|
@@ -3,7 +3,7 @@
|
|
|
Name: jasper
|
|
|
Summary: implementation of the JPEG-2000 standard, Part 1
|
|
|
Version: 1.900.1
|
|
|
-Release: 10%{?_dist_release}
|
|
|
+Release: 11%{?_dist_release}
|
|
|
|
|
|
Group: Applications/Graphics
|
|
|
License: Modified BSD (see LICENSE)
|
|
@@ -43,6 +43,11 @@ Patch114: jasper-1.900.1-Coverity-RESOURCE_LEAK.patch
|
|
|
Patch115: jasper-1.900.1-Coverity-UNREACHABLE.patch
|
|
|
Patch116: jasper-1.900.1-Coverity-UNUSED_VALUE.patch
|
|
|
|
|
|
+# from debian
|
|
|
+Patch1000: 09-CVE-2016-1577.patch
|
|
|
+Patch1001: 10-CVE-2016-2089.patch
|
|
|
+Patch1002: 11-CVE-2016-2116.patch
|
|
|
+
|
|
|
BuildRoot: %{_tmppath}/%{name}-%{version}-root
|
|
|
BuildRequires: autoconf automake libtool
|
|
|
BuildRequires: freeglut-devel
|
|
@@ -120,6 +125,10 @@ This package contains runtime libraries for JasPer.
|
|
|
%patch115 -p1 -b .UNREACHABLE
|
|
|
%patch116 -p1 -b .UNUSED_VALUE
|
|
|
|
|
|
+%patch1000 -p1 -b .CVE-2016-1577
|
|
|
+%patch1001 -p1 -b .CVE-2016-2089
|
|
|
+%patch1002 -p1 -b .CVE-2016-2116
|
|
|
+
|
|
|
autoreconf --verbose --force --install
|
|
|
|
|
|
%build
|
|
@@ -148,7 +157,9 @@ rm -f $RPM_BUILD_ROOT/%{_libdir}/*.la
|
|
|
|
|
|
%files
|
|
|
%defattr(-,root,root)
|
|
|
-%doc COPYRIGHT ChangeLog INSTALL LICENSE NEWS README doc
|
|
|
+%{!?_licensedir:%global license %%doc}
|
|
|
+%license COPYRIGHT LICENSE
|
|
|
+%doc ChangeLog INSTALL NEWS README doc
|
|
|
%{_bindir}/*
|
|
|
%{_mandir}/man1/*
|
|
|
|
|
@@ -175,6 +186,9 @@ rm -f $RPM_BUILD_ROOT/%{_libdir}/*.la
|
|
|
%endif
|
|
|
|
|
|
%changelog
|
|
|
+* Tue Jul 19 2016 Tomohiro "Tomo-p" KATO <tomop@teamgedoh.net> 1.900.1-11
|
|
|
+- added Patch1000-1002 to fix CVE-2016-{1577,2089,2116}.
|
|
|
+
|
|
|
* Wed Dec 24 2014 Tomohiro "Tomo-p" KATO <tomop@teamgedoh.net> 1.900.1-10
|
|
|
- imported all patches from RawHide.
|
|
|
|