From ec030379984fe4becf3f014e31e66e2b25539039 Mon Sep 17 00:00:00 2001 From: Remi Collet Date: Mon, 31 May 2021 14:07:41 +0200 Subject: sync with Fedora Update to 2.4.0 Apply proposed patches for CVE-2021-29338 and a heap buffer overflow (#1957616) --- openjpeg2-static.spec | 48 +++++++++++++++++++++--------------------------- 1 file changed, 21 insertions(+), 27 deletions(-) (limited to 'openjpeg2-static.spec') diff --git a/openjpeg2-static.spec b/openjpeg2-static.spec index 2ee7543..f0339cc 100644 --- a/openjpeg2-static.spec +++ b/openjpeg2-static.spec @@ -10,8 +10,8 @@ %global _target_platform %{_vendor}-%{_target_os} Name: openjpeg2-static -Version: 2.3.1 -Release: 9%{?dist} +Version: 2.4.0 +Release: 1%{?dist} Summary: C-Library for JPEG 2000 # windirent.h is MIT, the rest is BSD @@ -25,21 +25,13 @@ Source1: data.tar.xz # Rename tool names to avoid conflicts with openjpeg-1.x Patch0: openjpeg2_opj2.patch -# Backport patch for CVE 2020-6851 -# https://github.com/uclouvain/openjpeg/issues/1228 -Patch1: openjpeg2_CVE-2020-6851.patch -# Backport patch for CVE 2020-8112 -# https://github.com/uclouvain/openjpeg/pull/1232/commits/05f9b91e60debda0e83977e5e63b2e66486f7074 -Patch2: openjpeg2_CVE-2020-8112.patch -# Backport patch for CVE-2020-27814 -# https://github.com/uclouvain/openjpeg/commit/eaa098b59b346cb88e4d10d505061f669d7134fc -Patch3: openjpeg2_CVE-2020-27814.patch -# Backport patch for CVE-2020-27824 -# https://github.com/uclouvain/openjpeg/pull/1292/commits/6daf5f3e1ec6eff03b7982889874a3de6617db8d -Patch4: openjpeg2_CVE-2020-27824.patch -# Backport patch for CVE-2020-27823 -# https://github.com/uclouvain/openjpeg/commit/b2072402b7e14d22bba6fb8cde2a1e9996e9a919 -Patch5: openjpeg2_CVE-2020-27823.patch +# Backport proposed patch for CVE-2021-29338 +# See https://github.com/uclouvain/openjpeg/issues/1338 +# and https://github.com/uclouvain/openjpeg/pull/1346 +Patch1: CVE-2021-29338.patch +# Backport proposed patch for heap buffer overflow (#1957616) +# See https://github.com/uclouvain/openjpeg/issues/1347 +Patch2: heap-buffer-overflow.patch BuildRequires: cmake @@ -224,9 +216,6 @@ OpenJPEG2 JP3D module command line tools %patch0 -p1 %patch1 -p1 %patch2 -p1 -%patch3 -p1 -%patch4 -p1 -%patch5 -p1 # Remove all third party libraries just to be sure find thirdparty/ -mindepth 1 -maxdepth 1 -type d -exec rm -rf {} \; @@ -247,7 +236,7 @@ export CFLAGS="%{optflags} -fPIC" -DBUILD_STATIC_LIBS=ON \ -DBUILD_SHARED_LIBS=OFF \ %{?runcheck:-DBUILD_TESTING:BOOL=ON -DOPJ_DATA_ROOT=$PWD/../data} \ - .. + -B . -S .. popd %make_build VERBOSE=1 -C %{_target_platform} @@ -290,15 +279,15 @@ make test -C %{_target_platform} %{!?_licensedir:%global license %doc} %license LICENSE %doc AUTHORS.md NEWS.md README.md THANKS.md -%{_mandir}/man3/libopenjp2.3* +%{_mandir}/man3/libopenjp2.* %files devel -%dir %{_includedir}/openjpeg-2.3/ -%{_includedir}/openjpeg-2.3/openjpeg.h -%{_includedir}/openjpeg-2.3/opj_config.h -%{_includedir}/openjpeg-2.3/opj_stdint.h +%dir %{_includedir}/openjpeg-2.4/ +%{_includedir}/openjpeg-2.4/openjpeg.h +%{_includedir}/openjpeg-2.4/opj_config.h +%{_includedir}/openjpeg-2.4/opj_stdint.h %{_libdir}/libopenjp2.a -%{_libdir}/openjpeg-2.3/ +%{_libdir}/openjpeg-2.4/ %{_libdir}/pkgconfig/libopenjp2.pc %files devel-docs @@ -358,6 +347,11 @@ make test -C %{_target_platform} %changelog +* Mon May 31 2021 Remi Collet - 2.4.0-1 +- sync with Fedora +- Update to 2.4.0 +- Apply proposed patches for CVE-2021-29338 and a heap buffer overflow (#1957616) + * Thu Feb 13 2020 Remi Collet - 2.3.1-9 - sync with Fedora - Backport patches for CVE-2020-27824 and CVE-2020-27823 -- cgit