Hello community, here is the log from the commit of package openjpeg.996 for openSUSE:12.2:Update checked in at 2012-10-19 09:43:16 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:12.2:Update/openjpeg.996 (Old) and /work/SRC/openSUSE:12.2:Update/.openjpeg.996.new (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "openjpeg.996", Maintainer is "" Changes: -------- New Changes file: --- /dev/null 2012-08-23 02:41:28.555381587 +0200 +++ /work/SRC/openSUSE:12.2:Update/.openjpeg.996.new/openjpeg.changes 2012-10-19 09:43:18.000000000 +0200 @@ -0,0 +1,94 @@ +------------------------------------------------------------------- +Tue Oct 9 17:57:46 UTC 2012 - asterios.dra...@gmail.com + +- Added a patch (heap_buffer_overflow_2_fix.patch) to fix heap-based buffer + overflow when processing JPEG2000 images - (CVE-2012-3535), (bnc#777445). + +------------------------------------------------------------------- +Tue Jul 17 08:44:15 UTC 2012 - idon...@suse.com + +- Add baselibs.conf + +------------------------------------------------------------------- +Wed Jul 11 18:08:54 UTC 2012 - asterios.dra...@gmail.com + +- Added a patch (heap_buffer_overflow_fix.patch) to fix heap-based buffer + overflow when processing JPEG2000 images - (CVE-2012-3358), (bnc#770649). + +------------------------------------------------------------------- +Thu Jun 28 18:42:41 UTC 2012 - asterios.dra...@gmail.com + +- Added a patch (heap_corruption_fix.patch) to fix heap corruption when + processing certain Gray16 TIFF images - (CVE-2009-5030), (bnc#757260). + +------------------------------------------------------------------- +Mon Feb 27 21:44:42 UTC 2012 - asterios.dra...@gmail.com + +- Update to version 1.5.0: + New Features: + * openjpip: + + complete client-server architecture for remote browsing of jpeg 2000 + images. + + see corresponding README for more details. + API modifications: + * 'bool' type has been replaced by 'opj_bool' type. 'stdbool.h' is no more + required. + Misc: + * improved cmake and autotools build methods. + * removed manual makefiles, VS project files and XCode project files. + * added a 'thirdparty' directory to contain all dependencies. + + These libraries will be build only if there are not found on the system. + + Note that libopenjpeg itself does not have any dependency. + * changed the directory hierarchy of the whole project. See README files for + details. + * tests : a complete test suite has been setup. + + both JPEG 2000 conformance tests and non-regressions tests are + configured. + + results are submitted to the OpenJPEG dashboard + (http://my.cdash.org/index.php?project=OPENJPEG) + + images are located in 'http://openjpeg.googlecode.com/svn/data' folder. + + configuration files and utilities are located in 'tests' folder. + * OPJViewer re-activated (need wxWidgets) + * Huge amount of bug fixes. See CHANGES for details. +- Removed the following patches (fixed upstream): + * fix_no_undefined.patch + * fix_soversion.patch + * install_pkgconfig_file.patch +- Replaced openjpeg-1.4-OpenJPEGConfig.patch with + openjpeg-1.5.0-cmake_Config.patch (taken from Fedora) +- Replaced openjpeg-1.4-cmake_symlink_fix.patch with + openjpeg-1.5.0-cmake_header_symlink.patch (taken from Fedora) +- Added 2 patches (taken from Fedora): + * openjpeg-1.5.0-cmake_libdir.patch -- Fix installation directories + * openjpeg-1.5.0-pkgconfig_includedir.patch -- Fix includedir in pkgconfig + file +- Spec file updates: + * Added doxygen in BuildRequires: to enable compilation of devel docs. + * Updated BuildRequires: to include also liblcms2-devel and zlib-devel. + * Fixed rpmlint warning "file-contains-date-and-time" +- No need to remove the JavaOpenJPEG/ directory from the package source anymore + (the Sun proprietary code was removed from the package). + +------------------------------------------------------------------- +Tue Dec 6 10:54:33 UTC 2011 - cfarr...@suse.com + +- license update: BSD-2-Clause + SPDX format + +------------------------------------------------------------------- +Thu Dec 1 22:31:04 UTC 2011 - asterios.dra...@gmail.com + +- Removed the JavaOpenJPEG/ directory from the package source (fix for + bnc#733009 - openjpg contains Sun proprietary code). + +------------------------------------------------------------------- +Thu Oct 13 20:06:10 UTC 2011 - asterios.dra...@gmail.com + +- Initial release (version 1.4). +- Added 5 patches (taken from upstream and Fedora): + * openjpeg-1.4-OpenJPEGConfig.patch -- Fix OpenJPEGConfig.cmake + * openjpeg-1.4-cmake_symlink_fix.patch -- Fix cmake create_symlink usage for + header file + * fix_no_undefined.patch -- Fix libopenjpeg undefined references + * fix_soversion.patch -- Fix so version to 1 instead of 1.4 + * install_pkgconfig_file.patch -- Fix cmake to install pkgconfig file(s) New: ---- baselibs.conf heap_buffer_overflow_2_fix.patch heap_buffer_overflow_fix.patch heap_corruption_fix.patch openjpeg-1.5.0-cmake_Config.patch openjpeg-1.5.0-cmake_header_symlink.patch openjpeg-1.5.0-cmake_libdir.patch openjpeg-1.5.0-pkgconfig_includedir.patch openjpeg-1.5.0.tar.gz openjpeg.changes openjpeg.spec ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ openjpeg.spec ++++++ # # spec file for package openjpeg # # Copyright (c) 2012 SUSE LINUX Products GmbH, Nuernberg, Germany. # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed # upon. The license for this file, and modifications and additions to the # file, is the same license as for the pristine package itself (unless the # license for the pristine package is not an Open Source License, in which # case the license is the MIT License). An "Open Source License" is a # license that conforms to the Open Source Definition (Version 1.9) # published by the Open Source Initiative. # Please submit bugfixes or comments via http://bugs.opensuse.org/ # Name: openjpeg Version: 1.5.0 Release: 0 Summary: An open-source JPEG 2000 codec License: BSD-2-Clause Group: Productivity/Graphics/Other Url: http://www.openjpeg.org/ Source0: http://openjpeg.googlecode.com/files/%{name}-%{version}.tar.gz Source1: baselibs.conf # PATCH-FIX-OPENSUSE openjpeg-1.5.0-cmake_Config.patch rh#669425 asterios.dra...@gmail.com -- Fix OpenJPEGConfig.cmake (taken from Fedora) Patch0: openjpeg-1.5.0-cmake_Config.patch # PATCH-FIX-OPENSUSE openjpeg-1.5.0-cmake_header_symlink.patch asterios.dra...@gmail.com -- Fix cmake create_symlink usage for header file (taken from Fedora) Patch1: openjpeg-1.5.0-cmake_header_symlink.patch # PATCH-FIX-OPENSUSE openjpeg-1.5.0-cmake_libdir.patch asterios.dra...@gmail.com -- Fix installation directories (taken from Fedora) Patch2: openjpeg-1.5.0-cmake_libdir.patch # PATCH-FIX-UPSTREAM openjpeg-1.5.0-pkgconfig_includedir.patch asterios.dra...@gmail.com -- Fix includedir in pkgconfig file (taken from Fedora) Patch3: openjpeg-1.5.0-pkgconfig_includedir.patch # PATCH-FIX-UPSTREAM heap_corruption_fix.patch CVE-2009-5030 bnc#757260 asterios.dra...@gmail.com -- Fix heap corruption when processing certain Gray16 TIFF images (http://code.google.com/p/openjpeg/source/detail?r=1703) Patch4: heap_corruption_fix.patch # PATCH-FIX-UPSTREAM heap_buffer_overflow_fix.patch CVE-2012-3358 bnc#770649 asterios.dra...@gmail.com -- Fix heap-based buffer overflow when processing JPEG2000 images (http://code.google.com/p/openjpeg/source/detail?r=1727) Patch5: heap_buffer_overflow_fix.patch # PATCH-FIX-UPSTREAM heap_buffer_overflow_2_fix.patch CVE-2012-3535 bnc#777445 asterios.dra...@gmail.com -- Fix heap-based buffer overflow when processing JPEG2000 images (http://code.google.com/p/openjpeg/source/detail?r=1919) Patch6: heap_buffer_overflow_2_fix.patch BuildRequires: cmake BuildRequires: doxygen BuildRequires: liblcms2-devel BuildRequires: libpng-devel BuildRequires: libtiff-devel BuildRequires: zlib-devel BuildRoot: %{_tmppath}/%{name}-%{version}-build %description OpenJPEG library is an open-source JPEG 2000 codec written in C. It has been developed in order to promote the use of JPEG 2000, the new still-image compression standard from the Joint Photographic Experts Group (JPEG). %package devel Summary: Development files for the OpenJPEG library Group: Development/Libraries/C and C++ Requires: libopenjpeg1 = %{version} %description devel This package contains header files and libraries needed for developing programs using the OpenJPEG library. %package -n libopenjpeg1 Summary: An open-source JPEG 2000 codec Group: System/Libraries %description -n libopenjpeg1 OpenJPEG library is an open-source JPEG 2000 codec written in C. It has been developed in order to promote the use of JPEG 2000, the new still-image compression standard from the Joint Photographic Experts Group (JPEG). %prep %setup -q %patch0 -p1 %patch1 -p1 %patch2 -p1 %patch3 -p1 %patch4 -p1 %patch5 -p1 %patch6 # Remove build time references so build-compare can do its work sed -i "s/HTML_TIMESTAMP = YES/HTML_TIMESTAMP = NO/g" doc/Doxyfile.dox.cmake.in %build mkdir build cd build export CFLAGS="%{optflags}" export CXXFLAGS="%{optflags}" cmake \ -DCMAKE_INSTALL_PREFIX=%{_prefix} \ -DOPENJPEG_INSTALL_BIN_DIR=%{_bindir} \ -DOPENJPEG_INSTALL_LIB_DIR=%{_libdir} \ -DOPENJPEG_INSTALL_DATA_DIR=%{_datadir} \ -DOPENJPEG_INSTALL_INCLUDE_DIR=%{_includedir} \ -DOPENJPEG_INSTALL_DOC_DIR=%{_docdir}/%{name} \ -DBUILD_SHARED_LIBS=ON \ -DBUILD_DOC=ON \ -DBUILD_THIRDPARTY=OFF .. make %{?_smp_mflags} VERBOSE=1 cd .. %install cd build %make_install cd .. # Compatibility symlink ln -s openjpeg-1.5 %{buildroot}%{_includedir}/openjpeg %post -n libopenjpeg1 -p /sbin/ldconfig %postun -n libopenjpeg1 -p /sbin/ldconfig %files %defattr(-,root,root,-) %doc AUTHORS CHANGES LICENSE NEWS README THANKS %{_bindir}/image_to_j2k %{_bindir}/j2k_dump %{_bindir}/j2k_to_image %{_mandir}/man1/image_to_j2k.1%{ext_man} %{_mandir}/man1/j2k_dump.1%{ext_man} %{_mandir}/man1/j2k_to_image.1%{ext_man} %files devel %defattr(-,root,root,-) %doc build/doc/html/ %{_includedir}/openjpeg-1.5/ %{_includedir}/openjpeg/ %{_includedir}/openjpeg.h %{_libdir}/pkgconfig/libopenjpeg.pc %{_libdir}/pkgconfig/libopenjpeg1.pc %{_libdir}/openjpeg-1.5/ %{_libdir}/libopenjpeg.so %{_mandir}/man3/libopenjpeg.3%{ext_man} %files -n libopenjpeg1 %defattr(-,root,root,-) %{_libdir}/libopenjpeg.so.1* %changelog ++++++ baselibs.conf ++++++ libopenjpeg1 openjpeg-devel requires -openjpeg-<targettype> requires "libopenjpeg1-<targettype> = <version>" ++++++ heap_buffer_overflow_2_fix.patch ++++++ Index: libopenjpeg/j2k.c =================================================================== --- libopenjpeg/j2k.c (revision 1918) +++ libopenjpeg/j2k.c (revision 1919) @@ -694,6 +694,12 @@ "of resolutions of this component\nModify the cp_reduce parameter.\n\n", compno); j2k->state |= J2K_STATE_ERR; } + if( tccp->numresolutions > J2K_MAXRLVLS ) { + opj_event_msg(j2k->cinfo, EVT_ERROR, "Error decoding component %d.\nThe number of resolutions is too big: %d vs max= %d. Truncating.\n\n", + compno, tccp->numresolutions, J2K_MAXRLVLS); + j2k->state |= J2K_STATE_ERR; + tccp->numresolutions = J2K_MAXRLVLS; + } tccp->cblkw = cio_read(cio, 1) + 2; /* SPcox (E) */ tccp->cblkh = cio_read(cio, 1) + 2; /* SPcox (F) */ ++++++ heap_buffer_overflow_fix.patch ++++++ --- openjpeg-1.5.0/libopenjpeg/j2k.c 2012-07-11 20:58:56.750305572 +0300 +++ openjpeg-1.5.0/libopenjpeg/j2k.c.r1727 2012-07-11 20:56:20.576415007 +0300 @@ -1279,7 +1279,7 @@ static int backup_tileno = 0; /* tileno is negative or larger than the number of tiles!!! */ - if ((tileno < 0) || (tileno > (cp->tw * cp->th))) { + if ((tileno < 0) || (tileno >= (cp->tw * cp->th))) { opj_event_msg(j2k->cinfo, EVT_ERROR, "JPWL: bad tile number (%d out of a maximum of %d)\n", tileno, (cp->tw * cp->th)); @@ -1296,8 +1296,18 @@ /* keep your private count of tiles */ backup_tileno++; - }; + } + else #endif /* USE_JPWL */ + { + /* tileno is negative or larger than the number of tiles!!! */ + if ((tileno < 0) || (tileno >= (cp->tw * cp->th))) { + opj_event_msg(j2k->cinfo, EVT_ERROR, + "JPWL: bad tile number (%d out of a maximum of %d)\n", + tileno, (cp->tw * cp->th)); + return; + } + } if (cp->tileno_size == 0) { cp->tileno[cp->tileno_size] = tileno; @@ -1335,8 +1345,18 @@ totlen); } - }; + } + else #endif /* USE_JPWL */ + { + /* totlen is negative or larger than the bytes left!!! */ + if ((totlen < 0) || (totlen > (cio_numbytesleft(cio) + 8))) { + opj_event_msg(j2k->cinfo, EVT_ERROR, + "JPWL: bad tile byte size (%d bytes against %d bytes left)\n", + totlen, cio_numbytesleft(cio) + 8); + return; + } + } if (!totlen) totlen = cio_numbytesleft(cio) + 8; ++++++ heap_corruption_fix.patch ++++++ --- openjpeg-1.5.0/libopenjpeg/tcd.c 2012-02-07 12:49:55.000000000 +0200 +++ openjpeg-1.5.0/libopenjpeg/tcd.c.r1703 2012-06-28 20:34:17.633818590 +0300 @@ -333,7 +333,7 @@ cblk->y0 = int_max(cblkystart, prc->y0); cblk->x1 = int_min(cblkxend, prc->x1); cblk->y1 = int_min(cblkyend, prc->y1); - cblk->data = (unsigned char*) opj_calloc(8192+2, sizeof(unsigned char)); + cblk->data = (unsigned char*) opj_calloc(9728+2, sizeof(unsigned char)); /* FIXME: mqc_init_enc and mqc_byteout underrun the buffer if we don't do this. Why? */ cblk->data += 2; cblk->layers = (opj_tcd_layer_t*) opj_calloc(100, sizeof(opj_tcd_layer_t)); ++++++ openjpeg-1.5.0-cmake_Config.patch ++++++ diff -up openjpeg-1.5.0/CMake/OpenJPEGConfig.cmake.in.cmake_Config openjpeg-1.5.0/CMake/OpenJPEGConfig.cmake.in --- openjpeg-1.5.0/CMake/OpenJPEGConfig.cmake.in.cmake_Config 2012-02-07 04:49:55.000000000 -0600 +++ openjpeg-1.5.0/CMake/OpenJPEGConfig.cmake.in 2012-02-09 15:14:50.673012792 -0600 @@ -11,13 +11,13 @@ SET(OPENJPEG_MINOR_VERSION "@OPENJPEG_VE SET(OPENJPEG_BUILD_VERSION "@OPENJPEG_VERSION_BUILD@") # The libraries. -SET(OPENJPEG_LIBRARIES "@OPENJPEG_LIBRARIES@") +SET(OPENJPEG_LIBRARIES "@OPENJPEG_LIBRARY_NAME@") # The CMake macros dir. -SET(OPENJPEG_CMAKE_DIR "@OPENJPEG_CMAKE_DIR_CONFIG@") +SET(OPENJPEG_CMAKE_DIR "@OPENJPEG_INSTALL_PACKAGE_DIR@") # The configuration options. -SET(OPENJPEG_BUILD_SHARED_LIBS "@OPENJPEG_BUILD_SHARED_LIBS@") +SET(OPENJPEG_BUILD_SHARED_LIBS "@BUILD_SHARED_LIBS@") # The "use" file. SET(OPENJPEG_USE_FILE "@OPENJPEG_USE_FILE_CONFIG@") ++++++ openjpeg-1.5.0-cmake_header_symlink.patch ++++++ diff -up openjpeg-1.5.0/libopenjpeg/CMakeLists.txt.header_symlink openjpeg-1.5.0/libopenjpeg/CMakeLists.txt --- openjpeg-1.5.0/libopenjpeg/CMakeLists.txt.header_symlink 2012-02-07 04:49:55.000000000 -0600 +++ openjpeg-1.5.0/libopenjpeg/CMakeLists.txt 2012-02-09 15:02:09.760525453 -0600 @@ -57,6 +57,10 @@ INSTALL(TARGETS ${OPENJPEG_LIBRARY_NAME} INSTALL(FILES openjpeg.h DESTINATION ${OPENJPEG_INSTALL_INCLUDE_DIR}/${OPENJPEG_INSTALL_SUBDIR} COMPONENT Headers ) +INSTALL( CODE "EXECUTE_PROCESS(COMMAND ${CMAKE_COMMAND} -E create_symlink + \"${OPENJPEG_INSTALL_SUBDIR}/openjpeg.h\" + \"\$ENV{DESTDIR}${OPENJPEG_INSTALL_INCLUDE_DIR}/openjpeg.h\")" +) # install man page of the library INSTALL( ++++++ openjpeg-1.5.0-cmake_libdir.patch ++++++ diff -up openjpeg-1.5.0/CMakeLists.txt.pkgconfig openjpeg-1.5.0/CMakeLists.txt --- openjpeg-1.5.0/CMakeLists.txt.pkgconfig 2012-02-07 04:49:55.000000000 -0600 +++ openjpeg-1.5.0/CMakeLists.txt 2012-02-09 14:11:50.695269015 -0600 @@ -107,7 +107,7 @@ IF(NOT OPENJPEG_INSTALL_DOC_DIR) ENDIF(NOT OPENJPEG_INSTALL_DOC_DIR) IF(NOT OPENJPEG_INSTALL_PACKAGE_DIR) - SET(OPENJPEG_INSTALL_PACKAGE_DIR "${OPENJPEG_INSTALL_SHARE_DIR}/${OPENJPEG_INSTALL_SUBDIR}") + SET(OPENJPEG_INSTALL_PACKAGE_DIR "${OPENJPEG_INSTALL_LIB_DIR}/${OPENJPEG_INSTALL_SUBDIR}") ENDIF(NOT OPENJPEG_INSTALL_PACKAGE_DIR) #----------------------------------------------------------------------------- @@ -146,7 +146,7 @@ IF(UNIX) CONFIGURE_FILE(${CMAKE_CURRENT_SOURCE_DIR}/libopenjpeg1.pc.cmake ${CMAKE_CURRENT_BINARY_DIR}/libopenjpeg1.pc @ONLY) INSTALL( FILES ${CMAKE_CURRENT_BINARY_DIR}/libopenjpeg1.pc DESTINATION - ${OPENJPEG_INSTALL_SHARE_DIR}/pkgconfig ) + ${OPENJPEG_INSTALL_LIB_DIR}/pkgconfig ) INSTALL( CODE "EXECUTE_PROCESS(COMMAND ${CMAKE_COMMAND} -E create_symlink \"libopenjpeg1.pc\" \"\$ENV{DESTDIR}${OPENJPEG_INSTALL_LIB_DIR}/pkgconfig/libopenjpeg.pc\")") ++++++ openjpeg-1.5.0-pkgconfig_includedir.patch ++++++ diff -up openjpeg-1.5.0/libopenjpeg1.pc.cmake.pkgconfig_includedir openjpeg-1.5.0/libopenjpeg1.pc.cmake --- openjpeg-1.5.0/libopenjpeg1.pc.cmake.pkgconfig_includedir 2012-02-07 04:49:55.000000000 -0600 +++ openjpeg-1.5.0/libopenjpeg1.pc.cmake 2012-02-23 08:13:37.085488921 -0600 @@ -2,7 +2,7 @@ prefix=@CMAKE_INSTALL_PREFIX@ bindir=@OPENJPEG_INSTALL_BIN_DIR@ datadir=@OPENJPEG_INSTALL_DATA_DIR@ libdir=@OPENJPEG_INSTALL_LIB_DIR@ -includedir=@OPENJPEG_INSTALL_INCLUDE_DIR@ +includedir=@OPENJPEG_INSTALL_INCLUDE_DIR@/@OPENJPEG_INSTALL_SUBDIR@ Name: openjpeg Description: JPEG2000 files library diff -up openjpeg-1.5.0/libopenjpeg1.pc.in.pkgconfig_includedir openjpeg-1.5.0/libopenjpeg1.pc.in --- openjpeg-1.5.0/libopenjpeg1.pc.in.pkgconfig_includedir 2012-02-07 04:49:55.000000000 -0600 +++ openjpeg-1.5.0/libopenjpeg1.pc.in 2012-02-23 08:16:11.822605414 -0600 @@ -1,7 +1,7 @@ prefix=@prefix@ exec_prefix=@exec_prefix@ libdir=@libdir@ -includedir=@includedir@ +includedir=@includedir@/openjpeg-@MAJOR_NR@.@MINOR_NR@ Name: openjpeg Description: JPEG2000 library -- To unsubscribe, e-mail: opensuse-commit+unsubscr...@opensuse.org For additional commands, e-mail: opensuse-commit+h...@opensuse.org
