.gitignore

@@ -1,10 +1 @@
-/openjpeg-2.0.0-svn20140403.tar.gz
+SOURCES/openjpeg-2.4.0.tar.gz
-/openjpeg-2.0.0.tar.gz
-/openjpeg-2.1.0.tar.gz
-/version.2.1.tar.gz
-/openjpeg-2.1.1.tar.gz
-/openjpeg-2.1.2.tar.gz
-/openjpeg-2.2.0.tar.gz
-/openjpeg-2.3.0.tar.gz
-/openjpeg-2.3.1.tar.gz
-/openjpeg-2.4.0.tar.gz

.openjpeg2.metadata

@@ -0,0 +1 @@
+bbbf4dc4d9ce95286843cd39ac2febd3fd516c9d SOURCES/openjpeg-2.4.0.tar.gz

SOURCES/openjpeg2-CVE-2021-3575.patch

@@ -0,0 +1,35 @@
+From 409907d89878222cf9dea80f0add8f73e9383834 Mon Sep 17 00:00:00 2001
+From: Mehdi Sabwat <mehdisabwat@gmail.com>
+Date: Fri, 7 May 2021 01:50:37 +0200
+Subject: [PATCH] fix heap buffer overflow #1347
+
+---
+ src/bin/common/color.c | 9 ++++++---
+ 1 file changed, 6 insertions(+), 3 deletions(-)
+
+diff --git a/src/bin/common/color.c b/src/bin/common/color.c
+index 27f15f1..935fa44 100644
+--- a/src/bin/common/color.c
++++ b/src/bin/common/color.c
+@@ -368,12 +368,15 @@ static void sycc420_to_rgb(opj_image_t *img)
+ 
+             sycc_to_rgb(offset, upb, *y, *cb, *cr, r, g, b);
+ 
+-            ++y;
++            if (*y != img->comps[0].data[loopmaxh])
++                ++y;
+             ++r;
+             ++g;
+             ++b;
+-            ++cb;
+-            ++cr;
++            if (*cb != img->comps[1].data[loopmaxh])
++                ++cb;
++            if (*cr != img->comps[2].data[loopmaxh])
++                ++cr;
+         }
+         if (j < maxw) {
+             sycc_to_rgb(offset, upb, *y, *cb, *cr, r, g, b);
+-- 
+2.31.1
+

SOURCES/openjpeg2_coverity.patch

@@ -0,0 +1,74 @@
+diff --git a/src/bin/jp2/convertpng.c b/src/bin/jp2/convertpng.c
+index 00f596e..af3f91e 100644
+--- a/src/bin/jp2/convertpng.c
++++ b/src/bin/jp2/convertpng.c
+@@ -75,10 +75,10 @@ opj_image_t *pngtoimage(const char *read_idf, opj_cparameters_t * params)
+     png_uint_32  width, height = 0U;
+     int color_type;
+     FILE *reader = NULL;
+-    OPJ_BYTE** rows = NULL;
+-    OPJ_INT32* row32s = NULL;
++    OPJ_BYTE** volatile rows = NULL;
++    OPJ_INT32* volatile row32s = NULL;
+     /* j2k: */
+-    opj_image_t *image = NULL;
++    opj_image_t* volatile image = NULL;
+     opj_image_cmptparm_t cmptparm[4];
+     OPJ_UINT32 nr_comp;
+     OPJ_BYTE sigbuf[8];
+diff --git a/src/bin/jp2/converttif.c b/src/bin/jp2/converttif.c
+index 9d1037a..8d5002a 100644
+--- a/src/bin/jp2/converttif.c
++++ b/src/bin/jp2/converttif.c
+@@ -720,7 +720,7 @@ int imagetotif(opj_image_t * image, const char *outfile)
+         TIFFClose(tif);
+         return 1;
+     }
+-    rowStride = (int64_t)((width * numcomps * bps + 7U) / 8U);
++    rowStride = ((int64_t)width * numcomps * bps + 7U) / 8U;
+     if (rowStride != strip_size) {
+         fprintf(stderr, "Invalid TIFF strip size\n");
+         TIFFClose(tif);
+@@ -1283,8 +1283,6 @@ opj_image_t* tiftoimage(const char *filename, opj_cparameters_t *parameters)
+     TIFFGetField(tif, TIFFTAG_SAMPLESPERPIXEL, &tiSpp);
+     TIFFGetField(tif, TIFFTAG_PHOTOMETRIC, &tiPhoto);
+     TIFFGetField(tif, TIFFTAG_PLANARCONFIG, &tiPC);
+-    w = (int)tiWidth;
+-    h = (int)tiHeight;
+ 
+     if (tiSpp == 0 || tiSpp > 4) { /* should be 1 ... 4 */
+         fprintf(stderr, "tiftoimage: Bad value for samples per pixel == %d.\n"
+@@ -1451,7 +1449,7 @@ opj_image_t* tiftoimage(const char *filename, opj_cparameters_t *parameters)
+         return NULL;
+     }
+ 
+-    rowStride = (int64_t)((tiWidth * tiSpp * tiBps + 7U) / 8U);
++    rowStride = ((int64_t)tiWidth * tiSpp * tiBps + 7U) / 8U;
+     buffer32s = (OPJ_INT32 *)malloc(sizeof(OPJ_INT32) * tiWidth * tiSpp);
+     if (buffer32s == NULL) {
+         _TIFFfree(buf);
+diff --git a/src/lib/openjp2/j2k.c b/src/lib/openjp2/j2k.c
+index 8e343ab..c13d229 100644
+--- a/src/lib/openjp2/j2k.c
++++ b/src/lib/openjp2/j2k.c
+@@ -7075,7 +7075,7 @@ static OPJ_BOOL opj_j2k_is_imf_compliant(opj_cparameters_t *parameters,
+     /* Validate sublevel */
+     assert(sizeof(tabMaxSubLevelFromMainLevel) ==
+            (OPJ_IMF_MAINLEVEL_MAX + 1) * sizeof(tabMaxSubLevelFromMainLevel[0]));
+-    if (sublevel > tabMaxSubLevelFromMainLevel[mainlevel]) {
++    if (mainlevel <= OPJ_IMF_MAINLEVEL_MAX && sublevel > tabMaxSubLevelFromMainLevel[mainlevel]) {
+         opj_event_msg(p_manager, EVT_WARNING,
+                       "IMF profile require sublevel <= %d for mainlevel = %d.\n"
+                       "-> %d is thus not compliant\n"
+diff --git a/src/lib/openjp2/t2.c b/src/lib/openjp2/t2.c
+index 1481e16..d46bfb4 100644
+--- a/src/lib/openjp2/t2.c
++++ b/src/lib/openjp2/t2.c
+@@ -821,6 +821,7 @@ static OPJ_BOOL opj_t2_encode_packet(OPJ_UINT32 tileno,
+             opj_event_msg(p_manager, EVT_ERROR,
+                           "opj_t2_encode_packet(): accessing precno=%u >= %u\n",
+                           precno, res->pw * res->ph);
++            opj_bio_destroy(bio);
+             return OPJ_FALSE;
+         }
+ 

SOURCES/openjpeg2_opj2.patch

@@ -1,6 +1,7 @@
-diff -rupN --no-dereference openjpeg-2.4.0/src/bin/jp2/CMakeLists.txt openjpeg-2.4.0-new/src/bin/jp2/CMakeLists.txt
+diff --git a/src/bin/jp2/CMakeLists.txt b/src/bin/jp2/CMakeLists.txt
---- openjpeg-2.4.0/src/bin/jp2/CMakeLists.txt	2020-12-28 21:59:39.000000000 +0100
+index 4d4bd95..619ea51 100644
-+++ openjpeg-2.4.0-new/src/bin/jp2/CMakeLists.txt	2020-12-29 15:45:09.466819414 +0100
+--- a/src/bin/jp2/CMakeLists.txt
++++ b/src/bin/jp2/CMakeLists.txt
 @@ -44,6 +44,8 @@ endif()
  # Loop over all executables:
  foreach(exe opj_decompress opj_compress opj_dump)

SPECS/openjpeg2.spec

@@ -3,12 +3,9 @@
 
 #global optional_components 1
 
-# https://bugzilla.redhat.com/show_bug.cgi?id=1751749
-%global _target_platform %{_vendor}-%{_target_os}
-
 Name:           openjpeg2
 Version:        2.4.0
-Release:        8%{?dist}
+Release:        5%{?dist}
 Summary:        C-Library for JPEG 2000
 
 # windirent.h is MIT, the rest is BSD
@@ -22,19 +19,18 @@ Source1:        data.tar.xz
 
 # Rename tool names to avoid conflicts with openjpeg-1.x
 Patch0:         openjpeg2_opj2.patch
+
+# Fix Coverity issues
+Patch1:         openjpeg2_coverity.patch
+
 # Fix CVE-2021-29338
-Patch1:         openjpeg2-CVE-2021-29338.patch
+Patch2:         openjpeg2-CVE-2021-29338.patch
-# Fix CVE-2021-3575 https://github.com/uclouvain/openjpeg/commit/7bd884f8750892de4f50bf4642fcfbe7011c6bdf
+# Fix CVE-2021-3575
-Patch2:         openjpeg2-CVE-2021-3575.patch
+Patch3:         openjpeg2-CVE-2021-3575.patch
-Patch3:         openjpeg2-CVE-2022-1122.patch
+Patch4:         openjpeg2-CVE-2022-1122.patch
-# https://github.com/uclouvain/openjpeg/commit/98592ee6d6904f1b48e8207238779b89a63befa2 for < 2.5.3
-Patch4:         openjpeg2-2.5.2-cve-2024-56826.patch
-# https://github.com/uclouvain/openjpeg/commit/e492644fbded4c820ca55b5e50e598d346e850e8 for < 2.5.3
-Patch5:         openjpeg2-2.5.2-cve-2024-56827.patch
 
 BuildRequires:  cmake
-# The library itself is C only, but there is some optional C++ stuff, hence the project is not marked as C-only in cmake and hence cmake looks for a c++ compiler
+BuildRequires:  gcc
-BuildRequires:  gcc-c++
 BuildRequires:  make
 BuildRequires:  zlib-devel
 BuildRequires:  libpng-devel
@@ -217,6 +213,8 @@ find thirdparty/ -mindepth 1 -maxdepth 1 -type d -exec rm -rf {} \;
 
 
 %build
+mkdir %{_target_platform}
+pushd %{_target_platform}
 # TODO: Consider
 # -DBUILD_JPIP_SERVER=ON -DBUILD_JAVA=ON
 %cmake -DCMAKE_BUILD_TYPE=RelWithDebInfo -DOPENJPEG_INSTALL_LIB_DIR=%{_lib} \
@@ -224,13 +222,15 @@ find thirdparty/ -mindepth 1 -maxdepth 1 -type d -exec rm -rf {} \;
     -DBUILD_DOC=ON \
     -DBUILD_STATIC_LIBS=OFF \
     -DBUILD_SHARED_LIBS=ON \
-    %{?runcheck:-DBUILD_TESTING:BOOL=ON -DOPJ_DATA_ROOT=$PWD/../data}
+    %{?runcheck:-DBUILD_TESTING:BOOL=ON -DOPJ_DATA_ROOT=$PWD/../data} \
+    ..
+popd
 
-%cmake_build
+%make_build VERBOSE=1 -C %{_target_platform}
 
 
 %install
-%cmake_install
+%make_install -C %{_target_platform}
 
 mv %{buildroot}%{_mandir}/man1/opj_compress.1 %{buildroot}%{_mandir}/man1/opj2_compress.1
 mv %{buildroot}%{_mandir}/man1/opj_decompress.1 %{buildroot}%{_mandir}/man1/opj2_decompress.1
@@ -255,7 +255,7 @@ chmod +x %{buildroot}%{_bindir}/opj2_jpip_viewer
 
 %check
 %if 0%{?runcheck}
-%ctest
+make test -C %{_target_platform}
 %endif
 
 
@@ -276,7 +276,7 @@ chmod +x %{buildroot}%{_bindir}/opj2_jpip_viewer
 %{_libdir}/pkgconfig/libopenjp2.pc
 
 %files devel-docs
-%doc %{__cmake_builddir}/doc/html
+%doc %{_target_platform}/doc/html
 
 %files tools
 %{_bindir}/opj2_compress
@@ -332,75 +332,57 @@ chmod +x %{buildroot}%{_bindir}/opj2_jpip_viewer
 
 
 %changelog
-* Thu Jan 23 2025 Michal Hlavinka <mhlavink@redhat.com> - 2.4.0-8
+* Wed Jun 15 2022 Matej Mužila <mmuzila@redhat.com> - 2.4.0-5
-- fix two heap buffer overflows CVE-2024-56826 and CVE-2024-52827 (RHEL-72519,RHEL-72521)
-
-* Wed Jun 15 2022 Matej Mužila <mmuzila@redhat.com> - 2.4.0-7
 - Fix CVE-2022-1122
 
-* Mon Aug 09 2021 Mohan Boddu <mboddu@redhat.com> - 2.4.0-6
+* Fri Jul 02 2021 Nikola Forró <nforro@redhat.com> - 2.4.0-4
-- Rebuilt for IMA sigs, glibc 2.34, aarch64 flags
+- Fix Covscan defect
-  Related: rhbz#1991688
 
-* Fri Jun 25 2021 Nikola Forró <nforro@redhat.com> - 2.4.0-5
+* Wed Jun 09 2021 Nikola Forró <nforro@redhat.com> - 2.4.0-3
-- Fix CVE-2021-3575 (#1969280)
+- Fix CVE-2021-3575 (#1969279)
+- Fix resource leak identified by Covscan
 
-* Fri Jun 25 2021 Nikola Forró <nforro@redhat.com> - 2.4.0-4
+* Wed Jun 02 2021 Nikola Forró <nforro@redhat.com> - 2.4.0-2
-- Fix CVE-2021-29338 (#1951333)
+- Fix CVE-2021-29338 (#1951332)
 
-* Fri Apr 16 2021 Mohan Boddu <mboddu@redhat.com> - 2.4.0-3
+* Mon Mar 01 2021 Nikola Forró <nforro@redhat.com> - 2.4.0-1
-- Rebuilt for RHEL 9 BETA on Apr 15th 2021. Related: rhbz#1947937
+- Rebase to 2.4.0
+- Resolves: CVE-2018-5727 (#1538467)
+- Resolves: CVE-2018-5785 (#1538556)
+- Resolves: CVE-2018-20845 (#1730679)
+- Resolves: CVE-2018-20847 (#1734337)
+- Resolves: CVE-2019-12973 (#1739076)
+- Resolves: CVE-2020-15389 (#1855115)
+- Resolves: CVE-2020-27814 (#1908965)
+- Resolves: CVE-2020-27823 (#1906222)
+- Resolves: CVE-2020-27824 (#1906216)
+- Resolves: CVE-2020-27842 (#1908165)
+- Resolves: CVE-2020-27843 (#1908164)
+- Resolves: CVE-2020-27845 (#1908168)
 
-* Tue Jan 26 2021 Fedora Release Engineering <releng@fedoraproject.org> - 2.4.0-2
+* Mon Feb 10 2020 Nikola Forró <nforro@redhat.com> - 2.3.1-6
-- Rebuilt for https://fedoraproject.org/wiki/Fedora_34_Mass_Rebuild
+- Fix CVE-2020-8112 (#1801034)
 
-* Tue Dec 29 2020 Sandro Mani <manisandro@gmail.com> - 2.4.0-1
+* Tue Jan 14 2020 Nikola Forró <nforro@redhat.com> - 2.3.1-5
-- Update to 2.4.0
+- Fix CVE-2020-6851 (#1790590)
 
-* Thu Dec 17 2020 Sandro Mani <manisandro@gmail.com> - 2.3.1-10
+* Wed Dec 04 2019 Nikola Forró <nforro@redhat.com> - 2.3.1-4
-* Backport patches for CVE-2020-27841, CVE-2020-27842, CVE-2020-27843, CVE-2020-27845
+- Add upstream test suite and enable it in gating
 
-* Thu Dec 10 2020 Sandro Mani <manisandro@gmail.com> - 2.3.1-9
+* Fri Nov 29 2019 Nikola Forró <nforro@redhat.com> - 2.3.1-3
-* Backport patches for CVE-2020-27824 and CVE-2020-27823
+- Fix Coverity issues
 
-* Sat Nov 28 2020 Sandro Mani <manisandro@gmail.com> - 2.3.1-8
+* Wed Nov 20 2019 Nikola Forró <nforro@redhat.com> - 2.3.1-2
-- Backport patch for CVE-2020-27814
+- Fix unbundling third party libraries (#1757823)
 
-* Tue Jul 28 2020 Fedora Release Engineering <releng@fedoraproject.org> - 2.3.1-7
+* Fri May 31 2019 Nikola Forró <nforro@redhat.com> - 2.3.1-1
-- Rebuilt for https://fedoraproject.org/wiki/Fedora_33_Mass_Rebuild
+- Rebase to 2.3.1 (#1704255)
 
-* Thu Feb 13 2020 Sandro Mani <manisandro@gmail.com> - 2.3.1-6
+* Tue Oct 16 2018 Nikola Forró <nforro@redhat.com> - 2.3.0-8
-- Backport patch for CVE 2020-8112
+- Fix important Covscan defects (#1602643)
 
-* Wed Jan 29 2020 Fedora Release Engineering <releng@fedoraproject.org> - 2.3.1-5
+* Mon Oct 15 2018 Nikola Forró <nforro@redhat.com> - 2.3.0-7
-- Rebuilt for https://fedoraproject.org/wiki/Fedora_32_Mass_Rebuild
+- Fix CVE-2018-18088 (#1638562)
-
-* Fri Jan 17 2020 Sandro Mani <manisandro@gmail.com> - 2.3.1-4
-- Backport patch for CVE 2020-6851
-
-* Wed Oct 02 2019 Sandro Mani <manisandro@gmail.com> - 2.3.1-3
-- Fix unbundling 3rd party libraries (#1757822)
-
-* Thu Jul 25 2019 Fedora Release Engineering <releng@fedoraproject.org> - 2.3.1-2
-- Rebuilt for https://fedoraproject.org/wiki/Fedora_31_Mass_Rebuild
-
-* Tue Apr 02 2019 Sandro Mani <manisandro@gmail.com> - 2.3.1-1
-- Update to 2.3.1
-
-* Fri Feb 01 2019 Fedora Release Engineering <releng@fedoraproject.org> - 2.3.0-11
-- Rebuilt for https://fedoraproject.org/wiki/Fedora_30_Mass_Rebuild
-
-* Thu Dec 20 2018 Sandro Mani <manisandro@gmail.com> - 2.3.0-10
-- Backport patches for CVE-2018-18088, CVE-2018-6616
-
-* Thu Oct 04 2018 Sandro Mani <manisandro@gmail.com> - 2.3.0-9
-- Backport patch for CVE-2018-5785 (#1537758)
-
-* Fri Jul 13 2018 Fedora Release Engineering <releng@fedoraproject.org> - 2.3.0-8
-- Rebuilt for https://fedoraproject.org/wiki/Fedora_29_Mass_Rebuild
-
-* Wed Mar 07 2018 Sandro Mani <manisandro@gmail.com> - 2.3.0-7
-- BR: gcc-c++
 
 * Mon Feb 19 2018 Sandro Mani <manisandro@gmail.com> - 2.3.0-6
 - Add missing BR: gcc, make

gating.yaml

@@ -1,7 +0,0 @@
---- !Policy
-product_versions:
-  - rhel-9
-decision_context: osci_compose_gate
-rules:
-  - !PassingTestCaseRule {test_case_name: osci.brew-build.tier0.functional}
-  - !PassingTestCaseRule {test_case_name: baseos-ci.brew-build.tier1.functional}

openjpeg2-2.5.2-cve-2024-56826.patch

@@ -1,108 +0,0 @@
-diff --git a/src/bin/common/color.c b/src/bin/common/color.c
-index ae5d648da..e4924a152 100644
---- a/src/bin/common/color.c
-+++ b/src/bin/common/color.c
-@@ -158,7 +158,7 @@ static void sycc422_to_rgb(opj_image_t *img)
- {
-     int *d0, *d1, *d2, *r, *g, *b;
-     const int *y, *cb, *cr;
--    size_t maxw, maxh, max, offx, loopmaxw;
-+    size_t maxw, maxh, max, offx, loopmaxw, comp12w;
-     int offset, upb;
-     size_t i;
- 
-@@ -167,6 +167,7 @@ static void sycc422_to_rgb(opj_image_t *img)
-     upb = (1 << upb) - 1;
- 
-     maxw = (size_t)img->comps[0].w;
-+    comp12w = (size_t)img->comps[1].w;
-     maxh = (size_t)img->comps[0].h;
-     max = maxw * maxh;
- 
-@@ -212,13 +213,19 @@ static void sycc422_to_rgb(opj_image_t *img)
-             ++cr;
-         }
-         if (j < loopmaxw) {
--            sycc_to_rgb(offset, upb, *y, *cb, *cr, r, g, b);
-+            if (j / 2 == comp12w) {
-+                sycc_to_rgb(offset, upb, *y, 0, 0, r, g, b);
-+            } else {
-+                sycc_to_rgb(offset, upb, *y, *cb, *cr, r, g, b);
-+            }
-             ++y;
-             ++r;
-             ++g;
-             ++b;
--            ++cb;
--            ++cr;
-+            if (j / 2 < comp12w) {
-+                ++cb;
-+                ++cr;
-+            }
-         }
-     }
- 
-@@ -246,7 +253,7 @@ static void sycc420_to_rgb(opj_image_t *img)
- {
-     int *d0, *d1, *d2, *r, *g, *b, *nr, *ng, *nb;
-     const int *y, *cb, *cr, *ny;
--    size_t maxw, maxh, max, offx, loopmaxw, offy, loopmaxh;
-+    size_t maxw, maxh, max, offx, loopmaxw, offy, loopmaxh, comp12w;
-     int offset, upb;
-     size_t i;
- 
-@@ -255,6 +262,7 @@ static void sycc420_to_rgb(opj_image_t *img)
-     upb = (1 << upb) - 1;
- 
-     maxw = (size_t)img->comps[0].w;
-+    comp12w = (size_t)img->comps[1].w;
-     maxh = (size_t)img->comps[0].h;
-     max = maxw * maxh;
- 
-@@ -336,19 +344,29 @@ static void sycc420_to_rgb(opj_image_t *img)
-             ++cr;
-         }
-         if (j < loopmaxw) {
--            sycc_to_rgb(offset, upb, *y, *cb, *cr, r, g, b);
-+            if (j / 2 == comp12w) {
-+                sycc_to_rgb(offset, upb, *y, 0, 0, r, g, b);
-+            } else {
-+                sycc_to_rgb(offset, upb, *y, *cb, *cr, r, g, b);
-+            }
-             ++y;
-             ++r;
-             ++g;
-             ++b;
- 
--            sycc_to_rgb(offset, upb, *ny, *cb, *cr, nr, ng, nb);
-+            if (j / 2 == comp12w) {
-+                sycc_to_rgb(offset, upb, *ny, 0, 0, nr, ng, nb);
-+            } else {
-+                sycc_to_rgb(offset, upb, *ny, *cb, *cr, nr, ng, nb);
-+            }
-             ++ny;
-             ++nr;
-             ++ng;
-             ++nb;
--            ++cb;
--            ++cr;
-+            if (j / 2 < comp12w) {
-+                ++cb;
-+                ++cr;
-+            }
-         }
-         y += maxw;
-         r += maxw;
-@@ -384,7 +402,11 @@ static void sycc420_to_rgb(opj_image_t *img)
-             ++cr;
-         }
-         if (j < loopmaxw) {
--            sycc_to_rgb(offset, upb, *y, *cb, *cr, r, g, b);
-+            if (j / 2 == comp12w) {
-+                sycc_to_rgb(offset, upb, *y, 0, 0, r, g, b);
-+            } else {
-+                sycc_to_rgb(offset, upb, *y, *cb, *cr, r, g, b);
-+            }
-         }
-     }
- 

openjpeg2-2.5.2-cve-2024-56827.patch

@@ -1,14 +0,0 @@
-diff --git a/src/lib/openjp2/j2k.c b/src/lib/openjp2/j2k.c
-index 7dc389fa2..b5903a59c 100644
---- a/src/lib/openjp2/j2k.c
-+++ b/src/lib/openjp2/j2k.c
-@@ -8456,7 +8456,8 @@ static OPJ_BOOL opj_j2k_add_tlmarker(OPJ_UINT32 tileno,
-     if (type == J2K_MS_SOT) {
-         OPJ_UINT32 l_current_tile_part = cstr_index->tile_index[tileno].current_tpsno;
- 
--        if (cstr_index->tile_index[tileno].tp_index) {
-+        if (cstr_index->tile_index[tileno].tp_index &&
-+                l_current_tile_part < cstr_index->tile_index[tileno].nb_tps) {
-             cstr_index->tile_index[tileno].tp_index[l_current_tile_part].start_pos = pos;
-         }
- 

openjpeg2-CVE-2021-3575.patch

@@ -1,30 +0,0 @@
-diff --git a/src/bin/common/color.c b/src/bin/common/color.c
-index 27f15f137..ae5d648da 100644
---- a/src/bin/common/color.c
-+++ b/src/bin/common/color.c
-@@ -358,7 +358,15 @@ static void sycc420_to_rgb(opj_image_t *img)
-     if (i < loopmaxh) {
-         size_t j;
- 
--        for (j = 0U; j < (maxw & ~(size_t)1U); j += 2U) {
-+        if (offx > 0U) {
-+            sycc_to_rgb(offset, upb, *y, 0, 0, r, g, b);
-+            ++y;
-+            ++r;
-+            ++g;
-+            ++b;
-+        }
-+
-+        for (j = 0U; j < (loopmaxw & ~(size_t)1U); j += 2U) {
-             sycc_to_rgb(offset, upb, *y, *cb, *cr, r, g, b);
- 
-             ++y;
-@@ -375,7 +383,7 @@ static void sycc420_to_rgb(opj_image_t *img)
-             ++cb;
-             ++cr;
-         }
--        if (j < maxw) {
-+        if (j < loopmaxw) {
-             sycc_to_rgb(offset, upb, *y, *cb, *cr, r, g, b);
-         }
-     }

sources

@@ -1 +0,0 @@
-SHA512 (openjpeg-2.4.0.tar.gz) = 55daab47d33823af94e32e5d345b52c251a5410f0c8e0a13b693f17899eedc8b2bb107489ddcba9ab78ef17dfd7cd80d3c5ec80c1e429189cb041124b67e07a8