import openjpeg2-2.3.1-6.el8

2020-04-28 04:52:31 -04:00 · 2020-04-28 04:52:31 -04:00 · 5ae400819b
parent f65de73436
commit 5ae400819b
3 changed files with 68 additions and 21 deletions
--- a/SOURCES/openjpeg2_coverity.patch
+++ b/SOURCES/openjpeg2_coverity.patch
@ -0,0 +1,49 @@
+diff --git a/src/bin/jp2/convertpng.c b/src/bin/jp2/convertpng.c
+index 44d985f..b85e126 100644
+--- a/src/bin/jp2/convertpng.c
+++ b/src/bin/jp2/convertpng.c
+@@ -75,10 +75,10 @@ opj_image_t *pngtoimage(const char *read_idf, opj_cparameters_t * params)
+     png_uint_32  width, height = 0U;
+     int color_type;
+     FILE *reader = NULL;
+-    OPJ_BYTE** rows = NULL;
+-    OPJ_INT32* row32s = NULL;
+    OPJ_BYTE** volatile rows = NULL;
+    OPJ_INT32* volatile row32s = NULL;
+     /* j2k: */
+-    opj_image_t *image = NULL;
+    opj_image_t* volatile image = NULL;
+     opj_image_cmptparm_t cmptparm[4];
+     OPJ_UINT32 nr_comp;
+     OPJ_BYTE sigbuf[8];
+diff --git a/src/bin/jp2/converttif.c b/src/bin/jp2/converttif.c
+index 6714d69..625c407 100644
+--- a/src/bin/jp2/converttif.c
+++ b/src/bin/jp2/converttif.c
+@@ -714,7 +714,7 @@ int imagetotif(opj_image_t * image, const char *outfile)
+         TIFFClose(tif);
+         return 1;
+     }
+-    rowStride = (int64_t)((width * numcomps * bps + 7U) / 8U);
+    rowStride = ((int64_t)width * numcomps * bps + 7U) / 8U;
+     if (rowStride != strip_size) {
+         fprintf(stderr, "Invalid TIFF strip size\n");
+         TIFFClose(tif);
+@@ -1277,8 +1277,6 @@ opj_image_t* tiftoimage(const char *filename, opj_cparameters_t *parameters)
+     TIFFGetField(tif, TIFFTAG_SAMPLESPERPIXEL, &tiSpp);
+     TIFFGetField(tif, TIFFTAG_PHOTOMETRIC, &tiPhoto);
+     TIFFGetField(tif, TIFFTAG_PLANARCONFIG, &tiPC);
+-    w = (int)tiWidth;
+-    h = (int)tiHeight;
+ 
+     if (tiSpp == 0 || tiSpp > 4) { /* should be 1 ... 4 */
+         fprintf(stderr, "tiftoimage: Bad value for samples per pixel == %d.\n"
+@@ -1445,7 +1443,7 @@ opj_image_t* tiftoimage(const char *filename, opj_cparameters_t *parameters)
+         return NULL;
+     }
+ 
+-    rowStride = (int64_t)((tiWidth * tiSpp * tiBps + 7U) / 8U);
+    rowStride = ((int64_t)tiWidth * tiSpp * tiBps + 7U) / 8U;
+     buffer32s = (OPJ_INT32 *)malloc(sizeof(OPJ_INT32) * tiWidth * tiSpp);
+     if (buffer32s == NULL) {
+         _TIFFfree(buf);
--- a/SOURCES/openjpeg2_remove-thirdparty.patch
+++ b/SOURCES/openjpeg2_remove-thirdparty.patch
@ -1,12 +0,0 @@
-diff --git a/CMakeLists.txt b/CMakeLists.txt
-index 3ea2424..af0e1cf 100644
--- a/CMakeLists.txt
-+++ b/CMakeLists.txt
-@@ -278,7 +278,6 @@ if(BUILD_CODEC OR BUILD_MJ2)
-   # OFF: It will only build 3rd party libs if they are not found on the system
-   # ON: 3rd party libs will ALWAYS be build, and used
-   option(BUILD_THIRDPARTY "Build the thirdparty executables if it is needed" OFF)
-  add_subdirectory(thirdparty)
-   add_subdirectory(src/bin)
- endif ()
- add_subdirectory(wrapping)
--- a/SPECS/openjpeg2.spec
+++ b/SPECS/openjpeg2.spec
@ -5,7 +5,7 @@

 Name:           openjpeg2
 Version:        2.3.1
-Release:        3%{?dist}
+Release:        6%{?dist}
 Summary:        C-Library for JPEG 2000

 # windirent.h is MIT, the rest is BSD
@ -17,10 +17,11 @@ Source0:        https://github.com/uclouvain/openjpeg/archive/v%{version}/openjp
 Source1:        data.tar.xz
 %endif

-# Remove bundled libraries
-Patch0:         openjpeg2_remove-thirdparty.patch
 # Rename tool names to avoid conflicts with openjpeg-1.x
-Patch1:         openjpeg2_opj2.patch
+Patch0:         openjpeg2_opj2.patch
+
+# Fix Coverity issues
+Patch1:         openjpeg2_coverity.patch

 # Fix for CVE-2020-6851
 Patch2:         openjpeg2_CVE-2020-6851.patch
@ -208,7 +209,7 @@ OpenJPEG2 JP3D module command line tools
 %autosetup -p1 -n openjpeg-%{version} %{?runcheck:-a 1}

 # Remove all third party libraries just to be sure
-rm -rf thirdparty
+find thirdparty/ -mindepth 1 -maxdepth 1 -type d -exec rm -rf {} \;


 %build
@ -331,11 +332,20 @@ make test -C %{_target_platform}


 %changelog
-* Mon Feb 10 2020 Nikola Forró <nforro@redhat.com> - 2.3.1-3
- Fix CVE-2020-8112 (#1801033)
+* Mon Feb 10 2020 Nikola Forró <nforro@redhat.com> - 2.3.1-6
+- Fix CVE-2020-8112 (#1801034)

-* Tue Jan 14 2020 Nikola Forró <nforro@redhat.com> - 2.3.1-2
- Fix CVE-2020-6851 (#1790589)
+* Tue Jan 14 2020 Nikola Forró <nforro@redhat.com> - 2.3.1-5
+- Fix CVE-2020-6851 (#1790590)
+
+* Wed Dec 04 2019 Nikola Forró <nforro@redhat.com> - 2.3.1-4
+- Add upstream test suite and enable it in gating
+
+* Fri Nov 29 2019 Nikola Forró <nforro@redhat.com> - 2.3.1-3
+- Fix Coverity issues
+
+* Wed Nov 20 2019 Nikola Forró <nforro@redhat.com> - 2.3.1-2
+- Fix unbundling third party libraries (#1757823)

 * Fri May 31 2019 Nikola Forró <nforro@redhat.com> - 2.3.1-1
 - Rebase to 2.3.1 (#1704255)