Resolves: RHEL-27923 - disable JAS_DEC_DEFAULT_MAX_SAMPLES

Signed-off-by: Josef Ridky <jridky@redhat.com>

jasper-2.0.14-MAX-SAMPLES.patch

@@ -0,0 +1,12 @@
+diff -urNp a/src/libjasper/include/jasper/jas_config.h.in b/src/libjasper/include/jasper/jas_config.h.in
+--- a/src/libjasper/include/jasper/jas_config.h.in	2025-01-10 10:02:42.927890995 +0100
++++ b/src/libjasper/include/jasper/jas_config.h.in	2025-01-10 10:04:40.634902203 +0100
+@@ -61,7 +61,7 @@
+ #endif
+ 
+ #if !defined(JAS_DEC_DEFAULT_MAX_SAMPLES)
+-#define JAS_DEC_DEFAULT_MAX_SAMPLES (64 * ((size_t) 1048576))
++#define JAS_DEC_DEFAULT_MAX_SAMPLES 0
+ #endif
+ 
+ #if defined(__GNUC__) && !defined(__clang__)

jasper.spec

@@ -6,7 +6,7 @@
 Summary: Implementation of the JPEG-2000 standard, Part 1
 Name:    jasper
 Version: 2.0.14
-Release: 5%{?dist}
+Release: 6%{?dist}
 
 License: JasPer
 URL:     http://www.ece.uvic.ca/~frodo/jasper/
@@ -17,6 +17,7 @@ Patch1: jasper-2.0.14-CVE-2016-9396.patch
 Patch2: jasper-2.0.14-CVE-2021-26927.patch
 Patch3: jasper-2.0.14-CVE-2021-3272.patch
 Patch4: jasper-2.0.14-CVE-2020-27828.patch
+Patch5: jasper-2.0.14-MAX-SAMPLES.patch
 
 # architecture related patches
 Patch100: jasper-2.0.2-test-ppc64-disable.patch
@@ -69,6 +70,7 @@ Requires: %{name}-libs%{?_isa} = %{version}-%{release}
 %patch2 -p1 -b .CVE-2021-26927
 %patch3 -p1 -b .CVE-2021-3272
 %patch4 -p1 -b .CVE-2020-27828
+%patch5 -p1 
 # Need to disable one test to be able to build it on ppc64 arch
 # At ppc64 this test just stuck (nothing happend - no exception or error)
 
@@ -143,6 +145,9 @@ popd
 
 
 %changelog
+* Fri Jan 10 2025 Josef Ridky <jridky@redhat.com> - 2.0.14-6
+- disable JAS_DEC_DEFAULT_MAX_SAMPLES (RHEL-27923)
+
 * Tue Jun 01 2021 Josef Ridky <jridky@redhat.com> - 2.0.14-5
 - Fix CVE-2021-26927 (#1933860)
 - Fix CVE-2021-26926 (#1922316)