diff --git a/backport-CVE-2023-39327.patch b/backport-CVE-2023-39327.patch new file mode 100644 index 0000000000000000000000000000000000000000..f5876bbdc610237280d3eba5ea1729fcbf5ced92 --- /dev/null +++ b/backport-CVE-2023-39327.patch @@ -0,0 +1,59 @@ +diff -rupN openjpeg-2.3.1/src/lib/openjp2/t2.c openjpeg-2.5.2-new/src/lib/openjp2/t2.c +--- openjpeg-2.3.1/src/lib/openjp2/t2.c 2024-02-28 14:32:43.000000000 +0100 ++++ openjpeg-2.3.1-new/src/lib/openjp2/t2.c 2024-09-06 12:12:17.054693400 +0200 +@@ -1111,6 +1111,7 @@ static OPJ_BOOL opj_t2_read_packet_heade + /* SOP markers */ + + if (p_tcp->csty & J2K_CP_CSTY_SOP) { ++ /* SOP markers are allowed (i.e. optional), just warn */ + if (p_max_length < 6) { + opj_event_msg(p_manager, EVT_WARNING, + "Not enough space for expected SOP marker\n"); +@@ -1163,12 +1164,15 @@ static OPJ_BOOL opj_t2_read_packet_heade + + /* EPH markers */ + if (p_tcp->csty & J2K_CP_CSTY_EPH) { ++ /* EPH markers are required */ + if ((*l_modified_length_ptr - (OPJ_UINT32)(l_header_data - + *l_header_data_start)) < 2U) { +- opj_event_msg(p_manager, EVT_WARNING, +- "Not enough space for expected EPH marker\n"); ++ opj_event_msg(p_manager, EVT_ERROR, ++ "Not enough space for required EPH marker\n"); ++ return OPJ_FALSE; + } else if ((*l_header_data) != 0xff || (*(l_header_data + 1) != 0x92)) { +- opj_event_msg(p_manager, EVT_WARNING, "Expected EPH marker\n"); ++ opj_event_msg(p_manager, EVT_ERROR, "Expected EPH marker\n"); ++ return OPJ_FALSE; + } else { + l_header_data += 2; + } +@@ -1340,12 +1344,15 @@ static OPJ_BOOL opj_t2_read_packet_heade + + /* EPH markers */ + if (p_tcp->csty & J2K_CP_CSTY_EPH) { ++ /* EPH markers are required */ + if ((*l_modified_length_ptr - (OPJ_UINT32)(l_header_data - + *l_header_data_start)) < 2U) { +- opj_event_msg(p_manager, EVT_WARNING, +- "Not enough space for expected EPH marker\n"); ++ opj_event_msg(p_manager, EVT_ERROR, ++ "Not enough space for required EPH marker\n"); ++ return OPJ_FALSE; + } else if ((*l_header_data) != 0xff || (*(l_header_data + 1) != 0x92)) { +- opj_event_msg(p_manager, EVT_WARNING, "Expected EPH marker\n"); ++ opj_event_msg(p_manager, EVT_ERROR, "Expected EPH marker\n"); ++ return OPJ_FALSE; + } else { + l_header_data += 2; + } +diff -rupN openjpeg-2.3.1/tests/nonregression/test_suite.ctest.in openjpeg-2.5.2-new/tests/nonregression/test_suite.ctest.in +--- openjpeg-2.3.1/tests/nonregression/test_suite.ctest.in 2024-02-28 14:32:43.000000000 +0100 ++++ openjpeg-2.3.1-new/tests/nonregression/test_suite.ctest.in 2024-09-06 12:12:37.690672475 +0200 +@@ -630,3 +630,6 @@ + + # try to decompress file with repeated PPT marker + !opj_decompress -i @INPUT_NR_PATH@/oss-fuzz2785.jp2 -o @TEMP_PATH@/oss-fuzz2785.png ++ ++# missing EPH Marker ++!opj_decompress -i @INPUT_NR_PATH@/issue1472-bigloop.j2k -o @TEMP_PATH@/issue1472-bigloop.raw diff --git a/openjpeg2.spec b/openjpeg2.spec index 8cca648117a344abf6008df3406b1af9be6b3105..20892ad9254be0f5abc072866a077e5a45ffea1f 100644 --- a/openjpeg2.spec +++ b/openjpeg2.spec @@ -1,6 +1,6 @@ Name: openjpeg2 Version: 2.3.1 -Release: 12 +Release: 13 Summary: C-Library for JPEG 2000 License: BSD and MIT URL: https://github.com/uclouvain/openjpeg @@ -27,6 +27,7 @@ Patch6015: backport-0002-CVE-2019-12973.patch Patch6016: backport-CVE-2021-3575.patch Patch6017: backport-CVE-2022-1122.patch Patch6018: backport-CVE-2023-39328.patch +Patch6019: backport-CVE-2023-39327.patch BuildRequires: cmake gcc-c++ make zlib-devel libpng-devel libtiff-devel lcms2-devel doxygen @@ -103,6 +104,9 @@ mv %{buildroot}%{_mandir}/man1/opj_dump.1 %{buildroot}%{_mandir}/man1/opj2_dump. %{_mandir}/man3/*.3* %changelog +* Sat Sep 07 2024 Funda Wang - 2.3.1-13 +- fix CVE-2023-39327 + * Thu Jul 11 2024 xinghe - 2.3.1-12 - Type:cves - ID:CVE-2023-39328