From f56fc8f5569bc010dbf28aab73e58a203c628827 Mon Sep 17 00:00:00 2001 From: DistroBaker Date: Thu, 17 Dec 2020 15:52:52 +0000 Subject: [PATCH] Merged update from upstream sources This is an automated DistroBaker update from upstream sources. If you do not know what this is about or would like to opt out, contact the OSCI team. Source: https://src.fedoraproject.org/rpms/openjpeg2.git#9e4c2c54d07f1bae326b894c620afb3aa9583536 --- openjpeg2.spec | 17 ++- openjpeg2_CVE-2020-27814.patch | 4 +- openjpeg2_CVE-2020-27823.patch | 19 +-- openjpeg2_CVE-2020-27824.patch | 19 +-- openjpeg2_CVE-2020-27841.patch | 226 +++++++++++++++++++++++++++++++++ openjpeg2_CVE-2020-27842.patch | 19 +++ openjpeg2_CVE-2020-27843.patch | 19 +++ openjpeg2_CVE-2020-27845.patch | 63 +++++++++ openjpeg2_CVE-2020-6851.patch | 2 +- openjpeg2_CVE-2020-8112.patch | 2 +- openjpeg2_opj2.patch | 2 +- 11 files changed, 356 insertions(+), 36 deletions(-) create mode 100644 openjpeg2_CVE-2020-27841.patch create mode 100644 openjpeg2_CVE-2020-27842.patch create mode 100644 openjpeg2_CVE-2020-27843.patch create mode 100644 openjpeg2_CVE-2020-27845.patch diff --git a/openjpeg2.spec b/openjpeg2.spec index 38186b8..40eb76f 100644 --- a/openjpeg2.spec +++ b/openjpeg2.spec @@ -8,7 +8,7 @@ Name: openjpeg2 Version: 2.3.1 -Release: 9%{?dist} +Release: 10%{?dist} Summary: C-Library for JPEG 2000 # windirent.h is MIT, the rest is BSD @@ -37,6 +37,18 @@ Patch4: openjpeg2_CVE-2020-27824.patch # Backport patch for CVE-2020-27823 # https://github.com/uclouvain/openjpeg/commit/b2072402b7e14d22bba6fb8cde2a1e9996e9a919 Patch5: openjpeg2_CVE-2020-27823.patch +# Backport patch for CVE-2020-27841 +# https://github.com/rouault/openjpeg/commit/00383e162ae2f8fc951f5745bf1011771acb8dce +Patch6: openjpeg2_CVE-2020-27841.patch +# Backport patch for CVE-2020-27842 +# https://github.com/uclouvain/openjpeg/pull/1296/commits/fbd30b064f8f9607d500437b6fedc41431fd6cdc +Patch7: openjpeg2_CVE-2020-27842.patch +# Backport patch for CVE-2020-27843 +# https://github.com/rouault/openjpeg/commit/38d661a3897052c7ff0b39b30c29cb067e130121 +Patch8: openjpeg2_CVE-2020-27843.patch +# Backport patch for CVE-2020-27845 +# https://github.com/uclouvain/openjpeg/commit/8f5aff1dff510a964d3901d0fba281abec98ab63 +Patch9: openjpeg2_CVE-2020-27845.patch BuildRequires: cmake @@ -339,6 +351,9 @@ chmod +x %{buildroot}%{_bindir}/opj2_jpip_viewer %changelog +* Thu Dec 17 2020 Sandro Mani - 2.3.1-10 +* Backport patches for CVE-2020-27841, CVE-2020-27842, CVE-2020-27843, CVE-2020-27845 + * Thu Dec 10 2020 Sandro Mani - 2.3.1-9 * Backport patches for CVE-2020-27824 and CVE-2020-27823 diff --git a/openjpeg2_CVE-2020-27814.patch b/openjpeg2_CVE-2020-27814.patch index cbb8007..7e546f0 100644 --- a/openjpeg2_CVE-2020-27814.patch +++ b/openjpeg2_CVE-2020-27814.patch @@ -1,6 +1,6 @@ diff -rupN --no-dereference openjpeg-2.3.1/src/lib/openjp2/tcd.c openjpeg-2.3.1-new/src/lib/openjp2/tcd.c ---- openjpeg-2.3.1/src/lib/openjp2/tcd.c 2020-11-28 23:29:38.701863373 +0100 -+++ openjpeg-2.3.1-new/src/lib/openjp2/tcd.c 2020-11-28 23:29:38.704863383 +0100 +--- openjpeg-2.3.1/src/lib/openjp2/tcd.c 2020-12-17 16:25:44.797030458 +0100 ++++ openjpeg-2.3.1-new/src/lib/openjp2/tcd.c 2020-12-17 16:25:44.799030456 +0100 @@ -1235,9 +1235,11 @@ static OPJ_BOOL opj_tcd_code_block_enc_a /* +1 is needed for https://github.com/uclouvain/openjpeg/issues/835 */ diff --git a/openjpeg2_CVE-2020-27823.patch b/openjpeg2_CVE-2020-27823.patch index 02fa0ac..e73f594 100644 --- a/openjpeg2_CVE-2020-27823.patch +++ b/openjpeg2_CVE-2020-27823.patch @@ -1,18 +1,7 @@ -From b2072402b7e14d22bba6fb8cde2a1e9996e9a919 Mon Sep 17 00:00:00 2001 -From: Even Rouault -Date: Mon, 30 Nov 2020 22:31:51 +0100 -Subject: [PATCH] pngtoimage(): fix wrong computation of x1,y1 if -d option is - used, that would result in a heap buffer overflow (fixes #1284) - ---- - src/bin/jp2/convertpng.c | 4 ++-- - 1 file changed, 2 insertions(+), 2 deletions(-) - -diff --git a/src/bin/jp2/convertpng.c b/src/bin/jp2/convertpng.c -index 328c91beb..00f596e27 100644 ---- a/src/bin/jp2/convertpng.c -+++ b/src/bin/jp2/convertpng.c -@@ -223,9 +223,9 @@ opj_image_t *pngtoimage(const char *read_idf, opj_cparameters_t * params) +diff -rupN --no-dereference openjpeg-2.3.1/src/bin/jp2/convertpng.c openjpeg-2.3.1-new/src/bin/jp2/convertpng.c +--- openjpeg-2.3.1/src/bin/jp2/convertpng.c 2019-04-02 14:45:15.000000000 +0200 ++++ openjpeg-2.3.1-new/src/bin/jp2/convertpng.c 2020-12-17 16:25:44.882030380 +0100 +@@ -223,9 +223,9 @@ opj_image_t *pngtoimage(const char *read image->x0 = (OPJ_UINT32)params->image_offset_x0; image->y0 = (OPJ_UINT32)params->image_offset_y0; image->x1 = (OPJ_UINT32)(image->x0 + (width - 1) * (OPJ_UINT32) diff --git a/openjpeg2_CVE-2020-27824.patch b/openjpeg2_CVE-2020-27824.patch index 8301f7e..0c98e7a 100644 --- a/openjpeg2_CVE-2020-27824.patch +++ b/openjpeg2_CVE-2020-27824.patch @@ -1,18 +1,7 @@ -From 6daf5f3e1ec6eff03b7982889874a3de6617db8d Mon Sep 17 00:00:00 2001 -From: Even Rouault -Date: Mon, 30 Nov 2020 22:37:07 +0100 -Subject: [PATCH] Encoder: avoid global buffer overflow on irreversible - conversion when too many decomposition levels are specified (fixes #1286) - ---- - src/lib/openjp2/dwt.c | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/src/lib/openjp2/dwt.c b/src/lib/openjp2/dwt.c -index ee9eb5e63..4164ba090 100644 ---- a/src/lib/openjp2/dwt.c -+++ b/src/lib/openjp2/dwt.c -@@ -1976,7 +1976,7 @@ void opj_dwt_calc_explicit_stepsizes(opj_tccp_t * tccp, OPJ_UINT32 prec) +diff -rupN --no-dereference openjpeg-2.3.1/src/lib/openjp2/dwt.c openjpeg-2.3.1-new/src/lib/openjp2/dwt.c +--- openjpeg-2.3.1/src/lib/openjp2/dwt.c 2019-04-02 14:45:15.000000000 +0200 ++++ openjpeg-2.3.1-new/src/lib/openjp2/dwt.c 2020-12-17 16:25:44.842030417 +0100 +@@ -1293,7 +1293,7 @@ void opj_dwt_calc_explicit_stepsizes(opj if (tccp->qntsty == J2K_CCP_QNTSTY_NOQNT) { stepsize = 1.0; } else { diff --git a/openjpeg2_CVE-2020-27841.patch b/openjpeg2_CVE-2020-27841.patch new file mode 100644 index 0000000..1d827bc --- /dev/null +++ b/openjpeg2_CVE-2020-27841.patch @@ -0,0 +1,226 @@ +diff -rupN --no-dereference openjpeg-2.3.1/src/lib/openjp2/pi.c openjpeg-2.3.1-new/src/lib/openjp2/pi.c +--- openjpeg-2.3.1/src/lib/openjp2/pi.c 2019-04-02 14:45:15.000000000 +0200 ++++ openjpeg-2.3.1-new/src/lib/openjp2/pi.c 2020-12-17 16:25:44.923030342 +0100 +@@ -192,10 +192,12 @@ static void opj_get_all_encoding_paramet + * @param p_image the image used to initialize the packet iterator (in fact only the number of components is relevant. + * @param p_cp the coding parameters. + * @param tileno the index of the tile from which creating the packet iterator. ++ * @param manager Event manager + */ + static opj_pi_iterator_t * opj_pi_create(const opj_image_t *p_image, + const opj_cp_t *p_cp, +- OPJ_UINT32 tileno); ++ OPJ_UINT32 tileno, ++ opj_event_mgr_t* manager); + /** + * FIXME DOC + */ +@@ -230,12 +232,6 @@ static OPJ_BOOL opj_pi_check_next_level( + ========================================================== + */ + +-static void opj_pi_emit_error(opj_pi_iterator_t * pi, const char* msg) +-{ +- (void)pi; +- (void)msg; +-} +- + static OPJ_BOOL opj_pi_next_lrcp(opj_pi_iterator_t * pi) + { + opj_pi_comp_t *comp = NULL; +@@ -272,7 +268,7 @@ static OPJ_BOOL opj_pi_next_lrcp(opj_pi_ + /* include should be resized when a POC arises, or */ + /* the POC should be rejected */ + if (index >= pi->include_size) { +- opj_pi_emit_error(pi, "Invalid access to pi->include"); ++ opj_event_msg(pi->manager, EVT_ERROR, "Invalid access to pi->include"); + return OPJ_FALSE; + } + if (!pi->include[index]) { +@@ -318,7 +314,7 @@ static OPJ_BOOL opj_pi_next_rlcp(opj_pi_ + index = pi->layno * pi->step_l + pi->resno * pi->step_r + pi->compno * + pi->step_c + pi->precno * pi->step_p; + if (index >= pi->include_size) { +- opj_pi_emit_error(pi, "Invalid access to pi->include"); ++ opj_event_msg(pi->manager, EVT_ERROR, "Invalid access to pi->include"); + return OPJ_FALSE; + } + if (!pi->include[index]) { +@@ -449,7 +445,7 @@ static OPJ_BOOL opj_pi_next_rpcl(opj_pi_ + index = pi->layno * pi->step_l + pi->resno * pi->step_r + pi->compno * + pi->step_c + pi->precno * pi->step_p; + if (index >= pi->include_size) { +- opj_pi_emit_error(pi, "Invalid access to pi->include"); ++ opj_event_msg(pi->manager, EVT_ERROR, "Invalid access to pi->include"); + return OPJ_FALSE; + } + if (!pi->include[index]) { +@@ -473,6 +469,13 @@ static OPJ_BOOL opj_pi_next_pcrl(opj_pi_ + opj_pi_resolution_t *res = NULL; + OPJ_UINT32 index = 0; + ++ if (pi->poc.compno0 >= pi->numcomps || ++ pi->poc.compno1 >= pi->numcomps + 1) { ++ opj_event_msg(pi->manager, EVT_ERROR, ++ "opj_pi_next_pcrl(): invalid compno0/compno1"); ++ return OPJ_FALSE; ++ } ++ + if (!pi->first) { + comp = &pi->comps[pi->compno]; + goto LABEL_SKIP; +@@ -580,7 +583,7 @@ static OPJ_BOOL opj_pi_next_pcrl(opj_pi_ + index = pi->layno * pi->step_l + pi->resno * pi->step_r + pi->compno * + pi->step_c + pi->precno * pi->step_p; + if (index >= pi->include_size) { +- opj_pi_emit_error(pi, "Invalid access to pi->include"); ++ opj_event_msg(pi->manager, EVT_ERROR, "Invalid access to pi->include"); + return OPJ_FALSE; + } + if (!pi->include[index]) { +@@ -604,6 +607,13 @@ static OPJ_BOOL opj_pi_next_cprl(opj_pi_ + opj_pi_resolution_t *res = NULL; + OPJ_UINT32 index = 0; + ++ if (pi->poc.compno0 >= pi->numcomps || ++ pi->poc.compno1 >= pi->numcomps + 1) { ++ opj_event_msg(pi->manager, EVT_ERROR, ++ "opj_pi_next_cprl(): invalid compno0/compno1"); ++ return OPJ_FALSE; ++ } ++ + if (!pi->first) { + comp = &pi->comps[pi->compno]; + goto LABEL_SKIP; +@@ -708,7 +718,7 @@ static OPJ_BOOL opj_pi_next_cprl(opj_pi_ + index = pi->layno * pi->step_l + pi->resno * pi->step_r + pi->compno * + pi->step_c + pi->precno * pi->step_p; + if (index >= pi->include_size) { +- opj_pi_emit_error(pi, "Invalid access to pi->include"); ++ opj_event_msg(pi->manager, EVT_ERROR, "Invalid access to pi->include"); + return OPJ_FALSE; + } + if (!pi->include[index]) { +@@ -981,7 +991,8 @@ static void opj_get_all_encoding_paramet + + static opj_pi_iterator_t * opj_pi_create(const opj_image_t *image, + const opj_cp_t *cp, +- OPJ_UINT32 tileno) ++ OPJ_UINT32 tileno, ++ opj_event_mgr_t* manager) + { + /* loop*/ + OPJ_UINT32 pino, compno; +@@ -1015,6 +1026,8 @@ static opj_pi_iterator_t * opj_pi_create + l_current_pi = l_pi; + for (pino = 0; pino < l_poc_bound ; ++pino) { + ++ l_current_pi->manager = manager; ++ + l_current_pi->comps = (opj_pi_comp_t*) opj_calloc(image->numcomps, + sizeof(opj_pi_comp_t)); + if (! l_current_pi->comps) { +@@ -1352,7 +1365,8 @@ static OPJ_BOOL opj_pi_check_next_level( + */ + opj_pi_iterator_t *opj_pi_create_decode(opj_image_t *p_image, + opj_cp_t *p_cp, +- OPJ_UINT32 p_tile_no) ++ OPJ_UINT32 p_tile_no, ++ opj_event_mgr_t* manager) + { + OPJ_UINT32 numcomps = p_image->numcomps; + +@@ -1407,7 +1421,7 @@ opj_pi_iterator_t *opj_pi_create_decode( + } + + /* memory allocation for pi */ +- l_pi = opj_pi_create(p_image, p_cp, p_tile_no); ++ l_pi = opj_pi_create(p_image, p_cp, p_tile_no, manager); + if (!l_pi) { + opj_free(l_tmp_data); + opj_free(l_tmp_ptr); +@@ -1552,7 +1566,8 @@ opj_pi_iterator_t *opj_pi_create_decode( + opj_pi_iterator_t *opj_pi_initialise_encode(const opj_image_t *p_image, + opj_cp_t *p_cp, + OPJ_UINT32 p_tile_no, +- J2K_T2_MODE p_t2_mode) ++ J2K_T2_MODE p_t2_mode, ++ opj_event_mgr_t* manager) + { + OPJ_UINT32 numcomps = p_image->numcomps; + +@@ -1606,7 +1621,7 @@ opj_pi_iterator_t *opj_pi_initialise_enc + } + + /* memory allocation for pi*/ +- l_pi = opj_pi_create(p_image, p_cp, p_tile_no); ++ l_pi = opj_pi_create(p_image, p_cp, p_tile_no, manager); + if (!l_pi) { + opj_free(l_tmp_data); + opj_free(l_tmp_ptr); +diff -rupN --no-dereference openjpeg-2.3.1/src/lib/openjp2/pi.h openjpeg-2.3.1-new/src/lib/openjp2/pi.h +--- openjpeg-2.3.1/src/lib/openjp2/pi.h 2019-04-02 14:45:15.000000000 +0200 ++++ openjpeg-2.3.1-new/src/lib/openjp2/pi.h 2020-12-17 16:25:44.923030342 +0100 +@@ -107,6 +107,8 @@ typedef struct opj_pi_iterator { + OPJ_INT32 x, y; + /** FIXME DOC*/ + OPJ_UINT32 dx, dy; ++ /** event manager */ ++ opj_event_mgr_t* manager; + } opj_pi_iterator_t; + + /** @name Exported functions */ +@@ -119,13 +121,15 @@ typedef struct opj_pi_iterator { + * @param cp the coding parameters. + * @param tileno index of the tile being encoded. + * @param t2_mode the type of pass for generating the packet iterator ++ * @param manager Event manager + * + * @return a list of packet iterator that points to the first packet of the tile (not true). + */ + opj_pi_iterator_t *opj_pi_initialise_encode(const opj_image_t *image, + opj_cp_t *cp, + OPJ_UINT32 tileno, +- J2K_T2_MODE t2_mode); ++ J2K_T2_MODE t2_mode, ++ opj_event_mgr_t* manager); + + /** + * Updates the encoding parameters of the codec. +@@ -161,12 +165,14 @@ Create a packet iterator for Decoder + @param image Raw image for which the packets will be listed + @param cp Coding parameters + @param tileno Number that identifies the tile for which to list the packets ++@param manager Event manager + @return Returns a packet iterator that points to the first packet of the tile + @see opj_pi_destroy + */ + opj_pi_iterator_t *opj_pi_create_decode(opj_image_t * image, + opj_cp_t * cp, +- OPJ_UINT32 tileno); ++ OPJ_UINT32 tileno, ++ opj_event_mgr_t* manager); + /** + * Destroys a packet iterator array. + * +diff -rupN --no-dereference openjpeg-2.3.1/src/lib/openjp2/t2.c openjpeg-2.3.1-new/src/lib/openjp2/t2.c +--- openjpeg-2.3.1/src/lib/openjp2/t2.c 2019-04-02 14:45:15.000000000 +0200 ++++ openjpeg-2.3.1-new/src/lib/openjp2/t2.c 2020-12-17 16:25:44.923030342 +0100 +@@ -244,7 +244,7 @@ OPJ_BOOL opj_t2_encode_packets(opj_t2_t* + l_image->numcomps : 1; + OPJ_UINT32 l_nb_pocs = l_tcp->numpocs + 1; + +- l_pi = opj_pi_initialise_encode(l_image, l_cp, p_tile_no, p_t2_mode); ++ l_pi = opj_pi_initialise_encode(l_image, l_cp, p_tile_no, p_t2_mode, p_manager); + if (!l_pi) { + return OPJ_FALSE; + } +@@ -405,7 +405,7 @@ OPJ_BOOL opj_t2_decode_packets(opj_tcd_t + #endif + + /* create a packet iterator */ +- l_pi = opj_pi_create_decode(l_image, l_cp, p_tile_no); ++ l_pi = opj_pi_create_decode(l_image, l_cp, p_tile_no, p_manager); + if (!l_pi) { + return OPJ_FALSE; + } diff --git a/openjpeg2_CVE-2020-27842.patch b/openjpeg2_CVE-2020-27842.patch new file mode 100644 index 0000000..f85a52f --- /dev/null +++ b/openjpeg2_CVE-2020-27842.patch @@ -0,0 +1,19 @@ +diff -rupN --no-dereference openjpeg-2.3.1/src/lib/openjp2/t2.c openjpeg-2.3.1-new/src/lib/openjp2/t2.c +--- openjpeg-2.3.1/src/lib/openjp2/t2.c 2020-12-17 16:25:44.967030302 +0100 ++++ openjpeg-2.3.1-new/src/lib/openjp2/t2.c 2020-12-17 16:25:44.969030300 +0100 +@@ -711,6 +711,15 @@ static OPJ_BOOL opj_t2_encode_packet(OPJ + continue; + } + ++ /* Avoid out of bounds access of https://github.com/uclouvain/openjpeg/issues/1294 */ ++ /* but likely not a proper fix. */ ++ if (precno >= res->pw * res->ph) { ++ opj_event_msg(p_manager, EVT_ERROR, ++ "opj_t2_encode_packet(): accessing precno=%u >= %u\n", ++ precno, res->pw * res->ph); ++ return OPJ_FALSE; ++ } ++ + prc = &band->precincts[precno]; + opj_tgt_reset(prc->incltree); + opj_tgt_reset(prc->imsbtree); diff --git a/openjpeg2_CVE-2020-27843.patch b/openjpeg2_CVE-2020-27843.patch new file mode 100644 index 0000000..d4705d6 --- /dev/null +++ b/openjpeg2_CVE-2020-27843.patch @@ -0,0 +1,19 @@ +diff -rupN --no-dereference openjpeg-2.3.1/src/lib/openjp2/t2.c openjpeg-2.3.1-new/src/lib/openjp2/t2.c +--- openjpeg-2.3.1/src/lib/openjp2/t2.c 2020-12-17 16:25:45.009030263 +0100 ++++ openjpeg-2.3.1-new/src/lib/openjp2/t2.c 2020-12-17 16:25:45.011030261 +0100 +@@ -787,6 +787,15 @@ static OPJ_BOOL opj_t2_encode_packet(OPJ + continue; + } + ++ /* Avoid out of bounds access of https://github.com/uclouvain/openjpeg/issues/1297 */ ++ /* but likely not a proper fix. */ ++ if (precno >= res->pw * res->ph) { ++ opj_event_msg(p_manager, EVT_ERROR, ++ "opj_t2_encode_packet(): accessing precno=%u >= %u\n", ++ precno, res->pw * res->ph); ++ return OPJ_FALSE; ++ } ++ + prc = &band->precincts[precno]; + l_nb_blocks = prc->cw * prc->ch; + cblk = prc->cblks.enc; diff --git a/openjpeg2_CVE-2020-27845.patch b/openjpeg2_CVE-2020-27845.patch new file mode 100644 index 0000000..1b8f41f --- /dev/null +++ b/openjpeg2_CVE-2020-27845.patch @@ -0,0 +1,63 @@ +diff -rupN --no-dereference openjpeg-2.3.1/src/lib/openjp2/pi.c openjpeg-2.3.1-new/src/lib/openjp2/pi.c +--- openjpeg-2.3.1/src/lib/openjp2/pi.c 2020-12-17 16:25:44.966030303 +0100 ++++ openjpeg-2.3.1-new/src/lib/openjp2/pi.c 2020-12-17 16:25:45.053030223 +0100 +@@ -238,6 +238,13 @@ static OPJ_BOOL opj_pi_next_lrcp(opj_pi_ + opj_pi_resolution_t *res = NULL; + OPJ_UINT32 index = 0; + ++ if (pi->poc.compno0 >= pi->numcomps || ++ pi->poc.compno1 >= pi->numcomps + 1) { ++ opj_event_msg(pi->manager, EVT_ERROR, ++ "opj_pi_next_lrcp(): invalid compno0/compno1\n"); ++ return OPJ_FALSE; ++ } ++ + if (!pi->first) { + comp = &pi->comps[pi->compno]; + res = &comp->resolutions[pi->resno]; +@@ -291,6 +298,13 @@ static OPJ_BOOL opj_pi_next_rlcp(opj_pi_ + opj_pi_resolution_t *res = NULL; + OPJ_UINT32 index = 0; + ++ if (pi->poc.compno0 >= pi->numcomps || ++ pi->poc.compno1 >= pi->numcomps + 1) { ++ opj_event_msg(pi->manager, EVT_ERROR, ++ "opj_pi_next_rlcp(): invalid compno0/compno1\n"); ++ return OPJ_FALSE; ++ } ++ + if (!pi->first) { + comp = &pi->comps[pi->compno]; + res = &comp->resolutions[pi->resno]; +@@ -337,6 +351,13 @@ static OPJ_BOOL opj_pi_next_rpcl(opj_pi_ + opj_pi_resolution_t *res = NULL; + OPJ_UINT32 index = 0; + ++ if (pi->poc.compno0 >= pi->numcomps || ++ pi->poc.compno1 >= pi->numcomps + 1) { ++ opj_event_msg(pi->manager, EVT_ERROR, ++ "opj_pi_next_rpcl(): invalid compno0/compno1\n"); ++ return OPJ_FALSE; ++ } ++ + if (!pi->first) { + goto LABEL_SKIP; + } else { +@@ -472,7 +493,7 @@ static OPJ_BOOL opj_pi_next_pcrl(opj_pi_ + if (pi->poc.compno0 >= pi->numcomps || + pi->poc.compno1 >= pi->numcomps + 1) { + opj_event_msg(pi->manager, EVT_ERROR, +- "opj_pi_next_pcrl(): invalid compno0/compno1"); ++ "opj_pi_next_pcrl(): invalid compno0/compno1\n"); + return OPJ_FALSE; + } + +@@ -610,7 +631,7 @@ static OPJ_BOOL opj_pi_next_cprl(opj_pi_ + if (pi->poc.compno0 >= pi->numcomps || + pi->poc.compno1 >= pi->numcomps + 1) { + opj_event_msg(pi->manager, EVT_ERROR, +- "opj_pi_next_cprl(): invalid compno0/compno1"); ++ "opj_pi_next_cprl(): invalid compno0/compno1\n"); + return OPJ_FALSE; + } + diff --git a/openjpeg2_CVE-2020-6851.patch b/openjpeg2_CVE-2020-6851.patch index 5e2cfd7..9962363 100644 --- a/openjpeg2_CVE-2020-6851.patch +++ b/openjpeg2_CVE-2020-6851.patch @@ -1,6 +1,6 @@ diff -rupN --no-dereference openjpeg-2.3.1/src/lib/openjp2/j2k.c openjpeg-2.3.1-new/src/lib/openjp2/j2k.c --- openjpeg-2.3.1/src/lib/openjp2/j2k.c 2019-04-02 14:45:15.000000000 +0200 -+++ openjpeg-2.3.1-new/src/lib/openjp2/j2k.c 2020-11-28 23:29:38.618863089 +0100 ++++ openjpeg-2.3.1-new/src/lib/openjp2/j2k.c 2020-12-17 16:25:44.708030540 +0100 @@ -9236,6 +9236,14 @@ static OPJ_BOOL opj_j2k_update_image_dim l_img_comp = p_image->comps; for (it_comp = 0; it_comp < p_image->numcomps; ++it_comp) { diff --git a/openjpeg2_CVE-2020-8112.patch b/openjpeg2_CVE-2020-8112.patch index dd6e1b9..a42190d 100644 --- a/openjpeg2_CVE-2020-8112.patch +++ b/openjpeg2_CVE-2020-8112.patch @@ -1,6 +1,6 @@ diff -rupN --no-dereference openjpeg-2.3.1/src/lib/openjp2/tcd.c openjpeg-2.3.1-new/src/lib/openjp2/tcd.c --- openjpeg-2.3.1/src/lib/openjp2/tcd.c 2019-04-02 14:45:15.000000000 +0200 -+++ openjpeg-2.3.1-new/src/lib/openjp2/tcd.c 2020-11-28 23:29:38.662863239 +0100 ++++ openjpeg-2.3.1-new/src/lib/openjp2/tcd.c 2020-12-17 16:25:44.754030498 +0100 @@ -905,8 +905,24 @@ static INLINE OPJ_BOOL opj_tcd_init_tile /* p. 64, B.6, ISO/IEC FDIS15444-1 : 2000 (18 august 2000) */ l_tl_prc_x_start = opj_int_floordivpow2(l_res->x0, (OPJ_INT32)l_pdx) << l_pdx; diff --git a/openjpeg2_opj2.patch b/openjpeg2_opj2.patch index f4ecd0c..38a810f 100644 --- a/openjpeg2_opj2.patch +++ b/openjpeg2_opj2.patch @@ -1,6 +1,6 @@ diff -rupN --no-dereference openjpeg-2.3.1/src/bin/jp2/CMakeLists.txt openjpeg-2.3.1-new/src/bin/jp2/CMakeLists.txt --- openjpeg-2.3.1/src/bin/jp2/CMakeLists.txt 2019-04-02 14:45:15.000000000 +0200 -+++ openjpeg-2.3.1-new/src/bin/jp2/CMakeLists.txt 2020-11-28 23:29:38.576862946 +0100 ++++ openjpeg-2.3.1-new/src/bin/jp2/CMakeLists.txt 2020-12-17 16:25:44.665030580 +0100 @@ -44,6 +44,8 @@ endif() # Loop over all executables: foreach(exe opj_decompress opj_compress opj_dump)