commit jasper for openSUSE:Factory

[root]

Hello community,

here is the log from the commit of package jasper for openSUSE:Factory checked 
in at 2019-03-22 14:52:14
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:Factory/jasper (Old)
 and      /work/SRC/openSUSE:Factory/.jasper.new.25356 (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

Package is "jasper"

Fri Mar 22 14:52:14 2019 rev:42 rq:687178 version:2.0.14

Changes:
--------
--- /work/SRC/openSUSE:Factory/jasper/jasper.changes    2019-03-14 
14:50:57.803800057 +0100
+++ /work/SRC/openSUSE:Factory/.jasper.new.25356/jasper.changes 2019-03-22 
14:52:18.114135392 +0100
@@ -1,0 +2,6 @@
+Thu Mar 21 09:38:27 UTC 2019 - Michael Vetter <mvet...@suse.com>
+
+- bsc#1117505 CVE-2018-19542:
+  * Add jasper-CVE-2018-19542.patch
+
+-------------------------------------------------------------------

New:
----
  jasper-CVE-2018-19542.patch

++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

Other differences:
------------------
++++++ jasper.spec ++++++
--- /var/tmp/diff_new_pack.ZBFELb/_old  2019-03-22 14:52:19.750134416 +0100
+++ /var/tmp/diff_new_pack.ZBFELb/_new  2019-03-22 14:52:19.754134414 +0100
@@ -12,7 +12,7 @@
 # license that conforms to the Open Source Definition (Version 1.9)
 # published by the Open Source Initiative.
 
-# Please submit bugfixes or comments via http://bugs.opensuse.org/
+# Please submit bugfixes or comments via https://bugs.opensuse.org/
 #
 
 
@@ -29,7 +29,10 @@
 Patch2:         0001-jpc_cs-reject-all-but-JPC_COX_INS-and-JPC_COX_RFT.patch
 Patch3:         0001-Added-a-fix-from-nrusch-to-allow-JasPer-to-be-build-.patch
 Patch4:         jasper-CVE-2018-9055.patch
+# https://github.com/mdadams/jasper/pull/196
 Patch5:         jasper-CVE-2018-19539.patch
+# https://github.com/mdadams/jasper/pull/200
+Patch6:         jasper-CVE-2018-19542.patch
 BuildRequires:  Mesa-libGL-devel
 BuildRequires:  cmake
 BuildRequires:  doxygen
@@ -87,6 +90,7 @@
 %patch3 -p1
 %patch4 -p1
 %patch5 -p1
+%patch6 -p1
 
 %build
 export CFLAGS="%{optflags} -Wall -std=c99 -D_BSD_SOURCE"

++++++ jasper-CVE-2018-19542.patch ++++++
See: https://github.com/mdadams/jasper/pull/200

Index: jasper-2.0.14/src/libjasper/jp2/jp2_dec.c
===================================================================
--- jasper-2.0.14.orig/src/libjasper/jp2/jp2_dec.c
+++ jasper-2.0.14/src/libjasper/jp2/jp2_dec.c
@@ -388,6 +388,9 @@ jas_image_t *jp2_decode(jas_stream_t *in
                                jas_image_setcmpttype(dec->image, newcmptno, 
jp2_getct(jas_image_clrspc(dec->image), 0, channo + 1));
                                }
 #endif
+                       } else {
+                               jas_eprintf("error: invalid MTYP in CMAP 
box\n");
+                               goto error;
                        }
                }
        }