| Message ID | 20251014205402.1487867-18-ankur.tyagi85@gmail.com |
|---|---|
| State | New |
| Headers | show |
| Series | [meta-oe,scarthgap,01/18] dash: set CVE_PRODUCT | expand |
On 10/14/25 22:54, Ankur Tyagi via lists.openembedded.org wrote: > Bugfixes including CVE-2023-51257 > https://github.com/jasper-software/jasper/compare/version-4.1.1...version-4.1.2 > > Signed-off-by: Ankur Tyagi <ankur.tyagi85@gmail.com> > --- > .../recipes-graphics/jasper/jasper_4.1.1.bb | 2 +- > .../recipes-graphics/jasper/jasper_4.1.2.bb | 35 +++++++++++++++++++ It looks like the original recipe (v4.1.1) wasn't deleted > 2 files changed, 36 insertions(+), 1 deletion(-) > create mode 100644 meta-oe/recipes-graphics/jasper/jasper_4.1.2.bb > > diff --git a/meta-oe/recipes-graphics/jasper/jasper_4.1.1.bb b/meta-oe/recipes-graphics/jasper/jasper_4.1.1.bb > index 5281980ecb..d6d5b5de32 100644 > --- a/meta-oe/recipes-graphics/jasper/jasper_4.1.1.bb > +++ b/meta-oe/recipes-graphics/jasper/jasper_4.1.1.bb > @@ -4,7 +4,7 @@ LICENSE = "MIT" > LIC_FILES_CHKSUM = "file://LICENSE.txt;md5=a80440d1d8f17d041c71c7271d6e06eb" > > SRC_URI = "git://github.com/jasper-software/jasper.git;protocol=https;branch=master" > -SRCREV = "917f7708b755d8434f70618108c1a76f1b6a0a82" > +SRCREV = "ff633699cb785967a2cb0084d89d56e53c46e416" > > CVE_STATUS[CVE-2015-8751] = "fixed-version: The CPE in the NVD database doesn't reflect correctly the vulnerable versions." > > diff --git a/meta-oe/recipes-graphics/jasper/jasper_4.1.2.bb b/meta-oe/recipes-graphics/jasper/jasper_4.1.2.bb > new file mode 100644 > index 0000000000..d4dae1f22a > --- /dev/null > +++ b/meta-oe/recipes-graphics/jasper/jasper_4.1.2.bb > @@ -0,0 +1,35 @@ > +SUMMARY = "Jpeg 2000 implementation" > +HOMEPAGE = "https://jasper-software.github.io/jasper/" > +LICENSE = "MIT" > +LIC_FILES_CHKSUM = "file://LICENSE.txt;md5=a80440d1d8f17d041c71c7271d6e06eb" > + > +SRC_URI = "git://github.com/jasper-software/jasper.git;protocol=https;branch=master" > +SRCREV = "ff633699cb785967a2cb0084d89d56e53c46e416" > + > +CVE_STATUS[CVE-2015-8751] = "fixed-version: The CPE in the NVD database doesn't reflect correctly the vulnerable versions." > +CVE_STATUS[CVE-2023-51257] = "fixed-version: patch is already included in sources" > + > +S = "${WORKDIR}/git" > + > +inherit cmake multilib_header > + > +do_configure:prepend() { > + JAS_STDC_VERSION="$(echo __STDC_VERSION__ | ${CPP} -E -P -)" > +} > + > +EXTRA_OECMAKE:append = " -DJAS_STDC_VERSION=${JAS_STDC_VERSION}" > + > +PACKAGECONFIG ??= "${@bb.utils.contains('DISTRO_FEATURES', 'opengl x11', 'opengl', '', d)} \ > + jpeg" > + > +PACKAGECONFIG[jpeg] = "-DJAS_ENABLE_LIBJPEG=ON,-DJAS_ENABLE_LIBJPEG=OFF,jpeg," > +PACKAGECONFIG[opengl] = "-DJAS_ENABLE_OPENGL=ON,-DJAS_ENABLE_OPENGL=OFF,freeglut," > + > +do_install:append() { > + chrpath -d ${D}${bindir}/jasper > + chrpath -d ${D}${bindir}/imginfo > + chrpath -d ${D}${bindir}/imgcmp > + chrpath -d ${D}${libdir}/libjasper.so.* > + oe_multilib_header jasper/jas_config.h > +} > + > > -=-=-=-=-=-=-=-=-=-=-=- > Links: You receive all messages sent to this group. > View/Reply Online (#120651): https://lists.openembedded.org/g/openembedded-devel/message/120651 > Mute This Topic: https://lists.openembedded.org/mt/115760534/6084445 > Group Owner: openembedded-devel+owner@lists.openembedded.org > Unsubscribe: https://lists.openembedded.org/g/openembedded-devel/unsub [skandigraun@gmail.com] > -=-=-=-=-=-=-=-=-=-=-=- >
On Wed, Oct 15, 2025 at 10:13 AM Gyorgy Sarvari <skandigraun@gmail.com> wrote: > > On 10/14/25 22:54, Ankur Tyagi via lists.openembedded.org wrote: > > Bugfixes including CVE-2023-51257 > > https://github.com/jasper-software/jasper/compare/version-4.1.1...version-4.1.2 > > > > Signed-off-by: Ankur Tyagi <ankur.tyagi85@gmail.com> > > --- > > .../recipes-graphics/jasper/jasper_4.1.1.bb | 2 +- > > .../recipes-graphics/jasper/jasper_4.1.2.bb | 35 +++++++++++++++++++ > > It looks like the original recipe (v4.1.1) wasn't deleted Thanks, please drop this patch from the series and I'll send another one fixing it. > > > 2 files changed, 36 insertions(+), 1 deletion(-) > > create mode 100644 meta-oe/recipes-graphics/jasper/jasper_4.1.2.bb > > > > diff --git a/meta-oe/recipes-graphics/jasper/jasper_4.1.1.bb b/meta-oe/recipes-graphics/jasper/jasper_4.1.1.bb > > index 5281980ecb..d6d5b5de32 100644 > > --- a/meta-oe/recipes-graphics/jasper/jasper_4.1.1.bb > > +++ b/meta-oe/recipes-graphics/jasper/jasper_4.1.1.bb > > @@ -4,7 +4,7 @@ LICENSE = "MIT" > > LIC_FILES_CHKSUM = "file://LICENSE.txt;md5=a80440d1d8f17d041c71c7271d6e06eb" > > > > SRC_URI = "git://github.com/jasper-software/jasper.git;protocol=https;branch=master" > > -SRCREV = "917f7708b755d8434f70618108c1a76f1b6a0a82" > > +SRCREV = "ff633699cb785967a2cb0084d89d56e53c46e416" > > > > CVE_STATUS[CVE-2015-8751] = "fixed-version: The CPE in the NVD database doesn't reflect correctly the vulnerable versions." > > > > diff --git a/meta-oe/recipes-graphics/jasper/jasper_4.1.2.bb b/meta-oe/recipes-graphics/jasper/jasper_4.1.2.bb > > new file mode 100644 > > index 0000000000..d4dae1f22a > > --- /dev/null > > +++ b/meta-oe/recipes-graphics/jasper/jasper_4.1.2.bb > > @@ -0,0 +1,35 @@ > > +SUMMARY = "Jpeg 2000 implementation" > > +HOMEPAGE = "https://jasper-software.github.io/jasper/" > > +LICENSE = "MIT" > > +LIC_FILES_CHKSUM = "file://LICENSE.txt;md5=a80440d1d8f17d041c71c7271d6e06eb" > > + > > +SRC_URI = "git://github.com/jasper-software/jasper.git;protocol=https;branch=master" > > +SRCREV = "ff633699cb785967a2cb0084d89d56e53c46e416" > > + > > +CVE_STATUS[CVE-2015-8751] = "fixed-version: The CPE in the NVD database doesn't reflect correctly the vulnerable versions." > > +CVE_STATUS[CVE-2023-51257] = "fixed-version: patch is already included in sources" > > + > > +S = "${WORKDIR}/git" > > + > > +inherit cmake multilib_header > > + > > +do_configure:prepend() { > > + JAS_STDC_VERSION="$(echo __STDC_VERSION__ | ${CPP} -E -P -)" > > +} > > + > > +EXTRA_OECMAKE:append = " -DJAS_STDC_VERSION=${JAS_STDC_VERSION}" > > + > > +PACKAGECONFIG ??= "${@bb.utils.contains('DISTRO_FEATURES', 'opengl x11', 'opengl', '', d)} \ > > + jpeg" > > + > > +PACKAGECONFIG[jpeg] = "-DJAS_ENABLE_LIBJPEG=ON,-DJAS_ENABLE_LIBJPEG=OFF,jpeg," > > +PACKAGECONFIG[opengl] = "-DJAS_ENABLE_OPENGL=ON,-DJAS_ENABLE_OPENGL=OFF,freeglut," > > + > > +do_install:append() { > > + chrpath -d ${D}${bindir}/jasper > > + chrpath -d ${D}${bindir}/imginfo > > + chrpath -d ${D}${bindir}/imgcmp > > + chrpath -d ${D}${libdir}/libjasper.so.* > > + oe_multilib_header jasper/jas_config.h > > +} > > + > > > > -=-=-=-=-=-=-=-=-=-=-=- > > Links: You receive all messages sent to this group. > > View/Reply Online (#120651): https://lists.openembedded.org/g/openembedded-devel/message/120651 > > Mute This Topic: https://lists.openembedded.org/mt/115760534/6084445 > > Group Owner: openembedded-devel+owner@lists.openembedded.org > > Unsubscribe: https://lists.openembedded.org/g/openembedded-devel/unsub [skandigraun@gmail.com] > > -=-=-=-=-=-=-=-=-=-=-=- > > >
diff --git a/meta-oe/recipes-graphics/jasper/jasper_4.1.1.bb b/meta-oe/recipes-graphics/jasper/jasper_4.1.1.bb index 5281980ecb..d6d5b5de32 100644 --- a/meta-oe/recipes-graphics/jasper/jasper_4.1.1.bb +++ b/meta-oe/recipes-graphics/jasper/jasper_4.1.1.bb @@ -4,7 +4,7 @@ LICENSE = "MIT" LIC_FILES_CHKSUM = "file://LICENSE.txt;md5=a80440d1d8f17d041c71c7271d6e06eb" SRC_URI = "git://github.com/jasper-software/jasper.git;protocol=https;branch=master" -SRCREV = "917f7708b755d8434f70618108c1a76f1b6a0a82" +SRCREV = "ff633699cb785967a2cb0084d89d56e53c46e416" CVE_STATUS[CVE-2015-8751] = "fixed-version: The CPE in the NVD database doesn't reflect correctly the vulnerable versions." diff --git a/meta-oe/recipes-graphics/jasper/jasper_4.1.2.bb b/meta-oe/recipes-graphics/jasper/jasper_4.1.2.bb new file mode 100644 index 0000000000..d4dae1f22a --- /dev/null +++ b/meta-oe/recipes-graphics/jasper/jasper_4.1.2.bb @@ -0,0 +1,35 @@ +SUMMARY = "Jpeg 2000 implementation" +HOMEPAGE = "https://jasper-software.github.io/jasper/" +LICENSE = "MIT" +LIC_FILES_CHKSUM = "file://LICENSE.txt;md5=a80440d1d8f17d041c71c7271d6e06eb" + +SRC_URI = "git://github.com/jasper-software/jasper.git;protocol=https;branch=master" +SRCREV = "ff633699cb785967a2cb0084d89d56e53c46e416" + +CVE_STATUS[CVE-2015-8751] = "fixed-version: The CPE in the NVD database doesn't reflect correctly the vulnerable versions." +CVE_STATUS[CVE-2023-51257] = "fixed-version: patch is already included in sources" + +S = "${WORKDIR}/git" + +inherit cmake multilib_header + +do_configure:prepend() { + JAS_STDC_VERSION="$(echo __STDC_VERSION__ | ${CPP} -E -P -)" +} + +EXTRA_OECMAKE:append = " -DJAS_STDC_VERSION=${JAS_STDC_VERSION}" + +PACKAGECONFIG ??= "${@bb.utils.contains('DISTRO_FEATURES', 'opengl x11', 'opengl', '', d)} \ + jpeg" + +PACKAGECONFIG[jpeg] = "-DJAS_ENABLE_LIBJPEG=ON,-DJAS_ENABLE_LIBJPEG=OFF,jpeg," +PACKAGECONFIG[opengl] = "-DJAS_ENABLE_OPENGL=ON,-DJAS_ENABLE_OPENGL=OFF,freeglut," + +do_install:append() { + chrpath -d ${D}${bindir}/jasper + chrpath -d ${D}${bindir}/imginfo + chrpath -d ${D}${bindir}/imgcmp + chrpath -d ${D}${libdir}/libjasper.so.* + oe_multilib_header jasper/jas_config.h +} +
Bugfixes including CVE-2023-51257 https://github.com/jasper-software/jasper/compare/version-4.1.1...version-4.1.2 Signed-off-by: Ankur Tyagi <ankur.tyagi85@gmail.com> --- .../recipes-graphics/jasper/jasper_4.1.1.bb | 2 +- .../recipes-graphics/jasper/jasper_4.1.2.bb | 35 +++++++++++++++++++ 2 files changed, 36 insertions(+), 1 deletion(-) create mode 100644 meta-oe/recipes-graphics/jasper/jasper_4.1.2.bb