From 0a5b505caf3b79b05a0db3f88e8ce54cc8e87598 Mon Sep 17 00:00:00 2001 From: openeuler-ci-bot <80474298@qq.com> Date: Thu, 3 Dec 2020 06:58:58 +0800 Subject: [PATCH 1/4] [patch tracking] 20201203065849762723 - https://github.com/uclouvain/openjpeg/commit/fc6abdbeb7aa427685c28a9ebfd2e653c10999b3 --- ...bdbeb7aa427685c28a9ebfd2e653c10999b3.patch | 20 +++++++++++++++++++ 1 file changed, 20 insertions(+) create mode 100644 fc6abdbeb7aa427685c28a9ebfd2e653c10999b3.patch diff --git a/fc6abdbeb7aa427685c28a9ebfd2e653c10999b3.patch b/fc6abdbeb7aa427685c28a9ebfd2e653c10999b3.patch new file mode 100644 index 0000000..28fd284 --- /dev/null +++ b/fc6abdbeb7aa427685c28a9ebfd2e653c10999b3.patch @@ -0,0 +1,20 @@ +diff --git a/src/lib/openjp2/t2.c b/src/lib/openjp2/t2.c +index e452edd19..55f07c0ca 100644 +--- a/src/lib/openjp2/t2.c ++++ b/src/lib/openjp2/t2.c +@@ -815,6 +815,15 @@ static OPJ_BOOL opj_t2_encode_packet(OPJ_UINT32 tileno, + continue; + } + ++ /* Avoid out of bounds access of https://github.com/uclouvain/openjpeg/issues/1297 */ ++ /* but likely not a proper fix. */ ++ if (precno >= res->pw * res->ph) { ++ opj_event_msg(p_manager, EVT_ERROR, ++ "opj_t2_encode_packet(): accessing precno=%u >= %u\n", ++ precno, res->pw * res->ph); ++ return OPJ_FALSE; ++ } ++ + prc = &band->precincts[precno]; + l_nb_blocks = prc->cw * prc->ch; + cblk = prc->cblks.enc; -- Gitee From 01f8ae5aaf1c5310ee2606c7e10ad8a0c2b9ea5d Mon Sep 17 00:00:00 2001 From: openeuler-ci-bot <80474298@qq.com> Date: Thu, 3 Dec 2020 06:58:58 +0800 Subject: [PATCH 2/4] [patch tracking] 20201203065849762723 - https://github.com/uclouvain/openjpeg/commit/fb9eae5d637d06209a6cb9ca57960ac72179ee14 --- ...ae5d637d06209a6cb9ca57960ac72179ee14.patch | 229 ++++++++++++++++++ 1 file changed, 229 insertions(+) create mode 100644 fb9eae5d637d06209a6cb9ca57960ac72179ee14.patch diff --git a/fb9eae5d637d06209a6cb9ca57960ac72179ee14.patch b/fb9eae5d637d06209a6cb9ca57960ac72179ee14.patch new file mode 100644 index 0000000..42ba7bc --- /dev/null +++ b/fb9eae5d637d06209a6cb9ca57960ac72179ee14.patch @@ -0,0 +1,229 @@ +diff --git a/src/lib/openjp2/pi.c b/src/lib/openjp2/pi.c +index 3dcdd4e9d..d62b8d74a 100644 +--- a/src/lib/openjp2/pi.c ++++ b/src/lib/openjp2/pi.c +@@ -194,10 +194,12 @@ static void opj_get_all_encoding_parameters(const opj_image_t *p_image, + * @param p_image the image used to initialize the packet iterator (in fact only the number of components is relevant. + * @param p_cp the coding parameters. + * @param tileno the index of the tile from which creating the packet iterator. ++ * @param manager Event manager + */ + static opj_pi_iterator_t * opj_pi_create(const opj_image_t *p_image, + const opj_cp_t *p_cp, +- OPJ_UINT32 tileno); ++ OPJ_UINT32 tileno, ++ opj_event_mgr_t* manager); + /** + * FIXME DOC + */ +@@ -232,12 +234,6 @@ static OPJ_BOOL opj_pi_check_next_level(OPJ_INT32 pos, + ========================================================== + */ + +-static void opj_pi_emit_error(opj_pi_iterator_t * pi, const char* msg) +-{ +- (void)pi; +- (void)msg; +-} +- + static OPJ_BOOL opj_pi_next_lrcp(opj_pi_iterator_t * pi) + { + opj_pi_comp_t *comp = NULL; +@@ -274,7 +270,7 @@ static OPJ_BOOL opj_pi_next_lrcp(opj_pi_iterator_t * pi) + /* include should be resized when a POC arises, or */ + /* the POC should be rejected */ + if (index >= pi->include_size) { +- opj_pi_emit_error(pi, "Invalid access to pi->include"); ++ opj_event_msg(pi->manager, EVT_ERROR, "Invalid access to pi->include"); + return OPJ_FALSE; + } + if (!pi->include[index]) { +@@ -320,7 +316,7 @@ static OPJ_BOOL opj_pi_next_rlcp(opj_pi_iterator_t * pi) + index = pi->layno * pi->step_l + pi->resno * pi->step_r + pi->compno * + pi->step_c + pi->precno * pi->step_p; + if (index >= pi->include_size) { +- opj_pi_emit_error(pi, "Invalid access to pi->include"); ++ opj_event_msg(pi->manager, EVT_ERROR, "Invalid access to pi->include"); + return OPJ_FALSE; + } + if (!pi->include[index]) { +@@ -451,7 +447,7 @@ static OPJ_BOOL opj_pi_next_rpcl(opj_pi_iterator_t * pi) + index = pi->layno * pi->step_l + pi->resno * pi->step_r + pi->compno * + pi->step_c + pi->precno * pi->step_p; + if (index >= pi->include_size) { +- opj_pi_emit_error(pi, "Invalid access to pi->include"); ++ opj_event_msg(pi->manager, EVT_ERROR, "Invalid access to pi->include"); + return OPJ_FALSE; + } + if (!pi->include[index]) { +@@ -475,6 +471,13 @@ static OPJ_BOOL opj_pi_next_pcrl(opj_pi_iterator_t * pi) + opj_pi_resolution_t *res = NULL; + OPJ_UINT32 index = 0; + ++ if (pi->poc.compno0 >= pi->numcomps || ++ pi->poc.compno1 >= pi->numcomps + 1) { ++ opj_event_msg(pi->manager, EVT_ERROR, ++ "opj_pi_next_pcrl(): invalid compno0/compno1"); ++ return OPJ_FALSE; ++ } ++ + if (!pi->first) { + comp = &pi->comps[pi->compno]; + goto LABEL_SKIP; +@@ -582,7 +585,7 @@ static OPJ_BOOL opj_pi_next_pcrl(opj_pi_iterator_t * pi) + index = pi->layno * pi->step_l + pi->resno * pi->step_r + pi->compno * + pi->step_c + pi->precno * pi->step_p; + if (index >= pi->include_size) { +- opj_pi_emit_error(pi, "Invalid access to pi->include"); ++ opj_event_msg(pi->manager, EVT_ERROR, "Invalid access to pi->include"); + return OPJ_FALSE; + } + if (!pi->include[index]) { +@@ -606,6 +609,13 @@ static OPJ_BOOL opj_pi_next_cprl(opj_pi_iterator_t * pi) + opj_pi_resolution_t *res = NULL; + OPJ_UINT32 index = 0; + ++ if (pi->poc.compno0 >= pi->numcomps || ++ pi->poc.compno1 >= pi->numcomps + 1) { ++ opj_event_msg(pi->manager, EVT_ERROR, ++ "opj_pi_next_cprl(): invalid compno0/compno1"); ++ return OPJ_FALSE; ++ } ++ + if (!pi->first) { + comp = &pi->comps[pi->compno]; + goto LABEL_SKIP; +@@ -710,7 +720,7 @@ static OPJ_BOOL opj_pi_next_cprl(opj_pi_iterator_t * pi) + index = pi->layno * pi->step_l + pi->resno * pi->step_r + pi->compno * + pi->step_c + pi->precno * pi->step_p; + if (index >= pi->include_size) { +- opj_pi_emit_error(pi, "Invalid access to pi->include"); ++ opj_event_msg(pi->manager, EVT_ERROR, "Invalid access to pi->include"); + return OPJ_FALSE; + } + if (!pi->include[index]) { +@@ -987,7 +997,8 @@ static void opj_get_all_encoding_parameters(const opj_image_t *p_image, + + static opj_pi_iterator_t * opj_pi_create(const opj_image_t *image, + const opj_cp_t *cp, +- OPJ_UINT32 tileno) ++ OPJ_UINT32 tileno, ++ opj_event_mgr_t* manager) + { + /* loop*/ + OPJ_UINT32 pino, compno; +@@ -1021,6 +1032,8 @@ static opj_pi_iterator_t * opj_pi_create(const opj_image_t *image, + l_current_pi = l_pi; + for (pino = 0; pino < l_poc_bound ; ++pino) { + ++ l_current_pi->manager = manager; ++ + l_current_pi->comps = (opj_pi_comp_t*) opj_calloc(image->numcomps, + sizeof(opj_pi_comp_t)); + if (! l_current_pi->comps) { +@@ -1358,7 +1371,8 @@ static OPJ_BOOL opj_pi_check_next_level(OPJ_INT32 pos, + */ + opj_pi_iterator_t *opj_pi_create_decode(opj_image_t *p_image, + opj_cp_t *p_cp, +- OPJ_UINT32 p_tile_no) ++ OPJ_UINT32 p_tile_no, ++ opj_event_mgr_t* manager) + { + OPJ_UINT32 numcomps = p_image->numcomps; + +@@ -1413,7 +1427,7 @@ opj_pi_iterator_t *opj_pi_create_decode(opj_image_t *p_image, + } + + /* memory allocation for pi */ +- l_pi = opj_pi_create(p_image, p_cp, p_tile_no); ++ l_pi = opj_pi_create(p_image, p_cp, p_tile_no, manager); + if (!l_pi) { + opj_free(l_tmp_data); + opj_free(l_tmp_ptr); +@@ -1580,7 +1594,8 @@ OPJ_UINT32 opj_get_encoding_packet_count(const opj_image_t *p_image, + opj_pi_iterator_t *opj_pi_initialise_encode(const opj_image_t *p_image, + opj_cp_t *p_cp, + OPJ_UINT32 p_tile_no, +- J2K_T2_MODE p_t2_mode) ++ J2K_T2_MODE p_t2_mode, ++ opj_event_mgr_t* manager) + { + OPJ_UINT32 numcomps = p_image->numcomps; + +@@ -1634,7 +1649,7 @@ opj_pi_iterator_t *opj_pi_initialise_encode(const opj_image_t *p_image, + } + + /* memory allocation for pi*/ +- l_pi = opj_pi_create(p_image, p_cp, p_tile_no); ++ l_pi = opj_pi_create(p_image, p_cp, p_tile_no, manager); + if (!l_pi) { + opj_free(l_tmp_data); + opj_free(l_tmp_ptr); +diff --git a/src/lib/openjp2/pi.h b/src/lib/openjp2/pi.h +index 7fb3417fe..0320523b7 100644 +--- a/src/lib/openjp2/pi.h ++++ b/src/lib/openjp2/pi.h +@@ -107,6 +107,8 @@ typedef struct opj_pi_iterator { + OPJ_UINT32 x, y; + /** FIXME DOC*/ + OPJ_UINT32 dx, dy; ++ /** event manager */ ++ opj_event_mgr_t* manager; + } opj_pi_iterator_t; + + /** @name Exported functions */ +@@ -119,13 +121,15 @@ typedef struct opj_pi_iterator { + * @param cp the coding parameters. + * @param tileno index of the tile being encoded. + * @param t2_mode the type of pass for generating the packet iterator ++ * @param manager Event manager + * + * @return a list of packet iterator that points to the first packet of the tile (not true). + */ + opj_pi_iterator_t *opj_pi_initialise_encode(const opj_image_t *image, + opj_cp_t *cp, + OPJ_UINT32 tileno, +- J2K_T2_MODE t2_mode); ++ J2K_T2_MODE t2_mode, ++ opj_event_mgr_t* manager); + + /** + * Updates the encoding parameters of the codec. +@@ -161,12 +165,14 @@ Create a packet iterator for Decoder + @param image Raw image for which the packets will be listed + @param cp Coding parameters + @param tileno Number that identifies the tile for which to list the packets ++@param manager Event manager + @return Returns a packet iterator that points to the first packet of the tile + @see opj_pi_destroy + */ + opj_pi_iterator_t *opj_pi_create_decode(opj_image_t * image, + opj_cp_t * cp, +- OPJ_UINT32 tileno); ++ OPJ_UINT32 tileno, ++ opj_event_mgr_t* manager); + /** + * Destroys a packet iterator array. + * +diff --git a/src/lib/openjp2/t2.c b/src/lib/openjp2/t2.c +index 55f07c0ca..1481e16f4 100644 +--- a/src/lib/openjp2/t2.c ++++ b/src/lib/openjp2/t2.c +@@ -245,7 +245,7 @@ OPJ_BOOL opj_t2_encode_packets(opj_t2_t* p_t2, + l_image->numcomps : 1; + OPJ_UINT32 l_nb_pocs = l_tcp->numpocs + 1; + +- l_pi = opj_pi_initialise_encode(l_image, l_cp, p_tile_no, p_t2_mode); ++ l_pi = opj_pi_initialise_encode(l_image, l_cp, p_tile_no, p_t2_mode, p_manager); + if (!l_pi) { + return OPJ_FALSE; + } +@@ -425,7 +425,7 @@ OPJ_BOOL opj_t2_decode_packets(opj_tcd_t* tcd, + #endif + + /* create a packet iterator */ +- l_pi = opj_pi_create_decode(l_image, l_cp, p_tile_no); ++ l_pi = opj_pi_create_decode(l_image, l_cp, p_tile_no, p_manager); + if (!l_pi) { + return OPJ_FALSE; + } -- Gitee From 784d1df7a36a635fd9dd3efaa8df4c2e2937fe11 Mon Sep 17 00:00:00 2001 From: openeuler-ci-bot <80474298@qq.com> Date: Thu, 3 Dec 2020 06:58:58 +0800 Subject: [PATCH 3/4] [patch tracking] 20201203065849762723 - https://github.com/uclouvain/openjpeg/commit/aaff099b49365cfecfc475ada48b9244c6eefc9c --- ...099b49365cfecfc475ada48b9244c6eefc9c.patch | 20 +++++++++++++++++++ 1 file changed, 20 insertions(+) create mode 100644 aaff099b49365cfecfc475ada48b9244c6eefc9c.patch diff --git a/aaff099b49365cfecfc475ada48b9244c6eefc9c.patch b/aaff099b49365cfecfc475ada48b9244c6eefc9c.patch new file mode 100644 index 0000000..7ec97ba --- /dev/null +++ b/aaff099b49365cfecfc475ada48b9244c6eefc9c.patch @@ -0,0 +1,20 @@ +diff --git a/src/lib/openjp2/j2k.c b/src/lib/openjp2/j2k.c +index 78d459259..8e343ab2e 100644 +--- a/src/lib/openjp2/j2k.c ++++ b/src/lib/openjp2/j2k.c +@@ -4806,8 +4806,13 @@ static OPJ_BOOL opj_j2k_write_sod(opj_j2k_t *p_j2k, + } + } + +- assert(l_remaining_data > +- p_j2k->m_specific_param.m_encoder.m_reserved_bytes_for_PLT); ++ if (l_remaining_data < ++ p_j2k->m_specific_param.m_encoder.m_reserved_bytes_for_PLT) { ++ opj_event_msg(p_manager, EVT_ERROR, ++ "Not enough bytes in output buffer to write SOD marker\n"); ++ opj_tcd_marker_info_destroy(marker_info); ++ return OPJ_FALSE; ++ } + l_remaining_data -= p_j2k->m_specific_param.m_encoder.m_reserved_bytes_for_PLT; + + if (! opj_tcd_encode_tile(p_tile_coder, p_j2k->m_current_tile_number, -- Gitee From 0bc1b372d770ccd50d39633ac8aaf1f908024cb4 Mon Sep 17 00:00:00 2001 From: openeuler-ci-bot <80474298@qq.com> Date: Thu, 3 Dec 2020 06:58:59 +0800 Subject: [PATCH 4/4] [patch tracking] 20201203065849762723 - update spec file --- openjpeg2.spec | 10 ++++++++-- 1 file changed, 8 insertions(+), 2 deletions(-) diff --git a/openjpeg2.spec b/openjpeg2.spec index e4f0659..b38fb37 100644 --- a/openjpeg2.spec +++ b/openjpeg2.spec @@ -1,6 +1,6 @@ Name: openjpeg2 Version: 2.3.1 -Release: 3 +Release: 4 Summary: C-Library for JPEG 2000 License: BSD and MIT URL: https://github.com/uclouvain/openjpeg @@ -12,6 +12,9 @@ Patch1: openjpeg2_opj2.patch Patch6000: CVE-2016-10505.patch Patch6001: CVE-2016-7445.patch Patch6002: CVE-2020-15389.patch +Patch6003: fc6abdbeb7aa427685c28a9ebfd2e653c10999b3.patch +Patch6004: fb9eae5d637d06209a6cb9ca57960ac72179ee14.patch +Patch6005: aaff099b49365cfecfc475ada48b9244c6eefc9c.patch BuildRequires: cmake gcc-c++ make zlib-devel libpng-devel libtiff-devel lcms2-devel doxygen @@ -87,6 +90,9 @@ mv %{buildroot}%{_mandir}/man1/opj_dump.1 %{buildroot}%{_mandir}/man1/opj2_dump. %{_mandir}/man3/*.3* %changelog +* 20201203065849762723 patch-tracking 2.3.1-4 +- append patch file of upstream repository from to + * Sat Jul 25 2020 zhangnaru -2.3.1-3 - fix CVE-2020-15389 @@ -94,4 +100,4 @@ mv %{buildroot}%{_mandir}/man1/opj_dump.1 %{buildroot}%{_mandir}/man1/opj2_dump. - fix CVE-2016-10505 and CVE-2016-7445 * Thu Sep 19 2019 openEuler Buildteam - 2.3.1-1 -- Package init +- Package init \ No newline at end of file -- Gitee