Use system version of jasper and jbigkit for fix CVE-2008-3522

2025-01-06 14:46:18 +08:00 · 2025-01-06 14:46:18 +08:00 · 816bf17474
commit 816bf17474
parent 0c85fc5441
3 changed files with 84 additions and 4 deletions
--- a/netpbm-jasper.patch
+++ b/netpbm-jasper.patch
@ -0,0 +1,62 @@
+diff -urNp a/config.mk.in b/config.mk.in
+--- a/config.mk.in	2018-11-21 12:46:22.044790058 +0100
+++ b/config.mk.in	2018-11-22 13:13:10.260123268 +0100
+@@ -128,7 +128,7 @@ INSTALL = $(SRCDIR)/buildtools/install.s
+ 
+ # STRIPFLAG is the option you pass to the above install program to make it
+ # strip unnecessary information out of binaries.
+-STRIPFLAG = -s
+STRIPFLAG =
+ # If you don't want to strip the binaries, just leave it null:
+ #STRIPFLAG = 
+ 
+@@ -482,12 +482,12 @@ JBIGLIB = $(INTERNAL_JBIGLIB)
+ JBIGHDR_DIR = $(INTERNAL_JBIGHDR_DIR)
+ 
+ # The Jasper JPEG-2000 image compression library (aka JasPer):
+-JASPERLIB = $(INTERNAL_JASPERLIB)
+-JASPERHDR_DIR = $(INTERNAL_JASPERHDR_DIR)
+JASPERLIB = "" 
+JASPERHDR_DIR = "/usr/include/jasper"
+ # JASPERDEPLIBS is the libraries (-l options or file names) on which
+ # The Jasper library depends -- i.e. what you have to link into any
+ # executable that links in the Jasper library.
+-JASPERDEPLIBS =
+JASPERDEPLIBS = -ljasper
+ #JASPERDEPLIBS = -ljpeg
+ 
+ # And the Utah Raster Toolkit (aka URT aka RLE) library:
+diff -urNp a/converter/other/jbig/Makefile b/converter/other/jbig/Makefile
+--- a/converter/other/jbig/Makefile	2018-11-21 12:46:22.075789920 +0100
+++ b/converter/other/jbig/Makefile	2018-11-22 13:13:40.837969056 +0100
+@@ -11,8 +11,9 @@ include $(BUILDDIR)/config.mk
+ 
+ # INTERNAL_JBIGLIB must be relative to the current directory, because it
+ # may end up in MERGE_OBJECTS, which must be relative.
+-INTERNAL_JBIGLIB = libjbig/libjbig.a
+-INTERNAL_JBIGHDR_DIR = $(SRCDIR)/$(SUBDIR)/libjbig/include
+INTERNAL_JBIGLIB = 
+INTERNAL_JBIGHDR_DIR = /usr/include
+#INTERNAL_JBIGHDR_DIR = $(SRCDIR)/$(SUBDIR)/libjbig/include
+ 
+ EXTERN_INCLUDES =
+ ifneq ($(JBIGHDR_DIR),NONE)
+@@ -35,7 +36,6 @@ SCRIPTS =
+ 
+ ifeq ($(JBIGLIB),$(INTERNAL_JBIGLIB))
+   JBIGLIB_DEP = $(JBIGLIB)
+-  SUBDIRS += libjbig
+ else
+   # It's not our internal version; user's on his own to make sure it's built
+ endif
+@@ -49,10 +49,3 @@ include $(SRCDIR)/common.mk
+ 
+ $(BINARIES): %: %.o $(JBIGLIB_DEP) $(LIBOPT)
+ $(BINARIES): LDFLAGS_TARGET = $(shell $(LIBOPT) $(JBIGLIB))
+-
+-$(INTERNAL_JBIGLIB): $(BUILDDIR)/$(SUBDIR)/libjbig FORCE
+-	$(MAKE) -f $(SRCDIR)/$(SUBDIR)/libjbig/Makefile \
+-	  -C $(dir $@) $(notdir $@)
+-
+-.PHONY: FORCE
+-FORCE:
--- a/netpbm.spec
+++ b/netpbm.spec
@ -1,6 +1,6 @@
 Name:            netpbm
 Version:         10.83.01
-Release:         3
+Release:         6
 Summary:         A library for handling different graphics file formats
 License:         BSD and GPLv2 and IJG and MIT and Public Domain
 URL:             http://netpbm.sourceforge.net/
@ -26,9 +26,10 @@ Patch0015:       netpbm-cmuwtopbm.patch
 Patch0016:       netpbm-pamtojpeg2k.patch
 Patch0017:       netpbm-manfix.patch
 Patch0018:       netpbm-manual-pages.patch
+Patch0019:       netpbm-jasper.patch

-BuildRequires:   libjpeg-devel, libpng-devel, libtiff-devel, flex
-BuildRequires:   libX11-devel perl-generators python3 libxml2-devel ghostscript-core
+BuildRequires:   libjpeg-devel, libpng-devel, libtiff-devel, flex jbigkit-devel jasper-devel
+BuildRequires:   libX11-devel perl-generators python3 libxml2-devel ghostscript-core gcc perl
 Requires:        ghostscript
 Provides:        bundled(jbigkit) netpbm-progs = %{version}-%{release}
 Obsoletes:       netpbm-progs < %{version}-%{release}
@ -55,6 +56,8 @@ Help document for the netpbm package.

 %prep
 %autosetup -n %{name}-%{version} -p1
+rm -rf converter/other/jpeg2000/libjasper/
+rm -rf converter/other/jbig/libjbig/

 %build
 ./configure <<EOF
@ -82,7 +85,7 @@ make \
  CFLAGS="$RPM_OPT_FLAGS -fPIC -flax-vector-conversions -fno-strict-aliasing" \
  CFLAGS_CONFIG="$RPM_OPT_FLAGS" LADD="-lm" JPEGINC_DIR=%{_includedir} PNGINC_DIR=%{_includedir} \
  TIFFINC_DIR=%{_includedir} JPEGLIB_DIR=%{_libdir} PNGLIB_DIR=%{_libdir} TIFFLIB_DIR=%{_libdir} \
-  LINUXSVGALIB="NONE" X11LIB=%{_libdir}/libX11.so XML2LIBS="NONE"
+  LINUXSVGALIB="NONE" X11LIB=%{_libdir}/libX11.so XML2LIBS="NONE" JBIGLIB=%{_libdir}/libjbig.so.2.1

 cd userguide
 rm -f ppmtompeg* *.manual-pages *.manfix
@ -155,6 +158,17 @@ cd -
 %{_mandir}/man5/*

 %changelog
+* Mon Jan 06 2025 wangkai <13474090681@163.com> - 10.83.01-6
+- Use system version of jasper and jbigkit for fix CVE-2008-3522
+
+* Wed Jan 05 2022 Ge Wang <wangge20@huawei.com> - 10.83.01-5
+- Fix building error: Can not locate English.pm
+- Add perl in BuildRequires
+
+* Wed Jun 16 2021 zhaoyao <zhaoyao32@huawei.com> - 10.83.01-4
+- Fix buiding error:  Can't exec "-c": No such file or directory
+- Add gcc in BuildRequires
+
 * Thu Jan 23 2020 openEuler Buildteam <buildteam@openeuler.org> - 10.83.01-3
 - Type:bugfix
 - Id:NA
--- a/netpbm.yaml
+++ b/netpbm.yaml
@ -0,0 +1,4 @@
+version_control: svn
+src_repo: https://svn.code.sf.net/p/netpbm/code
+tag_prefix: ^v
+seperator: .