import jasper-2.0.14-5.el8

2021-11-09 04:49:55 -05:00 · 2021-11-09 04:49:55 -05:00 · 2638508ca1
commit 2638508ca1
parent f80915a2cb
4 changed files with 93 additions and 1 deletions
--- a/SOURCES/jasper-2.0.14-CVE-2020-27828.patch
+++ b/SOURCES/jasper-2.0.14-CVE-2020-27828.patch
@ -0,0 +1,14 @@
+diff -urNp a/src/libjasper/jpc/jpc_enc.c b/src/libjasper/jpc/jpc_enc.c
+--- a/src/libjasper/jpc/jpc_enc.c	2021-06-01 14:07:34.988061153 +0200
+++ b/src/libjasper/jpc/jpc_enc.c	2021-06-01 14:08:32.100584582 +0200
+@@ -508,6 +508,10 @@ static jpc_enc_cp_t *cp_create(const cha
+ 			break;
+ 		case OPT_MAXRLVLS:
+ 			tccp->maxrlvls = atoi(jas_tvparser_getval(tvp));
+            if(tccp->maxrlvls > JPC_MAXRLVLS) {
+				jas_eprintf("invalid number of resolution levels upper than %d\n",JPC_MAXRLVLS);
+				goto error;
+			}
+ 			break;
+ 		case OPT_SOP:
+ 			cp->tcp.csty |= JPC_COD_SOP;
--- a/SOURCES/jasper-2.0.14-CVE-2021-26927.patch
+++ b/SOURCES/jasper-2.0.14-CVE-2021-26927.patch
@ -0,0 +1,47 @@
+diff -urNp a/src/libjasper/jp2/jp2_dec.c b/src/libjasper/jp2/jp2_dec.c
+--- a/src/libjasper/jp2/jp2_dec.c	2021-06-01 13:32:59.330396797 +0200
+++ b/src/libjasper/jp2/jp2_dec.c	2021-06-01 13:46:16.982925961 +0200
+@@ -230,7 +230,8 @@ jas_image_t *jp2_decode(jas_stream_t *in
+ 	  the value specified in the code stream? */
+ 	if (dec->ihdr->data.ihdr.numcmpts != JAS_CAST(jas_uint,
+ 	  jas_image_numcmpts(dec->image))) {
+-		jas_eprintf("warning: number of components mismatch\n");
+		jas_eprintf("error: number of components mismatch (IHDR)\n");
+        goto error;
+ 	}
+ 
+ 	/* At least one component must be present. */
+@@ -253,7 +254,8 @@ jas_image_t *jp2_decode(jas_stream_t *in
+ 	  with the data in the code stream? */
+ 	if ((samedtype && dec->ihdr->data.ihdr.bpc != JP2_DTYPETOBPC(dtype)) ||
+ 	  (!samedtype && dec->ihdr->data.ihdr.bpc != JP2_IHDR_BPCNULL)) {
+-		jas_eprintf("warning: component data type mismatch\n");
+		jas_eprintf("error: component data type mismatch (IHDR)\n");
+        goto error;
+ 	}
+ 
+ 	/* Is the compression type supported? */
+@@ -265,9 +267,10 @@ jas_image_t *jp2_decode(jas_stream_t *in
+ 	if (dec->bpcc) {
+ 		/* Is the number of components indicated in the BPCC box
+ 		  consistent with the code stream data? */
+-		if (dec->bpcc->data.bpcc.numcmpts != JAS_CAST(jas_uint, jas_image_numcmpts(
+-		  dec->image))) {
+-			jas_eprintf("warning: number of components mismatch\n");
+		if (dec->bpcc->data.bpcc.numcmpts !=
+          JAS_CAST(jas_uint, jas_image_numcmpts(dec->image))) {
+			    jas_eprintf("error: number of components mismatch (BPCC)\n");
+                goto error;
+ 		}
+ 		/* Is the component data type information indicated in the BPCC
+ 		  box consistent with the code stream data? */
+@@ -276,7 +279,8 @@ jas_image_t *jp2_decode(jas_stream_t *in
+ 			  ++i) {
+ 				if (jas_image_cmptdtype(dec->image, i) !=
+ 				  JP2_BPCTODTYPE(dec->bpcc->data.bpcc.bpcs[i])) {
+-					jas_eprintf("warning: component data type mismatch\n");
+					    jas_eprintf("error: component data type mismatch (BPCC)\n");
+                        goto error;
+ 				}
+ 			}
+ 		} else {
--- a/SOURCES/jasper-2.0.14-CVE-2021-3272.patch
+++ b/SOURCES/jasper-2.0.14-CVE-2021-3272.patch
@ -0,0 +1,18 @@
+diff -urNp a/src/libjasper/jp2/jp2_dec.c b/src/libjasper/jp2/jp2_dec.c
+--- a/src/libjasper/jp2/jp2_dec.c	2021-06-01 13:50:54.213552191 +0200
+++ b/src/libjasper/jp2/jp2_dec.c	2021-06-01 14:02:40.016274587 +0200
+@@ -396,6 +396,14 @@ jas_image_t *jp2_decode(jas_stream_t *in
+ 		}
+ 	}
+ 
+    /* Ensure that the number of channels being used by the decoder
+	  matches the number of image components. */
+	if (dec->numchans != jas_image_numcmpts(dec->image)) {
+		jas_eprintf("error: mismatch in number of components (%d != %d)\n",
+		  dec->numchans, jas_image_numcmpts(dec->image));
+		goto error;
+	}
+
+ 	/* Mark all components as being of unknown type. */
+ 
+ 	for (i = 0; i < JAS_CAST(jas_uint, jas_image_numcmpts(dec->image)); ++i) {
--- a/SPECS/jasper.spec
+++ b/SPECS/jasper.spec
@ -6,7 +6,7 @@
 Summary: Implementation of the JPEG-2000 standard, Part 1
 Name:    jasper
 Version: 2.0.14
-Release: 4%{?dist}
+Release: 5%{?dist}

 License: JasPer
 URL:     http://www.ece.uvic.ca/~frodo/jasper/
@ -14,6 +14,10 @@ Source0: http://www.ece.uvic.ca/~frodo/jasper/software/jasper-%{version}.tar.gz


 Patch1: jasper-2.0.14-CVE-2016-9396.patch
+Patch2: jasper-2.0.14-CVE-2021-26927.patch
+Patch3: jasper-2.0.14-CVE-2021-3272.patch
+Patch4: jasper-2.0.14-CVE-2020-27828.patch
+
 # architecture related patches
 Patch100: jasper-2.0.2-test-ppc64-disable.patch
 Patch101: jasper-2.0.2-test-ppc64le-disable.patch
@ -62,6 +66,9 @@ Requires: %{name}-libs%{?_isa} = %{version}-%{release}
 %setup -q -n %{name}-%{version}

 %patch1 -p1 -b .CVE-2016-9396
+%patch2 -p1 -b .CVE-2021-26927
+%patch3 -p1 -b .CVE-2021-3272
+%patch4 -p1 -b .CVE-2020-27828
 # Need to disable one test to be able to build it on ppc64 arch
 # At ppc64 this test just stuck (nothing happend - no exception or error)

@ -136,6 +143,12 @@ popd


 %changelog
+* Tue Jun 01 2021 Josef Ridky <jridky@redhat.com> - 2.0.14-5
+- Fix CVE-2021-26927 (#1933860)
+- Fix CVE-2021-26926 (#1922316)
+- Fix CVE-2021-3272 (#1922283)
+- Fix CVE-2020-27828 (#1905692)
+
 * Wed May 30 2018 Josef Ridky <jridky@redhat.com> - 2.0.14-4
 - Fix CVE-2016-9396 (#1583722)