rpms/openjpeg2
6
0
Fork 0
Code Issues Pull Requests Releases Activity

Update to 2.3.1

Browse Source
This commit is contained in:
Sandro Mani 2019-04-02 16:20:28 +02:00
parent 841e828fa2
commit 42cf4df6b1
9 changed files with 17 additions and 204 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
.gitignore vendored
View File

@ -6,3 +6,4 @@
/openjpeg-2.1.2.tar.gz
/openjpeg-2.2.0.tar.gz
/openjpeg-2.3.0.tar.gz
/openjpeg-2.3.1.tar.gz

41
CVE-2018-18088.patch
View File

@ -1,41 +0,0 @@
diff -rupN openjpeg-2.3.0/src/bin/jp2/convert.c openjpeg-2.3.0-new/src/bin/jp2/convert.c
--- openjpeg-2.3.0/src/bin/jp2/convert.c 2017-10-05 00:23:14.000000000 +0200
+++ openjpeg-2.3.0-new/src/bin/jp2/convert.c 2018-12-20 10:51:16.454336033 +0100
@@ -2210,6 +2210,11 @@ int imagetopnm(opj_image_t * image, cons
opj_version(), wr, hr, max);
red = image->comps[compno].data;
+ if (!red) {
+ fclose(fdest);
+ continue;
+ }
+
adjustR =
(image->comps[compno].sgnd ? 1 << (image->comps[compno].prec - 1) : 0);
diff -rupN openjpeg-2.3.0/src/bin/jp3d/convert.c openjpeg-2.3.0-new/src/bin/jp3d/convert.c
--- openjpeg-2.3.0/src/bin/jp3d/convert.c 2017-10-05 00:23:14.000000000 +0200
+++ openjpeg-2.3.0-new/src/bin/jp3d/convert.c 2018-12-20 10:51:16.453336036 +0100
@@ -297,8 +297,8 @@ opj_volume_t* pgxtovolume(char *relpath,
fprintf(stdout, "[INFO] Loading %s \n", pgxfiles[pos]);
fseek(f, 0, SEEK_SET);
- fscanf(f, "PG%[ \t]%c%c%[ \t+-]%d%[ \t]%d%[ \t]%d", temp, &endian1, &endian2,
- signtmp, &prec, temp, &w, temp, &h);
+ fscanf(f, "PG%31[ \t]%c%c%31[ \t+-]%d%31[ \t]%d%31[ \t]%d", temp, &endian1,
+ &endian2, signtmp, &prec, temp, &w, temp, &h);
i = 0;
sign = '+';
diff -rupN openjpeg-2.3.0/src/bin/jpwl/convert.c openjpeg-2.3.0-new/src/bin/jpwl/convert.c
--- openjpeg-2.3.0/src/bin/jpwl/convert.c 2017-10-05 00:23:14.000000000 +0200
+++ openjpeg-2.3.0-new/src/bin/jpwl/convert.c 2018-12-20 10:51:16.453336036 +0100
@@ -1348,7 +1348,7 @@ opj_image_t* pgxtoimage(const char *file
}
fseek(f, 0, SEEK_SET);
- if (fscanf(f, "PG%[ \t]%c%c%[ \t+-]%d%[ \t]%d%[ \t]%d", temp, &endian1,
+ if (fscanf(f, "PG%31[ \t]%c%c%31[ \t+-]%d%31[ \t]%d%31[ \t]%d", temp, &endian1,
&endian2, signtmp, &prec, temp, &w, temp, &h) != 9) {
fprintf(stderr,
"ERROR: Failed to read the right number of element from the fscanf() function!\n");

79
CVE-2018-5785.patch
View File

@ -1,79 +0,0 @@
From ca16fe55014c57090dd97369256c7657aeb25975 Mon Sep 17 00:00:00 2001
From: Hugo Lefeuvre <hle@debian.org>
Date: Sat, 22 Sep 2018 14:33:19 -0400
Subject: [PATCH] convertbmp: fix issues with zero bitmasks
In the case where a BMP file declares compression 3 (BI_BITFIELDS)
with header size <= 56, all bitmask values keep their initialization
value 0. This may lead to various undefined behavior later e.g. when
doing 1 << (l_comp->prec - 1).
This issue does not affect files with bit count 16 because of a check
added in 16240e2 which sets default values to the color masks if they
are all 0.
This commit adds similar checks for the 32 bit case.
Also, if a BMP file declares compression 3 with header size >= 56 and
intentional 0 bitmasks, the same issue will be triggered in both the
16 and 32 bit count case.
This commit adds checks to bmp_read_info_header() rejecting BMP files
with "intentional" 0 bitmasks. These checks might be removed in the
future when proper handling of zero bitmasks will be available in
openjpeg2.
fixes #1057 (CVE-2018-5785)
---
src/bin/jp2/convertbmp.c | 21 +++++++++++++++++++++
1 file changed, 21 insertions(+)
diff --git a/src/bin/jp2/convertbmp.c b/src/bin/jp2/convertbmp.c
index 084f70bb7..7fde99ab3 100644
--- a/src/bin/jp2/convertbmp.c
+++ b/src/bin/jp2/convertbmp.c
@@ -435,16 +435,31 @@ static OPJ_BOOL bmp_read_info_header(FILE* IN, OPJ_BITMAPINFOHEADER* header)
header->biRedMask |= (OPJ_UINT32)getc(IN) << 16;
header->biRedMask |= (OPJ_UINT32)getc(IN) << 24;
+ if (!header->biRedMask) {
+ fprintf(stderr, "Error, invalid red mask value %d\n", header->biRedMask);
+ return OPJ_FALSE;
+ }
+
header->biGreenMask = (OPJ_UINT32)getc(IN);
header->biGreenMask |= (OPJ_UINT32)getc(IN) << 8;
header->biGreenMask |= (OPJ_UINT32)getc(IN) << 16;
header->biGreenMask |= (OPJ_UINT32)getc(IN) << 24;
+ if (!header->biGreenMask) {
+ fprintf(stderr, "Error, invalid green mask value %d\n", header->biGreenMask);
+ return OPJ_FALSE;
+ }
+
header->biBlueMask = (OPJ_UINT32)getc(IN);
header->biBlueMask |= (OPJ_UINT32)getc(IN) << 8;
header->biBlueMask |= (OPJ_UINT32)getc(IN) << 16;
header->biBlueMask |= (OPJ_UINT32)getc(IN) << 24;
+ if (!header->biBlueMask) {
+ fprintf(stderr, "Error, invalid blue mask value %d\n", header->biBlueMask);
+ return OPJ_FALSE;
+ }
+
header->biAlphaMask = (OPJ_UINT32)getc(IN);
header->biAlphaMask |= (OPJ_UINT32)getc(IN) << 8;
header->biAlphaMask |= (OPJ_UINT32)getc(IN) << 16;
@@ -831,6 +846,12 @@ opj_image_t* bmptoimage(const char *filename, opj_cparameters_t *parameters)
bmpmask32toimage(pData, stride, image, 0x00FF0000U, 0x0000FF00U, 0x000000FFU,
0x00000000U);
} else if (Info_h.biBitCount == 32 && Info_h.biCompression == 3) { /* bitmask */
+ if ((Info_h.biRedMask == 0U) && (Info_h.biGreenMask == 0U) &&
+ (Info_h.biBlueMask == 0U)) {
+ Info_h.biRedMask = 0x00FF0000U;
+ Info_h.biGreenMask = 0x0000FF00U;
+ Info_h.biBlueMask = 0x000000FFU;
+ }
bmpmask32toimage(pData, stride, image, Info_h.biRedMask, Info_h.biGreenMask,
Info_h.biBlueMask, Info_h.biAlphaMask);
} else if (Info_h.biBitCount == 16 && Info_h.biCompression == 0) { /* RGBX */

49
CVE-2018-6616.patch
View File

@ -1,49 +0,0 @@
diff -rupN openjpeg-2.3.0/src/bin/jp2/convertbmp.c openjpeg-2.3.0-new/src/bin/jp2/convertbmp.c
--- openjpeg-2.3.0/src/bin/jp2/convertbmp.c 2018-12-20 10:51:16.451336040 +0100
+++ openjpeg-2.3.0-new/src/bin/jp2/convertbmp.c 2018-12-20 10:51:16.491335949 +0100
@@ -534,14 +534,14 @@ static OPJ_BOOL bmp_read_raw_data(FILE*
static OPJ_BOOL bmp_read_rle8_data(FILE* IN, OPJ_UINT8* pData,
OPJ_UINT32 stride, OPJ_UINT32 width, OPJ_UINT32 height)
{
- OPJ_UINT32 x, y;
+ OPJ_UINT32 x, y, written;
OPJ_UINT8 *pix;
const OPJ_UINT8 *beyond;
beyond = pData + stride * height;
pix = pData;
- x = y = 0U;
+ x = y = written = 0U;
while (y < height) {
int c = getc(IN);
if (c == EOF) {
@@ -561,6 +561,7 @@ static OPJ_BOOL bmp_read_rle8_data(FILE*
for (j = 0; (j < c) && (x < width) &&
((OPJ_SIZE_T)pix < (OPJ_SIZE_T)beyond); j++, x++, pix++) {
*pix = c1;
+ written++;
}
} else {
c = getc(IN);
@@ -598,6 +599,7 @@ static OPJ_BOOL bmp_read_rle8_data(FILE*
}
c1 = (OPJ_UINT8)c1_int;
*pix = c1;
+ written++;
}
if ((OPJ_UINT32)c & 1U) { /* skip padding byte */
c = getc(IN);
@@ -608,6 +610,12 @@ static OPJ_BOOL bmp_read_rle8_data(FILE*
}
}
}/* while() */
+
+ if (written != width * height) {
+ fprintf(stderr, "warning, image's actual size does not match advertized one\n");
+ return OPJ_FALSE;
+ }
+
return OPJ_TRUE;
}

20
openjpeg2.spec
View File

@ -4,8 +4,8 @@
#global optional_components 1
Name: openjpeg2
Version: 2.3.0
Release: 11%{?dist}
Version: 2.3.1
Release: 1%{?dist}
Summary: C-Library for JPEG 2000
# windirent.h is MIT, the rest is BSD
@ -19,19 +19,8 @@ Source1: data.tar.xz
# Remove bundled libraries
Patch0: openjpeg2_remove-thirdparty.patch
# Fix shared libraries not getting installed if static libraries are disabled
Patch1: openjpeg2_install.patch
# Rename tool names to avoid conflicts with openjpeg-1.x
Patch2: openjpeg2_opj2.patch
# Backport patch for CVE-2018-5785
# https://github.com/uclouvain/openjpeg/commit/ca16fe55014c57090dd97369256c7657aeb25975
Patch3: CVE-2018-5785.patch
# Backport patch for CVE-2018-18088
# https://github.com/uclouvain/openjpeg/commit/92023cd6c377e0384a7725949b25655d4d94dced
Patch4: CVE-2018-18088.patch
# Backport patch for CVE-2018-6616
# https://github.com/uclouvain/openjpeg/commit/8ee335227bbcaf1614124046aa25e53d67b11ec3
Patch5: CVE-2018-6616.patch
Patch1: openjpeg2_opj2.patch
BuildRequires: cmake
@ -338,6 +327,9 @@ make test -C %{_target_platform}
%changelog
* Tue Apr 02 2019 Sandro Mani <manisandro@gmail.com> - 2.3.1-1
- Update to 2.3.1
* Fri Feb 01 2019 Fedora Release Engineering <releng@fedoraproject.org> - 2.3.0-11
- Rebuilt for https://fedoraproject.org/wiki/Fedora_30_Mass_Rebuild

11
openjpeg2_install.patch
View File

@ -1,11 +0,0 @@
diff -rupN openjpeg-2.3.0/src/lib/openjp2/CMakeLists.txt openjpeg-2.3.0-new/src/lib/openjp2/CMakeLists.txt
--- openjpeg-2.3.0/src/lib/openjp2/CMakeLists.txt 2017-10-05 00:23:14.000000000 +0200
+++ openjpeg-2.3.0-new/src/lib/openjp2/CMakeLists.txt 2017-12-25 13:53:07.000000000 +0100
@@ -99,6 +99,7 @@ else()
set(INSTALL_LIBS ${OPENJPEG_LIBRARY_NAME} openjp2_static)
else()
add_library(${OPENJPEG_LIBRARY_NAME} ${OPENJPEG_SRCS})
+ set(INSTALL_LIBS ${OPENJPEG_LIBRARY_NAME})
endif()
endif()

10
openjpeg2_opj2.patch
View File

@ -1,12 +1,12 @@
diff -rupN openjpeg-2.3.0/src/bin/jp2/CMakeLists.txt openjpeg-2.3.0-new/src/bin/jp2/CMakeLists.txt
--- openjpeg-2.3.0/src/bin/jp2/CMakeLists.txt 2017-10-05 00:23:14.000000000 +0200
+++ openjpeg-2.3.0-new/src/bin/jp2/CMakeLists.txt 2017-12-25 14:55:37.562470567 +0100
diff -rupN openjpeg-2.3.1/src/bin/jp2/CMakeLists.txt openjpeg-2.3.1-new/src/bin/jp2/CMakeLists.txt
--- openjpeg-2.3.1/src/bin/jp2/CMakeLists.txt 2019-04-02 14:45:15.000000000 +0200
+++ openjpeg-2.3.1-new/src/bin/jp2/CMakeLists.txt 2019-04-02 16:14:13.726252297 +0200
@@ -44,6 +44,8 @@ endif()
# Loop over all executables:
foreach(exe opj_decompress opj_compress opj_dump)
add_executable(${exe} ${exe}.c ${common_SRCS})
+ STRING(REPLACE "opj_" "opj2_" exe2 ${exe})
+ string(REPLACE "opj_" "opj2_" exe2 ${exe})
+ set_target_properties(${exe} PROPERTIES OUTPUT_NAME ${exe2})
if(${CMAKE_VERSION} VERSION_GREATER "2.8.11")
if(NOT ${CMAKE_VERSION} VERSION_LESS "2.8.12")
target_compile_options(${exe} PRIVATE ${OPENJP2_COMPILE_OPTIONS})
endif()

8
openjpeg2_remove-thirdparty.patch
View File

@ -1,7 +1,7 @@
diff -rupN openjpeg-2.1.1/CMakeLists.txt openjpeg-2.1.1-new/CMakeLists.txt
--- openjpeg-2.1.1/CMakeLists.txt 2016-07-05 16:54:17.000000000 +0200
+++ openjpeg-2.1.1-new/CMakeLists.txt 2016-07-06 09:38:26.083029127 +0200
@@ -270,7 +270,6 @@ if(BUILD_CODEC OR BUILD_MJ2)
diff -rupN openjpeg-2.3.1/CMakeLists.txt openjpeg-2.3.1-new/CMakeLists.txt
--- openjpeg-2.3.1/CMakeLists.txt 2019-04-02 14:45:15.000000000 +0200
+++ openjpeg-2.3.1-new/CMakeLists.txt 2019-04-02 16:14:13.688252343 +0200
@@ -278,7 +278,6 @@ if(BUILD_CODEC OR BUILD_MJ2)
# OFF: It will only build 3rd party libs if they are not found on the system
# ON: 3rd party libs will ALWAYS be build, and used
option(BUILD_THIRDPARTY "Build the thirdparty executables if it is needed" OFF)

2
sources
View File

@ -1 +1 @@
SHA512 (openjpeg-2.3.0.tar.gz) = 0a9d427be4a820b1d759fca4b50e293721b45fe4885aa61ca1ae09e099f75ed93520448090c780d62f51076d575cc03618cd6d5181bdb6b34e4fc07b4cfdd568
SHA512 (openjpeg-2.3.1.tar.gz) = 339fbc899bddf2393d214df71ed5d6070a3a76b933b1e75576c8a0ae9dfcc4adec40bdc544f599e4b8d0bc173e4e9e7352408497b5b3c9356985605830c26c03