%define oname OpenJPEG

%define major 7
%define lib_name %mklibname openjp2_ %{major}
%define lib_dev %mklibname %{name} -d

%define common_description The OpenJPEG library is an open-source JPEG 2000 codec written in C\
language. It has been developed in order to promote the use of JPEG\
2000, the new still-image compression standard from the Joint\
Photographic Experts Group (JPEG).

Name: openjpeg2
Version: 2.2.0
%define subrel 4
Release: %mkrel 1
Summary: An open-source JPEG 2000 codec 
License: BSD
Group: System/Libraries
Url: http://www.openjpeg.org/
Source0: https://github.com/uclouvain/openjpeg/archive/openjpeg-%{version}.tar.gz
Patch0: openjpeg2-remove-thirdparty.patch
# https://blogs.gentoo.org/ago/2017/08/16/openjpeg-heap-based-buffer-overflow-in-opj_write_bytes_le-cio-c/
# CVE-2017-14152
Patch1: 4241ae6fbbf1de9658764a80944dc8108f2b4154.patch
# https://blogs.gentoo.org/ago/2017/08/14/openjpeg-memory-allocation-failure-in-opj_aligned_alloc_n-opj_malloc-c/
# CVE-2017-14151
Patch2: baf0c1ad4572daa89caa3b12985bdd93530f0dd7.patch
# https://blogs.gentoo.org/ago/2017/08/16/openjpeg-heap-based-buffer-overflow-in-opj_mqc_flush-mqc-c/
Patch3: afb308b9ccbe129608c9205cf3bb39bbefad90b9.patch
# CVE-2017-14041
Patch4: e5285319229a5d77bf316bb0d3a6cbd3cb8666d9.patch
# CVE-2017-14040
Patch5: 2cd30c2b06ce332dede81cccad8b334cde997281.patch
# CVE-2017-14039 and CVE-2017-14164
Patch6: openjpeg2-CVE-2017-14039.patch
Patch7: CVE-2018-5785.patch
# CVE-2017-17479, CVE-2017-17480, and CVE-2018-18088
Patch8: CVE-2018-18088.patch
Patch9: CVE-2018-6616.patch
# https://github.com/uclouvain/openjpeg/commit/bd88611ed9ad7144ec4f3de54790cd848175891b
Patch10: CVE-2018-14423.patch
BuildRequires: png-devel
BuildRequires: tiff-devel
BuildRequires: lcms2-devel
BuildRequires: cmake
BuildRequires: doxygen

%description
%{common_description}

%package -n %{lib_name}
Summary: %{oname} library
Group: System/Libraries

%description -n	%{lib_name}
This package contains the library needed to run programs dynamically
linked with the %{oname} library.

%{common_description}

%package -n %{lib_dev}
Summary: Development tools for programs using the %{oname} library
Group: Development/C
Requires: %{lib_name} = %{version}
Requires: %{name} = %{version}
Provides: %{name}-devel = %{version}-%{release}
Conflicts: openjpeg-devel < 2.0.0

%description -n	%{lib_dev}
This package contains the header files and libraries needed for
developing programs using the %{oname} library.

%{common_description}

%prep
%setup -qn openjpeg-%{version}
%autopatch -p1

%build
%cmake \
  -DOPENJPEG_INSTALL_BIN_DIR:PATH=%{_bindir} \
  -DOPENJPEG_INSTALL_DATA_DIR:PATH=%{_datadir} \
  -DOPENJPEG_INSTALL_LIB_DIR:PATH=%{_lib} \
  -DBUILD_DOC=ON
%make_build

%install
%make_install -C build

rm -rf %{buildroot}%{_docdir}
rm -rf %{buildroot}%{_libdir}/*.a

%files
%doc AUTHORS.md CHANGELOG.md LICENSE NEWS.md README.md THANKS.md
%{_bindir}/*
%{_mandir}/man1/*

%files -n %{lib_name}
%{_libdir}/*.so.%{major}
%{_libdir}/*.so.%{version}

%files -n %{lib_dev}
%{_includedir}/*
%{_mandir}/man3/*
%{_libdir}/*.so
%{_libdir}/openjpeg-*/*.cmake
%{_libdir}/pkgconfig/libopenjp2.pc


%changelog
* Thu Mar 14 2019 daviddavid <daviddavid> 2.2.0-1.4.mga6
+ Revision: 1376627
- add upstream patch to fix CVE-2018-14423 (mga#24511)
+ luigiwalser <luigiwalser>
- add patches from fedora to fix CVE-2018-5785, CVE-2018-6616, CVE-2018-18088
  (also fixes CVE-2017-17479 and CVE-2017-17480)
- add upstream patches via fedora to fix CVE-2017-1404[01]
- rediff patch from opensuse to fix CVE-2017-14039 and CVE-2017-14164
+ neoclust <neoclust>
- Add 3 Patches to fix potential security issues
- New version 2.2.0 - Fixes several CVEs (mga#21527)

* Fri Feb 10 2017 ns80 <ns80> 2.1.2-3.mga6
+ Revision: 1085260
- add patches for CVE-2016-911[2-8] (mga#20038)

* Fri Dec 09 2016 luigiwalser <luigiwalser> 2.1.2-2.mga6
+ Revision: 1073797
- add patch from fedora to explicitly disable building bundled libraries
- add patches from szukw000 to fix CVE-2016-957[23] and CVE-2016-958[01]

* Tue Oct 04 2016 luigiwalser <luigiwalser> 2.1.2-1.mga6
+ Revision: 1058688
- 2.1.2 (fixes CVE-2016-8332)
- remove upstream CVE patches

* Fri Sep 30 2016 luigiwalser <luigiwalser> 2.1.1-3.mga6
+ Revision: 1057914
- add upstream patch to fix CVE-2016-7445

* Fri Sep 09 2016 luigiwalser <luigiwalser> 2.1.1-2.mga6
+ Revision: 1051144
- add upstream patches to fix CVE-2016-5157 and CVE-2016-7163

* Fri Jul 15 2016 luigiwalser <luigiwalser> 2.1.1-1.mga6
+ Revision: 1042236
- 2.1.1
+ umeabot <umeabot>
- Mageia 6 Mass Rebuild

* Tue Dec 01 2015 luigiwalser <luigiwalser> 2.1.0-6.mga6
+ Revision: 907476
- fix broken pkgconfig files

* Tue Oct 06 2015 luigiwalser <luigiwalser> 2.1.0-5.mga6
+ Revision: 886598
- add patch from fedora to fix CVE-2015-6581

* Tue Sep 15 2015 luigiwalser <luigiwalser> 2.1.0-4.mga6
+ Revision: 879667
- add upstream patch to fix use-after-free issue

* Wed Oct 15 2014 umeabot <umeabot> 2.1.0-3.mga5
+ Revision: 745013
- Second Mageia 5 Mass Rebuild

* Tue Sep 16 2014 umeabot <umeabot> 2.1.0-2.mga5
+ Revision: 683219
- Mageia 5 Mass Rebuild

* Wed May 28 2014 luigiwalser <luigiwalser> 2.1.0-1.mga5
+ Revision: 627306
- 2.1.0 (library major is now 7)

* Sat Oct 19 2013 umeabot <umeabot> 2.0.0-4.mga4
+ Revision: 526602
- Mageia 4 Mass Rebuild

* Thu Jun 06 2013 fwang <fwang> 2.0.0-3.mga4
+ Revision: 438304
- drop old obsoletes

* Thu Jun 06 2013 fwang <fwang> 2.0.0-2.mga4
+ Revision: 438296
- update doc dir
- fix build
- imported package openjpeg2