<feed xmlns='http://www.w3.org/2005/Atom'>
<title>buildroot/package/jasper, branch 2017.02.1</title>
<subtitle>OpenPOWER buildroot sources</subtitle>
<id>https://git.raptorcs.com/git/buildroot/atom?h=2017.02.1</id>
<link rel='self' href='https://git.raptorcs.com/git/buildroot/atom?h=2017.02.1'/>
<link rel='alternate' type='text/html' href='https://git.raptorcs.com/git/buildroot/'/>
<updated>2017-03-17T23:19:35+00:00</updated>
<entry>
<title>jasper: add upstream security fix</title>
<updated>2017-03-17T23:19:35+00:00</updated>
<author>
<name>Peter Korsgaard</name>
<email>peter@korsgaard.com</email>
</author>
<published>2017-03-14T22:58:22+00:00</published>
<link rel='alternate' type='text/html' href='https://git.raptorcs.com/git/buildroot/commit/?id=604b463d534943701024d7878dd2017c45ed5088'/>
<id>urn:sha1:604b463d534943701024d7878dd2017c45ed5088</id>
<content type='text'>
Fixes a NULL Pointer Dereference jp2_encode:

https://github.com/mdadams/jasper/issues/120

No CVE assigned yet.

Signed-off-by: Peter Korsgaard &lt;peter@korsgaard.com&gt;
(cherry picked from commit 76da579431a78875afeaeda76e459aca69e85d36)
Signed-off-by: Peter Korsgaard &lt;peter@korsgaard.com&gt;
</content>
</entry>
<entry>
<title>jasper: add upstream security fix for CVE-2017-6850</title>
<updated>2017-03-17T23:19:26+00:00</updated>
<author>
<name>Peter Korsgaard</name>
<email>peter@korsgaard.com</email>
</author>
<published>2017-03-14T22:58:21+00:00</published>
<link rel='alternate' type='text/html' href='https://git.raptorcs.com/git/buildroot/commit/?id=607c2635ca1f48f3aacb84404a4cd0ee49215827'/>
<id>urn:sha1:607c2635ca1f48f3aacb84404a4cd0ee49215827</id>
<content type='text'>
Fixes a NULL pointer dereference in jp2_cdef_destroy:

https://blogs.gentoo.org/ago/2017/01/25/jasper-null-pointer-dereference-in-jp2_cdef_destroy-jp2_cod-c/

https://github.com/mdadams/jasper/issues/112

Signed-off-by: Peter Korsgaard &lt;peter@korsgaard.com&gt;
(cherry picked from commit a105443b24f7c75b10dab44c2916fc9f2b58363a)
Signed-off-by: Peter Korsgaard &lt;peter@korsgaard.com&gt;
</content>
</entry>
<entry>
<title>jasper: disable C++ compiler check</title>
<updated>2017-01-16T12:16:14+00:00</updated>
<author>
<name>Baruch Siach</name>
<email>baruch@tkos.co.il</email>
</author>
<published>2017-01-14T19:15:48+00:00</published>
<link rel='alternate' type='text/html' href='https://git.raptorcs.com/git/buildroot/commit/?id=0852552c69c6fa320f38d9c3c77a6f7f6c099c6a'/>
<id>urn:sha1:0852552c69c6fa320f38d9c3c77a6f7f6c099c6a</id>
<content type='text'>
Add a patch to disable the default cmake C++ compiler check.

Fixes:
http://autobuild.buildroot.net/results/970/97001530e59062c36f27721877cb8b5c3ba8906a/

Signed-off-by: Baruch Siach &lt;baruch@tkos.co.il&gt;
Signed-off-by: Peter Korsgaard &lt;peter@korsgaard.com&gt;
</content>
</entry>
<entry>
<title>jasper: disable PDF documentation generation</title>
<updated>2017-01-16T12:15:20+00:00</updated>
<author>
<name>Baruch Siach</name>
<email>baruch@tkos.co.il</email>
</author>
<published>2017-01-14T18:08:29+00:00</published>
<link rel='alternate' type='text/html' href='https://git.raptorcs.com/git/buildroot/commit/?id=7a0402d3a8ab9b25cdc4bed5ab50db127e502dfc'/>
<id>urn:sha1:7a0402d3a8ab9b25cdc4bed5ab50db127e502dfc</id>
<content type='text'>
We don't need the PDF document on target. This also avoids incompatible host
Latex packages.

Fixes:
http://autobuild.buildroot.net/results/e60/e60c4a71a08aebadd0bc3fb95a57a4a223e4b6fa/
http://autobuild.buildroot.net/results/4ec/4ec8a1735590a3cad4b74630b4b6bdd2e3a7eec8/

[Peter: reformat as suggested by Yann]
Signed-off-by: Baruch Siach &lt;baruch@tkos.co.il&gt;
Reviewed-by: "Yann E. MORIN" &lt;yann.morin.1998@free.fr&gt;
Signed-off-by: Peter Korsgaard &lt;peter@korsgaard.com&gt;
</content>
</entry>
<entry>
<title>jasper: bump to version 2.0.10</title>
<updated>2017-01-13T15:13:20+00:00</updated>
<author>
<name>Baruch Siach</name>
<email>baruch@tkos.co.il</email>
</author>
<published>2017-01-12T20:47:44+00:00</published>
<link rel='alternate' type='text/html' href='https://git.raptorcs.com/git/buildroot/commit/?id=015457a852dd733ea555dc8c145235915546fcc6'/>
<id>urn:sha1:015457a852dd733ea555dc8c145235915546fcc6</id>
<content type='text'>
Use upstream provided tarball.

Upstream switched to cmake.

libjpeg dependency is now optional.

Signed-off-by: Baruch Siach &lt;baruch@tkos.co.il&gt;
Signed-off-by: Peter Korsgaard &lt;peter@korsgaard.com&gt;
</content>
</entry>
<entry>
<title>Merge branch 'next'</title>
<updated>2016-12-02T07:53:56+00:00</updated>
<author>
<name>Peter Korsgaard</name>
<email>peter@korsgaard.com</email>
</author>
<published>2016-12-02T07:53:56+00:00</published>
<link rel='alternate' type='text/html' href='https://git.raptorcs.com/git/buildroot/commit/?id=44d2cc99a47fd2a3201785bc558716c162b081ab'/>
<id>urn:sha1:44d2cc99a47fd2a3201785bc558716c162b081ab</id>
<content type='text'>
My local 'next' branch was not uptodate, so the previous merge was missing
the most recent changes.

Thanks to François Perrad for noticing.

Signed-off-by: Peter Korsgaard &lt;peter@korsgaard.com&gt;
</content>
</entry>
<entry>
<title>Revert "jasper: Disable debugging when building for xtensa"</title>
<updated>2016-11-30T21:57:30+00:00</updated>
<author>
<name>Max Filippov</name>
<email>jcmvbkbc@gmail.com</email>
</author>
<published>2016-11-28T21:54:30+00:00</published>
<link rel='alternate' type='text/html' href='https://git.raptorcs.com/git/buildroot/commit/?id=c43b09a99fca22cd2e03e9d8370a23aaf4066a19'/>
<id>urn:sha1:c43b09a99fca22cd2e03e9d8370a23aaf4066a19</id>
<content type='text'>
This reverts commit 71d9b0c1f06896f113b09e941aa84d979bff5710.
Now that -mauto-litpools is in TARGET_ABI when building for xtensa, -O0
builds succeed, so this workaround is no longer needed.

Signed-off-by: Max Filippov &lt;jcmvbkbc@gmail.com&gt;
Signed-off-by: Thomas Petazzoni &lt;thomas.petazzoni@free-electrons.com&gt;
</content>
</entry>
<entry>
<title>jasper: bump version to 1.900.31 (security)</title>
<updated>2016-11-29T21:36:00+00:00</updated>
<author>
<name>Vicente Olivert Riera</name>
<email>Vincent.Riera@imgtec.com</email>
</author>
<published>2016-11-29T11:23:03+00:00</published>
<link rel='alternate' type='text/html' href='https://git.raptorcs.com/git/buildroot/commit/?id=97f8aa4005be8456af52cacd5cfb4b077e55b5fa'/>
<id>urn:sha1:97f8aa4005be8456af52cacd5cfb4b077e55b5fa</id>
<content type='text'>
Fixed CVEs:
 - CVE-2016-9387
 - CVE-2016-9388
 - CVE-2016-9389
 - CVE-2016-9390
 - CVE-2016-9391
 - CVE-2016-9392
 - CVE-2016-9393
 - CVE-2016-9394
 - CVE-2016-9395
 - CVE-2016-9396
 - CVE-2016-9397
 - CVE-2016-9398
 - CVE-2016-9399
 - CVE-2016-9557
 - CVE-2016-9560

Changes to jasper.mk:
 - Switched site method to GitHub. 1.900.31 is not released as a tarball
   in the official website.
 - Autoreconf necessary since there isn't any configure script. We need
   to generate it.

Signed-off-by: Vicente Olivert Riera &lt;Vincent.Riera@imgtec.com&gt;
Signed-off-by: Peter Korsgaard &lt;peter@korsgaard.com&gt;
</content>
</entry>
<entry>
<title>jasper: disable -pedantic-errors</title>
<updated>2016-11-13T11:23:17+00:00</updated>
<author>
<name>Baruch Siach</name>
<email>baruch@tkos.co.il</email>
</author>
<published>2016-11-12T19:29:56+00:00</published>
<link rel='alternate' type='text/html' href='https://git.raptorcs.com/git/buildroot/commit/?id=4605967780e9ecd14fba8100618963247ba72442'/>
<id>urn:sha1:4605967780e9ecd14fba8100618963247ba72442</id>
<content type='text'>
The -pedantic-errors gcc option turns -pedantic warnings into errors. This
mostly affects older gcc versions that default to the ISO90 C standard. Use
the --disable-strict configure option to remove -pedantic-errors.

Fixes:
http://autobuild.buildroot.net/results/191/191f80779df1a9e6f832106e6c4bdf601e2a9893/
http://autobuild.buildroot.net/results/1fe/1febccc7215814490fa3c776b34bc367363afe39/
http://autobuild.buildroot.net/results/a6f/a6f9bfec3406fc21b130f1669e3534651b9c9596/

Signed-off-by: Baruch Siach &lt;baruch@tkos.co.il&gt;
Signed-off-by: Thomas Petazzoni &lt;thomas.petazzoni@free-electrons.com&gt;
</content>
</entry>
<entry>
<title>jasper: security bump to version 1.900.22</title>
<updated>2016-11-11T14:07:43+00:00</updated>
<author>
<name>Baruch Siach</name>
<email>baruch@tkos.co.il</email>
</author>
<published>2016-11-10T17:54:39+00:00</published>
<link rel='alternate' type='text/html' href='https://git.raptorcs.com/git/buildroot/commit/?id=7a21e6e9e3095197267d11c0844e94d648d5f379'/>
<id>urn:sha1:7a21e6e9e3095197267d11c0844e94d648d5f379</id>
<content type='text'>
Fixes:
CVE-2016-8693: Double free vulnerability in mem_close
CVE-2016-8692: Divide by zero in jpc_dec_process_siz
CVE-2016-8691: Divide by zero in jpc_dec_process_siz
CVE-2016-8690: Null pointer dereference in bmp_getdata triggered by crafted
BMP image
CVE-2016-2089: matrix rows_ NULL pointer dereference in jas_matrix_clip()
CVE-2016-8886: memory allocation failure in jas_malloc
CVE-2016-8887: Null pointer dereference in jp2_colr_destroy
CVE-2016-8884, CVE-2016-8885: Null pointer dereference in bmp_getdata
(incomplete fix for CVE-2016-8690)
CVE-2016-8880: Heap buffer overflow in jpc_dec_cp_setfromcox()
CVE-2016-8881: Heap buffer overflow in jpc_getuint16()
CVE-2016-8882: Null pointer access in jpc_pi_destroy
CVE-2016-8883: Assert in jpc_dec_tiledecode()

Drop upstream patches.

Change SITE to the official download location, since the current one does not
have the updated version. Unfortunately, the official site only offers tar.gz.

Fix license. It is "based on the MIT license", but not exactly the same
(http://www.ece.uvic.ca/~frodo/jasper/; under "Legal Issues").

Drop autoreconf; the autotools version has been updated since commit
324ccec90d (jasper: autoreconf to fix rpath issue) that introduced it.

Cc: Maxime Hadjinlian &lt;maxime.hadjinlian@gmail.com&gt;
Signed-off-by: Baruch Siach &lt;baruch@tkos.co.il&gt;
Signed-off-by: Thomas Petazzoni &lt;thomas.petazzoni@free-electrons.com&gt;
</content>
</entry>
</feed>
