.gitignore

@@ -1,2 +1,22 @@
-SOURCES/jasper-2.0.14.tar.gz
+clog
+geojasper_src.zip
+jasper-1.701.0.zip
+jasper-1.900.0.zip
+jasper-1.900.1.zip
+/jasper-1.900.2.tar.gz
+/jasper-1.900.3.tar.gz
+/jasper-1.900.13.tar.gz
+/jasper-1.900.28.tar.gz
+/jasper-1.900.30.tar.gz
+/jasper-2.0.2.tar.gz
+/jasper-2.0.10.tar.gz
+/jasper-2.0.12.tar.gz
 /jasper-2.0.14.tar.gz
+/jasper-version-2.0.16.tar.gz
+/version-2.0.17.tar.gz
+/version-2.0.22.tar.gz
+/version-2.0.24.tar.gz
+/version-2.0.25.tar.gz
+/version-2.0.26.tar.gz
+/version-2.0.27.tar.gz
+/version-2.0.28.tar.gz

gating.yaml

@@ -1,6 +1,6 @@
 --- !Policy
 product_versions:
-  - rhel-8
+  - rhel-9
 decision_context: osci_compose_gate
 rules:
   - !PassingTestCaseRule {test_case_name: desktop-qe.desktop-ci.tier1-gating.functional}

jasper-2.0.14-CVE-2016-9396.patch

@@ -1,13 +0,0 @@
-diff -urNp old/src/libjasper/jpc/jpc_cs.c new/src/libjasper/jpc/jpc_cs.c
---- old/src/libjasper/jpc/jpc_cs.c	2018-05-30 09:01:54.160406645 +0200
-+++ new/src/libjasper/jpc/jpc_cs.c	2018-05-30 09:05:24.527094308 +0200
-@@ -795,6 +795,9 @@ static int jpc_cox_getcompparms(jpc_ms_t
- 	if (compparms->numdlvls > 32) {
- 		goto error;
- 	}
-+	if (compparms->qmfbid != JPC_COX_INS &&
-+	    compparms->qmfbid != JPC_COX_RFT)
-+		goto error;
- 	compparms->numrlvls = compparms->numdlvls + 1;
- 	if (compparms->numrlvls > JPC_MAXRLVLS) {
- 		goto error;

jasper-2.0.14-CVE-2020-27828.patch

@@ -1,14 +0,0 @@
-diff -urNp a/src/libjasper/jpc/jpc_enc.c b/src/libjasper/jpc/jpc_enc.c
---- a/src/libjasper/jpc/jpc_enc.c	2021-06-01 14:07:34.988061153 +0200
-+++ b/src/libjasper/jpc/jpc_enc.c	2021-06-01 14:08:32.100584582 +0200
-@@ -508,6 +508,10 @@ static jpc_enc_cp_t *cp_create(const cha
- 			break;
- 		case OPT_MAXRLVLS:
- 			tccp->maxrlvls = atoi(jas_tvparser_getval(tvp));
-+            if(tccp->maxrlvls > JPC_MAXRLVLS) {
-+				jas_eprintf("invalid number of resolution levels upper than %d\n",JPC_MAXRLVLS);
-+				goto error;
-+			}
- 			break;
- 		case OPT_SOP:
- 			cp->tcp.csty |= JPC_COD_SOP;

jasper-2.0.14-CVE-2021-26927.patch

@@ -1,47 +0,0 @@
-diff -urNp a/src/libjasper/jp2/jp2_dec.c b/src/libjasper/jp2/jp2_dec.c
---- a/src/libjasper/jp2/jp2_dec.c	2021-06-01 13:32:59.330396797 +0200
-+++ b/src/libjasper/jp2/jp2_dec.c	2021-06-01 13:46:16.982925961 +0200
-@@ -230,7 +230,8 @@ jas_image_t *jp2_decode(jas_stream_t *in
- 	  the value specified in the code stream? */
- 	if (dec->ihdr->data.ihdr.numcmpts != JAS_CAST(jas_uint,
- 	  jas_image_numcmpts(dec->image))) {
--		jas_eprintf("warning: number of components mismatch\n");
-+		jas_eprintf("error: number of components mismatch (IHDR)\n");
-+        goto error;
- 	}
- 
- 	/* At least one component must be present. */
-@@ -253,7 +254,8 @@ jas_image_t *jp2_decode(jas_stream_t *in
- 	  with the data in the code stream? */
- 	if ((samedtype && dec->ihdr->data.ihdr.bpc != JP2_DTYPETOBPC(dtype)) ||
- 	  (!samedtype && dec->ihdr->data.ihdr.bpc != JP2_IHDR_BPCNULL)) {
--		jas_eprintf("warning: component data type mismatch\n");
-+		jas_eprintf("error: component data type mismatch (IHDR)\n");
-+        goto error;
- 	}
- 
- 	/* Is the compression type supported? */
-@@ -265,9 +267,10 @@ jas_image_t *jp2_decode(jas_stream_t *in
- 	if (dec->bpcc) {
- 		/* Is the number of components indicated in the BPCC box
- 		  consistent with the code stream data? */
--		if (dec->bpcc->data.bpcc.numcmpts != JAS_CAST(jas_uint, jas_image_numcmpts(
--		  dec->image))) {
--			jas_eprintf("warning: number of components mismatch\n");
-+		if (dec->bpcc->data.bpcc.numcmpts !=
-+          JAS_CAST(jas_uint, jas_image_numcmpts(dec->image))) {
-+			    jas_eprintf("error: number of components mismatch (BPCC)\n");
-+                goto error;
- 		}
- 		/* Is the component data type information indicated in the BPCC
- 		  box consistent with the code stream data? */
-@@ -276,7 +279,8 @@ jas_image_t *jp2_decode(jas_stream_t *in
- 			  ++i) {
- 				if (jas_image_cmptdtype(dec->image, i) !=
- 				  JP2_BPCTODTYPE(dec->bpcc->data.bpcc.bpcs[i])) {
--					jas_eprintf("warning: component data type mismatch\n");
-+					    jas_eprintf("error: component data type mismatch (BPCC)\n");
-+                        goto error;
- 				}
- 			}
- 		} else {

jasper-2.0.14-CVE-2021-3272.patch

@@ -1,18 +0,0 @@
-diff -urNp a/src/libjasper/jp2/jp2_dec.c b/src/libjasper/jp2/jp2_dec.c
---- a/src/libjasper/jp2/jp2_dec.c	2021-06-01 13:50:54.213552191 +0200
-+++ b/src/libjasper/jp2/jp2_dec.c	2021-06-01 14:02:40.016274587 +0200
-@@ -396,6 +396,14 @@ jas_image_t *jp2_decode(jas_stream_t *in
- 		}
- 	}
- 
-+    /* Ensure that the number of channels being used by the decoder
-+	  matches the number of image components. */
-+	if (dec->numchans != jas_image_numcmpts(dec->image)) {
-+		jas_eprintf("error: mismatch in number of components (%d != %d)\n",
-+		  dec->numchans, jas_image_numcmpts(dec->image));
-+		goto error;
-+	}
-+
- 	/* Mark all components as being of unknown type. */
- 
- 	for (i = 0; i < JAS_CAST(jas_uint, jas_image_numcmpts(dec->image)); ++i) {

jasper-2.0.14-rpath.patch

@@ -0,0 +1,12 @@
+diff -up jasper-2.0.14/CMakeLists.txt.rpath jasper-2.0.14/CMakeLists.txt
+--- jasper-2.0.14/CMakeLists.txt.rpath	2017-09-14 18:20:10.000000000 -0500
++++ jasper-2.0.14/CMakeLists.txt	2018-07-19 09:48:53.035815377 -0500
+@@ -347,7 +347,7 @@ if (JAS_ENABLE_SHARED)
+ 	# (but later on when installing)
+ 	set(CMAKE_BUILD_WITH_INSTALL_RPATH FALSE) 
+ 
+-	set(CMAKE_INSTALL_RPATH "${CMAKE_INSTALL_PREFIX}/lib")
++	#set(CMAKE_INSTALL_RPATH "${CMAKE_INSTALL_PREFIX}/lib")
+ 
+ 	# add the automatically determined parts of the RPATH
+ 	# which point to directories outside the build tree to the install RPATH

jasper-2.0.17-version.patch

@@ -0,0 +1,12 @@
+diff -up jasper-version-2.0.17/CMakeLists.txt.me jasper-version-2.0.17/CMakeLists.txt
+--- jasper-version-2.0.17/CMakeLists.txt.me	2020-08-27 20:41:48.442787440 +0200
++++ jasper-version-2.0.17/CMakeLists.txt	2020-08-27 20:42:02.161966702 +0200
+@@ -17,7 +17,7 @@ include(CheckCCompilerFlag)
+ # The major, minor, and micro version numbers of the project.
+ set(JAS_VERSION_MAJOR 2)
+ set(JAS_VERSION_MINOR 0)
+-set(JAS_VERSION_PATCH 16)
++set(JAS_VERSION_PATCH 17)
+ 
+ # The project version.
+ set(JAS_VERSION

jasper-CVE-2021-3443.patch

@@ -0,0 +1,29 @@
+From f94e7499a8b1471a4905c4f9c9e12e60fe88264b Mon Sep 17 00:00:00 2001
+From: Michael Adams <mdadams@ece.uvic.ca>
+Date: Sat, 13 Mar 2021 20:04:58 -0800
+Subject: [PATCH] Fixes #269. Added a check for an invalid component reference
+ in the JP2 decoder.
+
+---
+ src/libjasper/jp2/jp2_dec.c |   8 +++++++-
+ 1 files changed, 7 insertions(+), 1 deletion(-)
+
+diff --git a/src/libjasper/jp2/jp2_dec.c b/src/libjasper/jp2/jp2_dec.c
+index 2863d82..fe2e29d 100644
+--- a/src/libjasper/jp2/jp2_dec.c
++++ b/src/libjasper/jp2/jp2_dec.c
+@@ -451,7 +451,13 @@ jas_image_t *jp2_decode(jas_stream_t *in, const char *optstr)
+ 		}
+ 	} else {
+ 		for (i = 0; i < dec->numchans; ++i) {
+-			jas_image_setcmpttype(dec->image, dec->chantocmptlut[i],
++			unsigned compno = dec->chantocmptlut[i];
++			if (compno >= jas_image_numcmpts(dec->image)) {
++				jas_eprintf(
++				  "error: invalid component reference (%d)\n", compno);
++				goto error;
++			}
++			jas_image_setcmpttype(dec->image, compno,
+ 			  jp2_getct(jas_image_clrspc(dec->image), 0, i + 1));
+ 		}
+ 	}

jasper-freeglut.patch

@@ -0,0 +1,66 @@
+diff -urNp a/build/cmake/modules/JasOpenGL.cmake b/build/cmake/modules/JasOpenGL.cmake
+--- a/build/cmake/modules/JasOpenGL.cmake	2020-10-07 10:00:16.316291325 +0200
++++ b/build/cmake/modules/JasOpenGL.cmake	2020-10-07 10:03:39.536143003 +0200
+@@ -13,19 +13,19 @@ if (JAS_ENABLE_OPENGL AND OPENGL_FOUND)
+ 	set(JAS_HAVE_OPENGL 0)
+ 	message("OpenGL include directory: ${OPENGL_INCLUDE_DIR}")
+ 	message("OpenGL libraries: ${OPENGL_LIBRARIES}")
+-	find_package(GLUT ${JAS_REQUIRED})
+-	message("GLUT library found: ${GLUT_FOUND}")
+-	if (GLUT_FOUND)
+-		message("GLUT include directory: ${GLUT_INCLUDE_DIR}")
+-		message("GLUT libraries: ${GLUT_LIBRARIES}")
+-		set(CMAKE_REQUIRED_INCLUDES ${GLUT_INCLUDE_DIR})
+-		check_include_files(GL/glut.h JAS_HAVE_GL_GLUT_H)
++	find_package(FreeGLUT ${JAS_REQUIRED})
++	message("GLUT library found: ${FreeGLUT_FOUND}")
++	if (FreeGLUT_FOUND)
++		message("GLUT include directory: ${FreeGLUT_INCLUDE_DIR}")
++		message("GLUT libraries: ${FreeGLUT_LIBRARIES}")
++		set(CMAKE_REQUIRED_INCLUDES ${FreeGLUT_INCLUDE_DIR})
++		check_include_files(GL/freeglut.h JAS_HAVE_GL_GLUT_H)
+ 		check_include_files(glut.h JAS_HAVE_GLUT_H)
+ 		if (JAS_HAVE_GL_GLUT_H OR JAS_HAVE_GLUT_H)
+ 			set(JAS_HAVE_OPENGL 1)
+-			include_directories(${GLUT_INCLUDE_DIR} ${OPENGL_INCLUDE_DIR})
++			include_directories(${FreeGLUT_INCLUDE_DIR} ${OPENGL_INCLUDE_DIR})
+ 		else()
+-			message(WARNING "The header files GL/glut.h and glut.h both appear to be missing.")
++			message(WARNING "The header files GL/freeglut.h and glut.h both appear to be missing.")
+ 			message(WARNING "Disabling OpenGL.")
+ 		endif()
+ 	endif()
+@@ -49,6 +49,6 @@ else()
+ 	set(JAS_HAVE_OPENGL 0)
+ 	set(OPENGL_INCLUDE_DIR "")
+ 	set(OPENGL_LIBRARIES "")
+-	set(GLUT_INCLUDE_DIR "")
++	set(FreeGLUT_INCLUDE_DIR "")
+ 	set(GLUT_LIBRARIES "")
+ endif()
+diff -urNp a/src/appl/CMakeLists.txt b/src/appl/CMakeLists.txt
+--- a/src/appl/CMakeLists.txt	2020-10-07 10:00:16.338291526 +0200
++++ b/src/appl/CMakeLists.txt	2020-10-07 10:04:58.864872143 +0200
+@@ -23,8 +23,8 @@ set(man_pages "${man_pages}" imgcmp.1)
+ if(JAS_HAVE_OPENGL)
+ 	add_executable(jiv jiv.c)
+ 	target_include_directories(jiv PUBLIC
+-	  ${GLUT_INCLUDE_DIR} ${OPENGL_INCLUDE_DIR})
+-	target_link_libraries(jiv libjasper ${JPEG_LIBRARIES} ${GLUT_LIBRARIES}
++	  ${FreeGLUT_INCLUDE_DIR} ${OPENGL_INCLUDE_DIR})
++	target_link_libraries(jiv libjasper ${JPEG_LIBRARIES} -lglut
+ 	  ${OPENGL_LIBRARIES} ${MATH_LIBRARY})
+ 	set(programs "${programs}" jiv)
+ 	set(man_pages "${man_pages}" jiv.1)
+diff -urNp a/src/appl/jiv.c b/src/appl/jiv.c
+--- a/src/appl/jiv.c	2020-10-07 10:00:16.340291544 +0200
++++ b/src/appl/jiv.c	2020-10-07 10:05:35.319207658 +0200
+@@ -68,7 +68,7 @@
+ #include <math.h>
+ #include <inttypes.h>
+ #if defined(JAS_HAVE_GL_GLUT_H)
+-#include <GL/glut.h>
++#include <GL/freeglut.h>
+ #else
+ #include <glut.h>
+ #endif

jasper.spec

@@ -5,18 +5,16 @@
 
 Summary: Implementation of the JPEG-2000 standard, Part 1
 Name:    jasper
-Version: 2.0.14
+Version: 2.0.28
-Release: 5%{?dist}
+Release: 3%{?dist}
 
 License: JasPer
 URL:     http://www.ece.uvic.ca/~frodo/jasper/
-Source0: http://www.ece.uvic.ca/~frodo/jasper/software/jasper-%{version}.tar.gz
+Source0: https://github.com/jasper-software/jasper/archive/version-%{version}.tar.gz
 
-
+# skip hard-coded prefix/lib rpath
-Patch1: jasper-2.0.14-CVE-2016-9396.patch
+Patch2: jasper-2.0.14-rpath.patch
-Patch2: jasper-2.0.14-CVE-2021-26927.patch
+Patch3: jasper-freeglut.patch
-Patch3: jasper-2.0.14-CVE-2021-3272.patch
-Patch4: jasper-2.0.14-CVE-2020-27828.patch
 
 # architecture related patches
 Patch100: jasper-2.0.2-test-ppc64-disable.patch
@@ -30,9 +28,10 @@ BuildRequires: libjpeg-devel
 BuildRequires: libXmu-devel libXi-devel
 BuildRequires: pkgconfig doxygen
 BuildRequires: mesa-libGL-devel
-BuildRequires: gcc
 
 Requires: %{name}-libs%{?_isa} = %{version}-%{release}
+BuildRequires: gcc
+BuildRequires: make
 
 %description
 This package contains an implementation of the image compression
@@ -63,14 +62,12 @@ Requires: %{name}-libs%{?_isa} = %{version}-%{release}
 
 
 %prep
-%setup -q -n %{name}-%{version}
+%setup -q -n %{name}-version-%{version}
 
-%patch1 -p1 -b .CVE-2016-9396
+%patch2 -p1 -b .rpath
-%patch2 -p1 -b .CVE-2021-26927
-%patch3 -p1 -b .CVE-2021-3272
-%patch4 -p1 -b .CVE-2020-27828
 # Need to disable one test to be able to build it on ppc64 arch
 # At ppc64 this test just stuck (nothing happend - no exception or error)
+%patch3 -p1 -b .freeglut
 
 %if "%{_arch}" == "ppc64"
 %patch100 -p1 -b .test-ppc64-disable
@@ -84,41 +81,28 @@ Requires: %{name}-libs%{?_isa} = %{version}-%{release}
 %endif
 
 
-mkdir -p builder
-
-%cmake -G "Unix Makefiles" \
-       -H%{_builddir}/%{name}-%{version} \
-       -B%{_builddir}/%{name}-%{version}/builder
-
-
 %build
-pushd builder
+mkdir builder
-make clean all
+%cmake \
+  -DJAS_ENABLE_DOC:BOOL=OFF \
+  -B builder
+
+%make_build -C builder
 
-popd
 
 %install
-pushd builder
+make install/fast DESTDIR=%{buildroot} -C builder
-make install DESTDIR=%{buildroot}
-
-#%if "%{_arch}" != "arm" && "%{_arch}" != "i386"
-#	mv %{buildroot}/usr/lib %{buildroot}/usr/lib64
-#%endif
 
 # Unpackaged files
 rm -f doc/README
 rm -f %{buildroot}%{_libdir}/lib*.la
-popd
+
 
 %check
-pushd builder
+make test -C builder
-make test
-
-popd
 
 %ldconfig_scriptlets libs
 
-
 %files
 %{_bindir}/imgcmp
 %{_bindir}/imginfo
@@ -134,8 +118,9 @@ popd
 %{_libdir}/pkgconfig/jasper.pc
 
 %files libs
-%doc COPYRIGHT LICENSE README
+%doc README
-%{_libdir}/libjasper.so*
+%license COPYRIGHT LICENSE
+%{_libdir}/libjasper.so.4*
 
 %files utils
 %{_bindir}/jiv
@@ -143,14 +128,77 @@ popd
 
 
 %changelog
-* Tue Jun 01 2021 Josef Ridky <jridky@redhat.com> - 2.0.14-5
+* Mon Aug 09 2021 Mohan Boddu <mboddu@redhat.com> - 2.0.28-3
-- Fix CVE-2021-26927 (#1933860)
+- Rebuilt for IMA sigs, glibc 2.34, aarch64 flags
-- Fix CVE-2021-26926 (#1922316)
+  Related: rhbz#1991688
-- Fix CVE-2021-3272 (#1922283)
-- Fix CVE-2020-27828 (#1905692)
 
-* Wed May 30 2018 Josef Ridky <jridky@redhat.com> - 2.0.14-4
+* Fri Apr 16 2021 Mohan Boddu <mboddu@redhat.com> - 2.0.28-2
-- Fix CVE-2016-9396 (#1583722)
+- Rebuilt for RHEL 9 BETA on Apr 15th 2021. Related: rhbz#1947937
+
+* Tue Mar 30 2021 Josef Ridky <jridky@redhat.com> - 2.0.28-1
+- New upstream release 2.0.28 (#1944481)
+
+* Wed Mar 24 2021 Josef Ridky <jridky@redhat.com> - 2.0.27-1
+- New upstream release 2.0.27 (#1940455)
+
+* Tue Mar 16 2021 Josef Ridky <jridky@redhat.com> - 2.0.26-2
+- Fix CVE-2021-3443 (#1939233)
+
+* Wed Mar 10 2021 Josef Ridky <jridky@redhat.com> - 2.0.26-1
+- New upstream release 2.0.26 (#1935900)
+
+* Tue Feb 09 2021 Josef Ridky <jridky@redhat.com> - 2.0.25-1
+- New upstream release 2.0.25 (#1925996)
+
+* Thu Jan 28 2021 Josef Ridky <jridky@redhat.com> - 2.0.24-3
+- fix CVE-2021-3272 (#1921328)
+
+* Tue Jan 26 2021 Fedora Release Engineering <releng@fedoraproject.org> - 2.0.24-2
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_34_Mass_Rebuild
+
+* Mon Jan 25 2021 Josef Ridky <jridky@redhat.com> - 2.0.24-1
+- New upstream release 2.0.24 (#1905690)
+
+* Wed Oct 07 2020 Josef Ridky <jridky@redhat.com> - 2.0.22-1
+- New upstream release 2.0.22 (#1876161)
+
+* Thu Aug 27 2020 Than Ngo <than@redhat.com> - 2.0.17-3
+- add correct version
+
+* Tue Jul 28 2020 Fedora Release Engineering <releng@fedoraproject.org> - 2.0.17-2
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_33_Mass_Rebuild
+
+* Mon Jul 20 2020 Josef Ridky <jridky@redhat.com> - 2.0.17-1
+- new upstream release (2.0.17)
+- change of source URL to GitHub of Jasper
+
+* Wed Jan 29 2020 Fedora Release Engineering <releng@fedoraproject.org> - 2.0.16-2
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_32_Mass_Rebuild
+
+* Tue Sep 17 2019 Gwyn Ciesla <gwync@protonmail.com> - 2.0.16-1
+- New version, rebuilt for new freeglut
+
+* Thu Jul 25 2019 Fedora Release Engineering <releng@fedoraproject.org> - 2.0.14-9
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_31_Mass_Rebuild
+
+* Fri Feb 01 2019 Fedora Release Engineering <releng@fedoraproject.org> - 2.0.14-8
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_30_Mass_Rebuild
+
+* Thu Jul 19 2018 Rex Dieter <rdieter@fedoraproject.org> - 2.0.14-7
+- cleanup cmake usage, move to %%build
+- %%build: explicitly disable doc generation
+- kill hard-coded rpath
+- -libs: explicit soname so bumps aren't a surprise
+- use %%license, %%make_build, 'make install/fast'
+
+* Fri Jul 13 2018 Fedora Release Engineering <releng@fedoraproject.org> - 2.0.14-6
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_29_Mass_Rebuild
+
+* Wed May 30 2018 Josef Ridky <jridky@redhat.com> - 2.0.14-5
+- Fix CVE-2016-9396 (#1396986)
+
+* Thu Mar 08 2018 Josef Ridky <jridky@redhat.com> - 2.0.14-4
+- Fix gcc dependency
 
 * Mon Feb 26 2018 Josef Ridky <jridky@redhat.com> - 2.0.14-3
 - Clean spec file

sources

@@ -1 +1 @@
-SHA512 (jasper-2.0.14.tar.gz) = 9e5cffd2e899e37ba08890e2377ddfc3c2fb13d9fe00dea6b4612e4d241a6f4327de6835809b415c41ae4bf44208cf7871c1982ff5fc04ae6bc09fd376b0afc8
+SHA512 (version-2.0.28.tar.gz) = 13a47efc3b3d10e0680e7cf0637a417df0920e1ca8af20f2206303d0a14753688f7e6c6b3383f6db946effca389754e5736e286ed45d5b643b422f5600223eab