jasper/jasper.spec

340 lines
11 KiB
RPMSpec
Raw Normal View History

2006-12-08 17:30:56 +00:00
# NOTE: packages that can use jasper:
# ImageMagick
# netpbm
Summary: Implementation of the JPEG-2000 standard, Part 1
Name: jasper
Group: System Environment/Libraries
2007-03-29 18:57:04 +00:00
Version: 1.900.1
2014-12-18 17:18:47 +00:00
Release: 29%{?dist}
2007-08-17 15:15:28 +00:00
License: JasPer
URL: http://www.ece.uvic.ca/~frodo/jasper/
Source0: http://www.ece.uvic.ca/~frodo/jasper/software/jasper-%{version}.zip
Patch1: jasper-1.701.0-GL.patch
# autoconf/automake bits of patch1
Patch2: jasper-1.701.0-GL-ac.patch
2007-05-23 19:05:20 +00:00
# CVE-2007-2721 (bug #240397)
# borrowed from http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=413041;msg=88
Patch3: patch-libjasper-stepsizes-overflow.diff
# borrowed from http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=469786
Patch4: jpc_dec.c.patch
# OpenBSD hardening patches addressing couple of possible integer overflows
# during the memory allocations
# https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2008-3520
Patch5: jasper-1.900.1-CVE-2008-3520.patch
# https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2008-3522
Patch6: jasper-1.900.1-CVE-2008-3522.patch
2009-10-29 17:49:43 +00:00
# add pkg-config support
Patch7: jasper-pkgconfig.patch
Patch8: jasper-1.900.1-CVE-2011-4516-CVE-2011-4517-CERT-VU-887409.patch
2014-12-04 14:49:08 +00:00
Patch9: jasper-CVE-2014-9029.patch
Patch10: jasper-CVE-2014-8137.patch
Patch11: jasper-CVE-2014-8138.patch
2014-12-04 14:49:08 +00:00
# Issues found by static analysis of code
Patch110: jasper-1.900.1-Coverity-BAD_SIZEOF.patch
Patch111: jasper-1.900.1-Coverity-CHECKED_RETURN.patch
Patch112: jasper-1.900.1-Coverity-FORWARD_NULL.patch
Patch113: jasper-1.900.1-Coverity-NULL_RETURNS.patch
Patch114: jasper-1.900.1-Coverity-RESOURCE_LEAK.patch
Patch115: jasper-1.900.1-Coverity-UNREACHABLE.patch
Patch116: jasper-1.900.1-Coverity-UNUSED_VALUE.patch
# autoreconf
BuildRequires: autoconf automake libtool
BuildRequires: freeglut-devel
BuildRequires: libGLU-devel
2009-10-29 17:49:43 +00:00
BuildRequires: libjpeg-devel
BuildRequires: pkgconfig
Requires: %{name}-libs%{?_isa} = %{version}-%{release}
%description
This package contains an implementation of the image compression
standard JPEG-2000, Part 1. It consists of tools for conversion to and
from the JP2 and JPC formats.
%package devel
Summary: Header files, libraries and developer documentation
Group: Development/Libraries
Provides: libjasper-devel = %{version}-%{release}
Requires: %{name}-libs%{?_isa} = %{version}-%{release}
Requires: libjpeg-devel
2009-10-29 17:49:43 +00:00
Requires: pkgconfig
%description devel
2005-10-17 16:04:07 +00:00
%{summary}.
%package libs
Summary: Runtime libraries for %{name}
Group: System Environment/Libraries
Conflicts: jasper < 1.900.1-4
%description libs
%{summary}.
%package utils
Summary: Nonessential utilities for %{name}
Group: Development/Libraries
Requires: %{name} = %{version}-%{release}
Requires: %{name}-libs%{?_isa} = %{version}-%{release}
%description utils
%{summary}, including jiv and tmrdemo.
%prep
%setup -q -n %{name}-%{version}
%patch1 -p1 -b .GL
2009-10-29 17:49:43 +00:00
%patch2 -p1 -b .GL-ac
2007-05-23 19:05:20 +00:00
%patch3 -p1 -b .CVE-2007-2721
%patch4 -p1 -b .jpc_dec_assertion
%patch5 -p1 -b .CVE-2008-3520
%patch6 -p1 -b .CVE-2008-3522
2009-10-29 17:49:43 +00:00
%patch7 -p1 -b .pkgconfig
%patch8 -p1 -b .CVE-2011-4516-4517
2014-12-04 14:49:08 +00:00
%patch9 -p1 -b .CVE-2014-9029
%patch10 -p1 -b .CVE-2014-8137-variant2
%patch11 -p1 -b .CVE-2014-8138
%patch110 -p1 -b .BAD_SIZEOF
%patch111 -p1 -b .CHECKED_RETURN
%patch112 -p1 -b .FORWARD_NULL
%patch113 -p1 -b .NULL_RETURNS
%patch114 -p1 -b .RESOURCE_LEAK
%patch115 -p1 -b .UNREACHABLE
%patch116 -p1 -b .UNUSED_VALUE
2009-10-29 17:49:43 +00:00
autoreconf --verbose --force --install
2007-05-23 19:05:20 +00:00
%build
2012-12-06 15:09:34 +00:00
# jas_icc.c:744:2: warning: assuming signed overflow does not occur
# when assuming that (X + c) < X is always false [-Wstrict-overflow]
#
# comment from Red Hat Security Response Team:
# gcc inlines jas_iccattrtab_resize into jas_iccattrtab_add. Additionally, it
# essentially removes the "assert(maxents >= tab->numattrs);" assertion in
# jas_iccattrtab_resize, because it assumes that "maxents >= tab->numattrs" will
# always be true due to jas_iccattrtab_resize(attrtab, attrtab->numattrs + 32),
# especially the + 32. This assumption can only be true if it completely ignores
# the problem of signed integer overflows. I don't think it's a smart idea to
# accept that.
# -fno-strict-overflow forces gcc into keeping the assertion there.
CFLAGS="%{optflags} -fno-strict-overflow" \
%configure \
--enable-shared \
2005-10-17 16:04:07 +00:00
--disable-static
make %{?_smp_mflags}
%install
2005-10-17 16:04:07 +00:00
make install DESTDIR=$RPM_BUILD_ROOT
# Unpackaged files
rm -f doc/README
2005-10-17 16:04:07 +00:00
rm -f $RPM_BUILD_ROOT%{_libdir}/lib*.la
2006-12-08 17:30:56 +00:00
%check
make check
%post libs -p /sbin/ldconfig
2006-12-08 17:30:56 +00:00
%postun libs -p /sbin/ldconfig
2006-12-08 17:30:56 +00:00
%files
%{_bindir}/imgcmp
%{_bindir}/imginfo
%{_bindir}/jasper
%{_mandir}/man1/img*
%{_mandir}/man1/jasper.1*
%files devel
%doc doc/*
%{_includedir}/jasper/
%{_libdir}/libjasper.so
2009-10-29 17:49:43 +00:00
%{_libdir}/pkgconfig/jasper.pc
%files libs
%doc COPYRIGHT LICENSE NEWS README
%{_libdir}/libjasper.so.1*
%files utils
%{_bindir}/jiv
%{_bindir}/tmrdemo
%{_mandir}/man1/jiv.1*
%changelog
2014-12-18 17:18:47 +00:00
* Thu Dec 18 2014 Jiri Popelka <jpopelka@redhat.com> - 1.900.1-29
- CVE-2014-8137 - double-free in jas_iccattrval_destroy() (oCERT-2014-012) (#1175761)
- CVE-2014-8138 - heap overflow in jp2_decode() (oCERT-2014-012) (#1175761)
2014-12-04 14:56:38 +00:00
* Thu Dec 04 2014 Jiri Popelka <jpopelka@redhat.com> - 1.900.1-28
2014-12-04 14:49:08 +00:00
- CVE-2014-9029 - incorrect component number check in COC, RGN and QCC
marker segment decoders (#1170650)
* Sat Aug 16 2014 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 1.900.1-27
- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_22_Mass_Rebuild
* Sat Jun 07 2014 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 1.900.1-26
- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_Mass_Rebuild
* Sat Aug 03 2013 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 1.900.1-25
- Rebuilt for https://fedoraproject.org/wiki/Fedora_20_Mass_Rebuild
* Mon Mar 25 2013 Jiri Popelka <jpopelka@redhat.com> - 1.900.1-24
- added --force option to autoreconf (#925604)
* Thu Feb 14 2013 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 1.900.1-23
- Rebuilt for https://fedoraproject.org/wiki/Fedora_19_Mass_Rebuild
* Fri Jan 18 2013 Adam Tkac <atkac redhat com> - 1.900.1-22
- rebuild due to "jpeg8-ABI" feature drop
2012-12-06 15:09:34 +00:00
* Thu Dec 06 2012 Jiri Popelka <jpopelka@redhat.com> - 1.900.1-21
- build with -fno-strict-overflow
* Thu Jul 19 2012 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 1.900.1-20
- Rebuilt for https://fedoraproject.org/wiki/Fedora_18_Mass_Rebuild
* Fri Jan 13 2012 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 1.900.1-19
- Rebuilt for https://fedoraproject.org/wiki/Fedora_17_Mass_Rebuild
* Fri Dec 09 2011 Jiri Popelka <jpopelka@redhat.com> - 1.900.1-18
- CVE-2011-4516, CVE-2011-4517 jasper: heap buffer overflow flaws
lead to arbitrary code execution (CERT VU#887409) (#765660)
- Fixed problems found by static analysis of code (#761440)
- spec file modernized
* Wed Feb 09 2011 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 1.900.1-17
- Rebuilt for https://fedoraproject.org/wiki/Fedora_15_Mass_Rebuild
2010-07-01 03:17:52 +00:00
* Wed Jun 30 2010 Rex Dieter <rdieter@fedoraproject.org> - 1.900.1-16
- rebuild
* Sun Feb 14 2010 Rex Dieter <rdieter@fedoraproject.org> - 1.900.1-15
- FTBFS jasper-1.900.1-14.fc12: ImplicitDSOLinking (#564794)
2009-10-29 17:49:43 +00:00
* Thu Oct 29 2009 Rex Dieter <rdieter@fedoraproject.org> - 1.900.1-14
- add pkgconfig support
* Tue Oct 13 2009 Rex Dieter <rdieter@fedoraproject.org> - 1.900.1-13
- CVE-2008-3520 jasper: multiple integer overflows in jas_alloc calls (#461476)
- CVE-2008-3522 jasper: possible buffer overflow in
jas_stream_printf() (#461478)
* Fri Jul 24 2009 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 1.900.1-12
- Rebuilt for https://fedoraproject.org/wiki/Fedora_12_Mass_Rebuild
* Sat Jul 18 2009 Rex Dieter <rdieter@fedoraproject.org> - 1.900.1-11
- FTBFS jasper-1.900.1-10.fc11 (#511743)
* Wed Feb 25 2009 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 1.900.1-10
- Rebuilt for https://fedoraproject.org/wiki/Fedora_11_Mass_Rebuild
* Sun Jan 25 2009 Rex Dieter <rdieter@fedoraproject.org> 1.900.1-9
- patch for "jpc_dec_tiledecode: Assertion `dec->numcomps == 3' failed)
(#481284, #481291)
2008-02-08 21:24:17 +00:00
* Fri Feb 08 2008 Rex Dieter <rdieter@fedoraproject.org> 1.900.1-8
- respin (gcc43)
* Mon Oct 15 2007 Rex Dieter <rdieter[AT]fedoraproject.org> 1.900.1-7
- -libs: %%post/%%postun -p /sbin/ldconfig
* Mon Sep 17 2007 Rex Dieter <rdieter[AT]fedoraproject.org> 1.900.1-6
- -libs: -Requires: %%name
- -devel: +Provides: libjasper-devel
- drop (unused) geojasper bits
* Wed Aug 22 2007 Rex Dieter <rdieter[AT]fedoraproject.org> 1.900.1-4
- -libs subpkg to be multilib friendlier
- -utils subpkg for non-essential binaries jiv, tmrdemo (#244153)
2007-08-17 15:15:28 +00:00
* Fri Aug 17 2007 Rex Dieter <rdieter[AT]fedoraproject.org> 1.900.1-3
- License: JasPer
2007-05-23 19:05:20 +00:00
* Wed May 23 2007 Rex Dieter <rdieter[AT]fedoraproject.org> 1.900.1-2
- CVE-2007-2721 (#240397)
2007-03-29 18:57:04 +00:00
* Thu Mar 29 2007 Rex Dieter <rdieter[AT]fedoraproject.org> 1.900.1-1
- jasper-1.900.1
2006-12-09 04:12:31 +00:00
* Fri Dec 08 2006 Rex Dieter <rexdieter[AT]users.sf.net> 1.900.0-3
- omit deprecated memleak patch
2006-12-08 17:32:36 +00:00
* Fri Dec 08 2006 Rex Dieter <rexdieter[AT]users.sf.net> 1.900.0-2
2006-12-08 17:31:48 +00:00
- jasper-1.900.0 (#218947)
2006-10-04 19:21:42 +00:00
2006-09-18 20:49:57 +00:00
* Mon Sep 18 2006 Rex Dieter <rexdieter[AT]users.sf.net> 1.701.0-15
2006-09-18 20:17:57 +00:00
- memory leak (#207006)
2006-08-29 17:28:32 +00:00
* Tue Aug 29 2006 Rex Dieter <rexdieter[AT]users.sf.net> 1.701.0-13
- fc6 respin
2006-03-01 18:16:10 +00:00
* Wed Mar 1 2006 Rex Dieter <rexdieter[AT]users.sf.net> 1.701.0-12
- fixup build issues introduced by geojasper integration
* Wed Mar 1 2006 Rex Dieter <rexdieter[AT]users.sf.net> 1.701.0-10
- support/use geojasper (optional, default no)
- fc5: gcc/glibc respin
2006-02-10 13:56:56 +00:00
* Fri Feb 10 2006 Rex Dieter <rexdieter[AT]users.sf.net>
- fc5: gcc/glibc respin
* Tue Jan 31 2006 Rex Dieter <rexdieter[AT]users.sf.net> 1.701.0-9
- workaround "freeglut-devel should Requires: libGL-devel, libGLU-devel"
(#179464)
* Tue Jan 31 2006 Rex Dieter <rexdieter[AT]users.sf.net> 1.701.0-8
- revert jasper to jaspertool rename (#176773)
- actually use/apply GL patch
* Tue Oct 18 2005 Rex Dieter <rexdieter[AT]users.sf.net> 1.701.0-7
- GL patch to remove libGL dependancy (using only freeglut)
* Tue Oct 18 2005 Rex Dieter <rexdieter[AT]users.sf.net> 1.701.0-6
- token %%check section
- --enable-shared
2005-10-17 16:04:07 +00:00
* Mon Oct 17 2005 Rex Dieter <rexdieter[AT]users.sf.net> 1.701.0-5
- use %%{?dist}
2005-10-18 12:51:44 +00:00
- BR: libGL-devel
2005-10-17 16:04:07 +00:00
* Thu Apr 7 2005 Michael Schwendt <mschwendt[AT]users.sf.net>
- rebuilt
* Sat Oct 23 2004 Rex Dieter <rexdieter at sf.net> 0:1.701.0-0.fdr.3
- Capitalize summary
- remove 0-length ChangeLog
* Fri Jun 04 2004 Rex Dieter <rexdieter at sf.net> 0:1.701.0-0.fdr.2
- nuke .la file
- BR: glut-devel -> freeglut-devel
* Tue Jun 01 2004 Rex Dieter <rexdieter at sf.net> 0:1.701.0-0.fdr.1
- 1.701.0
* Tue Jun 01 2004 Rex Dieter <rexdieter at sf.net> 0:1.700.5-0.fdr.2
- avoid conflicts with fc'2 tomcat by renaming /usr/bin/jasper -> jaspertool
* Mon Mar 08 2004 Rex Dieter <rexdieter at sf.net> 0:1.700.5-0.fdr.1
- use Epochs.
- -devel: Requires: %%name = %%epoch:%%version
* Thu Jan 22 2004 Rex Dieter <rexdieter at sf.net> 1.700.5-0.fdr.0
- first try