Resolves: #1491888 - Rebase to the latest upstream version 2.0.14

This commit is contained in:
Josef Ridky 2017-09-15 08:56:59 +02:00
parent 3dd700edaf
commit 9b4bfb1c53
5 changed files with 7 additions and 38 deletions

1
.gitignore vendored
View File

@ -11,3 +11,4 @@ jasper-1.900.1.zip
/jasper-2.0.2.tar.gz /jasper-2.0.2.tar.gz
/jasper-2.0.10.tar.gz /jasper-2.0.10.tar.gz
/jasper-2.0.12.tar.gz /jasper-2.0.12.tar.gz
/jasper-2.0.14.tar.gz

View File

@ -1,13 +0,0 @@
diff --git a/src/libjasper/jp2/jp2_cod.c b/src/libjasper/jp2/jp2_cod.c
index 7f3608a..c4ba73c 100644
--- a/src/libjasper/jp2/jp2_cod.c
+++ b/src/libjasper/jp2/jp2_cod.c
@@ -248,7 +248,7 @@ jp2_box_t *jp2_box_get(jas_stream_t *in)
box = 0;
tmpstream = 0;
- if (!(box = jas_malloc(sizeof(jp2_box_t)))) {
+ if (!(box = jas_calloc(1, sizeof(jp2_box_t)))) {
goto error;
}

View File

@ -1,15 +0,0 @@
diff -urNp old/src/libjasper/jp2/jp2_enc.c new/src/libjasper/jp2/jp2_enc.c
--- old/src/libjasper/jp2/jp2_enc.c 2017-08-25 12:49:46.242889564 +0200
+++ new/src/libjasper/jp2/jp2_enc.c 2017-08-25 12:56:41.041654317 +0200
@@ -115,6 +115,11 @@ int jp2_encode(jas_image_t *image, jas_s
iccstream = 0;
iccprof = 0;
+ if (jas_image_numcmpts(image) < 1) {
+ jas_eprintf("image must have at least one component\n");
+ goto error;
+ }
+
allcmptssame = 1;
sgnd = jas_image_cmptsgnd(image, 0);
prec = jas_image_cmptprec(image, 0);

View File

@ -6,8 +6,8 @@
Summary: Implementation of the JPEG-2000 standard, Part 1 Summary: Implementation of the JPEG-2000 standard, Part 1
Name: jasper Name: jasper
Group: System Environment/Libraries Group: System Environment/Libraries
Version: 2.0.12 Version: 2.0.14
Release: 4%{?dist} Release: 1%{?dist}
%if "%{version}" > "1.900.1" %if "%{version}" > "1.900.1"
%define ext .tar.gz %define ext .tar.gz
@ -19,11 +19,6 @@ License: JasPer
URL: http://www.ece.uvic.ca/~frodo/jasper/ URL: http://www.ece.uvic.ca/~frodo/jasper/
Source0: http://www.ece.uvic.ca/~frodo/jasper/software/jasper-%{version}%{ext} Source0: http://www.ece.uvic.ca/~frodo/jasper/software/jasper-%{version}%{ext}
# OpenBSD hardening patches addressing couple of possible integer overflows
# during the memory allocations
# https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2008-3520
Patch1: jasper-1.900.1-CVE-2008-3520.patch
Patch2: jasper-2.0.12-CVE-2017-1000050.patch
# architecture related patches # architecture related patches
Patch100: jasper-2.0.2-test-ppc64-disable.patch Patch100: jasper-2.0.2-test-ppc64-disable.patch
@ -73,8 +68,6 @@ Requires: %{name}-libs%{?_isa} = %{version}-%{release}
%prep %prep
%setup -q -n %{name}-%{version} %setup -q -n %{name}-%{version}
%patch1 -p1 -b .CVE-2008-3520
%patch2 -p1 -b .CVE-2017-1000050
# Need to disable one test to be able to build it on ppc64 arch # Need to disable one test to be able to build it on ppc64 arch
# At ppc64 this test just stuck (nothing happend - no exception or error) # At ppc64 this test just stuck (nothing happend - no exception or error)
@ -152,6 +145,9 @@ popd
%changelog %changelog
* Fri Sep 15 2017 rebase-helper <rebase-helper@localhost.local> - 2.0.14-1
- New upstream release 2.0.14 (#1491888)
* Fri Aug 25 2017 Josef Ridky <jridky@redhat.com> - 2.0.12-4 * Fri Aug 25 2017 Josef Ridky <jridky@redhat.com> - 2.0.12-4
- CVE-2017-1000050 jasper: NULL pointer exception in jp2_encode() (#1472888) - CVE-2017-1000050 jasper: NULL pointer exception in jp2_encode() (#1472888)

View File

@ -1 +1 @@
SHA512 (jasper-2.0.12.tar.gz) = 3b0f5a5640838b328d989a80461a23ca8ac98af054a7f15c13a543e769c98bb632b74114923c02c3b2de76747187747aec6e18a2cf14035a8d79eb3482fd553b SHA512 (jasper-2.0.14.tar.gz) = 9e5cffd2e899e37ba08890e2377ddfc3c2fb13d9fe00dea6b4612e4d241a6f4327de6835809b415c41ae4bf44208cf7871c1982ff5fc04ae6bc09fd376b0afc8