summaryrefslogtreecommitdiffstats
path: root/package/jasper
Commit message (Collapse)AuthorAgeFilesLines
* jasper: bump to version 2.0.14Fabrice Fontaine2018-10-102-2/+2
| | | | | Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com> Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
* jasper: update licenseFabrice Fontaine2018-10-102-1/+2
| | | | | | | Add hash for license file and use SPDX short term identifier Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com> Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
* package/jasper: bump version to 2.0.13Bernd Kuhls2017-05-274-319/+3
| | | | | | | | | | | | | | | | Changed _SITE to github, current version is not available from upstream website. Removed patches applied upstream: 0002-Fixed-bugs-due-to-uninitialized-data-in-the-JP2-deco.patch https://github.com/mdadams/jasper/commit/e96fc4fdd525fa0ede28074a7e2b1caf94b58b0d 0003-Added-a-check-in-the-JP2-encoder-to-ensure-that-the-.patch https://github.com/mdadams/jasper/commit/58ba0365d911b9f9dd68e9abf826682c0b4f2293 Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de> Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
* jasper: add upstream security fixPeter Korsgaard2017-03-151-0/+30
| | | | | | | | | | Fixes a NULL Pointer Dereference jp2_encode: https://github.com/mdadams/jasper/issues/120 No CVE assigned yet. Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
* jasper: add upstream security fix for CVE-2017-6850Peter Korsgaard2017-03-151-0/+286
| | | | | | | | | | Fixes a NULL pointer dereference in jp2_cdef_destroy: https://blogs.gentoo.org/ago/2017/01/25/jasper-null-pointer-dereference-in-jp2_cdef_destroy-jp2_cod-c/ https://github.com/mdadams/jasper/issues/112 Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
* jasper: bump version to 2.0.12Vicente Olivert Riera2017-03-103-30/+2
| | | | | | | | | | Remove 0001-Disable-C-compiler-check.patch since it's already included in this release. Upstream commit: https://github.com/mdadams/jasper/commit/4212e7e826e1f72c2f01391a80667c88fa2eb517 Signed-off-by: Vicente Olivert Riera <Vincent.Riera@imgtec.com> Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
* jasper: disable C++ compiler checkBaruch Siach2017-01-161-0/+28
| | | | | | | | | | Add a patch to disable the default cmake C++ compiler check. Fixes: http://autobuild.buildroot.net/results/970/97001530e59062c36f27721877cb8b5c3ba8906a/ Signed-off-by: Baruch Siach <baruch@tkos.co.il> Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
* jasper: disable PDF documentation generationBaruch Siach2017-01-161-0/+3
| | | | | | | | | | | | | | We don't need the PDF document on target. This also avoids incompatible host Latex packages. Fixes: http://autobuild.buildroot.net/results/e60/e60c4a71a08aebadd0bc3fb95a57a4a223e4b6fa/ http://autobuild.buildroot.net/results/4ec/4ec8a1735590a3cad4b74630b4b6bdd2e3a7eec8/ [Peter: reformat as suggested by Yann] Signed-off-by: Baruch Siach <baruch@tkos.co.il> Reviewed-by: "Yann E. MORIN" <yann.morin.1998@free.fr> Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
* jasper: bump to version 2.0.10Baruch Siach2017-01-133-9/+14
| | | | | | | | | | | Use upstream provided tarball. Upstream switched to cmake. libjpeg dependency is now optional. Signed-off-by: Baruch Siach <baruch@tkos.co.il> Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
* Merge branch 'next'Peter Korsgaard2016-12-021-6/+0
|\ | | | | | | | | | | | | | | | | My local 'next' branch was not uptodate, so the previous merge was missing the most recent changes. Thanks to François Perrad for noticing. Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
| * Revert "jasper: Disable debugging when building for xtensa"Max Filippov2016-11-301-6/+0
| | | | | | | | | | | | | | | | | | This reverts commit 71d9b0c1f06896f113b09e941aa84d979bff5710. Now that -mauto-litpools is in TARGET_ABI when building for xtensa, -O0 builds succeed, so this workaround is no longer needed. Signed-off-by: Max Filippov <jcmvbkbc@gmail.com> Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
* | jasper: bump version to 1.900.31 (security)Vicente Olivert Riera2016-11-292-3/+7
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Fixed CVEs: - CVE-2016-9387 - CVE-2016-9388 - CVE-2016-9389 - CVE-2016-9390 - CVE-2016-9391 - CVE-2016-9392 - CVE-2016-9393 - CVE-2016-9394 - CVE-2016-9395 - CVE-2016-9396 - CVE-2016-9397 - CVE-2016-9398 - CVE-2016-9399 - CVE-2016-9557 - CVE-2016-9560 Changes to jasper.mk: - Switched site method to GitHub. 1.900.31 is not released as a tarball in the official website. - Autoreconf necessary since there isn't any configure script. We need to generate it. Signed-off-by: Vicente Olivert Riera <Vincent.Riera@imgtec.com> Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
* | jasper: disable -pedantic-errorsBaruch Siach2016-11-131-0/+1
| | | | | | | | | | | | | | | | | | | | | | | | | | | | The -pedantic-errors gcc option turns -pedantic warnings into errors. This mostly affects older gcc versions that default to the ISO90 C standard. Use the --disable-strict configure option to remove -pedantic-errors. Fixes: http://autobuild.buildroot.net/results/191/191f80779df1a9e6f832106e6c4bdf601e2a9893/ http://autobuild.buildroot.net/results/1fe/1febccc7215814490fa3c776b34bc367363afe39/ http://autobuild.buildroot.net/results/a6f/a6f9bfec3406fc21b130f1669e3534651b9c9596/ Signed-off-by: Baruch Siach <baruch@tkos.co.il> Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
* | jasper: security bump to version 1.900.22Baruch Siach2016-11-1114-766/+4
|/ | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Fixes: CVE-2016-8693: Double free vulnerability in mem_close CVE-2016-8692: Divide by zero in jpc_dec_process_siz CVE-2016-8691: Divide by zero in jpc_dec_process_siz CVE-2016-8690: Null pointer dereference in bmp_getdata triggered by crafted BMP image CVE-2016-2089: matrix rows_ NULL pointer dereference in jas_matrix_clip() CVE-2016-8886: memory allocation failure in jas_malloc CVE-2016-8887: Null pointer dereference in jp2_colr_destroy CVE-2016-8884, CVE-2016-8885: Null pointer dereference in bmp_getdata (incomplete fix for CVE-2016-8690) CVE-2016-8880: Heap buffer overflow in jpc_dec_cp_setfromcox() CVE-2016-8881: Heap buffer overflow in jpc_getuint16() CVE-2016-8882: Null pointer access in jpc_pi_destroy CVE-2016-8883: Assert in jpc_dec_tiledecode() Drop upstream patches. Change SITE to the official download location, since the current one does not have the updated version. Unfortunately, the official site only offers tar.gz. Fix license. It is "based on the MIT license", but not exactly the same (http://www.ece.uvic.ca/~frodo/jasper/; under "Legal Issues"). Drop autoreconf; the autotools version has been updated since commit 324ccec90d (jasper: autoreconf to fix rpath issue) that introduced it. Cc: Maxime Hadjinlian <maxime.hadjinlian@gmail.com> Signed-off-by: Baruch Siach <baruch@tkos.co.il> Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
* jasper: add security patchesGustavo Zacarias2016-08-175-0/+262
| | | | | | | | | | | | | | Fixes: CVE-2016-2116 - Memory leak in jas_iccprof_createfrombuf causing memory consumption. CVE-2016-1577 - Double free vulnerability in jas_iccattrval_destroy. CVE-2016-1867 - out-of-bounds read in the jpc_pi_nextcprl() function. CVE-2015-5221 - Use-after-free and double-free flaws in Jasper JPEG-2000 library. CVE-2015-5203 - double free in jasper_image_stop_load() Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar> Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
* jasper: add hash fileGustavo Zacarias2015-07-161-0/+2
| | | | Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar>
* jasper: Disable debugging when building for xtensaMax Filippov2015-05-191-0/+6
| | | | | | | | | | | | xtensa gcc is not able to generate correct code when compiling with -O0 enabled by --enable-debug. Instead of disabling package build it with --disable-debug. Fixes: http://autobuild.buildroot.net/results/5d17055027055ffd33fcd28b208130afb26343c9/ Signed-off-by: Max Filippov <jcmvbkbc@gmail.com> Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
* jasper: Don't overwrite CFLAGS when configured with --enable-debugMax Filippov2015-05-191-0/+27
| | | | | | | This drops architecture-specific ABI flags, which may be important. Signed-off-by: Max Filippov <jcmvbkbc@gmail.com> Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
* jasper: add security fixes for CVE-2014-8157/8158Gustavo Zacarias2015-01-262-0/+351
| | | | | | | | | Fixes: CVE-2014-8157 - dec->numtiles off-by-one check in jpc_dec_process_sot() CVE-2014-8158 - unrestricted stack memory use in jpc_qmfb.c Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar> Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
* jasper: add patches to fix CVE-2014-8137 and CVE-2014-8138Gustavo Zacarias2014-12-193-0/+83
| | | | | | | | | Fixes: CVE-2014-8137 - double-free in jas_iccattrval_destroy() CVE-2014-8138 - heap overflow in jp2_decode() Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar> Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
* jasper: add a patch fixing CVE-2014-9029Baruch Siach2014-12-101-0/+36
| | | | | | | See http://www.ocert.org/advisories/ocert-2014-009.html for the details. Signed-off-by: Baruch Siach <baruch@tkos.co.il> Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
* jasper: autoreconf to fix rpath issuePeter Korsgaard2014-09-101-0/+2
| | | | | | | | | The old version of autotools used gets confused and ends up looking in /usr/lib for libjpeg when host == target.. Fixes http://autobuild.buildroot.net/results/307/307cac65287420252a5bb64715d9a1edd90e72fa/ Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
* Revert "packages: autoreconf non-vanilla libtool packages"Gustavo Zacarias2014-07-311-2/+0
| | | | | | | | | | Now that we've got a cleaner/fuzzier libtool 1.5 static patch we can discard the temporary workaround. This reverts commit e573f5d3267e5916c580e499ecd127c60107b8e1. Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar> Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
* packages: autoreconf non-vanilla libtool packagesGustavo Zacarias2014-07-311-0/+2
| | | | | | | | | | | | | | Some packages no longer apply the libtool patch since commit 97703978ac870ce2b14ad144f8e082de82aa2c64 because they use a non-vanilla version of libtool 1.5.x Fixes many failures like: http://autobuild.buildroot.net/results/34e/34e4898e2bdc08e5d34e16e556384b3086b76467/ http://autobuild.buildroot.net/results/ecf/ecf4e7d6812f972d05c95203fb665235856c0817/ http://autobuild.buildroot.net/results/5d9/5d9a05fb70e8a65f2399c4f38375aeafb9686ea4/ Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar> Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
* jasper: fix license typoJerzy Grzegorek2014-01-301-1/+1
| | | | | Signed-off-by: Jerzy Grzegorek <jerzy.grzegorek@trzebnica.net> Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
* jasper: fix file header commentPeter Korsgaard2014-01-131-2/+2
| | | | | Reported-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com> Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
* jasper: new packageMaxime Hadjinlian2014-01-122-0/+22
JPEG-2000 decoder. This package was originally found at : https://github.com/huceke/buildroot-rbp By gimli <ebsi4711@gmail.com> Signed-off-by: Maxime Hadjinlian <maxime.hadjinlian@gmail.com> Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
OpenPOWER on IntegriCloud