diff --git a/CVE-2018-18873.patch b/CVE-2018-18873.patch new file mode 100644 index 0000000000000000000000000000000000000000..f63422c1090a9323f9e608590deaa76173be74ba --- /dev/null +++ b/CVE-2018-18873.patch @@ -0,0 +1,30 @@ +From 12db8078ba17a8ffc5cc2429fb506988f0f11b44 Mon Sep 17 00:00:00 2001 +From: Max Kellermann +Date: Sun, 28 Jun 2020 13:25:12 +0200 +Subject: [PATCH] ras_enc: check components for RGB, fixes NULL pointer + dereference + +Fixes CVE-2018-18873 + +Closes https://github.com/jasper-maint/jasper/issues/15 +Closes https://github.com/mdadams/jasper/issues/184 +--- + src/libjasper/ras/ras_enc.c | 5 +++++ + 1 file changed, 5 insertions(+) + +diff --git a/src/libjasper/ras/ras_enc.c b/src/libjasper/ras/ras_enc.c +index 85ff9a3..dc4f151 100644 +--- a/src/libjasper/ras/ras_enc.c ++++ b/src/libjasper/ras/ras_enc.c +@@ -232,6 +232,11 @@ static int ras_putdatastd(jas_stream_t *out, ras_hdr_t *hdr, jas_image_t *image, + + assert(numcmpts <= 3); + ++ if (RAS_ISRGB(hdr) && numcmpts < 3) { ++ /* need 3 components for RGB */ ++ return -1; ++ } ++ + for (i = 0; i < 3; ++i) { + data[i] = 0; + } diff --git a/CVE-2018-19139.patch b/CVE-2018-19139.patch new file mode 100644 index 0000000000000000000000000000000000000000..13bef9a61d0a8282f7c5cee78346d044abba4a62 --- /dev/null +++ b/CVE-2018-19139.patch @@ -0,0 +1,28 @@ +From 708871879b86443c28bcb5505d3fd04e8384f8aa Mon Sep 17 00:00:00 2001 +From: Max Kellermann +Date: Wed, 24 Jun 2020 21:09:02 +0200 +Subject: [PATCH] jpc_cs: register jpc_unk_destroyparms() in all unknown + segments + +Fixes CVE-2018-19139 (memory leak) + +Closes https://github.com/jasper-maint/jasper/issues/14 +--- + src/libjasper/jpc/jpc_cs.c | 4 ++-- + 1 file changed, 2 insertions(+), 2 deletions(-) + +diff --git a/src/libjasper/jpc/jpc_cs.c b/src/libjasper/jpc/jpc_cs.c +index 8a2e0ab..6c61d44 100644 +--- a/src/libjasper/jpc/jpc_cs.c ++++ b/src/libjasper/jpc/jpc_cs.c +@@ -190,8 +190,8 @@ static const jpc_mstabent_t jpc_mstab[] = { + jpc_qcc_putparms, jpc_qcc_dumpparms}}, + {JPC_MS_POC, "POC", {jpc_poc_destroyparms, jpc_poc_getparms, + jpc_poc_putparms, jpc_poc_dumpparms}}, +- {JPC_MS_TLM, "TLM", {0, jpc_unk_getparms, jpc_unk_putparms, 0}}, +- {JPC_MS_PLM, "PLM", {0, jpc_unk_getparms, jpc_unk_putparms, 0}}, ++ {JPC_MS_TLM, "TLM", {jpc_unk_destroyparms, jpc_unk_getparms, jpc_unk_putparms, 0}}, ++ {JPC_MS_PLM, "PLM", {jpc_unk_destroyparms, jpc_unk_getparms, jpc_unk_putparms, 0}}, + {JPC_MS_PPM, "PPM", {jpc_ppm_destroyparms, jpc_ppm_getparms, + jpc_ppm_putparms, jpc_ppm_dumpparms}}, + {JPC_MS_PPT, "PPT", {jpc_ppt_destroyparms, jpc_ppt_getparms, diff --git a/CVE-2018-19539.patch b/CVE-2018-19539.patch new file mode 100644 index 0000000000000000000000000000000000000000..8afd25ffd9ea1dee310af92d52cee57a865f9d7b --- /dev/null +++ b/CVE-2018-19539.patch @@ -0,0 +1,14 @@ +diff --git a/jasper-2.0.14/src/libjasper/base/jas_image.c b/jasper-2.0.14-edit/src/libjasper/base/jas_image.c +index e71b86a..6aafc3a 100644 +--- a/src/libjasper/base/jas_image.c ++++ b/src/libjasper/base/jas_image.c +@@ -553,6 +553,9 @@ int jas_image_writecmpt(jas_image_t *image, int cmptno, jas_image_coord_t x, + image, cmptno, JAS_CAST(long, x), JAS_CAST(long, y), + JAS_CAST(long, width), JAS_CAST(long, height), data)); + ++ if(data == NULL) ++ return -1; ++ + if (cmptno < 0 || cmptno >= image->numcmpts_) { + return -1; + } diff --git a/CVE-2018-19540.patch b/CVE-2018-19540.patch new file mode 100644 index 0000000000000000000000000000000000000000..5fa4fd4dd9f48c32e1ed8fada301ecc7980c3f28 --- /dev/null +++ b/CVE-2018-19540.patch @@ -0,0 +1,13 @@ +diff --git a/jasper-2.0.14/src/libjasper/base/jas_icc.c b/jasper-2.0.14-edit/src/libjasper/base/jas_icc.c +index 4607930..762c0e8 100644 +--- a/src/libjasper/base/jas_icc.c ++++ b/src/libjasper/base/jas_icc.c +@@ -1104,6 +1104,8 @@ static int jas_icctxtdesc_input(jas_iccattrval_t *attrval, jas_stream_t *in, + if (jas_stream_read(in, txtdesc->ascdata, txtdesc->asclen) != + JAS_CAST(int, txtdesc->asclen)) + goto error; ++ if (txtdesc->asclen < 1) ++ goto error; + txtdesc->ascdata[txtdesc->asclen - 1] = '\0'; + if (jas_iccgetuint32(in, &txtdesc->uclangcode) || + jas_iccgetuint32(in, &txtdesc->uclen)) diff --git a/CVE-2018-19541.patch b/CVE-2018-19541.patch new file mode 100644 index 0000000000000000000000000000000000000000..785ede9ce99468c6a94417096ac091a7d26a64c3 --- /dev/null +++ b/CVE-2018-19541.patch @@ -0,0 +1,14 @@ +diff --git a/jasper-2.0.14/src/libjasper/base/jas_image.c b/jasper-2.0.14-edit/src/libjasper/base/jas_image.c +index 6aafc3a..31ddb4b 100644 +--- a/src/libjasper/base/jas_image.c ++++ b/src/libjasper/base/jas_image.c +@@ -978,6 +978,9 @@ int jas_image_depalettize(jas_image_t *image, int cmptno, int numlutents, + cmptparms.prec = JAS_IMAGE_CDT_GETPREC(dtype); + cmptparms.sgnd = JAS_IMAGE_CDT_GETSGND(dtype); + ++ if (numlutents < 1) { ++ return -1; ++ } + if (jas_image_addcmpt(image, newcmptno, &cmptparms)) { + return -1; + } diff --git a/CVE-2018-20570.patch b/CVE-2018-20570.patch new file mode 100644 index 0000000000000000000000000000000000000000..bd0df407af5c9cccf723fe6a375dea31815aa87b --- /dev/null +++ b/CVE-2018-20570.patch @@ -0,0 +1,47 @@ +From 03db7c81f6a8a92d896249bc673877749987fd7a Mon Sep 17 00:00:00 2001 +From: Max Kellermann +Date: Wed, 24 Jun 2020 21:26:10 +0200 +Subject: [PATCH] jp2_enc: check number of components before dereferencing them + +Fixes CVE-2018-20570 + +Closes https://github.com/jasper-maint/jasper/issues/11 +Closes https://github.com/mdadams/jasper/issues/191 +--- + src/libjasper/jp2/jp2_enc.c | 9 ++++++--- + 1 file changed, 6 insertions(+), 3 deletions(-) + +diff --git a/src/libjasper/jp2/jp2_enc.c b/src/libjasper/jp2/jp2_enc.c +index fd39a84..1b44c18 100644 +--- a/src/libjasper/jp2/jp2_enc.c ++++ b/src/libjasper/jp2/jp2_enc.c +@@ -293,7 +293,8 @@ int jp2_encode(jas_image_t *image, jas_stream_t *out, const char *optstr) + needcdef = 1; + switch (jas_clrspc_fam(jas_image_clrspc(image))) { + case JAS_CLRSPC_FAM_RGB: +- if (jas_image_cmpttype(image, 0) == ++ if (jas_image_numcmpts(image) >= 3 && ++ jas_image_cmpttype(image, 0) == + JAS_IMAGE_CT_COLOR(JAS_CLRSPC_CHANIND_RGB_R) && + jas_image_cmpttype(image, 1) == + JAS_IMAGE_CT_COLOR(JAS_CLRSPC_CHANIND_RGB_G) && +@@ -302,7 +303,8 @@ int jp2_encode(jas_image_t *image, jas_stream_t *out, const char *optstr) + needcdef = 0; + break; + case JAS_CLRSPC_FAM_YCBCR: +- if (jas_image_cmpttype(image, 0) == ++ if (jas_image_numcmpts(image) >= 3 && ++ jas_image_cmpttype(image, 0) == + JAS_IMAGE_CT_COLOR(JAS_CLRSPC_CHANIND_YCBCR_Y) && + jas_image_cmpttype(image, 1) == + JAS_IMAGE_CT_COLOR(JAS_CLRSPC_CHANIND_YCBCR_CB) && +@@ -311,7 +313,8 @@ int jp2_encode(jas_image_t *image, jas_stream_t *out, const char *optstr) + needcdef = 0; + break; + case JAS_CLRSPC_FAM_GRAY: +- if (jas_image_cmpttype(image, 0) == ++ if (jas_image_numcmpts(image) >= 1 && ++ jas_image_cmpttype(image, 0) == + JAS_IMAGE_CT_COLOR(JAS_IMAGE_CT_GRAY_Y)) + needcdef = 0; + break; diff --git a/CVE-2018-20622.patch b/CVE-2018-20622.patch new file mode 100644 index 0000000000000000000000000000000000000000..85a75017ea7e74ecd8c4692d586669b8c386d666 --- /dev/null +++ b/CVE-2018-20622.patch @@ -0,0 +1,86 @@ +From aa8516b28344aa1263ee538bb7366c4679a0e1a5 Mon Sep 17 00:00:00 2001 +From: Max Kellermann +Date: Wed, 24 Jun 2020 21:41:24 +0200 +Subject: [PATCH] jpc_t2dec: fix various memory leaks in jpc_dec_decodepkt() + +Fixes CVE-2018-20622 + +Closes https://github.com/jasper-maint/jasper/issues/12 +Closes https://github.com/mdadams/jasper/issues/193 +--- + src/libjasper/jpc/jpc_t2dec.c | 9 +++++++++ + 1 file changed, 9 insertions(+) + +diff --git a/src/libjasper/jpc/jpc_t2dec.c b/src/libjasper/jpc/jpc_t2dec.c +index 81d1f61..e88ccb6 100644 +--- a/src/libjasper/jpc/jpc_t2dec.c ++++ b/src/libjasper/jpc/jpc_t2dec.c +@@ -225,6 +225,7 @@ hdroffstart = jas_stream_getrwcount(pkthdrstream); + } + + if ((present = jpc_bitstream_getbit(inb)) < 0) { ++ jpc_bitstream_close(inb); + return 1; + } + JAS_DBGLOG(10, ("\n", present)); +@@ -252,10 +253,12 @@ hdroffstart = jas_stream_getrwcount(pkthdrstream); + if (!cblk->numpasses) { + leaf = jpc_tagtree_getleaf(prc->incltagtree, usedcblkcnt - 1); + if ((included = jpc_tagtree_decode(prc->incltagtree, leaf, lyrno + 1, inb)) < 0) { ++ jpc_bitstream_close(inb); + return -1; + } + } else { + if ((included = jpc_bitstream_getbit(inb)) < 0) { ++ jpc_bitstream_close(inb); + return -1; + } + } +@@ -269,6 +272,7 @@ hdroffstart = jas_stream_getrwcount(pkthdrstream); + leaf = jpc_tagtree_getleaf(prc->numimsbstagtree, usedcblkcnt - 1); + for (;;) { + if ((ret = jpc_tagtree_decode(prc->numimsbstagtree, leaf, i, inb)) < 0) { ++ jpc_bitstream_close(inb); + return -1; + } + if (ret) { +@@ -280,6 +284,7 @@ hdroffstart = jas_stream_getrwcount(pkthdrstream); + cblk->firstpassno = cblk->numimsbs * 3; + } + if ((numnewpasses = jpc_getnumnewpasses(inb)) < 0) { ++ jpc_bitstream_close(inb); + return -1; + } + JAS_DBGLOG(10, ("numnewpasses=%d ", numnewpasses)); +@@ -288,6 +293,7 @@ hdroffstart = jas_stream_getrwcount(pkthdrstream); + mycounter = 0; + if (numnewpasses > 0) { + if ((m = jpc_getcommacode(inb)) < 0) { ++ jpc_bitstream_close(inb); + return -1; + } + cblk->numlenbits += m; +@@ -298,6 +304,7 @@ hdroffstart = jas_stream_getrwcount(pkthdrstream); + maxpasses = JPC_SEGPASSCNT(passno, cblk->firstpassno, 10000, (ccp->cblkctx & JPC_COX_LAZY) != 0, (ccp->cblkctx & JPC_COX_TERMALL) != 0); + if (!discard && !seg) { + if (!(seg = jpc_seg_alloc())) { ++ jpc_bitstream_close(inb); + return -1; + } + jpc_seglist_insert(&cblk->segs, cblk->segs.tail, seg); +@@ -312,6 +319,7 @@ hdroffstart = jas_stream_getrwcount(pkthdrstream); + mycounter += n; + numnewpasses -= n; + if ((len = jpc_bitstream_getbits(inb, cblk->numlenbits + jpc_floorlog2(n))) < 0) { ++ jpc_bitstream_close(inb); + return -1; + } + JAS_DBGLOG(10, ("len=%d ", len)); +@@ -333,6 +341,7 @@ hdroffstart = jas_stream_getrwcount(pkthdrstream); + } else { + if (jpc_bitstream_inalign(inb, 0x7f, 0)) { + jas_eprintf("alignment failed\n"); ++ jpc_bitstream_close(inb); + return -1; + } + } diff --git a/CVE-2018-9055.patch b/CVE-2018-9055.patch new file mode 100644 index 0000000000000000000000000000000000000000..09cda8c2d9b3b8799bb0d48d2cb610986e1a5c28 --- /dev/null +++ b/CVE-2018-9055.patch @@ -0,0 +1,63 @@ +From d4358fb62a01bd542146a1d25b8f6fd2a0b210fe Mon Sep 17 00:00:00 2001 +From: Michael Vetter +Date: Mon, 25 Mar 2019 12:20:26 +0100 +Subject: [PATCH] Fix integer width in jpc_math + +Fix denial of service via a reachable assertion in the function jpc_firstone in libjasper/jpc/jpc_math.c. + +Assigned CVE-2018-9055. +Fixes https://github.com/mdadams/jasper/issues/172. + +Fix by Fridrich Strba . +--- + src/libjasper/jpc/jpc_math.c | 4 ++-- + src/libjasper/jpc/jpc_math.h | 5 +++-- + 2 files changed, 5 insertions(+), 4 deletions(-) + +diff --git a/src/libjasper/jpc/jpc_math.c b/src/libjasper/jpc/jpc_math.c +index 2b70844..1b18880 100644 +--- a/src/libjasper/jpc/jpc_math.c ++++ b/src/libjasper/jpc/jpc_math.c +@@ -86,7 +86,7 @@ + + /* Calculate the integer quantity floor(log2(x)), where x is a positive + integer. */ +-int jpc_floorlog2(int x) ++int jpc_floorlog2(int_fast32_t x) + { + int y; + +@@ -105,7 +105,7 @@ int jpc_floorlog2(int x) + integer. */ + /* This function is the basically the same as ceillog2(x), except that the + allowable range for x is slightly different. */ +-int jpc_firstone(int x) ++int jpc_firstone(int_fast32_t x) + { + int n; + +diff --git a/src/libjasper/jpc/jpc_math.h b/src/libjasper/jpc/jpc_math.h +index e8e0978..bd80d51 100644 +--- a/src/libjasper/jpc/jpc_math.h ++++ b/src/libjasper/jpc/jpc_math.h +@@ -67,6 +67,7 @@ + \******************************************************************************/ + + #include ++#include + + /******************************************************************************\ + * Macros +@@ -90,10 +91,10 @@ + + /* Calculate the bit position of the first leading one in a nonnegative + integer. */ +-int jpc_firstone(int x); ++int jpc_firstone(int_fast32_t x); + + /* Calculate the integer quantity floor(log2(x)), where x is a positive + integer. */ +-int jpc_floorlog2(int x); ++int jpc_floorlog2(int_fast32_t x); + + #endif diff --git a/CVE-2018-9154.patch b/CVE-2018-9154.patch new file mode 100644 index 0000000000000000000000000000000000000000..543fd0d6ee8d24e61d6ac3748f52605403e22a6b --- /dev/null +++ b/CVE-2018-9154.patch @@ -0,0 +1,40 @@ +From fcbabdaaba217124c92dc29472596146756b968e Mon Sep 17 00:00:00 2001 +From: Michael Vetter +Date: Tue, 17 Mar 2020 13:32:11 +0100 +Subject: [PATCH] Use return in jpc_dec_process_sot() instead of abort + +We don't need to and should not abort here. + +Fix CVE-2018-9154. +Fix https://github.com/mdadams/jasper/issues/215 +Fix https://github.com/mdadams/jasper/issues/166 +Fix https://github.com/mdadams/jasper/issues/175 + +See: https://github.com/mdadams/jasper/pull/216 +Fix https://github.com/jasper-maint/jasper/issues/8 +--- + src/libjasper/jpc/jpc_dec.c | 4 ++-- + 1 file changed, 2 insertions(+), 2 deletions(-) + +diff --git a/src/libjasper/jpc/jpc_dec.c b/src/libjasper/jpc/jpc_dec.c +index 6d40786..817009e 100644 +--- a/src/libjasper/jpc/jpc_dec.c ++++ b/src/libjasper/jpc/jpc_dec.c +@@ -485,7 +485,7 @@ static int jpc_dec_process_sot(jpc_dec_t *dec, jpc_ms_t *ms) + + if (!(compinfos = jas_alloc2(dec->numcomps, + sizeof(jas_image_cmptparm_t)))) { +- abort(); ++ return -1; + } + for (cmptno = 0, cmpt = dec->cmpts, compinfo = compinfos; + cmptno < dec->numcomps; ++cmptno, ++cmpt, ++compinfo) { +@@ -512,7 +512,7 @@ static int jpc_dec_process_sot(jpc_dec_t *dec, jpc_ms_t *ms) + /* Convert the PPM marker segment data into a collection of streams + (one stream per tile-part). */ + if (!(dec->pkthdrstreams = jpc_ppmstabtostreams(dec->ppmstab))) { +- abort(); ++ return -1; + } + jpc_ppxstab_destroy(dec->ppmstab); + dec->ppmstab = 0; diff --git a/CVE-2018-9252.patch b/CVE-2018-9252.patch new file mode 100644 index 0000000000000000000000000000000000000000..84a2c2e21a21c9318b9661c46d5228a7d898b103 --- /dev/null +++ b/CVE-2018-9252.patch @@ -0,0 +1,76 @@ +From 6cd1e1d8aff56d0d86d4e7d1e7e3e4dd1c64b55d Mon Sep 17 00:00:00 2001 +From: Max Kellermann +Date: Wed, 24 Jun 2020 19:01:35 +0200 +Subject: [PATCH] jpc_enc: jpc_abstorelstepsize() returns error instead of + aborting + +Fixes CVE-2018-9252 + +Closes https://github.com/jasper-maint/jasper/issues/16 +--- + src/libjasper/jpc/jpc_enc.c | 19 +++++++++++++++---- + 1 file changed, 15 insertions(+), 4 deletions(-) + +diff --git a/src/libjasper/jpc/jpc_enc.c b/src/libjasper/jpc/jpc_enc.c +index a779645..b11a450 100644 +--- a/src/libjasper/jpc/jpc_enc.c ++++ b/src/libjasper/jpc/jpc_enc.c +@@ -165,6 +165,9 @@ static jpc_enc_cp_t *cp_create(const char *optstr, jas_image_t *image); + void jpc_enc_cp_destroy(jpc_enc_cp_t *cp); + static uint_fast32_t jpc_abstorelstepsize(jpc_fix_t absdelta, int scaleexpn); + ++/** ++ * @return UINT_FAST32_MAX on error ++ */ + static uint_fast32_t jpc_abstorelstepsize(jpc_fix_t absdelta, int scaleexpn) + { + int p; +@@ -173,7 +176,7 @@ static uint_fast32_t jpc_abstorelstepsize(jpc_fix_t absdelta, int scaleexpn) + int n; + + if (absdelta < 0) { +- abort(); ++ return UINT_FAST32_MAX; + } + + p = jpc_firstone(absdelta) - JPC_FIX_FRACBITS; +@@ -179,8 +182,10 @@ static uint_fast32_t jpc_abstorelstepsize(jpc_fix_t absdelta, int scaleexpn) + mant = ((n < 0) ? (absdelta >> (-n)) : (absdelta << n)) & 0x7ff; + expn = scaleexpn - p; + if (scaleexpn < p) { +- abort(); ++ return UINT_FAST32_MAX; + } ++ if (expn >= 0x1f) ++ return UINT_FAST32_MAX; + return JPC_QCX_EXPN(expn) | JPC_QCX_MANT(mant); + } + +@@ -991,9 +996,12 @@ startoff = jas_stream_getrwcount(enc->out); + } else { + absstepsize = jpc_inttofix(1); + } +- cp->ccps[cmptno].stepsizes[bandno] = ++ const uint_fast32_t stepsize = + jpc_abstorelstepsize(absstepsize, + cp->ccps[cmptno].prec + analgain); ++ if (stepsize == UINT_FAST32_MAX) ++ return -1; ++ cp->ccps[cmptno].stepsizes[bandno] = stepsize; + } + cp->ccps[cmptno].numstepsizes = numbands; + } +@@ -1234,9 +1242,12 @@ jas_eprintf("%d %d mag=%d actual=%d numgbits=%d\n", cp->ccps[cmptno].prec, band- + } else { + band->absstepsize = jpc_inttofix(1); + } +- band->stepsize = jpc_abstorelstepsize( ++ const uint_fast32_t stepsize = jpc_abstorelstepsize( + band->absstepsize, cp->ccps[cmptno].prec + + band->analgain); ++ if (stepsize == UINT_FAST32_MAX) ++ return -1; ++ band->stepsize = stepsize; + band->numbps = cp->tccp.numgbits + + JPC_QCX_GETEXPN(band->stepsize) - 1; + diff --git a/jasper.spec b/jasper.spec index 071f449c5dadac186ba665ace4d4c0d71d6b61c1..d92255b08eeb57b9371290c8f56d1ef52b94f1df 100644 --- a/jasper.spec +++ b/jasper.spec @@ -1,6 +1,6 @@ Name: jasper Version: 2.0.14 -Release: 8 +Release: 9 Summary: Reference implementation of the codec specified in the JPEG-2000 standard, Part 1 License: JasPer URL: http://www.ece.uvic.ca/~frodo/jasper/ @@ -8,6 +8,16 @@ Source0: http://www.ece.uvic.ca/~frodo/jasper/software/jasper-%{vers Patch0001: jasper-2.0.14-CVE-2016-9396.patch Patch0002: jasper-2.0.14-rpath.patch +Patch0003: CVE-2018-9055.patch +Patch0004: CVE-2018-9154.patch +Patch0005: CVE-2018-9252.patch +Patch0006: CVE-2018-18873.patch +Patch0007: CVE-2018-19139.patch +Patch0008: CVE-2018-19539.patch +Patch0009: CVE-2018-19540.patch +Patch0010: CVE-2018-19541.patch +Patch0011: CVE-2018-20570.patch +Patch0012: CVE-2018-20622.patch BuildRequires: cmake freeglut-devel libGLU-devel libjpeg-devel libXmu-devel libXi-devel BuildRequires: pkgconfig doxygen mesa-libGL-devel @@ -87,5 +97,18 @@ make test -C builder %doc README %changelog +* Wed Sep 16 2020 wutao - 2.0.14-9 +- fix folllowing CVE in this revision + CVE-2018-18873 + CVE-2018-19541 + CVE-2018-9055 + CVE-2018-9154 + CVE-2018-19539 + CVE-2018-20570 + CVE-2018-9252 + CVE-2018-19540 + CVE-2018-20622 + CVE-2018-19139 + * Wed Apr 22 2020 leiju - 2.0.14-8 - Package init