From fa23ae3b21d13719ea1d19bddf6c01af59edba4e Mon Sep 17 00:00:00 2001 From: Sandro Mani Date: Mon, 28 Mar 2022 22:01:33 +0200 Subject: [PATCH] Backport fix for CVE-2022-1122 --- CVE-2022-1122.patch | 12 ++++++++++++ openjpeg2.spec | 8 +++++++- 2 files changed, 19 insertions(+), 1 deletion(-) create mode 100644 CVE-2022-1122.patch diff --git a/CVE-2022-1122.patch b/CVE-2022-1122.patch new file mode 100644 index 0000000..7b3f905 --- /dev/null +++ b/CVE-2022-1122.patch @@ -0,0 +1,12 @@ +diff -rupN --no-dereference openjpeg-2.4.0/src/bin/jp2/opj_decompress.c openjpeg-2.4.0-new/src/bin/jp2/opj_decompress.c +--- openjpeg-2.4.0/src/bin/jp2/opj_decompress.c 2022-03-28 22:01:04.615605223 +0200 ++++ openjpeg-2.4.0-new/src/bin/jp2/opj_decompress.c 2022-03-28 22:01:04.662605454 +0200 +@@ -1351,7 +1351,7 @@ int main(int argc, char **argv) + int it_image; + num_images = get_num_images(img_fol.imgdirpath); + +- dirptr = (dircnt_t*)malloc(sizeof(dircnt_t)); ++ dirptr = (dircnt_t*)calloc(1, sizeof(dircnt_t)); + if (!dirptr) { + destroy_parameters(¶meters); + return EXIT_FAILURE; diff --git a/openjpeg2.spec b/openjpeg2.spec index 862f00e..9667202 100644 --- a/openjpeg2.spec +++ b/openjpeg2.spec @@ -8,7 +8,7 @@ Name: openjpeg2 Version: 2.4.0 -Release: 8%{?dist} +Release: 10%{?dist} Summary: C-Library for JPEG 2000 # windirent.h is MIT, the rest is BSD @@ -29,6 +29,9 @@ Patch1: CVE-2021-29338.patch # Backport proposed patch for heap buffer overflow (#1957616) # See https://github.com/uclouvain/openjpeg/issues/1347 Patch2: heap-buffer-overflow.patch +# Backport patch for CVE-2022-1122 +# See https://github.com/uclouvain/openjpeg/commit/0afbdcf3e6d0d2bd2e16a0c4d513ee3cf86e460d +Patch3: CVE-2022-1122.patch BuildRequires: cmake @@ -422,6 +425,9 @@ rm -rf %{buildroot}%{mingw64_datadir}/doc %changelog +* Mon Mar 28 2022 Sandro Mani - 2.4.0-10 +- Backport fix for CVE-2022-1122 + * Fri Mar 25 2022 Sandro Mani - 2.4.0-8 - Rebuild with mingw-gcc-12