rpms/jasper
7
0
Fork 0
Code Issues Pull Requests Releases Activity

New release 1.900.3

Browse Source
This commit is contained in:
Josef Ridky 2016-10-13 07:47:15 +02:00
parent d5372ddd3f
commit edae2ab653
6 changed files with 7 additions and 186 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
.gitignore vendored
View File

@ -4,3 +4,4 @@ jasper-1.701.0.zip
jasper-1.900.0.zip jasper-1.900.0.zip
jasper-1.900.1.zip jasper-1.900.1.zip
/jasper-1.900.2.tar.gz /jasper-1.900.2.tar.gz
/jasper-1.900.3.tar.gz

37
jasper-1.900.1-Coverity-UNREACHABLE.patch
View File

@ -1,37 +0,0 @@
Error: UNREACHABLE
jp2/jp2_cod.c:304: unreachable: This code cannot be reached: "abort();".
jp2/jp2_cod.c:514: unreachable: This code cannot be reached: "abort();".
jp2/jp2_enc.c:354: unreachable: This code cannot be reached: "abort();".
diff -up jasper-1.900.1/src/libjasper/jp2/jp2_cod.c.unreachable jasper-1.900.1/src/libjasper/jp2/jp2_cod.c
--- jasper-1.900.1/src/libjasper/jp2/jp2_cod.c.unreachable 2007-01-19 22:43:05.000000000 +0100
+++ jasper-1.900.1/src/libjasper/jp2/jp2_cod.c 2011-06-27 15:28:13.083137952 +0200
@@ -301,7 +301,6 @@ jp2_box_t *jp2_box_get(jas_stream_t *in)
}
return box;
- abort();
error:
if (box) {
@@ -511,7 +510,6 @@ int jp2_box_put(jp2_box_t *box, jas_stre
}
return 0;
- abort();
error:
diff -up jasper-1.900.1/src/libjasper/jp2/jp2_enc.c.unreachable jasper-1.900.1/src/libjasper/jp2/jp2_enc.c
--- jasper-1.900.1/src/libjasper/jp2/jp2_enc.c.unreachable 2007-01-19 22:43:05.000000000 +0100
+++ jasper-1.900.1/src/libjasper/jp2/jp2_enc.c 2011-06-27 15:27:58.858353979 +0200
@@ -351,7 +351,6 @@ int sgnd;
}
return 0;
- abort();
error:

57
jasper-CVE-2014-8137.patch
View File

@ -1,57 +0,0 @@
--- jasper-1.900.1.orig/src/libjasper/base/jas_icc.c 2014-12-11 14:06:44.000000000 +0100
+++ jasper-1.900.1/src/libjasper/base/jas_icc.c 2014-12-11 15:16:37.971272386 +0100
@@ -1009,7 +1009,6 @@ static int jas_icccurv_input(jas_iccattr
return 0;
error:
- jas_icccurv_destroy(attrval);
return -1;
}
@@ -1127,7 +1126,6 @@ static int jas_icctxtdesc_input(jas_icca
#endif
return 0;
error:
- jas_icctxtdesc_destroy(attrval);
return -1;
}
@@ -1206,8 +1204,6 @@ static int jas_icctxt_input(jas_iccattrv
goto error;
return 0;
error:
- if (txt->string)
- jas_free(txt->string);
return -1;
}
@@ -1328,7 +1324,6 @@ static int jas_icclut8_input(jas_iccattr
goto error;
return 0;
error:
- jas_icclut8_destroy(attrval);
return -1;
}
@@ -1497,7 +1492,6 @@ static int jas_icclut16_input(jas_iccatt
goto error;
return 0;
error:
- jas_icclut16_destroy(attrval);
return -1;
}
--- jasper-1.900.1.orig/src/libjasper/jp2/jp2_dec.c 2014-12-11 14:30:54.193209780 +0100
+++ jasper-1.900.1/src/libjasper/jp2/jp2_dec.c 2014-12-11 14:36:46.313217814 +0100
@@ -291,7 +291,10 @@ jas_image_t *jp2_decode(jas_stream_t *in
case JP2_COLR_ICC:
iccprof = jas_iccprof_createfrombuf(dec->colr->data.colr.iccp,
dec->colr->data.colr.iccplen);
- assert(iccprof);
+ if (!iccprof) {
+ jas_eprintf("error: failed to parse ICC profile\n");
+ goto error;
+ }
jas_iccprof_gethdr(iccprof, &icchdr);
jas_eprintf("ICC Profile CS %08x\n", icchdr.colorspc);
jas_image_setclrspc(dec->image, fromiccpcs(icchdr.colorspc));

83
jasper-CVE-2016-2089-matrix-rows-NULL-check.diff
View File

@ -1,83 +0,0 @@
diff -pru jasper-1.900.1.orig/src/libjasper/base/jas_image.c jasper-1.900.1/src/libjasper/base/jas_image.c
--- jasper-1.900.1.orig/src/libjasper/base/jas_image.c 2016-02-01 14:53:56.000000000 +0100
+++ jasper-1.900.1/src/libjasper/base/jas_image.c 2016-02-01 21:49:58.746006339 +0100
@@ -433,6 +433,10 @@ int jas_image_readcmpt(jas_image_t *imag
return -1;
}
+ if (!data->rows_) {
+ return -1;
+ }
+
if (jas_matrix_numrows(data) != height || jas_matrix_numcols(data) != width) {
if (jas_matrix_resize(data, height, width)) {
return -1;
@@ -486,6 +490,10 @@ int jas_image_writecmpt(jas_image_t *ima
return -1;
}
+ if (!data->rows_) {
+ return -1;
+ }
+
if (jas_matrix_numrows(data) != height || jas_matrix_numcols(data) != width) {
return -1;
}
diff -pru jasper-1.900.1.orig/src/libjasper/base/jas_seq.c jasper-1.900.1/src/libjasper/base/jas_seq.c
--- jasper-1.900.1.orig/src/libjasper/base/jas_seq.c 2016-02-01 14:53:56.000000000 +0100
+++ jasper-1.900.1/src/libjasper/base/jas_seq.c 2016-02-01 21:53:45.149193159 +0100
@@ -266,6 +266,10 @@ void jas_matrix_divpow2(jas_matrix_t *ma
int rowstep;
jas_seqent_t *data;
+ if (!matrix->rows_) {
+ return;
+ }
+
rowstep = jas_matrix_rowstep(matrix);
for (i = matrix->numrows_, rowstart = matrix->rows_[0]; i > 0; --i,
rowstart += rowstep) {
@@ -286,6 +290,10 @@ void jas_matrix_clip(jas_matrix_t *matri
jas_seqent_t *data;
int rowstep;
+ if (!matrix->rows_) {
+ return;
+ }
+
rowstep = jas_matrix_rowstep(matrix);
for (i = matrix->numrows_, rowstart = matrix->rows_[0]; i > 0; --i,
rowstart += rowstep) {
@@ -310,6 +318,10 @@ void jas_matrix_asr(jas_matrix_t *matrix
int rowstep;
jas_seqent_t *data;
+ if (!matrix->rows_) {
+ return;
+ }
+
assert(n >= 0);
rowstep = jas_matrix_rowstep(matrix);
for (i = matrix->numrows_, rowstart = matrix->rows_[0]; i > 0; --i,
@@ -329,6 +341,10 @@ void jas_matrix_asl(jas_matrix_t *matrix
int rowstep;
jas_seqent_t *data;
+ if (!matrix->rows_) {
+ return;
+ }
+
rowstep = jas_matrix_rowstep(matrix);
for (i = matrix->numrows_, rowstart = matrix->rows_[0]; i > 0; --i,
rowstart += rowstep) {
@@ -371,6 +387,10 @@ void jas_matrix_setall(jas_matrix_t *mat
int rowstep;
jas_seqent_t *data;
+ if (!matrix->rows_) {
+ return;
+ }
+
rowstep = jas_matrix_rowstep(matrix);
for (i = matrix->numrows_, rowstart = matrix->rows_[0]; i > 0; --i,
rowstart += rowstep) {

13
jasper.spec
View File

@ -6,8 +6,8 @@
Summary: Implementation of the JPEG-2000 standard, Part 1 Summary: Implementation of the JPEG-2000 standard, Part 1
Name: jasper Name: jasper
Group: System Environment/Libraries Group: System Environment/Libraries
Version: 1.900.2 Version: 1.900.3
Release: 2%{?dist} Release: 1%{?dist}
%if "%{version}" >= "1.900.2" %if "%{version}" >= "1.900.2"
%define ext .tar.gz %define ext .tar.gz
@ -27,13 +27,10 @@ Patch1: patch-libjasper-stepsizes-overflow.diff
# https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2008-3520 # https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2008-3520
Patch2: jasper-1.900.1-CVE-2008-3520.patch Patch2: jasper-1.900.1-CVE-2008-3520.patch
Patch3: jasper-1.900.1-CVE-2011-4516-CVE-2011-4517-CERT-VU-887409.patch Patch3: jasper-1.900.1-CVE-2011-4516-CVE-2011-4517-CERT-VU-887409.patch
Patch4: jasper-CVE-2014-8137.patch
Patch5: jasper-CVE-2016-2089-matrix-rows-NULL-check.diff
# Issues found by static analysis of code # Issues found by static analysis of code
Patch110: jasper-1.900.1-Coverity-NULL_RETURNS.patch Patch110: jasper-1.900.1-Coverity-NULL_RETURNS.patch
Patch111: jasper-1.900.1-Coverity-RESOURCE_LEAK.patch Patch111: jasper-1.900.1-Coverity-RESOURCE_LEAK.patch
Patch112: jasper-1.900.1-Coverity-UNREACHABLE.patch
# autoreconf # autoreconf
BuildRequires: autoconf automake libtool BuildRequires: autoconf automake libtool
@ -82,12 +79,9 @@ Requires: %{name}-libs%{?_isa} = %{version}-%{release}
%patch1 -p1 -b .CVE-2007-2721 %patch1 -p1 -b .CVE-2007-2721
%patch2 -p1 -b .CVE-2008-3520 %patch2 -p1 -b .CVE-2008-3520
%patch3 -p1 -b .CVE-2011-4516-4517 %patch3 -p1 -b .CVE-2011-4516-4517
%patch4 -p1 -b .CVE-2014-8137-variant2
%patch5 -p1 -b .CVE-2016-2089
%patch110 -p1 -b .NULL_RETURNS %patch110 -p1 -b .NULL_RETURNS
%patch111 -p1 -b .RESOURCE_LEAK %patch111 -p1 -b .RESOURCE_LEAK
%patch112 -p1 -b .UNREACHABLE
autoreconf --verbose --force --install autoreconf --verbose --force --install
@ -157,6 +151,9 @@ make check
%changelog %changelog
* Thu Oct 13 2016 Josef Ridky <jridky@redhat.com> - 1.900.3-1
- New upstream release 1.900.3
* Tue Oct 11 2016 Josef Ridky <jridky@redhat.com> - 1.900.2-2 * Tue Oct 11 2016 Josef Ridky <jridky@redhat.com> - 1.900.2-2
- CVE-2016-2089 - matrix rows_ NULL pointer dereference in jas_matrix_clip() (#1302636) - CVE-2016-2089 - matrix rows_ NULL pointer dereference in jas_matrix_clip() (#1302636)

2
sources
View File

@ -1 +1 @@
7b5a75e769e03c94c5f4849001cfcfa5 jasper-1.900.2.tar.gz 648c3b863516a5204e406de4011ab140 jasper-1.900.3.tar.gz