From b5e1cbaf7fcfba734f24a8746c07cbfb0847ab52 Mon Sep 17 00:00:00 2001 From: zhangrui Date: Thu, 9 Jan 2020 22:44:49 +0800 Subject: [PATCH] update to 4.2.2 --- CVE-2016-10505.patch | 45 -------------------------------------------- CVE-2016-7445.patch | 23 ---------------------- openjpeg2.spec | 8 ++++---- 3 files changed, 4 insertions(+), 72 deletions(-) delete mode 100644 CVE-2016-10505.patch delete mode 100644 CVE-2016-7445.patch diff --git a/CVE-2016-10505.patch b/CVE-2016-10505.patch deleted file mode 100644 index 161df03..0000000 --- a/CVE-2016-10505.patch +++ /dev/null @@ -1,45 +0,0 @@ -diff -Nur openjpeg-2.3.1_bak/src/bin/common/color.c openjpeg-2.3.1/src/bin/common/color.c ---- openjpeg-2.3.1_bak/src/bin/common/color.c 2019-10-14 06:31:49.372000000 -0400 -+++ openjpeg-2.3.1/src/bin/common/color.c 2019-10-14 06:33:30.080000000 -0400 -@@ -126,6 +126,7 @@ - d1 = g = (int*)opj_image_data_alloc(sizeof(int) * max); - d2 = b = (int*)opj_image_data_alloc(sizeof(int) * max); - -+ if(y == NULL || cb == NULL || cr == NULL) goto fails; - if (r == NULL || g == NULL || b == NULL) { - goto fails; - } -@@ -178,6 +179,7 @@ - d1 = g = (int*)opj_image_data_alloc(sizeof(int) * max); - d2 = b = (int*)opj_image_data_alloc(sizeof(int) * max); - -+ if(y == NULL || cb == NULL || cr == NULL) goto fails; - if (r == NULL || g == NULL || b == NULL) { - goto fails; - } -@@ -1062,6 +1064,7 @@ - (image->comps[0].dx != image->comps[2].dx) - || (image->comps[0].dy != image->comps[1].dy) || - (image->comps[0].dy != image->comps[2].dy) -+ || !image->comps [0].data || !image->comps [1].data || !image->comps [2].data - ) { - fprintf(stderr, "%s:%d:color_esycc_to_rgb\n\tCAN NOT CONVERT\n", __FILE__, - __LINE__); -diff -Nur openjpeg-2.3.1_bak/src/bin/jp2/convertbmp.c openjpeg-2.3.1/src/bin/jp2/convertbmp.c ---- openjpeg-2.3.1_bak/src/bin/jp2/convertbmp.c 2019-10-14 06:31:49.372000000 -0400 -+++ openjpeg-2.3.1/src/bin/jp2/convertbmp.c 2019-10-14 06:34:34.480000000 -0400 -@@ -889,6 +889,13 @@ - image->comps[0].prec); - return 1; - } -+ -+ for (i = 0; i < image->numcomps; i++) { -+ if (image->comps[i].data == NULL) { -+ fprintf(stderr, "Missing image data\n"); -+ return 1; -+ } -+ } - if (image->numcomps >= 3 && image->comps[0].dx == image->comps[1].dx - && image->comps[1].dx == image->comps[2].dx - && image->comps[0].dy == image->comps[1].dy - diff --git a/CVE-2016-7445.patch b/CVE-2016-7445.patch deleted file mode 100644 index ef74c29..0000000 --- a/CVE-2016-7445.patch +++ /dev/null @@ -1,23 +0,0 @@ -diff -Nur openjpeg-2.3.1_old/src/bin/jpwl/convert.c openjpeg-2.3.1/src/bin/jpwl/convert.c ---- openjpeg-2.3.1_old/src/bin/jpwl/convert.c 2019-10-15 16:06:40.623000000 +0800 -+++ openjpeg-2.3.1/src/bin/jpwl/convert.c 2019-10-15 16:08:59.642000000 +0800 -@@ -1730,8 +1730,10 @@ - - if (!have_wh) { - s = skip_int(s, &ph->width); -+ if(s == NULL || *s == 0) return; - - s = skip_int(s, &ph->height); -+ if(s == NULL || *s == 0) return; - - have_wh = 1; - -@@ -1744,6 +1746,7 @@ - if (format == 2 || format == 3 || format == 5 || format == 6) { - /* P2, P3, P5, P6: */ - s = skip_int(s, &ph->maxval); -+ if(s == NULL || *s == 0) return; - - if (ph->maxval > 65535) { - return; - diff --git a/openjpeg2.spec b/openjpeg2.spec index d75ebcc..ae67997 100644 --- a/openjpeg2.spec +++ b/openjpeg2.spec @@ -1,6 +1,6 @@ Name: openjpeg2 Version: 2.3.1 -Release: 2 +Release: 3 Summary: C-Library for JPEG 2000 License: BSD and MIT URL: https://github.com/uclouvain/openjpeg @@ -9,9 +9,6 @@ Source0: https://github.com/uclouvain/openjpeg/archive/v%{version}/openjp Patch0: openjpeg2_remove-thirdparty.patch Patch1: openjpeg2_opj2.patch -Patch6000: CVE-2016-10505.patch -Patch6001: CVE-2016-7445.patch - BuildRequires: cmake gcc-c++ make zlib-devel libpng-devel libtiff-devel lcms2-devel doxygen Provides: %{name}-tools @@ -86,6 +83,9 @@ mv %{buildroot}%{_mandir}/man1/opj_dump.1 %{buildroot}%{_mandir}/man1/opj2_dump. %{_mandir}/man3/*.3* %changelog +* Thu Jan 9 2020 openEuler Buildteam - 2.3.1-3 +- remove unnecessary patches + * Thu Sep 19 2019 openEuler Buildteam - 2.3.1-2 - fix CVE-2016-10505 and CVE-2016-7445 -- Gitee