rpms/jasper/EL-4 jasper-1.701.0-GL-ac.patch, 1.1, 1.2 jasper-1.701.0-GL.patch, 1.4, 1.5 jasper.spec, 1.22, 1.23

Mon Oct 26 16:49:59 UTC 2009

Author: rdieter

Update of /cvs/pkgs/rpms/jasper/EL-4
In directory cvs1.fedora.phx.redhat.com:/tmp/cvs-serv32353

Modified Files:
	jasper-1.701.0-GL-ac.patch jasper-1.701.0-GL.patch jasper.spec 
Log Message:
* Mon Oct 13 2009 Rex Dieter <rdieter at fedoraproject.org> - 1.900.1-13
- CVE-2008-3520 jasper: multiple integer overflows in jas_alloc calls (#461476)
- CVE-2008-3522 jasper: possible buffer overflow in 
  jas_stream_printf() (#461478)


jasper-1.701.0-GL-ac.patch:
 configure.ac |    2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

Index: jasper-1.701.0-GL-ac.patch
===================================================================
RCS file: /cvs/pkgs/rpms/jasper/EL-4/jasper-1.701.0-GL-ac.patch,v
retrieving revision 1.1
retrieving revision 1.2
diff -u -p -r1.1 -r1.2

--- jasper-1.701.0-GL-ac.patch	1 Mar 2006 18:16:10 -0000	1.1
+++ jasper-1.701.0-GL-ac.patch	26 Oct 2009 16:49:59 -0000	1.2
@@ -5,7 +5,7 @@
  if test $ENABLE_OPENGL = yes; then
  	if test $HAVE_OPENGL = no; then
 -		TMPLIBS="-lglut -lGL -lGLU $X_PRE_LIBS -lX11 -lXmu -lXi -lXext -lXt $X_EXTRA_LIBS $X_LIBS"
-+		TMPLIBS="-lglut"
++		TMPLIBS="-lglut -lGLU"
  		AC_CHECK_LIB(glut, glutInit, [HAVE_OPENGL=yes;
  		  OPENGL_LIBS=$TMPLIBS], HAVE_OPENGL=no, $TMPLIBS)
  	fi

jasper-1.701.0-GL.patch:
 configure |    2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

Index: jasper-1.701.0-GL.patch
===================================================================
RCS file: /cvs/pkgs/rpms/jasper/EL-4/jasper-1.701.0-GL.patch,v
retrieving revision 1.4
retrieving revision 1.5
diff -u -p -r1.4 -r1.5
--- jasper-1.701.0-GL.patch	1 Mar 2006 18:12:26 -0000	1.4
+++ jasper-1.701.0-GL.patch	26 Oct 2009 16:49:59 -0000	1.5
@@ -5,7 +5,7 @@
  if test $ENABLE_OPENGL = yes; then
  	if test $HAVE_OPENGL = no; then
 -		TMPLIBS="-lglut -lGL -lGLU $X_PRE_LIBS -lX11 -lXmu -lXi -lXext -lXt $X_EXTRA_LIBS $X_LIBS"
-+		TMPLIBS="-lglut"
++		TMPLIBS="-lglut -lGLU"
  		echo "$as_me:$LINENO: checking for glutInit in -lglut" >&5
  echo $ECHO_N "checking for glutInit in -lglut... $ECHO_C" >&6
  if test "${ac_cv_lib_glut_glutInit+set}" = set; then


Index: jasper.spec
===================================================================
RCS file: /cvs/pkgs/rpms/jasper/EL-4/jasper.spec,v
retrieving revision 1.22
retrieving revision 1.23
diff -u -p -r1.22 -r1.23
--- jasper.spec	25 Jan 2009 16:22:20 -0000	1.22
+++ jasper.spec	26 Oct 2009 16:49:59 -0000	1.23
@@ -7,7 +7,7 @@ Summary: Implementation of the JPEG-2000
 Name:    jasper
 Group:   System Environment/Libraries
 Version: 1.900.1
-Release: 9%{?dist}
+Release: 13%{?dist}
 
 License: JasPer
 URL:     http://www.ece.uvic.ca/~mdadams/jasper/
@@ -22,12 +22,17 @@ Patch2: jasper-1.701.0-GL-ac.patch
 Patch3: patch-libjasper-stepsizes-overflow.diff
 # borrowed from http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=469786 
 Patch4: jpc_dec.c.patch
-
+# OpenBSD hardening patches addressing couple of possible integer overflows
+# during the memory allocations
+# https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2008-3520
+Patch5: jasper-1.900.1-CVE-2008-3520.patch
+# https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2008-3522
+Patch6: jasper-1.900.1-CVE-2008-3522.patch
 
 BuildRequires: automake 
 BuildRequires: libjpeg-devel
-# "freeglut-devel: Requires: libGL-devel libGLU-devel" (#179464)
-BuildRequires: freeglut-devel libGL-devel libGLU-devel
+BuildRequires: freeglut-devel 
+BuildRequires: libGLU-devel
 
 Requires: %{name}-libs = %{version}-%{release}
 
@@ -48,6 +53,7 @@ Requires: libjpeg-devel
 %package libs 
 Summary: Runtime libraries for %{name}
 Group:   System Environment/Libraries
+Conflicts: jasper < 1.900.1-4
 %description libs 
 %{summary}.
 
@@ -66,6 +72,8 @@ Requires: %{name} = %{version}-%{release
 %patch1 -p1 -b .GL
 %patch3 -p1 -b .CVE-2007-2721
 %patch4 -p1 -b .jpc_dec_assertion
+%patch5 -p1 -b .CVE-2008-3520
+%patch6 -p1 -b .CVE-2008-3522
 
 
 %build
@@ -127,6 +135,20 @@ rm -rf $RPM_BUILD_ROOT
 
 
 %changelog
+* Mon Oct 13 2009 Rex Dieter <rdieter at fedoraproject.org> - 1.900.1-13
+- CVE-2008-3520 jasper: multiple integer overflows in jas_alloc calls (#461476)
+- CVE-2008-3522 jasper: possible buffer overflow in 
+  jas_stream_printf() (#461478)
+
+* Fri Jul 24 2009 Fedora Release Engineering <rel-eng at lists.fedoraproject.org> - 1.900.1-12
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_12_Mass_Rebuild
+
+* Sat Jul 18 2009 Rex Dieter <rdieter at fedoraproject.org> - 1.900.1-11
+- FTBFS jasper-1.900.1-10.fc11 (#511743)
+
+* Wed Feb 25 2009 Fedora Release Engineering <rel-eng at lists.fedoraproject.org> - 1.900.1-10
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_11_Mass_Rebuild
+
 * Sun Jan 25 2009 Rex Dieter <rdieter at fedoraproject.org> 1.900.1-9
 - patch for "jpc_dec_tiledecode: Assertion `dec->numcomps == 3' failed)
   (#481284, #481291)


