From bbf5f53e943418fe4f8b9ba960181c4610e05edc Mon Sep 17 00:00:00 2001 From: Sandro Mani Date: Feb 10 2021 18:06:44 +0000 Subject: Update to 2.0.25 --- diff --git a/.gitignore b/.gitignore index a9dfe09..374729e 100644 --- a/.gitignore +++ b/.gitignore @@ -4,3 +4,4 @@ /jasper-2.0.17.tar.gz /jasper-2.0.22.tar.gz /jasper-2.0.24.tar.gz +/jasper-2.0.25.tar.gz diff --git a/CVE-2021-3272.patch b/CVE-2021-3272.patch deleted file mode 100644 index 071735c..0000000 --- a/CVE-2021-3272.patch +++ /dev/null @@ -1,36 +0,0 @@ -diff -rupN --no-dereference jasper-version-2.0.24/src/libjasper/jp2/jp2_dec.c jasper-version-2.0.24-new/src/libjasper/jp2/jp2_dec.c ---- jasper-version-2.0.24/src/libjasper/jp2/jp2_dec.c 2021-01-04 10:11:50.000000000 +0100 -+++ jasper-version-2.0.24-new/src/libjasper/jp2/jp2_dec.c 2021-01-29 11:07:28.000268927 +0100 -@@ -255,7 +255,7 @@ jas_image_t *jp2_decode(jas_stream_t *in - with the data in the code stream? */ - if ((samedtype && dec->ihdr->data.ihdr.bpc != JP2_DTYPETOBPC(dtype)) || - (!samedtype && dec->ihdr->data.ihdr.bpc != JP2_IHDR_BPCNULL)) { -- jas_eprintf("warning: component data type mismatch\n"); -+ jas_eprintf("warning: component data type mismatch (IHDR)\n"); - } - - /* Is the compression type supported? */ -@@ -278,7 +278,7 @@ jas_image_t *jp2_decode(jas_stream_t *in - ++i) { - if (jas_image_cmptdtype(dec->image, i) != - JP2_BPCTODTYPE(dec->bpcc->data.bpcc.bpcs[i])) { -- jas_eprintf("warning: component data type mismatch\n"); -+ jas_eprintf("warning: component data type mismatch (BPCC)\n"); - } - } - } else { -@@ -409,6 +409,14 @@ jas_image_t *jp2_decode(jas_stream_t *in - } - } - -+ /* Ensure that the number of channels being used by the decoder -+ matches the number of image components. */ -+ if (dec->numchans != jas_image_numcmpts(dec->image)) { -+ jas_eprintf("error: mismatch in number of components (%d != %d)\n", -+ dec->numchans, jas_image_numcmpts(dec->image)); -+ goto error; -+ } -+ - /* Mark all components as being of unknown type. */ - - for (i = 0; i < JAS_CAST(jas_uint, jas_image_numcmpts(dec->image)); ++i) { diff --git a/jasper-1.900.1-sleep.patch b/jasper-1.900.1-sleep.patch index 9369056..7019ad4 100644 --- a/jasper-1.900.1-sleep.patch +++ b/jasper-1.900.1-sleep.patch @@ -1,6 +1,6 @@ -diff -rupN --no-dereference jasper-version-2.0.24/src/appl/tmrdemo.c jasper-version-2.0.24-new/src/appl/tmrdemo.c ---- jasper-version-2.0.24/src/appl/tmrdemo.c 2021-01-04 10:11:50.000000000 +0100 -+++ jasper-version-2.0.24-new/src/appl/tmrdemo.c 2021-01-29 11:07:28.063268845 +0100 +diff -rupN --no-dereference jasper-version-2.0.25/src/appl/tmrdemo.c jasper-version-2.0.25-new/src/appl/tmrdemo.c +--- jasper-version-2.0.25/src/appl/tmrdemo.c 2021-02-07 22:12:04.000000000 +0100 ++++ jasper-version-2.0.25-new/src/appl/tmrdemo.c 2021-02-10 18:57:11.856703312 +0100 @@ -1,4 +1,5 @@ #include +#include diff --git a/jasper-exports.patch b/jasper-exports.patch index 54ded46..bda2e28 100644 --- a/jasper-exports.patch +++ b/jasper-exports.patch @@ -1,6 +1,6 @@ -diff -rupN --no-dereference jasper-version-2.0.24/src/libjasper/jp2/jp2_cod.h jasper-version-2.0.24-new/src/libjasper/jp2/jp2_cod.h ---- jasper-version-2.0.24/src/libjasper/jp2/jp2_cod.h 2021-01-04 10:11:50.000000000 +0100 -+++ jasper-version-2.0.24-new/src/libjasper/jp2/jp2_cod.h 2021-01-29 11:07:28.095268803 +0100 +diff -rupN --no-dereference jasper-version-2.0.25/src/libjasper/jp2/jp2_cod.h jasper-version-2.0.25-new/src/libjasper/jp2/jp2_cod.h +--- jasper-version-2.0.25/src/libjasper/jp2/jp2_cod.h 2021-02-07 22:12:04.000000000 +0100 ++++ jasper-version-2.0.25-new/src/libjasper/jp2/jp2_cod.h 2021-02-10 18:57:11.884702442 +0100 @@ -288,10 +288,10 @@ typedef struct jp2_boxinfo_s { * Box class. \******************************************************************************/ diff --git a/jasper-libversion.patch b/jasper-libversion.patch index f9042f8..2b8e818 100644 --- a/jasper-libversion.patch +++ b/jasper-libversion.patch @@ -1,6 +1,6 @@ -diff -rupN --no-dereference jasper-version-2.0.24/src/libjasper/CMakeLists.txt jasper-version-2.0.24-new/src/libjasper/CMakeLists.txt ---- jasper-version-2.0.24/src/libjasper/CMakeLists.txt 2021-01-04 10:11:50.000000000 +0100 -+++ jasper-version-2.0.24-new/src/libjasper/CMakeLists.txt 2021-01-29 11:07:28.033268884 +0100 +diff -rupN --no-dereference jasper-version-2.0.25/src/libjasper/CMakeLists.txt jasper-version-2.0.25-new/src/libjasper/CMakeLists.txt +--- jasper-version-2.0.25/src/libjasper/CMakeLists.txt 2021-02-07 22:12:04.000000000 +0100 ++++ jasper-version-2.0.25-new/src/libjasper/CMakeLists.txt 2021-02-10 18:57:11.831704090 +0100 @@ -176,10 +176,11 @@ if (MSVC) target_compile_definitions(libjasper PRIVATE "-D_CRT_NONSTDC_NO_DEPRECATE") endif() diff --git a/mingw-jasper.spec b/mingw-jasper.spec index af69e2a..db3733d 100644 --- a/mingw-jasper.spec +++ b/mingw-jasper.spec @@ -1,8 +1,8 @@ %{?mingw_package_header} Name: mingw-jasper -Version: 2.0.24 -Release: 2%{?dist} +Version: 2.0.25 +Release: 1%{?dist} Summary: MinGW Windows Jasper library License: JasPer @@ -10,10 +10,6 @@ License: JasPer URL: http://www.ece.uvic.ca/~frodo/jasper/ Source0: https://github.com/mdadams/jasper/archive/version-%{version}/jasper-%{version}.tar.gz -# Backport fix for CVE-2021-3272 -# https://github.com/jasper-software/jasper/issues/259 -Patch0: CVE-2021-3272.patch - # MinGW-specific patches. # Version the library Patch1000: jasper-libversion.patch @@ -129,6 +125,9 @@ rmdir %{buildroot}%{mingw64_datadir} %changelog +* Wed Feb 10 2021 Sandro Mani - 2.0.25-1 +- Update to 2.0.25 + * Fri Jan 29 2021 Sandro Mani - 2.0.24-2 - Backport patch for CVE-2021-3272 diff --git a/sources b/sources index 882404e..2a5be65 100644 --- a/sources +++ b/sources @@ -1 +1 @@ -SHA512 (jasper-2.0.24.tar.gz) = 9e3c6b236844d5a25d9f75cfd55de9d1137b2c3f46d5646761fd501fefc6386ffbf935d2d806d9a28fa351569afd90d1fed494ef929615beca3a0dd0f8247e04 +SHA512 (jasper-2.0.25.tar.gz) = 721957120526227233b1f707b6bc3541e73ba95c919398097a36b3cbb256803306cebf0cec6d6999692a4603fea2bd5bbc70d567fe2da8719957e98a9e1a65e8