diff options
-rw-r--r-- | 2cd30c2b06ce332dede81cccad8b334cde997281.patch | 80 | ||||
-rw-r--r-- | 4241ae6fbbf1de9658764a80944dc8108f2b4154.patch | 35 | ||||
-rw-r--r-- | afb308b9ccbe129608c9205cf3bb39bbefad90b9.patch | 43 | ||||
-rw-r--r-- | baf0c1ad4572daa89caa3b12985bdd93530f0dd7.patch | 25 | ||||
-rw-r--r-- | e5285319229a5d77bf316bb0d3a6cbd3cb8666d9.patch | 22 | ||||
-rw-r--r-- | openjpeg2.spec | 424 | ||||
-rw-r--r-- | openjpeg2_remove-thirdparty.patch | 11 |
7 files changed, 640 insertions, 0 deletions
diff --git a/2cd30c2b06ce332dede81cccad8b334cde997281.patch b/2cd30c2b06ce332dede81cccad8b334cde997281.patch new file mode 100644 index 0000000..dd9183d --- /dev/null +++ b/2cd30c2b06ce332dede81cccad8b334cde997281.patch @@ -0,0 +1,80 @@ +From 2cd30c2b06ce332dede81cccad8b334cde997281 Mon Sep 17 00:00:00 2001 +From: Even Rouault <even.rouault@spatialys.com> +Date: Thu, 17 Aug 2017 11:47:40 +0200 +Subject: [PATCH] tgatoimage(): avoid excessive memory allocation attempt, and + fixes unaligned load (#995) + +--- + src/bin/jp2/convert.c | 39 +++++++++++++++++++++++++++------------ + 1 file changed, 27 insertions(+), 12 deletions(-) + +diff --git a/src/bin/jp2/convert.c b/src/bin/jp2/convert.c +index a4eb81f6a..73dfc8d5f 100644 +--- a/src/bin/jp2/convert.c ++++ b/src/bin/jp2/convert.c +@@ -580,13 +580,10 @@ struct tga_header { + }; + #endif /* INFORMATION_ONLY */ + +-static unsigned short get_ushort(const unsigned char *data) ++/* Returns a ushort from a little-endian serialized value */ ++static unsigned short get_tga_ushort(const unsigned char *data) + { +- unsigned short val = *(const unsigned short *)data; +-#ifdef OPJ_BIG_ENDIAN +- val = ((val & 0xffU) << 8) | (val >> 8); +-#endif +- return val; ++ return data[0] | (data[1] << 8); + } + + #define TGA_HEADER_SIZE 18 +@@ -613,17 +610,17 @@ static int tga_readheader(FILE *fp, unsigned int *bits_per_pixel, + id_len = tga[0]; + /*cmap_type = tga[1];*/ + image_type = tga[2]; +- /*cmap_index = get_ushort(&tga[3]);*/ +- cmap_len = get_ushort(&tga[5]); ++ /*cmap_index = get_tga_ushort(&tga[3]);*/ ++ cmap_len = get_tga_ushort(&tga[5]); + cmap_entry_size = tga[7]; + + + #if 0 +- x_origin = get_ushort(&tga[8]); +- y_origin = get_ushort(&tga[10]); ++ x_origin = get_tga_ushort(&tga[8]); ++ y_origin = get_tga_ushort(&tga[10]); + #endif +- image_w = get_ushort(&tga[12]); +- image_h = get_ushort(&tga[14]); ++ image_w = get_tga_ushort(&tga[12]); ++ image_h = get_tga_ushort(&tga[14]); + pixel_depth = tga[16]; + image_desc = tga[17]; + +@@ -817,6 +814,24 @@ opj_image_t* tgatoimage(const char *filename, opj_cparameters_t *parameters) + color_space = OPJ_CLRSPC_SRGB; + } + ++ /* If the declared file size is > 10 MB, check that the file is big */ ++ /* enough to avoid excessive memory allocations */ ++ if (image_height != 0 && image_width > 10000000 / image_height / numcomps) { ++ char ch; ++ OPJ_UINT64 expected_file_size = ++ (OPJ_UINT64)image_width * image_height * numcomps; ++ long curpos = ftell(f); ++ if (expected_file_size > (OPJ_UINT64)INT_MAX) { ++ expected_file_size = (OPJ_UINT64)INT_MAX; ++ } ++ fseek(f, (long)expected_file_size - 1, SEEK_SET); ++ if (fread(&ch, 1, 1, f) != 1) { ++ fclose(f); ++ return NULL; ++ } ++ fseek(f, curpos, SEEK_SET); ++ } ++ + subsampling_dx = parameters->subsampling_dx; + subsampling_dy = parameters->subsampling_dy; + diff --git a/4241ae6fbbf1de9658764a80944dc8108f2b4154.patch b/4241ae6fbbf1de9658764a80944dc8108f2b4154.patch new file mode 100644 index 0000000..d165090 --- /dev/null +++ b/4241ae6fbbf1de9658764a80944dc8108f2b4154.patch @@ -0,0 +1,35 @@ +From 4241ae6fbbf1de9658764a80944dc8108f2b4154 Mon Sep 17 00:00:00 2001 +From: Even Rouault <even.rouault@spatialys.com> +Date: Tue, 15 Aug 2017 11:55:58 +0200 +Subject: [PATCH] Fix assertion in debug mode / heap-based buffer overflow in + opj_write_bytes_LE for Cinema profiles with numresolutions = 1 (#985) + +--- + src/lib/openjp2/j2k.c | 14 ++++++++++---- + 1 file changed, 10 insertions(+), 4 deletions(-) + +diff --git a/src/lib/openjp2/j2k.c b/src/lib/openjp2/j2k.c +index a2521ebbc..54b490a8c 100644 +--- a/src/lib/openjp2/j2k.c ++++ b/src/lib/openjp2/j2k.c +@@ -6573,10 +6573,16 @@ static void opj_j2k_set_cinema_parameters(opj_cparameters_t *parameters, + + /* Precincts */ + parameters->csty |= 0x01; +- parameters->res_spec = parameters->numresolution - 1; +- for (i = 0; i < parameters->res_spec; i++) { +- parameters->prcw_init[i] = 256; +- parameters->prch_init[i] = 256; ++ if (parameters->numresolution == 1) { ++ parameters->res_spec = 1; ++ parameters->prcw_init[0] = 128; ++ parameters->prch_init[0] = 128; ++ } else { ++ parameters->res_spec = parameters->numresolution - 1; ++ for (i = 0; i < parameters->res_spec; i++) { ++ parameters->prcw_init[i] = 256; ++ parameters->prch_init[i] = 256; ++ } + } + + /* The progression order shall be CPRL */ diff --git a/afb308b9ccbe129608c9205cf3bb39bbefad90b9.patch b/afb308b9ccbe129608c9205cf3bb39bbefad90b9.patch new file mode 100644 index 0000000..c8a1fd6 --- /dev/null +++ b/afb308b9ccbe129608c9205cf3bb39bbefad90b9.patch @@ -0,0 +1,43 @@ +From afb308b9ccbe129608c9205cf3bb39bbefad90b9 Mon Sep 17 00:00:00 2001 +From: Even Rouault <even.rouault@spatialys.com> +Date: Mon, 14 Aug 2017 17:20:37 +0200 +Subject: [PATCH] Encoder: grow buffer size in + opj_tcd_code_block_enc_allocate_data() to avoid write heap buffer overflow in + opj_mqc_flush (#982) + +--- + src/lib/openjp2/tcd.c | 7 +++++-- + tests/nonregression/test_suite.ctest.in | 2 ++ + 2 files changed, 7 insertions(+), 2 deletions(-) + +diff --git a/src/lib/openjp2/tcd.c b/src/lib/openjp2/tcd.c +index 301c7213e..53cdcf64d 100644 +--- a/src/lib/openjp2/tcd.c ++++ b/src/lib/openjp2/tcd.c +@@ -1187,8 +1187,11 @@ static OPJ_BOOL opj_tcd_code_block_enc_allocate_data(opj_tcd_cblk_enc_t * + { + OPJ_UINT32 l_data_size; + +- /* The +1 is needed for https://github.com/uclouvain/openjpeg/issues/835 */ +- l_data_size = 1 + (OPJ_UINT32)((p_code_block->x1 - p_code_block->x0) * ++ /* +1 is needed for https://github.com/uclouvain/openjpeg/issues/835 */ ++ /* and actually +2 required for https://github.com/uclouvain/openjpeg/issues/982 */ ++ /* TODO: is there a theoretical upper-bound for the compressed code */ ++ /* block size ? */ ++ l_data_size = 2 + (OPJ_UINT32)((p_code_block->x1 - p_code_block->x0) * + (p_code_block->y1 - p_code_block->y0) * (OPJ_INT32)sizeof(OPJ_UINT32)); + + if (l_data_size > p_code_block->data_size) { +diff --git a/tests/nonregression/test_suite.ctest.in b/tests/nonregression/test_suite.ctest.in +index aaf40d7d0..ffd964c2a 100644 +--- a/tests/nonregression/test_suite.ctest.in ++++ b/tests/nonregression/test_suite.ctest.in +@@ -169,6 +169,8 @@ opj_compress -i @INPUT_NR_PATH@/Bretagne2.ppm -o @TEMP_PATH@/Bretagne2_empty_ban + # Same rate as Bretagne2_4.j2k + opj_compress -i @INPUT_NR_PATH@/Bretagne2.ppm -o @TEMP_PATH@/Bretagne2_empty_band_r800.j2k -t 2591,1943 -n 2 -r 800 + ++opj_compress -i @INPUT_NR_PATH@/issue982.bmp -o @TEMP_PATH@/issue982.j2k -n 1 ++ + # DECODER TEST SUITE + opj_decompress -i @INPUT_NR_PATH@/Bretagne2.j2k -o @TEMP_PATH@/Bretagne2.j2k.pgx + opj_decompress -i @INPUT_NR_PATH@/_00042.j2k -o @TEMP_PATH@/_00042.j2k.pgx diff --git a/baf0c1ad4572daa89caa3b12985bdd93530f0dd7.patch b/baf0c1ad4572daa89caa3b12985bdd93530f0dd7.patch new file mode 100644 index 0000000..724cf60 --- /dev/null +++ b/baf0c1ad4572daa89caa3b12985bdd93530f0dd7.patch @@ -0,0 +1,25 @@ +From baf0c1ad4572daa89caa3b12985bdd93530f0dd7 Mon Sep 17 00:00:00 2001 +From: Even Rouault <even.rouault@spatialys.com> +Date: Mon, 14 Aug 2017 17:26:58 +0200 +Subject: [PATCH] bmp_read_info_header(): reject bmp files with biBitCount == 0 + (#983) + +--- + src/bin/jp2/convertbmp.c | 4 ++++ + 1 file changed, 4 insertions(+) + +diff --git a/src/bin/jp2/convertbmp.c b/src/bin/jp2/convertbmp.c +index b49e7a080..2715fdf24 100644 +--- a/src/bin/jp2/convertbmp.c ++++ b/src/bin/jp2/convertbmp.c +@@ -392,6 +392,10 @@ static OPJ_BOOL bmp_read_info_header(FILE* IN, OPJ_BITMAPINFOHEADER* header) + + header->biBitCount = (OPJ_UINT16)getc(IN); + header->biBitCount |= (OPJ_UINT16)((OPJ_UINT32)getc(IN) << 8); ++ if (header->biBitCount == 0) { ++ fprintf(stderr, "Error, invalid biBitCount %d\n", 0); ++ return OPJ_FALSE; ++ } + + if (header->biSize >= 40U) { + header->biCompression = (OPJ_UINT32)getc(IN); diff --git a/e5285319229a5d77bf316bb0d3a6cbd3cb8666d9.patch b/e5285319229a5d77bf316bb0d3a6cbd3cb8666d9.patch new file mode 100644 index 0000000..ebfe1ad --- /dev/null +++ b/e5285319229a5d77bf316bb0d3a6cbd3cb8666d9.patch @@ -0,0 +1,22 @@ +From e5285319229a5d77bf316bb0d3a6cbd3cb8666d9 Mon Sep 17 00:00:00 2001 +From: Even Rouault <even.rouault@spatialys.com> +Date: Fri, 18 Aug 2017 13:39:20 +0200 +Subject: [PATCH] pgxtoimage(): fix write stack buffer overflow (#997) + +--- + src/bin/jp2/convert.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/src/bin/jp2/convert.c b/src/bin/jp2/convert.c +index 5459f7d44..e606c9be7 100644 +--- a/src/bin/jp2/convert.c ++++ b/src/bin/jp2/convert.c +@@ -1185,7 +1185,7 @@ opj_image_t* pgxtoimage(const char *filename, opj_cparameters_t *parameters) + } + + fseek(f, 0, SEEK_SET); +- if (fscanf(f, "PG%[ \t]%c%c%[ \t+-]%d%[ \t]%d%[ \t]%d", temp, &endian1, ++ if (fscanf(f, "PG%31[ \t]%c%c%31[ \t+-]%d%31[ \t]%d%31[ \t]%d", temp, &endian1, + &endian2, signtmp, &prec, temp, &w, temp, &h) != 9) { + fclose(f); + fprintf(stderr, diff --git a/openjpeg2.spec b/openjpeg2.spec new file mode 100644 index 0000000..653ae87 --- /dev/null +++ b/openjpeg2.spec @@ -0,0 +1,424 @@ +# Conformance tests disabled by default since it requires 1 GB of test data +#global runcheck 1 + +#global optional_components 1 + +Name: openjpeg2 +Version: 2.2.0 +Release: 3%{?dist} +Summary: C-Library for JPEG 2000 + +# windirent.h is MIT, the rest is BSD +License: BSD and MIT +URL: https://github.com/uclouvain/openjpeg +Source0: https://github.com/uclouvain/openjpeg/archive/v%{version}/openjpeg-%{version}.tar.gz +%if 0%{?runcheck} +# git clone git@github.com:uclouvain/openjpeg-data.git +Source1: data.tar.xz +%endif + +# Remove bundled libraries +Patch0: openjpeg2_remove-thirdparty.patch +# Backport fix for CVE-2017-12982 +Patch1: baf0c1ad4572daa89caa3b12985bdd93530f0dd7.patch +# Backport fix for CVE-2017-14041 +Patch2: e5285319229a5d77bf316bb0d3a6cbd3cb8666d9.patch +# Backport fix for CVE-2017-14040 +Patch3: 2cd30c2b06ce332dede81cccad8b334cde997281.patch +# Backport fix for Heap-based buffer overflow in opj_write_bytes_LE in cio.c +Patch4: 4241ae6fbbf1de9658764a80944dc8108f2b4154.patch +# Backport fix for Heap-based buffer overflow in opj_mqc_flush in mqc.c +Patch5: afb308b9ccbe129608c9205cf3bb39bbefad90b9.patch + +BuildRequires: cmake +BuildRequires: zlib-devel +BuildRequires: libpng-devel +BuildRequires: libtiff-devel +BuildRequires: lcms2-devel +BuildRequires: doxygen + +%if 0%{?optional_components} +BuildRequires: java-devel +BuildRequires: xerces-j2 +%endif + +%description +The OpenJPEG library is an open-source JPEG 2000 library developed in order to +promote the use of JPEG 2000. + +This package contains +* JPEG 2000 codec compliant with the Part 1 of the standard (Class-1 Profile-1 + compliance). +* JP2 (JPEG 2000 standard Part 2 - Handling of JP2 boxes and extended multiple + component transforms for multispectral and hyperspectral imagery) + + +%package devel +Summary: Development files for OpenJPEG 2 +Requires: %{name}%{?_isa} = %{version}-%{release} + +%description devel +The %{name}-devel package contains libraries and header files for developing +applications that use OpenJPEG 2. + + +%package devel-docs +Summary: Developer documentation for OpenJPEG 2 +BuildArch: noarch + +%description devel-docs +The %{name}-devel-docs package contains documentation files for developing +applications that use OpenJPEG 2. + + +%package tools +Summary: OpenJPEG 2 command line tools +Requires: %{name}%{?_isa} = %{version}-%{release} + +%description tools +Command line tools for JPEG 2000 file manipulation, using OpenJPEG2: + * opj2_compress + * opj2_decompress + * opj2_dump + +%if 0%{?optional_components} +##### MJ2 ##### + +%package mj2 +Summary: OpenJPEG2 MJ2 module +Requires: %{name}%{?_isa} = %{version}-%{release} + +%description mj2 +The OpenJPEG library is an open-source JPEG 2000 library developed in order to +promote the use of JPEG 2000. + +This package contains the MJ2 module (JPEG 2000 standard Part 3) + + +%package mj2-devel +Summary: Development files for OpenJPEG2 MJ2 module +Requires: %{name}-devel%{?_isa} = %{version}-%{release} +Requires: %{name}-mj2%{?_isa} = %{version}-%{release} + +%description mj2-devel +Development files for OpenJPEG2 MJ2 module + + +%package mj2-tools +Summary: OpenJPEG2 MJ2 module command line tools +Requires: %{name}-mj2%{?_isa} = %{version}-%{release} + +%description mj2-tools +OpenJPEG2 MJ2 module command line tools + +##### JPWL ##### + +%package jpwl +Summary: OpenJPEG2 JPWL module +Requires: %{name}%{?_isa} = %{version}-%{release} + +%description jpwl +The OpenJPEG library is an open-source JPEG 2000 library developed in order to +promote the use of JPEG 2000. + +This package contains the JPWL (JPEG 2000 standard Part 11 - Jpeg 2000 Wireless) + + +%package jpwl-devel +Summary: Development files for OpenJPEG2 JPWL module +Requires: %{name}-devel%{?_isa} = %{version}-%{release} +Requires: %{name}-jpwl%{?_isa} = %{version}-%{release} + +%description jpwl-devel +Development files for OpenJPEG2 JPWL module + + +%package jpwl-tools +Summary: OpenJPEG2 JPWL module command line tools +Requires: %{name}-jpwl%{?_isa} = %{version}-%{release} + +%description jpwl-tools +OpenJPEG2 JPWL module command line tools + +##### JPIP ##### + +%package jpip +Summary: OpenJPEG2 JPIP module +Requires: %{name}%{?_isa} = %{version}-%{release} + +%description jpip +The OpenJPEG library is an open-source JPEG 2000 library developed in order to +promote the use of JPEG 2000. + +This package contains the JPWL (JPEG 2000 standard Part 9 - Jpeg 2000 Interactive Protocol) + + +%package jpip-devel +Summary: Development files for OpenJPEG2 JPIP module +Requires: %{name}-devel%{?_isa} = %{version}-%{release} +Requires: %{name}-jpwl%{?_isa} = %{version}-%{release} + +%description jpip-devel +Development files for OpenJPEG2 JPIP module + + +%package jpip-tools +Summary: OpenJPEG2 JPIP module command line tools +Requires: %{name}-jpip%{?_isa} = %{version}-%{release} +Requires: jpackage-utils +Requires: java + +%description jpip-tools +OpenJPEG2 JPIP module command line tools + +##### JP3D ##### + +%package jp3d +Summary: OpenJPEG2 JP3D module +Requires: %{name}%{?_isa} = %{version}-%{release} + +%description jp3d +The OpenJPEG library is an open-source JPEG 2000 library developed in order to +promote the use of JPEG 2000. + +This package contains the JP3D (JPEG 2000 standard Part 10 - Jpeg 2000 3D) + + +%package jp3d-devel +Summary: Development files for OpenJPEG2 JP3D module +Requires: %{name}-devel%{?_isa} = %{version}-%{release} +Requires: %{name}-jp3d%{?_isa} = %{version}-%{release} + +%description jp3d-devel +Development files for OpenJPEG2 JP3D module + + +%package jp3d-tools +Summary: OpenJPEG2 JP3D module command line tools +Requires: %{name}-jp3d%{?_isa} = %{version}-%{release} + +%description jp3d-tools +OpenJPEG2 JP3D module command line tools +%endif + + +%prep +%autosetup -p1 -n openjpeg-%{version} %{?runcheck:-a 1} + +# Remove all third party libraries just to be sure +rm -rf thirdparty + + +%build +mkdir %{_target_platform} +pushd %{_target_platform} +# TODO: Consider +# -DBUILD_JPIP_SERVER=ON -DBUILD_JAVA=ON +%cmake -DCMAKE_BUILD_TYPE=RelWithDebInfo -DOPENJPEG_INSTALL_LIB_DIR=%{_lib} \ + %{?optional_components:-DBUILD_MJ2=ON -DBUILD_JPWL=ON -DBUILD_JPIP=ON -DBUILD_JP3D=ON} \ + -DBUILD_DOC=ON \ + %{?runcheck:-DBUILD_TESTING:BOOL=ON -DOPJ_DATA_ROOT=$PWD/../data} \ + .. +popd + +%make_build VERBOSE=1 -C %{_target_platform} + + +%install +%make_install -C %{_target_platform} + +# Remove static library +rm -f %{buildroot}%{_libdir}/libopenjp2.a + +# Rename to avoid conflicts with openjpeg-1.x +for file in %{buildroot}%{_bindir}/opj_*; do + mv $file ${file/opj_/opj2_} +done +mv %{buildroot}%{_mandir}/man1/opj_compress.1 %{buildroot}%{_mandir}/man1/opj2_compress.1 +mv %{buildroot}%{_mandir}/man1/opj_decompress.1 %{buildroot}%{_mandir}/man1/opj2_decompress.1 +mv %{buildroot}%{_mandir}/man1/opj_dump.1 %{buildroot}%{_mandir}/man1/opj2_dump.1 + +# Docs are installed through %%doc +rm -rf %{buildroot}%{_datadir}/doc/ + +%if 0%{?optional_components} +# Move the jar to the correct place +mkdir -p %{buildroot}%{_javadir} +mv %{buildroot}%{_datadir}/opj_jpip_viewer.jar %{buildroot}%{_javadir}/opj2_jpip_viewer.jar +cat > %{buildroot}%{_bindir}/opj2_jpip_viewer <<EOF +java -jar %{_javadir}/opj2_jpip_viewer.jar "$@" +EOF +chmod +x %{buildroot}%{_bindir}/opj2_jpip_viewer +%endif + + +%post -p /sbin/ldconfig + +%postun -p /sbin/ldconfig + + +%check +%if 0%{?runcheck} +make test -C %{_target_platform} +%endif + + +%files +%{!?_licensedir:%global license %doc} +%license LICENSE +%doc AUTHORS.md NEWS.md README.md THANKS.md +%{_libdir}/libopenjp2.so.* +%{_mandir}/man3/libopenjp2.3* + +%files devel +%dir %{_includedir}/openjpeg-2.2/ +%{_includedir}/openjpeg-2.2/openjpeg.h +%{_includedir}/openjpeg-2.2/opj_config.h +%{_includedir}/openjpeg-2.2/opj_stdint.h +%{_libdir}/libopenjp2.so +%{_libdir}/openjpeg-2.2/ +%{_libdir}/pkgconfig/libopenjp2.pc + +%files devel-docs +%doc %{_target_platform}/doc/html + +%files tools +%{_bindir}/opj2_compress +%{_bindir}/opj2_decompress +%{_bindir}/opj2_dump +%{_mandir}/man1/opj2_compress.1* +%{_mandir}/man1/opj2_decompress.1* +%{_mandir}/man1/opj2_dump.1* + +%if 0%{?optional_components} +%files mj2 +%{_libdir}/libopenmj2.so.* + +%files mj2-devel +%{_libdir}/libopenmj2.so + +%files mj2-tools +%{_bindir}/opj2_mj2* + +%files jpwl +%{_libdir}/libopenjpwl.so.* + +%files jpwl-devel +%{_libdir}/libopenjpwl.so +%{_libdir}/pkgconfig/libopenjpwl.pc + +%files jpwl-tools +%{_bindir}/opj2_jpwl* + +%files jpip +%{_libdir}/libopenjpip.so.* + +%files jpip-devel +%{_libdir}/libopenjpip.so +%{_libdir}/pkgconfig/libopenjpip.pc + +%files jpip-tools +%{_bindir}/opj2_jpip* +%{_bindir}/opj2_dec_server +%{_javadir}/opj2_jpip_viewer.jar + +%files jp3d +%{_libdir}/libopenjp3d.so.* + +%files jp3d-devel +%{_includedir}/openjpeg-2.0/openjp3d.h +%{_libdir}/libopenjp3d.so +%{_libdir}/pkgconfig/libopenjp3d.pc + +%files jp3d-tools +%{_bindir}/opj2_jp3d* +%endif + + +%changelog +* Thu Aug 31 2017 Sandro Mani <manisandro@gmail.com> - 2.2.0-3 +- Backport more security fixes, including for CVE-2017-14041 and CVE-2017-14040 + +* Thu Aug 31 2017 Sandro Mani <manisandro@gmail.com> - 2.2.0-2 +- Backport patch for CVE-2017-12982 + +* Thu Aug 10 2017 Sandro Mani <manisandro@gmail.com> - 2.2.0-1 +- Update to 2.2.0 + +* Thu Aug 03 2017 Fedora Release Engineering <releng@fedoraproject.org> - 2.1.2-6 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Binutils_Mass_Rebuild + +* Thu Jul 27 2017 Fedora Release Engineering <releng@fedoraproject.org> - 2.1.2-5 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Mass_Rebuild + +* Sat Feb 11 2017 Fedora Release Engineering <releng@fedoraproject.org> - 2.1.2-4 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_26_Mass_Rebuild + +* Sat Dec 17 2016 Sandro Mani <manisandro@gmail.com> - 2.1.2-3 +- Add patch for CVE-2016-9580 (#1405128) and CVE-2016-9581 (#1405135) + +* Thu Dec 08 2016 Sandro Mani <manisandro@gmail.com> - 2.1.2-2 +- Add patch for CVE-2016-9572 (#1402714) and CVE-2016-9573 (#1402711) + +* Wed Sep 28 2016 Sandro Mani <manisandro@gmail.com> - 2.1.2-1 +- Update to 2.1.2 +- Fixes: CVE-2016-7445 + +* Fri Sep 09 2016 Sandro Mani <manisandro@gmail.com> - 2.1.1-3 +- Backport: Add sanity check for tile coordinates (#1374337) + +* Fri Sep 09 2016 Sandro Mani <manisandro@gmail.com> - 2.1.1-2 +- Backport fixes for CVE-2016-7163 + +* Wed Jul 06 2016 Sandro Mani <manisandro@gmail.com> - 2.1.1-1 +- Update to 2.1.1 +- Fixes: CVE-2016-3183, CVE-2016-3181, CVE-2016-3182, CVE-2016-4796, CVE-2016-4797, CVE-2015-8871 + +* Thu Feb 04 2016 Fedora Release Engineering <releng@fedoraproject.org> - 2.1.0-8 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_24_Mass_Rebuild + +* Thu Oct 01 2015 Sandro Mani <manisandro@gmail.com> - 2.1.0-7 +- Backport fix for possible double-free (#1267983) + +* Tue Sep 15 2015 Sandro Mani <manisandro@gmail.com> - 2.1.0-6 +- Backport fix for use after free vulnerability (#1263359) + +* Thu Jun 25 2015 Sandro Mani <manisandro@gmail.com> - 2.1.0-5 +- Add openjpeg2_bigendian.patch (#1232739) + +* Wed Jun 17 2015 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 2.1.0-4 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_23_Mass_Rebuild + +* Sun Aug 17 2014 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 2.1.0-3 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_22_Mass_Rebuild + +* Sat Jun 07 2014 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 2.1.0-2 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_Mass_Rebuild + +* Tue May 27 2014 Sandro Mani <manisandro@gmail.com> - 2.1.0-1 +- Update to 2.1.0 + +* Wed Apr 16 2014 Sandro Mani <manisandro@gmail.com> - 2.0.0-5 +- Switch to official 2.0 release and backport pkg-config patch + +* Thu Apr 10 2014 Sandro Mani <manisandro@gmail.com> - 2.0.0-4.svn20140403 +- Replace define with global +- Fix #define optional_components 1S typo +- Fix %%(pwd) -> $PWD for test data +- Added some BR for optional components +- Include opj2_jpip_viewer.jar in %%files + +* Wed Apr 09 2014 Sandro Mani <manisandro@gmail.com> - 2.0.0-3.svn20140403 +- Fix source url +- Fix mixed tabs and spaces +- Fix description too long + +* Wed Apr 09 2014 Sandro Mani <manisandro@gmail.com> - 2.0.0-2.svn20140403 +- Remove thirdparty libraries folder in prep +- Own %%{_libdir}/openjpeg-2.0/ +- Fix Requires +- Add missing ldconfig +- Add possibility to run conformance tests if desired + +* Thu Apr 03 2014 Sandro Mani <manisandro@gmail.com> - 2.0.0-1.svn20140403 +- Initial package diff --git a/openjpeg2_remove-thirdparty.patch b/openjpeg2_remove-thirdparty.patch new file mode 100644 index 0000000..6987fc2 --- /dev/null +++ b/openjpeg2_remove-thirdparty.patch @@ -0,0 +1,11 @@ +diff -rupN openjpeg-2.1.1/CMakeLists.txt openjpeg-2.1.1-new/CMakeLists.txt +--- openjpeg-2.1.1/CMakeLists.txt 2016-07-05 16:54:17.000000000 +0200 ++++ openjpeg-2.1.1-new/CMakeLists.txt 2016-07-06 09:38:26.083029127 +0200 +@@ -270,7 +270,6 @@ if(BUILD_CODEC OR BUILD_MJ2) + # OFF: It will only build 3rd party libs if they are not found on the system + # ON: 3rd party libs will ALWAYS be build, and used + option(BUILD_THIRDPARTY "Build the thirdparty executables if it is needed" OFF) +- add_subdirectory(thirdparty) + add_subdirectory(src/bin) + endif () + add_subdirectory(wrapping) |