icctxtdesc_input(jas_icca
#endif
return 0;
error:
- jas_icctxtdesc_destroy(attrval);
return -1;
}
@@ -1206,8 +1204,6 @@ static int jas_icctxt_input(jas_iccattrv
goto error;
return 0;
error:
- if (txt-string)
- jas_free(txt-string);
return -1;
}
@@ -1328,7 +1324,6 @@ static int jas_icclut8_input(jas_iccattr
goto error;
return 0;
error:
- jas_icclut8_destroy(attrval);
return -1;
}
@@ -1497,7 +1492,6 @@ static int jas_icclut16_input(jas_iccatt
goto error;
return 0;
error:
- jas_icclut16_destroy(attrval);
return -1;
}
--- jasper-1.900.1.orig/src/libjasper/jp2/jp2_dec.c 2014-12-11
14:30:54.193209780 +0100
+++ jasper-1.900.1/src/libjasper/jp2/jp2_dec.c 2014-12-11 14:36:46.313217814
+0100
@@ -291,7 +291,10 @@ jas_image_t *jp2_decode(jas_stream_t *in
case JP2_COLR_ICC:
iccprof = jas_iccprof_createfrombuf(dec-colr-data.colr.iccp,
dec-colr-data.colr.iccplen);
- assert(iccprof);
+ if (!iccprof) {
+ jas_eprintf(error: failed to parse ICC profile\n);
+ goto error;
+ }
jas_iccprof_gethdr(iccprof, icchdr);
jas_eprintf(ICC Profile CS %08x\n, icchdr.colorspc);
jas_image_setclrspc(dec-image, fromiccpcs(icchdr.colorspc));
++ jasper-CVE-2014-8138.patch ++
diff -ru jasper-1.900.1.orig/src/libjasper/jp2/jp2_cod.c
jasper-1.900.1/src/libjasper/jp2/jp2_cod.c
--- jasper-1.900.1.orig/src/libjasper/jp2/jp2_cod.c 2007-01-19
22:43:05.0 +0100
+++ jasper-1.900.1/src/libjasper/jp2/jp2_cod.c 2014-12-17 11:58:58.271398603
+0100
@@ -459,7 +459,8 @@
for (channo = 0; channo cdef-numchans; ++channo) {
chan = cdef-ents[channo];
if (jp2_getuint16(in, chan-channo) || jp2_getuint16(in,
chan-type) ||
- jp2_getuint16(in, chan-assoc)) {
+ jp2_getuint16(in, chan-assoc) ||
+ chan-channo = cdef-numchans ) {
return -1;
}
}
++ jasper-overflow-bnc906364.patch ++
--- jasper-1.900.1.orig/src/libjasper/jpc/jpc_dec.c 2014-11-27
12:45:44.0 +0100
+++ jasper-1.900.1.orig/src/libjasper/jpc/jpc_dec.c 2014-11-27
12:44:58.0 +0100
@@ -1281,7 +1281,7 @@ static int jpc_dec_process_coc(jpc_dec_t
jpc_coc_t *coc = ms-parms.coc;
jpc_dec_tile_t *tile;
- if
commit jasper for openSUSE:Factory
Hello community,
here is the log from the commit of package jasper for openSUSE:Factory checked
in at 2014-03-18 16:21:18
Comparing /work/SRC/openSUSE:Factory/jasper (Old)
and /work/SRC/openSUSE:Factory/.jasper.new (New)
Package is jasper
Changes:
--- /work/SRC/openSUSE:Factory/jasper/jasper.changes2013-09-14
19:10:23.0 +0200
+++ /work/SRC/openSUSE:Factory/.jasper.new/jasper.changes 2014-03-18
16:21:24.0 +0100
@@ -1,0 +2,5 @@
+Wed Mar 5 15:26:47 UTC 2014 - nadvor...@suse.com
+
+- fixed possible overflow (bnc#725758, bnc#830803)
+
+---
New:
jasper-1.900.1-bug725758.patch
Other differences:
--
++ jasper.spec ++
--- /var/tmp/diff_new_pack.iWUKGp/_old 2014-03-18 16:21:27.0 +0100
+++ /var/tmp/diff_new_pack.iWUKGp/_new 2014-03-18 16:21:27.0 +0100
@@ -1,7 +1,7 @@
#
# spec file for package jasper
#
-# Copyright (c) 2013 SUSE LINUX Products GmbH, Nuernberg, Germany.
+# Copyright (c) 2014 SUSE LINUX Products GmbH, Nuernberg, Germany.
#
# All modifications and additions to the file contributed by third parties
# remain the property of their copyright owners, unless otherwise agreed
@@ -34,6 +34,7 @@
Patch2: %{name}-%{version}-bug258253.patch
Patch3: %{name}-%{version}-bug392410.patch
Patch4: %{name}-%{version}-no-undef-true-false.patch
+Patch5: jasper-1.900.1-bug725758.patch
BuildRoot: %{_tmppath}/%{name}-%{version}-build
%description
@@ -78,6 +79,7 @@
%patch2
%patch3
%patch4
+%patch5 -p1
%build
autoreconf -i -f
++ jasper-1.900.1-bug725758.patch ++
diff -ru jasper-1.900.1.orig/src/libjasper/jpc/jpc_cs.c
jasper-1.900.1/src/libjasper/jpc/jpc_cs.c
--- jasper-1.900.1.orig/src/libjasper/jpc/jpc_cs.c 2011-11-29
14:13:01.0 +0100
+++ jasper-1.900.1/src/libjasper/jpc/jpc_cs.c 2011-11-29 14:15:11.638066001
+0100
@@ -744,6 +744,12 @@
return -1;
}
compparms-numrlvls = compparms-numdlvls + 1;
+ if (compparms-numrlvls JPC_MAXRLVLS) {
+ compparms-numrlvls = 0;
+ jpc_cox_destroycompparms(compparms);
+ return -1;
+ }
+
if (prtflag) {
for (i = 0; i compparms-numrlvls; ++i) {
if (jpc_getuint8(in, tmp)) {
@@ -1331,7 +1337,7 @@
jpc_crgcomp_t *comp;
uint_fast16_t compno;
crg-numcomps = cstate-numcomps;
- if (!(crg-comps = jas_alloc2(cstate-numcomps,
sizeof(uint_fast16_t {
+ if (!(crg-comps = jas_alloc2(cstate-numcomps,
sizeof(jpc_crgcomp_t {
return -1;
}
for (compno = 0, comp = crg-comps; compno cstate-numcomps;
--
To unsubscribe, e-mail: opensuse-commit+unsubscr...@opensuse.org
For additional commands, e-mail: opensuse-commit+h...@opensuse.org
commit jasper for openSUSE:Factory
Hello community,
here is the log from the commit of package jasper for openSUSE:Factory checked
in at 2013-09-14 19:10:21
Comparing /work/SRC/openSUSE:Factory/jasper (Old)
and /work/SRC/openSUSE:Factory/.jasper.new (New)
Package is jasper
Changes:
--- /work/SRC/openSUSE:Factory/jasper/jasper.changes2013-04-02
11:55:24.0 +0200
+++ /work/SRC/openSUSE:Factory/.jasper.new/jasper.changes 2013-09-14
19:10:23.0 +0200
@@ -1,0 +2,5 @@
+Wed Sep 11 08:01:48 UTC 2013 - pgaj...@suse.com
+
+- added no-undef-true-false.patch to fix [bnc#839584]
+
+---
New:
jasper-1.900.1-no-undef-true-false.patch
Other differences:
--
++ jasper.spec ++
--- /var/tmp/diff_new_pack.ZOb2eI/_old 2013-09-14 19:10:25.0 +0200
+++ /var/tmp/diff_new_pack.ZOb2eI/_new 2013-09-14 19:10:25.0 +0200
@@ -33,6 +33,7 @@
Patch: %{name}-%{version}-uninitialized.patch
Patch2: %{name}-%{version}-bug258253.patch
Patch3: %{name}-%{version}-bug392410.patch
+Patch4: %{name}-%{version}-no-undef-true-false.patch
BuildRoot: %{_tmppath}/%{name}-%{version}-build
%description
@@ -76,6 +77,7 @@
%patch
%patch2
%patch3
+%patch4
%build
autoreconf -i -f
++ jasper-1.900.1-no-undef-true-false.patch ++
Index: src/libjasper/include/jasper/jas_types.h
===
--- src/libjasper/include/jasper/jas_types.h
+++ src/libjasper/include/jasper/jas_types.h
@@ -93,8 +93,6 @@
#endif
#if defined(HAVE_STDLIB_H)
-#undef false
-#undef true
#include stdlib.h
#endif
#if defined(HAVE_STDDEF_H)
--
To unsubscribe, e-mail: opensuse-commit+unsubscr...@opensuse.org
For additional commands, e-mail: opensuse-commit+h...@opensuse.org
commit jasper for openSUSE:Factory
Hello community,
here is the log from the commit of package jasper for openSUSE:Factory checked
in at 2013-04-02 11:55:22
Comparing /work/SRC/openSUSE:Factory/jasper (Old)
and /work/SRC/openSUSE:Factory/.jasper.new (New)
Package is jasper, Maintainer is nadvor...@suse.com
Changes:
--- /work/SRC/openSUSE:Factory/jasper/jasper.changes2013-01-12
21:23:51.0 +0100
+++ /work/SRC/openSUSE:Factory/.jasper.new/jasper.changes 2013-04-02
11:55:24.0 +0200
@@ -1,0 +2,6 @@
+Thu Mar 28 10:34:19 UTC 2013 - mmeis...@suse.com
+
+- Added url as source.
+ Please see http://en.opensuse.org/SourceUrls
+
+---
Old:
jasper-1.900.1.tar.bz2
New:
jasper-1.900.1.zip
Other differences:
--
++ jasper.spec ++
--- /var/tmp/diff_new_pack.8fQpGQ/_old 2013-04-02 11:55:26.0 +0200
+++ /var/tmp/diff_new_pack.8fQpGQ/_new 2013-04-02 11:55:26.0 +0200
@@ -21,13 +21,14 @@
BuildRequires: libdrm-devel
BuildRequires: libjpeg-devel
BuildRequires: libtool
+BuildRequires: unzip
Url:http://www.ece.uvic.ca/~mdadams/jasper/
Version:1.900.1
Release:0
Summary:An Implementation of the JPEG-2000 Standard, Part 1
License:SUSE-Public-Domain
Group: Productivity/Graphics/Convertors
-Source: %{name}-%{version}.tar.bz2
+Source:
http://www.ece.uvic.ca/~frodo/jasper/software/%{name}-%{version}.zip
Source2:baselibs.conf
Patch: %{name}-%{version}-uninitialized.patch
Patch2: %{name}-%{version}-bug258253.patch
--
To unsubscribe, e-mail: opensuse-commit+unsubscr...@opensuse.org
For additional commands, e-mail: opensuse-commit+h...@opensuse.org
commit jasper for openSUSE:Factory
Hello community,
here is the log from the commit of package jasper for openSUSE:Factory checked
in at 2013-01-12 21:23:51
Comparing /work/SRC/openSUSE:Factory/jasper (Old)
and /work/SRC/openSUSE:Factory/.jasper.new (New)
Package is jasper, Maintainer is nadvor...@suse.com
Changes:
--- /work/SRC/openSUSE:Factory/jasper/jasper.changes2011-11-14
11:54:51.0 +0100
+++ /work/SRC/openSUSE:Factory/.jasper.new/jasper.changes 2013-01-12
21:23:51.0 +0100
@@ -1,0 +2,5 @@
+Sat Jan 12 19:12:02 UTC 2013 - co...@suse.com
+
+- remove suse_update_config
+
+---
Other differences:
--
++ jasper.spec ++
--- /var/tmp/diff_new_pack.9Ibey6/_old 2013-01-12 21:23:53.0 +0100
+++ /var/tmp/diff_new_pack.9Ibey6/_new 2013-01-12 21:23:53.0 +0100
@@ -1,7 +1,7 @@
#
# spec file for package jasper
#
-# Copyright (c) 2011 SUSE LINUX Products GmbH, Nuernberg, Germany.
+# Copyright (c) 2013 SUSE LINUX Products GmbH, Nuernberg, Germany.
#
# All modifications and additions to the file contributed by third parties
# remain the property of their copyright owners, unless otherwise agreed
@@ -15,18 +15,18 @@
# Please submit bugfixes or comments via http://bugs.opensuse.org/
#
-# norootforbuild
-
Name: jasper
-BuildRequires: gcc-c++ libdrm-devel libjpeg-devel libtool
+BuildRequires: gcc-c++
+BuildRequires: libdrm-devel
+BuildRequires: libjpeg-devel
+BuildRequires: libtool
Url:http://www.ece.uvic.ca/~mdadams/jasper/
-License:SUSE-Public-Domain
-Group: Productivity/Graphics/Convertors
-AutoReqProv:on
Version:1.900.1
-Release:144
+Release:0
Summary:An Implementation of the JPEG-2000 Standard, Part 1
+License:SUSE-Public-Domain
+Group: Productivity/Graphics/Convertors
Source: %{name}-%{version}.tar.bz2
Source2:baselibs.conf
Patch: %{name}-%{version}-uninitialized.patch
@@ -40,7 +40,6 @@
from the JP2 and JPC formats.
%package -n libjasper1
-License:SUSE-Public-Domain
Summary:JPEG-2000 library
Group: Productivity/Graphics/Convertors
# bug437293
@@ -57,7 +56,6 @@
image compression standard Part 1.
%package -n libjasper-devel
-License:SUSE-Public-Domain
Summary:JPEG-2000 library - files mandatory for development
Group: Development/Libraries/C and C++
# bug437293
@@ -79,7 +77,6 @@
%patch3
%build
-%{suse_update_config}
autoreconf -i -f
export CFLAGS=$RPM_OPT_FLAGS -Wall
%configure --prefix=/usr --enable-shared --disable-static --libdir=%{_libdir}
--
To unsubscribe, e-mail: opensuse-commit+unsubscr...@opensuse.org
For additional commands, e-mail: opensuse-commit+h...@opensuse.org
commit jasper for openSUSE:Factory
Hello community, here is the log from the commit of package jasper for openSUSE:Factory checked in at 2011-12-06 18:20:24 Comparing /work/SRC/openSUSE:Factory/jasper (Old) and /work/SRC/openSUSE:Factory/.jasper.new (New) Package is jasper, Maintainer is nadvor...@suse.com Changes: Other differences: -- ++ jasper.spec ++ --- /var/tmp/diff_new_pack.H6UT24/_old 2011-12-06 18:35:23.0 +0100 +++ /var/tmp/diff_new_pack.H6UT24/_new 2011-12-06 18:35:23.0 +0100 @@ -21,7 +21,7 @@ Name: jasper BuildRequires: gcc-c++ libdrm-devel libjpeg-devel libtool Url:http://www.ece.uvic.ca/~mdadams/jasper/ -License:Public Domain, Freeware +License:SUSE-Public-Domain Group: Productivity/Graphics/Convertors AutoReqProv:on Version:1.900.1 @@ -40,7 +40,7 @@ from the JP2 and JPC formats. %package -n libjasper1 -License:Public Domain, Freeware +License:SUSE-Public-Domain Summary:JPEG-2000 library Group: Productivity/Graphics/Convertors # bug437293 @@ -57,7 +57,7 @@ image compression standard Part 1. %package -n libjasper-devel -License:Public Domain, Freeware +License:SUSE-Public-Domain Summary:JPEG-2000 library - files mandatory for development Group: Development/Libraries/C and C++ # bug437293 -- To unsubscribe, e-mail: opensuse-commit+unsubscr...@opensuse.org For additional commands, e-mail: opensuse-commit+h...@opensuse.org
commit jasper for openSUSE:Factory
Hello community, here is the log from the commit of package jasper for openSUSE:Factory checked in at 2011-11-14 11:54:50 Comparing /work/SRC/openSUSE:Factory/jasper (Old) and /work/SRC/openSUSE:Factory/.jasper.new (New) Package is jasper, Maintainer is nadvor...@suse.com Changes: --- /work/SRC/openSUSE:Factory/jasper/jasper.changes2011-10-06 16:04:42.0 +0200 +++ /work/SRC/openSUSE:Factory/.jasper.new/jasper.changes 2011-11-14 11:54:51.0 +0100 @@ -1,0 +2,5 @@ +Sun Nov 13 09:11:33 UTC 2011 - co...@suse.com + +- add libtool as explicit buildrequire to avoid implicit dependency from prjconf + +--- Other differences: -- ++ jasper.spec ++ --- /var/tmp/diff_new_pack.aTrNxb/_old 2011-11-14 11:54:52.0 +0100 +++ /var/tmp/diff_new_pack.aTrNxb/_new 2011-11-14 11:54:52.0 +0100 @@ -19,7 +19,7 @@ Name: jasper -BuildRequires: gcc-c++ libdrm-devel libjpeg-devel +BuildRequires: gcc-c++ libdrm-devel libjpeg-devel libtool Url:http://www.ece.uvic.ca/~mdadams/jasper/ License:Public Domain, Freeware Group: Productivity/Graphics/Convertors -- To unsubscribe, e-mail: opensuse-commit+unsubscr...@opensuse.org For additional commands, e-mail: opensuse-commit+h...@opensuse.org
commit jasper for openSUSE:Factory
Hello community,
here is the log from the commit of package jasper for openSUSE:Factory
checked in at Thu Oct 6 16:04:43 CEST 2011.
--- openSUSE:Factory/jasper/jasper.changes 2011-09-23 02:04:00.0
+0200
+++ jasper/jasper.changes 2011-10-05 15:59:04.0 +0200
@@ -1,0 +2,5 @@
+Wed Oct 5 13:58:57 UTC 2011 - u...@suse.com
+
+- cross-build fix: use %configure macro
+
+---
calling whatdependson for head-i586
Other differences:
--
++ jasper.spec ++
--- /var/tmp/diff_new_pack.TLVtJO/_old 2011-10-06 16:04:40.0 +0200
+++ /var/tmp/diff_new_pack.TLVtJO/_new 2011-10-06 16:04:40.0 +0200
@@ -1,7 +1,7 @@
#
-# spec file for package jasper (Version 1.900.1)
+# spec file for package jasper
#
-# Copyright (c) 2010 SUSE LINUX Products GmbH, Nuernberg, Germany.
+# Copyright (c) 2011 SUSE LINUX Products GmbH, Nuernberg, Germany.
#
# All modifications and additions to the file contributed by third parties
# remain the property of their copyright owners, unless otherwise agreed
@@ -81,7 +81,8 @@
%build
%{suse_update_config}
autoreconf -i -f
-CFLAGS=$RPM_OPT_FLAGS -Wall ./configure --prefix=/usr --enable-shared
--disable-static --libdir=%{_libdir}
+export CFLAGS=$RPM_OPT_FLAGS -Wall
+%configure --prefix=/usr --enable-shared --disable-static --libdir=%{_libdir}
make %{?jobs:-j%jobs}
%install
continue with q...
Remember to have fun...
--
To unsubscribe, e-mail: opensuse-commit+unsubscr...@opensuse.org
For additional commands, e-mail: opensuse-commit+h...@opensuse.org
