Sophie: jasper-1.900.1-20.3.mga5 src

jasper-1.900.1-20.3.mga5.src.rpm

%define major 1
%define libname %mklibname %{name} %{major}
%define develname %mklibname %{name} -d
%define staticname %mklibname %{name} -d -s

%define bootstrap 1
%{?_without_bootstrap: %global bootstrap 0}
%{?_with_bootstrap: %global bootstrap 1}

Summary:	JPEG-2000 utilities
Name:		jasper
Version:	1.900.1
%define subrel	3
Release:	%mkrel 20
License:	BSD-like
Group:		Graphics/Editors and Converters
URL:		http://www.ece.uvic.ca/~mdadams/jasper/
Source0: 	http://www.ece.uvic.ca/~mdadams/jasper/software/jasper-%version.zip
Patch1: jasper-1.701.0-GL.patch
# autoconf/automake bits of patch1
Patch2: jasper-1.701.0-GL-ac.patch
# CVE-2007-2721 (bug #240397)
# borrowed from http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=413041;msg=88
Patch3: patch-libjasper-stepsizes-overflow.diff
# borrowed from http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=469786 
Patch4: jpc_dec.c.patch
# OpenBSD hardening patches addressing couple of possible integer overflows
# during the memory allocations
# https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2008-3520
Patch5: jasper-1.900.1-CVE-2008-3520.patch
# https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2008-3522
Patch6: jasper-1.900.1-CVE-2008-3522.patch
# add pkg-config support
Patch7: jasper-pkgconfig.patch

Patch8: jasper-1.900.1-CVE-2011-4516-CVE-2011-4517-CERT-VU-887409.patch

Patch9: jasper-1.900.1-CVE-2014-9029.patch
Patch10: jasper-1.900.1-CVE-2014-8137.patch
Patch11: jasper-1.900.1-CVE-2014-8138.patch
Patch12: jasper-1.900.1-CVE-2014-8157.patch
Patch13: jasper-1.900.1-CVE-2014-8158.patch
Patch14: jasper-1.900.1-CVE-2015-5203.patch
Patch15: jasper-1.900.1-CVE-2016-1867.patch

# Issues found by static analysis of code
Patch110: jasper-1.900.1-Coverity-BAD_SIZEOF.patch
Patch111: jasper-1.900.1-Coverity-CHECKED_RETURN.patch
Patch112: jasper-1.900.1-Coverity-FORWARD_NULL.patch
Patch113: jasper-1.900.1-Coverity-NULL_RETURNS.patch
Patch114: jasper-1.900.1-Coverity-RESOURCE_LEAK.patch
Patch115: jasper-1.900.1-Coverity-UNREACHABLE.patch
Patch116: jasper-1.900.1-Coverity-UNUSED_VALUE.patch

BuildRequires:	jpeg-devel
%if !%bootstrap
BuildRequires:	libmesaglut-devel
%endif

%description
JasPer is a software-based implementation of the codec specified in the
emerging JPEG-2000 Part-1 standard (i.e., ISO/IEC 15444-1).  This package
contains tools for working with JPEG-2000 images.

%package -n %{libname}
Summary:	Libraries for JasPer
Group:		System/Libraries
Provides:	lib%{name} = %{version}-%{release}

%description -n %{libname}
JasPer is a software-based implementation of the codec specified in the
emerging JPEG-2000 Part-1 standard (i.e., ISO/IEC 15444-1).  This package
contains libraries for working with JPEG-2000 images.

%package -n %{develname}
Summary:	Development tools for programs which will use the libjasper library
Group:		Development/C
Requires:	%{libname} = %{version}-%{release}
Provides:	lib%{name}-devel = %{version}-%{release}
Provides:	%{name}-devel = %{version}-%{release}
Conflicts:	lib64jasper1.701_1-devel
Obsoletes:	%{mklibname %{name} 1 -d} < 1.900.1-5
Provides:	%{mklibname %{name} 1 -d}

%description -n %{develname}
The %{libname}-devel package includes the header files necessary for 
developing programs which will manipulate JPEG-2000 files using
the libjasper library.

If you are going to develop programs which will manipulate JPEG-2000 images,
you should install %{libname}-devel.  You'll also need to have the
%{libname} package installed.

%package -n %{staticname}
Summary:	Static libraries for programs which will use the libjasper library
Group:		Development/C
Requires:	%{develname} = %{version}-%{release}
Provides:	lib%{name}-static-devel = %{version}-%{release}
Provides:	%{name}-static-devel = %{version}-%{release}
Provides:	%{libname}-static-devel = %{version}-%{release}
Conflicts:	lib64jasper1.701_1-static-devel
Obsoletes:	%{mklibname %{name} 1 -d -s} < 1.900.1-5
Provides:	%{mklibname %{name} 1 -d -s}

%description -n %{staticname}
The %{libname}-static-devel package includes the static 
libraries necessary for developing programs which will manipulate JPEG-2000 
files using the libjasper library.

%prep
%setup -q
%patch1 -p1 -b .GL
%patch2 -p1 -b .GL-ac
%patch3 -p1 -b .CVE-2007-2721
%patch4 -p1 -b .jpc_dec_assertion
%patch5 -p1 -b .CVE-2008-3520
%patch6 -p1 -b .CVE-2008-3522
%patch7 -p1 -b .pkgconfig
%patch8 -p1 -b .CVE-2011-4516-4517
%patch9 -p1 -b .CVE-2014-9029
%patch10 -p1 -b .CVE-2014-8137
%patch11 -p1 -b .CVE-2014-8138
%patch12 -p1 -b .CVE-2014-8157
%patch13 -p1 -b .CVE-2014-8158
#patch14 -p1 -b .CVE-2015-5203
%patch15 -p1 -b .CVE-2016-1867

%patch110 -p1 -b .BAD_SIZEOF
%patch111 -p1 -b .CHECKED_RETURN
%patch112 -p1 -b .FORWARD_NULL
%patch113 -p1 -b .NULL_RETURNS
%patch114 -p1 -b .RESOURCE_LEAK
%patch115 -p1 -b .UNREACHABLE
%patch116 -p1 -b .UNUSED_VALUE

%{__mv} doc/README doc/README.pdf

%build
autoreconf -fi
%configure2_5x --enable-shared

%make

%install
%makeinstall_std
rm -f %{buildroot}%{_libdir}/*.la
%multiarch_includes %{buildroot}%{_includedir}/jasper/jas_config.h

%files
%doc README LICENSE NEWS
%{_bindir}/imgcmp
%{_bindir}/imginfo
%{_bindir}/jasper
%if !%bootstrap
%{_bindir}/jiv
%endif
%{_bindir}/tmrdemo
%{_mandir}/man1/imgcmp.1*
%{_mandir}/man1/imginfo.1*
%{_mandir}/man1/jasper.1*
%{_mandir}/man1/jiv.1*

%files -n %{libname}
%{_libdir}/lib*.so.%{major}*

%files -n %{develname}
%doc doc/README.pdf doc/jasper.pdf doc/jpeg2000.pdf 
%multiarch %dir %{multiarch_includedir}/%{name}
%multiarch %{multiarch_includedir}/%{name}/*.h
%dir %{_includedir}/%{name}
%{_includedir}/%{name}/*
%{_libdir}/*.so
%{_libdir}/pkgconfig/jasper.pc

%files -n %{staticname}
%{_libdir}/*.a




%changelog
* Thu Jan 28 2016 luigiwalser <luigiwalser> 1.900.1-20.3.mga5
+ Revision: 928398
- re-enable CVE-2016-1867 patch and disable CVE-2015-5203 patch
- test build without CVE-2016-1867 patch
- add patch from opensuse to fix CVE-2016-1867

  + sander85 <sander85>
    - Fix CVE-2015-5203

* Fri Jan 23 2015 luigiwalser <luigiwalser> 1.900.1-20.mga5
+ Revision: 812012
- add patches from redhat to fix CVE-2014-8157 and CVE-2014-8158

* Thu Dec 18 2014 luigiwalser <luigiwalser> 1.900.1-19.mga5
+ Revision: 804045
- add patches from fedora to fix CVE-2014-8137 and CVE-2014-8138

* Thu Dec 04 2014 luigiwalser <luigiwalser> 1.900.1-18.mga5
+ Revision: 801532
- add patch from debian to fix CVE-2014-9029

* Wed Oct 15 2014 umeabot <umeabot> 1.900.1-17.mga5
+ Revision: 740074
- Second Mageia 5 Mass Rebuild

* Tue Sep 16 2014 umeabot <umeabot> 1.900.1-16.mga5
+ Revision: 680631
- Mageia 5 Mass Rebuild

* Fri Oct 18 2013 umeabot <umeabot> 1.900.1-15.mga4
+ Revision: 521242
- Mageia 4 Mass Rebuild

* Sat Jan 19 2013 fwang <fwang> 1.900.1-14.mga3
+ Revision: 389738
- update rpm group

  + umeabot <umeabot>
    - Mass Rebuild - https://wiki.mageia.org/en/Feature:Mageia3MassRebuild

* Sun Mar 25 2012 luigiwalser <luigiwalser> 1.900.1-13.mga2
+ Revision: 226425
- bump release (mga #5067)

* Wed Dec 28 2011 dmorgan <dmorgan> 1.900.1-12.mga2
+ Revision: 188305
- P8: security fixes for CVE-2011-4516, CVE-2011-4517 (CERT VU#887409)
- P10 - P16: fixes various errors found by static analysis of code (coverity)
- P3, P4, P5, P6 now replaces the ubuntu patch (P0) which fixed the same
  issues (CVE-2007-2721, CVE-2008-3520, CVE-2008-3521, CVE-2008-3522)

* Fri Sep 23 2011 fwang <fwang> 1.900.1-11.mga2
+ Revision: 146938
- upload patch
- drop extra linking libs
- drop .la files

* Wed Jan 12 2011 dmorgan <dmorgan> 1.900.1-11.mga1
+ Revision: 7112
- imported package jasper