Script 'mail_helper' called by obssrc
Hello community,
here is the log from the commit of package jasper for openSUSE:Factory checked in at 2023-11-30 21:59:21
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:Factory/jasper (Old)
and /work/SRC/openSUSE:Factory/.jasper.new.25432 (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "jasper"
Thu Nov 30 21:59:21 2023 rev:25 rq:1129748 version:4.1.1
Changes:
--------
--- /work/SRC/openSUSE:Factory/jasper/jasper.changes 2023-11-06 21:13:48.546228308 +0100
+++ /work/SRC/openSUSE:Factory/.jasper.new.25432/jasper.changes 2023-11-30 22:00:22.790978996 +0100
@@ -1,0 +2,8 @@
+Wed Nov 29 09:29:34 UTC 2023 - Michael Vetter
+
+- Update to 4.1.1:
+ * Disallow in-source builds by default #364
+ * Fix a potential integer overflow problem in the
+ jas_get_total_mem_size function (for the Windows platform) #363
+
+-------------------------------------------------------------------
Old:
----
version-4.1.0.tar.gz
New:
----
version-4.1.1.tar.gz
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Other differences:
------------------
++++++ jasper.spec ++++++
--- /var/tmp/diff_new_pack.3oZ1fg/_old 2023-11-30 22:00:23.623009647 +0100
+++ /var/tmp/diff_new_pack.3oZ1fg/_new 2023-11-30 22:00:23.627009795 +0100
@@ -20,7 +20,7 @@
%global __builddir obs_build
Name: jasper
-Version: 4.1.0
+Version: 4.1.1
Release: 0
Summary: An Implementation of the JPEG-2000 Standard, Part 1
License: JasPer-2.0
@@ -29,7 +29,7 @@
Source: https://github.com/jasper-software/jasper/archive/version-%{version}.tar.gz
Source1: baselibs.conf
BuildRequires: Mesa-libGL-devel
-BuildRequires: cmake
+BuildRequires: cmake >= 3.20
BuildRequires: doxygen
BuildRequires: fdupes
BuildRequires: freeglut-devel
@@ -69,7 +69,7 @@
%build
export CFLAGS="%{optflags} -Wall -std=c99 -D_BSD_SOURCE"
-%cmake -DCMAKE_INSTALL_DOCDIR=%{_docdir}/%{name}
+%cmake -DCMAKE_INSTALL_DOCDIR=%{_docdir}/%{name} -DALLOW_IN_SOURCE_BUILD=ON
%make_build
%install
++++++ version-4.1.0.tar.gz -> version-4.1.1.tar.gz ++++++
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/jasper-version-4.1.0/.github/workflows/ci.yml new/jasper-version-4.1.1/.github/workflows/ci.yml
--- old/jasper-version-4.1.0/.github/workflows/ci.yml 2023-11-05 05:39:06.000000000 +0100
+++ new/jasper-version-4.1.1/.github/workflows/ci.yml 2023-11-28 18:19:23.000000000 +0100
@@ -6,7 +6,7 @@
build:
strategy:
matrix:
- os: [ubuntu-22.04, ubuntu-20.04, macos-12, macos-11]
+ os: [ubuntu-22.04, ubuntu-20.04, macos-13, macos-12]
compiler: [ {cc: gcc, cxx: g++}, {cc: clang, cxx: clang++} ]
include:
- os: [windows-2022]
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/jasper-version-4.1.0/CMakeLists.txt new/jasper-version-4.1.1/CMakeLists.txt
--- old/jasper-version-4.1.0/CMakeLists.txt 2023-11-05 05:39:06.000000000 +0100
+++ new/jasper-version-4.1.1/CMakeLists.txt 2023-11-28 18:19:23.000000000 +0100
@@ -1,4 +1,6 @@
-cmake_minimum_required(VERSION 3.12)
+cmake_minimum_required(VERSION 3.20)
+# Version 3.20 needed for cmake_path.
+# Version 3.19 needed for file(REAL_PATH ...).
# Version 3.12 needed for FindJPEG imported targets.
# Version 3.10 needed for FindOpenGL imported targets.
# Version 3.1 needed for FindGLUT imported targets.
@@ -10,7 +12,7 @@
# The major, minor, and micro version numbers of the project.
set(JAS_VERSION_MAJOR 4)
set(JAS_VERSION_MINOR 1)
-set(JAS_VERSION_PATCH 0)
+set(JAS_VERSION_PATCH 1)
# The shared library versioning information.
# Guidelines on how to change this information can be found below.
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/jasper-version-4.1.0/NEWS.txt new/jasper-version-4.1.1/NEWS.txt
--- old/jasper-version-4.1.0/NEWS.txt 2023-11-05 05:39:06.000000000 +0100
+++ new/jasper-version-4.1.1/NEWS.txt 2023-11-28 18:19:23.000000000 +0100
@@ -1,3 +1,10 @@
+4.1.1 (2023-11-28)
+==================
+
+* Disallow in-source builds by default.
+* Fix a potential integer overflow problem in the jas_get_total_mem_size
+ function (for the Windows platform).
+
4.1.0 (2023-11-04)
==================
@@ -110,6 +117,7 @@
===================
* Fix potential null pointer dereference in the JP2/JPC decoder. (#269)
+ (CVE-2021-3443)
* Fix ignoring of JAS_STREAM_FILEOBJ_NOCLOSE at stream close time. (#286)
* Fix integral type sizing problem in JP2 codec. (#284)
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/jasper-version-4.1.0/appveyor.yml new/jasper-version-4.1.1/appveyor.yml
--- old/jasper-version-4.1.0/appveyor.yml 2023-11-05 05:39:06.000000000 +0100
+++ new/jasper-version-4.1.1/appveyor.yml 2023-11-28 18:19:23.000000000 +0100
@@ -3,8 +3,9 @@
# build worker image (VM template)
image:
- - Visual Studio 2015
- - Visual Studio 2013
+ - Visual Studio 2022
+ #- Visual Studio 2015
+ #- Visual Studio 2013
configuration:
- Release
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/jasper-version-4.1.0/build/appveyor/build.bat new/jasper-version-4.1.1/build/appveyor/build.bat
--- old/jasper-version-4.1.0/build/appveyor/build.bat 2023-11-05 05:39:06.000000000 +0100
+++ new/jasper-version-4.1.1/build/appveyor/build.bat 2023-11-28 18:19:23.000000000 +0100
@@ -41,7 +41,8 @@
cmake ^
-H%source_dir% -B%build_dir_shared% %allow_in_source_build% ^
-DCMAKE_INSTALL_PREFIX=%install_dir_shared% ^
- -DJAS_ENABLE_SHARED=true || exit /B 1
+ -DJAS_ENABLE_SHARED=true ^
+ -DJAS_ENABLE_DOC=false || exit /B 1
rem msbuild %build_dir_shared%\INSTALL.vcxproj || exit /B 1
cmake --build %build_dir_shared% --clean-first || exit /B 1
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/jasper-version-4.1.0/build/cmake/modules/InSourceBuild.cmake new/jasper-version-4.1.1/build/cmake/modules/InSourceBuild.cmake
--- old/jasper-version-4.1.0/build/cmake/modules/InSourceBuild.cmake 2023-11-05 05:39:06.000000000 +0100
+++ new/jasper-version-4.1.1/build/cmake/modules/InSourceBuild.cmake 2023-11-28 18:19:23.000000000 +0100
@@ -1,15 +1,48 @@
option(ALLOW_IN_SOURCE_BUILD "Allow an in-source build" OFF)
function(prevent_in_source_build)
- get_filename_component(source_dir "${CMAKE_SOURCE_DIR}" REALPATH)
- get_filename_component(binary_dir "${CMAKE_BINARY_DIR}" REALPATH)
- if(source_dir STREQUAL binary_dir)
- message(FATAL_ERROR
- "The use of an in-source build is not recommended. "
- "For this reason, the use of in-source build is disabled by default. "
- "If you want to override this default behavior, add the -DALLOW_IN_SOURCE_BUILD option to cmake."
- )
+
+ # Determine if an in-source build is in progress.
+ file(REAL_PATH "${CMAKE_SOURCE_DIR}" source_dir)
+ file(REAL_PATH "${CMAKE_BINARY_DIR}" binary_dir)
+ cmake_path(IS_PREFIX source_dir "${binary_dir}" result)
+
+ # If an in-source build is in progress, and the build directory is not
+ # chosen in a very specific way, then stop the build.
+ if(result)
+ cmake_path(RELATIVE_PATH binary_dir BASE_DIRECTORY "${source_dir}"
+ OUTPUT_VARIABLE cur_path)
+ #message("cur_path ${cur_path}")
+ while(true)
+ cmake_path(HAS_PARENT_PATH cur_path has_parent)
+ if(NOT has_parent)
+ break()
+ endif()
+ cmake_path(GET cur_path PARENT_PATH cur_path)
+ #message("cur_path ${cur_path}")
+ endwhile()
+ cmake_path(GET cur_path FILENAME top_dir_name)
+ #message("top_dir_name ${top_dir_name}")
+ if(NOT (top_dir_name MATCHES "^tmp"))
+ message(FATAL_ERROR
+ "The use of an in-source build has been detected "
+ "(i.e., the binary directory specified to CMake is located "
+ "in or under the source directory). "
+ "This can potentially trash the source tree. "
+ "In fact, if you are seeing this message, you may have already "
+ "partially trashed the source tree. "
+ "The use of an in-source build is not officially supported and "
+ "is therefore disallowed by default. "
+ "If you like to live dangerously and would like to override "
+ "this default behavior, this can be accomplished via the "
+ "CMake option ALLOW_IN_SOURCE_BUILD.\n"
+ "CMake source directory: ${CMAKE_SOURCE_DIR}\n"
+ "CMake binary directory: ${CMAKE_BINARY_DIR}\n"
+ "CMake binary directory root: ${CMAKE_SOURCE_DIR}/${top_dir_name}\n"
+ )
+ endif()
endif()
+
endfunction()
if(NOT ALLOW_IN_SOURCE_BUILD)
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/jasper-version-4.1.0/src/libjasper/base/jas_malloc.c new/jasper-version-4.1.1/src/libjasper/base/jas_malloc.c
--- old/jasper-version-4.1.0/src/libjasper/base/jas_malloc.c 2023-11-05 05:39:06.000000000 +0100
+++ new/jasper-version-4.1.1/src/libjasper/base/jas_malloc.c 2023-11-28 18:19:23.000000000 +0100
@@ -661,11 +661,12 @@
Reference:
https://docs.microsoft.com/en-us/windows/win32/api/sysinfoapi/nf-sysinfoapi-...
*/
- ULONGLONG size;
- if (!GetPhysicallyInstalledSystemMemory(&size)) {
+ ULONGLONG mem_size_in_kb;
+ if (!GetPhysicallyInstalledSystemMemory(&mem_size_in_kb)) {
return 0;
}
- return 1024 * size;
+ return (mem_size_in_kb < SIZE_MAX / JAS_CAST(size_t, 1024)) ?
+ JAS_CAST(size_t, 1024) * mem_size_in_kb : SIZE_MAX;
#else
return 0;
#endif