From 7a7a69fb466bf1b2af3bae919e43e31b556b4f15750ed58841a3fca66fbffb33 Mon Sep 17 00:00:00 2001 From: Atri Bhattacharya Date: Tue, 28 Jan 2020 11:15:26 +0000 Subject: [PATCH] Accepting request 766065 from home:dimstar:Factory disable internal and external jasper; JasPer is insecure and dead upstream. CVEs remain unfixed OBS-URL: https://build.opensuse.org/request/show/766065 OBS-URL: https://build.opensuse.org/package/show/science/opencv?expand=0&rev=12 --- opencv.changes | 10 ++++++++++ opencv.spec | 2 +- 2 files changed, 11 insertions(+), 1 deletion(-) diff --git a/opencv.changes b/opencv.changes index a9f4763..643d1a7 100644 --- a/opencv.changes +++ b/opencv.changes @@ -1,3 +1,13 @@ +------------------------------------------------------------------- +Tue Jan 21 11:38:08 UTC 2020 - Dominique Leuenberger + +- Drop Jasper (i.e jpeg2k) support (boo#1130404, boo#1144260) + JasPer is unmaintained, CVEs are not being addressed (some issues + received patches submitted to the upstream github project, but are + not being merged, other CVEs are considered unfixable). openSUSE + follows other distros in dropping JasPer now (much later than + most others, incl. Debian). + ------------------------------------------------------------------- Mon Jan 20 23:22:42 UTC 2020 - Stefan BrĂ¼ns diff --git a/opencv.spec b/opencv.spec index da83050..f2161f6 100644 --- a/opencv.spec +++ b/opencv.spec @@ -51,7 +51,6 @@ Patch3: opencv-includedir.patch BuildRequires: cmake BuildRequires: fdupes BuildRequires: libeigen3-devel -BuildRequires: libjasper-devel BuildRequires: libjpeg-devel BuildRequires: pkgconfig BuildRequires: memory-constraints @@ -232,6 +231,7 @@ rm -f doc/packaging.txt -DOPENCV_SKIP_PYTHON_LOADER=ON \ -DOPENCV_PYTHON2_INSTALL_PATH=%{python2_sitearch} \ -DOPENCV_PYTHON3_INSTALL_PATH=%{python3_sitearch} \ + -DWITH_JASPER=OFF \ make %{?_smp_mflags} VERBOSE=1