Commit Graph

25 Commits

Author SHA1 Message Date
Bernd Kuhls
15f2f58836 package/jasper: bump version to 2.0.13
Changed _SITE to github, current version is not available from upstream
website.

Removed patches applied upstream:

0002-Fixed-bugs-due-to-uninitialized-data-in-the-JP2-deco.patch
e96fc4fdd5

0003-Added-a-check-in-the-JP2-encoder-to-ensure-that-the-.patch
58ba0365d9

Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
2017-05-27 17:19:20 +02:00
Peter Korsgaard
76da579431 jasper: add upstream security fix
Fixes a NULL Pointer Dereference jp2_encode:

https://github.com/mdadams/jasper/issues/120

No CVE assigned yet.

Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2017-03-15 13:37:47 +01:00
Peter Korsgaard
a105443b24 jasper: add upstream security fix for CVE-2017-6850
Fixes a NULL pointer dereference in jp2_cdef_destroy:

https://blogs.gentoo.org/ago/2017/01/25/jasper-null-pointer-dereference-in-jp2_cdef_destroy-jp2_cod-c/

https://github.com/mdadams/jasper/issues/112

Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2017-03-15 13:37:42 +01:00
Vicente Olivert Riera
88db82cf93 jasper: bump version to 2.0.12
Remove 0001-Disable-C-compiler-check.patch since it's already included
in this release. Upstream commit:

  4212e7e826

Signed-off-by: Vicente Olivert Riera <Vincent.Riera@imgtec.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
2017-03-10 21:50:40 +01:00
Baruch Siach
0852552c69 jasper: disable C++ compiler check
Add a patch to disable the default cmake C++ compiler check.

Fixes:
http://autobuild.buildroot.net/results/970/97001530e59062c36f27721877cb8b5c3ba8906a/

Signed-off-by: Baruch Siach <baruch@tkos.co.il>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2017-01-16 13:16:14 +01:00
Baruch Siach
7a0402d3a8 jasper: disable PDF documentation generation
We don't need the PDF document on target. This also avoids incompatible host
Latex packages.

Fixes:
http://autobuild.buildroot.net/results/e60/e60c4a71a08aebadd0bc3fb95a57a4a223e4b6fa/
http://autobuild.buildroot.net/results/4ec/4ec8a1735590a3cad4b74630b4b6bdd2e3a7eec8/

[Peter: reformat as suggested by Yann]
Signed-off-by: Baruch Siach <baruch@tkos.co.il>
Reviewed-by: "Yann E. MORIN" <yann.morin.1998@free.fr>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2017-01-16 13:15:20 +01:00
Baruch Siach
015457a852 jasper: bump to version 2.0.10
Use upstream provided tarball.

Upstream switched to cmake.

libjpeg dependency is now optional.

Signed-off-by: Baruch Siach <baruch@tkos.co.il>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2017-01-13 16:13:20 +01:00
Peter Korsgaard
44d2cc99a4 Merge branch 'next'
My local 'next' branch was not uptodate, so the previous merge was missing
the most recent changes.

Thanks to François Perrad for noticing.

Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2016-12-02 08:53:56 +01:00
Max Filippov
c43b09a99f Revert "jasper: Disable debugging when building for xtensa"
This reverts commit 71d9b0c1f0.
Now that -mauto-litpools is in TARGET_ABI when building for xtensa, -O0
builds succeed, so this workaround is no longer needed.

Signed-off-by: Max Filippov <jcmvbkbc@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
2016-11-30 22:57:30 +01:00
Vicente Olivert Riera
97f8aa4005 jasper: bump version to 1.900.31 (security)
Fixed CVEs:
 - CVE-2016-9387
 - CVE-2016-9388
 - CVE-2016-9389
 - CVE-2016-9390
 - CVE-2016-9391
 - CVE-2016-9392
 - CVE-2016-9393
 - CVE-2016-9394
 - CVE-2016-9395
 - CVE-2016-9396
 - CVE-2016-9397
 - CVE-2016-9398
 - CVE-2016-9399
 - CVE-2016-9557
 - CVE-2016-9560

Changes to jasper.mk:
 - Switched site method to GitHub. 1.900.31 is not released as a tarball
   in the official website.
 - Autoreconf necessary since there isn't any configure script. We need
   to generate it.

Signed-off-by: Vicente Olivert Riera <Vincent.Riera@imgtec.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2016-11-29 22:36:00 +01:00
Baruch Siach
4605967780 jasper: disable -pedantic-errors
The -pedantic-errors gcc option turns -pedantic warnings into errors. This
mostly affects older gcc versions that default to the ISO90 C standard. Use
the --disable-strict configure option to remove -pedantic-errors.

Fixes:
http://autobuild.buildroot.net/results/191/191f80779df1a9e6f832106e6c4bdf601e2a9893/
http://autobuild.buildroot.net/results/1fe/1febccc7215814490fa3c776b34bc367363afe39/
http://autobuild.buildroot.net/results/a6f/a6f9bfec3406fc21b130f1669e3534651b9c9596/

Signed-off-by: Baruch Siach <baruch@tkos.co.il>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
2016-11-13 12:23:17 +01:00
Baruch Siach
7a21e6e9e3 jasper: security bump to version 1.900.22
Fixes:
CVE-2016-8693: Double free vulnerability in mem_close
CVE-2016-8692: Divide by zero in jpc_dec_process_siz
CVE-2016-8691: Divide by zero in jpc_dec_process_siz
CVE-2016-8690: Null pointer dereference in bmp_getdata triggered by crafted
BMP image
CVE-2016-2089: matrix rows_ NULL pointer dereference in jas_matrix_clip()
CVE-2016-8886: memory allocation failure in jas_malloc
CVE-2016-8887: Null pointer dereference in jp2_colr_destroy
CVE-2016-8884, CVE-2016-8885: Null pointer dereference in bmp_getdata
(incomplete fix for CVE-2016-8690)
CVE-2016-8880: Heap buffer overflow in jpc_dec_cp_setfromcox()
CVE-2016-8881: Heap buffer overflow in jpc_getuint16()
CVE-2016-8882: Null pointer access in jpc_pi_destroy
CVE-2016-8883: Assert in jpc_dec_tiledecode()

Drop upstream patches.

Change SITE to the official download location, since the current one does not
have the updated version. Unfortunately, the official site only offers tar.gz.

Fix license. It is "based on the MIT license", but not exactly the same
(http://www.ece.uvic.ca/~frodo/jasper/; under "Legal Issues").

Drop autoreconf; the autotools version has been updated since commit
324ccec90d (jasper: autoreconf to fix rpath issue) that introduced it.

Cc: Maxime Hadjinlian <maxime.hadjinlian@gmail.com>
Signed-off-by: Baruch Siach <baruch@tkos.co.il>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
2016-11-11 15:07:43 +01:00
Gustavo Zacarias
61e069e164 jasper: add security patches
Fixes:
CVE-2016-2116 - Memory leak in jas_iccprof_createfrombuf causing
memory consumption.
CVE-2016-1577 - Double free vulnerability in jas_iccattrval_destroy.
CVE-2016-1867 - out-of-bounds read in the jpc_pi_nextcprl() function.
CVE-2015-5221 - Use-after-free and double-free flaws in Jasper
JPEG-2000 library.
CVE-2015-5203 - double free in jasper_image_stop_load()

Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2016-08-17 08:39:36 +02:00
Gustavo Zacarias
1a4bf69188 jasper: add hash file
Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar>
2015-07-16 22:36:36 +02:00
Max Filippov
71d9b0c1f0 jasper: Disable debugging when building for xtensa
xtensa gcc is not able to generate correct code when compiling with -O0
enabled by --enable-debug. Instead of disabling package build it with
--disable-debug.

Fixes:
  http://autobuild.buildroot.net/results/5d17055027055ffd33fcd28b208130afb26343c9/

Signed-off-by: Max Filippov <jcmvbkbc@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2015-05-19 21:36:18 +02:00
Max Filippov
4dcf9d14b5 jasper: Don't overwrite CFLAGS when configured with --enable-debug
This drops architecture-specific ABI flags, which may be important.

Signed-off-by: Max Filippov <jcmvbkbc@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2015-05-19 21:36:05 +02:00
Gustavo Zacarias
ddfce0448d jasper: add security fixes for CVE-2014-8157/8158
Fixes:
CVE-2014-8157 - dec->numtiles off-by-one check in jpc_dec_process_sot()
CVE-2014-8158 - unrestricted stack memory use in jpc_qmfb.c

Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2015-01-26 23:13:44 +01:00
Gustavo Zacarias
b6e4e9de41 jasper: add patches to fix CVE-2014-8137 and CVE-2014-8138
Fixes:
CVE-2014-8137 - double-free in jas_iccattrval_destroy()
CVE-2014-8138 - heap overflow in jp2_decode()

Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2014-12-19 21:41:17 +01:00
Baruch Siach
421b4d0dde jasper: add a patch fixing CVE-2014-9029
See http://www.ocert.org/advisories/ocert-2014-009.html for the details.

Signed-off-by: Baruch Siach <baruch@tkos.co.il>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
2014-12-10 21:24:04 +01:00
Peter Korsgaard
324ccec90d jasper: autoreconf to fix rpath issue
The old version of autotools used gets confused and ends up looking in
/usr/lib for libjpeg when host == target..

Fixes http://autobuild.buildroot.net/results/307/307cac65287420252a5bb64715d9a1edd90e72fa/

Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2014-09-10 10:55:12 +02:00
Gustavo Zacarias
88f4a56080 Revert "packages: autoreconf non-vanilla libtool packages"
Now that we've got a cleaner/fuzzier libtool 1.5 static patch we can
discard the temporary workaround.

This reverts commit e573f5d326.

Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
2014-07-31 16:36:04 +02:00
Gustavo Zacarias
e573f5d326 packages: autoreconf non-vanilla libtool packages
Some packages no longer apply the libtool patch since commit
97703978ac because they use a non-vanilla
version of libtool 1.5.x

Fixes many failures like:
http://autobuild.buildroot.net/results/34e/34e4898e2bdc08e5d34e16e556384b3086b76467/
http://autobuild.buildroot.net/results/ecf/ecf4e7d6812f972d05c95203fb665235856c0817/
http://autobuild.buildroot.net/results/5d9/5d9a05fb70e8a65f2399c4f38375aeafb9686ea4/

Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
2014-07-31 08:26:33 +02:00
Jerzy Grzegorek
61e343970d jasper: fix license typo
Signed-off-by: Jerzy Grzegorek <jerzy.grzegorek@trzebnica.net>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2014-01-30 09:57:15 +01:00
Peter Korsgaard
1eac073b3a jasper: fix file header comment
Reported-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2014-01-13 09:20:36 +01:00
Maxime Hadjinlian
9f596dbdf5 jasper: new package
JPEG-2000 decoder.
This package was originally found at : https://github.com/huceke/buildroot-rbp
By gimli <ebsi4711@gmail.com>

Signed-off-by: Maxime Hadjinlian <maxime.hadjinlian@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2014-01-12 19:23:45 +01:00