Compare commits
No commits in common. "c9" and "c8" have entirely different histories.
74
SOURCES/openjpeg2_coverity.patch
Normal file
74
SOURCES/openjpeg2_coverity.patch
Normal file
@ -0,0 +1,74 @@
|
||||
diff --git a/src/bin/jp2/convertpng.c b/src/bin/jp2/convertpng.c
|
||||
index 00f596e..af3f91e 100644
|
||||
--- a/src/bin/jp2/convertpng.c
|
||||
+++ b/src/bin/jp2/convertpng.c
|
||||
@@ -75,10 +75,10 @@ opj_image_t *pngtoimage(const char *read_idf, opj_cparameters_t * params)
|
||||
png_uint_32 width, height = 0U;
|
||||
int color_type;
|
||||
FILE *reader = NULL;
|
||||
- OPJ_BYTE** rows = NULL;
|
||||
- OPJ_INT32* row32s = NULL;
|
||||
+ OPJ_BYTE** volatile rows = NULL;
|
||||
+ OPJ_INT32* volatile row32s = NULL;
|
||||
/* j2k: */
|
||||
- opj_image_t *image = NULL;
|
||||
+ opj_image_t* volatile image = NULL;
|
||||
opj_image_cmptparm_t cmptparm[4];
|
||||
OPJ_UINT32 nr_comp;
|
||||
OPJ_BYTE sigbuf[8];
|
||||
diff --git a/src/bin/jp2/converttif.c b/src/bin/jp2/converttif.c
|
||||
index 9d1037a..8d5002a 100644
|
||||
--- a/src/bin/jp2/converttif.c
|
||||
+++ b/src/bin/jp2/converttif.c
|
||||
@@ -720,7 +720,7 @@ int imagetotif(opj_image_t * image, const char *outfile)
|
||||
TIFFClose(tif);
|
||||
return 1;
|
||||
}
|
||||
- rowStride = (int64_t)((width * numcomps * bps + 7U) / 8U);
|
||||
+ rowStride = ((int64_t)width * numcomps * bps + 7U) / 8U;
|
||||
if (rowStride != strip_size) {
|
||||
fprintf(stderr, "Invalid TIFF strip size\n");
|
||||
TIFFClose(tif);
|
||||
@@ -1283,8 +1283,6 @@ opj_image_t* tiftoimage(const char *filename, opj_cparameters_t *parameters)
|
||||
TIFFGetField(tif, TIFFTAG_SAMPLESPERPIXEL, &tiSpp);
|
||||
TIFFGetField(tif, TIFFTAG_PHOTOMETRIC, &tiPhoto);
|
||||
TIFFGetField(tif, TIFFTAG_PLANARCONFIG, &tiPC);
|
||||
- w = (int)tiWidth;
|
||||
- h = (int)tiHeight;
|
||||
|
||||
if (tiSpp == 0 || tiSpp > 4) { /* should be 1 ... 4 */
|
||||
fprintf(stderr, "tiftoimage: Bad value for samples per pixel == %d.\n"
|
||||
@@ -1451,7 +1449,7 @@ opj_image_t* tiftoimage(const char *filename, opj_cparameters_t *parameters)
|
||||
return NULL;
|
||||
}
|
||||
|
||||
- rowStride = (int64_t)((tiWidth * tiSpp * tiBps + 7U) / 8U);
|
||||
+ rowStride = ((int64_t)tiWidth * tiSpp * tiBps + 7U) / 8U;
|
||||
buffer32s = (OPJ_INT32 *)malloc(sizeof(OPJ_INT32) * tiWidth * tiSpp);
|
||||
if (buffer32s == NULL) {
|
||||
_TIFFfree(buf);
|
||||
diff --git a/src/lib/openjp2/j2k.c b/src/lib/openjp2/j2k.c
|
||||
index 8e343ab..c13d229 100644
|
||||
--- a/src/lib/openjp2/j2k.c
|
||||
+++ b/src/lib/openjp2/j2k.c
|
||||
@@ -7075,7 +7075,7 @@ static OPJ_BOOL opj_j2k_is_imf_compliant(opj_cparameters_t *parameters,
|
||||
/* Validate sublevel */
|
||||
assert(sizeof(tabMaxSubLevelFromMainLevel) ==
|
||||
(OPJ_IMF_MAINLEVEL_MAX + 1) * sizeof(tabMaxSubLevelFromMainLevel[0]));
|
||||
- if (sublevel > tabMaxSubLevelFromMainLevel[mainlevel]) {
|
||||
+ if (mainlevel <= OPJ_IMF_MAINLEVEL_MAX && sublevel > tabMaxSubLevelFromMainLevel[mainlevel]) {
|
||||
opj_event_msg(p_manager, EVT_WARNING,
|
||||
"IMF profile require sublevel <= %d for mainlevel = %d.\n"
|
||||
"-> %d is thus not compliant\n"
|
||||
diff --git a/src/lib/openjp2/t2.c b/src/lib/openjp2/t2.c
|
||||
index 1481e16..d46bfb4 100644
|
||||
--- a/src/lib/openjp2/t2.c
|
||||
+++ b/src/lib/openjp2/t2.c
|
||||
@@ -821,6 +821,7 @@ static OPJ_BOOL opj_t2_encode_packet(OPJ_UINT32 tileno,
|
||||
opj_event_msg(p_manager, EVT_ERROR,
|
||||
"opj_t2_encode_packet(): accessing precno=%u >= %u\n",
|
||||
precno, res->pw * res->ph);
|
||||
+ opj_bio_destroy(bio);
|
||||
return OPJ_FALSE;
|
||||
}
|
||||
|
@ -1,6 +1,7 @@
|
||||
diff -rupN --no-dereference openjpeg-2.4.0/src/bin/jp2/CMakeLists.txt openjpeg-2.4.0-new/src/bin/jp2/CMakeLists.txt
|
||||
--- openjpeg-2.4.0/src/bin/jp2/CMakeLists.txt 2020-12-28 21:59:39.000000000 +0100
|
||||
+++ openjpeg-2.4.0-new/src/bin/jp2/CMakeLists.txt 2020-12-29 15:45:09.466819414 +0100
|
||||
diff --git a/src/bin/jp2/CMakeLists.txt b/src/bin/jp2/CMakeLists.txt
|
||||
index 4d4bd95..619ea51 100644
|
||||
--- a/src/bin/jp2/CMakeLists.txt
|
||||
+++ b/src/bin/jp2/CMakeLists.txt
|
||||
@@ -44,6 +44,8 @@ endif()
|
||||
# Loop over all executables:
|
||||
foreach(exe opj_decompress opj_compress opj_dump)
|
||||
|
@ -3,12 +3,9 @@
|
||||
|
||||
#global optional_components 1
|
||||
|
||||
# https://bugzilla.redhat.com/show_bug.cgi?id=1751749
|
||||
%global _target_platform %{_vendor}-%{_target_os}
|
||||
|
||||
Name: openjpeg2
|
||||
Version: 2.4.0
|
||||
Release: 7%{?dist}
|
||||
Release: 5%{?dist}
|
||||
Summary: C-Library for JPEG 2000
|
||||
|
||||
# windirent.h is MIT, the rest is BSD
|
||||
@ -22,15 +19,18 @@ Source1: data.tar.xz
|
||||
|
||||
# Rename tool names to avoid conflicts with openjpeg-1.x
|
||||
Patch0: openjpeg2_opj2.patch
|
||||
|
||||
# Fix Coverity issues
|
||||
Patch1: openjpeg2_coverity.patch
|
||||
|
||||
# Fix CVE-2021-29338
|
||||
Patch1: openjpeg2-CVE-2021-29338.patch
|
||||
Patch2: openjpeg2-CVE-2021-29338.patch
|
||||
# Fix CVE-2021-3575
|
||||
Patch2: openjpeg2-CVE-2021-3575.patch
|
||||
Patch3: openjpeg2-CVE-2022-1122.patch
|
||||
Patch3: openjpeg2-CVE-2021-3575.patch
|
||||
Patch4: openjpeg2-CVE-2022-1122.patch
|
||||
|
||||
BuildRequires: cmake
|
||||
# The library itself is C only, but there is some optional C++ stuff, hence the project is not marked as C-only in cmake and hence cmake looks for a c++ compiler
|
||||
BuildRequires: gcc-c++
|
||||
BuildRequires: gcc
|
||||
BuildRequires: make
|
||||
BuildRequires: zlib-devel
|
||||
BuildRequires: libpng-devel
|
||||
@ -213,6 +213,8 @@ find thirdparty/ -mindepth 1 -maxdepth 1 -type d -exec rm -rf {} \;
|
||||
|
||||
|
||||
%build
|
||||
mkdir %{_target_platform}
|
||||
pushd %{_target_platform}
|
||||
# TODO: Consider
|
||||
# -DBUILD_JPIP_SERVER=ON -DBUILD_JAVA=ON
|
||||
%cmake -DCMAKE_BUILD_TYPE=RelWithDebInfo -DOPENJPEG_INSTALL_LIB_DIR=%{_lib} \
|
||||
@ -220,13 +222,15 @@ find thirdparty/ -mindepth 1 -maxdepth 1 -type d -exec rm -rf {} \;
|
||||
-DBUILD_DOC=ON \
|
||||
-DBUILD_STATIC_LIBS=OFF \
|
||||
-DBUILD_SHARED_LIBS=ON \
|
||||
%{?runcheck:-DBUILD_TESTING:BOOL=ON -DOPJ_DATA_ROOT=$PWD/../data}
|
||||
%{?runcheck:-DBUILD_TESTING:BOOL=ON -DOPJ_DATA_ROOT=$PWD/../data} \
|
||||
..
|
||||
popd
|
||||
|
||||
%cmake_build
|
||||
%make_build VERBOSE=1 -C %{_target_platform}
|
||||
|
||||
|
||||
%install
|
||||
%cmake_install
|
||||
%make_install -C %{_target_platform}
|
||||
|
||||
mv %{buildroot}%{_mandir}/man1/opj_compress.1 %{buildroot}%{_mandir}/man1/opj2_compress.1
|
||||
mv %{buildroot}%{_mandir}/man1/opj_decompress.1 %{buildroot}%{_mandir}/man1/opj2_decompress.1
|
||||
@ -251,7 +255,7 @@ chmod +x %{buildroot}%{_bindir}/opj2_jpip_viewer
|
||||
|
||||
%check
|
||||
%if 0%{?runcheck}
|
||||
%ctest
|
||||
make test -C %{_target_platform}
|
||||
%endif
|
||||
|
||||
|
||||
@ -272,7 +276,7 @@ chmod +x %{buildroot}%{_bindir}/opj2_jpip_viewer
|
||||
%{_libdir}/pkgconfig/libopenjp2.pc
|
||||
|
||||
%files devel-docs
|
||||
%doc %{__cmake_builddir}/doc/html
|
||||
%doc %{_target_platform}/doc/html
|
||||
|
||||
%files tools
|
||||
%{_bindir}/opj2_compress
|
||||
@ -328,72 +332,57 @@ chmod +x %{buildroot}%{_bindir}/opj2_jpip_viewer
|
||||
|
||||
|
||||
%changelog
|
||||
* Wed Jun 15 2022 Matej Mužila <mmuzila@redhat.com> - 2.4.0-7
|
||||
* Wed Jun 15 2022 Matej Mužila <mmuzila@redhat.com> - 2.4.0-5
|
||||
- Fix CVE-2022-1122
|
||||
|
||||
* Mon Aug 09 2021 Mohan Boddu <mboddu@redhat.com> - 2.4.0-6
|
||||
- Rebuilt for IMA sigs, glibc 2.34, aarch64 flags
|
||||
Related: rhbz#1991688
|
||||
* Fri Jul 02 2021 Nikola Forró <nforro@redhat.com> - 2.4.0-4
|
||||
- Fix Covscan defect
|
||||
|
||||
* Fri Jun 25 2021 Nikola Forró <nforro@redhat.com> - 2.4.0-5
|
||||
- Fix CVE-2021-3575 (#1969280)
|
||||
* Wed Jun 09 2021 Nikola Forró <nforro@redhat.com> - 2.4.0-3
|
||||
- Fix CVE-2021-3575 (#1969279)
|
||||
- Fix resource leak identified by Covscan
|
||||
|
||||
* Fri Jun 25 2021 Nikola Forró <nforro@redhat.com> - 2.4.0-4
|
||||
- Fix CVE-2021-29338 (#1951333)
|
||||
* Wed Jun 02 2021 Nikola Forró <nforro@redhat.com> - 2.4.0-2
|
||||
- Fix CVE-2021-29338 (#1951332)
|
||||
|
||||
* Fri Apr 16 2021 Mohan Boddu <mboddu@redhat.com> - 2.4.0-3
|
||||
- Rebuilt for RHEL 9 BETA on Apr 15th 2021. Related: rhbz#1947937
|
||||
* Mon Mar 01 2021 Nikola Forró <nforro@redhat.com> - 2.4.0-1
|
||||
- Rebase to 2.4.0
|
||||
- Resolves: CVE-2018-5727 (#1538467)
|
||||
- Resolves: CVE-2018-5785 (#1538556)
|
||||
- Resolves: CVE-2018-20845 (#1730679)
|
||||
- Resolves: CVE-2018-20847 (#1734337)
|
||||
- Resolves: CVE-2019-12973 (#1739076)
|
||||
- Resolves: CVE-2020-15389 (#1855115)
|
||||
- Resolves: CVE-2020-27814 (#1908965)
|
||||
- Resolves: CVE-2020-27823 (#1906222)
|
||||
- Resolves: CVE-2020-27824 (#1906216)
|
||||
- Resolves: CVE-2020-27842 (#1908165)
|
||||
- Resolves: CVE-2020-27843 (#1908164)
|
||||
- Resolves: CVE-2020-27845 (#1908168)
|
||||
|
||||
* Tue Jan 26 2021 Fedora Release Engineering <releng@fedoraproject.org> - 2.4.0-2
|
||||
- Rebuilt for https://fedoraproject.org/wiki/Fedora_34_Mass_Rebuild
|
||||
* Mon Feb 10 2020 Nikola Forró <nforro@redhat.com> - 2.3.1-6
|
||||
- Fix CVE-2020-8112 (#1801034)
|
||||
|
||||
* Tue Dec 29 2020 Sandro Mani <manisandro@gmail.com> - 2.4.0-1
|
||||
- Update to 2.4.0
|
||||
* Tue Jan 14 2020 Nikola Forró <nforro@redhat.com> - 2.3.1-5
|
||||
- Fix CVE-2020-6851 (#1790590)
|
||||
|
||||
* Thu Dec 17 2020 Sandro Mani <manisandro@gmail.com> - 2.3.1-10
|
||||
* Backport patches for CVE-2020-27841, CVE-2020-27842, CVE-2020-27843, CVE-2020-27845
|
||||
* Wed Dec 04 2019 Nikola Forró <nforro@redhat.com> - 2.3.1-4
|
||||
- Add upstream test suite and enable it in gating
|
||||
|
||||
* Thu Dec 10 2020 Sandro Mani <manisandro@gmail.com> - 2.3.1-9
|
||||
* Backport patches for CVE-2020-27824 and CVE-2020-27823
|
||||
* Fri Nov 29 2019 Nikola Forró <nforro@redhat.com> - 2.3.1-3
|
||||
- Fix Coverity issues
|
||||
|
||||
* Sat Nov 28 2020 Sandro Mani <manisandro@gmail.com> - 2.3.1-8
|
||||
- Backport patch for CVE-2020-27814
|
||||
* Wed Nov 20 2019 Nikola Forró <nforro@redhat.com> - 2.3.1-2
|
||||
- Fix unbundling third party libraries (#1757823)
|
||||
|
||||
* Tue Jul 28 2020 Fedora Release Engineering <releng@fedoraproject.org> - 2.3.1-7
|
||||
- Rebuilt for https://fedoraproject.org/wiki/Fedora_33_Mass_Rebuild
|
||||
* Fri May 31 2019 Nikola Forró <nforro@redhat.com> - 2.3.1-1
|
||||
- Rebase to 2.3.1 (#1704255)
|
||||
|
||||
* Thu Feb 13 2020 Sandro Mani <manisandro@gmail.com> - 2.3.1-6
|
||||
- Backport patch for CVE 2020-8112
|
||||
* Tue Oct 16 2018 Nikola Forró <nforro@redhat.com> - 2.3.0-8
|
||||
- Fix important Covscan defects (#1602643)
|
||||
|
||||
* Wed Jan 29 2020 Fedora Release Engineering <releng@fedoraproject.org> - 2.3.1-5
|
||||
- Rebuilt for https://fedoraproject.org/wiki/Fedora_32_Mass_Rebuild
|
||||
|
||||
* Fri Jan 17 2020 Sandro Mani <manisandro@gmail.com> - 2.3.1-4
|
||||
- Backport patch for CVE 2020-6851
|
||||
|
||||
* Wed Oct 02 2019 Sandro Mani <manisandro@gmail.com> - 2.3.1-3
|
||||
- Fix unbundling 3rd party libraries (#1757822)
|
||||
|
||||
* Thu Jul 25 2019 Fedora Release Engineering <releng@fedoraproject.org> - 2.3.1-2
|
||||
- Rebuilt for https://fedoraproject.org/wiki/Fedora_31_Mass_Rebuild
|
||||
|
||||
* Tue Apr 02 2019 Sandro Mani <manisandro@gmail.com> - 2.3.1-1
|
||||
- Update to 2.3.1
|
||||
|
||||
* Fri Feb 01 2019 Fedora Release Engineering <releng@fedoraproject.org> - 2.3.0-11
|
||||
- Rebuilt for https://fedoraproject.org/wiki/Fedora_30_Mass_Rebuild
|
||||
|
||||
* Thu Dec 20 2018 Sandro Mani <manisandro@gmail.com> - 2.3.0-10
|
||||
- Backport patches for CVE-2018-18088, CVE-2018-6616
|
||||
|
||||
* Thu Oct 04 2018 Sandro Mani <manisandro@gmail.com> - 2.3.0-9
|
||||
- Backport patch for CVE-2018-5785 (#1537758)
|
||||
|
||||
* Fri Jul 13 2018 Fedora Release Engineering <releng@fedoraproject.org> - 2.3.0-8
|
||||
- Rebuilt for https://fedoraproject.org/wiki/Fedora_29_Mass_Rebuild
|
||||
|
||||
* Wed Mar 07 2018 Sandro Mani <manisandro@gmail.com> - 2.3.0-7
|
||||
- BR: gcc-c++
|
||||
* Mon Oct 15 2018 Nikola Forró <nforro@redhat.com> - 2.3.0-7
|
||||
- Fix CVE-2018-18088 (#1638562)
|
||||
|
||||
* Mon Feb 19 2018 Sandro Mani <manisandro@gmail.com> - 2.3.0-6
|
||||
- Add missing BR: gcc, make
|
||||
|
Loading…
Reference in New Issue
Block a user