diff --git a/.gitignore b/.gitignore index b5766dc..e210aea 100644 --- a/.gitignore +++ b/.gitignore @@ -16,3 +16,4 @@ jasper-1.900.1.zip /version-2.0.17.tar.gz /version-2.0.22.tar.gz /version-2.0.24.tar.gz +/version-2.0.25.tar.gz diff --git a/jasper-CVE-2021-3272.patch b/jasper-CVE-2021-3272.patch deleted file mode 100644 index 20aceb0..0000000 --- a/jasper-CVE-2021-3272.patch +++ /dev/null @@ -1,47 +0,0 @@ -From 49174ab592cdfa6f1a929a2ee3d4b4976f9459fd Mon Sep 17 00:00:00 2001 -From: Michael Adams -Date: Tue, 19 Jan 2021 22:59:33 -0800 -Subject: [PATCH] Fixes #259 - ---- - src/libjasper/jp2/jp2_dec.c | 12 ++++++++++-- - 1 file changed, 10 insertions(+), 2 deletions(-) - -diff --git a/src/libjasper/jp2/jp2_dec.c b/src/libjasper/jp2/jp2_dec.c -index 4acf004..60dee42 100644 ---- a/src/libjasper/jp2/jp2_dec.c -+++ b/src/libjasper/jp2/jp2_dec.c -@@ -255,7 +255,7 @@ jas_image_t *jp2_decode(jas_stream_t *in, const char *optstr) - with the data in the code stream? */ - if ((samedtype && dec->ihdr->data.ihdr.bpc != JP2_DTYPETOBPC(dtype)) || - (!samedtype && dec->ihdr->data.ihdr.bpc != JP2_IHDR_BPCNULL)) { -- jas_eprintf("warning: component data type mismatch\n"); -+ jas_eprintf("warning: component data type mismatch (IHDR)\n"); - } - - /* Is the compression type supported? */ -@@ -278,7 +278,7 @@ jas_image_t *jp2_decode(jas_stream_t *in, const char *optstr) - ++i) { - if (jas_image_cmptdtype(dec->image, i) != - JP2_BPCTODTYPE(dec->bpcc->data.bpcc.bpcs[i])) { -- jas_eprintf("warning: component data type mismatch\n"); -+ jas_eprintf("warning: component data type mismatch (BPCC)\n"); - } - } - } else { -@@ -409,6 +409,14 @@ jas_image_t *jp2_decode(jas_stream_t *in, const char *optstr) - } - } - -+ /* Ensure that the number of channels being used by the decoder -+ matches the number of image components. */ -+ if (dec->numchans != jas_image_numcmpts(dec->image)) { -+ jas_eprintf("error: mismatch in number of components (%d != %d)\n", -+ dec->numchans, jas_image_numcmpts(dec->image)); -+ goto error; -+ } -+ - /* Mark all components as being of unknown type. */ - - for (i = 0; i < JAS_CAST(jas_uint, jas_image_numcmpts(dec->image)); ++i) { - diff --git a/jasper.spec b/jasper.spec index 7674bb0..d30f304 100644 --- a/jasper.spec +++ b/jasper.spec @@ -5,8 +5,8 @@ Summary: Implementation of the JPEG-2000 standard, Part 1 Name: jasper -Version: 2.0.24 -Release: 3%{?dist} +Version: 2.0.25 +Release: 1%{?dist} License: JasPer URL: http://www.ece.uvic.ca/~frodo/jasper/ @@ -15,7 +15,6 @@ Source0: https://github.com/jasper-software/jasper/archive/version-%{version}.ta # skip hard-coded prefix/lib rpath Patch2: jasper-2.0.14-rpath.patch Patch3: jasper-freeglut.patch -Patch4: jasper-CVE-2021-3272.patch # architecture related patches Patch100: jasper-2.0.2-test-ppc64-disable.patch @@ -69,7 +68,6 @@ Requires: %{name}-libs%{?_isa} = %{version}-%{release} # Need to disable one test to be able to build it on ppc64 arch # At ppc64 this test just stuck (nothing happend - no exception or error) %patch3 -p1 -b .freeglut -%patch4 -p1 -b .CVE-2021-3272 %if "%{_arch}" == "ppc64" %patch100 -p1 -b .test-ppc64-disable @@ -130,6 +128,9 @@ make test -C builder %changelog +* Tue Feb 09 2021 Josef Ridky - 2.0.25-1 +- new upstream release 2.0.25 (#1925996) + * Thu Jan 28 2021 Josef Ridky - 2.0.24-3 - fix CVE-2021-3272 (#1921328) diff --git a/sources b/sources index 5b66e8f..b00f5c4 100644 --- a/sources +++ b/sources @@ -1 +1 @@ -SHA512 (version-2.0.24.tar.gz) = 9e3c6b236844d5a25d9f75cfd55de9d1137b2c3f46d5646761fd501fefc6386ffbf935d2d806d9a28fa351569afd90d1fed494ef929615beca3a0dd0f8247e04 +SHA512 (version-2.0.25.tar.gz) = 721957120526227233b1f707b6bc3541e73ba95c919398097a36b3cbb256803306cebf0cec6d6999692a4603fea2bd5bbc70d567fe2da8719957e98a9e1a65e8