packages: netpbm/netpbm.spec, netpbm/netpbm-build.patch (NEW), netpbm/netpb...

arekm arekm at pld-linux.org
Wed Jul 15 08:57:21 CEST 2009 

Author: arekm                        Date: Wed Jul 15 06:57:21 2009 GMT
Module: packages                      Tag: HEAD
---- Log message:
- up to 10.35.65. CVE-2007-2721 and CVE-2008-3520 fixed by linking to system jasper (as these CVEs affect jacper) instead of internal one.

---- Files affected:
packages/netpbm:
   netpbm.spec (1.93 -> 1.94) , netpbm-build.patch (NONE -> 1.1)  (NEW), netpbm-rgb-path.patch (1.1 -> NONE)  (REMOVED)

---- Diffs:

================================================================
Index: packages/netpbm/netpbm.spec
diff -u packages/netpbm/netpbm.spec:1.93 packages/netpbm/netpbm.spec:1.94
--- packages/netpbm/netpbm.spec:1.93	Fri Jul 10 21:53:25 2009
+++ packages/netpbm/netpbm.spec	Wed Jul 15 08:57:16 2009
@@ -11,25 +11,24 @@
 Summary(ru.UTF-8):	Набор библиотек для работы с различными графическими файлами
 Summary(uk.UTF-8):	Набір бібліотек для роботи з різними графічними файлами
 Name:		netpbm
-Version:	10.34
-Release:	6
+Version:	10.35.65
+Release:	1
 License:	Freeware
 Group:		Libraries
-Source0:	http://dl.sourceforge.net/netpbm/%{name}-%{version}.tgz
-# Source0-md5:	851137b746e9a08c46e6580743c036c4
+#  svn export https://netpbm.svn.sourceforge.net/svnroot/netpbm/stable netpbm-%{version} (where version from doc/HISTORY)
+#  svn export https://netpbm.svn.sourceforge.net/svnroot/netpbm/userguide netpbm-%{version}/userguide
+Source0:	%{name}-%{version}.tar.bz2
+# Source0-md5:	8f8317643d6f729ebc30913d066be804
 Source1:	http://www.mif.pg.gda.pl/homepages/ankry/man-PLD/%{name}-non-english-man-pages.tar.bz2
 # Source1-md5:	8fb174f8da02ea01bf72a9dc61be10f1
 Source2:	%{name}-docs-20030520.tar.bz2
 # Source2-md5:	2d6a3965d493def21edfbc3e1aa262e9
 Patch0:		%{name}-make.patch
-Patch1:		%{name}-rgb-path.patch
+Patch1:		%{name}-build.patch
 URL:		http://netpbm.sourceforge.net/
-# Patches in redhat:
-# https://rhn.redhat.com/errata/RHSA-2009-0012.html
-BuildRequires:	security(CVE-2007-2721)
-BuildRequires:	security(CVE-2008-3520)
 BuildRequires:	xorg-lib-libX11-devel
 BuildRequires:	flex
+BuildRequires:	jasper-devel
 BuildRequires:	jbigkit-devel
 BuildRequires:	libjpeg-devel
 BuildRequires:	libpng-devel
@@ -215,6 +214,28 @@
 %patch1 -p1
 
 %build
+./configure << EOF
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+EOF
+
 # it appends defines to pm_config.h twice if -j > 1
 %{__make} -j1 \
 	CC="%{__cc}" \
@@ -225,7 +246,9 @@
 	PNGHDR_DIR=%{_includedir} \
 	TIFFHDR_DIR=%{_includedir} \
 	X11LIB=%{_libdir}/libX11.so \
-	JBIGLIB=/usr/%{_lib}/libjbig.so << EOF
+	JBIGLIB=/usr/%{_lib}/libjbig.so \
+	JASPERLIB="" \
+	JASPERDEPLIBS="-ljasper" << EOF
 
 gnu
 regular
@@ -259,7 +282,7 @@
 install -d $RPM_BUILD_ROOT{%{_bindir},%{_libdir},%{_includedir},%{_mandir}/man{1,3,5}}
 
 rm -rf PKG
-%{__make} package \
+%{__make} -j1 package \
 	pkgdir=$(pwd)/PKG
 
 rm -f PKG/bin/doc.url
@@ -333,6 +356,9 @@
 All persons listed below can be reached at <cvs_login>@pld-linux.org
 
 $Log$
+Revision 1.94  2009/07/15 06:57:16  arekm
+- up to 10.35.65. CVE-2007-2721 and CVE-2008-3520 fixed by linking to system jasper (as these CVEs affect jacper) instead of internal one.
+
 Revision 1.93  2009/07/10 19:53:25  arekm
 - release 6
 

================================================================
Index: packages/netpbm/netpbm-build.patch
diff -u /dev/null packages/netpbm/netpbm-build.patch:1.1
--- /dev/null	Wed Jul 15 08:57:21 2009
+++ packages/netpbm/netpbm-build.patch	Wed Jul 15 08:57:16 2009
@@ -0,0 +1,25 @@
+--- netpbm-10.35.65/buildtools/configure.pl~	2009-06-26 03:35:42.000000000 +0200
++++ netpbm-10.35.65/buildtools/configure.pl	2009-07-15 08:47:35.271968502 +0200
+@@ -1889,11 +1889,6 @@
+         push(@Makefile_config, "CFLAGS += -fPIC\n");
+         push(@Makefile_config, "LDSHLIB = -shared -fPIC\n");
+         push(@Makefile_config, 'LDFLAGS += -Wl,+b,/usr/pubsw/lib', "\n");
+-    } else {
+-        # We don't know what to do here.  We used to (before 10.20) just
+-        # just assume the compiler was gcc.  We know that the gcc stuff
+-        # above does NOT work for HP native compiler.
+-        push(@config_mk, "LDSHLIB =\n");
+     }
+ } elsif ($platform eq "AIX") {
+     push(@Makefile_config, 'LDFLAGS = -L /usr/pubsw/lib', "\n");
+--- netpbm-10.35.65/converter/ppm/ppmtompeg/jpeg.c~	2006-08-19 05:12:28.000000000 +0200
++++ netpbm-10.35.65/converter/ppm/ppmtompeg/jpeg.c	2009-07-15 08:52:06.372101451 +0200
+@@ -469,7 +469,7 @@
+ #ifdef JPEG4
+     buffer_height = 8;  /* could be 2, 4,8 rows high */
+ #else
+-    buffer_height = cinfo.max_v_samp_factor * cinfo.min_DCT_scaled_size;
++    buffer_height = cinfo.max_v_samp_factor * cinfo.min_DCT_v_scaled_size;
+ #endif
+   
+     for(cp=0,compptr = cinfo.comp_info;cp<cinfo.num_components;
================================================================

---- CVS-web:
    http://cvs.pld-linux.org/cgi-bin/cvsweb.cgi/packages/netpbm/netpbm.spec?r1=1.93&r2=1.94&f=u

More information about the pld-cvs-commit mailing list