jasper-1.900.1-11

git-svn-id: http://trac.vinelinux.org/repos/projects/specs@10642 ec354946-7b23-47d6-9f5a-488ba84defc7

j/jasper/jasper-vl.spec

@@ -3,7 +3,7 @@
 Name:        jasper
 Summary:     implementation of the JPEG-2000 standard, Part 1
 Version:     1.900.1
-Release:     10%{?_dist_release}
+Release:     11%{?_dist_release}
 
 Group:       Applications/Graphics
 License:     Modified BSD (see LICENSE)
@@ -43,6 +43,11 @@ Patch114: jasper-1.900.1-Coverity-RESOURCE_LEAK.patch
 Patch115: jasper-1.900.1-Coverity-UNREACHABLE.patch
 Patch116: jasper-1.900.1-Coverity-UNUSED_VALUE.patch
 
+# from debian
+Patch1000: 09-CVE-2016-1577.patch
+Patch1001: 10-CVE-2016-2089.patch
+Patch1002: 11-CVE-2016-2116.patch
+
 BuildRoot:   %{_tmppath}/%{name}-%{version}-root
 BuildRequires: autoconf automake libtool
 BuildRequires: freeglut-devel
@@ -120,6 +125,10 @@ This package contains runtime libraries for JasPer.
 %patch115 -p1 -b .UNREACHABLE
 %patch116 -p1 -b .UNUSED_VALUE
 
+%patch1000 -p1 -b .CVE-2016-1577
+%patch1001 -p1 -b .CVE-2016-2089
+%patch1002 -p1 -b .CVE-2016-2116
+
 autoreconf --verbose --force --install
 
 %build
@@ -148,7 +157,9 @@ rm -f $RPM_BUILD_ROOT/%{_libdir}/*.la
 
 %files
 %defattr(-,root,root)
-%doc COPYRIGHT ChangeLog INSTALL LICENSE NEWS README doc
+%{!?_licensedir:%global license %%doc}
+%license COPYRIGHT LICENSE
+%doc ChangeLog INSTALL NEWS README doc
 %{_bindir}/*
 %{_mandir}/man1/*
 
@@ -175,6 +186,9 @@ rm -f $RPM_BUILD_ROOT/%{_libdir}/*.la
 %endif
 
 %changelog
+* Tue Jul 19 2016 Tomohiro "Tomo-p" KATO <tomop@teamgedoh.net> 1.900.1-11
+- added Patch1000-1002 to fix CVE-2016-{1577,2089,2116}.
+
 * Wed Dec 24 2014 Tomohiro "Tomo-p" KATO <tomop@teamgedoh.net> 1.900.1-10
 - imported all patches from RawHide.