diff --git a/backport-CVE-2021-29338.patch b/backport-CVE-2021-29338.patch deleted file mode 100644 index b9839d35e4003717f7ce527144f5aa920ab43156..0000000000000000000000000000000000000000 --- a/backport-CVE-2021-29338.patch +++ /dev/null @@ -1,164 +0,0 @@ -From 0b14feaf9c169f774a9adc66cd1a70e892170b92 Mon Sep 17 00:00:00 2001 -From: root -Date: Fri, 24 Sep 2021 15:21:23 +0800 -Subject: [PATCH] CVE-2021-29338 - ---- - src/bin/jp2/opj_compress.c | 12 ++++++------ - src/bin/jp2/opj_decompress.c | 13 ++++++------- - src/bin/jp2/opj_dump.c | 14 +++++++------- - 3 files changed, 19 insertions(+), 20 deletions(-) - -diff --git a/src/bin/jp2/opj_compress.c b/src/bin/jp2/opj_compress.c -index 148bf95..66b8da4 100644 ---- a/src/bin/jp2/opj_compress.c -+++ b/src/bin/jp2/opj_compress.c -@@ -530,8 +530,8 @@ static char * get_file_name(char *name) - static char get_next_file(int imageno, dircnt_t *dirptr, img_fol_t *img_fol, - opj_cparameters_t *parameters) - { -- char image_filename[OPJ_PATH_LEN], infilename[OPJ_PATH_LEN], -- outfilename[OPJ_PATH_LEN], temp_ofname[OPJ_PATH_LEN]; -+ char image_filename[OPJ_PATH_LEN], infilename[OPJ_PATH_LEN * 2], -+ outfilename[OPJ_PATH_LEN * 2], temp_ofname[OPJ_PATH_LEN]; - char *temp_p, temp1[OPJ_PATH_LEN] = ""; - - strcpy(image_filename, dirptr->filename[imageno]); -@@ -540,7 +540,7 @@ static char get_next_file(int imageno, dircnt_t *dirptr, img_fol_t *img_fol, - if (parameters->decod_format == -1) { - return 1; - } -- sprintf(infilename, "%s/%s", img_fol->imgdirpath, image_filename); -+ snprintf(infilename, OPJ_PATH_LEN * 2, "%s/%s", img_fol->imgdirpath, image_filename); - if (opj_strcpy_s(parameters->infile, sizeof(parameters->infile), - infilename) != 0) { - return 1; -@@ -553,7 +553,7 @@ static char get_next_file(int imageno, dircnt_t *dirptr, img_fol_t *img_fol, - sprintf(temp1, ".%s", temp_p); - } - if (img_fol->set_out_format == 1) { -- sprintf(outfilename, "%s/%s.%s", img_fol->imgdirpath, temp_ofname, -+ snprintf(outfilename, OPJ_PATH_LEN * 2, "%s/%s.%s", img_fol->imgdirpath, temp_ofname, - img_fol->out_format); - if (opj_strcpy_s(parameters->outfile, sizeof(parameters->outfile), - outfilename) != 0) { -@@ -1775,9 +1775,9 @@ int main(int argc, char **argv) - num_images = get_num_images(img_fol.imgdirpath); - dirptr = (dircnt_t*)malloc(sizeof(dircnt_t)); - if (dirptr) { -- dirptr->filename_buf = (char*)malloc(num_images * OPJ_PATH_LEN * sizeof( -+ dirptr->filename_buf = (char*)calloc(num_images, OPJ_PATH_LEN * sizeof( - char)); /* Stores at max 10 image file names*/ -- dirptr->filename = (char**) malloc(num_images * sizeof(char*)); -+ dirptr->filename = (char**) calloc(num_images, sizeof(char*)); - if (!dirptr->filename_buf) { - ret = 0; - goto fin; -diff --git a/src/bin/jp2/opj_decompress.c b/src/bin/jp2/opj_decompress.c -index af1661e..cdc543a 100644 ---- a/src/bin/jp2/opj_decompress.c -+++ b/src/bin/jp2/opj_decompress.c -@@ -455,13 +455,13 @@ const char* path_separator = "/"; - char get_next_file(int imageno, dircnt_t *dirptr, img_fol_t *img_fol, - opj_decompress_parameters *parameters) - { -- char image_filename[OPJ_PATH_LEN], infilename[OPJ_PATH_LEN], -- outfilename[OPJ_PATH_LEN], temp_ofname[OPJ_PATH_LEN]; -+ char image_filename[OPJ_PATH_LEN], infilename[OPJ_PATH_LEN * 2], -+ outfilename[OPJ_PATH_LEN * 2], temp_ofname[OPJ_PATH_LEN]; - char *temp_p, temp1[OPJ_PATH_LEN] = ""; - - strcpy(image_filename, dirptr->filename[imageno]); - fprintf(stderr, "File Number %d \"%s\"\n", imageno, image_filename); -- sprintf(infilename, "%s%s%s", img_fol->imgdirpath, path_separator, -+ snprintf(infilename, OPJ_PATH_LEN * 2, "%s%s%s", img_fol->imgdirpath, path_separator, - image_filename); - parameters->decod_format = infile_format(infilename); - if (parameters->decod_format == -1) { -@@ -479,7 +479,7 @@ char get_next_file(int imageno, dircnt_t *dirptr, img_fol_t *img_fol, - sprintf(temp1, ".%s", temp_p); - } - if (img_fol->set_out_format == 1) { -- sprintf(outfilename, "%s/%s.%s", img_fol->imgdirpath, temp_ofname, -+ snprintf(outfilename, OPJ_PATH_LEN * 2, "%s/%s.%s", img_fol->imgdirpath, temp_ofname, - img_fol->out_format); - if (opj_strcpy_s(parameters->outfile, sizeof(parameters->outfile), - outfilename) != 0) { -@@ -1357,14 +1357,13 @@ int main(int argc, char **argv) - return EXIT_FAILURE; - } - /* Stores at max 10 image file names */ -- dirptr->filename_buf = (char*)malloc(sizeof(char) * -- (size_t)num_images * OPJ_PATH_LEN); -+ dirptr->filename_buf = calloc((size_t) num_images, sizeof(char) * OPJ_PATH_LEN); - if (!dirptr->filename_buf) { - failed = 1; - goto fin; - } - -- dirptr->filename = (char**) malloc((size_t)num_images * sizeof(char*)); -+ dirptr->filename = (char**) calloc((size_t) num_images, sizeof(char*)); - - if (!dirptr->filename) { - failed = 1; -diff --git a/src/bin/jp2/opj_dump.c b/src/bin/jp2/opj_dump.c -index 6e15fee..d016fe5 100644 ---- a/src/bin/jp2/opj_dump.c -+++ b/src/bin/jp2/opj_dump.c -@@ -201,8 +201,8 @@ static int get_file_format(const char *filename) - static char get_next_file(int imageno, dircnt_t *dirptr, img_fol_t *img_fol, - opj_dparameters_t *parameters) - { -- char image_filename[OPJ_PATH_LEN], infilename[OPJ_PATH_LEN], -- outfilename[OPJ_PATH_LEN], temp_ofname[OPJ_PATH_LEN]; -+ char image_filename[OPJ_PATH_LEN], infilename[OPJ_PATH_LEN * 2], -+ outfilename[OPJ_PATH_LEN * 2], temp_ofname[OPJ_PATH_LEN]; - char *temp_p, temp1[OPJ_PATH_LEN] = ""; - - strcpy(image_filename, dirptr->filename[imageno]); -@@ -211,7 +211,7 @@ static char get_next_file(int imageno, dircnt_t *dirptr, img_fol_t *img_fol, - if (parameters->decod_format == -1) { - return 1; - } -- sprintf(infilename, "%s/%s", img_fol->imgdirpath, image_filename); -+ snprintf(infilename, OPJ_PATH_LEN * 2, "%s/%s", img_fol->imgdirpath, image_filename); - if (opj_strcpy_s(parameters->infile, sizeof(parameters->infile), - infilename) != 0) { - return 1; -@@ -224,7 +224,7 @@ static char get_next_file(int imageno, dircnt_t *dirptr, img_fol_t *img_fol, - sprintf(temp1, ".%s", temp_p); - } - if (img_fol->set_out_format == 1) { -- sprintf(outfilename, "%s/%s.%s", img_fol->imgdirpath, temp_ofname, -+ snprintf(outfilename, OPJ_PATH_LEN * 2, "%s/%s.%s", img_fol->imgdirpath, temp_ofname, - img_fol->out_format); - if (opj_strcpy_s(parameters->outfile, sizeof(parameters->outfile), - outfilename) != 0) { -@@ -457,7 +457,7 @@ int main(int argc, char *argv[]) - opj_codestream_info_v2_t* cstr_info = NULL; - opj_codestream_index_t* cstr_index = NULL; - -- OPJ_INT32 num_images, imageno; -+ int num_images, imageno; - img_fol_t img_fol; - dircnt_t *dirptr = NULL; - -@@ -486,13 +486,13 @@ int main(int argc, char *argv[]) - if (!dirptr) { - return EXIT_FAILURE; - } -- dirptr->filename_buf = (char*)malloc((size_t)num_images * OPJ_PATH_LEN * sizeof( -+ dirptr->filename_buf = (char*) calloc((size_t) num_images, OPJ_PATH_LEN * sizeof( - char)); /* Stores at max 10 image file names*/ - if (!dirptr->filename_buf) { - free(dirptr); - return EXIT_FAILURE; - } -- dirptr->filename = (char**) malloc((size_t)num_images * sizeof(char*)); -+ dirptr->filename = (char**) calloc((size_t) num_images, sizeof(char*)); - - if (!dirptr->filename) { - goto fails; --- -2.27.0 - diff --git a/backport-CVE-2022-1122.patch b/backport-CVE-2022-1122.patch deleted file mode 100644 index 1416e03f965d37b3691eb5d1b923455fb062c2e8..0000000000000000000000000000000000000000 --- a/backport-CVE-2022-1122.patch +++ /dev/null @@ -1,29 +0,0 @@ -From 0afbdcf3e6d0d2bd2e16a0c4d513ee3cf86e460d Mon Sep 17 00:00:00 2001 -From: xiaoxiaoafeifei -Date: Wed, 14 Jul 2021 09:35:13 +0800 -Subject: [PATCH] Fix segfault in src/bin/jp2/opj_decompress.c due to - uninitialized pointer (fixes #1368) (#1369) - -Conflict:NA -Reference:https://github.com/uclouvain/openjpeg/commit/0afbdcf3e6d0d2bd2e16a0c4d513ee3cf86e460d - ---- - src/bin/jp2/opj_decompress.c | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/src/bin/jp2/opj_decompress.c b/src/bin/jp2/opj_decompress.c -index 38e273d..6c517a8 100644 ---- a/src/bin/jp2/opj_decompress.c -+++ b/src/bin/jp2/opj_decompress.c -@@ -1351,7 +1351,7 @@ int main(int argc, char **argv) - int it_image; - num_images = get_num_images(img_fol.imgdirpath); - -- dirptr = (dircnt_t*)malloc(sizeof(dircnt_t)); -+ dirptr = (dircnt_t*)calloc(1, sizeof(dircnt_t)); - if (!dirptr) { - destroy_parameters(¶meters); - return EXIT_FAILURE; --- -2.27.0 - diff --git a/openjpeg-2.4.0.tar.gz b/openjpeg-2.4.0.tar.gz deleted file mode 100644 index 7e7f4e74c9ca08bca0c9d7d8381be402bd522b3b..0000000000000000000000000000000000000000 Binary files a/openjpeg-2.4.0.tar.gz and /dev/null differ diff --git a/openjpeg-2.5.0.tar.gz b/openjpeg-2.5.0.tar.gz new file mode 100644 index 0000000000000000000000000000000000000000..cd66d2f1dd8a1938b1888d0192ae943474c6c0ff Binary files /dev/null and b/openjpeg-2.5.0.tar.gz differ diff --git a/openjpeg2.spec b/openjpeg2.spec index b86398502bf5d055d0d99c2956337fc8f0cbde0f..76ca82a022ecf586a37b8782dda7f3096ef01e4a 100644 --- a/openjpeg2.spec +++ b/openjpeg2.spec @@ -1,18 +1,16 @@ Name: openjpeg2 -Version: 2.4.0 -Release: 6 +Version: 2.5.0 +Release: 1 Summary: C-Library for JPEG 2000 License: BSD and MIT URL: https://github.com/uclouvain/openjpeg -Source0: https://github.com/uclouvain/openjpeg/archive/openjpeg-2.4.0.tar.gz +Source0: https://github.com/uclouvain/openjpeg/archive/v%{version}/openjpeg-%{version}.tar.gz Patch0: openjpeg2_opj2.patch Patch1: heap-buffer-overflow.patch -Patch6000: backport-CVE-2021-29338.patch -Patch6001: backport-CVE-2022-1122.patch - BuildRequires: cmake gcc-c++ make zlib-devel libpng-devel libtiff-devel lcms2-devel doxygen java-devel xerces-j2 +BuildRequires: jbigkit-devel libjpeg-turbo-devel %description OpenJPEG is an open-source JPEG 2000 codec written in C language. It has been developed in order @@ -82,9 +80,9 @@ mv %{buildroot}%{_mandir}/man1/opj_dump.1 %{buildroot}%{_mandir}/man1/opj2_dump. %files devel %defattr(-,root,root) -%{_includedir}/openjpeg-2.4/*.h +%{_includedir}/openjpeg-2.5/*.h %{_libdir}/*.so -%{_libdir}/openjpeg-2.4/ +%{_libdir}/openjpeg-2.5/ %{_libdir}/pkgconfig/libopenjp2.pc %files help @@ -100,6 +98,9 @@ mv %{buildroot}%{_mandir}/man1/opj_dump.1 %{buildroot}%{_mandir}/man1/opj2_dump. %{_bindir}/opj2_dump %changelog +* Sat Nov 05 2022 zhouwenpei - 2.5.0-1 +- update 2.5.0 + * Mon May 16 2022 dongyuzhen - 2.4.0-6 - fix CVE-2022-1122