rpms/jasper/EL-4 jasper-1.701.0-GL-ac.patch, 1.1, 1.2 jasper-1.701.0-GL.patch, 1.4, 1.5 jasper.spec, 1.22, 1.23
Rex Dieter
rdieter at fedoraproject.org
Mon Oct 26 16:49:59 UTC 2009
- Previous message (by thread): rpms/jasper/EL-5 jasper-1.900.1-CVE-2008-3520.patch, NONE, 1.1 jasper-1.900.1-CVE-2008-3522.patch, NONE, 1.1 jasper-1.701.0-GL-ac.patch, 1.1, 1.2 jasper-1.701.0-GL.patch, 1.4, 1.5 jasper.spec, 1.21, 1.22
- Next message (by thread): rpms/jasper/EL-4 jasper-1.900.1-CVE-2008-3520.patch, NONE, 1.1 jasper-1.900.1-CVE-2008-3522.patch, NONE, 1.1
- Messages sorted by:
[ date ]
[ thread ]
[ subject ]
[ author ]
Author: rdieter
Update of /cvs/pkgs/rpms/jasper/EL-4
In directory cvs1.fedora.phx.redhat.com:/tmp/cvs-serv32353
Modified Files:
jasper-1.701.0-GL-ac.patch jasper-1.701.0-GL.patch jasper.spec
Log Message:
* Mon Oct 13 2009 Rex Dieter <rdieter at fedoraproject.org> - 1.900.1-13
- CVE-2008-3520 jasper: multiple integer overflows in jas_alloc calls (#461476)
- CVE-2008-3522 jasper: possible buffer overflow in
jas_stream_printf() (#461478)
jasper-1.701.0-GL-ac.patch:
configure.ac | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
Index: jasper-1.701.0-GL-ac.patch
===================================================================
RCS file: /cvs/pkgs/rpms/jasper/EL-4/jasper-1.701.0-GL-ac.patch,v
retrieving revision 1.1
retrieving revision 1.2
diff -u -p -r1.1 -r1.2
--- jasper-1.701.0-GL-ac.patch 1 Mar 2006 18:16:10 -0000 1.1
+++ jasper-1.701.0-GL-ac.patch 26 Oct 2009 16:49:59 -0000 1.2
@@ -5,7 +5,7 @@
if test $ENABLE_OPENGL = yes; then
if test $HAVE_OPENGL = no; then
- TMPLIBS="-lglut -lGL -lGLU $X_PRE_LIBS -lX11 -lXmu -lXi -lXext -lXt $X_EXTRA_LIBS $X_LIBS"
-+ TMPLIBS="-lglut"
++ TMPLIBS="-lglut -lGLU"
AC_CHECK_LIB(glut, glutInit, [HAVE_OPENGL=yes;
OPENGL_LIBS=$TMPLIBS], HAVE_OPENGL=no, $TMPLIBS)
fi
jasper-1.701.0-GL.patch:
configure | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
Index: jasper-1.701.0-GL.patch
===================================================================
RCS file: /cvs/pkgs/rpms/jasper/EL-4/jasper-1.701.0-GL.patch,v
retrieving revision 1.4
retrieving revision 1.5
diff -u -p -r1.4 -r1.5
--- jasper-1.701.0-GL.patch 1 Mar 2006 18:12:26 -0000 1.4
+++ jasper-1.701.0-GL.patch 26 Oct 2009 16:49:59 -0000 1.5
@@ -5,7 +5,7 @@
if test $ENABLE_OPENGL = yes; then
if test $HAVE_OPENGL = no; then
- TMPLIBS="-lglut -lGL -lGLU $X_PRE_LIBS -lX11 -lXmu -lXi -lXext -lXt $X_EXTRA_LIBS $X_LIBS"
-+ TMPLIBS="-lglut"
++ TMPLIBS="-lglut -lGLU"
echo "$as_me:$LINENO: checking for glutInit in -lglut" >&5
echo $ECHO_N "checking for glutInit in -lglut... $ECHO_C" >&6
if test "${ac_cv_lib_glut_glutInit+set}" = set; then
Index: jasper.spec
===================================================================
RCS file: /cvs/pkgs/rpms/jasper/EL-4/jasper.spec,v
retrieving revision 1.22
retrieving revision 1.23
diff -u -p -r1.22 -r1.23
--- jasper.spec 25 Jan 2009 16:22:20 -0000 1.22
+++ jasper.spec 26 Oct 2009 16:49:59 -0000 1.23
@@ -7,7 +7,7 @@ Summary: Implementation of the JPEG-2000
Name: jasper
Group: System Environment/Libraries
Version: 1.900.1
-Release: 9%{?dist}
+Release: 13%{?dist}
License: JasPer
URL: http://www.ece.uvic.ca/~mdadams/jasper/
@@ -22,12 +22,17 @@ Patch2: jasper-1.701.0-GL-ac.patch
Patch3: patch-libjasper-stepsizes-overflow.diff
# borrowed from http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=469786
Patch4: jpc_dec.c.patch
-
+# OpenBSD hardening patches addressing couple of possible integer overflows
+# during the memory allocations
+# https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2008-3520
+Patch5: jasper-1.900.1-CVE-2008-3520.patch
+# https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2008-3522
+Patch6: jasper-1.900.1-CVE-2008-3522.patch
BuildRequires: automake
BuildRequires: libjpeg-devel
-# "freeglut-devel: Requires: libGL-devel libGLU-devel" (#179464)
-BuildRequires: freeglut-devel libGL-devel libGLU-devel
+BuildRequires: freeglut-devel
+BuildRequires: libGLU-devel
Requires: %{name}-libs = %{version}-%{release}
@@ -48,6 +53,7 @@ Requires: libjpeg-devel
%package libs
Summary: Runtime libraries for %{name}
Group: System Environment/Libraries
+Conflicts: jasper < 1.900.1-4
%description libs
%{summary}.
@@ -66,6 +72,8 @@ Requires: %{name} = %{version}-%{release
%patch1 -p1 -b .GL
%patch3 -p1 -b .CVE-2007-2721
%patch4 -p1 -b .jpc_dec_assertion
+%patch5 -p1 -b .CVE-2008-3520
+%patch6 -p1 -b .CVE-2008-3522
%build
@@ -127,6 +135,20 @@ rm -rf $RPM_BUILD_ROOT
%changelog
+* Mon Oct 13 2009 Rex Dieter <rdieter at fedoraproject.org> - 1.900.1-13
+- CVE-2008-3520 jasper: multiple integer overflows in jas_alloc calls (#461476)
+- CVE-2008-3522 jasper: possible buffer overflow in
+ jas_stream_printf() (#461478)
+
+* Fri Jul 24 2009 Fedora Release Engineering <rel-eng at lists.fedoraproject.org> - 1.900.1-12
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_12_Mass_Rebuild
+
+* Sat Jul 18 2009 Rex Dieter <rdieter at fedoraproject.org> - 1.900.1-11
+- FTBFS jasper-1.900.1-10.fc11 (#511743)
+
+* Wed Feb 25 2009 Fedora Release Engineering <rel-eng at lists.fedoraproject.org> - 1.900.1-10
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_11_Mass_Rebuild
+
* Sun Jan 25 2009 Rex Dieter <rdieter at fedoraproject.org> 1.900.1-9
- patch for "jpc_dec_tiledecode: Assertion `dec->numcomps == 3' failed)
(#481284, #481291)
- Previous message (by thread): rpms/jasper/EL-5 jasper-1.900.1-CVE-2008-3520.patch, NONE, 1.1 jasper-1.900.1-CVE-2008-3522.patch, NONE, 1.1 jasper-1.701.0-GL-ac.patch, 1.1, 1.2 jasper-1.701.0-GL.patch, 1.4, 1.5 jasper.spec, 1.21, 1.22
- Next message (by thread): rpms/jasper/EL-4 jasper-1.900.1-CVE-2008-3520.patch, NONE, 1.1 jasper-1.900.1-CVE-2008-3522.patch, NONE, 1.1
- Messages sorted by:
[ date ]
[ thread ]
[ subject ]
[ author ]
More information about the fedora-extras-commits
mailing list