From b3928be5ba51b97095a79d9517b23d5426351bd1 Mon Sep 17 00:00:00 2001
From: Funda Wang <fundawang@yeah.net>
Date: Sat, 7 Sep 2024 12:47:23 +0800
Subject: [PATCH] fix CVE-2023-39327

---
 backport-CVE-2023-39327.patch | 59 +++++++++++++++++++++++++++++++++++
 openjpeg2.spec                | 14 ++++-----
 2 files changed, 65 insertions(+), 8 deletions(-)
 create mode 100644 backport-CVE-2023-39327.patch

diff --git a/backport-CVE-2023-39327.patch b/backport-CVE-2023-39327.patch
new file mode 100644
index 0000000..274dd35
--- /dev/null
+++ b/backport-CVE-2023-39327.patch
@@ -0,0 +1,59 @@
+diff -rupN openjpeg-2.5.2/src/lib/openjp2/t2.c openjpeg-2.5.2-new/src/lib/openjp2/t2.c
+--- openjpeg-2.5.2/src/lib/openjp2/t2.c	2024-02-28 14:32:43.000000000 +0100
++++ openjpeg-2.5.2-new/src/lib/openjp2/t2.c	2024-09-06 12:12:17.054693400 +0200
+@@ -1111,6 +1111,7 @@ static OPJ_BOOL opj_t2_read_packet_heade
+     /* SOP markers */
+ 
+     if (p_tcp->csty & J2K_CP_CSTY_SOP) {
++        /* SOP markers are allowed (i.e. optional), just warn */
+         if (p_max_length < 6) {
+             opj_event_msg(p_manager, EVT_WARNING,
+                           "Not enough space for expected SOP marker\n");
+@@ -1163,12 +1164,15 @@ static OPJ_BOOL opj_t2_read_packet_heade
+ 
+         /* EPH markers */
+         if (p_tcp->csty & J2K_CP_CSTY_EPH) {
++            /* EPH markers are required */
+             if ((*l_modified_length_ptr - (OPJ_UINT32)(l_header_data -
+                     *l_header_data_start)) < 2U) {
+-                opj_event_msg(p_manager, EVT_WARNING,
+-                              "Not enough space for expected EPH marker\n");
++                opj_event_msg(p_manager, EVT_ERROR,
++                              "Not enough space for required EPH marker\n");
++                return OPJ_FALSE;
+             } else if ((*l_header_data) != 0xff || (*(l_header_data + 1) != 0x92)) {
+-                opj_event_msg(p_manager, EVT_WARNING, "Expected EPH marker\n");
++                opj_event_msg(p_manager, EVT_ERROR, "Expected EPH marker\n");
++                return OPJ_FALSE;
+             } else {
+                 l_header_data += 2;
+             }
+@@ -1340,12 +1344,15 @@ static OPJ_BOOL opj_t2_read_packet_heade
+ 
+     /* EPH markers */
+     if (p_tcp->csty & J2K_CP_CSTY_EPH) {
++        /* EPH markers are required */
+         if ((*l_modified_length_ptr - (OPJ_UINT32)(l_header_data -
+                 *l_header_data_start)) < 2U) {
+-            opj_event_msg(p_manager, EVT_WARNING,
+-                          "Not enough space for expected EPH marker\n");
++            opj_event_msg(p_manager, EVT_ERROR,
++                          "Not enough space for required EPH marker\n");
++            return OPJ_FALSE;
+         } else if ((*l_header_data) != 0xff || (*(l_header_data + 1) != 0x92)) {
+-            opj_event_msg(p_manager, EVT_WARNING, "Expected EPH marker\n");
++            opj_event_msg(p_manager, EVT_ERROR, "Expected EPH marker\n");
++            return OPJ_FALSE;
+         } else {
+             l_header_data += 2;
+         }
+diff -rupN openjpeg-2.5.2/tests/nonregression/test_suite.ctest.in openjpeg-2.5.2-new/tests/nonregression/test_suite.ctest.in
+--- openjpeg-2.5.2/tests/nonregression/test_suite.ctest.in	2024-02-28 14:32:43.000000000 +0100
++++ openjpeg-2.5.2-new/tests/nonregression/test_suite.ctest.in	2024-09-06 12:12:37.690672475 +0200
+@@ -661,3 +661,6 @@ opj_decompress -i @INPUT_NR_PATH@/htj2k/
+ # huge tile size
+ opj_decompress -i @INPUT_NR_PATH@/huge-tile-size.jp2 -o @TEMP_PATH@/huge-tile-size.png
+ !opj_decompress -i @INPUT_NR_PATH@/issue1438.j2k -o @TEMP_PATH@/issue1438.png
++
++# missing EPH Marker
++!opj_decompress -i @INPUT_NR_PATH@/issue1472-bigloop.j2k -o @TEMP_PATH@/issue1472-bigloop.raw
diff --git a/openjpeg2.spec b/openjpeg2.spec
index 217dfe5..73bca41 100644
--- a/openjpeg2.spec
+++ b/openjpeg2.spec
@@ -2,15 +2,16 @@
 
 Name:           openjpeg2
 Version:        2.5.2
-Release:        3
+Release:        4
 Summary:        C-Library for JPEG 2000
-License:        BSD and MIT
+License:        BSD-2-Clause AND MIT
 URL:            https://github.com/uclouvain/openjpeg
 Source0:        https://github.com/uclouvain/openjpeg/archive/v%{version}/openjpeg-%{version}.tar.gz
 
 Patch0:         openjpeg2_opj2.patch
 Patch1:         backport-CVE-2023-39328.patch
 Patch2:         backport-avoid-use-of-uninitialized-l_current_tile_no-variable.patch
+Patch3:         backport-CVE-2023-39327.patch
 
 BuildRequires:  cmake gcc-c++ make zlib-devel libpng-devel libtiff-devel lcms2-devel doxygen java-devel
 BuildRequires:  jbigkit-devel libjpeg-turbo-devel
@@ -71,18 +72,13 @@ mv %{buildroot}%{_mandir}/man1/opj_compress.1 %{buildroot}%{_mandir}/man1/opj2_c
 mv %{buildroot}%{_mandir}/man1/opj_decompress.1 %{buildroot}%{_mandir}/man1/opj2_decompress.1
 mv %{buildroot}%{_mandir}/man1/opj_dump.1 %{buildroot}%{_mandir}/man1/opj2_dump.1
 
-%ldconfig_scriptlets
-
 %files
-%defattr(-,root,root)
-%{!?_licensedir:%global license %doc}
 %doc AUTHORS.md
 %license LICENSE
 %{_libdir}/libopenjp2.so.*
 %exclude %{_datadir}/doc/
 
 %files devel
-%defattr(-,root,root)
 %dir %{_includedir}/openjpeg-2.5/
 %{_includedir}/openjpeg-2.5/*.h
 %{_libdir}/*.so
@@ -90,7 +86,6 @@ mv %{buildroot}%{_mandir}/man1/opj_dump.1 %{buildroot}%{_mandir}/man1/opj2_dump.
 %{_libdir}/cmake/openjpeg-2.5/
 
 %files help
-%defattr(-,root,root)
 %doc %{BuildDir}/doc/html
 %doc NEWS.md README.md THANKS.md
 %{_mandir}/man1/*.1*
@@ -102,6 +97,9 @@ mv %{buildroot}%{_mandir}/man1/opj_dump.1 %{buildroot}%{_mandir}/man1/opj2_dump.
 %{_bindir}/opj2_dump
 
 %changelog
+* Sat Sep 07 2024 Funda Wang <fundawang@yeah.net> - 2.5.2-4
+- fix CVE-2023-39327
+
 * Fri Jul 12 2024 zhangxingrong-<zhangxingrong@uniontech.cn> - 2.5.2-3
 - avoid use of uninitialized l_current_tile_no variable
 
-- 
Gitee