rpms/openjpeg2
6
0
Fork 0
Code Issues Pull Requests Releases Activity

Update to 2.4.0

Browse Source
This commit is contained in:
Sandro Mani 2020-12-29 16:08:08 +01:00
parent 9e4c2c54d0
commit 2443c472a5
13 changed files with 15 additions and 456 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
.gitignore vendored
View File

@ -7,3 +7,4 @@
/openjpeg-2.2.0.tar.gz
/openjpeg-2.3.0.tar.gz
/openjpeg-2.3.1.tar.gz
/openjpeg-2.4.0.tar.gz

44
openjpeg2.spec
View File

@ -7,8 +7,8 @@
%global _target_platform %{_vendor}-%{_target_os}
Name: openjpeg2
Version: 2.3.1
Release: 10%{?dist}
Version: 2.4.0
Release: 1%{?dist}
Summary: C-Library for JPEG 2000
# windirent.h is MIT, the rest is BSD
@ -22,33 +22,6 @@ Source1: data.tar.xz
# Rename tool names to avoid conflicts with openjpeg-1.x
Patch0: openjpeg2_opj2.patch
# Backport patch for CVE 2020-6851
# https://github.com/uclouvain/openjpeg/issues/1228
Patch1: openjpeg2_CVE-2020-6851.patch
# Backport patch for CVE 2020-8112
# https://github.com/uclouvain/openjpeg/pull/1232/commits/05f9b91e60debda0e83977e5e63b2e66486f7074
Patch2: openjpeg2_CVE-2020-8112.patch
# Backport patch for CVE-2020-27814
# https://github.com/uclouvain/openjpeg/commit/eaa098b59b346cb88e4d10d505061f669d7134fc
Patch3: openjpeg2_CVE-2020-27814.patch
# Backport patch for CVE-2020-27824
# https://github.com/uclouvain/openjpeg/pull/1292/commits/6daf5f3e1ec6eff03b7982889874a3de6617db8d
Patch4: openjpeg2_CVE-2020-27824.patch
# Backport patch for CVE-2020-27823
# https://github.com/uclouvain/openjpeg/commit/b2072402b7e14d22bba6fb8cde2a1e9996e9a919
Patch5: openjpeg2_CVE-2020-27823.patch
# Backport patch for CVE-2020-27841
# https://github.com/rouault/openjpeg/commit/00383e162ae2f8fc951f5745bf1011771acb8dce
Patch6: openjpeg2_CVE-2020-27841.patch
# Backport patch for CVE-2020-27842
# https://github.com/uclouvain/openjpeg/pull/1296/commits/fbd30b064f8f9607d500437b6fedc41431fd6cdc
Patch7: openjpeg2_CVE-2020-27842.patch
# Backport patch for CVE-2020-27843
# https://github.com/rouault/openjpeg/commit/38d661a3897052c7ff0b39b30c29cb067e130121
Patch8: openjpeg2_CVE-2020-27843.patch
# Backport patch for CVE-2020-27845
# https://github.com/uclouvain/openjpeg/commit/8f5aff1dff510a964d3901d0fba281abec98ab63
Patch9: openjpeg2_CVE-2020-27845.patch
BuildRequires: cmake
@ -286,12 +259,12 @@ chmod +x %{buildroot}%{_bindir}/opj2_jpip_viewer
%{_mandir}/man3/libopenjp2.3*
%files devel
%dir %{_includedir}/openjpeg-2.3/
%{_includedir}/openjpeg-2.3/openjpeg.h
%{_includedir}/openjpeg-2.3/opj_config.h
%{_includedir}/openjpeg-2.3/opj_stdint.h
%dir %{_includedir}/openjpeg-2.4/
%{_includedir}/openjpeg-2.4/openjpeg.h
%{_includedir}/openjpeg-2.4/opj_config.h
%{_includedir}/openjpeg-2.4/opj_stdint.h
%{_libdir}/libopenjp2.so
%{_libdir}/openjpeg-2.3/
%{_libdir}/openjpeg-2.4/
%{_libdir}/pkgconfig/libopenjp2.pc
%files devel-docs
@ -351,6 +324,9 @@ chmod +x %{buildroot}%{_bindir}/opj2_jpip_viewer
%changelog
* Tue Dec 29 2020 Sandro Mani <manisandro@gmail.com> - 2.4.0-1
- Update to 2.4.0
* Thu Dec 17 2020 Sandro Mani <manisandro@gmail.com> - 2.3.1-10
* Backport patches for CVE-2020-27841, CVE-2020-27842, CVE-2020-27843, CVE-2020-27845

16
openjpeg2_CVE-2020-27814.patch
View File

@ -1,16 +0,0 @@
diff -rupN --no-dereference openjpeg-2.3.1/src/lib/openjp2/tcd.c openjpeg-2.3.1-new/src/lib/openjp2/tcd.c
--- openjpeg-2.3.1/src/lib/openjp2/tcd.c 2020-12-17 16:25:44.797030458 +0100
+++ openjpeg-2.3.1-new/src/lib/openjp2/tcd.c 2020-12-17 16:25:44.799030456 +0100
@@ -1235,9 +1235,11 @@ static OPJ_BOOL opj_tcd_code_block_enc_a
/* +1 is needed for https://github.com/uclouvain/openjpeg/issues/835 */
/* and actually +2 required for https://github.com/uclouvain/openjpeg/issues/982 */
+ /* and +7 for https://github.com/uclouvain/openjpeg/issues/1283 (-M 3) */
+ /* and +26 for https://github.com/uclouvain/openjpeg/issues/1283 (-M 7) */
/* TODO: is there a theoretical upper-bound for the compressed code */
/* block size ? */
- l_data_size = 2 + (OPJ_UINT32)((p_code_block->x1 - p_code_block->x0) *
+ l_data_size = 26 + (OPJ_UINT32)((p_code_block->x1 - p_code_block->x0) *
(p_code_block->y1 - p_code_block->y0) * (OPJ_INT32)sizeof(OPJ_UINT32));
if (l_data_size > p_code_block->data_size) {

15
openjpeg2_CVE-2020-27823.patch
View File

@ -1,15 +0,0 @@
diff -rupN --no-dereference openjpeg-2.3.1/src/bin/jp2/convertpng.c openjpeg-2.3.1-new/src/bin/jp2/convertpng.c
--- openjpeg-2.3.1/src/bin/jp2/convertpng.c 2019-04-02 14:45:15.000000000 +0200
+++ openjpeg-2.3.1-new/src/bin/jp2/convertpng.c 2020-12-17 16:25:44.882030380 +0100
@@ -223,9 +223,9 @@ opj_image_t *pngtoimage(const char *read
image->x0 = (OPJ_UINT32)params->image_offset_x0;
image->y0 = (OPJ_UINT32)params->image_offset_y0;
image->x1 = (OPJ_UINT32)(image->x0 + (width - 1) * (OPJ_UINT32)
- params->subsampling_dx + 1 + image->x0);
+ params->subsampling_dx + 1);
image->y1 = (OPJ_UINT32)(image->y0 + (height - 1) * (OPJ_UINT32)
- params->subsampling_dy + 1 + image->y0);
+ params->subsampling_dy + 1);
row32s = (OPJ_INT32 *)malloc((size_t)width * nr_comp * sizeof(OPJ_INT32));
if (row32s == NULL) {

12
openjpeg2_CVE-2020-27824.patch
View File

@ -1,12 +0,0 @@
diff -rupN --no-dereference openjpeg-2.3.1/src/lib/openjp2/dwt.c openjpeg-2.3.1-new/src/lib/openjp2/dwt.c
--- openjpeg-2.3.1/src/lib/openjp2/dwt.c 2019-04-02 14:45:15.000000000 +0200
+++ openjpeg-2.3.1-new/src/lib/openjp2/dwt.c 2020-12-17 16:25:44.842030417 +0100
@@ -1293,7 +1293,7 @@ void opj_dwt_calc_explicit_stepsizes(opj
if (tccp->qntsty == J2K_CCP_QNTSTY_NOQNT) {
stepsize = 1.0;
} else {
- OPJ_FLOAT64 norm = opj_dwt_norms_real[orient][level];
+ OPJ_FLOAT64 norm = opj_dwt_getnorm_real(level, orient);
stepsize = (1 << (gain)) / norm;
}
opj_dwt_encode_stepsize((OPJ_INT32) floor(stepsize * 8192.0),

226
openjpeg2_CVE-2020-27841.patch
View File

@ -1,226 +0,0 @@
diff -rupN --no-dereference openjpeg-2.3.1/src/lib/openjp2/pi.c openjpeg-2.3.1-new/src/lib/openjp2/pi.c
--- openjpeg-2.3.1/src/lib/openjp2/pi.c 2019-04-02 14:45:15.000000000 +0200
+++ openjpeg-2.3.1-new/src/lib/openjp2/pi.c 2020-12-17 16:25:44.923030342 +0100
@@ -192,10 +192,12 @@ static void opj_get_all_encoding_paramet
* @param p_image the image used to initialize the packet iterator (in fact only the number of components is relevant.
* @param p_cp the coding parameters.
* @param tileno the index of the tile from which creating the packet iterator.
+ * @param manager Event manager
*/
static opj_pi_iterator_t * opj_pi_create(const opj_image_t *p_image,
const opj_cp_t *p_cp,
- OPJ_UINT32 tileno);
+ OPJ_UINT32 tileno,
+ opj_event_mgr_t* manager);
/**
* FIXME DOC
*/
@@ -230,12 +232,6 @@ static OPJ_BOOL opj_pi_check_next_level(
==========================================================
*/
-static void opj_pi_emit_error(opj_pi_iterator_t * pi, const char* msg)
-{
- (void)pi;
- (void)msg;
-}
-
static OPJ_BOOL opj_pi_next_lrcp(opj_pi_iterator_t * pi)
{
opj_pi_comp_t *comp = NULL;
@@ -272,7 +268,7 @@ static OPJ_BOOL opj_pi_next_lrcp(opj_pi_
/* include should be resized when a POC arises, or */
/* the POC should be rejected */
if (index >= pi->include_size) {
- opj_pi_emit_error(pi, "Invalid access to pi->include");
+ opj_event_msg(pi->manager, EVT_ERROR, "Invalid access to pi->include");
return OPJ_FALSE;
}
if (!pi->include[index]) {
@@ -318,7 +314,7 @@ static OPJ_BOOL opj_pi_next_rlcp(opj_pi_
index = pi->layno * pi->step_l + pi->resno * pi->step_r + pi->compno *
pi->step_c + pi->precno * pi->step_p;
if (index >= pi->include_size) {
- opj_pi_emit_error(pi, "Invalid access to pi->include");
+ opj_event_msg(pi->manager, EVT_ERROR, "Invalid access to pi->include");
return OPJ_FALSE;
}
if (!pi->include[index]) {
@@ -449,7 +445,7 @@ static OPJ_BOOL opj_pi_next_rpcl(opj_pi_
index = pi->layno * pi->step_l + pi->resno * pi->step_r + pi->compno *
pi->step_c + pi->precno * pi->step_p;
if (index >= pi->include_size) {
- opj_pi_emit_error(pi, "Invalid access to pi->include");
+ opj_event_msg(pi->manager, EVT_ERROR, "Invalid access to pi->include");
return OPJ_FALSE;
}
if (!pi->include[index]) {
@@ -473,6 +469,13 @@ static OPJ_BOOL opj_pi_next_pcrl(opj_pi_
opj_pi_resolution_t *res = NULL;
OPJ_UINT32 index = 0;
+ if (pi->poc.compno0 >= pi->numcomps ||
+ pi->poc.compno1 >= pi->numcomps + 1) {
+ opj_event_msg(pi->manager, EVT_ERROR,
+ "opj_pi_next_pcrl(): invalid compno0/compno1");
+ return OPJ_FALSE;
+ }
+
if (!pi->first) {
comp = &pi->comps[pi->compno];
goto LABEL_SKIP;
@@ -580,7 +583,7 @@ static OPJ_BOOL opj_pi_next_pcrl(opj_pi_
index = pi->layno * pi->step_l + pi->resno * pi->step_r + pi->compno *
pi->step_c + pi->precno * pi->step_p;
if (index >= pi->include_size) {
- opj_pi_emit_error(pi, "Invalid access to pi->include");
+ opj_event_msg(pi->manager, EVT_ERROR, "Invalid access to pi->include");
return OPJ_FALSE;
}
if (!pi->include[index]) {
@@ -604,6 +607,13 @@ static OPJ_BOOL opj_pi_next_cprl(opj_pi_
opj_pi_resolution_t *res = NULL;
OPJ_UINT32 index = 0;
+ if (pi->poc.compno0 >= pi->numcomps ||
+ pi->poc.compno1 >= pi->numcomps + 1) {
+ opj_event_msg(pi->manager, EVT_ERROR,
+ "opj_pi_next_cprl(): invalid compno0/compno1");
+ return OPJ_FALSE;
+ }
+
if (!pi->first) {
comp = &pi->comps[pi->compno];
goto LABEL_SKIP;
@@ -708,7 +718,7 @@ static OPJ_BOOL opj_pi_next_cprl(opj_pi_
index = pi->layno * pi->step_l + pi->resno * pi->step_r + pi->compno *
pi->step_c + pi->precno * pi->step_p;
if (index >= pi->include_size) {
- opj_pi_emit_error(pi, "Invalid access to pi->include");
+ opj_event_msg(pi->manager, EVT_ERROR, "Invalid access to pi->include");
return OPJ_FALSE;
}
if (!pi->include[index]) {
@@ -981,7 +991,8 @@ static void opj_get_all_encoding_paramet
static opj_pi_iterator_t * opj_pi_create(const opj_image_t *image,
const opj_cp_t *cp,
- OPJ_UINT32 tileno)
+ OPJ_UINT32 tileno,
+ opj_event_mgr_t* manager)
{
/* loop*/
OPJ_UINT32 pino, compno;
@@ -1015,6 +1026,8 @@ static opj_pi_iterator_t * opj_pi_create
l_current_pi = l_pi;
for (pino = 0; pino < l_poc_bound ; ++pino) {
+ l_current_pi->manager = manager;
+
l_current_pi->comps = (opj_pi_comp_t*) opj_calloc(image->numcomps,
sizeof(opj_pi_comp_t));
if (! l_current_pi->comps) {
@@ -1352,7 +1365,8 @@ static OPJ_BOOL opj_pi_check_next_level(
*/
opj_pi_iterator_t *opj_pi_create_decode(opj_image_t *p_image,
opj_cp_t *p_cp,
- OPJ_UINT32 p_tile_no)
+ OPJ_UINT32 p_tile_no,
+ opj_event_mgr_t* manager)
{
OPJ_UINT32 numcomps = p_image->numcomps;
@@ -1407,7 +1421,7 @@ opj_pi_iterator_t *opj_pi_create_decode(
}
/* memory allocation for pi */
- l_pi = opj_pi_create(p_image, p_cp, p_tile_no);
+ l_pi = opj_pi_create(p_image, p_cp, p_tile_no, manager);
if (!l_pi) {
opj_free(l_tmp_data);
opj_free(l_tmp_ptr);
@@ -1552,7 +1566,8 @@ opj_pi_iterator_t *opj_pi_create_decode(
opj_pi_iterator_t *opj_pi_initialise_encode(const opj_image_t *p_image,
opj_cp_t *p_cp,
OPJ_UINT32 p_tile_no,
- J2K_T2_MODE p_t2_mode)
+ J2K_T2_MODE p_t2_mode,
+ opj_event_mgr_t* manager)
{
OPJ_UINT32 numcomps = p_image->numcomps;
@@ -1606,7 +1621,7 @@ opj_pi_iterator_t *opj_pi_initialise_enc
}
/* memory allocation for pi*/
- l_pi = opj_pi_create(p_image, p_cp, p_tile_no);
+ l_pi = opj_pi_create(p_image, p_cp, p_tile_no, manager);
if (!l_pi) {
opj_free(l_tmp_data);
opj_free(l_tmp_ptr);
diff -rupN --no-dereference openjpeg-2.3.1/src/lib/openjp2/pi.h openjpeg-2.3.1-new/src/lib/openjp2/pi.h
--- openjpeg-2.3.1/src/lib/openjp2/pi.h 2019-04-02 14:45:15.000000000 +0200
+++ openjpeg-2.3.1-new/src/lib/openjp2/pi.h 2020-12-17 16:25:44.923030342 +0100
@@ -107,6 +107,8 @@ typedef struct opj_pi_iterator {
OPJ_INT32 x, y;
/** FIXME DOC*/
OPJ_UINT32 dx, dy;
+ /** event manager */
+ opj_event_mgr_t* manager;
} opj_pi_iterator_t;
/** @name Exported functions */
@@ -119,13 +121,15 @@ typedef struct opj_pi_iterator {
* @param cp the coding parameters.
* @param tileno index of the tile being encoded.
* @param t2_mode the type of pass for generating the packet iterator
+ * @param manager Event manager
*
* @return a list of packet iterator that points to the first packet of the tile (not true).
*/
opj_pi_iterator_t *opj_pi_initialise_encode(const opj_image_t *image,
opj_cp_t *cp,
OPJ_UINT32 tileno,
- J2K_T2_MODE t2_mode);
+ J2K_T2_MODE t2_mode,
+ opj_event_mgr_t* manager);
/**
* Updates the encoding parameters of the codec.
@@ -161,12 +165,14 @@ Create a packet iterator for Decoder
@param image Raw image for which the packets will be listed
@param cp Coding parameters
@param tileno Number that identifies the tile for which to list the packets
+@param manager Event manager
@return Returns a packet iterator that points to the first packet of the tile
@see opj_pi_destroy
*/
opj_pi_iterator_t *opj_pi_create_decode(opj_image_t * image,
opj_cp_t * cp,
- OPJ_UINT32 tileno);
+ OPJ_UINT32 tileno,
+ opj_event_mgr_t* manager);
/**
* Destroys a packet iterator array.
*
diff -rupN --no-dereference openjpeg-2.3.1/src/lib/openjp2/t2.c openjpeg-2.3.1-new/src/lib/openjp2/t2.c
--- openjpeg-2.3.1/src/lib/openjp2/t2.c 2019-04-02 14:45:15.000000000 +0200
+++ openjpeg-2.3.1-new/src/lib/openjp2/t2.c 2020-12-17 16:25:44.923030342 +0100
@@ -244,7 +244,7 @@ OPJ_BOOL opj_t2_encode_packets(opj_t2_t*
l_image->numcomps : 1;
OPJ_UINT32 l_nb_pocs = l_tcp->numpocs + 1;
- l_pi = opj_pi_initialise_encode(l_image, l_cp, p_tile_no, p_t2_mode);
+ l_pi = opj_pi_initialise_encode(l_image, l_cp, p_tile_no, p_t2_mode, p_manager);
if (!l_pi) {
return OPJ_FALSE;
}
@@ -405,7 +405,7 @@ OPJ_BOOL opj_t2_decode_packets(opj_tcd_t
#endif
/* create a packet iterator */
- l_pi = opj_pi_create_decode(l_image, l_cp, p_tile_no);
+ l_pi = opj_pi_create_decode(l_image, l_cp, p_tile_no, p_manager);
if (!l_pi) {
return OPJ_FALSE;
}

19
openjpeg2_CVE-2020-27842.patch
View File

@ -1,19 +0,0 @@
diff -rupN --no-dereference openjpeg-2.3.1/src/lib/openjp2/t2.c openjpeg-2.3.1-new/src/lib/openjp2/t2.c
--- openjpeg-2.3.1/src/lib/openjp2/t2.c 2020-12-17 16:25:44.967030302 +0100
+++ openjpeg-2.3.1-new/src/lib/openjp2/t2.c 2020-12-17 16:25:44.969030300 +0100
@@ -711,6 +711,15 @@ static OPJ_BOOL opj_t2_encode_packet(OPJ
continue;
}
+ /* Avoid out of bounds access of https://github.com/uclouvain/openjpeg/issues/1294 */
+ /* but likely not a proper fix. */
+ if (precno >= res->pw * res->ph) {
+ opj_event_msg(p_manager, EVT_ERROR,
+ "opj_t2_encode_packet(): accessing precno=%u >= %u\n",
+ precno, res->pw * res->ph);
+ return OPJ_FALSE;
+ }
+
prc = &band->precincts[precno];
opj_tgt_reset(prc->incltree);
opj_tgt_reset(prc->imsbtree);

19
openjpeg2_CVE-2020-27843.patch
View File

@ -1,19 +0,0 @@
diff -rupN --no-dereference openjpeg-2.3.1/src/lib/openjp2/t2.c openjpeg-2.3.1-new/src/lib/openjp2/t2.c
--- openjpeg-2.3.1/src/lib/openjp2/t2.c 2020-12-17 16:25:45.009030263 +0100
+++ openjpeg-2.3.1-new/src/lib/openjp2/t2.c 2020-12-17 16:25:45.011030261 +0100
@@ -787,6 +787,15 @@ static OPJ_BOOL opj_t2_encode_packet(OPJ
continue;
}
+ /* Avoid out of bounds access of https://github.com/uclouvain/openjpeg/issues/1297 */
+ /* but likely not a proper fix. */
+ if (precno >= res->pw * res->ph) {
+ opj_event_msg(p_manager, EVT_ERROR,
+ "opj_t2_encode_packet(): accessing precno=%u >= %u\n",
+ precno, res->pw * res->ph);
+ return OPJ_FALSE;
+ }
+
prc = &band->precincts[precno];
l_nb_blocks = prc->cw * prc->ch;
cblk = prc->cblks.enc;

63
openjpeg2_CVE-2020-27845.patch
View File

@ -1,63 +0,0 @@
diff -rupN --no-dereference openjpeg-2.3.1/src/lib/openjp2/pi.c openjpeg-2.3.1-new/src/lib/openjp2/pi.c
--- openjpeg-2.3.1/src/lib/openjp2/pi.c 2020-12-17 16:25:44.966030303 +0100
+++ openjpeg-2.3.1-new/src/lib/openjp2/pi.c 2020-12-17 16:25:45.053030223 +0100
@@ -238,6 +238,13 @@ static OPJ_BOOL opj_pi_next_lrcp(opj_pi_
opj_pi_resolution_t *res = NULL;
OPJ_UINT32 index = 0;
+ if (pi->poc.compno0 >= pi->numcomps ||
+ pi->poc.compno1 >= pi->numcomps + 1) {
+ opj_event_msg(pi->manager, EVT_ERROR,
+ "opj_pi_next_lrcp(): invalid compno0/compno1\n");
+ return OPJ_FALSE;
+ }
+
if (!pi->first) {
comp = &pi->comps[pi->compno];
res = &comp->resolutions[pi->resno];
@@ -291,6 +298,13 @@ static OPJ_BOOL opj_pi_next_rlcp(opj_pi_
opj_pi_resolution_t *res = NULL;
OPJ_UINT32 index = 0;
+ if (pi->poc.compno0 >= pi->numcomps ||
+ pi->poc.compno1 >= pi->numcomps + 1) {
+ opj_event_msg(pi->manager, EVT_ERROR,
+ "opj_pi_next_rlcp(): invalid compno0/compno1\n");
+ return OPJ_FALSE;
+ }
+
if (!pi->first) {
comp = &pi->comps[pi->compno];
res = &comp->resolutions[pi->resno];
@@ -337,6 +351,13 @@ static OPJ_BOOL opj_pi_next_rpcl(opj_pi_
opj_pi_resolution_t *res = NULL;
OPJ_UINT32 index = 0;
+ if (pi->poc.compno0 >= pi->numcomps ||
+ pi->poc.compno1 >= pi->numcomps + 1) {
+ opj_event_msg(pi->manager, EVT_ERROR,
+ "opj_pi_next_rpcl(): invalid compno0/compno1\n");
+ return OPJ_FALSE;
+ }
+
if (!pi->first) {
goto LABEL_SKIP;
} else {
@@ -472,7 +493,7 @@ static OPJ_BOOL opj_pi_next_pcrl(opj_pi_
if (pi->poc.compno0 >= pi->numcomps ||
pi->poc.compno1 >= pi->numcomps + 1) {
opj_event_msg(pi->manager, EVT_ERROR,
- "opj_pi_next_pcrl(): invalid compno0/compno1");
+ "opj_pi_next_pcrl(): invalid compno0/compno1\n");
return OPJ_FALSE;
}
@@ -610,7 +631,7 @@ static OPJ_BOOL opj_pi_next_cprl(opj_pi_
if (pi->poc.compno0 >= pi->numcomps ||
pi->poc.compno1 >= pi->numcomps + 1) {
opj_event_msg(pi->manager, EVT_ERROR,
- "opj_pi_next_cprl(): invalid compno0/compno1");
+ "opj_pi_next_cprl(): invalid compno0/compno1\n");
return OPJ_FALSE;
}

18
openjpeg2_CVE-2020-6851.patch
View File

@ -1,18 +0,0 @@
diff -rupN --no-dereference openjpeg-2.3.1/src/lib/openjp2/j2k.c openjpeg-2.3.1-new/src/lib/openjp2/j2k.c
--- openjpeg-2.3.1/src/lib/openjp2/j2k.c 2019-04-02 14:45:15.000000000 +0200
+++ openjpeg-2.3.1-new/src/lib/openjp2/j2k.c 2020-12-17 16:25:44.708030540 +0100
@@ -9236,6 +9236,14 @@ static OPJ_BOOL opj_j2k_update_image_dim
l_img_comp = p_image->comps;
for (it_comp = 0; it_comp < p_image->numcomps; ++it_comp) {
OPJ_INT32 l_h, l_w;
+ if (p_image->x0 > (OPJ_UINT32)INT_MAX ||
+ p_image->y0 > (OPJ_UINT32)INT_MAX ||
+ p_image->x1 > (OPJ_UINT32)INT_MAX ||
+ p_image->y1 > (OPJ_UINT32)INT_MAX) {
+ opj_event_msg(p_manager, EVT_ERROR,
+ "Image coordinates above INT_MAX are not supported\n");
+ return OPJ_FALSE;
+ }
l_img_comp->x0 = (OPJ_UINT32)opj_int_ceildiv((OPJ_INT32)p_image->x0,
(OPJ_INT32)l_img_comp->dx);

30
openjpeg2_CVE-2020-8112.patch
View File

@ -1,30 +0,0 @@
diff -rupN --no-dereference openjpeg-2.3.1/src/lib/openjp2/tcd.c openjpeg-2.3.1-new/src/lib/openjp2/tcd.c
--- openjpeg-2.3.1/src/lib/openjp2/tcd.c 2019-04-02 14:45:15.000000000 +0200
+++ openjpeg-2.3.1-new/src/lib/openjp2/tcd.c 2020-12-17 16:25:44.754030498 +0100
@@ -905,8 +905,24 @@ static INLINE OPJ_BOOL opj_tcd_init_tile
/* p. 64, B.6, ISO/IEC FDIS15444-1 : 2000 (18 august 2000) */
l_tl_prc_x_start = opj_int_floordivpow2(l_res->x0, (OPJ_INT32)l_pdx) << l_pdx;
l_tl_prc_y_start = opj_int_floordivpow2(l_res->y0, (OPJ_INT32)l_pdy) << l_pdy;
- l_br_prc_x_end = opj_int_ceildivpow2(l_res->x1, (OPJ_INT32)l_pdx) << l_pdx;
- l_br_prc_y_end = opj_int_ceildivpow2(l_res->y1, (OPJ_INT32)l_pdy) << l_pdy;
+ {
+ OPJ_UINT32 tmp = ((OPJ_UINT32)opj_int_ceildivpow2(l_res->x1,
+ (OPJ_INT32)l_pdx)) << l_pdx;
+ if (tmp > (OPJ_UINT32)INT_MAX) {
+ opj_event_msg(manager, EVT_ERROR, "Integer overflow\n");
+ return OPJ_FALSE;
+ }
+ l_br_prc_x_end = (OPJ_INT32)tmp;
+ }
+ {
+ OPJ_UINT32 tmp = ((OPJ_UINT32)opj_int_ceildivpow2(l_res->y1,
+ (OPJ_INT32)l_pdy)) << l_pdy;
+ if (tmp > (OPJ_UINT32)INT_MAX) {
+ opj_event_msg(manager, EVT_ERROR, "Integer overflow\n");
+ return OPJ_FALSE;
+ }
+ l_br_prc_y_end = (OPJ_INT32)tmp;
+ }
/*fprintf(stderr, "\t\t\tprc_x_start=%d, prc_y_start=%d, br_prc_x_end=%d, br_prc_y_end=%d \n", l_tl_prc_x_start, l_tl_prc_y_start, l_br_prc_x_end ,l_br_prc_y_end );*/
l_res->pw = (l_res->x0 == l_res->x1) ? 0U : (OPJ_UINT32)((

6
openjpeg2_opj2.patch
View File

@ -1,6 +1,6 @@
diff -rupN --no-dereference openjpeg-2.3.1/src/bin/jp2/CMakeLists.txt openjpeg-2.3.1-new/src/bin/jp2/CMakeLists.txt
--- openjpeg-2.3.1/src/bin/jp2/CMakeLists.txt 2019-04-02 14:45:15.000000000 +0200
+++ openjpeg-2.3.1-new/src/bin/jp2/CMakeLists.txt 2020-12-17 16:25:44.665030580 +0100
diff -rupN --no-dereference openjpeg-2.4.0/src/bin/jp2/CMakeLists.txt openjpeg-2.4.0-new/src/bin/jp2/CMakeLists.txt
--- openjpeg-2.4.0/src/bin/jp2/CMakeLists.txt 2020-12-28 21:59:39.000000000 +0100
+++ openjpeg-2.4.0-new/src/bin/jp2/CMakeLists.txt 2020-12-29 15:45:09.466819414 +0100
@@ -44,6 +44,8 @@ endif()
# Loop over all executables:
foreach(exe opj_decompress opj_compress opj_dump)

2
sources
View File

@ -1 +1 @@
SHA512 (openjpeg-2.3.1.tar.gz) = 339fbc899bddf2393d214df71ed5d6070a3a76b933b1e75576c8a0ae9dfcc4adec40bdc544f599e4b8d0bc173e4e9e7352408497b5b3c9356985605830c26c03
SHA512 (openjpeg-2.4.0.tar.gz) = 55daab47d33823af94e32e5d345b52c251a5410f0c8e0a13b693f17899eedc8b2bb107489ddcba9ab78ef17dfd7cd80d3c5ec80c1e429189cb041124b67e07a8