import UBI openjpeg2-2.5.2-5.el10

.gitignore

@@ -1 +1 @@
-SOURCES/openjpeg-2.4.0.tar.gz
+openjpeg-2.5.2.tar.gz

.openjpeg2.metadata

@@ -1 +0,0 @@
-bbbf4dc4d9ce95286843cd39ac2febd3fd516c9d SOURCES/openjpeg-2.4.0.tar.gz

SOURCES/openjpeg2-CVE-2021-29338.patch

@@ -1,165 +0,0 @@
-From efbfbbb723e100cfbcea287a30958bf678e83458 Mon Sep 17 00:00:00 2001
-From: Ariadne Conill <ariadne@dereferenced.org>
-Date: Tue, 27 Apr 2021 09:37:40 -0600
-Subject: [PATCH] opj_{compress,decompress,dump}: fix possible buffer overflows
- in path manipulation functions
-
----
- src/bin/jp2/opj_compress.c   | 12 ++++++------
- src/bin/jp2/opj_decompress.c | 13 ++++++-------
- src/bin/jp2/opj_dump.c       | 14 +++++++-------
- 3 files changed, 19 insertions(+), 20 deletions(-)
-
-diff --git a/src/bin/jp2/opj_compress.c b/src/bin/jp2/opj_compress.c
-index 6827484..d8f894c 100644
---- a/src/bin/jp2/opj_compress.c
-+++ b/src/bin/jp2/opj_compress.c
-@@ -543,8 +543,8 @@ static char * get_file_name(char *name)
- static char get_next_file(int imageno, dircnt_t *dirptr, img_fol_t *img_fol,
-                           opj_cparameters_t *parameters)
- {
--    char image_filename[OPJ_PATH_LEN], infilename[OPJ_PATH_LEN],
--         outfilename[OPJ_PATH_LEN], temp_ofname[OPJ_PATH_LEN];
-+    char image_filename[OPJ_PATH_LEN], infilename[OPJ_PATH_LEN * 2],
-+         outfilename[OPJ_PATH_LEN * 2], temp_ofname[OPJ_PATH_LEN];
-     char *temp_p, temp1[OPJ_PATH_LEN] = "";
- 
-     strcpy(image_filename, dirptr->filename[imageno]);
-@@ -553,7 +553,7 @@ static char get_next_file(int imageno, dircnt_t *dirptr, img_fol_t *img_fol,
-     if (parameters->decod_format == -1) {
-         return 1;
-     }
--    sprintf(infilename, "%s/%s", img_fol->imgdirpath, image_filename);
-+    snprintf(infilename, OPJ_PATH_LEN * 2, "%s/%s", img_fol->imgdirpath, image_filename);
-     if (opj_strcpy_s(parameters->infile, sizeof(parameters->infile),
-                      infilename) != 0) {
-         return 1;
-@@ -566,7 +566,7 @@ static char get_next_file(int imageno, dircnt_t *dirptr, img_fol_t *img_fol,
-         sprintf(temp1, ".%s", temp_p);
-     }
-     if (img_fol->set_out_format == 1) {
--        sprintf(outfilename, "%s/%s.%s", img_fol->imgdirpath, temp_ofname,
-+        snprintf(outfilename, OPJ_PATH_LEN * 2, "%s/%s.%s", img_fol->imgdirpath, temp_ofname,
-                 img_fol->out_format);
-         if (opj_strcpy_s(parameters->outfile, sizeof(parameters->outfile),
-                          outfilename) != 0) {
-@@ -1910,9 +1910,9 @@ int main(int argc, char **argv)
-         num_images = get_num_images(img_fol.imgdirpath);
-         dirptr = (dircnt_t*)malloc(sizeof(dircnt_t));
-         if (dirptr) {
--            dirptr->filename_buf = (char*)malloc(num_images * OPJ_PATH_LEN * sizeof(
-+            dirptr->filename_buf = (char*)calloc(num_images, OPJ_PATH_LEN * sizeof(
-                     char)); /* Stores at max 10 image file names*/
--            dirptr->filename = (char**) malloc(num_images * sizeof(char*));
-+            dirptr->filename = (char**) calloc(num_images, sizeof(char*));
-             if (!dirptr->filename_buf) {
-                 ret = 0;
-                 goto fin;
-diff --git a/src/bin/jp2/opj_decompress.c b/src/bin/jp2/opj_decompress.c
-index 2634907..e54e54f 100644
---- a/src/bin/jp2/opj_decompress.c
-+++ b/src/bin/jp2/opj_decompress.c
-@@ -455,13 +455,13 @@ const char* path_separator = "/";
- char get_next_file(int imageno, dircnt_t *dirptr, img_fol_t *img_fol,
-                    opj_decompress_parameters *parameters)
- {
--    char image_filename[OPJ_PATH_LEN], infilename[OPJ_PATH_LEN],
--         outfilename[OPJ_PATH_LEN], temp_ofname[OPJ_PATH_LEN];
-+    char image_filename[OPJ_PATH_LEN], infilename[OPJ_PATH_LEN * 2],
-+         outfilename[OPJ_PATH_LEN * 2], temp_ofname[OPJ_PATH_LEN];
-     char *temp_p, temp1[OPJ_PATH_LEN] = "";
- 
-     strcpy(image_filename, dirptr->filename[imageno]);
-     fprintf(stderr, "File Number %d \"%s\"\n", imageno, image_filename);
--    sprintf(infilename, "%s%s%s", img_fol->imgdirpath, path_separator,
-+    snprintf(infilename, OPJ_PATH_LEN * 2, "%s%s%s", img_fol->imgdirpath, path_separator,
-             image_filename);
-     parameters->decod_format = infile_format(infilename);
-     if (parameters->decod_format == -1) {
-@@ -479,7 +479,7 @@ char get_next_file(int imageno, dircnt_t *dirptr, img_fol_t *img_fol,
-         sprintf(temp1, ".%s", temp_p);
-     }
-     if (img_fol->set_out_format == 1) {
--        sprintf(outfilename, "%s/%s.%s", img_fol->imgdirpath, temp_ofname,
-+        snprintf(outfilename, OPJ_PATH_LEN * 2, "%s/%s.%s", img_fol->imgdirpath, temp_ofname,
-                 img_fol->out_format);
-         if (opj_strcpy_s(parameters->outfile, sizeof(parameters->outfile),
-                          outfilename) != 0) {
-@@ -1357,14 +1357,13 @@ int main(int argc, char **argv)
-             return EXIT_FAILURE;
-         }
-         /* Stores at max 10 image file names */
--        dirptr->filename_buf = (char*)malloc(sizeof(char) *
--                                             (size_t)num_images * OPJ_PATH_LEN);
-+        dirptr->filename_buf = calloc((size_t) num_images, sizeof(char) * OPJ_PATH_LEN);
-         if (!dirptr->filename_buf) {
-             failed = 1;
-             goto fin;
-         }
- 
--        dirptr->filename = (char**) malloc((size_t)num_images * sizeof(char*));
-+        dirptr->filename = (char**) calloc((size_t) num_images, sizeof(char*));
- 
-         if (!dirptr->filename) {
-             failed = 1;
-diff --git a/src/bin/jp2/opj_dump.c b/src/bin/jp2/opj_dump.c
-index 6e15fee..4e19c61 100644
---- a/src/bin/jp2/opj_dump.c
-+++ b/src/bin/jp2/opj_dump.c
-@@ -201,8 +201,8 @@ static int get_file_format(const char *filename)
- static char get_next_file(int imageno, dircnt_t *dirptr, img_fol_t *img_fol,
-                           opj_dparameters_t *parameters)
- {
--    char image_filename[OPJ_PATH_LEN], infilename[OPJ_PATH_LEN],
--         outfilename[OPJ_PATH_LEN], temp_ofname[OPJ_PATH_LEN];
-+    char image_filename[OPJ_PATH_LEN], infilename[OPJ_PATH_LEN * 2],
-+         outfilename[OPJ_PATH_LEN * 2], temp_ofname[OPJ_PATH_LEN];
-     char *temp_p, temp1[OPJ_PATH_LEN] = "";
- 
-     strcpy(image_filename, dirptr->filename[imageno]);
-@@ -211,7 +211,7 @@ static char get_next_file(int imageno, dircnt_t *dirptr, img_fol_t *img_fol,
-     if (parameters->decod_format == -1) {
-         return 1;
-     }
--    sprintf(infilename, "%s/%s", img_fol->imgdirpath, image_filename);
-+    snprintf(infilename, OPJ_PATH_LEN * 2, "%s/%s", img_fol->imgdirpath, image_filename);
-     if (opj_strcpy_s(parameters->infile, sizeof(parameters->infile),
-                      infilename) != 0) {
-         return 1;
-@@ -224,7 +224,7 @@ static char get_next_file(int imageno, dircnt_t *dirptr, img_fol_t *img_fol,
-         sprintf(temp1, ".%s", temp_p);
-     }
-     if (img_fol->set_out_format == 1) {
--        sprintf(outfilename, "%s/%s.%s", img_fol->imgdirpath, temp_ofname,
-+        snprintf(outfilename, OPJ_PATH_LEN * 2, "%s/%s.%s", img_fol->imgdirpath, temp_ofname,
-                 img_fol->out_format);
-         if (opj_strcpy_s(parameters->outfile, sizeof(parameters->outfile),
-                          outfilename) != 0) {
-@@ -457,7 +457,7 @@ int main(int argc, char *argv[])
-     opj_codestream_info_v2_t* cstr_info = NULL;
-     opj_codestream_index_t* cstr_index = NULL;
- 
--    OPJ_INT32 num_images, imageno;
-+    int num_images, imageno;
-     img_fol_t img_fol;
-     dircnt_t *dirptr = NULL;
- 
-@@ -486,13 +486,13 @@ int main(int argc, char *argv[])
-         if (!dirptr) {
-             return EXIT_FAILURE;
-         }
--        dirptr->filename_buf = (char*)malloc((size_t)num_images * OPJ_PATH_LEN * sizeof(
-+        dirptr->filename_buf = (char*) calloc((size_t) num_images, OPJ_PATH_LEN * sizeof(
-                 char)); /* Stores at max 10 image file names*/
-         if (!dirptr->filename_buf) {
-             free(dirptr);
-             return EXIT_FAILURE;
-         }
--        dirptr->filename = (char**) malloc((size_t)num_images * sizeof(char*));
-+        dirptr->filename = (char**) calloc((size_t) num_images, sizeof(char*));
- 
-         if (!dirptr->filename) {
-             goto fails;
--- 
-2.31.1
-

SOURCES/openjpeg2-CVE-2021-3575.patch

@@ -1,35 +0,0 @@
-From 409907d89878222cf9dea80f0add8f73e9383834 Mon Sep 17 00:00:00 2001
-From: Mehdi Sabwat <mehdisabwat@gmail.com>
-Date: Fri, 7 May 2021 01:50:37 +0200
-Subject: [PATCH] fix heap buffer overflow #1347
-
----
- src/bin/common/color.c | 9 ++++++---
- 1 file changed, 6 insertions(+), 3 deletions(-)
-
-diff --git a/src/bin/common/color.c b/src/bin/common/color.c
-index 27f15f1..935fa44 100644
---- a/src/bin/common/color.c
-+++ b/src/bin/common/color.c
-@@ -368,12 +368,15 @@ static void sycc420_to_rgb(opj_image_t *img)
- 
-             sycc_to_rgb(offset, upb, *y, *cb, *cr, r, g, b);
- 
--            ++y;
-+            if (*y != img->comps[0].data[loopmaxh])
-+                ++y;
-             ++r;
-             ++g;
-             ++b;
--            ++cb;
--            ++cr;
-+            if (*cb != img->comps[1].data[loopmaxh])
-+                ++cb;
-+            if (*cr != img->comps[2].data[loopmaxh])
-+                ++cr;
-         }
-         if (j < maxw) {
-             sycc_to_rgb(offset, upb, *y, *cb, *cr, r, g, b);
--- 
-2.31.1
-

SOURCES/openjpeg2-CVE-2022-1122.patch

@@ -1,26 +0,0 @@
-From 0afbdcf3e6d0d2bd2e16a0c4d513ee3cf86e460d Mon Sep 17 00:00:00 2001
-From: xiaoxiaoafeifei <lliangliang2007@163.com>
-Date: Wed, 14 Jul 2021 09:35:13 +0800
-Subject: [PATCH] Fix segfault in src/bin/jp2/opj_decompress.c due to
- uninitialized pointer (fixes #1368) (#1369)
-
----
- src/bin/jp2/opj_decompress.c | 2 +-
- 1 file changed, 1 insertion(+), 1 deletion(-)
-
-diff --git a/src/bin/jp2/opj_decompress.c b/src/bin/jp2/opj_decompress.c
-index 0e028735..18ead672 100644
---- a/src/bin/jp2/opj_decompress.c
-+++ b/src/bin/jp2/opj_decompress.c
-@@ -1356,7 +1356,7 @@ int main(int argc, char **argv)
-         int it_image;
-         num_images = get_num_images(img_fol.imgdirpath);
- 
--        dirptr = (dircnt_t*)malloc(sizeof(dircnt_t));
-+        dirptr = (dircnt_t*)calloc(1, sizeof(dircnt_t));
-         if (!dirptr) {
-             destroy_parameters(&parameters);
-             return EXIT_FAILURE;
--- 
-2.34.1
-

SOURCES/openjpeg2_coverity.patch

@@ -1,74 +0,0 @@
-diff --git a/src/bin/jp2/convertpng.c b/src/bin/jp2/convertpng.c
-index 00f596e..af3f91e 100644
---- a/src/bin/jp2/convertpng.c
-+++ b/src/bin/jp2/convertpng.c
-@@ -75,10 +75,10 @@ opj_image_t *pngtoimage(const char *read_idf, opj_cparameters_t * params)
-     png_uint_32  width, height = 0U;
-     int color_type;
-     FILE *reader = NULL;
--    OPJ_BYTE** rows = NULL;
--    OPJ_INT32* row32s = NULL;
-+    OPJ_BYTE** volatile rows = NULL;
-+    OPJ_INT32* volatile row32s = NULL;
-     /* j2k: */
--    opj_image_t *image = NULL;
-+    opj_image_t* volatile image = NULL;
-     opj_image_cmptparm_t cmptparm[4];
-     OPJ_UINT32 nr_comp;
-     OPJ_BYTE sigbuf[8];
-diff --git a/src/bin/jp2/converttif.c b/src/bin/jp2/converttif.c
-index 9d1037a..8d5002a 100644
---- a/src/bin/jp2/converttif.c
-+++ b/src/bin/jp2/converttif.c
-@@ -720,7 +720,7 @@ int imagetotif(opj_image_t * image, const char *outfile)
-         TIFFClose(tif);
-         return 1;
-     }
--    rowStride = (int64_t)((width * numcomps * bps + 7U) / 8U);
-+    rowStride = ((int64_t)width * numcomps * bps + 7U) / 8U;
-     if (rowStride != strip_size) {
-         fprintf(stderr, "Invalid TIFF strip size\n");
-         TIFFClose(tif);
-@@ -1283,8 +1283,6 @@ opj_image_t* tiftoimage(const char *filename, opj_cparameters_t *parameters)
-     TIFFGetField(tif, TIFFTAG_SAMPLESPERPIXEL, &tiSpp);
-     TIFFGetField(tif, TIFFTAG_PHOTOMETRIC, &tiPhoto);
-     TIFFGetField(tif, TIFFTAG_PLANARCONFIG, &tiPC);
--    w = (int)tiWidth;
--    h = (int)tiHeight;
- 
-     if (tiSpp == 0 || tiSpp > 4) { /* should be 1 ... 4 */
-         fprintf(stderr, "tiftoimage: Bad value for samples per pixel == %d.\n"
-@@ -1451,7 +1449,7 @@ opj_image_t* tiftoimage(const char *filename, opj_cparameters_t *parameters)
-         return NULL;
-     }
- 
--    rowStride = (int64_t)((tiWidth * tiSpp * tiBps + 7U) / 8U);
-+    rowStride = ((int64_t)tiWidth * tiSpp * tiBps + 7U) / 8U;
-     buffer32s = (OPJ_INT32 *)malloc(sizeof(OPJ_INT32) * tiWidth * tiSpp);
-     if (buffer32s == NULL) {
-         _TIFFfree(buf);
-diff --git a/src/lib/openjp2/j2k.c b/src/lib/openjp2/j2k.c
-index 8e343ab..c13d229 100644
---- a/src/lib/openjp2/j2k.c
-+++ b/src/lib/openjp2/j2k.c
-@@ -7075,7 +7075,7 @@ static OPJ_BOOL opj_j2k_is_imf_compliant(opj_cparameters_t *parameters,
-     /* Validate sublevel */
-     assert(sizeof(tabMaxSubLevelFromMainLevel) ==
-            (OPJ_IMF_MAINLEVEL_MAX + 1) * sizeof(tabMaxSubLevelFromMainLevel[0]));
--    if (sublevel > tabMaxSubLevelFromMainLevel[mainlevel]) {
-+    if (mainlevel <= OPJ_IMF_MAINLEVEL_MAX && sublevel > tabMaxSubLevelFromMainLevel[mainlevel]) {
-         opj_event_msg(p_manager, EVT_WARNING,
-                       "IMF profile require sublevel <= %d for mainlevel = %d.\n"
-                       "-> %d is thus not compliant\n"
-diff --git a/src/lib/openjp2/t2.c b/src/lib/openjp2/t2.c
-index 1481e16..d46bfb4 100644
---- a/src/lib/openjp2/t2.c
-+++ b/src/lib/openjp2/t2.c
-@@ -821,6 +821,7 @@ static OPJ_BOOL opj_t2_encode_packet(OPJ_UINT32 tileno,
-             opj_event_msg(p_manager, EVT_ERROR,
-                           "opj_t2_encode_packet(): accessing precno=%u >= %u\n",
-                           precno, res->pw * res->ph);
-+            opj_bio_destroy(bio);
-             return OPJ_FALSE;
-         }
- 

SOURCES/openjpeg2_opj2.patch

@@ -1,13 +0,0 @@
-diff --git a/src/bin/jp2/CMakeLists.txt b/src/bin/jp2/CMakeLists.txt
-index 4d4bd95..619ea51 100644
---- a/src/bin/jp2/CMakeLists.txt
-+++ b/src/bin/jp2/CMakeLists.txt
-@@ -44,6 +44,8 @@ endif()
- # Loop over all executables:
- foreach(exe opj_decompress opj_compress opj_dump)
-   add_executable(${exe} ${exe}.c ${common_SRCS})
-+  string(REPLACE "opj_" "opj2_" exe2 ${exe})
-+  set_target_properties(${exe} PROPERTIES OUTPUT_NAME ${exe2})
-   if(NOT ${CMAKE_VERSION} VERSION_LESS "2.8.12")
-     target_compile_options(${exe} PRIVATE ${OPENJP2_COMPILE_OPTIONS})
-   endif()

openjpeg2-2.5.2-cve-2024-56826.patch

@@ -0,0 +1,108 @@
+diff --git a/src/bin/common/color.c b/src/bin/common/color.c
+index ae5d648da..e4924a152 100644
+--- a/src/bin/common/color.c
++++ b/src/bin/common/color.c
+@@ -158,7 +158,7 @@ static void sycc422_to_rgb(opj_image_t *img)
+ {
+     int *d0, *d1, *d2, *r, *g, *b;
+     const int *y, *cb, *cr;
+-    size_t maxw, maxh, max, offx, loopmaxw;
++    size_t maxw, maxh, max, offx, loopmaxw, comp12w;
+     int offset, upb;
+     size_t i;
+ 
+@@ -167,6 +167,7 @@ static void sycc422_to_rgb(opj_image_t *img)
+     upb = (1 << upb) - 1;
+ 
+     maxw = (size_t)img->comps[0].w;
++    comp12w = (size_t)img->comps[1].w;
+     maxh = (size_t)img->comps[0].h;
+     max = maxw * maxh;
+ 
+@@ -212,13 +213,19 @@ static void sycc422_to_rgb(opj_image_t *img)
+             ++cr;
+         }
+         if (j < loopmaxw) {
+-            sycc_to_rgb(offset, upb, *y, *cb, *cr, r, g, b);
++            if (j / 2 == comp12w) {
++                sycc_to_rgb(offset, upb, *y, 0, 0, r, g, b);
++            } else {
++                sycc_to_rgb(offset, upb, *y, *cb, *cr, r, g, b);
++            }
+             ++y;
+             ++r;
+             ++g;
+             ++b;
+-            ++cb;
+-            ++cr;
++            if (j / 2 < comp12w) {
++                ++cb;
++                ++cr;
++            }
+         }
+     }
+ 
+@@ -246,7 +253,7 @@ static void sycc420_to_rgb(opj_image_t *img)
+ {
+     int *d0, *d1, *d2, *r, *g, *b, *nr, *ng, *nb;
+     const int *y, *cb, *cr, *ny;
+-    size_t maxw, maxh, max, offx, loopmaxw, offy, loopmaxh;
++    size_t maxw, maxh, max, offx, loopmaxw, offy, loopmaxh, comp12w;
+     int offset, upb;
+     size_t i;
+ 
+@@ -255,6 +262,7 @@ static void sycc420_to_rgb(opj_image_t *img)
+     upb = (1 << upb) - 1;
+ 
+     maxw = (size_t)img->comps[0].w;
++    comp12w = (size_t)img->comps[1].w;
+     maxh = (size_t)img->comps[0].h;
+     max = maxw * maxh;
+ 
+@@ -336,19 +344,29 @@ static void sycc420_to_rgb(opj_image_t *img)
+             ++cr;
+         }
+         if (j < loopmaxw) {
+-            sycc_to_rgb(offset, upb, *y, *cb, *cr, r, g, b);
++            if (j / 2 == comp12w) {
++                sycc_to_rgb(offset, upb, *y, 0, 0, r, g, b);
++            } else {
++                sycc_to_rgb(offset, upb, *y, *cb, *cr, r, g, b);
++            }
+             ++y;
+             ++r;
+             ++g;
+             ++b;
+ 
+-            sycc_to_rgb(offset, upb, *ny, *cb, *cr, nr, ng, nb);
++            if (j / 2 == comp12w) {
++                sycc_to_rgb(offset, upb, *ny, 0, 0, nr, ng, nb);
++            } else {
++                sycc_to_rgb(offset, upb, *ny, *cb, *cr, nr, ng, nb);
++            }
+             ++ny;
+             ++nr;
+             ++ng;
+             ++nb;
+-            ++cb;
+-            ++cr;
++            if (j / 2 < comp12w) {
++                ++cb;
++                ++cr;
++            }
+         }
+         y += maxw;
+         r += maxw;
+@@ -384,7 +402,11 @@ static void sycc420_to_rgb(opj_image_t *img)
+             ++cr;
+         }
+         if (j < loopmaxw) {
+-            sycc_to_rgb(offset, upb, *y, *cb, *cr, r, g, b);
++            if (j / 2 == comp12w) {
++                sycc_to_rgb(offset, upb, *y, 0, 0, r, g, b);
++            } else {
++                sycc_to_rgb(offset, upb, *y, *cb, *cr, r, g, b);
++            }
+         }
+     }
+ 

openjpeg2-2.5.2-cve-2024-56827.patch

@@ -0,0 +1,14 @@
+diff --git a/src/lib/openjp2/j2k.c b/src/lib/openjp2/j2k.c
+index 7dc389fa2..b5903a59c 100644
+--- a/src/lib/openjp2/j2k.c
++++ b/src/lib/openjp2/j2k.c
+@@ -8456,7 +8456,8 @@ static OPJ_BOOL opj_j2k_add_tlmarker(OPJ_UINT32 tileno,
+     if (type == J2K_MS_SOT) {
+         OPJ_UINT32 l_current_tile_part = cstr_index->tile_index[tileno].current_tpsno;
+ 
+-        if (cstr_index->tile_index[tileno].tp_index) {
++        if (cstr_index->tile_index[tileno].tp_index &&
++                l_current_tile_part < cstr_index->tile_index[tileno].nb_tps) {
+             cstr_index->tile_index[tileno].tp_index[l_current_tile_part].start_pos = pos;
+         }
+ 

openjpeg2-2.5.2-pr1753.diff

@@ -0,0 +1,13 @@
+diff --git a/src/lib/openjp2/jp2.c b/src/lib/openjp2/jp2.c
+index 4df055a54..da5063186 100644
+--- a/src/lib/openjp2/jp2.c
++++ b/src/lib/openjp2/jp2.c
+@@ -2873,7 +2873,7 @@ OPJ_BOOL opj_jp2_read_header(opj_stream_private_t *p_stream,
+                               p_image,
+                               p_manager);
+ 
+-    if (p_image && *p_image) {
++    if (ret && p_image && *p_image) {
+         /* Set Image Color Space */
+         if (jp2->enumcs == 16) {
+             (*p_image)->color_space = OPJ_CLRSPC_SRGB;

openjpeg2.spec

@@ -3,13 +3,22 @@
 
 #global optional_components 1
 
+# https://bugzilla.redhat.com/show_bug.cgi?id=1751749
+%global _target_platform %{_vendor}-%{_target_os}
+
+%if 0%{?flatpak} || 0%{?rhel}
+%bcond_with mingw
+%else
+%bcond_without mingw
+%endif
+
 Name:           openjpeg2
-Version:        2.4.0
+Version:        2.5.2
 Release:        5%{?dist}
 Summary:        C-Library for JPEG 2000
 
 # windirent.h is MIT, the rest is BSD
-License:        BSD and MIT
+License:        BSD-2-Clause AND MIT
 URL:            https://github.com/uclouvain/openjpeg
 Source0:        https://github.com/uclouvain/openjpeg/archive/v%{version}/openjpeg-%{version}.tar.gz
 %if 0%{?runcheck}
@@ -19,30 +28,53 @@ Source1:        data.tar.xz
 
 # Rename tool names to avoid conflicts with openjpeg-1.x
 Patch0:         openjpeg2_opj2.patch
-
-# Fix Coverity issues
-Patch1:         openjpeg2_coverity.patch
-
-# Fix CVE-2021-29338
-Patch2:         openjpeg2-CVE-2021-29338.patch
-# Fix CVE-2021-3575
-Patch3:         openjpeg2-CVE-2021-3575.patch
-Patch4:         openjpeg2-CVE-2022-1122.patch
+Patch1:         openjpeg2-2.5.2-cve-2024-56826.patch
+Patch2:         openjpeg2-2.5.2-cve-2024-56827.patch
+# from upstream, for <= 2.5.3, RHEL-107568, CVE-2025-54784
+Patch3:         openjpeg2-2.5.2-pr1753.diff
 
 BuildRequires:  cmake
-BuildRequires:  gcc
+BuildRequires:  doxygen
+# The library itself is C only, but there is some optional C++ stuff, hence the project is not marked as C-only in cmake and hence cmake looks for a c++ compiler
+BuildRequires:  gcc-c++
 BuildRequires:  make
-BuildRequires:  zlib-devel
+BuildRequires:  jbigkit-devel
+BuildRequires:  lcms2-devel
+BuildRequires:  liblerc-devel
+BuildRequires:  libjpeg-turbo-devel
 BuildRequires:  libpng-devel
 BuildRequires:  libtiff-devel
-BuildRequires:  lcms2-devel
-BuildRequires:  doxygen
-
+BuildRequires:  libwebp-devel
+BuildRequires:  libzstd-devel
+BuildRequires:  zlib-devel
 %if 0%{?optional_components}
 BuildRequires:  java-devel
 BuildRequires:  xerces-j2
 %endif
 
+%if %{with mingw}
+BuildRequires:  mingw32-filesystem >= 95
+BuildRequires:  mingw32-gcc
+BuildRequires:  mingw32-lcms2
+BuildRequires:  mingw32-libjpeg-turbo
+BuildRequires:  mingw32-libpng
+BuildRequires:  mingw32-libtiff
+BuildRequires:  mingw32-libwebp
+BuildRequires:  mingw32-zlib
+BuildRequires:  mingw32-zstd
+
+BuildRequires:  mingw64-filesystem >= 95
+BuildRequires:  mingw64-gcc
+BuildRequires:  mingw64-lcms2
+BuildRequires:  mingw64-libjpeg-turbo
+BuildRequires:  mingw64-libpng
+BuildRequires:  mingw64-libtiff
+BuildRequires:  mingw64-libwebp
+BuildRequires:  mingw64-zlib
+BuildRequires:  mingw64-zstd
+%endif
+
+
 %description
 The OpenJPEG library is an open-source JPEG 2000 library developed in order to
 promote the use of JPEG 2000.
@@ -167,6 +199,7 @@ Development files for OpenJPEG2 JPIP module
 
 %package jpip-tools
 Summary:        OpenJPEG2 JPIP module command line tools
+License:        BSD-2-Clause AND LGPL-2.0-or-later WITH WxWindows-exception-3.1
 Requires:       %{name}-jpip%{?_isa} = %{version}-%{release}
 Requires:       jpackage-utils
 Requires:       java
@@ -205,6 +238,45 @@ OpenJPEG2 JP3D module command line tools
 %endif
 
 
+%if %{with mingw}
+%package -n mingw32-%{name}
+Summary:       MinGW Windows %{name} library
+BuildArch:     noarch
+
+%description -n mingw32-%{name}
+%{summary}.
+
+
+%package -n mingw32-%{name}-tools
+Summary:       Tools for the MinGW Windows %{name} library
+Requires:      mingw32-%{name} = %{version}-%{release}
+BuildArch:     noarch
+
+%description -n mingw32-%{name}-tools
+%{summary}.
+
+
+%package -n mingw64-%{name}
+Summary:       MinGW Windows %{name} library
+BuildArch:     noarch
+
+%description -n mingw64-%{name}
+%{summary}.
+
+
+%package -n mingw64-%{name}-tools
+Summary:       Tools for the MinGW Windows %{name} library
+Requires:      mingw64-%{name} = %{version}-%{release}
+BuildArch:     noarch
+
+%description -n mingw64-%{name}-tools
+%{summary}.
+
+
+%{?mingw_debug_package}
+%endif
+
+
 %prep
 %autosetup -p1 -n openjpeg-%{version} %{?runcheck:-a 1}
 
@@ -213,8 +285,7 @@ find thirdparty/ -mindepth 1 -maxdepth 1 -type d -exec rm -rf {} \;
 
 
 %build
-mkdir %{_target_platform}
-pushd %{_target_platform}
+# Native build
 # TODO: Consider
 # -DBUILD_JPIP_SERVER=ON -DBUILD_JAVA=ON
 %cmake -DCMAKE_BUILD_TYPE=RelWithDebInfo -DOPENJPEG_INSTALL_LIB_DIR=%{_lib} \
@@ -222,15 +293,19 @@ pushd %{_target_platform}
     -DBUILD_DOC=ON \
     -DBUILD_STATIC_LIBS=OFF \
     -DBUILD_SHARED_LIBS=ON \
-    %{?runcheck:-DBUILD_TESTING:BOOL=ON -DOPJ_DATA_ROOT=$PWD/../data} \
-    ..
-popd
+    %{?runcheck:-DBUILD_TESTING:BOOL=ON -DOPJ_DATA_ROOT=$PWD/../data}
+%cmake_build
 
-%make_build VERBOSE=1 -C %{_target_platform}
+%if %{with mingw}
+# MinGW build
+%mingw_cmake -DCMAKE_BUILD_TYPE=RelWithDebInfo -DBUILD_PKGCONFIG_FILES=ON .
+%mingw_make_build
+%endif
 
 
 %install
-%make_install -C %{_target_platform}
+# Native build
+%cmake_install
 
 mv %{buildroot}%{_mandir}/man1/opj_compress.1 %{buildroot}%{_mandir}/man1/opj2_compress.1
 mv %{buildroot}%{_mandir}/man1/opj_decompress.1 %{buildroot}%{_mandir}/man1/opj2_decompress.1
@@ -249,34 +324,43 @@ EOF
 chmod +x %{buildroot}%{_bindir}/opj2_jpip_viewer
 %endif
 
+%if %{with mingw}
+# MinGW build
+%mingw_make_install
 
-%ldconfig_scriptlets
+# Delete files to exclude from package
+rm -rf %{buildroot}%{mingw32_mandir}
+rm -rf %{buildroot}%{mingw64_mandir}
+rm -rf %{buildroot}%{mingw32_datadir}/doc
+rm -rf %{buildroot}%{mingw64_datadir}/doc
+
+
+%mingw_debug_install_post
+%endif
 
 
 %check
 %if 0%{?runcheck}
-make test -C %{_target_platform}
+%ctest
 %endif
 
 
 %files
-%{!?_licensedir:%global license %doc}
 %license LICENSE
 %doc AUTHORS.md NEWS.md README.md THANKS.md
 %{_libdir}/libopenjp2.so.*
 %{_mandir}/man3/libopenjp2.3*
 
 %files devel
-%dir %{_includedir}/openjpeg-2.4/
-%{_includedir}/openjpeg-2.4/openjpeg.h
-%{_includedir}/openjpeg-2.4/opj_config.h
-%{_includedir}/openjpeg-2.4/opj_stdint.h
+%dir %{_includedir}/openjpeg-2.5/
+%{_includedir}/openjpeg-2.5/openjpeg.h
+%{_includedir}/openjpeg-2.5/opj_config.h
 %{_libdir}/libopenjp2.so
-%{_libdir}/openjpeg-2.4/
+%{_libdir}/cmake/openjpeg-2.5/
 %{_libdir}/pkgconfig/libopenjp2.pc
 
 %files devel-docs
-%doc %{_target_platform}/doc/html
+%doc %{__cmake_builddir}/doc/html
 
 %files tools
 %{_bindir}/opj2_compress
@@ -330,59 +414,151 @@ make test -C %{_target_platform}
 %{_bindir}/opj2_jp3d*
 %endif
 
+%if %{with mingw}
+%files -n mingw32-%{name}
+%license LICENSE
+%{mingw32_bindir}/libopenjp2.dll
+%{mingw32_libdir}/libopenjp2.dll.a
+%{mingw32_includedir}/openjpeg-2.5/
+%{mingw32_libdir}/pkgconfig/libopenjp2.pc
+%{mingw32_libdir}/cmake/openjpeg-2.5/
+
+%files -n mingw32-%{name}-tools
+%{mingw32_bindir}/opj2_compress.exe
+%{mingw32_bindir}/opj2_decompress.exe
+%{mingw32_bindir}/opj2_dump.exe
+
+%files -n mingw64-%{name}
+%license LICENSE
+%{mingw64_bindir}/libopenjp2.dll
+%{mingw64_libdir}/libopenjp2.dll.a
+%{mingw64_includedir}/openjpeg-2.5/
+%{mingw64_libdir}/pkgconfig/libopenjp2.pc
+%{mingw64_libdir}/cmake/openjpeg-2.5/
+
+%files -n mingw64-%{name}-tools
+%{mingw64_bindir}/opj2_compress.exe
+%{mingw64_bindir}/opj2_decompress.exe
+%{mingw64_bindir}/opj2_dump.exe
+%endif
+
 
 %changelog
-* Wed Jun 15 2022 Matej Mužila <mmuzila@redhat.com> - 2.4.0-5
-- Fix CVE-2022-1122
+* Mon Aug 11 2025 Michal Hlavinka <mhlavink@redhat.com> - 2.5.2-5
+- fix CVE-2025-54874: OOB heap memory write (RHEL-107568)
 
-* Fri Jul 02 2021 Nikola Forró <nforro@redhat.com> - 2.4.0-4
-- Fix Covscan defect
+* Thu Jan 23 2025 Michal Hlavinka <mhlavink@redhat.com> - 2.5.2-4
+- fix two heap buffer overflows CVE-2024-56826 and CVE-2024-52827 (RHEL-72518,RHEL-72520)
 
-* Wed Jun 09 2021 Nikola Forró <nforro@redhat.com> - 2.4.0-3
-- Fix CVE-2021-3575 (#1969279)
-- Fix resource leak identified by Covscan
+* Tue Oct 29 2024 Troy Dawson <tdawson@redhat.com> - 2.5.2-3
+- Bump release for October 2024 mass rebuild:
+  Resolves: RHEL-64018
 
-* Wed Jun 02 2021 Nikola Forró <nforro@redhat.com> - 2.4.0-2
-- Fix CVE-2021-29338 (#1951332)
+* Sat Jul 20 2024 Michal Hlavinka <mhlavink@redhat.com> - 2.5.2-2
+- rebuild
 
-* Mon Mar 01 2021 Nikola Forró <nforro@redhat.com> - 2.4.0-1
-- Rebase to 2.4.0
-- Resolves: CVE-2018-5727 (#1538467)
-- Resolves: CVE-2018-5785 (#1538556)
-- Resolves: CVE-2018-20845 (#1730679)
-- Resolves: CVE-2018-20847 (#1734337)
-- Resolves: CVE-2019-12973 (#1739076)
-- Resolves: CVE-2020-15389 (#1855115)
-- Resolves: CVE-2020-27814 (#1908965)
-- Resolves: CVE-2020-27823 (#1906222)
-- Resolves: CVE-2020-27824 (#1906216)
-- Resolves: CVE-2020-27842 (#1908165)
-- Resolves: CVE-2020-27843 (#1908164)
-- Resolves: CVE-2020-27845 (#1908168)
+* Thu Jul 18 2024 Michal Hlavinka <mhlavink@redhat.com> - 2.5.2-1
+- updated to 2.5.2 (#RHEL-48781)
 
-* Mon Feb 10 2020 Nikola Forró <nforro@redhat.com> - 2.3.1-6
-- Fix CVE-2020-8112 (#1801034)
+* Mon Jun 24 2024 Troy Dawson <tdawson@redhat.com> - 2.5.0-8
+- Bump release for June 2024 mass rebuild
 
-* Tue Jan 14 2020 Nikola Forró <nforro@redhat.com> - 2.3.1-5
-- Fix CVE-2020-6851 (#1790590)
+* Thu Jan 25 2024 Fedora Release Engineering <releng@fedoraproject.org> - 2.5.0-7
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild
 
-* Wed Dec 04 2019 Nikola Forró <nforro@redhat.com> - 2.3.1-4
-- Add upstream test suite and enable it in gating
+* Sun Jan 21 2024 Fedora Release Engineering <releng@fedoraproject.org> - 2.5.0-6
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild
 
-* Fri Nov 29 2019 Nikola Forró <nforro@redhat.com> - 2.3.1-3
-- Fix Coverity issues
+* Tue Sep 26 2023 Sandro Mani <manisandro@gmail.com> - 2.5.0-5
+- BR: liblerc-devel
 
-* Wed Nov 20 2019 Nikola Forró <nforro@redhat.com> - 2.3.1-2
-- Fix unbundling third party libraries (#1757823)
+* Thu Jul 20 2023 Fedora Release Engineering <releng@fedoraproject.org> - 2.5.0-4
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_39_Mass_Rebuild
 
-* Fri May 31 2019 Nikola Forró <nforro@redhat.com> - 2.3.1-1
-- Rebase to 2.3.1 (#1704255)
+* Thu Jan 19 2023 Fedora Release Engineering <releng@fedoraproject.org> - 2.5.0-3
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_38_Mass_Rebuild
 
-* Tue Oct 16 2018 Nikola Forró <nforro@redhat.com> - 2.3.0-8
-- Fix important Covscan defects (#1602643)
+* Fri Jul 22 2022 Fedora Release Engineering <releng@fedoraproject.org> - 2.5.0-2
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_37_Mass_Rebuild
 
-* Mon Oct 15 2018 Nikola Forró <nforro@redhat.com> - 2.3.0-7
-- Fix CVE-2018-18088 (#1638562)
+* Mon May 16 2022 Sandro Mani <manisandro@gmail.com> - 2.5.0-1
+- Update to 2.5.0
+
+* Fri May 13 2022 Tomas Popela <tpopela@redhat.com> - 2.4.0-11
+- Introduce a switch for mingw builds and turn it off when building the flatpaks
+  (flatpak-common module)
+
+* Mon Mar 28 2022 Sandro Mani <manisandro@gmail.com> - 2.4.0-10
+- Backport fix for CVE-2022-1122
+
+* Fri Mar 25 2022 Sandro Mani <manisandro@gmail.com> - 2.4.0-8
+- Rebuild with mingw-gcc-12
+
+* Thu Feb 24 2022 Sandro Mani <manisandro@gmail.com> - 2.4.0-7
+- Make mingw subpackages noarch
+
+* Sat Feb 19 2022 Sandro Mani <manisandro@gmail.com> - 2.4.0-6
+- Add mingw subpackage
+
+* Thu Jan 20 2022 Fedora Release Engineering <releng@fedoraproject.org> - 2.4.0-5
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_36_Mass_Rebuild
+
+* Thu Jul 22 2021 Fedora Release Engineering <releng@fedoraproject.org> - 2.4.0-4
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_35_Mass_Rebuild
+
+* Thu May 27 2021 Sandro Mani <manisandro@gmail.com> - 2.4.0-3
+- Apply proposed patches for CVE-2021-29338 and a heap buffer overflow (#1957616)
+
+* Tue Jan 26 2021 Fedora Release Engineering <releng@fedoraproject.org> - 2.4.0-2
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_34_Mass_Rebuild
+
+* Tue Dec 29 2020 Sandro Mani <manisandro@gmail.com> - 2.4.0-1
+- Update to 2.4.0
+
+* Thu Dec 17 2020 Sandro Mani <manisandro@gmail.com> - 2.3.1-10
+* Backport patches for CVE-2020-27841, CVE-2020-27842, CVE-2020-27843, CVE-2020-27845
+
+* Thu Dec 10 2020 Sandro Mani <manisandro@gmail.com> - 2.3.1-9
+* Backport patches for CVE-2020-27824 and CVE-2020-27823
+
+* Sat Nov 28 2020 Sandro Mani <manisandro@gmail.com> - 2.3.1-8
+- Backport patch for CVE-2020-27814
+
+* Tue Jul 28 2020 Fedora Release Engineering <releng@fedoraproject.org> - 2.3.1-7
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_33_Mass_Rebuild
+
+* Thu Feb 13 2020 Sandro Mani <manisandro@gmail.com> - 2.3.1-6
+- Backport patch for CVE 2020-8112
+
+* Wed Jan 29 2020 Fedora Release Engineering <releng@fedoraproject.org> - 2.3.1-5
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_32_Mass_Rebuild
+
+* Fri Jan 17 2020 Sandro Mani <manisandro@gmail.com> - 2.3.1-4
+- Backport patch for CVE 2020-6851
+
+* Wed Oct 02 2019 Sandro Mani <manisandro@gmail.com> - 2.3.1-3
+- Fix unbundling 3rd party libraries (#1757822)
+
+* Thu Jul 25 2019 Fedora Release Engineering <releng@fedoraproject.org> - 2.3.1-2
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_31_Mass_Rebuild
+
+* Tue Apr 02 2019 Sandro Mani <manisandro@gmail.com> - 2.3.1-1
+- Update to 2.3.1
+
+* Fri Feb 01 2019 Fedora Release Engineering <releng@fedoraproject.org> - 2.3.0-11
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_30_Mass_Rebuild
+
+* Thu Dec 20 2018 Sandro Mani <manisandro@gmail.com> - 2.3.0-10
+- Backport patches for CVE-2018-18088, CVE-2018-6616
+
+* Thu Oct 04 2018 Sandro Mani <manisandro@gmail.com> - 2.3.0-9
+- Backport patch for CVE-2018-5785 (#1537758)
+
+* Fri Jul 13 2018 Fedora Release Engineering <releng@fedoraproject.org> - 2.3.0-8
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_29_Mass_Rebuild
+
+* Wed Mar 07 2018 Sandro Mani <manisandro@gmail.com> - 2.3.0-7
+- BR: gcc-c++
 
 * Mon Feb 19 2018 Sandro Mani <manisandro@gmail.com> - 2.3.0-6
 - Add missing BR: gcc, make

openjpeg2_opj2.patch

@@ -0,0 +1,12 @@
+diff -rupN --no-dereference openjpeg-2.5.2/src/bin/jp2/CMakeLists.txt openjpeg-2.5.2-new/src/bin/jp2/CMakeLists.txt
+--- openjpeg-2.5.2/src/bin/jp2/CMakeLists.txt	2024-02-28 14:32:43.000000000 +0100
++++ openjpeg-2.5.2-new/src/bin/jp2/CMakeLists.txt	2024-02-28 17:24:59.806790712 +0100
+@@ -44,6 +44,8 @@ endif()
+ # Loop over all executables:
+ foreach(exe opj_decompress opj_compress opj_dump)
+   add_executable(${exe} ${exe}.c ${common_SRCS})
++  string(REPLACE "opj_" "opj2_" exe2 ${exe})
++  set_target_properties(${exe} PROPERTIES OUTPUT_NAME ${exe2})
+   target_compile_options(${exe} PRIVATE ${OPENJP2_COMPILE_OPTIONS})
+   target_link_libraries(${exe} ${OPENJPEG_LIBRARY_NAME}
+     ${PNG_LIBNAME} ${TIFF_LIBNAME} ${LCMS_LIBNAME}

sources

@@ -0,0 +1 @@
+SHA512 (openjpeg-2.5.2.tar.gz) = 24c058b3e0710e689ba7fd6bce8a88353ce64e825b2e5bbf6b00ca3f2a2ec1e9c70a72e0252a5c89d10c537cf84d55af54bf2f16c58ca01db98c2018cf132e1a