import jasper-2.0.14-5.el8
This commit is contained in:
commit
8917d9fc69
1
.gitignore
vendored
Normal file
1
.gitignore
vendored
Normal file
@ -0,0 +1 @@
|
|||||||
|
SOURCES/jasper-2.0.14.tar.gz
|
1
.jasper.metadata
Normal file
1
.jasper.metadata
Normal file
@ -0,0 +1 @@
|
|||||||
|
32c959d883fdb661c32afd76c94b206638972cb1 SOURCES/jasper-2.0.14.tar.gz
|
13
SOURCES/jasper-2.0.14-CVE-2016-9396.patch
Normal file
13
SOURCES/jasper-2.0.14-CVE-2016-9396.patch
Normal file
@ -0,0 +1,13 @@
|
|||||||
|
diff -urNp old/src/libjasper/jpc/jpc_cs.c new/src/libjasper/jpc/jpc_cs.c
|
||||||
|
--- old/src/libjasper/jpc/jpc_cs.c 2018-05-30 09:01:54.160406645 +0200
|
||||||
|
+++ new/src/libjasper/jpc/jpc_cs.c 2018-05-30 09:05:24.527094308 +0200
|
||||||
|
@@ -795,6 +795,9 @@ static int jpc_cox_getcompparms(jpc_ms_t
|
||||||
|
if (compparms->numdlvls > 32) {
|
||||||
|
goto error;
|
||||||
|
}
|
||||||
|
+ if (compparms->qmfbid != JPC_COX_INS &&
|
||||||
|
+ compparms->qmfbid != JPC_COX_RFT)
|
||||||
|
+ goto error;
|
||||||
|
compparms->numrlvls = compparms->numdlvls + 1;
|
||||||
|
if (compparms->numrlvls > JPC_MAXRLVLS) {
|
||||||
|
goto error;
|
14
SOURCES/jasper-2.0.14-CVE-2020-27828.patch
Normal file
14
SOURCES/jasper-2.0.14-CVE-2020-27828.patch
Normal file
@ -0,0 +1,14 @@
|
|||||||
|
diff -urNp a/src/libjasper/jpc/jpc_enc.c b/src/libjasper/jpc/jpc_enc.c
|
||||||
|
--- a/src/libjasper/jpc/jpc_enc.c 2021-06-01 14:07:34.988061153 +0200
|
||||||
|
+++ b/src/libjasper/jpc/jpc_enc.c 2021-06-01 14:08:32.100584582 +0200
|
||||||
|
@@ -508,6 +508,10 @@ static jpc_enc_cp_t *cp_create(const cha
|
||||||
|
break;
|
||||||
|
case OPT_MAXRLVLS:
|
||||||
|
tccp->maxrlvls = atoi(jas_tvparser_getval(tvp));
|
||||||
|
+ if(tccp->maxrlvls > JPC_MAXRLVLS) {
|
||||||
|
+ jas_eprintf("invalid number of resolution levels upper than %d\n",JPC_MAXRLVLS);
|
||||||
|
+ goto error;
|
||||||
|
+ }
|
||||||
|
break;
|
||||||
|
case OPT_SOP:
|
||||||
|
cp->tcp.csty |= JPC_COD_SOP;
|
47
SOURCES/jasper-2.0.14-CVE-2021-26927.patch
Normal file
47
SOURCES/jasper-2.0.14-CVE-2021-26927.patch
Normal file
@ -0,0 +1,47 @@
|
|||||||
|
diff -urNp a/src/libjasper/jp2/jp2_dec.c b/src/libjasper/jp2/jp2_dec.c
|
||||||
|
--- a/src/libjasper/jp2/jp2_dec.c 2021-06-01 13:32:59.330396797 +0200
|
||||||
|
+++ b/src/libjasper/jp2/jp2_dec.c 2021-06-01 13:46:16.982925961 +0200
|
||||||
|
@@ -230,7 +230,8 @@ jas_image_t *jp2_decode(jas_stream_t *in
|
||||||
|
the value specified in the code stream? */
|
||||||
|
if (dec->ihdr->data.ihdr.numcmpts != JAS_CAST(jas_uint,
|
||||||
|
jas_image_numcmpts(dec->image))) {
|
||||||
|
- jas_eprintf("warning: number of components mismatch\n");
|
||||||
|
+ jas_eprintf("error: number of components mismatch (IHDR)\n");
|
||||||
|
+ goto error;
|
||||||
|
}
|
||||||
|
|
||||||
|
/* At least one component must be present. */
|
||||||
|
@@ -253,7 +254,8 @@ jas_image_t *jp2_decode(jas_stream_t *in
|
||||||
|
with the data in the code stream? */
|
||||||
|
if ((samedtype && dec->ihdr->data.ihdr.bpc != JP2_DTYPETOBPC(dtype)) ||
|
||||||
|
(!samedtype && dec->ihdr->data.ihdr.bpc != JP2_IHDR_BPCNULL)) {
|
||||||
|
- jas_eprintf("warning: component data type mismatch\n");
|
||||||
|
+ jas_eprintf("error: component data type mismatch (IHDR)\n");
|
||||||
|
+ goto error;
|
||||||
|
}
|
||||||
|
|
||||||
|
/* Is the compression type supported? */
|
||||||
|
@@ -265,9 +267,10 @@ jas_image_t *jp2_decode(jas_stream_t *in
|
||||||
|
if (dec->bpcc) {
|
||||||
|
/* Is the number of components indicated in the BPCC box
|
||||||
|
consistent with the code stream data? */
|
||||||
|
- if (dec->bpcc->data.bpcc.numcmpts != JAS_CAST(jas_uint, jas_image_numcmpts(
|
||||||
|
- dec->image))) {
|
||||||
|
- jas_eprintf("warning: number of components mismatch\n");
|
||||||
|
+ if (dec->bpcc->data.bpcc.numcmpts !=
|
||||||
|
+ JAS_CAST(jas_uint, jas_image_numcmpts(dec->image))) {
|
||||||
|
+ jas_eprintf("error: number of components mismatch (BPCC)\n");
|
||||||
|
+ goto error;
|
||||||
|
}
|
||||||
|
/* Is the component data type information indicated in the BPCC
|
||||||
|
box consistent with the code stream data? */
|
||||||
|
@@ -276,7 +279,8 @@ jas_image_t *jp2_decode(jas_stream_t *in
|
||||||
|
++i) {
|
||||||
|
if (jas_image_cmptdtype(dec->image, i) !=
|
||||||
|
JP2_BPCTODTYPE(dec->bpcc->data.bpcc.bpcs[i])) {
|
||||||
|
- jas_eprintf("warning: component data type mismatch\n");
|
||||||
|
+ jas_eprintf("error: component data type mismatch (BPCC)\n");
|
||||||
|
+ goto error;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
} else {
|
18
SOURCES/jasper-2.0.14-CVE-2021-3272.patch
Normal file
18
SOURCES/jasper-2.0.14-CVE-2021-3272.patch
Normal file
@ -0,0 +1,18 @@
|
|||||||
|
diff -urNp a/src/libjasper/jp2/jp2_dec.c b/src/libjasper/jp2/jp2_dec.c
|
||||||
|
--- a/src/libjasper/jp2/jp2_dec.c 2021-06-01 13:50:54.213552191 +0200
|
||||||
|
+++ b/src/libjasper/jp2/jp2_dec.c 2021-06-01 14:02:40.016274587 +0200
|
||||||
|
@@ -396,6 +396,14 @@ jas_image_t *jp2_decode(jas_stream_t *in
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
+ /* Ensure that the number of channels being used by the decoder
|
||||||
|
+ matches the number of image components. */
|
||||||
|
+ if (dec->numchans != jas_image_numcmpts(dec->image)) {
|
||||||
|
+ jas_eprintf("error: mismatch in number of components (%d != %d)\n",
|
||||||
|
+ dec->numchans, jas_image_numcmpts(dec->image));
|
||||||
|
+ goto error;
|
||||||
|
+ }
|
||||||
|
+
|
||||||
|
/* Mark all components as being of unknown type. */
|
||||||
|
|
||||||
|
for (i = 0; i < JAS_CAST(jas_uint, jas_image_numcmpts(dec->image)); ++i) {
|
15
SOURCES/jasper-2.0.2-test-ppc64-disable.patch
Normal file
15
SOURCES/jasper-2.0.2-test-ppc64-disable.patch
Normal file
@ -0,0 +1,15 @@
|
|||||||
|
diff -uprN old/test/bin/codec_tests new/test/bin/codec_tests
|
||||||
|
--- old/test/bin/codec_tests 2016-12-01 04:04:07.000000000 +0100
|
||||||
|
+++ new/test/bin/codec_tests 2016-12-01 10:49:34.191522973 +0100
|
||||||
|
@@ -241,7 +241,10 @@ BEGIN id=prg_4 PRGTEST0 prg=pcrl bug=JAS
|
||||||
|
BEGIN id=prg_5 PRGTEST1 prg=lrcp bug=OJ_BUG
|
||||||
|
BEGIN id=prg_6 PRGTEST1 prg=rlcp bug=OJ_BUG
|
||||||
|
BEGIN id=prg_7 PRGTEST1 prg=rpcl bug=JASPER_ENC_BUG,OJ_BUG
|
||||||
|
-BEGIN id=prg_8 PRGTEST1 prg=cprl bug=JASPER_ENC_BUG,OJ_BUG
|
||||||
|
+
|
||||||
|
+/* On ppc64 and ppc64le arch, this test stuck without any exception or error code
|
||||||
|
+BEGIN id=prg_8 PRGTEST1 prg=cprl bug=JASPER_ENC_BUG,OJ_BUG */
|
||||||
|
+
|
||||||
|
BEGIN id=prg_9 PRGTEST1 prg=pcrl bug=JASPER_ENC_BUG,OJ_BUG
|
||||||
|
|
||||||
|
/* Note: The testcases prg_8 and prg_9 cause an exception in the JJ2000
|
27
SOURCES/jasper-2.0.2-test-ppc64le-disable.patch
Normal file
27
SOURCES/jasper-2.0.2-test-ppc64le-disable.patch
Normal file
@ -0,0 +1,27 @@
|
|||||||
|
diff -urpN old/test/bin/codec_tests new/test/bin/codec_tests
|
||||||
|
--- old/test/bin/codec_tests 2016-12-01 04:04:07.000000000 +0100
|
||||||
|
+++ new/test/bin/codec_tests 2016-12-01 12:07:43.496822875 +0100
|
||||||
|
@@ -230,7 +230,10 @@ BEGIN id=gbit_4 image=stawamuschief_gray
|
||||||
|
BEGIN id=prg_0 PRGTEST0 prg=lrcp bug=OJ_BUG
|
||||||
|
BEGIN id=prg_1 PRGTEST0 prg=rlcp bug=OJ_BUG
|
||||||
|
BEGIN id=prg_2 PRGTEST0 prg=rpcl bug=JASPER_ENC_BUG,OJ_BUG
|
||||||
|
-BEGIN id=prg_3 PRGTEST0 prg=cprl bug=JASPER_ENC_BUG,OJ_BUG
|
||||||
|
+
|
||||||
|
+/* On ppc64le arch, this test stuck without any exception or error code
|
||||||
|
+BEGIN id=prg_3 PRGTEST0 prg=cprl bug=JASPER_ENC_BUG,OJ_BUG */
|
||||||
|
+
|
||||||
|
BEGIN id=prg_4 PRGTEST0 prg=pcrl bug=JASPER_ENC_BUG,OJ_BUG
|
||||||
|
|
||||||
|
#define PRGTEST1 \
|
||||||
|
@@ -241,7 +244,10 @@ BEGIN id=prg_4 PRGTEST0 prg=pcrl bug=JAS
|
||||||
|
BEGIN id=prg_5 PRGTEST1 prg=lrcp bug=OJ_BUG
|
||||||
|
BEGIN id=prg_6 PRGTEST1 prg=rlcp bug=OJ_BUG
|
||||||
|
BEGIN id=prg_7 PRGTEST1 prg=rpcl bug=JASPER_ENC_BUG,OJ_BUG
|
||||||
|
-BEGIN id=prg_8 PRGTEST1 prg=cprl bug=JASPER_ENC_BUG,OJ_BUG
|
||||||
|
+
|
||||||
|
+/* On ppc64 and ppc64le arch, this test stuck without any exception or error code
|
||||||
|
+BEGIN id=prg_8 PRGTEST1 prg=cprl bug=JASPER_ENC_BUG,OJ_BUG */
|
||||||
|
+
|
||||||
|
BEGIN id=prg_9 PRGTEST1 prg=pcrl bug=JASPER_ENC_BUG,OJ_BUG
|
||||||
|
|
||||||
|
/* Note: The testcases prg_8 and prg_9 cause an exception in the JJ2000
|
396
SPECS/jasper.spec
Normal file
396
SPECS/jasper.spec
Normal file
@ -0,0 +1,396 @@
|
|||||||
|
|
||||||
|
# NOTE: packages that can use jasper:
|
||||||
|
# ImageMagick
|
||||||
|
# netpbm
|
||||||
|
|
||||||
|
Summary: Implementation of the JPEG-2000 standard, Part 1
|
||||||
|
Name: jasper
|
||||||
|
Version: 2.0.14
|
||||||
|
Release: 5%{?dist}
|
||||||
|
|
||||||
|
License: JasPer
|
||||||
|
URL: http://www.ece.uvic.ca/~frodo/jasper/
|
||||||
|
Source0: http://www.ece.uvic.ca/~frodo/jasper/software/jasper-%{version}.tar.gz
|
||||||
|
|
||||||
|
|
||||||
|
Patch1: jasper-2.0.14-CVE-2016-9396.patch
|
||||||
|
Patch2: jasper-2.0.14-CVE-2021-26927.patch
|
||||||
|
Patch3: jasper-2.0.14-CVE-2021-3272.patch
|
||||||
|
Patch4: jasper-2.0.14-CVE-2020-27828.patch
|
||||||
|
|
||||||
|
# architecture related patches
|
||||||
|
Patch100: jasper-2.0.2-test-ppc64-disable.patch
|
||||||
|
Patch101: jasper-2.0.2-test-ppc64le-disable.patch
|
||||||
|
|
||||||
|
# autoreconf
|
||||||
|
BuildRequires: cmake
|
||||||
|
BuildRequires: freeglut-devel
|
||||||
|
BuildRequires: libGLU-devel
|
||||||
|
BuildRequires: libjpeg-devel
|
||||||
|
BuildRequires: libXmu-devel libXi-devel
|
||||||
|
BuildRequires: pkgconfig doxygen
|
||||||
|
BuildRequires: mesa-libGL-devel
|
||||||
|
BuildRequires: gcc
|
||||||
|
|
||||||
|
Requires: %{name}-libs%{?_isa} = %{version}-%{release}
|
||||||
|
|
||||||
|
%description
|
||||||
|
This package contains an implementation of the image compression
|
||||||
|
standard JPEG-2000, Part 1. It consists of tools for conversion to and
|
||||||
|
from the JP2 and JPC formats.
|
||||||
|
|
||||||
|
%package devel
|
||||||
|
Summary: Header files, libraries and developer documentation
|
||||||
|
Provides: libjasper-devel = %{version}-%{release}
|
||||||
|
Requires: %{name}-libs%{?_isa} = %{version}-%{release}
|
||||||
|
Requires: libjpeg-devel
|
||||||
|
Requires: pkgconfig
|
||||||
|
%description devel
|
||||||
|
%{summary}.
|
||||||
|
|
||||||
|
%package libs
|
||||||
|
Summary: Runtime libraries for %{name}
|
||||||
|
Conflicts: jasper < 1.900.1-4
|
||||||
|
%description libs
|
||||||
|
%{summary}.
|
||||||
|
|
||||||
|
%package utils
|
||||||
|
Summary: Nonessential utilities for %{name}
|
||||||
|
Requires: %{name} = %{version}-%{release}
|
||||||
|
Requires: %{name}-libs%{?_isa} = %{version}-%{release}
|
||||||
|
%description utils
|
||||||
|
%{summary}, including jiv and tmrdemo.
|
||||||
|
|
||||||
|
|
||||||
|
%prep
|
||||||
|
%setup -q -n %{name}-%{version}
|
||||||
|
|
||||||
|
%patch1 -p1 -b .CVE-2016-9396
|
||||||
|
%patch2 -p1 -b .CVE-2021-26927
|
||||||
|
%patch3 -p1 -b .CVE-2021-3272
|
||||||
|
%patch4 -p1 -b .CVE-2020-27828
|
||||||
|
# Need to disable one test to be able to build it on ppc64 arch
|
||||||
|
# At ppc64 this test just stuck (nothing happend - no exception or error)
|
||||||
|
|
||||||
|
%if "%{_arch}" == "ppc64"
|
||||||
|
%patch100 -p1 -b .test-ppc64-disable
|
||||||
|
%endif
|
||||||
|
|
||||||
|
# Need to disable two tests to be able to build it on ppc64le arch
|
||||||
|
# At ppc64le this tests just stuck (nothing happend - no exception or error)
|
||||||
|
|
||||||
|
%if "%{_arch}" == "ppc64le"
|
||||||
|
%patch101 -p1 -b .test-ppc64le-disable
|
||||||
|
%endif
|
||||||
|
|
||||||
|
|
||||||
|
mkdir -p builder
|
||||||
|
|
||||||
|
%cmake -G "Unix Makefiles" \
|
||||||
|
-H%{_builddir}/%{name}-%{version} \
|
||||||
|
-B%{_builddir}/%{name}-%{version}/builder
|
||||||
|
|
||||||
|
|
||||||
|
%build
|
||||||
|
pushd builder
|
||||||
|
make clean all
|
||||||
|
|
||||||
|
popd
|
||||||
|
|
||||||
|
%install
|
||||||
|
pushd builder
|
||||||
|
make install DESTDIR=%{buildroot}
|
||||||
|
|
||||||
|
#%if "%{_arch}" != "arm" && "%{_arch}" != "i386"
|
||||||
|
# mv %{buildroot}/usr/lib %{buildroot}/usr/lib64
|
||||||
|
#%endif
|
||||||
|
|
||||||
|
# Unpackaged files
|
||||||
|
rm -f doc/README
|
||||||
|
rm -f %{buildroot}%{_libdir}/lib*.la
|
||||||
|
popd
|
||||||
|
|
||||||
|
%check
|
||||||
|
pushd builder
|
||||||
|
make test
|
||||||
|
|
||||||
|
popd
|
||||||
|
|
||||||
|
%ldconfig_scriptlets libs
|
||||||
|
|
||||||
|
|
||||||
|
%files
|
||||||
|
%{_bindir}/imgcmp
|
||||||
|
%{_bindir}/imginfo
|
||||||
|
%{_bindir}/jasper
|
||||||
|
%{_mandir}/man1/img*
|
||||||
|
%{_mandir}/man1/jasper.1*
|
||||||
|
%{_docdir}/JasPer/*
|
||||||
|
|
||||||
|
%files devel
|
||||||
|
%doc doc/*
|
||||||
|
%{_includedir}/jasper/
|
||||||
|
%{_libdir}/libjasper.so
|
||||||
|
%{_libdir}/pkgconfig/jasper.pc
|
||||||
|
|
||||||
|
%files libs
|
||||||
|
%doc COPYRIGHT LICENSE README
|
||||||
|
%{_libdir}/libjasper.so*
|
||||||
|
|
||||||
|
%files utils
|
||||||
|
%{_bindir}/jiv
|
||||||
|
%{_mandir}/man1/jiv.1*
|
||||||
|
|
||||||
|
|
||||||
|
%changelog
|
||||||
|
* Tue Jun 01 2021 Josef Ridky <jridky@redhat.com> - 2.0.14-5
|
||||||
|
- Fix CVE-2021-26927 (#1933860)
|
||||||
|
- Fix CVE-2021-26926 (#1922316)
|
||||||
|
- Fix CVE-2021-3272 (#1922283)
|
||||||
|
- Fix CVE-2020-27828 (#1905692)
|
||||||
|
|
||||||
|
* Wed May 30 2018 Josef Ridky <jridky@redhat.com> - 2.0.14-4
|
||||||
|
- Fix CVE-2016-9396 (#1583722)
|
||||||
|
|
||||||
|
* Mon Feb 26 2018 Josef Ridky <jridky@redhat.com> - 2.0.14-3
|
||||||
|
- Clean spec file
|
||||||
|
- Remove unused Group tag
|
||||||
|
- Add gcc requirement
|
||||||
|
- Use ldconfig scriptlet
|
||||||
|
|
||||||
|
* Wed Feb 07 2018 Fedora Release Engineering <releng@fedoraproject.org> - 2.0.14-2
|
||||||
|
- Rebuilt for https://fedoraproject.org/wiki/Fedora_28_Mass_Rebuild
|
||||||
|
|
||||||
|
* Fri Sep 15 2017 rebase-helper <rebase-helper@localhost.local> - 2.0.14-1
|
||||||
|
- New upstream release 2.0.14 (#1491888)
|
||||||
|
|
||||||
|
* Fri Aug 25 2017 Josef Ridky <jridky@redhat.com> - 2.0.12-4
|
||||||
|
- CVE-2017-1000050 jasper: NULL pointer exception in jp2_encode() (#1472888)
|
||||||
|
|
||||||
|
* Wed Aug 02 2017 Fedora Release Engineering <releng@fedoraproject.org> - 2.0.12-3
|
||||||
|
- Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Binutils_Mass_Rebuild
|
||||||
|
|
||||||
|
* Wed Jul 26 2017 Fedora Release Engineering <releng@fedoraproject.org> - 2.0.12-2
|
||||||
|
- Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Mass_Rebuild
|
||||||
|
|
||||||
|
* Fri Mar 03 2017 Josef Ridky <jridky@redhat.com> - 2.0.12-1
|
||||||
|
- New upstream release 2.0.12 (#1428622)
|
||||||
|
|
||||||
|
* Fri Feb 10 2017 Fedora Release Engineering <releng@fedoraproject.org> - 2.0.10-2
|
||||||
|
- Rebuilt for https://fedoraproject.org/wiki/Fedora_26_Mass_Rebuild
|
||||||
|
|
||||||
|
* Tue Jan 17 2017 Josef Ridky <jridky@redhat.com> - 2.0.10-1
|
||||||
|
- New upstream release 2.0.10 (#1403401)
|
||||||
|
|
||||||
|
* Thu Dec 1 2016 Josef Ridky <jridky@redhat.com> - 2.0.2-1
|
||||||
|
- New upstream release 2.0.2 (#1395929)
|
||||||
|
- CVE-2016-9262 jasper: Multiple overflow vulnerabilities leading to use after free (#1393883)
|
||||||
|
- CVE-2016-8654 jasper: Heap-based buffer overflow in QMFB code in JPC codec (#1399168)
|
||||||
|
- CVE-2016-9388 jasper: Reachable assertion in RAS encoder/decoder
|
||||||
|
- CVE-2016-9389 jasper: Improper equality testing of component domains via assertion
|
||||||
|
- CVE-2016-9390 jasper: Assertion failure when tiles lie outside of the image area
|
||||||
|
- CVE-2016-9391 jasper: reachable assertions in the JPC bitstream code
|
||||||
|
- CVE-2016-9392 jasper: Missing sanity checks on the date in SIZ marker segment
|
||||||
|
- CVE-2016-9393 jasper: Missing sanity checks on the date in SIZ marker segment
|
||||||
|
- CVE-2016-9394 jasper: Missing sanity checks on the data in a SIZ marker segment
|
||||||
|
- CVE-2016-9395 jasper: Assertion failure in jas_seq2d_create
|
||||||
|
- CVE-2016-9557 jasper: Signed integer overflow in jas_image.c
|
||||||
|
- CVE-2016-9560 jasper: Stack-based buffer overflow in jpc_tsfb.c
|
||||||
|
- Upgrade libjasper.so.1* to libjasper.so.4*
|
||||||
|
|
||||||
|
* Mon Oct 24 2016 Josef Ridky <jridky@redhat.com> - 1.900.13-1
|
||||||
|
- New upstream release 1.900.13 (#1385637)
|
||||||
|
- Release contains security fix for CVE-2016-8690, CVE-2016-8691, CVE-2016-8692, CVE-2016-8693 (#1385516)
|
||||||
|
|
||||||
|
* Thu Oct 13 2016 Josef Ridky <jridky@redhat.com> - 1.900.3-1
|
||||||
|
- New upstream release 1.900.3
|
||||||
|
|
||||||
|
* Tue Oct 11 2016 Josef Ridky <jridky@redhat.com> - 1.900.2-2
|
||||||
|
- CVE-2016-2089 - matrix rows_ NULL pointer dereference in jas_matrix_clip() (#1302636)
|
||||||
|
|
||||||
|
* Mon Oct 10 2016 Josef Ridky <jridky@redhat.com> - 1.900.2-1
|
||||||
|
- New upstream release 1.900.2 (#1382188)
|
||||||
|
|
||||||
|
* Thu Sep 15 2016 Dave Airlie <airlied@redhat.com> - 1.900.1-34
|
||||||
|
- patch 14 is an ABI break, this breaks gnome-software and steam
|
||||||
|
- this would require a new revision of the .so to fix properly
|
||||||
|
- as sizeof (int) != sizeof (size_t)
|
||||||
|
|
||||||
|
* Fri Aug 12 2016 Josef Ridky <jridky@redhat.com> - 1.900.1-33
|
||||||
|
- CVE-2015-5203 - double free in jasper_image_stop_load() (#1254244)
|
||||||
|
- CVE-2015-5221 - Use-after-free and double-free flaws (#1255714)
|
||||||
|
- CVE-2016-1867 - out-of-bounds read in the jpc_pi_nextcprl() function (#1298138)
|
||||||
|
- CVE-2016-1577 - double free vulnerability in jas_iccattrval_destroy (#1314468)
|
||||||
|
- CVE-2016-2116 - memory leak in jas_iccprof_createfrombuf causing
|
||||||
|
memory consumption (#1314473)
|
||||||
|
|
||||||
|
* Thu Feb 04 2016 Fedora Release Engineering <releng@fedoraproject.org> - 1.900.1-32
|
||||||
|
- Rebuilt for https://fedoraproject.org/wiki/Fedora_24_Mass_Rebuild
|
||||||
|
|
||||||
|
* Wed Jun 17 2015 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 1.900.1-31
|
||||||
|
- Rebuilt for https://fedoraproject.org/wiki/Fedora_23_Mass_Rebuild
|
||||||
|
|
||||||
|
* Thu Jan 22 2015 Jiri Popelka <jpopelka@redhat.com> - 1.900.1-30
|
||||||
|
- CVE-2014-8157 - dec->numtiles off-by-one check in jpc_dec_process_sot() (#1184750)
|
||||||
|
- CVE-2014-8158 - unrestricted stack memory use in jpc_qmfb.c (#1184750)
|
||||||
|
|
||||||
|
* Thu Dec 18 2014 Jiri Popelka <jpopelka@redhat.com> - 1.900.1-29
|
||||||
|
- CVE-2014-8137 - double-free in jas_iccattrval_destroy() (oCERT-2014-012) (#1175761)
|
||||||
|
- CVE-2014-8138 - heap overflow in jp2_decode() (oCERT-2014-012) (#1175761)
|
||||||
|
|
||||||
|
* Thu Dec 04 2014 Jiri Popelka <jpopelka@redhat.com> - 1.900.1-28
|
||||||
|
- CVE-2014-9029 - incorrect component number check in COC, RGN and QCC
|
||||||
|
marker segment decoders (#1170650)
|
||||||
|
|
||||||
|
* Sat Aug 16 2014 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 1.900.1-27
|
||||||
|
- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_22_Mass_Rebuild
|
||||||
|
|
||||||
|
* Sat Jun 07 2014 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 1.900.1-26
|
||||||
|
- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_Mass_Rebuild
|
||||||
|
|
||||||
|
* Sat Aug 03 2013 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 1.900.1-25
|
||||||
|
- Rebuilt for https://fedoraproject.org/wiki/Fedora_20_Mass_Rebuild
|
||||||
|
|
||||||
|
* Mon Mar 25 2013 Jiri Popelka <jpopelka@redhat.com> - 1.900.1-24
|
||||||
|
- added --force option to autoreconf (#925604)
|
||||||
|
|
||||||
|
* Thu Feb 14 2013 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 1.900.1-23
|
||||||
|
- Rebuilt for https://fedoraproject.org/wiki/Fedora_19_Mass_Rebuild
|
||||||
|
|
||||||
|
* Fri Jan 18 2013 Adam Tkac <atkac redhat com> - 1.900.1-22
|
||||||
|
- rebuild due to "jpeg8-ABI" feature drop
|
||||||
|
|
||||||
|
* Thu Dec 06 2012 Jiri Popelka <jpopelka@redhat.com> - 1.900.1-21
|
||||||
|
- build with -fno-strict-overflow
|
||||||
|
|
||||||
|
* Thu Jul 19 2012 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 1.900.1-20
|
||||||
|
- Rebuilt for https://fedoraproject.org/wiki/Fedora_18_Mass_Rebuild
|
||||||
|
|
||||||
|
* Fri Jan 13 2012 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 1.900.1-19
|
||||||
|
- Rebuilt for https://fedoraproject.org/wiki/Fedora_17_Mass_Rebuild
|
||||||
|
|
||||||
|
* Fri Dec 09 2011 Jiri Popelka <jpopelka@redhat.com> - 1.900.1-18
|
||||||
|
- CVE-2011-4516, CVE-2011-4517 jasper: heap buffer overflow flaws
|
||||||
|
lead to arbitrary code execution (CERT VU#887409) (#765660)
|
||||||
|
- Fixed problems found by static analysis of code (#761440)
|
||||||
|
- spec file modernized
|
||||||
|
|
||||||
|
* Wed Feb 09 2011 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 1.900.1-17
|
||||||
|
- Rebuilt for https://fedoraproject.org/wiki/Fedora_15_Mass_Rebuild
|
||||||
|
|
||||||
|
* Wed Jun 30 2010 Rex Dieter <rdieter@fedoraproject.org> - 1.900.1-16
|
||||||
|
- rebuild
|
||||||
|
|
||||||
|
* Sun Feb 14 2010 Rex Dieter <rdieter@fedoraproject.org> - 1.900.1-15
|
||||||
|
- FTBFS jasper-1.900.1-14.fc12: ImplicitDSOLinking (#564794)
|
||||||
|
|
||||||
|
* Thu Oct 29 2009 Rex Dieter <rdieter@fedoraproject.org> - 1.900.1-14
|
||||||
|
- add pkgconfig support
|
||||||
|
|
||||||
|
* Tue Oct 13 2009 Rex Dieter <rdieter@fedoraproject.org> - 1.900.1-13
|
||||||
|
- CVE-2008-3520 jasper: multiple integer overflows in jas_alloc calls (#461476)
|
||||||
|
- CVE-2008-3522 jasper: possible buffer overflow in
|
||||||
|
jas_stream_printf() (#461478)
|
||||||
|
|
||||||
|
* Fri Jul 24 2009 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 1.900.1-12
|
||||||
|
- Rebuilt for https://fedoraproject.org/wiki/Fedora_12_Mass_Rebuild
|
||||||
|
|
||||||
|
* Sat Jul 18 2009 Rex Dieter <rdieter@fedoraproject.org> - 1.900.1-11
|
||||||
|
- FTBFS jasper-1.900.1-10.fc11 (#511743)
|
||||||
|
|
||||||
|
* Wed Feb 25 2009 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 1.900.1-10
|
||||||
|
- Rebuilt for https://fedoraproject.org/wiki/Fedora_11_Mass_Rebuild
|
||||||
|
|
||||||
|
* Sun Jan 25 2009 Rex Dieter <rdieter@fedoraproject.org> 1.900.1-9
|
||||||
|
- patch for "jpc_dec_tiledecode: Assertion `dec->numcomps == 3' failed)
|
||||||
|
(#481284, #481291)
|
||||||
|
|
||||||
|
* Fri Feb 08 2008 Rex Dieter <rdieter@fedoraproject.org> 1.900.1-8
|
||||||
|
- respin (gcc43)
|
||||||
|
|
||||||
|
* Mon Oct 15 2007 Rex Dieter <rdieter[AT]fedoraproject.org> 1.900.1-7
|
||||||
|
- -libs: %%post/%%postun -p /sbin/ldconfig
|
||||||
|
|
||||||
|
* Mon Sep 17 2007 Rex Dieter <rdieter[AT]fedoraproject.org> 1.900.1-6
|
||||||
|
- -libs: -Requires: %%name
|
||||||
|
- -devel: +Provides: libjasper-devel
|
||||||
|
- drop (unused) geojasper bits
|
||||||
|
|
||||||
|
* Wed Aug 22 2007 Rex Dieter <rdieter[AT]fedoraproject.org> 1.900.1-4
|
||||||
|
- -libs subpkg to be multilib friendlier
|
||||||
|
- -utils subpkg for non-essential binaries jiv, tmrdemo (#244153)
|
||||||
|
|
||||||
|
* Fri Aug 17 2007 Rex Dieter <rdieter[AT]fedoraproject.org> 1.900.1-3
|
||||||
|
- License: JasPer
|
||||||
|
|
||||||
|
* Wed May 23 2007 Rex Dieter <rdieter[AT]fedoraproject.org> 1.900.1-2
|
||||||
|
- CVE-2007-2721 (#240397)
|
||||||
|
|
||||||
|
* Thu Mar 29 2007 Rex Dieter <rdieter[AT]fedoraproject.org> 1.900.1-1
|
||||||
|
- jasper-1.900.1
|
||||||
|
|
||||||
|
* Fri Dec 08 2006 Rex Dieter <rexdieter[AT]users.sf.net> 1.900.0-3
|
||||||
|
- omit deprecated memleak patch
|
||||||
|
|
||||||
|
* Fri Dec 08 2006 Rex Dieter <rexdieter[AT]users.sf.net> 1.900.0-2
|
||||||
|
- jasper-1.900.0 (#218947)
|
||||||
|
|
||||||
|
* Mon Sep 18 2006 Rex Dieter <rexdieter[AT]users.sf.net> 1.701.0-15
|
||||||
|
- memory leak (#207006)
|
||||||
|
|
||||||
|
* Tue Aug 29 2006 Rex Dieter <rexdieter[AT]users.sf.net> 1.701.0-13
|
||||||
|
- fc6 respin
|
||||||
|
|
||||||
|
* Wed Mar 1 2006 Rex Dieter <rexdieter[AT]users.sf.net> 1.701.0-12
|
||||||
|
- fixup build issues introduced by geojasper integration
|
||||||
|
|
||||||
|
* Wed Mar 1 2006 Rex Dieter <rexdieter[AT]users.sf.net> 1.701.0-10
|
||||||
|
- support/use geojasper (optional, default no)
|
||||||
|
- fc5: gcc/glibc respin
|
||||||
|
|
||||||
|
* Fri Feb 10 2006 Rex Dieter <rexdieter[AT]users.sf.net>
|
||||||
|
- fc5: gcc/glibc respin
|
||||||
|
|
||||||
|
* Tue Jan 31 2006 Rex Dieter <rexdieter[AT]users.sf.net> 1.701.0-9
|
||||||
|
- workaround "freeglut-devel should Requires: libGL-devel, libGLU-devel"
|
||||||
|
(#179464)
|
||||||
|
|
||||||
|
* Tue Jan 31 2006 Rex Dieter <rexdieter[AT]users.sf.net> 1.701.0-8
|
||||||
|
- revert jasper to jaspertool rename (#176773)
|
||||||
|
- actually use/apply GL patch
|
||||||
|
|
||||||
|
* Tue Oct 18 2005 Rex Dieter <rexdieter[AT]users.sf.net> 1.701.0-7
|
||||||
|
- GL patch to remove libGL dependancy (using only freeglut)
|
||||||
|
|
||||||
|
* Tue Oct 18 2005 Rex Dieter <rexdieter[AT]users.sf.net> 1.701.0-6
|
||||||
|
- token %%check section
|
||||||
|
- --enable-shared
|
||||||
|
|
||||||
|
* Mon Oct 17 2005 Rex Dieter <rexdieter[AT]users.sf.net> 1.701.0-5
|
||||||
|
- use %%{?dist}
|
||||||
|
- BR: libGL-devel
|
||||||
|
|
||||||
|
* Thu Apr 7 2005 Michael Schwendt <mschwendt[AT]users.sf.net>
|
||||||
|
- rebuilt
|
||||||
|
|
||||||
|
* Sat Oct 23 2004 Rex Dieter <rexdieter at sf.net> 0:1.701.0-0.fdr.3
|
||||||
|
- Capitalize summary
|
||||||
|
- remove 0-length ChangeLog
|
||||||
|
|
||||||
|
* Fri Jun 04 2004 Rex Dieter <rexdieter at sf.net> 0:1.701.0-0.fdr.2
|
||||||
|
- nuke .la file
|
||||||
|
- BR: glut-devel -> freeglut-devel
|
||||||
|
|
||||||
|
* Tue Jun 01 2004 Rex Dieter <rexdieter at sf.net> 0:1.701.0-0.fdr.1
|
||||||
|
- 1.701.0
|
||||||
|
|
||||||
|
* Tue Jun 01 2004 Rex Dieter <rexdieter at sf.net> 0:1.700.5-0.fdr.2
|
||||||
|
- avoid conflicts with fc'2 tomcat by renaming /usr/bin/jasper -> jaspertool
|
||||||
|
|
||||||
|
* Mon Mar 08 2004 Rex Dieter <rexdieter at sf.net> 0:1.700.5-0.fdr.1
|
||||||
|
- use Epochs.
|
||||||
|
- -devel: Requires: %%name = %%epoch:%%version
|
||||||
|
|
||||||
|
* Thu Jan 22 2004 Rex Dieter <rexdieter at sf.net> 1.700.5-0.fdr.0
|
||||||
|
- first try
|
||||||
|
|
Loading…
Reference in New Issue
Block a user