Merged update from upstream sources
This is an automated DistroBaker update from upstream sources. If you do not know what this is about or would like to opt out, contact the OSCI team. Source: https://src.fedoraproject.org/rpms/jasper.git#7ea8e1cbc4ffc32d779e74d194ab8194e76e9616
This commit is contained in:
DistroBaker
parent
774a831f65
commit
6732bf4d9b
29
jasper-CVE-2021-3443.patch
Normal file
29
jasper-CVE-2021-3443.patch
Normal file
@ -0,0 +1,29 @@
|
||||
From f94e7499a8b1471a4905c4f9c9e12e60fe88264b Mon Sep 17 00:00:00 2001
|
||||
From: Michael Adams <mdadams@ece.uvic.ca>
|
||||
Date: Sat, 13 Mar 2021 20:04:58 -0800
|
||||
Subject: [PATCH] Fixes #269. Added a check for an invalid component reference
|
||||
in the JP2 decoder.
|
||||
|
||||
---
|
||||
src/libjasper/jp2/jp2_dec.c | 8 +++++++-
|
||||
1 files changed, 7 insertions(+), 1 deletion(-)
|
||||
|
||||
diff --git a/src/libjasper/jp2/jp2_dec.c b/src/libjasper/jp2/jp2_dec.c
|
||||
index 2863d82..fe2e29d 100644
|
||||
--- a/src/libjasper/jp2/jp2_dec.c
|
||||
+++ b/src/libjasper/jp2/jp2_dec.c
|
||||
@@ -451,7 +451,13 @@ jas_image_t *jp2_decode(jas_stream_t *in, const char *optstr)
|
||||
}
|
||||
} else {
|
||||
for (i = 0; i < dec->numchans; ++i) {
|
||||
- jas_image_setcmpttype(dec->image, dec->chantocmptlut[i],
|
||||
+ unsigned compno = dec->chantocmptlut[i];
|
||||
+ if (compno >= jas_image_numcmpts(dec->image)) {
|
||||
+ jas_eprintf(
|
||||
+ "error: invalid component reference (%d)\n", compno);
|
||||
+ goto error;
|
||||
+ }
|
||||
+ jas_image_setcmpttype(dec->image, compno,
|
||||
jp2_getct(jas_image_clrspc(dec->image), 0, i + 1));
|
||||
}
|
||||
}
|
||||
@ -6,7 +6,7 @@
|
||||
Summary: Implementation of the JPEG-2000 standard, Part 1
|
||||
Name: jasper
|
||||
Version: 2.0.26
|
||||
Release: 1%{?dist}
|
||||
Release: 2%{?dist}
|
||||
|
||||
License: JasPer
|
||||
URL: http://www.ece.uvic.ca/~frodo/jasper/
|
||||
@ -15,6 +15,7 @@ Source0: https://github.com/jasper-software/jasper/archive/version-%{version}.ta
|
||||
# skip hard-coded prefix/lib rpath
|
||||
Patch2: jasper-2.0.14-rpath.patch
|
||||
Patch3: jasper-freeglut.patch
|
||||
Patch4: jasper-CVE-2021-3443.patch
|
||||
|
||||
# architecture related patches
|
||||
Patch100: jasper-2.0.2-test-ppc64-disable.patch
|
||||
@ -68,6 +69,7 @@ Requires: %{name}-libs%{?_isa} = %{version}-%{release}
|
||||
# Need to disable one test to be able to build it on ppc64 arch
|
||||
# At ppc64 this test just stuck (nothing happend - no exception or error)
|
||||
%patch3 -p1 -b .freeglut
|
||||
%patch4 -p1 -b .CVE-2021-3443
|
||||
|
||||
%if "%{_arch}" == "ppc64"
|
||||
%patch100 -p1 -b .test-ppc64-disable
|
||||
@ -128,6 +130,9 @@ make test -C builder
|
||||
|
||||
|
||||
%changelog
|
||||
* Tue Mar 16 2021 Josef Ridky <jridky@redhat.com> - 2.0.26-2
|
||||
- Fix CVE-2021-3443 (#1939233)
|
||||
|
||||
* Wed Mar 10 2021 Josef Ridky <jridky@redhat.com> - 2.0.26-1
|
||||
- New upstream release 2.0.26 (#1935900)
|
||||
|
||||
|
||||
Loading…
Reference in New Issue
Block a user