diff --git a/18b1138fbe3bb0ae4aa2bf1369f9430a8ec6fa00.patch b/18b1138fbe3bb0ae4aa2bf1369f9430a8ec6fa00.patch new file mode 100644 index 0000000000000000000000000000000000000000..eaa93caf86115349fae10ffbd7db8353bd1fc114 --- /dev/null +++ b/18b1138fbe3bb0ae4aa2bf1369f9430a8ec6fa00.patch @@ -0,0 +1,24 @@ +diff --git a/src/lib/openjp2/j2k.c b/src/lib/openjp2/j2k.c +index d9d650e15..78d459259 100644 +--- a/src/lib/openjp2/j2k.c ++++ b/src/lib/openjp2/j2k.c +@@ -7945,11 +7945,18 @@ OPJ_BOOL opj_j2k_setup_encoder(opj_j2k_t *p_j2k, + if (tileno + 1 == parameters->POC[i].tile) { + opj_poc_t *tcp_poc = &tcp->pocs[numpocs_tile]; + ++ if (parameters->POC[numpocs_tile].compno0 >= image->numcomps) { ++ opj_event_msg(p_manager, EVT_ERROR, ++ "Invalid compno0 for POC %d\n", i); ++ return OPJ_FALSE; ++ } ++ + tcp_poc->resno0 = parameters->POC[numpocs_tile].resno0; + tcp_poc->compno0 = parameters->POC[numpocs_tile].compno0; + tcp_poc->layno1 = parameters->POC[numpocs_tile].layno1; + tcp_poc->resno1 = parameters->POC[numpocs_tile].resno1; +- tcp_poc->compno1 = parameters->POC[numpocs_tile].compno1; ++ tcp_poc->compno1 = opj_uint_min(parameters->POC[numpocs_tile].compno1, ++ image->numcomps); + tcp_poc->prg1 = parameters->POC[numpocs_tile].prg1; + tcp_poc->tile = parameters->POC[numpocs_tile].tile; + diff --git a/630b485f86a6b0bb6fa03b698b8c5358df88d055.patch b/630b485f86a6b0bb6fa03b698b8c5358df88d055.patch new file mode 100644 index 0000000000000000000000000000000000000000..d480983f14e8cec2e8f0c221b78ba12f91bc051a --- /dev/null +++ b/630b485f86a6b0bb6fa03b698b8c5358df88d055.patch @@ -0,0 +1,20 @@ +diff --git a/src/lib/openjp2/t2.c b/src/lib/openjp2/t2.c +index 71472b499..e452edd19 100644 +--- a/src/lib/openjp2/t2.c ++++ b/src/lib/openjp2/t2.c +@@ -739,6 +739,15 @@ static OPJ_BOOL opj_t2_encode_packet(OPJ_UINT32 tileno, + continue; + } + ++ /* Avoid out of bounds access of https://github.com/uclouvain/openjpeg/issues/1294 */ ++ /* but likely not a proper fix. */ ++ if (precno >= res->pw * res->ph) { ++ opj_event_msg(p_manager, EVT_ERROR, ++ "opj_t2_encode_packet(): accessing precno=%u >= %u\n", ++ precno, res->pw * res->ph); ++ return OPJ_FALSE; ++ } ++ + prc = &band->precincts[precno]; + opj_tgt_reset(prc->incltree); + opj_tgt_reset(prc->imsbtree); diff --git a/openjpeg2.spec b/openjpeg2.spec index e4f0659b73c65905a1966d52fcfe88112813f68a..65dd07a205cc53ddb27556be41ce5694ad701d95 100644 --- a/openjpeg2.spec +++ b/openjpeg2.spec @@ -1,6 +1,6 @@ Name: openjpeg2 Version: 2.3.1 -Release: 3 +Release: 4 Summary: C-Library for JPEG 2000 License: BSD and MIT URL: https://github.com/uclouvain/openjpeg @@ -12,6 +12,8 @@ Patch1: openjpeg2_opj2.patch Patch6000: CVE-2016-10505.patch Patch6001: CVE-2016-7445.patch Patch6002: CVE-2020-15389.patch +Patch6003: 630b485f86a6b0bb6fa03b698b8c5358df88d055.patch +Patch6004: 18b1138fbe3bb0ae4aa2bf1369f9430a8ec6fa00.patch BuildRequires: cmake gcc-c++ make zlib-devel libpng-devel libtiff-devel lcms2-devel doxygen @@ -87,6 +89,9 @@ mv %{buildroot}%{_mandir}/man1/opj_dump.1 %{buildroot}%{_mandir}/man1/opj2_dump. %{_mandir}/man3/*.3* %changelog +* 20201202175849765356 patch-tracking 2.3.1-4 +- append patch file of upstream repository from <630b485f86a6b0bb6fa03b698b8c5358df88d055> to <18b1138fbe3bb0ae4aa2bf1369f9430a8ec6fa00> + * Sat Jul 25 2020 zhangnaru -2.3.1-3 - fix CVE-2020-15389 @@ -94,4 +99,4 @@ mv %{buildroot}%{_mandir}/man1/opj_dump.1 %{buildroot}%{_mandir}/man1/opj2_dump. - fix CVE-2016-10505 and CVE-2016-7445 * Thu Sep 19 2019 openEuler Buildteam - 2.3.1-1 -- Package init +- Package init \ No newline at end of file