Changed _SITE to github, current version is not available from upstream
website.
Removed patches applied upstream:
0002-Fixed-bugs-due-to-uninitialized-data-in-the-JP2-deco.patch
e96fc4fdd5
0003-Added-a-check-in-the-JP2-encoder-to-ensure-that-the-.patch
58ba0365d9
Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Use upstream provided tarball.
Upstream switched to cmake.
libjpeg dependency is now optional.
Signed-off-by: Baruch Siach <baruch@tkos.co.il>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
My local 'next' branch was not uptodate, so the previous merge was missing
the most recent changes.
Thanks to François Perrad for noticing.
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
This reverts commit 71d9b0c1f0.
Now that -mauto-litpools is in TARGET_ABI when building for xtensa, -O0
builds succeed, so this workaround is no longer needed.
Signed-off-by: Max Filippov <jcmvbkbc@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Fixed CVEs:
- CVE-2016-9387
- CVE-2016-9388
- CVE-2016-9389
- CVE-2016-9390
- CVE-2016-9391
- CVE-2016-9392
- CVE-2016-9393
- CVE-2016-9394
- CVE-2016-9395
- CVE-2016-9396
- CVE-2016-9397
- CVE-2016-9398
- CVE-2016-9399
- CVE-2016-9557
- CVE-2016-9560
Changes to jasper.mk:
- Switched site method to GitHub. 1.900.31 is not released as a tarball
in the official website.
- Autoreconf necessary since there isn't any configure script. We need
to generate it.
Signed-off-by: Vicente Olivert Riera <Vincent.Riera@imgtec.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Fixes:
CVE-2016-8693: Double free vulnerability in mem_close
CVE-2016-8692: Divide by zero in jpc_dec_process_siz
CVE-2016-8691: Divide by zero in jpc_dec_process_siz
CVE-2016-8690: Null pointer dereference in bmp_getdata triggered by crafted
BMP image
CVE-2016-2089: matrix rows_ NULL pointer dereference in jas_matrix_clip()
CVE-2016-8886: memory allocation failure in jas_malloc
CVE-2016-8887: Null pointer dereference in jp2_colr_destroy
CVE-2016-8884, CVE-2016-8885: Null pointer dereference in bmp_getdata
(incomplete fix for CVE-2016-8690)
CVE-2016-8880: Heap buffer overflow in jpc_dec_cp_setfromcox()
CVE-2016-8881: Heap buffer overflow in jpc_getuint16()
CVE-2016-8882: Null pointer access in jpc_pi_destroy
CVE-2016-8883: Assert in jpc_dec_tiledecode()
Drop upstream patches.
Change SITE to the official download location, since the current one does not
have the updated version. Unfortunately, the official site only offers tar.gz.
Fix license. It is "based on the MIT license", but not exactly the same
(http://www.ece.uvic.ca/~frodo/jasper/; under "Legal Issues").
Drop autoreconf; the autotools version has been updated since commit
324ccec90d (jasper: autoreconf to fix rpath issue) that introduced it.
Cc: Maxime Hadjinlian <maxime.hadjinlian@gmail.com>
Signed-off-by: Baruch Siach <baruch@tkos.co.il>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
This drops architecture-specific ABI flags, which may be important.
Signed-off-by: Max Filippov <jcmvbkbc@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
