commit jasper for openSUSE:Factory

h_root Fri, 22 Jan 2016 16:16:36 -0800

Hello community,

here is the log from the commit of package jasper for openSUSE:Factory checked 
in at 2016-01-23 01:15:17
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:Factory/jasper (Old)
 and      /work/SRC/openSUSE:Factory/.jasper.new (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++


Package is "jasper"

Changes:
--------
--- /work/SRC/openSUSE:Factory/jasper/jasper.changes    2015-07-19 
11:45:21.000000000 +0200
+++ /work/SRC/openSUSE:Factory/.jasper.new/jasper.changes       2016-01-23 
01:15:36.000000000 +0100
@@ -1,0 +2,7 @@
+Thu Jan 14 13:55:04 UTC 2016 - fst...@suse.com
+
+- Add jasper-CVE-2016-1867.patch
+  * CVE-2016-1867: Out-of-bounds Read in the JasPer's
+    jpc_pi_nextcprl() function (bsc#961886)
+
+-------------------------------------------------------------------
@@ -18 +25 @@
-- fixed CVE-2014-8137, CVE-2014-8137 (bnc#909474, bnc#909475)
+- fixed CVE-2014-8137, CVE-2014-8138 (bnc#909474, bnc#909475)
@@ -26,0 +34,5 @@
+
+-------------------------------------------------------------------
+Thu Jun 12 11:06:02 UTC 2014 - nadvor...@suse.com
+
+- added obsoletes and provides of libjasper-32bit (bnc#881716)

New:
----
  jasper-CVE-2016-1867.patch

++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

Other differences:
------------------
++++++ jasper.spec ++++++
--- /var/tmp/diff_new_pack.QOCIuR/_old  2016-01-23 01:15:37.000000000 +0100
+++ /var/tmp/diff_new_pack.QOCIuR/_new  2016-01-23 01:15:37.000000000 +0100
@@ -1,7 +1,7 @@
 #
 # spec file for package jasper
 #
-# Copyright (c) 2015 SUSE LINUX GmbH, Nuernberg, Germany.
+# Copyright (c) 2016 SUSE LINUX GmbH, Nuernberg, Germany.
 #
 # All modifications and additions to the file contributed by third parties
 # remain the property of their copyright owners, unless otherwise agreed
@@ -42,6 +42,7 @@
 Patch10:        jasper-CVE-2014-8158.patch
 # PATCH-FIX-UPSTREAM jasper-jpc_dec.patch deb#469786 badshah...@gmail.com -- 
Fix failure when manipulating images with 4 component color using reversible 
color translation (patch taken from Fedora)
 Patch11:        jasper-jpc_dec.patch
+Patch12:        jasper-CVE-2016-1867.patch
 BuildRoot:      %{_tmppath}/%{name}-%{version}-build
 
 %description
@@ -93,6 +94,7 @@
 %patch9 -p1
 %patch10 -p1
 %patch11 -p1
+%patch12 -p1
 
 %build
 autoreconf -i -f

++++++ baselibs.conf ++++++
--- /var/tmp/diff_new_pack.QOCIuR/_old  2016-01-23 01:15:37.000000000 +0100
+++ /var/tmp/diff_new_pack.QOCIuR/_new  2016-01-23 01:15:37.000000000 +0100
@@ -1 +1,3 @@
 libjasper1
+    obsoletes "libjasper-<targettype>"
+    provides "libjasper-<targettype>"


++++++ jasper-CVE-2016-1867.patch ++++++
--- jasper-1.900.1/src/libjasper/jpc/jpc_t2cod.c        2007-01-19 
22:43:07.000000000 +0100
+++ jasper-1.900.1/src/libjasper/jpc/jpc_t2cod.c        2016-01-14 
14:22:24.569056412 +0100
@@ -429,7 +429,7 @@
        }
 
        for (pi->compno = pchg->compnostart, pi->picomp =
-         &pi->picomps[pi->compno]; pi->compno < JAS_CAST(int, 
pchg->compnoend); ++pi->compno,
+         &pi->picomps[pi->compno]; pi->compno < JAS_CAST(int, pchg->compnoend) 
&& pi->compno < pi->numcomps; ++pi->compno,
          ++pi->picomp) {
                pirlvl = pi->picomp->pirlvls;
                pi->xstep = pi->picomp->hsamp * (1 << (pirlvl->prcwidthexpn +

commit jasper for openSUSE:Factory

Reply via email to