Merged update from upstream sources
This is an automated DistroBaker update from upstream sources. If you do not know what this is about or would like to opt out, contact the OSCI team. Source: https://src.fedoraproject.org/rpms/openjpeg2.git#f7e0d8451bb9965bfa503ee9d4056afa1b8521ac
This commit is contained in:
parent
97c7ba7a07
commit
359483f939
|
@ -8,7 +8,7 @@
|
||||||
|
|
||||||
Name: openjpeg2
|
Name: openjpeg2
|
||||||
Version: 2.3.1
|
Version: 2.3.1
|
||||||
Release: 7%{?dist}
|
Release: 8%{?dist}
|
||||||
Summary: C-Library for JPEG 2000
|
Summary: C-Library for JPEG 2000
|
||||||
|
|
||||||
# windirent.h is MIT, the rest is BSD
|
# windirent.h is MIT, the rest is BSD
|
||||||
|
@ -28,6 +28,9 @@ Patch1: openjpeg2_CVE-2020-6851.patch
|
||||||
# Backport patch for CVE 2020-8112
|
# Backport patch for CVE 2020-8112
|
||||||
# https://github.com/uclouvain/openjpeg/pull/1232/commits/05f9b91e60debda0e83977e5e63b2e66486f7074
|
# https://github.com/uclouvain/openjpeg/pull/1232/commits/05f9b91e60debda0e83977e5e63b2e66486f7074
|
||||||
Patch2: openjpeg2_CVE-2020-8112.patch
|
Patch2: openjpeg2_CVE-2020-8112.patch
|
||||||
|
# Backport patch for CVE-2020-27814
|
||||||
|
# https://github.com/uclouvain/openjpeg/commit/eaa098b59b346cb88e4d10d505061f669d7134fc
|
||||||
|
Patch3: openjpeg2_CVE-2020-27814.patch
|
||||||
|
|
||||||
|
|
||||||
BuildRequires: cmake
|
BuildRequires: cmake
|
||||||
|
@ -330,6 +333,9 @@ chmod +x %{buildroot}%{_bindir}/opj2_jpip_viewer
|
||||||
|
|
||||||
|
|
||||||
%changelog
|
%changelog
|
||||||
|
* Sat Nov 28 2020 Sandro Mani <manisandro@gmail.com> - 2.3.1-8
|
||||||
|
- Backport patch for CVE-2020-27814
|
||||||
|
|
||||||
* Tue Jul 28 2020 Fedora Release Engineering <releng@fedoraproject.org> - 2.3.1-7
|
* Tue Jul 28 2020 Fedora Release Engineering <releng@fedoraproject.org> - 2.3.1-7
|
||||||
- Rebuilt for https://fedoraproject.org/wiki/Fedora_33_Mass_Rebuild
|
- Rebuilt for https://fedoraproject.org/wiki/Fedora_33_Mass_Rebuild
|
||||||
|
|
||||||
|
|
|
@ -0,0 +1,16 @@
|
||||||
|
diff -rupN --no-dereference openjpeg-2.3.1/src/lib/openjp2/tcd.c openjpeg-2.3.1-new/src/lib/openjp2/tcd.c
|
||||||
|
--- openjpeg-2.3.1/src/lib/openjp2/tcd.c 2020-11-28 23:29:38.701863373 +0100
|
||||||
|
+++ openjpeg-2.3.1-new/src/lib/openjp2/tcd.c 2020-11-28 23:29:38.704863383 +0100
|
||||||
|
@@ -1235,9 +1235,11 @@ static OPJ_BOOL opj_tcd_code_block_enc_a
|
||||||
|
|
||||||
|
/* +1 is needed for https://github.com/uclouvain/openjpeg/issues/835 */
|
||||||
|
/* and actually +2 required for https://github.com/uclouvain/openjpeg/issues/982 */
|
||||||
|
+ /* and +7 for https://github.com/uclouvain/openjpeg/issues/1283 (-M 3) */
|
||||||
|
+ /* and +26 for https://github.com/uclouvain/openjpeg/issues/1283 (-M 7) */
|
||||||
|
/* TODO: is there a theoretical upper-bound for the compressed code */
|
||||||
|
/* block size ? */
|
||||||
|
- l_data_size = 2 + (OPJ_UINT32)((p_code_block->x1 - p_code_block->x0) *
|
||||||
|
+ l_data_size = 26 + (OPJ_UINT32)((p_code_block->x1 - p_code_block->x0) *
|
||||||
|
(p_code_block->y1 - p_code_block->y0) * (OPJ_INT32)sizeof(OPJ_UINT32));
|
||||||
|
|
||||||
|
if (l_data_size > p_code_block->data_size) {
|
|
@ -1,18 +1,7 @@
|
||||||
From 024b8407392cb0b82b04b58ed256094ed5799e04 Mon Sep 17 00:00:00 2001
|
diff -rupN --no-dereference openjpeg-2.3.1/src/lib/openjp2/j2k.c openjpeg-2.3.1-new/src/lib/openjp2/j2k.c
|
||||||
From: Even Rouault <even.rouault@spatialys.com>
|
--- openjpeg-2.3.1/src/lib/openjp2/j2k.c 2019-04-02 14:45:15.000000000 +0200
|
||||||
Date: Sat, 11 Jan 2020 01:51:19 +0100
|
+++ openjpeg-2.3.1-new/src/lib/openjp2/j2k.c 2020-11-28 23:29:38.618863089 +0100
|
||||||
Subject: [PATCH] opj_j2k_update_image_dimensions(): reject images whose
|
@@ -9236,6 +9236,14 @@ static OPJ_BOOL opj_j2k_update_image_dim
|
||||||
coordinates are beyond INT_MAX (fixes #1228)
|
|
||||||
|
|
||||||
---
|
|
||||||
src/lib/openjp2/j2k.c | 8 ++++++++
|
|
||||||
1 file changed, 8 insertions(+)
|
|
||||||
|
|
||||||
diff --git a/src/lib/openjp2/j2k.c b/src/lib/openjp2/j2k.c
|
|
||||||
index 14f6ff41a..922550eb1 100644
|
|
||||||
--- a/src/lib/openjp2/j2k.c
|
|
||||||
+++ b/src/lib/openjp2/j2k.c
|
|
||||||
@@ -9221,6 +9221,14 @@ static OPJ_BOOL opj_j2k_update_image_dimensions(opj_image_t* p_image,
|
|
||||||
l_img_comp = p_image->comps;
|
l_img_comp = p_image->comps;
|
||||||
for (it_comp = 0; it_comp < p_image->numcomps; ++it_comp) {
|
for (it_comp = 0; it_comp < p_image->numcomps; ++it_comp) {
|
||||||
OPJ_INT32 l_h, l_w;
|
OPJ_INT32 l_h, l_w;
|
||||||
|
|
|
@ -1,20 +1,7 @@
|
||||||
From 05f9b91e60debda0e83977e5e63b2e66486f7074 Mon Sep 17 00:00:00 2001
|
diff -rupN --no-dereference openjpeg-2.3.1/src/lib/openjp2/tcd.c openjpeg-2.3.1-new/src/lib/openjp2/tcd.c
|
||||||
From: Even Rouault <even.rouault@spatialys.com>
|
--- openjpeg-2.3.1/src/lib/openjp2/tcd.c 2019-04-02 14:45:15.000000000 +0200
|
||||||
Date: Thu, 30 Jan 2020 00:59:57 +0100
|
+++ openjpeg-2.3.1-new/src/lib/openjp2/tcd.c 2020-11-28 23:29:38.662863239 +0100
|
||||||
Subject: [PATCH] opj_tcd_init_tile(): avoid integer overflow
|
@@ -905,8 +905,24 @@ static INLINE OPJ_BOOL opj_tcd_init_tile
|
||||||
|
|
||||||
That could lead to later assertion failures.
|
|
||||||
|
|
||||||
Fixes #1231 / CVE-2020-8112
|
|
||||||
---
|
|
||||||
src/lib/openjp2/tcd.c | 20 ++++++++++++++++++--
|
|
||||||
1 file changed, 18 insertions(+), 2 deletions(-)
|
|
||||||
|
|
||||||
diff --git a/src/lib/openjp2/tcd.c b/src/lib/openjp2/tcd.c
|
|
||||||
index deecc4dff..aa419030a 100644
|
|
||||||
--- a/src/lib/openjp2/tcd.c
|
|
||||||
+++ b/src/lib/openjp2/tcd.c
|
|
||||||
@@ -905,8 +905,24 @@ static INLINE OPJ_BOOL opj_tcd_init_tile(opj_tcd_t *p_tcd, OPJ_UINT32 p_tile_no,
|
|
||||||
/* p. 64, B.6, ISO/IEC FDIS15444-1 : 2000 (18 august 2000) */
|
/* p. 64, B.6, ISO/IEC FDIS15444-1 : 2000 (18 august 2000) */
|
||||||
l_tl_prc_x_start = opj_int_floordivpow2(l_res->x0, (OPJ_INT32)l_pdx) << l_pdx;
|
l_tl_prc_x_start = opj_int_floordivpow2(l_res->x0, (OPJ_INT32)l_pdx) << l_pdx;
|
||||||
l_tl_prc_y_start = opj_int_floordivpow2(l_res->y0, (OPJ_INT32)l_pdy) << l_pdy;
|
l_tl_prc_y_start = opj_int_floordivpow2(l_res->y0, (OPJ_INT32)l_pdy) << l_pdy;
|
||||||
|
|
|
@ -1,6 +1,6 @@
|
||||||
diff -rupN openjpeg-2.3.1/src/bin/jp2/CMakeLists.txt openjpeg-2.3.1-new/src/bin/jp2/CMakeLists.txt
|
diff -rupN --no-dereference openjpeg-2.3.1/src/bin/jp2/CMakeLists.txt openjpeg-2.3.1-new/src/bin/jp2/CMakeLists.txt
|
||||||
--- openjpeg-2.3.1/src/bin/jp2/CMakeLists.txt 2019-04-02 14:45:15.000000000 +0200
|
--- openjpeg-2.3.1/src/bin/jp2/CMakeLists.txt 2019-04-02 14:45:15.000000000 +0200
|
||||||
+++ openjpeg-2.3.1-new/src/bin/jp2/CMakeLists.txt 2019-04-02 16:14:13.726252297 +0200
|
+++ openjpeg-2.3.1-new/src/bin/jp2/CMakeLists.txt 2020-11-28 23:29:38.576862946 +0100
|
||||||
@@ -44,6 +44,8 @@ endif()
|
@@ -44,6 +44,8 @@ endif()
|
||||||
# Loop over all executables:
|
# Loop over all executables:
|
||||||
foreach(exe opj_decompress opj_compress opj_dump)
|
foreach(exe opj_decompress opj_compress opj_dump)
|
||||||
|
|
Loading…
Reference in New Issue