Rebuild to the latest version 2.0.2

2016-12-01 13:27:20 +01:00 · 2016-12-01 13:27:20 +01:00 · a5c70830f1
commit a5c70830f1
parent 168cc2af7e
5 changed files with 101 additions and 34 deletions
--- a/.gitignore
+++ b/.gitignore
@ -7,3 +7,5 @@ jasper-1.900.1.zip
 /jasper-1.900.3.tar.gz
 /jasper-1.900.13.tar.gz
 /jasper-1.900.28.tar.gz
+/jasper-1.900.30.tar.gz
+/jasper-2.0.2.tar.gz
--- a/jasper-2.0.2-test-ppc64-disable.patch
+++ b/jasper-2.0.2-test-ppc64-disable.patch
@ -0,0 +1,15 @@
+diff -uprN old/test/bin/codec_tests new/test/bin/codec_tests
+--- old/test/bin/codec_tests	2016-12-01 04:04:07.000000000 +0100
+++ new/test/bin/codec_tests	2016-12-01 10:49:34.191522973 +0100
+@@ -241,7 +241,10 @@ BEGIN id=prg_4 PRGTEST0 prg=pcrl bug=JAS
+ BEGIN id=prg_5 PRGTEST1 prg=lrcp bug=OJ_BUG
+ BEGIN id=prg_6 PRGTEST1 prg=rlcp bug=OJ_BUG
+ BEGIN id=prg_7 PRGTEST1 prg=rpcl bug=JASPER_ENC_BUG,OJ_BUG
+-BEGIN id=prg_8 PRGTEST1 prg=cprl bug=JASPER_ENC_BUG,OJ_BUG
+
+/* On ppc64 and ppc64le arch, this test stuck without any exception or error code 
+BEGIN id=prg_8 PRGTEST1 prg=cprl bug=JASPER_ENC_BUG,OJ_BUG */
+
+ BEGIN id=prg_9 PRGTEST1 prg=pcrl bug=JASPER_ENC_BUG,OJ_BUG
+ 
+ /* Note: The testcases prg_8 and prg_9 cause an exception in the JJ2000
--- a/jasper-2.0.2-test-ppc64le-disable.patch
+++ b/jasper-2.0.2-test-ppc64le-disable.patch
@ -0,0 +1,27 @@
+diff -urpN old/test/bin/codec_tests new/test/bin/codec_tests
+--- old/test/bin/codec_tests	2016-12-01 04:04:07.000000000 +0100
+++ new/test/bin/codec_tests	2016-12-01 12:07:43.496822875 +0100
+@@ -230,7 +230,10 @@ BEGIN id=gbit_4 image=stawamuschief_gray
+ BEGIN id=prg_0 PRGTEST0 prg=lrcp bug=OJ_BUG
+ BEGIN id=prg_1 PRGTEST0 prg=rlcp bug=OJ_BUG
+ BEGIN id=prg_2 PRGTEST0 prg=rpcl bug=JASPER_ENC_BUG,OJ_BUG
+-BEGIN id=prg_3 PRGTEST0 prg=cprl bug=JASPER_ENC_BUG,OJ_BUG
+
+/* On ppc64le arch, this test stuck without any exception or error code
+BEGIN id=prg_3 PRGTEST0 prg=cprl bug=JASPER_ENC_BUG,OJ_BUG */
+
+ BEGIN id=prg_4 PRGTEST0 prg=pcrl bug=JASPER_ENC_BUG,OJ_BUG
+ 
+ #define	PRGTEST1 \
+@@ -241,7 +244,10 @@ BEGIN id=prg_4 PRGTEST0 prg=pcrl bug=JAS
+ BEGIN id=prg_5 PRGTEST1 prg=lrcp bug=OJ_BUG
+ BEGIN id=prg_6 PRGTEST1 prg=rlcp bug=OJ_BUG
+ BEGIN id=prg_7 PRGTEST1 prg=rpcl bug=JASPER_ENC_BUG,OJ_BUG
+-BEGIN id=prg_8 PRGTEST1 prg=cprl bug=JASPER_ENC_BUG,OJ_BUG
+
+/* On ppc64 and ppc64le arch, this test stuck without any exception or error code 
+BEGIN id=prg_8 PRGTEST1 prg=cprl bug=JASPER_ENC_BUG,OJ_BUG */
+
+ BEGIN id=prg_9 PRGTEST1 prg=pcrl bug=JASPER_ENC_BUG,OJ_BUG
+ 
+ /* Note: The testcases prg_8 and prg_9 cause an exception in the JJ2000
--- a/jasper.spec
+++ b/jasper.spec
@ -6,7 +6,7 @@
 Summary: Implementation of the JPEG-2000 standard, Part 1
 Name:    jasper
 Group:   System Environment/Libraries
-Version: 1.900.28
+Version: 2.0.2
 Release: 1%{?dist}

 %if "%{version}" > "1.900.1"
@ -24,12 +24,18 @@ Source0: http://www.ece.uvic.ca/~frodo/jasper/software/jasper-%{version}%{ext}
 # https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2008-3520
 Patch1: jasper-1.900.1-CVE-2008-3520.patch

+# architecture related patches
+Patch100: jasper-2.0.2-test-ppc64-disable.patch
+Patch101: jasper-2.0.2-test-ppc64le-disable.patch
+
 # autoreconf
-BuildRequires: autoconf automake libtool
+BuildRequires: cmake
 BuildRequires: freeglut-devel 
 BuildRequires: libGLU-devel
 BuildRequires: libjpeg-devel
-BuildRequires: pkgconfig
+BuildRequires: libXmu-devel libXi-devel
+BuildRequires: pkgconfig doxygen
+BuildRequires: mesa-libGL-devel

 Requires: %{name}-libs%{?_isa} = %{version}-%{release}

@ -64,49 +70,56 @@ Requires: %{name}-libs%{?_isa} = %{version}-%{release}
 %{summary}, including jiv and tmrdemo.


-
 %prep
 %setup -q -n %{name}-%{version}
 %patch1 -p1 -b .CVE-2008-3520

-autoreconf --verbose --force --install
+# Need to disable one test to be able to build it on ppc64 arch
+# At ppc64 this test just stuck (nothing happend - no exception or error)
+
+%if "%{_arch}" == "ppc64"
+%patch100 -p1 -b .test-ppc64-disable
+%endif
+
+# Need to disable two tests to be able to build it on ppc64le arch
+# At ppc64le this tests just stuck (nothing happend - no exception or error)
+
+%if "%{_arch}" == "ppc64le"
+%patch101 -p1 -b .test-ppc64le-disable
+%endif
+
+
+mkdir -p builder
+
+%cmake -G "Unix Makefiles" \
+       -H%{_builddir}/%{name}-%{version} \
+       -B%{_builddir}/%{name}-%{version}/builder


 %build
+pushd builder
+make clean all

-# jas_icc.c:744:2: warning: assuming signed overflow does not occur
-# when assuming that (X + c) < X is always false [-Wstrict-overflow]
-#
-# comment from Red Hat Security Response Team:
-# gcc inlines jas_iccattrtab_resize into jas_iccattrtab_add. Additionally, it
-# essentially removes the "assert(maxents >= tab->numattrs);" assertion in
-# jas_iccattrtab_resize, because it assumes that "maxents >= tab->numattrs" will
-# always be true due to jas_iccattrtab_resize(attrtab, attrtab->numattrs + 32),
-# especially the + 32. This assumption can only be true if it completely ignores
-# the problem of signed integer overflows. I don't think it's a smart idea to
-# accept that.
-# -fno-strict-overflow forces gcc into keeping the assertion there.
-CFLAGS="%{optflags} -fno-strict-overflow" \
-%configure \
-  --enable-shared \
-  --disable-static 
-
-make %{?_smp_mflags}
-
+popd

 %install
-
+pushd builder
 make install DESTDIR=$RPM_BUILD_ROOT

+%if "%{_arch}" != "arm" && "%{_arch}" != "i386"
+	mv %{buildroot}/usr/lib %{buildroot}/usr/lib64
+%endif
+
 # Unpackaged files
 rm -f doc/README
 rm -f $RPM_BUILD_ROOT%{_libdir}/lib*.la
-
+popd

 %check
-make check
-
+pushd builder
+make test

+popd

 %post libs -p /sbin/ldconfig

@ -127,19 +140,29 @@ make check
 %{_libdir}/pkgconfig/jasper.pc

 %files libs
-%doc COPYRIGHT LICENSE NEWS README
-%{_libdir}/libjasper.so.4*
+%doc COPYRIGHT LICENSE README
+%{_libdir}/libjasper.so*

 %files utils
 %{_bindir}/jiv
-%{_bindir}/tmrdemo
 %{_mandir}/man1/jiv.1*


 %changelog
-* Mon Nov 14 2016 Josef Ridky <jridky@redhat.com> - 1.900.28-1
- New upstream release 1.900.28 (#1389636)
+* Thu Dec  1 2016 Josef Ridky <jridky@redhat.com> - 2.0.2-1
+- New upstream release 2.0.2 (#1395929)
 - CVE-2016-9262 jasper: Multiple overflow vulnerabilities leading to use after free (#1393883)
+- CVE-2016-8654 jasper: Heap-based buffer overflow in QMFB code in JPC codec (#1399168)
+- CVE-2016-9388 jasper: Reachable assertion in RAS encoder/decoder
+- CVE-2016-9389 jasper: Improper equality testing of component domains via assertion
+- CVE-2016-9390 jasper: Assertion failure when tiles lie outside of the image area
+- CVE-2016-9391 jasper: reachable assertions in the JPC bitstream code
+- CVE-2016-9392 jasper: Missing sanity checks on the date in SIZ marker segment
+- CVE-2016-9393 jasper: Missing sanity checks on the date in SIZ marker segment
+- CVE-2016-9394 jasper: Missing sanity checks on the data in a SIZ marker segment
+- CVE-2016-9395 jasper: Assertion failure in jas_seq2d_create
+- CVE-2016-9557 jasper: Signed integer overflow in jas_image.c
+- CVE-2016-9560 jasper: Stack-based buffer overflow in jpc_tsfb.c
 - Upgrade libjasper.so.1* to libjasper.so.4*

 * Mon Oct 24 2016 Josef Ridky <jridky@redhat.com> - 1.900.13-1
--- a/2
+++ b/2
@ -1 +1 @@
-979fd58a439ccaba8eb3b806d7e6a87e  jasper-1.900.28.tar.gz
+d7e188292fea238dd98709c2136267e4  jasper-2.0.2.tar.gz