Compare commits

...

No commits in common. "c8s" and "c9-beta" have entirely different histories.
c8s ... c9-beta

13 changed files with 173 additions and 146 deletions

3
.gitignore vendored
View File

@ -1,2 +1 @@
SOURCES/jasper-2.0.14.tar.gz SOURCES/version-2.0.28.tar.gz
/jasper-2.0.14.tar.gz

1
.jasper.metadata Normal file
View File

@ -0,0 +1 @@
f5c38365bee191de6fa760bddb85ab49ed0b9075 SOURCES/version-2.0.28.tar.gz

View File

@ -0,0 +1,12 @@
diff -up jasper-2.0.14/CMakeLists.txt.rpath jasper-2.0.14/CMakeLists.txt
--- jasper-2.0.14/CMakeLists.txt.rpath 2017-09-14 18:20:10.000000000 -0500
+++ jasper-2.0.14/CMakeLists.txt 2018-07-19 09:48:53.035815377 -0500
@@ -347,7 +347,7 @@ if (JAS_ENABLE_SHARED)
# (but later on when installing)
set(CMAKE_BUILD_WITH_INSTALL_RPATH FALSE)
- set(CMAKE_INSTALL_RPATH "${CMAKE_INSTALL_PREFIX}/lib")
+ #set(CMAKE_INSTALL_RPATH "${CMAKE_INSTALL_PREFIX}/lib")
# add the automatically determined parts of the RPATH
# which point to directories outside the build tree to the install RPATH

View File

@ -0,0 +1,66 @@
diff -urNp a/build/cmake/modules/JasOpenGL.cmake b/build/cmake/modules/JasOpenGL.cmake
--- a/build/cmake/modules/JasOpenGL.cmake 2020-10-07 10:00:16.316291325 +0200
+++ b/build/cmake/modules/JasOpenGL.cmake 2020-10-07 10:03:39.536143003 +0200
@@ -13,19 +13,19 @@ if (JAS_ENABLE_OPENGL AND OPENGL_FOUND)
set(JAS_HAVE_OPENGL 0)
message("OpenGL include directory: ${OPENGL_INCLUDE_DIR}")
message("OpenGL libraries: ${OPENGL_LIBRARIES}")
- find_package(GLUT ${JAS_REQUIRED})
- message("GLUT library found: ${GLUT_FOUND}")
- if (GLUT_FOUND)
- message("GLUT include directory: ${GLUT_INCLUDE_DIR}")
- message("GLUT libraries: ${GLUT_LIBRARIES}")
- set(CMAKE_REQUIRED_INCLUDES ${GLUT_INCLUDE_DIR})
- check_include_files(GL/glut.h JAS_HAVE_GL_GLUT_H)
+ find_package(FreeGLUT ${JAS_REQUIRED})
+ message("GLUT library found: ${FreeGLUT_FOUND}")
+ if (FreeGLUT_FOUND)
+ message("GLUT include directory: ${FreeGLUT_INCLUDE_DIR}")
+ message("GLUT libraries: ${FreeGLUT_LIBRARIES}")
+ set(CMAKE_REQUIRED_INCLUDES ${FreeGLUT_INCLUDE_DIR})
+ check_include_files(GL/freeglut.h JAS_HAVE_GL_GLUT_H)
check_include_files(glut.h JAS_HAVE_GLUT_H)
if (JAS_HAVE_GL_GLUT_H OR JAS_HAVE_GLUT_H)
set(JAS_HAVE_OPENGL 1)
- include_directories(${GLUT_INCLUDE_DIR} ${OPENGL_INCLUDE_DIR})
+ include_directories(${FreeGLUT_INCLUDE_DIR} ${OPENGL_INCLUDE_DIR})
else()
- message(WARNING "The header files GL/glut.h and glut.h both appear to be missing.")
+ message(WARNING "The header files GL/freeglut.h and glut.h both appear to be missing.")
message(WARNING "Disabling OpenGL.")
endif()
endif()
@@ -49,6 +49,6 @@ else()
set(JAS_HAVE_OPENGL 0)
set(OPENGL_INCLUDE_DIR "")
set(OPENGL_LIBRARIES "")
- set(GLUT_INCLUDE_DIR "")
+ set(FreeGLUT_INCLUDE_DIR "")
set(GLUT_LIBRARIES "")
endif()
diff -urNp a/src/appl/CMakeLists.txt b/src/appl/CMakeLists.txt
--- a/src/appl/CMakeLists.txt 2020-10-07 10:00:16.338291526 +0200
+++ b/src/appl/CMakeLists.txt 2020-10-07 10:04:58.864872143 +0200
@@ -23,8 +23,8 @@ set(man_pages "${man_pages}" imgcmp.1)
if(JAS_HAVE_OPENGL)
add_executable(jiv jiv.c)
target_include_directories(jiv PUBLIC
- ${GLUT_INCLUDE_DIR} ${OPENGL_INCLUDE_DIR})
- target_link_libraries(jiv libjasper ${JPEG_LIBRARIES} ${GLUT_LIBRARIES}
+ ${FreeGLUT_INCLUDE_DIR} ${OPENGL_INCLUDE_DIR})
+ target_link_libraries(jiv libjasper ${JPEG_LIBRARIES} -lglut
${OPENGL_LIBRARIES} ${MATH_LIBRARY})
set(programs "${programs}" jiv)
set(man_pages "${man_pages}" jiv.1)
diff -urNp a/src/appl/jiv.c b/src/appl/jiv.c
--- a/src/appl/jiv.c 2020-10-07 10:00:16.340291544 +0200
+++ b/src/appl/jiv.c 2020-10-07 10:05:35.319207658 +0200
@@ -68,7 +68,7 @@
#include <math.h>
#include <inttypes.h>
#if defined(JAS_HAVE_GL_GLUT_H)
-#include <GL/glut.h>
+#include <GL/freeglut.h>
#else
#include <glut.h>
#endif

View File

@ -5,18 +5,16 @@
Summary: Implementation of the JPEG-2000 standard, Part 1 Summary: Implementation of the JPEG-2000 standard, Part 1
Name: jasper Name: jasper
Version: 2.0.14 Version: 2.0.28
Release: 5%{?dist} Release: 3%{?dist}
License: JasPer License: JasPer
URL: http://www.ece.uvic.ca/~frodo/jasper/ URL: http://www.ece.uvic.ca/~frodo/jasper/
Source0: http://www.ece.uvic.ca/~frodo/jasper/software/jasper-%{version}.tar.gz Source0: https://github.com/jasper-software/jasper/archive/version-%{version}.tar.gz
# skip hard-coded prefix/lib rpath
Patch1: jasper-2.0.14-CVE-2016-9396.patch Patch2: jasper-2.0.14-rpath.patch
Patch2: jasper-2.0.14-CVE-2021-26927.patch Patch3: jasper-freeglut.patch
Patch3: jasper-2.0.14-CVE-2021-3272.patch
Patch4: jasper-2.0.14-CVE-2020-27828.patch
# architecture related patches # architecture related patches
Patch100: jasper-2.0.2-test-ppc64-disable.patch Patch100: jasper-2.0.2-test-ppc64-disable.patch
@ -30,9 +28,10 @@ BuildRequires: libjpeg-devel
BuildRequires: libXmu-devel libXi-devel BuildRequires: libXmu-devel libXi-devel
BuildRequires: pkgconfig doxygen BuildRequires: pkgconfig doxygen
BuildRequires: mesa-libGL-devel BuildRequires: mesa-libGL-devel
BuildRequires: gcc
Requires: %{name}-libs%{?_isa} = %{version}-%{release} Requires: %{name}-libs%{?_isa} = %{version}-%{release}
BuildRequires: gcc
BuildRequires: make
%description %description
This package contains an implementation of the image compression This package contains an implementation of the image compression
@ -63,14 +62,12 @@ Requires: %{name}-libs%{?_isa} = %{version}-%{release}
%prep %prep
%setup -q -n %{name}-%{version} %setup -q -n %{name}-version-%{version}
%patch1 -p1 -b .CVE-2016-9396 %patch2 -p1 -b .rpath
%patch2 -p1 -b .CVE-2021-26927
%patch3 -p1 -b .CVE-2021-3272
%patch4 -p1 -b .CVE-2020-27828
# Need to disable one test to be able to build it on ppc64 arch # Need to disable one test to be able to build it on ppc64 arch
# At ppc64 this test just stuck (nothing happend - no exception or error) # At ppc64 this test just stuck (nothing happend - no exception or error)
%patch3 -p1 -b .freeglut
%if "%{_arch}" == "ppc64" %if "%{_arch}" == "ppc64"
%patch100 -p1 -b .test-ppc64-disable %patch100 -p1 -b .test-ppc64-disable
@ -84,41 +81,28 @@ Requires: %{name}-libs%{?_isa} = %{version}-%{release}
%endif %endif
mkdir -p builder
%cmake -G "Unix Makefiles" \
-H%{_builddir}/%{name}-%{version} \
-B%{_builddir}/%{name}-%{version}/builder
%build %build
pushd builder mkdir builder
make clean all %cmake \
-DJAS_ENABLE_DOC:BOOL=OFF \
-B builder
%make_build -C builder
popd
%install %install
pushd builder make install/fast DESTDIR=%{buildroot} -C builder
make install DESTDIR=%{buildroot}
#%if "%{_arch}" != "arm" && "%{_arch}" != "i386"
# mv %{buildroot}/usr/lib %{buildroot}/usr/lib64
#%endif
# Unpackaged files # Unpackaged files
rm -f doc/README rm -f doc/README
rm -f %{buildroot}%{_libdir}/lib*.la rm -f %{buildroot}%{_libdir}/lib*.la
popd
%check %check
pushd builder make test -C builder
make test
popd
%ldconfig_scriptlets libs %ldconfig_scriptlets libs
%files %files
%{_bindir}/imgcmp %{_bindir}/imgcmp
%{_bindir}/imginfo %{_bindir}/imginfo
@ -134,8 +118,9 @@ popd
%{_libdir}/pkgconfig/jasper.pc %{_libdir}/pkgconfig/jasper.pc
%files libs %files libs
%doc COPYRIGHT LICENSE README %doc README
%{_libdir}/libjasper.so* %license COPYRIGHT LICENSE
%{_libdir}/libjasper.so.4*
%files utils %files utils
%{_bindir}/jiv %{_bindir}/jiv
@ -143,14 +128,77 @@ popd
%changelog %changelog
* Tue Jun 01 2021 Josef Ridky <jridky@redhat.com> - 2.0.14-5 * Mon Aug 09 2021 Mohan Boddu <mboddu@redhat.com> - 2.0.28-3
- Fix CVE-2021-26927 (#1933860) - Rebuilt for IMA sigs, glibc 2.34, aarch64 flags
- Fix CVE-2021-26926 (#1922316) Related: rhbz#1991688
- Fix CVE-2021-3272 (#1922283)
- Fix CVE-2020-27828 (#1905692)
* Wed May 30 2018 Josef Ridky <jridky@redhat.com> - 2.0.14-4 * Fri Apr 16 2021 Mohan Boddu <mboddu@redhat.com> - 2.0.28-2
- Fix CVE-2016-9396 (#1583722) - Rebuilt for RHEL 9 BETA on Apr 15th 2021. Related: rhbz#1947937
* Tue Mar 30 2021 Josef Ridky <jridky@redhat.com> - 2.0.28-1
- New upstream release 2.0.28 (#1944481)
* Wed Mar 24 2021 Josef Ridky <jridky@redhat.com> - 2.0.27-1
- New upstream release 2.0.27 (#1940455)
* Tue Mar 16 2021 Josef Ridky <jridky@redhat.com> - 2.0.26-2
- Fix CVE-2021-3443 (#1939233)
* Wed Mar 10 2021 Josef Ridky <jridky@redhat.com> - 2.0.26-1
- New upstream release 2.0.26 (#1935900)
* Tue Feb 09 2021 Josef Ridky <jridky@redhat.com> - 2.0.25-1
- New upstream release 2.0.25 (#1925996)
* Thu Jan 28 2021 Josef Ridky <jridky@redhat.com> - 2.0.24-3
- fix CVE-2021-3272 (#1921328)
* Tue Jan 26 2021 Fedora Release Engineering <releng@fedoraproject.org> - 2.0.24-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_34_Mass_Rebuild
* Mon Jan 25 2021 Josef Ridky <jridky@redhat.com> - 2.0.24-1
- New upstream release 2.0.24 (#1905690)
* Wed Oct 07 2020 Josef Ridky <jridky@redhat.com> - 2.0.22-1
- New upstream release 2.0.22 (#1876161)
* Thu Aug 27 2020 Than Ngo <than@redhat.com> - 2.0.17-3
- add correct version
* Tue Jul 28 2020 Fedora Release Engineering <releng@fedoraproject.org> - 2.0.17-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_33_Mass_Rebuild
* Mon Jul 20 2020 Josef Ridky <jridky@redhat.com> - 2.0.17-1
- new upstream release (2.0.17)
- change of source URL to GitHub of Jasper
* Wed Jan 29 2020 Fedora Release Engineering <releng@fedoraproject.org> - 2.0.16-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_32_Mass_Rebuild
* Tue Sep 17 2019 Gwyn Ciesla <gwync@protonmail.com> - 2.0.16-1
- New version, rebuilt for new freeglut
* Thu Jul 25 2019 Fedora Release Engineering <releng@fedoraproject.org> - 2.0.14-9
- Rebuilt for https://fedoraproject.org/wiki/Fedora_31_Mass_Rebuild
* Fri Feb 01 2019 Fedora Release Engineering <releng@fedoraproject.org> - 2.0.14-8
- Rebuilt for https://fedoraproject.org/wiki/Fedora_30_Mass_Rebuild
* Thu Jul 19 2018 Rex Dieter <rdieter@fedoraproject.org> - 2.0.14-7
- cleanup cmake usage, move to %%build
- %%build: explicitly disable doc generation
- kill hard-coded rpath
- -libs: explicit soname so bumps aren't a surprise
- use %%license, %%make_build, 'make install/fast'
* Fri Jul 13 2018 Fedora Release Engineering <releng@fedoraproject.org> - 2.0.14-6
- Rebuilt for https://fedoraproject.org/wiki/Fedora_29_Mass_Rebuild
* Wed May 30 2018 Josef Ridky <jridky@redhat.com> - 2.0.14-5
- Fix CVE-2016-9396 (#1396986)
* Thu Mar 08 2018 Josef Ridky <jridky@redhat.com> - 2.0.14-4
- Fix gcc dependency
* Mon Feb 26 2018 Josef Ridky <jridky@redhat.com> - 2.0.14-3 * Mon Feb 26 2018 Josef Ridky <jridky@redhat.com> - 2.0.14-3
- Clean spec file - Clean spec file

View File

@ -1,6 +0,0 @@
--- !Policy
product_versions:
- rhel-8
decision_context: osci_compose_gate
rules:
- !PassingTestCaseRule {test_case_name: desktop-qe.desktop-ci.tier1-gating.functional}

View File

@ -1,13 +0,0 @@
diff -urNp old/src/libjasper/jpc/jpc_cs.c new/src/libjasper/jpc/jpc_cs.c
--- old/src/libjasper/jpc/jpc_cs.c 2018-05-30 09:01:54.160406645 +0200
+++ new/src/libjasper/jpc/jpc_cs.c 2018-05-30 09:05:24.527094308 +0200
@@ -795,6 +795,9 @@ static int jpc_cox_getcompparms(jpc_ms_t
if (compparms->numdlvls > 32) {
goto error;
}
+ if (compparms->qmfbid != JPC_COX_INS &&
+ compparms->qmfbid != JPC_COX_RFT)
+ goto error;
compparms->numrlvls = compparms->numdlvls + 1;
if (compparms->numrlvls > JPC_MAXRLVLS) {
goto error;

View File

@ -1,14 +0,0 @@
diff -urNp a/src/libjasper/jpc/jpc_enc.c b/src/libjasper/jpc/jpc_enc.c
--- a/src/libjasper/jpc/jpc_enc.c 2021-06-01 14:07:34.988061153 +0200
+++ b/src/libjasper/jpc/jpc_enc.c 2021-06-01 14:08:32.100584582 +0200
@@ -508,6 +508,10 @@ static jpc_enc_cp_t *cp_create(const cha
break;
case OPT_MAXRLVLS:
tccp->maxrlvls = atoi(jas_tvparser_getval(tvp));
+ if(tccp->maxrlvls > JPC_MAXRLVLS) {
+ jas_eprintf("invalid number of resolution levels upper than %d\n",JPC_MAXRLVLS);
+ goto error;
+ }
break;
case OPT_SOP:
cp->tcp.csty |= JPC_COD_SOP;

View File

@ -1,47 +0,0 @@
diff -urNp a/src/libjasper/jp2/jp2_dec.c b/src/libjasper/jp2/jp2_dec.c
--- a/src/libjasper/jp2/jp2_dec.c 2021-06-01 13:32:59.330396797 +0200
+++ b/src/libjasper/jp2/jp2_dec.c 2021-06-01 13:46:16.982925961 +0200
@@ -230,7 +230,8 @@ jas_image_t *jp2_decode(jas_stream_t *in
the value specified in the code stream? */
if (dec->ihdr->data.ihdr.numcmpts != JAS_CAST(jas_uint,
jas_image_numcmpts(dec->image))) {
- jas_eprintf("warning: number of components mismatch\n");
+ jas_eprintf("error: number of components mismatch (IHDR)\n");
+ goto error;
}
/* At least one component must be present. */
@@ -253,7 +254,8 @@ jas_image_t *jp2_decode(jas_stream_t *in
with the data in the code stream? */
if ((samedtype && dec->ihdr->data.ihdr.bpc != JP2_DTYPETOBPC(dtype)) ||
(!samedtype && dec->ihdr->data.ihdr.bpc != JP2_IHDR_BPCNULL)) {
- jas_eprintf("warning: component data type mismatch\n");
+ jas_eprintf("error: component data type mismatch (IHDR)\n");
+ goto error;
}
/* Is the compression type supported? */
@@ -265,9 +267,10 @@ jas_image_t *jp2_decode(jas_stream_t *in
if (dec->bpcc) {
/* Is the number of components indicated in the BPCC box
consistent with the code stream data? */
- if (dec->bpcc->data.bpcc.numcmpts != JAS_CAST(jas_uint, jas_image_numcmpts(
- dec->image))) {
- jas_eprintf("warning: number of components mismatch\n");
+ if (dec->bpcc->data.bpcc.numcmpts !=
+ JAS_CAST(jas_uint, jas_image_numcmpts(dec->image))) {
+ jas_eprintf("error: number of components mismatch (BPCC)\n");
+ goto error;
}
/* Is the component data type information indicated in the BPCC
box consistent with the code stream data? */
@@ -276,7 +279,8 @@ jas_image_t *jp2_decode(jas_stream_t *in
++i) {
if (jas_image_cmptdtype(dec->image, i) !=
JP2_BPCTODTYPE(dec->bpcc->data.bpcc.bpcs[i])) {
- jas_eprintf("warning: component data type mismatch\n");
+ jas_eprintf("error: component data type mismatch (BPCC)\n");
+ goto error;
}
}
} else {

View File

@ -1,18 +0,0 @@
diff -urNp a/src/libjasper/jp2/jp2_dec.c b/src/libjasper/jp2/jp2_dec.c
--- a/src/libjasper/jp2/jp2_dec.c 2021-06-01 13:50:54.213552191 +0200
+++ b/src/libjasper/jp2/jp2_dec.c 2021-06-01 14:02:40.016274587 +0200
@@ -396,6 +396,14 @@ jas_image_t *jp2_decode(jas_stream_t *in
}
}
+ /* Ensure that the number of channels being used by the decoder
+ matches the number of image components. */
+ if (dec->numchans != jas_image_numcmpts(dec->image)) {
+ jas_eprintf("error: mismatch in number of components (%d != %d)\n",
+ dec->numchans, jas_image_numcmpts(dec->image));
+ goto error;
+ }
+
/* Mark all components as being of unknown type. */
for (i = 0; i < JAS_CAST(jas_uint, jas_image_numcmpts(dec->image)); ++i) {

View File

@ -1 +0,0 @@
SHA512 (jasper-2.0.14.tar.gz) = 9e5cffd2e899e37ba08890e2377ddfc3c2fb13d9fe00dea6b4612e4d241a6f4327de6835809b415c41ae4bf44208cf7871c1982ff5fc04ae6bc09fd376b0afc8