%define major 1 %define libname %mklibname %{name} %{major} %define develname %mklibname %{name} -d %define staticname %mklibname %{name} -d -s %define bootstrap 1 %{?_without_bootstrap: %global bootstrap 0} %{?_with_bootstrap: %global bootstrap 1} Summary: JPEG-2000 utilities Name: jasper Version: 1.900.1 %define subrel 3 Release: %mkrel 20 License: BSD-like Group: Graphics/Editors and Converters URL: http://www.ece.uvic.ca/~mdadams/jasper/ Source0: http://www.ece.uvic.ca/~mdadams/jasper/software/jasper-%version.zip Patch1: jasper-1.701.0-GL.patch # autoconf/automake bits of patch1 Patch2: jasper-1.701.0-GL-ac.patch # CVE-2007-2721 (bug #240397) # borrowed from http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=413041;msg=88 Patch3: patch-libjasper-stepsizes-overflow.diff # borrowed from http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=469786 Patch4: jpc_dec.c.patch # OpenBSD hardening patches addressing couple of possible integer overflows # during the memory allocations # https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2008-3520 Patch5: jasper-1.900.1-CVE-2008-3520.patch # https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2008-3522 Patch6: jasper-1.900.1-CVE-2008-3522.patch # add pkg-config support Patch7: jasper-pkgconfig.patch Patch8: jasper-1.900.1-CVE-2011-4516-CVE-2011-4517-CERT-VU-887409.patch Patch9: jasper-1.900.1-CVE-2014-9029.patch Patch10: jasper-1.900.1-CVE-2014-8137.patch Patch11: jasper-1.900.1-CVE-2014-8138.patch Patch12: jasper-1.900.1-CVE-2014-8157.patch Patch13: jasper-1.900.1-CVE-2014-8158.patch Patch14: jasper-1.900.1-CVE-2015-5203.patch Patch15: jasper-1.900.1-CVE-2016-1867.patch # Issues found by static analysis of code Patch110: jasper-1.900.1-Coverity-BAD_SIZEOF.patch Patch111: jasper-1.900.1-Coverity-CHECKED_RETURN.patch Patch112: jasper-1.900.1-Coverity-FORWARD_NULL.patch Patch113: jasper-1.900.1-Coverity-NULL_RETURNS.patch Patch114: jasper-1.900.1-Coverity-RESOURCE_LEAK.patch Patch115: jasper-1.900.1-Coverity-UNREACHABLE.patch Patch116: jasper-1.900.1-Coverity-UNUSED_VALUE.patch BuildRequires: jpeg-devel %if !%bootstrap BuildRequires: libmesaglut-devel %endif %description JasPer is a software-based implementation of the codec specified in the emerging JPEG-2000 Part-1 standard (i.e., ISO/IEC 15444-1). This package contains tools for working with JPEG-2000 images. %package -n %{libname} Summary: Libraries for JasPer Group: System/Libraries Provides: lib%{name} = %{version}-%{release} %description -n %{libname} JasPer is a software-based implementation of the codec specified in the emerging JPEG-2000 Part-1 standard (i.e., ISO/IEC 15444-1). This package contains libraries for working with JPEG-2000 images. %package -n %{develname} Summary: Development tools for programs which will use the libjasper library Group: Development/C Requires: %{libname} = %{version}-%{release} Provides: lib%{name}-devel = %{version}-%{release} Provides: %{name}-devel = %{version}-%{release} Conflicts: lib64jasper1.701_1-devel Obsoletes: %{mklibname %{name} 1 -d} < 1.900.1-5 Provides: %{mklibname %{name} 1 -d} %description -n %{develname} The %{libname}-devel package includes the header files necessary for developing programs which will manipulate JPEG-2000 files using the libjasper library. If you are going to develop programs which will manipulate JPEG-2000 images, you should install %{libname}-devel. You'll also need to have the %{libname} package installed. %package -n %{staticname} Summary: Static libraries for programs which will use the libjasper library Group: Development/C Requires: %{develname} = %{version}-%{release} Provides: lib%{name}-static-devel = %{version}-%{release} Provides: %{name}-static-devel = %{version}-%{release} Provides: %{libname}-static-devel = %{version}-%{release} Conflicts: lib64jasper1.701_1-static-devel Obsoletes: %{mklibname %{name} 1 -d -s} < 1.900.1-5 Provides: %{mklibname %{name} 1 -d -s} %description -n %{staticname} The %{libname}-static-devel package includes the static libraries necessary for developing programs which will manipulate JPEG-2000 files using the libjasper library. %prep %setup -q %patch1 -p1 -b .GL %patch2 -p1 -b .GL-ac %patch3 -p1 -b .CVE-2007-2721 %patch4 -p1 -b .jpc_dec_assertion %patch5 -p1 -b .CVE-2008-3520 %patch6 -p1 -b .CVE-2008-3522 %patch7 -p1 -b .pkgconfig %patch8 -p1 -b .CVE-2011-4516-4517 %patch9 -p1 -b .CVE-2014-9029 %patch10 -p1 -b .CVE-2014-8137 %patch11 -p1 -b .CVE-2014-8138 %patch12 -p1 -b .CVE-2014-8157 %patch13 -p1 -b .CVE-2014-8158 #patch14 -p1 -b .CVE-2015-5203 %patch15 -p1 -b .CVE-2016-1867 %patch110 -p1 -b .BAD_SIZEOF %patch111 -p1 -b .CHECKED_RETURN %patch112 -p1 -b .FORWARD_NULL %patch113 -p1 -b .NULL_RETURNS %patch114 -p1 -b .RESOURCE_LEAK %patch115 -p1 -b .UNREACHABLE %patch116 -p1 -b .UNUSED_VALUE %{__mv} doc/README doc/README.pdf %build autoreconf -fi %configure2_5x --enable-shared %make %install %makeinstall_std rm -f %{buildroot}%{_libdir}/*.la %multiarch_includes %{buildroot}%{_includedir}/jasper/jas_config.h %files %doc README LICENSE NEWS %{_bindir}/imgcmp %{_bindir}/imginfo %{_bindir}/jasper %if !%bootstrap %{_bindir}/jiv %endif %{_bindir}/tmrdemo %{_mandir}/man1/imgcmp.1* %{_mandir}/man1/imginfo.1* %{_mandir}/man1/jasper.1* %{_mandir}/man1/jiv.1* %files -n %{libname} %{_libdir}/lib*.so.%{major}* %files -n %{develname} %doc doc/README.pdf doc/jasper.pdf doc/jpeg2000.pdf %multiarch %dir %{multiarch_includedir}/%{name} %multiarch %{multiarch_includedir}/%{name}/*.h %dir %{_includedir}/%{name} %{_includedir}/%{name}/* %{_libdir}/*.so %{_libdir}/pkgconfig/jasper.pc %files -n %{staticname} %{_libdir}/*.a %changelog * Thu Jan 28 2016 luigiwalser <luigiwalser> 1.900.1-20.3.mga5 + Revision: 928398 - re-enable CVE-2016-1867 patch and disable CVE-2015-5203 patch - test build without CVE-2016-1867 patch - add patch from opensuse to fix CVE-2016-1867 + sander85 <sander85> - Fix CVE-2015-5203 * Fri Jan 23 2015 luigiwalser <luigiwalser> 1.900.1-20.mga5 + Revision: 812012 - add patches from redhat to fix CVE-2014-8157 and CVE-2014-8158 * Thu Dec 18 2014 luigiwalser <luigiwalser> 1.900.1-19.mga5 + Revision: 804045 - add patches from fedora to fix CVE-2014-8137 and CVE-2014-8138 * Thu Dec 04 2014 luigiwalser <luigiwalser> 1.900.1-18.mga5 + Revision: 801532 - add patch from debian to fix CVE-2014-9029 * Wed Oct 15 2014 umeabot <umeabot> 1.900.1-17.mga5 + Revision: 740074 - Second Mageia 5 Mass Rebuild * Tue Sep 16 2014 umeabot <umeabot> 1.900.1-16.mga5 + Revision: 680631 - Mageia 5 Mass Rebuild * Fri Oct 18 2013 umeabot <umeabot> 1.900.1-15.mga4 + Revision: 521242 - Mageia 4 Mass Rebuild * Sat Jan 19 2013 fwang <fwang> 1.900.1-14.mga3 + Revision: 389738 - update rpm group + umeabot <umeabot> - Mass Rebuild - https://wiki.mageia.org/en/Feature:Mageia3MassRebuild * Sun Mar 25 2012 luigiwalser <luigiwalser> 1.900.1-13.mga2 + Revision: 226425 - bump release (mga #5067) * Wed Dec 28 2011 dmorgan <dmorgan> 1.900.1-12.mga2 + Revision: 188305 - P8: security fixes for CVE-2011-4516, CVE-2011-4517 (CERT VU#887409) - P10 - P16: fixes various errors found by static analysis of code (coverity) - P3, P4, P5, P6 now replaces the ubuntu patch (P0) which fixed the same issues (CVE-2007-2721, CVE-2008-3520, CVE-2008-3521, CVE-2008-3522) * Fri Sep 23 2011 fwang <fwang> 1.900.1-11.mga2 + Revision: 146938 - upload patch - drop extra linking libs - drop .la files * Wed Jan 12 2011 dmorgan <dmorgan> 1.900.1-11.mga1 + Revision: 7112 - imported package jasper