diff --git a/openjpeg2.spec b/openjpeg2.spec index 38186b8..40eb76f 100644 --- a/openjpeg2.spec +++ b/openjpeg2.spec @@ -8,7 +8,7 @@ Name: openjpeg2 Version: 2.3.1 -Release: 9%{?dist} +Release: 10%{?dist} Summary: C-Library for JPEG 2000 # windirent.h is MIT, the rest is BSD @@ -37,6 +37,18 @@ Patch4: openjpeg2_CVE-2020-27824.patch # Backport patch for CVE-2020-27823 # https://github.com/uclouvain/openjpeg/commit/b2072402b7e14d22bba6fb8cde2a1e9996e9a919 Patch5: openjpeg2_CVE-2020-27823.patch +# Backport patch for CVE-2020-27841 +# https://github.com/rouault/openjpeg/commit/00383e162ae2f8fc951f5745bf1011771acb8dce +Patch6: openjpeg2_CVE-2020-27841.patch +# Backport patch for CVE-2020-27842 +# https://github.com/uclouvain/openjpeg/pull/1296/commits/fbd30b064f8f9607d500437b6fedc41431fd6cdc +Patch7: openjpeg2_CVE-2020-27842.patch +# Backport patch for CVE-2020-27843 +# https://github.com/rouault/openjpeg/commit/38d661a3897052c7ff0b39b30c29cb067e130121 +Patch8: openjpeg2_CVE-2020-27843.patch +# Backport patch for CVE-2020-27845 +# https://github.com/uclouvain/openjpeg/commit/8f5aff1dff510a964d3901d0fba281abec98ab63 +Patch9: openjpeg2_CVE-2020-27845.patch BuildRequires: cmake @@ -339,6 +351,9 @@ chmod +x %{buildroot}%{_bindir}/opj2_jpip_viewer %changelog +* Thu Dec 17 2020 Sandro Mani - 2.3.1-10 +* Backport patches for CVE-2020-27841, CVE-2020-27842, CVE-2020-27843, CVE-2020-27845 + * Thu Dec 10 2020 Sandro Mani - 2.3.1-9 * Backport patches for CVE-2020-27824 and CVE-2020-27823 diff --git a/openjpeg2_CVE-2020-27814.patch b/openjpeg2_CVE-2020-27814.patch index cbb8007..7e546f0 100644 --- a/openjpeg2_CVE-2020-27814.patch +++ b/openjpeg2_CVE-2020-27814.patch @@ -1,6 +1,6 @@ diff -rupN --no-dereference openjpeg-2.3.1/src/lib/openjp2/tcd.c openjpeg-2.3.1-new/src/lib/openjp2/tcd.c ---- openjpeg-2.3.1/src/lib/openjp2/tcd.c 2020-11-28 23:29:38.701863373 +0100 -+++ openjpeg-2.3.1-new/src/lib/openjp2/tcd.c 2020-11-28 23:29:38.704863383 +0100 +--- openjpeg-2.3.1/src/lib/openjp2/tcd.c 2020-12-17 16:25:44.797030458 +0100 ++++ openjpeg-2.3.1-new/src/lib/openjp2/tcd.c 2020-12-17 16:25:44.799030456 +0100 @@ -1235,9 +1235,11 @@ static OPJ_BOOL opj_tcd_code_block_enc_a /* +1 is needed for https://github.com/uclouvain/openjpeg/issues/835 */ diff --git a/openjpeg2_CVE-2020-27823.patch b/openjpeg2_CVE-2020-27823.patch index 02fa0ac..e73f594 100644 --- a/openjpeg2_CVE-2020-27823.patch +++ b/openjpeg2_CVE-2020-27823.patch @@ -1,18 +1,7 @@ -From b2072402b7e14d22bba6fb8cde2a1e9996e9a919 Mon Sep 17 00:00:00 2001 -From: Even Rouault -Date: Mon, 30 Nov 2020 22:31:51 +0100 -Subject: [PATCH] pngtoimage(): fix wrong computation of x1,y1 if -d option is - used, that would result in a heap buffer overflow (fixes #1284) - ---- - src/bin/jp2/convertpng.c | 4 ++-- - 1 file changed, 2 insertions(+), 2 deletions(-) - -diff --git a/src/bin/jp2/convertpng.c b/src/bin/jp2/convertpng.c -index 328c91beb..00f596e27 100644 ---- a/src/bin/jp2/convertpng.c -+++ b/src/bin/jp2/convertpng.c -@@ -223,9 +223,9 @@ opj_image_t *pngtoimage(const char *read_idf, opj_cparameters_t * params) +diff -rupN --no-dereference openjpeg-2.3.1/src/bin/jp2/convertpng.c openjpeg-2.3.1-new/src/bin/jp2/convertpng.c +--- openjpeg-2.3.1/src/bin/jp2/convertpng.c 2019-04-02 14:45:15.000000000 +0200 ++++ openjpeg-2.3.1-new/src/bin/jp2/convertpng.c 2020-12-17 16:25:44.882030380 +0100 +@@ -223,9 +223,9 @@ opj_image_t *pngtoimage(const char *read image->x0 = (OPJ_UINT32)params->image_offset_x0; image->y0 = (OPJ_UINT32)params->image_offset_y0; image->x1 = (OPJ_UINT32)(image->x0 + (width - 1) * (OPJ_UINT32) diff --git a/openjpeg2_CVE-2020-27824.patch b/openjpeg2_CVE-2020-27824.patch index 8301f7e..0c98e7a 100644 --- a/openjpeg2_CVE-2020-27824.patch +++ b/openjpeg2_CVE-2020-27824.patch @@ -1,18 +1,7 @@ -From 6daf5f3e1ec6eff03b7982889874a3de6617db8d Mon Sep 17 00:00:00 2001 -From: Even Rouault -Date: Mon, 30 Nov 2020 22:37:07 +0100 -Subject: [PATCH] Encoder: avoid global buffer overflow on irreversible - conversion when too many decomposition levels are specified (fixes #1286) - ---- - src/lib/openjp2/dwt.c | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/src/lib/openjp2/dwt.c b/src/lib/openjp2/dwt.c -index ee9eb5e63..4164ba090 100644 ---- a/src/lib/openjp2/dwt.c -+++ b/src/lib/openjp2/dwt.c -@@ -1976,7 +1976,7 @@ void opj_dwt_calc_explicit_stepsizes(opj_tccp_t * tccp, OPJ_UINT32 prec) +diff -rupN --no-dereference openjpeg-2.3.1/src/lib/openjp2/dwt.c openjpeg-2.3.1-new/src/lib/openjp2/dwt.c +--- openjpeg-2.3.1/src/lib/openjp2/dwt.c 2019-04-02 14:45:15.000000000 +0200 ++++ openjpeg-2.3.1-new/src/lib/openjp2/dwt.c 2020-12-17 16:25:44.842030417 +0100 +@@ -1293,7 +1293,7 @@ void opj_dwt_calc_explicit_stepsizes(opj if (tccp->qntsty == J2K_CCP_QNTSTY_NOQNT) { stepsize = 1.0; } else { diff --git a/openjpeg2_CVE-2020-27841.patch b/openjpeg2_CVE-2020-27841.patch new file mode 100644 index 0000000..1d827bc --- /dev/null +++ b/openjpeg2_CVE-2020-27841.patch @@ -0,0 +1,226 @@ +diff -rupN --no-dereference openjpeg-2.3.1/src/lib/openjp2/pi.c openjpeg-2.3.1-new/src/lib/openjp2/pi.c +--- openjpeg-2.3.1/src/lib/openjp2/pi.c 2019-04-02 14:45:15.000000000 +0200 ++++ openjpeg-2.3.1-new/src/lib/openjp2/pi.c 2020-12-17 16:25:44.923030342 +0100 +@@ -192,10 +192,12 @@ static void opj_get_all_encoding_paramet + * @param p_image the image used to initialize the packet iterator (in fact only the number of components is relevant. + * @param p_cp the coding parameters. + * @param tileno the index of the tile from which creating the packet iterator. ++ * @param manager Event manager + */ + static opj_pi_iterator_t * opj_pi_create(const opj_image_t *p_image, + const opj_cp_t *p_cp, +- OPJ_UINT32 tileno); ++ OPJ_UINT32 tileno, ++ opj_event_mgr_t* manager); + /** + * FIXME DOC + */ +@@ -230,12 +232,6 @@ static OPJ_BOOL opj_pi_check_next_level( + ========================================================== + */ + +-static void opj_pi_emit_error(opj_pi_iterator_t * pi, const char* msg) +-{ +- (void)pi; +- (void)msg; +-} +- + static OPJ_BOOL opj_pi_next_lrcp(opj_pi_iterator_t * pi) + { + opj_pi_comp_t *comp = NULL; +@@ -272,7 +268,7 @@ static OPJ_BOOL opj_pi_next_lrcp(opj_pi_ + /* include should be resized when a POC arises, or */ + /* the POC should be rejected */ + if (index >= pi->include_size) { +- opj_pi_emit_error(pi, "Invalid access to pi->include"); ++ opj_event_msg(pi->manager, EVT_ERROR, "Invalid access to pi->include"); + return OPJ_FALSE; + } + if (!pi->include[index]) { +@@ -318,7 +314,7 @@ static OPJ_BOOL opj_pi_next_rlcp(opj_pi_ + index = pi->layno * pi->step_l + pi->resno * pi->step_r + pi->compno * + pi->step_c + pi->precno * pi->step_p; + if (index >= pi->include_size) { +- opj_pi_emit_error(pi, "Invalid access to pi->include"); ++ opj_event_msg(pi->manager, EVT_ERROR, "Invalid access to pi->include"); + return OPJ_FALSE; + } + if (!pi->include[index]) { +@@ -449,7 +445,7 @@ static OPJ_BOOL opj_pi_next_rpcl(opj_pi_ + index = pi->layno * pi->step_l + pi->resno * pi->step_r + pi->compno * + pi->step_c + pi->precno * pi->step_p; + if (index >= pi->include_size) { +- opj_pi_emit_error(pi, "Invalid access to pi->include"); ++ opj_event_msg(pi->manager, EVT_ERROR, "Invalid access to pi->include"); + return OPJ_FALSE; + } + if (!pi->include[index]) { +@@ -473,6 +469,13 @@ static OPJ_BOOL opj_pi_next_pcrl(opj_pi_ + opj_pi_resolution_t *res = NULL; + OPJ_UINT32 index = 0; + ++ if (pi->poc.compno0 >= pi->numcomps || ++ pi->poc.compno1 >= pi->numcomps + 1) { ++ opj_event_msg(pi->manager, EVT_ERROR, ++ "opj_pi_next_pcrl(): invalid compno0/compno1"); ++ return OPJ_FALSE; ++ } ++ + if (!pi->first) { + comp = &pi->comps[pi->compno]; + goto LABEL_SKIP; +@@ -580,7 +583,7 @@ static OPJ_BOOL opj_pi_next_pcrl(opj_pi_ + index = pi->layno * pi->step_l + pi->resno * pi->step_r + pi->compno * + pi->step_c + pi->precno * pi->step_p; + if (index >= pi->include_size) { +- opj_pi_emit_error(pi, "Invalid access to pi->include"); ++ opj_event_msg(pi->manager, EVT_ERROR, "Invalid access to pi->include"); + return OPJ_FALSE; + } + if (!pi->include[index]) { +@@ -604,6 +607,13 @@ static OPJ_BOOL opj_pi_next_cprl(opj_pi_ + opj_pi_resolution_t *res = NULL; + OPJ_UINT32 index = 0; + ++ if (pi->poc.compno0 >= pi->numcomps || ++ pi->poc.compno1 >= pi->numcomps + 1) { ++ opj_event_msg(pi->manager, EVT_ERROR, ++ "opj_pi_next_cprl(): invalid compno0/compno1"); ++ return OPJ_FALSE; ++ } ++ + if (!pi->first) { + comp = &pi->comps[pi->compno]; + goto LABEL_SKIP; +@@ -708,7 +718,7 @@ static OPJ_BOOL opj_pi_next_cprl(opj_pi_ + index = pi->layno * pi->step_l + pi->resno * pi->step_r + pi->compno * + pi->step_c + pi->precno * pi->step_p; + if (index >= pi->include_size) { +- opj_pi_emit_error(pi, "Invalid access to pi->include"); ++ opj_event_msg(pi->manager, EVT_ERROR, "Invalid access to pi->include"); + return OPJ_FALSE; + } + if (!pi->include[index]) { +@@ -981,7 +991,8 @@ static void opj_get_all_encoding_paramet + + static opj_pi_iterator_t * opj_pi_create(const opj_image_t *image, + const opj_cp_t *cp, +- OPJ_UINT32 tileno) ++ OPJ_UINT32 tileno, ++ opj_event_mgr_t* manager) + { + /* loop*/ + OPJ_UINT32 pino, compno; +@@ -1015,6 +1026,8 @@ static opj_pi_iterator_t * opj_pi_create + l_current_pi = l_pi; + for (pino = 0; pino < l_poc_bound ; ++pino) { + ++ l_current_pi->manager = manager; ++ + l_current_pi->comps = (opj_pi_comp_t*) opj_calloc(image->numcomps, + sizeof(opj_pi_comp_t)); + if (! l_current_pi->comps) { +@@ -1352,7 +1365,8 @@ static OPJ_BOOL opj_pi_check_next_level( + */ + opj_pi_iterator_t *opj_pi_create_decode(opj_image_t *p_image, + opj_cp_t *p_cp, +- OPJ_UINT32 p_tile_no) ++ OPJ_UINT32 p_tile_no, ++ opj_event_mgr_t* manager) + { + OPJ_UINT32 numcomps = p_image->numcomps; + +@@ -1407,7 +1421,7 @@ opj_pi_iterator_t *opj_pi_create_decode( + } + + /* memory allocation for pi */ +- l_pi = opj_pi_create(p_image, p_cp, p_tile_no); ++ l_pi = opj_pi_create(p_image, p_cp, p_tile_no, manager); + if (!l_pi) { + opj_free(l_tmp_data); + opj_free(l_tmp_ptr); +@@ -1552,7 +1566,8 @@ opj_pi_iterator_t *opj_pi_create_decode( + opj_pi_iterator_t *opj_pi_initialise_encode(const opj_image_t *p_image, + opj_cp_t *p_cp, + OPJ_UINT32 p_tile_no, +- J2K_T2_MODE p_t2_mode) ++ J2K_T2_MODE p_t2_mode, ++ opj_event_mgr_t* manager) + { + OPJ_UINT32 numcomps = p_image->numcomps; + +@@ -1606,7 +1621,7 @@ opj_pi_iterator_t *opj_pi_initialise_enc + } + + /* memory allocation for pi*/ +- l_pi = opj_pi_create(p_image, p_cp, p_tile_no); ++ l_pi = opj_pi_create(p_image, p_cp, p_tile_no, manager); + if (!l_pi) { + opj_free(l_tmp_data); + opj_free(l_tmp_ptr); +diff -rupN --no-dereference openjpeg-2.3.1/src/lib/openjp2/pi.h openjpeg-2.3.1-new/src/lib/openjp2/pi.h +--- openjpeg-2.3.1/src/lib/openjp2/pi.h 2019-04-02 14:45:15.000000000 +0200 ++++ openjpeg-2.3.1-new/src/lib/openjp2/pi.h 2020-12-17 16:25:44.923030342 +0100 +@@ -107,6 +107,8 @@ typedef struct opj_pi_iterator { + OPJ_INT32 x, y; + /** FIXME DOC*/ + OPJ_UINT32 dx, dy; ++ /** event manager */ ++ opj_event_mgr_t* manager; + } opj_pi_iterator_t; + + /** @name Exported functions */ +@@ -119,13 +121,15 @@ typedef struct opj_pi_iterator { + * @param cp the coding parameters. + * @param tileno index of the tile being encoded. + * @param t2_mode the type of pass for generating the packet iterator ++ * @param manager Event manager + * + * @return a list of packet iterator that points to the first packet of the tile (not true). + */ + opj_pi_iterator_t *opj_pi_initialise_encode(const opj_image_t *image, + opj_cp_t *cp, + OPJ_UINT32 tileno, +- J2K_T2_MODE t2_mode); ++ J2K_T2_MODE t2_mode, ++ opj_event_mgr_t* manager); + + /** + * Updates the encoding parameters of the codec. +@@ -161,12 +165,14 @@ Create a packet iterator for Decoder + @param image Raw image for which the packets will be listed + @param cp Coding parameters + @param tileno Number that identifies the tile for which to list the packets ++@param manager Event manager + @return Returns a packet iterator that points to the first packet of the tile + @see opj_pi_destroy + */ + opj_pi_iterator_t *opj_pi_create_decode(opj_image_t * image, + opj_cp_t * cp, +- OPJ_UINT32 tileno); ++ OPJ_UINT32 tileno, ++ opj_event_mgr_t* manager); + /** + * Destroys a packet iterator array. + * +diff -rupN --no-dereference openjpeg-2.3.1/src/lib/openjp2/t2.c openjpeg-2.3.1-new/src/lib/openjp2/t2.c +--- openjpeg-2.3.1/src/lib/openjp2/t2.c 2019-04-02 14:45:15.000000000 +0200 ++++ openjpeg-2.3.1-new/src/lib/openjp2/t2.c 2020-12-17 16:25:44.923030342 +0100 +@@ -244,7 +244,7 @@ OPJ_BOOL opj_t2_encode_packets(opj_t2_t* + l_image->numcomps : 1; + OPJ_UINT32 l_nb_pocs = l_tcp->numpocs + 1; + +- l_pi = opj_pi_initialise_encode(l_image, l_cp, p_tile_no, p_t2_mode); ++ l_pi = opj_pi_initialise_encode(l_image, l_cp, p_tile_no, p_t2_mode, p_manager); + if (!l_pi) { + return OPJ_FALSE; + } +@@ -405,7 +405,7 @@ OPJ_BOOL opj_t2_decode_packets(opj_tcd_t + #endif + + /* create a packet iterator */ +- l_pi = opj_pi_create_decode(l_image, l_cp, p_tile_no); ++ l_pi = opj_pi_create_decode(l_image, l_cp, p_tile_no, p_manager); + if (!l_pi) { + return OPJ_FALSE; + } diff --git a/openjpeg2_CVE-2020-27842.patch b/openjpeg2_CVE-2020-27842.patch new file mode 100644 index 0000000..f85a52f --- /dev/null +++ b/openjpeg2_CVE-2020-27842.patch @@ -0,0 +1,19 @@ +diff -rupN --no-dereference openjpeg-2.3.1/src/lib/openjp2/t2.c openjpeg-2.3.1-new/src/lib/openjp2/t2.c +--- openjpeg-2.3.1/src/lib/openjp2/t2.c 2020-12-17 16:25:44.967030302 +0100 ++++ openjpeg-2.3.1-new/src/lib/openjp2/t2.c 2020-12-17 16:25:44.969030300 +0100 +@@ -711,6 +711,15 @@ static OPJ_BOOL opj_t2_encode_packet(OPJ + continue; + } + ++ /* Avoid out of bounds access of https://github.com/uclouvain/openjpeg/issues/1294 */ ++ /* but likely not a proper fix. */ ++ if (precno >= res->pw * res->ph) { ++ opj_event_msg(p_manager, EVT_ERROR, ++ "opj_t2_encode_packet(): accessing precno=%u >= %u\n", ++ precno, res->pw * res->ph); ++ return OPJ_FALSE; ++ } ++ + prc = &band->precincts[precno]; + opj_tgt_reset(prc->incltree); + opj_tgt_reset(prc->imsbtree); diff --git a/openjpeg2_CVE-2020-27843.patch b/openjpeg2_CVE-2020-27843.patch new file mode 100644 index 0000000..d4705d6 --- /dev/null +++ b/openjpeg2_CVE-2020-27843.patch @@ -0,0 +1,19 @@ +diff -rupN --no-dereference openjpeg-2.3.1/src/lib/openjp2/t2.c openjpeg-2.3.1-new/src/lib/openjp2/t2.c +--- openjpeg-2.3.1/src/lib/openjp2/t2.c 2020-12-17 16:25:45.009030263 +0100 ++++ openjpeg-2.3.1-new/src/lib/openjp2/t2.c 2020-12-17 16:25:45.011030261 +0100 +@@ -787,6 +787,15 @@ static OPJ_BOOL opj_t2_encode_packet(OPJ + continue; + } + ++ /* Avoid out of bounds access of https://github.com/uclouvain/openjpeg/issues/1297 */ ++ /* but likely not a proper fix. */ ++ if (precno >= res->pw * res->ph) { ++ opj_event_msg(p_manager, EVT_ERROR, ++ "opj_t2_encode_packet(): accessing precno=%u >= %u\n", ++ precno, res->pw * res->ph); ++ return OPJ_FALSE; ++ } ++ + prc = &band->precincts[precno]; + l_nb_blocks = prc->cw * prc->ch; + cblk = prc->cblks.enc; diff --git a/openjpeg2_CVE-2020-27845.patch b/openjpeg2_CVE-2020-27845.patch new file mode 100644 index 0000000..1b8f41f --- /dev/null +++ b/openjpeg2_CVE-2020-27845.patch @@ -0,0 +1,63 @@ +diff -rupN --no-dereference openjpeg-2.3.1/src/lib/openjp2/pi.c openjpeg-2.3.1-new/src/lib/openjp2/pi.c +--- openjpeg-2.3.1/src/lib/openjp2/pi.c 2020-12-17 16:25:44.966030303 +0100 ++++ openjpeg-2.3.1-new/src/lib/openjp2/pi.c 2020-12-17 16:25:45.053030223 +0100 +@@ -238,6 +238,13 @@ static OPJ_BOOL opj_pi_next_lrcp(opj_pi_ + opj_pi_resolution_t *res = NULL; + OPJ_UINT32 index = 0; + ++ if (pi->poc.compno0 >= pi->numcomps || ++ pi->poc.compno1 >= pi->numcomps + 1) { ++ opj_event_msg(pi->manager, EVT_ERROR, ++ "opj_pi_next_lrcp(): invalid compno0/compno1\n"); ++ return OPJ_FALSE; ++ } ++ + if (!pi->first) { + comp = &pi->comps[pi->compno]; + res = &comp->resolutions[pi->resno]; +@@ -291,6 +298,13 @@ static OPJ_BOOL opj_pi_next_rlcp(opj_pi_ + opj_pi_resolution_t *res = NULL; + OPJ_UINT32 index = 0; + ++ if (pi->poc.compno0 >= pi->numcomps || ++ pi->poc.compno1 >= pi->numcomps + 1) { ++ opj_event_msg(pi->manager, EVT_ERROR, ++ "opj_pi_next_rlcp(): invalid compno0/compno1\n"); ++ return OPJ_FALSE; ++ } ++ + if (!pi->first) { + comp = &pi->comps[pi->compno]; + res = &comp->resolutions[pi->resno]; +@@ -337,6 +351,13 @@ static OPJ_BOOL opj_pi_next_rpcl(opj_pi_ + opj_pi_resolution_t *res = NULL; + OPJ_UINT32 index = 0; + ++ if (pi->poc.compno0 >= pi->numcomps || ++ pi->poc.compno1 >= pi->numcomps + 1) { ++ opj_event_msg(pi->manager, EVT_ERROR, ++ "opj_pi_next_rpcl(): invalid compno0/compno1\n"); ++ return OPJ_FALSE; ++ } ++ + if (!pi->first) { + goto LABEL_SKIP; + } else { +@@ -472,7 +493,7 @@ static OPJ_BOOL opj_pi_next_pcrl(opj_pi_ + if (pi->poc.compno0 >= pi->numcomps || + pi->poc.compno1 >= pi->numcomps + 1) { + opj_event_msg(pi->manager, EVT_ERROR, +- "opj_pi_next_pcrl(): invalid compno0/compno1"); ++ "opj_pi_next_pcrl(): invalid compno0/compno1\n"); + return OPJ_FALSE; + } + +@@ -610,7 +631,7 @@ static OPJ_BOOL opj_pi_next_cprl(opj_pi_ + if (pi->poc.compno0 >= pi->numcomps || + pi->poc.compno1 >= pi->numcomps + 1) { + opj_event_msg(pi->manager, EVT_ERROR, +- "opj_pi_next_cprl(): invalid compno0/compno1"); ++ "opj_pi_next_cprl(): invalid compno0/compno1\n"); + return OPJ_FALSE; + } + diff --git a/openjpeg2_CVE-2020-6851.patch b/openjpeg2_CVE-2020-6851.patch index 5e2cfd7..9962363 100644 --- a/openjpeg2_CVE-2020-6851.patch +++ b/openjpeg2_CVE-2020-6851.patch @@ -1,6 +1,6 @@ diff -rupN --no-dereference openjpeg-2.3.1/src/lib/openjp2/j2k.c openjpeg-2.3.1-new/src/lib/openjp2/j2k.c --- openjpeg-2.3.1/src/lib/openjp2/j2k.c 2019-04-02 14:45:15.000000000 +0200 -+++ openjpeg-2.3.1-new/src/lib/openjp2/j2k.c 2020-11-28 23:29:38.618863089 +0100 ++++ openjpeg-2.3.1-new/src/lib/openjp2/j2k.c 2020-12-17 16:25:44.708030540 +0100 @@ -9236,6 +9236,14 @@ static OPJ_BOOL opj_j2k_update_image_dim l_img_comp = p_image->comps; for (it_comp = 0; it_comp < p_image->numcomps; ++it_comp) { diff --git a/openjpeg2_CVE-2020-8112.patch b/openjpeg2_CVE-2020-8112.patch index dd6e1b9..a42190d 100644 --- a/openjpeg2_CVE-2020-8112.patch +++ b/openjpeg2_CVE-2020-8112.patch @@ -1,6 +1,6 @@ diff -rupN --no-dereference openjpeg-2.3.1/src/lib/openjp2/tcd.c openjpeg-2.3.1-new/src/lib/openjp2/tcd.c --- openjpeg-2.3.1/src/lib/openjp2/tcd.c 2019-04-02 14:45:15.000000000 +0200 -+++ openjpeg-2.3.1-new/src/lib/openjp2/tcd.c 2020-11-28 23:29:38.662863239 +0100 ++++ openjpeg-2.3.1-new/src/lib/openjp2/tcd.c 2020-12-17 16:25:44.754030498 +0100 @@ -905,8 +905,24 @@ static INLINE OPJ_BOOL opj_tcd_init_tile /* p. 64, B.6, ISO/IEC FDIS15444-1 : 2000 (18 august 2000) */ l_tl_prc_x_start = opj_int_floordivpow2(l_res->x0, (OPJ_INT32)l_pdx) << l_pdx; diff --git a/openjpeg2_opj2.patch b/openjpeg2_opj2.patch index f4ecd0c..38a810f 100644 --- a/openjpeg2_opj2.patch +++ b/openjpeg2_opj2.patch @@ -1,6 +1,6 @@ diff -rupN --no-dereference openjpeg-2.3.1/src/bin/jp2/CMakeLists.txt openjpeg-2.3.1-new/src/bin/jp2/CMakeLists.txt --- openjpeg-2.3.1/src/bin/jp2/CMakeLists.txt 2019-04-02 14:45:15.000000000 +0200 -+++ openjpeg-2.3.1-new/src/bin/jp2/CMakeLists.txt 2020-11-28 23:29:38.576862946 +0100 ++++ openjpeg-2.3.1-new/src/bin/jp2/CMakeLists.txt 2020-12-17 16:25:44.665030580 +0100 @@ -44,6 +44,8 @@ endif() # Loop over all executables: foreach(exe opj_decompress opj_compress opj_dump)