Compare commits

...

No commits in common. "c8s" and "c9s" have entirely different histories.
c8s ... c9s

12 changed files with 235 additions and 140 deletions

22
.gitignore vendored
View File

@ -1,2 +1,22 @@
SOURCES/jasper-2.0.14.tar.gz
clog
geojasper_src.zip
jasper-1.701.0.zip
jasper-1.900.0.zip
jasper-1.900.1.zip
/jasper-1.900.2.tar.gz
/jasper-1.900.3.tar.gz
/jasper-1.900.13.tar.gz
/jasper-1.900.28.tar.gz
/jasper-1.900.30.tar.gz
/jasper-2.0.2.tar.gz
/jasper-2.0.10.tar.gz
/jasper-2.0.12.tar.gz
/jasper-2.0.14.tar.gz
/jasper-version-2.0.16.tar.gz
/version-2.0.17.tar.gz
/version-2.0.22.tar.gz
/version-2.0.24.tar.gz
/version-2.0.25.tar.gz
/version-2.0.26.tar.gz
/version-2.0.27.tar.gz
/version-2.0.28.tar.gz

View File

@ -1,6 +1,6 @@
--- !Policy
product_versions:
- rhel-8
- rhel-9
decision_context: osci_compose_gate
rules:
- !PassingTestCaseRule {test_case_name: desktop-qe.desktop-ci.tier1-gating.functional}

View File

@ -1,13 +0,0 @@
diff -urNp old/src/libjasper/jpc/jpc_cs.c new/src/libjasper/jpc/jpc_cs.c
--- old/src/libjasper/jpc/jpc_cs.c 2018-05-30 09:01:54.160406645 +0200
+++ new/src/libjasper/jpc/jpc_cs.c 2018-05-30 09:05:24.527094308 +0200
@@ -795,6 +795,9 @@ static int jpc_cox_getcompparms(jpc_ms_t
if (compparms->numdlvls > 32) {
goto error;
}
+ if (compparms->qmfbid != JPC_COX_INS &&
+ compparms->qmfbid != JPC_COX_RFT)
+ goto error;
compparms->numrlvls = compparms->numdlvls + 1;
if (compparms->numrlvls > JPC_MAXRLVLS) {
goto error;

View File

@ -1,14 +0,0 @@
diff -urNp a/src/libjasper/jpc/jpc_enc.c b/src/libjasper/jpc/jpc_enc.c
--- a/src/libjasper/jpc/jpc_enc.c 2021-06-01 14:07:34.988061153 +0200
+++ b/src/libjasper/jpc/jpc_enc.c 2021-06-01 14:08:32.100584582 +0200
@@ -508,6 +508,10 @@ static jpc_enc_cp_t *cp_create(const cha
break;
case OPT_MAXRLVLS:
tccp->maxrlvls = atoi(jas_tvparser_getval(tvp));
+ if(tccp->maxrlvls > JPC_MAXRLVLS) {
+ jas_eprintf("invalid number of resolution levels upper than %d\n",JPC_MAXRLVLS);
+ goto error;
+ }
break;
case OPT_SOP:
cp->tcp.csty |= JPC_COD_SOP;

View File

@ -1,47 +0,0 @@
diff -urNp a/src/libjasper/jp2/jp2_dec.c b/src/libjasper/jp2/jp2_dec.c
--- a/src/libjasper/jp2/jp2_dec.c 2021-06-01 13:32:59.330396797 +0200
+++ b/src/libjasper/jp2/jp2_dec.c 2021-06-01 13:46:16.982925961 +0200
@@ -230,7 +230,8 @@ jas_image_t *jp2_decode(jas_stream_t *in
the value specified in the code stream? */
if (dec->ihdr->data.ihdr.numcmpts != JAS_CAST(jas_uint,
jas_image_numcmpts(dec->image))) {
- jas_eprintf("warning: number of components mismatch\n");
+ jas_eprintf("error: number of components mismatch (IHDR)\n");
+ goto error;
}
/* At least one component must be present. */
@@ -253,7 +254,8 @@ jas_image_t *jp2_decode(jas_stream_t *in
with the data in the code stream? */
if ((samedtype && dec->ihdr->data.ihdr.bpc != JP2_DTYPETOBPC(dtype)) ||
(!samedtype && dec->ihdr->data.ihdr.bpc != JP2_IHDR_BPCNULL)) {
- jas_eprintf("warning: component data type mismatch\n");
+ jas_eprintf("error: component data type mismatch (IHDR)\n");
+ goto error;
}
/* Is the compression type supported? */
@@ -265,9 +267,10 @@ jas_image_t *jp2_decode(jas_stream_t *in
if (dec->bpcc) {
/* Is the number of components indicated in the BPCC box
consistent with the code stream data? */
- if (dec->bpcc->data.bpcc.numcmpts != JAS_CAST(jas_uint, jas_image_numcmpts(
- dec->image))) {
- jas_eprintf("warning: number of components mismatch\n");
+ if (dec->bpcc->data.bpcc.numcmpts !=
+ JAS_CAST(jas_uint, jas_image_numcmpts(dec->image))) {
+ jas_eprintf("error: number of components mismatch (BPCC)\n");
+ goto error;
}
/* Is the component data type information indicated in the BPCC
box consistent with the code stream data? */
@@ -276,7 +279,8 @@ jas_image_t *jp2_decode(jas_stream_t *in
++i) {
if (jas_image_cmptdtype(dec->image, i) !=
JP2_BPCTODTYPE(dec->bpcc->data.bpcc.bpcs[i])) {
- jas_eprintf("warning: component data type mismatch\n");
+ jas_eprintf("error: component data type mismatch (BPCC)\n");
+ goto error;
}
}
} else {

View File

@ -1,18 +0,0 @@
diff -urNp a/src/libjasper/jp2/jp2_dec.c b/src/libjasper/jp2/jp2_dec.c
--- a/src/libjasper/jp2/jp2_dec.c 2021-06-01 13:50:54.213552191 +0200
+++ b/src/libjasper/jp2/jp2_dec.c 2021-06-01 14:02:40.016274587 +0200
@@ -396,6 +396,14 @@ jas_image_t *jp2_decode(jas_stream_t *in
}
}
+ /* Ensure that the number of channels being used by the decoder
+ matches the number of image components. */
+ if (dec->numchans != jas_image_numcmpts(dec->image)) {
+ jas_eprintf("error: mismatch in number of components (%d != %d)\n",
+ dec->numchans, jas_image_numcmpts(dec->image));
+ goto error;
+ }
+
/* Mark all components as being of unknown type. */
for (i = 0; i < JAS_CAST(jas_uint, jas_image_numcmpts(dec->image)); ++i) {

12
jasper-2.0.14-rpath.patch Normal file
View File

@ -0,0 +1,12 @@
diff -up jasper-2.0.14/CMakeLists.txt.rpath jasper-2.0.14/CMakeLists.txt
--- jasper-2.0.14/CMakeLists.txt.rpath 2017-09-14 18:20:10.000000000 -0500
+++ jasper-2.0.14/CMakeLists.txt 2018-07-19 09:48:53.035815377 -0500
@@ -347,7 +347,7 @@ if (JAS_ENABLE_SHARED)
# (but later on when installing)
set(CMAKE_BUILD_WITH_INSTALL_RPATH FALSE)
- set(CMAKE_INSTALL_RPATH "${CMAKE_INSTALL_PREFIX}/lib")
+ #set(CMAKE_INSTALL_RPATH "${CMAKE_INSTALL_PREFIX}/lib")
# add the automatically determined parts of the RPATH
# which point to directories outside the build tree to the install RPATH

View File

@ -0,0 +1,12 @@
diff -up jasper-version-2.0.17/CMakeLists.txt.me jasper-version-2.0.17/CMakeLists.txt
--- jasper-version-2.0.17/CMakeLists.txt.me 2020-08-27 20:41:48.442787440 +0200
+++ jasper-version-2.0.17/CMakeLists.txt 2020-08-27 20:42:02.161966702 +0200
@@ -17,7 +17,7 @@ include(CheckCCompilerFlag)
# The major, minor, and micro version numbers of the project.
set(JAS_VERSION_MAJOR 2)
set(JAS_VERSION_MINOR 0)
-set(JAS_VERSION_PATCH 16)
+set(JAS_VERSION_PATCH 17)
# The project version.
set(JAS_VERSION

View File

@ -0,0 +1,29 @@
From f94e7499a8b1471a4905c4f9c9e12e60fe88264b Mon Sep 17 00:00:00 2001
From: Michael Adams <mdadams@ece.uvic.ca>
Date: Sat, 13 Mar 2021 20:04:58 -0800
Subject: [PATCH] Fixes #269. Added a check for an invalid component reference
in the JP2 decoder.
---
src/libjasper/jp2/jp2_dec.c | 8 +++++++-
1 files changed, 7 insertions(+), 1 deletion(-)
diff --git a/src/libjasper/jp2/jp2_dec.c b/src/libjasper/jp2/jp2_dec.c
index 2863d82..fe2e29d 100644
--- a/src/libjasper/jp2/jp2_dec.c
+++ b/src/libjasper/jp2/jp2_dec.c
@@ -451,7 +451,13 @@ jas_image_t *jp2_decode(jas_stream_t *in, const char *optstr)
}
} else {
for (i = 0; i < dec->numchans; ++i) {
- jas_image_setcmpttype(dec->image, dec->chantocmptlut[i],
+ unsigned compno = dec->chantocmptlut[i];
+ if (compno >= jas_image_numcmpts(dec->image)) {
+ jas_eprintf(
+ "error: invalid component reference (%d)\n", compno);
+ goto error;
+ }
+ jas_image_setcmpttype(dec->image, compno,
jp2_getct(jas_image_clrspc(dec->image), 0, i + 1));
}
}

66
jasper-freeglut.patch Normal file
View File

@ -0,0 +1,66 @@
diff -urNp a/build/cmake/modules/JasOpenGL.cmake b/build/cmake/modules/JasOpenGL.cmake
--- a/build/cmake/modules/JasOpenGL.cmake 2020-10-07 10:00:16.316291325 +0200
+++ b/build/cmake/modules/JasOpenGL.cmake 2020-10-07 10:03:39.536143003 +0200
@@ -13,19 +13,19 @@ if (JAS_ENABLE_OPENGL AND OPENGL_FOUND)
set(JAS_HAVE_OPENGL 0)
message("OpenGL include directory: ${OPENGL_INCLUDE_DIR}")
message("OpenGL libraries: ${OPENGL_LIBRARIES}")
- find_package(GLUT ${JAS_REQUIRED})
- message("GLUT library found: ${GLUT_FOUND}")
- if (GLUT_FOUND)
- message("GLUT include directory: ${GLUT_INCLUDE_DIR}")
- message("GLUT libraries: ${GLUT_LIBRARIES}")
- set(CMAKE_REQUIRED_INCLUDES ${GLUT_INCLUDE_DIR})
- check_include_files(GL/glut.h JAS_HAVE_GL_GLUT_H)
+ find_package(FreeGLUT ${JAS_REQUIRED})
+ message("GLUT library found: ${FreeGLUT_FOUND}")
+ if (FreeGLUT_FOUND)
+ message("GLUT include directory: ${FreeGLUT_INCLUDE_DIR}")
+ message("GLUT libraries: ${FreeGLUT_LIBRARIES}")
+ set(CMAKE_REQUIRED_INCLUDES ${FreeGLUT_INCLUDE_DIR})
+ check_include_files(GL/freeglut.h JAS_HAVE_GL_GLUT_H)
check_include_files(glut.h JAS_HAVE_GLUT_H)
if (JAS_HAVE_GL_GLUT_H OR JAS_HAVE_GLUT_H)
set(JAS_HAVE_OPENGL 1)
- include_directories(${GLUT_INCLUDE_DIR} ${OPENGL_INCLUDE_DIR})
+ include_directories(${FreeGLUT_INCLUDE_DIR} ${OPENGL_INCLUDE_DIR})
else()
- message(WARNING "The header files GL/glut.h and glut.h both appear to be missing.")
+ message(WARNING "The header files GL/freeglut.h and glut.h both appear to be missing.")
message(WARNING "Disabling OpenGL.")
endif()
endif()
@@ -49,6 +49,6 @@ else()
set(JAS_HAVE_OPENGL 0)
set(OPENGL_INCLUDE_DIR "")
set(OPENGL_LIBRARIES "")
- set(GLUT_INCLUDE_DIR "")
+ set(FreeGLUT_INCLUDE_DIR "")
set(GLUT_LIBRARIES "")
endif()
diff -urNp a/src/appl/CMakeLists.txt b/src/appl/CMakeLists.txt
--- a/src/appl/CMakeLists.txt 2020-10-07 10:00:16.338291526 +0200
+++ b/src/appl/CMakeLists.txt 2020-10-07 10:04:58.864872143 +0200
@@ -23,8 +23,8 @@ set(man_pages "${man_pages}" imgcmp.1)
if(JAS_HAVE_OPENGL)
add_executable(jiv jiv.c)
target_include_directories(jiv PUBLIC
- ${GLUT_INCLUDE_DIR} ${OPENGL_INCLUDE_DIR})
- target_link_libraries(jiv libjasper ${JPEG_LIBRARIES} ${GLUT_LIBRARIES}
+ ${FreeGLUT_INCLUDE_DIR} ${OPENGL_INCLUDE_DIR})
+ target_link_libraries(jiv libjasper ${JPEG_LIBRARIES} -lglut
${OPENGL_LIBRARIES} ${MATH_LIBRARY})
set(programs "${programs}" jiv)
set(man_pages "${man_pages}" jiv.1)
diff -urNp a/src/appl/jiv.c b/src/appl/jiv.c
--- a/src/appl/jiv.c 2020-10-07 10:00:16.340291544 +0200
+++ b/src/appl/jiv.c 2020-10-07 10:05:35.319207658 +0200
@@ -68,7 +68,7 @@
#include <math.h>
#include <inttypes.h>
#if defined(JAS_HAVE_GL_GLUT_H)
-#include <GL/glut.h>
+#include <GL/freeglut.h>
#else
#include <glut.h>
#endif

View File

@ -5,18 +5,16 @@
Summary: Implementation of the JPEG-2000 standard, Part 1
Name: jasper
Version: 2.0.14
Release: 5%{?dist}
Version: 2.0.28
Release: 3%{?dist}
License: JasPer
URL: http://www.ece.uvic.ca/~frodo/jasper/
Source0: http://www.ece.uvic.ca/~frodo/jasper/software/jasper-%{version}.tar.gz
Source0: https://github.com/jasper-software/jasper/archive/version-%{version}.tar.gz
Patch1: jasper-2.0.14-CVE-2016-9396.patch
Patch2: jasper-2.0.14-CVE-2021-26927.patch
Patch3: jasper-2.0.14-CVE-2021-3272.patch
Patch4: jasper-2.0.14-CVE-2020-27828.patch
# skip hard-coded prefix/lib rpath
Patch2: jasper-2.0.14-rpath.patch
Patch3: jasper-freeglut.patch
# architecture related patches
Patch100: jasper-2.0.2-test-ppc64-disable.patch
@ -30,9 +28,10 @@ BuildRequires: libjpeg-devel
BuildRequires: libXmu-devel libXi-devel
BuildRequires: pkgconfig doxygen
BuildRequires: mesa-libGL-devel
BuildRequires: gcc
Requires: %{name}-libs%{?_isa} = %{version}-%{release}
BuildRequires: gcc
BuildRequires: make
%description
This package contains an implementation of the image compression
@ -63,14 +62,12 @@ Requires: %{name}-libs%{?_isa} = %{version}-%{release}
%prep
%setup -q -n %{name}-%{version}
%setup -q -n %{name}-version-%{version}
%patch1 -p1 -b .CVE-2016-9396
%patch2 -p1 -b .CVE-2021-26927
%patch3 -p1 -b .CVE-2021-3272
%patch4 -p1 -b .CVE-2020-27828
%patch2 -p1 -b .rpath
# Need to disable one test to be able to build it on ppc64 arch
# At ppc64 this test just stuck (nothing happend - no exception or error)
%patch3 -p1 -b .freeglut
%if "%{_arch}" == "ppc64"
%patch100 -p1 -b .test-ppc64-disable
@ -84,41 +81,28 @@ Requires: %{name}-libs%{?_isa} = %{version}-%{release}
%endif
mkdir -p builder
%cmake -G "Unix Makefiles" \
-H%{_builddir}/%{name}-%{version} \
-B%{_builddir}/%{name}-%{version}/builder
%build
pushd builder
make clean all
mkdir builder
%cmake \
-DJAS_ENABLE_DOC:BOOL=OFF \
-B builder
%make_build -C builder
popd
%install
pushd builder
make install DESTDIR=%{buildroot}
#%if "%{_arch}" != "arm" && "%{_arch}" != "i386"
# mv %{buildroot}/usr/lib %{buildroot}/usr/lib64
#%endif
make install/fast DESTDIR=%{buildroot} -C builder
# Unpackaged files
rm -f doc/README
rm -f %{buildroot}%{_libdir}/lib*.la
popd
%check
pushd builder
make test
popd
make test -C builder
%ldconfig_scriptlets libs
%files
%{_bindir}/imgcmp
%{_bindir}/imginfo
@ -134,8 +118,9 @@ popd
%{_libdir}/pkgconfig/jasper.pc
%files libs
%doc COPYRIGHT LICENSE README
%{_libdir}/libjasper.so*
%doc README
%license COPYRIGHT LICENSE
%{_libdir}/libjasper.so.4*
%files utils
%{_bindir}/jiv
@ -143,14 +128,77 @@ popd
%changelog
* Tue Jun 01 2021 Josef Ridky <jridky@redhat.com> - 2.0.14-5
- Fix CVE-2021-26927 (#1933860)
- Fix CVE-2021-26926 (#1922316)
- Fix CVE-2021-3272 (#1922283)
- Fix CVE-2020-27828 (#1905692)
* Mon Aug 09 2021 Mohan Boddu <mboddu@redhat.com> - 2.0.28-3
- Rebuilt for IMA sigs, glibc 2.34, aarch64 flags
Related: rhbz#1991688
* Wed May 30 2018 Josef Ridky <jridky@redhat.com> - 2.0.14-4
- Fix CVE-2016-9396 (#1583722)
* Fri Apr 16 2021 Mohan Boddu <mboddu@redhat.com> - 2.0.28-2
- Rebuilt for RHEL 9 BETA on Apr 15th 2021. Related: rhbz#1947937
* Tue Mar 30 2021 Josef Ridky <jridky@redhat.com> - 2.0.28-1
- New upstream release 2.0.28 (#1944481)
* Wed Mar 24 2021 Josef Ridky <jridky@redhat.com> - 2.0.27-1
- New upstream release 2.0.27 (#1940455)
* Tue Mar 16 2021 Josef Ridky <jridky@redhat.com> - 2.0.26-2
- Fix CVE-2021-3443 (#1939233)
* Wed Mar 10 2021 Josef Ridky <jridky@redhat.com> - 2.0.26-1
- New upstream release 2.0.26 (#1935900)
* Tue Feb 09 2021 Josef Ridky <jridky@redhat.com> - 2.0.25-1
- New upstream release 2.0.25 (#1925996)
* Thu Jan 28 2021 Josef Ridky <jridky@redhat.com> - 2.0.24-3
- fix CVE-2021-3272 (#1921328)
* Tue Jan 26 2021 Fedora Release Engineering <releng@fedoraproject.org> - 2.0.24-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_34_Mass_Rebuild
* Mon Jan 25 2021 Josef Ridky <jridky@redhat.com> - 2.0.24-1
- New upstream release 2.0.24 (#1905690)
* Wed Oct 07 2020 Josef Ridky <jridky@redhat.com> - 2.0.22-1
- New upstream release 2.0.22 (#1876161)
* Thu Aug 27 2020 Than Ngo <than@redhat.com> - 2.0.17-3
- add correct version
* Tue Jul 28 2020 Fedora Release Engineering <releng@fedoraproject.org> - 2.0.17-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_33_Mass_Rebuild
* Mon Jul 20 2020 Josef Ridky <jridky@redhat.com> - 2.0.17-1
- new upstream release (2.0.17)
- change of source URL to GitHub of Jasper
* Wed Jan 29 2020 Fedora Release Engineering <releng@fedoraproject.org> - 2.0.16-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_32_Mass_Rebuild
* Tue Sep 17 2019 Gwyn Ciesla <gwync@protonmail.com> - 2.0.16-1
- New version, rebuilt for new freeglut
* Thu Jul 25 2019 Fedora Release Engineering <releng@fedoraproject.org> - 2.0.14-9
- Rebuilt for https://fedoraproject.org/wiki/Fedora_31_Mass_Rebuild
* Fri Feb 01 2019 Fedora Release Engineering <releng@fedoraproject.org> - 2.0.14-8
- Rebuilt for https://fedoraproject.org/wiki/Fedora_30_Mass_Rebuild
* Thu Jul 19 2018 Rex Dieter <rdieter@fedoraproject.org> - 2.0.14-7
- cleanup cmake usage, move to %%build
- %%build: explicitly disable doc generation
- kill hard-coded rpath
- -libs: explicit soname so bumps aren't a surprise
- use %%license, %%make_build, 'make install/fast'
* Fri Jul 13 2018 Fedora Release Engineering <releng@fedoraproject.org> - 2.0.14-6
- Rebuilt for https://fedoraproject.org/wiki/Fedora_29_Mass_Rebuild
* Wed May 30 2018 Josef Ridky <jridky@redhat.com> - 2.0.14-5
- Fix CVE-2016-9396 (#1396986)
* Thu Mar 08 2018 Josef Ridky <jridky@redhat.com> - 2.0.14-4
- Fix gcc dependency
* Mon Feb 26 2018 Josef Ridky <jridky@redhat.com> - 2.0.14-3
- Clean spec file

View File

@ -1 +1 @@
SHA512 (jasper-2.0.14.tar.gz) = 9e5cffd2e899e37ba08890e2377ddfc3c2fb13d9fe00dea6b4612e4d241a6f4327de6835809b415c41ae4bf44208cf7871c1982ff5fc04ae6bc09fd376b0afc8
SHA512 (version-2.0.28.tar.gz) = 13a47efc3b3d10e0680e7cf0637a417df0920e1ca8af20f2206303d0a14753688f7e6c6b3383f6db946effca389754e5736e286ed45d5b643b422f5600223eab