From 2443c472a5ef7973c7c3acd0519495be2a15cfd2 Mon Sep 17 00:00:00 2001 From: Sandro Mani Date: Dec 29 2020 15:08:08 +0000 Subject: Update to 2.4.0 --- diff --git a/.gitignore b/.gitignore index 516d268..d7ce3bc 100644 --- a/.gitignore +++ b/.gitignore @@ -7,3 +7,4 @@ /openjpeg-2.2.0.tar.gz /openjpeg-2.3.0.tar.gz /openjpeg-2.3.1.tar.gz +/openjpeg-2.4.0.tar.gz diff --git a/openjpeg2.spec b/openjpeg2.spec index 40eb76f..accd586 100644 --- a/openjpeg2.spec +++ b/openjpeg2.spec @@ -7,8 +7,8 @@ %global _target_platform %{_vendor}-%{_target_os} Name: openjpeg2 -Version: 2.3.1 -Release: 10%{?dist} +Version: 2.4.0 +Release: 1%{?dist} Summary: C-Library for JPEG 2000 # windirent.h is MIT, the rest is BSD @@ -22,33 +22,6 @@ Source1: data.tar.xz # Rename tool names to avoid conflicts with openjpeg-1.x Patch0: openjpeg2_opj2.patch -# Backport patch for CVE 2020-6851 -# https://github.com/uclouvain/openjpeg/issues/1228 -Patch1: openjpeg2_CVE-2020-6851.patch -# Backport patch for CVE 2020-8112 -# https://github.com/uclouvain/openjpeg/pull/1232/commits/05f9b91e60debda0e83977e5e63b2e66486f7074 -Patch2: openjpeg2_CVE-2020-8112.patch -# Backport patch for CVE-2020-27814 -# https://github.com/uclouvain/openjpeg/commit/eaa098b59b346cb88e4d10d505061f669d7134fc -Patch3: openjpeg2_CVE-2020-27814.patch -# Backport patch for CVE-2020-27824 -# https://github.com/uclouvain/openjpeg/pull/1292/commits/6daf5f3e1ec6eff03b7982889874a3de6617db8d -Patch4: openjpeg2_CVE-2020-27824.patch -# Backport patch for CVE-2020-27823 -# https://github.com/uclouvain/openjpeg/commit/b2072402b7e14d22bba6fb8cde2a1e9996e9a919 -Patch5: openjpeg2_CVE-2020-27823.patch -# Backport patch for CVE-2020-27841 -# https://github.com/rouault/openjpeg/commit/00383e162ae2f8fc951f5745bf1011771acb8dce -Patch6: openjpeg2_CVE-2020-27841.patch -# Backport patch for CVE-2020-27842 -# https://github.com/uclouvain/openjpeg/pull/1296/commits/fbd30b064f8f9607d500437b6fedc41431fd6cdc -Patch7: openjpeg2_CVE-2020-27842.patch -# Backport patch for CVE-2020-27843 -# https://github.com/rouault/openjpeg/commit/38d661a3897052c7ff0b39b30c29cb067e130121 -Patch8: openjpeg2_CVE-2020-27843.patch -# Backport patch for CVE-2020-27845 -# https://github.com/uclouvain/openjpeg/commit/8f5aff1dff510a964d3901d0fba281abec98ab63 -Patch9: openjpeg2_CVE-2020-27845.patch BuildRequires: cmake @@ -286,12 +259,12 @@ chmod +x %{buildroot}%{_bindir}/opj2_jpip_viewer %{_mandir}/man3/libopenjp2.3* %files devel -%dir %{_includedir}/openjpeg-2.3/ -%{_includedir}/openjpeg-2.3/openjpeg.h -%{_includedir}/openjpeg-2.3/opj_config.h -%{_includedir}/openjpeg-2.3/opj_stdint.h +%dir %{_includedir}/openjpeg-2.4/ +%{_includedir}/openjpeg-2.4/openjpeg.h +%{_includedir}/openjpeg-2.4/opj_config.h +%{_includedir}/openjpeg-2.4/opj_stdint.h %{_libdir}/libopenjp2.so -%{_libdir}/openjpeg-2.3/ +%{_libdir}/openjpeg-2.4/ %{_libdir}/pkgconfig/libopenjp2.pc %files devel-docs @@ -351,6 +324,9 @@ chmod +x %{buildroot}%{_bindir}/opj2_jpip_viewer %changelog +* Tue Dec 29 2020 Sandro Mani - 2.4.0-1 +- Update to 2.4.0 + * Thu Dec 17 2020 Sandro Mani - 2.3.1-10 * Backport patches for CVE-2020-27841, CVE-2020-27842, CVE-2020-27843, CVE-2020-27845 diff --git a/openjpeg2_CVE-2020-27814.patch b/openjpeg2_CVE-2020-27814.patch deleted file mode 100644 index 7e546f0..0000000 --- a/openjpeg2_CVE-2020-27814.patch +++ /dev/null @@ -1,16 +0,0 @@ -diff -rupN --no-dereference openjpeg-2.3.1/src/lib/openjp2/tcd.c openjpeg-2.3.1-new/src/lib/openjp2/tcd.c ---- openjpeg-2.3.1/src/lib/openjp2/tcd.c 2020-12-17 16:25:44.797030458 +0100 -+++ openjpeg-2.3.1-new/src/lib/openjp2/tcd.c 2020-12-17 16:25:44.799030456 +0100 -@@ -1235,9 +1235,11 @@ static OPJ_BOOL opj_tcd_code_block_enc_a - - /* +1 is needed for https://github.com/uclouvain/openjpeg/issues/835 */ - /* and actually +2 required for https://github.com/uclouvain/openjpeg/issues/982 */ -+ /* and +7 for https://github.com/uclouvain/openjpeg/issues/1283 (-M 3) */ -+ /* and +26 for https://github.com/uclouvain/openjpeg/issues/1283 (-M 7) */ - /* TODO: is there a theoretical upper-bound for the compressed code */ - /* block size ? */ -- l_data_size = 2 + (OPJ_UINT32)((p_code_block->x1 - p_code_block->x0) * -+ l_data_size = 26 + (OPJ_UINT32)((p_code_block->x1 - p_code_block->x0) * - (p_code_block->y1 - p_code_block->y0) * (OPJ_INT32)sizeof(OPJ_UINT32)); - - if (l_data_size > p_code_block->data_size) { diff --git a/openjpeg2_CVE-2020-27823.patch b/openjpeg2_CVE-2020-27823.patch deleted file mode 100644 index e73f594..0000000 --- a/openjpeg2_CVE-2020-27823.patch +++ /dev/null @@ -1,15 +0,0 @@ -diff -rupN --no-dereference openjpeg-2.3.1/src/bin/jp2/convertpng.c openjpeg-2.3.1-new/src/bin/jp2/convertpng.c ---- openjpeg-2.3.1/src/bin/jp2/convertpng.c 2019-04-02 14:45:15.000000000 +0200 -+++ openjpeg-2.3.1-new/src/bin/jp2/convertpng.c 2020-12-17 16:25:44.882030380 +0100 -@@ -223,9 +223,9 @@ opj_image_t *pngtoimage(const char *read - image->x0 = (OPJ_UINT32)params->image_offset_x0; - image->y0 = (OPJ_UINT32)params->image_offset_y0; - image->x1 = (OPJ_UINT32)(image->x0 + (width - 1) * (OPJ_UINT32) -- params->subsampling_dx + 1 + image->x0); -+ params->subsampling_dx + 1); - image->y1 = (OPJ_UINT32)(image->y0 + (height - 1) * (OPJ_UINT32) -- params->subsampling_dy + 1 + image->y0); -+ params->subsampling_dy + 1); - - row32s = (OPJ_INT32 *)malloc((size_t)width * nr_comp * sizeof(OPJ_INT32)); - if (row32s == NULL) { diff --git a/openjpeg2_CVE-2020-27824.patch b/openjpeg2_CVE-2020-27824.patch deleted file mode 100644 index 0c98e7a..0000000 --- a/openjpeg2_CVE-2020-27824.patch +++ /dev/null @@ -1,12 +0,0 @@ -diff -rupN --no-dereference openjpeg-2.3.1/src/lib/openjp2/dwt.c openjpeg-2.3.1-new/src/lib/openjp2/dwt.c ---- openjpeg-2.3.1/src/lib/openjp2/dwt.c 2019-04-02 14:45:15.000000000 +0200 -+++ openjpeg-2.3.1-new/src/lib/openjp2/dwt.c 2020-12-17 16:25:44.842030417 +0100 -@@ -1293,7 +1293,7 @@ void opj_dwt_calc_explicit_stepsizes(opj - if (tccp->qntsty == J2K_CCP_QNTSTY_NOQNT) { - stepsize = 1.0; - } else { -- OPJ_FLOAT64 norm = opj_dwt_norms_real[orient][level]; -+ OPJ_FLOAT64 norm = opj_dwt_getnorm_real(level, orient); - stepsize = (1 << (gain)) / norm; - } - opj_dwt_encode_stepsize((OPJ_INT32) floor(stepsize * 8192.0), diff --git a/openjpeg2_CVE-2020-27841.patch b/openjpeg2_CVE-2020-27841.patch deleted file mode 100644 index 1d827bc..0000000 --- a/openjpeg2_CVE-2020-27841.patch +++ /dev/null @@ -1,226 +0,0 @@ -diff -rupN --no-dereference openjpeg-2.3.1/src/lib/openjp2/pi.c openjpeg-2.3.1-new/src/lib/openjp2/pi.c ---- openjpeg-2.3.1/src/lib/openjp2/pi.c 2019-04-02 14:45:15.000000000 +0200 -+++ openjpeg-2.3.1-new/src/lib/openjp2/pi.c 2020-12-17 16:25:44.923030342 +0100 -@@ -192,10 +192,12 @@ static void opj_get_all_encoding_paramet - * @param p_image the image used to initialize the packet iterator (in fact only the number of components is relevant. - * @param p_cp the coding parameters. - * @param tileno the index of the tile from which creating the packet iterator. -+ * @param manager Event manager - */ - static opj_pi_iterator_t * opj_pi_create(const opj_image_t *p_image, - const opj_cp_t *p_cp, -- OPJ_UINT32 tileno); -+ OPJ_UINT32 tileno, -+ opj_event_mgr_t* manager); - /** - * FIXME DOC - */ -@@ -230,12 +232,6 @@ static OPJ_BOOL opj_pi_check_next_level( - ========================================================== - */ - --static void opj_pi_emit_error(opj_pi_iterator_t * pi, const char* msg) --{ -- (void)pi; -- (void)msg; --} -- - static OPJ_BOOL opj_pi_next_lrcp(opj_pi_iterator_t * pi) - { - opj_pi_comp_t *comp = NULL; -@@ -272,7 +268,7 @@ static OPJ_BOOL opj_pi_next_lrcp(opj_pi_ - /* include should be resized when a POC arises, or */ - /* the POC should be rejected */ - if (index >= pi->include_size) { -- opj_pi_emit_error(pi, "Invalid access to pi->include"); -+ opj_event_msg(pi->manager, EVT_ERROR, "Invalid access to pi->include"); - return OPJ_FALSE; - } - if (!pi->include[index]) { -@@ -318,7 +314,7 @@ static OPJ_BOOL opj_pi_next_rlcp(opj_pi_ - index = pi->layno * pi->step_l + pi->resno * pi->step_r + pi->compno * - pi->step_c + pi->precno * pi->step_p; - if (index >= pi->include_size) { -- opj_pi_emit_error(pi, "Invalid access to pi->include"); -+ opj_event_msg(pi->manager, EVT_ERROR, "Invalid access to pi->include"); - return OPJ_FALSE; - } - if (!pi->include[index]) { -@@ -449,7 +445,7 @@ static OPJ_BOOL opj_pi_next_rpcl(opj_pi_ - index = pi->layno * pi->step_l + pi->resno * pi->step_r + pi->compno * - pi->step_c + pi->precno * pi->step_p; - if (index >= pi->include_size) { -- opj_pi_emit_error(pi, "Invalid access to pi->include"); -+ opj_event_msg(pi->manager, EVT_ERROR, "Invalid access to pi->include"); - return OPJ_FALSE; - } - if (!pi->include[index]) { -@@ -473,6 +469,13 @@ static OPJ_BOOL opj_pi_next_pcrl(opj_pi_ - opj_pi_resolution_t *res = NULL; - OPJ_UINT32 index = 0; - -+ if (pi->poc.compno0 >= pi->numcomps || -+ pi->poc.compno1 >= pi->numcomps + 1) { -+ opj_event_msg(pi->manager, EVT_ERROR, -+ "opj_pi_next_pcrl(): invalid compno0/compno1"); -+ return OPJ_FALSE; -+ } -+ - if (!pi->first) { - comp = &pi->comps[pi->compno]; - goto LABEL_SKIP; -@@ -580,7 +583,7 @@ static OPJ_BOOL opj_pi_next_pcrl(opj_pi_ - index = pi->layno * pi->step_l + pi->resno * pi->step_r + pi->compno * - pi->step_c + pi->precno * pi->step_p; - if (index >= pi->include_size) { -- opj_pi_emit_error(pi, "Invalid access to pi->include"); -+ opj_event_msg(pi->manager, EVT_ERROR, "Invalid access to pi->include"); - return OPJ_FALSE; - } - if (!pi->include[index]) { -@@ -604,6 +607,13 @@ static OPJ_BOOL opj_pi_next_cprl(opj_pi_ - opj_pi_resolution_t *res = NULL; - OPJ_UINT32 index = 0; - -+ if (pi->poc.compno0 >= pi->numcomps || -+ pi->poc.compno1 >= pi->numcomps + 1) { -+ opj_event_msg(pi->manager, EVT_ERROR, -+ "opj_pi_next_cprl(): invalid compno0/compno1"); -+ return OPJ_FALSE; -+ } -+ - if (!pi->first) { - comp = &pi->comps[pi->compno]; - goto LABEL_SKIP; -@@ -708,7 +718,7 @@ static OPJ_BOOL opj_pi_next_cprl(opj_pi_ - index = pi->layno * pi->step_l + pi->resno * pi->step_r + pi->compno * - pi->step_c + pi->precno * pi->step_p; - if (index >= pi->include_size) { -- opj_pi_emit_error(pi, "Invalid access to pi->include"); -+ opj_event_msg(pi->manager, EVT_ERROR, "Invalid access to pi->include"); - return OPJ_FALSE; - } - if (!pi->include[index]) { -@@ -981,7 +991,8 @@ static void opj_get_all_encoding_paramet - - static opj_pi_iterator_t * opj_pi_create(const opj_image_t *image, - const opj_cp_t *cp, -- OPJ_UINT32 tileno) -+ OPJ_UINT32 tileno, -+ opj_event_mgr_t* manager) - { - /* loop*/ - OPJ_UINT32 pino, compno; -@@ -1015,6 +1026,8 @@ static opj_pi_iterator_t * opj_pi_create - l_current_pi = l_pi; - for (pino = 0; pino < l_poc_bound ; ++pino) { - -+ l_current_pi->manager = manager; -+ - l_current_pi->comps = (opj_pi_comp_t*) opj_calloc(image->numcomps, - sizeof(opj_pi_comp_t)); - if (! l_current_pi->comps) { -@@ -1352,7 +1365,8 @@ static OPJ_BOOL opj_pi_check_next_level( - */ - opj_pi_iterator_t *opj_pi_create_decode(opj_image_t *p_image, - opj_cp_t *p_cp, -- OPJ_UINT32 p_tile_no) -+ OPJ_UINT32 p_tile_no, -+ opj_event_mgr_t* manager) - { - OPJ_UINT32 numcomps = p_image->numcomps; - -@@ -1407,7 +1421,7 @@ opj_pi_iterator_t *opj_pi_create_decode( - } - - /* memory allocation for pi */ -- l_pi = opj_pi_create(p_image, p_cp, p_tile_no); -+ l_pi = opj_pi_create(p_image, p_cp, p_tile_no, manager); - if (!l_pi) { - opj_free(l_tmp_data); - opj_free(l_tmp_ptr); -@@ -1552,7 +1566,8 @@ opj_pi_iterator_t *opj_pi_create_decode( - opj_pi_iterator_t *opj_pi_initialise_encode(const opj_image_t *p_image, - opj_cp_t *p_cp, - OPJ_UINT32 p_tile_no, -- J2K_T2_MODE p_t2_mode) -+ J2K_T2_MODE p_t2_mode, -+ opj_event_mgr_t* manager) - { - OPJ_UINT32 numcomps = p_image->numcomps; - -@@ -1606,7 +1621,7 @@ opj_pi_iterator_t *opj_pi_initialise_enc - } - - /* memory allocation for pi*/ -- l_pi = opj_pi_create(p_image, p_cp, p_tile_no); -+ l_pi = opj_pi_create(p_image, p_cp, p_tile_no, manager); - if (!l_pi) { - opj_free(l_tmp_data); - opj_free(l_tmp_ptr); -diff -rupN --no-dereference openjpeg-2.3.1/src/lib/openjp2/pi.h openjpeg-2.3.1-new/src/lib/openjp2/pi.h ---- openjpeg-2.3.1/src/lib/openjp2/pi.h 2019-04-02 14:45:15.000000000 +0200 -+++ openjpeg-2.3.1-new/src/lib/openjp2/pi.h 2020-12-17 16:25:44.923030342 +0100 -@@ -107,6 +107,8 @@ typedef struct opj_pi_iterator { - OPJ_INT32 x, y; - /** FIXME DOC*/ - OPJ_UINT32 dx, dy; -+ /** event manager */ -+ opj_event_mgr_t* manager; - } opj_pi_iterator_t; - - /** @name Exported functions */ -@@ -119,13 +121,15 @@ typedef struct opj_pi_iterator { - * @param cp the coding parameters. - * @param tileno index of the tile being encoded. - * @param t2_mode the type of pass for generating the packet iterator -+ * @param manager Event manager - * - * @return a list of packet iterator that points to the first packet of the tile (not true). - */ - opj_pi_iterator_t *opj_pi_initialise_encode(const opj_image_t *image, - opj_cp_t *cp, - OPJ_UINT32 tileno, -- J2K_T2_MODE t2_mode); -+ J2K_T2_MODE t2_mode, -+ opj_event_mgr_t* manager); - - /** - * Updates the encoding parameters of the codec. -@@ -161,12 +165,14 @@ Create a packet iterator for Decoder - @param image Raw image for which the packets will be listed - @param cp Coding parameters - @param tileno Number that identifies the tile for which to list the packets -+@param manager Event manager - @return Returns a packet iterator that points to the first packet of the tile - @see opj_pi_destroy - */ - opj_pi_iterator_t *opj_pi_create_decode(opj_image_t * image, - opj_cp_t * cp, -- OPJ_UINT32 tileno); -+ OPJ_UINT32 tileno, -+ opj_event_mgr_t* manager); - /** - * Destroys a packet iterator array. - * -diff -rupN --no-dereference openjpeg-2.3.1/src/lib/openjp2/t2.c openjpeg-2.3.1-new/src/lib/openjp2/t2.c ---- openjpeg-2.3.1/src/lib/openjp2/t2.c 2019-04-02 14:45:15.000000000 +0200 -+++ openjpeg-2.3.1-new/src/lib/openjp2/t2.c 2020-12-17 16:25:44.923030342 +0100 -@@ -244,7 +244,7 @@ OPJ_BOOL opj_t2_encode_packets(opj_t2_t* - l_image->numcomps : 1; - OPJ_UINT32 l_nb_pocs = l_tcp->numpocs + 1; - -- l_pi = opj_pi_initialise_encode(l_image, l_cp, p_tile_no, p_t2_mode); -+ l_pi = opj_pi_initialise_encode(l_image, l_cp, p_tile_no, p_t2_mode, p_manager); - if (!l_pi) { - return OPJ_FALSE; - } -@@ -405,7 +405,7 @@ OPJ_BOOL opj_t2_decode_packets(opj_tcd_t - #endif - - /* create a packet iterator */ -- l_pi = opj_pi_create_decode(l_image, l_cp, p_tile_no); -+ l_pi = opj_pi_create_decode(l_image, l_cp, p_tile_no, p_manager); - if (!l_pi) { - return OPJ_FALSE; - } diff --git a/openjpeg2_CVE-2020-27842.patch b/openjpeg2_CVE-2020-27842.patch deleted file mode 100644 index f85a52f..0000000 --- a/openjpeg2_CVE-2020-27842.patch +++ /dev/null @@ -1,19 +0,0 @@ -diff -rupN --no-dereference openjpeg-2.3.1/src/lib/openjp2/t2.c openjpeg-2.3.1-new/src/lib/openjp2/t2.c ---- openjpeg-2.3.1/src/lib/openjp2/t2.c 2020-12-17 16:25:44.967030302 +0100 -+++ openjpeg-2.3.1-new/src/lib/openjp2/t2.c 2020-12-17 16:25:44.969030300 +0100 -@@ -711,6 +711,15 @@ static OPJ_BOOL opj_t2_encode_packet(OPJ - continue; - } - -+ /* Avoid out of bounds access of https://github.com/uclouvain/openjpeg/issues/1294 */ -+ /* but likely not a proper fix. */ -+ if (precno >= res->pw * res->ph) { -+ opj_event_msg(p_manager, EVT_ERROR, -+ "opj_t2_encode_packet(): accessing precno=%u >= %u\n", -+ precno, res->pw * res->ph); -+ return OPJ_FALSE; -+ } -+ - prc = &band->precincts[precno]; - opj_tgt_reset(prc->incltree); - opj_tgt_reset(prc->imsbtree); diff --git a/openjpeg2_CVE-2020-27843.patch b/openjpeg2_CVE-2020-27843.patch deleted file mode 100644 index d4705d6..0000000 --- a/openjpeg2_CVE-2020-27843.patch +++ /dev/null @@ -1,19 +0,0 @@ -diff -rupN --no-dereference openjpeg-2.3.1/src/lib/openjp2/t2.c openjpeg-2.3.1-new/src/lib/openjp2/t2.c ---- openjpeg-2.3.1/src/lib/openjp2/t2.c 2020-12-17 16:25:45.009030263 +0100 -+++ openjpeg-2.3.1-new/src/lib/openjp2/t2.c 2020-12-17 16:25:45.011030261 +0100 -@@ -787,6 +787,15 @@ static OPJ_BOOL opj_t2_encode_packet(OPJ - continue; - } - -+ /* Avoid out of bounds access of https://github.com/uclouvain/openjpeg/issues/1297 */ -+ /* but likely not a proper fix. */ -+ if (precno >= res->pw * res->ph) { -+ opj_event_msg(p_manager, EVT_ERROR, -+ "opj_t2_encode_packet(): accessing precno=%u >= %u\n", -+ precno, res->pw * res->ph); -+ return OPJ_FALSE; -+ } -+ - prc = &band->precincts[precno]; - l_nb_blocks = prc->cw * prc->ch; - cblk = prc->cblks.enc; diff --git a/openjpeg2_CVE-2020-27845.patch b/openjpeg2_CVE-2020-27845.patch deleted file mode 100644 index 1b8f41f..0000000 --- a/openjpeg2_CVE-2020-27845.patch +++ /dev/null @@ -1,63 +0,0 @@ -diff -rupN --no-dereference openjpeg-2.3.1/src/lib/openjp2/pi.c openjpeg-2.3.1-new/src/lib/openjp2/pi.c ---- openjpeg-2.3.1/src/lib/openjp2/pi.c 2020-12-17 16:25:44.966030303 +0100 -+++ openjpeg-2.3.1-new/src/lib/openjp2/pi.c 2020-12-17 16:25:45.053030223 +0100 -@@ -238,6 +238,13 @@ static OPJ_BOOL opj_pi_next_lrcp(opj_pi_ - opj_pi_resolution_t *res = NULL; - OPJ_UINT32 index = 0; - -+ if (pi->poc.compno0 >= pi->numcomps || -+ pi->poc.compno1 >= pi->numcomps + 1) { -+ opj_event_msg(pi->manager, EVT_ERROR, -+ "opj_pi_next_lrcp(): invalid compno0/compno1\n"); -+ return OPJ_FALSE; -+ } -+ - if (!pi->first) { - comp = &pi->comps[pi->compno]; - res = &comp->resolutions[pi->resno]; -@@ -291,6 +298,13 @@ static OPJ_BOOL opj_pi_next_rlcp(opj_pi_ - opj_pi_resolution_t *res = NULL; - OPJ_UINT32 index = 0; - -+ if (pi->poc.compno0 >= pi->numcomps || -+ pi->poc.compno1 >= pi->numcomps + 1) { -+ opj_event_msg(pi->manager, EVT_ERROR, -+ "opj_pi_next_rlcp(): invalid compno0/compno1\n"); -+ return OPJ_FALSE; -+ } -+ - if (!pi->first) { - comp = &pi->comps[pi->compno]; - res = &comp->resolutions[pi->resno]; -@@ -337,6 +351,13 @@ static OPJ_BOOL opj_pi_next_rpcl(opj_pi_ - opj_pi_resolution_t *res = NULL; - OPJ_UINT32 index = 0; - -+ if (pi->poc.compno0 >= pi->numcomps || -+ pi->poc.compno1 >= pi->numcomps + 1) { -+ opj_event_msg(pi->manager, EVT_ERROR, -+ "opj_pi_next_rpcl(): invalid compno0/compno1\n"); -+ return OPJ_FALSE; -+ } -+ - if (!pi->first) { - goto LABEL_SKIP; - } else { -@@ -472,7 +493,7 @@ static OPJ_BOOL opj_pi_next_pcrl(opj_pi_ - if (pi->poc.compno0 >= pi->numcomps || - pi->poc.compno1 >= pi->numcomps + 1) { - opj_event_msg(pi->manager, EVT_ERROR, -- "opj_pi_next_pcrl(): invalid compno0/compno1"); -+ "opj_pi_next_pcrl(): invalid compno0/compno1\n"); - return OPJ_FALSE; - } - -@@ -610,7 +631,7 @@ static OPJ_BOOL opj_pi_next_cprl(opj_pi_ - if (pi->poc.compno0 >= pi->numcomps || - pi->poc.compno1 >= pi->numcomps + 1) { - opj_event_msg(pi->manager, EVT_ERROR, -- "opj_pi_next_cprl(): invalid compno0/compno1"); -+ "opj_pi_next_cprl(): invalid compno0/compno1\n"); - return OPJ_FALSE; - } - diff --git a/openjpeg2_CVE-2020-6851.patch b/openjpeg2_CVE-2020-6851.patch deleted file mode 100644 index 9962363..0000000 --- a/openjpeg2_CVE-2020-6851.patch +++ /dev/null @@ -1,18 +0,0 @@ -diff -rupN --no-dereference openjpeg-2.3.1/src/lib/openjp2/j2k.c openjpeg-2.3.1-new/src/lib/openjp2/j2k.c ---- openjpeg-2.3.1/src/lib/openjp2/j2k.c 2019-04-02 14:45:15.000000000 +0200 -+++ openjpeg-2.3.1-new/src/lib/openjp2/j2k.c 2020-12-17 16:25:44.708030540 +0100 -@@ -9236,6 +9236,14 @@ static OPJ_BOOL opj_j2k_update_image_dim - l_img_comp = p_image->comps; - for (it_comp = 0; it_comp < p_image->numcomps; ++it_comp) { - OPJ_INT32 l_h, l_w; -+ if (p_image->x0 > (OPJ_UINT32)INT_MAX || -+ p_image->y0 > (OPJ_UINT32)INT_MAX || -+ p_image->x1 > (OPJ_UINT32)INT_MAX || -+ p_image->y1 > (OPJ_UINT32)INT_MAX) { -+ opj_event_msg(p_manager, EVT_ERROR, -+ "Image coordinates above INT_MAX are not supported\n"); -+ return OPJ_FALSE; -+ } - - l_img_comp->x0 = (OPJ_UINT32)opj_int_ceildiv((OPJ_INT32)p_image->x0, - (OPJ_INT32)l_img_comp->dx); diff --git a/openjpeg2_CVE-2020-8112.patch b/openjpeg2_CVE-2020-8112.patch deleted file mode 100644 index a42190d..0000000 --- a/openjpeg2_CVE-2020-8112.patch +++ /dev/null @@ -1,30 +0,0 @@ -diff -rupN --no-dereference openjpeg-2.3.1/src/lib/openjp2/tcd.c openjpeg-2.3.1-new/src/lib/openjp2/tcd.c ---- openjpeg-2.3.1/src/lib/openjp2/tcd.c 2019-04-02 14:45:15.000000000 +0200 -+++ openjpeg-2.3.1-new/src/lib/openjp2/tcd.c 2020-12-17 16:25:44.754030498 +0100 -@@ -905,8 +905,24 @@ static INLINE OPJ_BOOL opj_tcd_init_tile - /* p. 64, B.6, ISO/IEC FDIS15444-1 : 2000 (18 august 2000) */ - l_tl_prc_x_start = opj_int_floordivpow2(l_res->x0, (OPJ_INT32)l_pdx) << l_pdx; - l_tl_prc_y_start = opj_int_floordivpow2(l_res->y0, (OPJ_INT32)l_pdy) << l_pdy; -- l_br_prc_x_end = opj_int_ceildivpow2(l_res->x1, (OPJ_INT32)l_pdx) << l_pdx; -- l_br_prc_y_end = opj_int_ceildivpow2(l_res->y1, (OPJ_INT32)l_pdy) << l_pdy; -+ { -+ OPJ_UINT32 tmp = ((OPJ_UINT32)opj_int_ceildivpow2(l_res->x1, -+ (OPJ_INT32)l_pdx)) << l_pdx; -+ if (tmp > (OPJ_UINT32)INT_MAX) { -+ opj_event_msg(manager, EVT_ERROR, "Integer overflow\n"); -+ return OPJ_FALSE; -+ } -+ l_br_prc_x_end = (OPJ_INT32)tmp; -+ } -+ { -+ OPJ_UINT32 tmp = ((OPJ_UINT32)opj_int_ceildivpow2(l_res->y1, -+ (OPJ_INT32)l_pdy)) << l_pdy; -+ if (tmp > (OPJ_UINT32)INT_MAX) { -+ opj_event_msg(manager, EVT_ERROR, "Integer overflow\n"); -+ return OPJ_FALSE; -+ } -+ l_br_prc_y_end = (OPJ_INT32)tmp; -+ } - /*fprintf(stderr, "\t\t\tprc_x_start=%d, prc_y_start=%d, br_prc_x_end=%d, br_prc_y_end=%d \n", l_tl_prc_x_start, l_tl_prc_y_start, l_br_prc_x_end ,l_br_prc_y_end );*/ - - l_res->pw = (l_res->x0 == l_res->x1) ? 0U : (OPJ_UINT32)(( diff --git a/openjpeg2_opj2.patch b/openjpeg2_opj2.patch index 38a810f..3cbf8c3 100644 --- a/openjpeg2_opj2.patch +++ b/openjpeg2_opj2.patch @@ -1,6 +1,6 @@ -diff -rupN --no-dereference openjpeg-2.3.1/src/bin/jp2/CMakeLists.txt openjpeg-2.3.1-new/src/bin/jp2/CMakeLists.txt ---- openjpeg-2.3.1/src/bin/jp2/CMakeLists.txt 2019-04-02 14:45:15.000000000 +0200 -+++ openjpeg-2.3.1-new/src/bin/jp2/CMakeLists.txt 2020-12-17 16:25:44.665030580 +0100 +diff -rupN --no-dereference openjpeg-2.4.0/src/bin/jp2/CMakeLists.txt openjpeg-2.4.0-new/src/bin/jp2/CMakeLists.txt +--- openjpeg-2.4.0/src/bin/jp2/CMakeLists.txt 2020-12-28 21:59:39.000000000 +0100 ++++ openjpeg-2.4.0-new/src/bin/jp2/CMakeLists.txt 2020-12-29 15:45:09.466819414 +0100 @@ -44,6 +44,8 @@ endif() # Loop over all executables: foreach(exe opj_decompress opj_compress opj_dump) diff --git a/sources b/sources index 955316f..bfa7830 100644 --- a/sources +++ b/sources @@ -1 +1 @@ -SHA512 (openjpeg-2.3.1.tar.gz) = 339fbc899bddf2393d214df71ed5d6070a3a76b933b1e75576c8a0ae9dfcc4adec40bdc544f599e4b8d0bc173e4e9e7352408497b5b3c9356985605830c26c03 +SHA512 (openjpeg-2.4.0.tar.gz) = 55daab47d33823af94e32e5d345b52c251a5410f0c8e0a13b693f17899eedc8b2bb107489ddcba9ab78ef17dfd7cd80d3c5ec80c1e429189cb041124b67e07a8