jasper-1.900.1-10

git-svn-id: http://trac.vinelinux.org/repos/projects/specs@9253 ec354946-7b23-47d6-9f5a-488ba84defc7

j/jasper/jasper-vl.spec

@@ -3,19 +3,53 @@
 Name:        jasper
 Summary:     implementation of the JPEG-2000 standard, Part 1
 Version:     1.900.1
-Release:     9%{?_dist_release}
+Release:     10%{?_dist_release}
 
 Group:       Applications/Graphics
 License:     Modified BSD (see LICENSE)
 URL:         http://www.ece.uvic.ca/~mdadams/jasper/
 
 Source:      %{name}-%{version}.zip
-# Security fixes
-Patch100:    jasper-1.900.1_CVE-2007-2721.patch
+
+Patch1: jasper-1.701.0-GL.patch
+# autoconf/automake bits of patch1
+Patch2: jasper-1.701.0-GL-ac.patch
+# CVE-2007-2721 (bug #240397)
+# borrowed from http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=413041;msg=88
+Patch3: patch-libjasper-stepsizes-overflow.diff
+# borrowed from http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=469786
+Patch4: jpc_dec.c.patch
+# OpenBSD hardening patches addressing couple of possible integer overflows
+# during the memory allocations
+# https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2008-3520
+Patch5: jasper-1.900.1-CVE-2008-3520.patch
+# https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2008-3522
+Patch6: jasper-1.900.1-CVE-2008-3522.patch
+# add pkg-config support
+Patch7: jasper-pkgconfig.patch
+
+Patch8: jasper-1.900.1-CVE-2011-4516-CVE-2011-4517-CERT-VU-887409.patch
+
+Patch9: jasper-CVE-2014-9029.patch
+Patch10: jasper-CVE-2014-8137.patch
+Patch11: jasper-CVE-2014-8138.patch
+
+# Issues found by static analysis of code
+Patch110: jasper-1.900.1-Coverity-BAD_SIZEOF.patch
+Patch111: jasper-1.900.1-Coverity-CHECKED_RETURN.patch
+Patch112: jasper-1.900.1-Coverity-FORWARD_NULL.patch
+Patch113: jasper-1.900.1-Coverity-NULL_RETURNS.patch
+Patch114: jasper-1.900.1-Coverity-RESOURCE_LEAK.patch
+Patch115: jasper-1.900.1-Coverity-UNREACHABLE.patch
+Patch116: jasper-1.900.1-Coverity-UNUSED_VALUE.patch
 
 BuildRoot:   %{_tmppath}/%{name}-%{version}-root
-BuildRequires: libjpeg-devel unzip
+BuildRequires: autoconf automake libtool
 BuildRequires: freeglut-devel
+BuildRequires: libGLU-devel
+BuildRequires: libjpeg-devel
+BuildRequires: pkgconfig
+
 Requires:    %{name}-libs = %{version}-%{release}
 
 Vendor:       Project Vine
@@ -64,18 +98,35 @@ This package contains runtime libraries for JasPer.
 
 
 %prep
-%setup -T -c %{name}-%{version}
-cd ..
-unzip %{SOURCE0}
-cd %{name}-%{version}
-
-# security fixes
-%patch100 -p1 -b .CVE-2007-2721
+%setup -q -n %{name}-%{version}
+
+%patch1 -p1 -b .GL
+%patch2 -p1 -b .GL-ac
+%patch3 -p1 -b .CVE-2007-2721
+%patch4 -p1 -b .jpc_dec_assertion
+%patch5 -p1 -b .CVE-2008-3520
+%patch6 -p1 -b .CVE-2008-3522
+%patch7 -p1 -b .pkgconfig
+%patch8 -p1 -b .CVE-2011-4516-4517
+%patch9 -p1 -b .CVE-2014-9029
+%patch10 -p1 -b .CVE-2014-8137-variant2
+%patch11 -p1 -b .CVE-2014-8138
+
+%patch110 -p1 -b .BAD_SIZEOF
+%patch111 -p1 -b .CHECKED_RETURN
+%patch112 -p1 -b .FORWARD_NULL
+%patch113 -p1 -b .NULL_RETURNS
+%patch114 -p1 -b .RESOURCE_LEAK
+%patch115 -p1 -b .UNREACHABLE
+%patch116 -p1 -b .UNUSED_VALUE
+
+autoreconf --verbose --force --install
 
 %build
-./configure --prefix=%{_prefix} --libdir=%{_libdir} --mandir=%{_mandir} \
-            --enable-shared --disable-static
-make
+CFLAGS="%{optflags} -fno-strict-overflow" \
+%configure --enable-shared --disable-static
+
+make %{?_smp_mflags}
 
 %install
 [ -n "$RPM_BUILD_ROOT" -a "$RPM_BUILD_ROOT" != / ] && rm -rf $RPM_BUILD_ROOT
@@ -109,6 +160,7 @@ rm -f $RPM_BUILD_ROOT/%{_libdir}/*.la
 %defattr(-,root,root)
 %{_includedir}/jasper
 %{_libdir}/libjasper*.so
+%{_libdir}/pkgconfig/jasper.pc
 
 # compat32
 %if %{build_compat32}
@@ -119,9 +171,13 @@ rm -f $RPM_BUILD_ROOT/%{_libdir}/*.la
 %files -n compat32-%{name}-devel
 %defattr(-,root,root)
 %{_libdir}/libjasper*.so
+%{_libdir}/pkgconfig/jasper.pc
 %endif
 
 %changelog
+* Wed Dec 24 2014 Tomohiro "Tomo-p" KATO <tomop@teamgedoh.net> 1.900.1-10
+- imported all patches from RawHide.
+
 * Tue Jul 15 2014 Yoji TOYODA <bsyamato@sea.plala.or.jp> 1.900.1-9
 - rebuild with libpng-1.6.12