3 changed files with 70 additions and 134 deletions
--- a/SOURCES/openjpeg2_coverity.patch
+++ b/SOURCES/openjpeg2_coverity.patch
@ -1,74 +0,0 @@
-diff --git a/src/bin/jp2/convertpng.c b/src/bin/jp2/convertpng.c
-index 00f596e..af3f91e 100644
--- a/src/bin/jp2/convertpng.c
-+++ b/src/bin/jp2/convertpng.c
-@@ -75,10 +75,10 @@ opj_image_t *pngtoimage(const char *read_idf, opj_cparameters_t * params)
-     png_uint_32  width, height = 0U;
-     int color_type;
-     FILE *reader = NULL;
-    OPJ_BYTE** rows = NULL;
-    OPJ_INT32* row32s = NULL;
-+    OPJ_BYTE** volatile rows = NULL;
-+    OPJ_INT32* volatile row32s = NULL;
-     /* j2k: */
-    opj_image_t *image = NULL;
-+    opj_image_t* volatile image = NULL;
-     opj_image_cmptparm_t cmptparm[4];
-     OPJ_UINT32 nr_comp;
-     OPJ_BYTE sigbuf[8];
-diff --git a/src/bin/jp2/converttif.c b/src/bin/jp2/converttif.c
-index 9d1037a..8d5002a 100644
--- a/src/bin/jp2/converttif.c
-+++ b/src/bin/jp2/converttif.c
-@@ -720,7 +720,7 @@ int imagetotif(opj_image_t * image, const char *outfile)
-         TIFFClose(tif);
-         return 1;
-     }
-    rowStride = (int64_t)((width * numcomps * bps + 7U) / 8U);
-+    rowStride = ((int64_t)width * numcomps * bps + 7U) / 8U;
-     if (rowStride != strip_size) {
-         fprintf(stderr, "Invalid TIFF strip size\n");
-         TIFFClose(tif);
-@@ -1283,8 +1283,6 @@ opj_image_t* tiftoimage(const char *filename, opj_cparameters_t *parameters)
-     TIFFGetField(tif, TIFFTAG_SAMPLESPERPIXEL, &tiSpp);
-     TIFFGetField(tif, TIFFTAG_PHOTOMETRIC, &tiPhoto);
-     TIFFGetField(tif, TIFFTAG_PLANARCONFIG, &tiPC);
-    w = (int)tiWidth;
-    h = (int)tiHeight;
- 
-     if (tiSpp == 0 || tiSpp > 4) { /* should be 1 ... 4 */
-         fprintf(stderr, "tiftoimage: Bad value for samples per pixel == %d.\n"
-@@ -1451,7 +1449,7 @@ opj_image_t* tiftoimage(const char *filename, opj_cparameters_t *parameters)
-         return NULL;
-     }
- 
-    rowStride = (int64_t)((tiWidth * tiSpp * tiBps + 7U) / 8U);
-+    rowStride = ((int64_t)tiWidth * tiSpp * tiBps + 7U) / 8U;
-     buffer32s = (OPJ_INT32 *)malloc(sizeof(OPJ_INT32) * tiWidth * tiSpp);
-     if (buffer32s == NULL) {
-         _TIFFfree(buf);
-diff --git a/src/lib/openjp2/j2k.c b/src/lib/openjp2/j2k.c
-index 8e343ab..c13d229 100644
--- a/src/lib/openjp2/j2k.c
-+++ b/src/lib/openjp2/j2k.c
-@@ -7075,7 +7075,7 @@ static OPJ_BOOL opj_j2k_is_imf_compliant(opj_cparameters_t *parameters,
-     /* Validate sublevel */
-     assert(sizeof(tabMaxSubLevelFromMainLevel) ==
-            (OPJ_IMF_MAINLEVEL_MAX + 1) * sizeof(tabMaxSubLevelFromMainLevel[0]));
-    if (sublevel > tabMaxSubLevelFromMainLevel[mainlevel]) {
-+    if (mainlevel <= OPJ_IMF_MAINLEVEL_MAX && sublevel > tabMaxSubLevelFromMainLevel[mainlevel]) {
-         opj_event_msg(p_manager, EVT_WARNING,
-                       "IMF profile require sublevel <= %d for mainlevel = %d.\n"
-                       "-> %d is thus not compliant\n"
-diff --git a/src/lib/openjp2/t2.c b/src/lib/openjp2/t2.c
-index 1481e16..d46bfb4 100644
--- a/src/lib/openjp2/t2.c
-+++ b/src/lib/openjp2/t2.c
-@@ -821,6 +821,7 @@ static OPJ_BOOL opj_t2_encode_packet(OPJ_UINT32 tileno,
-             opj_event_msg(p_manager, EVT_ERROR,
-                           "opj_t2_encode_packet(): accessing precno=%u >= %u\n",
-                           precno, res->pw * res->ph);
-+            opj_bio_destroy(bio);
-             return OPJ_FALSE;
-         }
- 
--- a/SOURCES/openjpeg2_opj2.patch
+++ b/SOURCES/openjpeg2_opj2.patch
@ -1,7 +1,6 @@
-diff --git a/src/bin/jp2/CMakeLists.txt b/src/bin/jp2/CMakeLists.txt
-index 4d4bd95..619ea51 100644
--- a/src/bin/jp2/CMakeLists.txt
-+++ b/src/bin/jp2/CMakeLists.txt
+diff -rupN --no-dereference openjpeg-2.4.0/src/bin/jp2/CMakeLists.txt openjpeg-2.4.0-new/src/bin/jp2/CMakeLists.txt
+--- openjpeg-2.4.0/src/bin/jp2/CMakeLists.txt	2020-12-28 21:59:39.000000000 +0100
+++ openjpeg-2.4.0-new/src/bin/jp2/CMakeLists.txt	2020-12-29 15:45:09.466819414 +0100
@@ -44,6 +44,8 @@ endif()
 # Loop over all executables:
 foreach(exe opj_decompress opj_compress opj_dump)
--- a/SPECS/openjpeg2.spec
+++ b/SPECS/openjpeg2.spec
@ -3,9 +3,12 @@

 #global optional_components 1

+# https://bugzilla.redhat.com/show_bug.cgi?id=1751749
+%global _target_platform %{_vendor}-%{_target_os}
+
 Name:           openjpeg2
 Version:        2.4.0
-Release:        5%{?dist}
+Release:        7%{?dist}
 Summary:        C-Library for JPEG 2000

 # windirent.h is MIT, the rest is BSD
@ -19,18 +22,15 @@ Source1:        data.tar.xz

 # Rename tool names to avoid conflicts with openjpeg-1.x
 Patch0:         openjpeg2_opj2.patch
-
-# Fix Coverity issues
-Patch1:         openjpeg2_coverity.patch
-
 # Fix CVE-2021-29338
-Patch2:         openjpeg2-CVE-2021-29338.patch
+Patch1:         openjpeg2-CVE-2021-29338.patch
 # Fix CVE-2021-3575
-Patch3:         openjpeg2-CVE-2021-3575.patch
-Patch4:         openjpeg2-CVE-2022-1122.patch
+Patch2:         openjpeg2-CVE-2021-3575.patch
+Patch3:         openjpeg2-CVE-2022-1122.patch

 BuildRequires:  cmake
-BuildRequires:  gcc
+# The library itself is C only, but there is some optional C++ stuff, hence the project is not marked as C-only in cmake and hence cmake looks for a c++ compiler
+BuildRequires:  gcc-c++
 BuildRequires:  make
 BuildRequires:  zlib-devel
 BuildRequires:  libpng-devel
@ -213,8 +213,6 @@ find thirdparty/ -mindepth 1 -maxdepth 1 -type d -exec rm -rf {} \;


 %build
-mkdir %{_target_platform}
-pushd %{_target_platform}
 # TODO: Consider
 # -DBUILD_JPIP_SERVER=ON -DBUILD_JAVA=ON
 %cmake -DCMAKE_BUILD_TYPE=RelWithDebInfo -DOPENJPEG_INSTALL_LIB_DIR=%{_lib} \
@ -222,15 +220,13 @@ pushd %{_target_platform}
    -DBUILD_DOC=ON \
    -DBUILD_STATIC_LIBS=OFF \
    -DBUILD_SHARED_LIBS=ON \
-    %{?runcheck:-DBUILD_TESTING:BOOL=ON -DOPJ_DATA_ROOT=$PWD/../data} \
-    ..
-popd
+    %{?runcheck:-DBUILD_TESTING:BOOL=ON -DOPJ_DATA_ROOT=$PWD/../data}

-%make_build VERBOSE=1 -C %{_target_platform}
+%cmake_build


 %install
-%make_install -C %{_target_platform}
+%cmake_install

 mv %{buildroot}%{_mandir}/man1/opj_compress.1 %{buildroot}%{_mandir}/man1/opj2_compress.1
 mv %{buildroot}%{_mandir}/man1/opj_decompress.1 %{buildroot}%{_mandir}/man1/opj2_decompress.1
@ -255,7 +251,7 @@ chmod +x %{buildroot}%{_bindir}/opj2_jpip_viewer

 %check
 %if 0%{?runcheck}
-make test -C %{_target_platform}
+%ctest
 %endif


@ -276,7 +272,7 @@ make test -C %{_target_platform}
 %{_libdir}/pkgconfig/libopenjp2.pc

 %files devel-docs
-%doc %{_target_platform}/doc/html
+%doc %{__cmake_builddir}/doc/html

 %files tools
 %{_bindir}/opj2_compress
@ -332,57 +328,72 @@ make test -C %{_target_platform}


 %changelog
-* Wed Jun 15 2022 Matej Mužila <mmuzila@redhat.com> - 2.4.0-5
+* Wed Jun 15 2022 Matej Mužila <mmuzila@redhat.com> - 2.4.0-7
 - Fix CVE-2022-1122

-* Fri Jul 02 2021 Nikola Forró <nforro@redhat.com> - 2.4.0-4
- Fix Covscan defect
+* Mon Aug 09 2021 Mohan Boddu <mboddu@redhat.com> - 2.4.0-6
+- Rebuilt for IMA sigs, glibc 2.34, aarch64 flags
+  Related: rhbz#1991688

-* Wed Jun 09 2021 Nikola Forró <nforro@redhat.com> - 2.4.0-3
- Fix CVE-2021-3575 (#1969279)
- Fix resource leak identified by Covscan
+* Fri Jun 25 2021 Nikola Forró <nforro@redhat.com> - 2.4.0-5
+- Fix CVE-2021-3575 (#1969280)

-* Wed Jun 02 2021 Nikola Forró <nforro@redhat.com> - 2.4.0-2
- Fix CVE-2021-29338 (#1951332)
+* Fri Jun 25 2021 Nikola Forró <nforro@redhat.com> - 2.4.0-4
+- Fix CVE-2021-29338 (#1951333)

-* Mon Mar 01 2021 Nikola Forró <nforro@redhat.com> - 2.4.0-1
- Rebase to 2.4.0
- Resolves: CVE-2018-5727 (#1538467)
- Resolves: CVE-2018-5785 (#1538556)
- Resolves: CVE-2018-20845 (#1730679)
- Resolves: CVE-2018-20847 (#1734337)
- Resolves: CVE-2019-12973 (#1739076)
- Resolves: CVE-2020-15389 (#1855115)
- Resolves: CVE-2020-27814 (#1908965)
- Resolves: CVE-2020-27823 (#1906222)
- Resolves: CVE-2020-27824 (#1906216)
- Resolves: CVE-2020-27842 (#1908165)
- Resolves: CVE-2020-27843 (#1908164)
- Resolves: CVE-2020-27845 (#1908168)
+* Fri Apr 16 2021 Mohan Boddu <mboddu@redhat.com> - 2.4.0-3
+- Rebuilt for RHEL 9 BETA on Apr 15th 2021. Related: rhbz#1947937

-* Mon Feb 10 2020 Nikola Forró <nforro@redhat.com> - 2.3.1-6
- Fix CVE-2020-8112 (#1801034)
+* Tue Jan 26 2021 Fedora Release Engineering <releng@fedoraproject.org> - 2.4.0-2
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_34_Mass_Rebuild

-* Tue Jan 14 2020 Nikola Forró <nforro@redhat.com> - 2.3.1-5
- Fix CVE-2020-6851 (#1790590)
+* Tue Dec 29 2020 Sandro Mani <manisandro@gmail.com> - 2.4.0-1
+- Update to 2.4.0

-* Wed Dec 04 2019 Nikola Forró <nforro@redhat.com> - 2.3.1-4
- Add upstream test suite and enable it in gating
+* Thu Dec 17 2020 Sandro Mani <manisandro@gmail.com> - 2.3.1-10
+* Backport patches for CVE-2020-27841, CVE-2020-27842, CVE-2020-27843, CVE-2020-27845

-* Fri Nov 29 2019 Nikola Forró <nforro@redhat.com> - 2.3.1-3
- Fix Coverity issues
+* Thu Dec 10 2020 Sandro Mani <manisandro@gmail.com> - 2.3.1-9
+* Backport patches for CVE-2020-27824 and CVE-2020-27823

-* Wed Nov 20 2019 Nikola Forró <nforro@redhat.com> - 2.3.1-2
- Fix unbundling third party libraries (#1757823)
+* Sat Nov 28 2020 Sandro Mani <manisandro@gmail.com> - 2.3.1-8
+- Backport patch for CVE-2020-27814

-* Fri May 31 2019 Nikola Forró <nforro@redhat.com> - 2.3.1-1
- Rebase to 2.3.1 (#1704255)
+* Tue Jul 28 2020 Fedora Release Engineering <releng@fedoraproject.org> - 2.3.1-7
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_33_Mass_Rebuild

-* Tue Oct 16 2018 Nikola Forró <nforro@redhat.com> - 2.3.0-8
- Fix important Covscan defects (#1602643)
+* Thu Feb 13 2020 Sandro Mani <manisandro@gmail.com> - 2.3.1-6
+- Backport patch for CVE 2020-8112

-* Mon Oct 15 2018 Nikola Forró <nforro@redhat.com> - 2.3.0-7
- Fix CVE-2018-18088 (#1638562)
+* Wed Jan 29 2020 Fedora Release Engineering <releng@fedoraproject.org> - 2.3.1-5
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_32_Mass_Rebuild
+
+* Fri Jan 17 2020 Sandro Mani <manisandro@gmail.com> - 2.3.1-4
+- Backport patch for CVE 2020-6851
+
+* Wed Oct 02 2019 Sandro Mani <manisandro@gmail.com> - 2.3.1-3
+- Fix unbundling 3rd party libraries (#1757822)
+
+* Thu Jul 25 2019 Fedora Release Engineering <releng@fedoraproject.org> - 2.3.1-2
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_31_Mass_Rebuild
+
+* Tue Apr 02 2019 Sandro Mani <manisandro@gmail.com> - 2.3.1-1
+- Update to 2.3.1
+
+* Fri Feb 01 2019 Fedora Release Engineering <releng@fedoraproject.org> - 2.3.0-11
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_30_Mass_Rebuild
+
+* Thu Dec 20 2018 Sandro Mani <manisandro@gmail.com> - 2.3.0-10
+- Backport patches for CVE-2018-18088, CVE-2018-6616
+
+* Thu Oct 04 2018 Sandro Mani <manisandro@gmail.com> - 2.3.0-9
+- Backport patch for CVE-2018-5785 (#1537758)
+
+* Fri Jul 13 2018 Fedora Release Engineering <releng@fedoraproject.org> - 2.3.0-8
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_29_Mass_Rebuild
+
+* Wed Mar 07 2018 Sandro Mani <manisandro@gmail.com> - 2.3.0-7
+- BR: gcc-c++

 * Mon Feb 19 2018 Sandro Mani <manisandro@gmail.com> - 2.3.0-6
 - Add missing BR: gcc, make