fix CVE-2020-15389

2020-07-25 12:36:58 +08:00 · 2020-07-25 12:36:58 +08:00 · a44db342a7
commit a44db342a7
parent 033447d134
2 changed files with 43 additions and 1 deletions
--- a/CVE-2020-15389.patch
+++ b/CVE-2020-15389.patch
@ -0,0 +1,38 @@
+From cf56972d371a0557f30d5de64b4b9d2e87c74a6a Mon Sep 17 00:00:00 2001
+From: zhangnaru <zhangnaru@huawei.com>
+Date: Sat, 25 Jul 2020 10:48:34 +0800
+Subject: [PATCH] CVE-2020-15389
+
+---
+ src/bin/jp2/opj_decompress.c | 8 ++++----
+ 1 file changed, 4 insertions(+), 4 deletions(-)
+
+diff --git a/src/bin/jp2/opj_decompress.c b/src/bin/jp2/opj_decompress.c
+index 4b9583b..af1661e 100644
+--- a/src/bin/jp2/opj_decompress.c
+++ b/src/bin/jp2/opj_decompress.c
+@@ -1316,10 +1316,6 @@ static opj_image_t* upsample_image_components(opj_image_t* original)
+ int main(int argc, char **argv)
+ {
+     opj_decompress_parameters parameters;           /* decompression parameters */
+-    opj_image_t* image = NULL;
+-    opj_stream_t *l_stream = NULL;              /* Stream */
+-    opj_codec_t* l_codec = NULL;                /* Handle to a decompressor */
+-    opj_codestream_index_t* cstr_index = NULL;
+ 
+     OPJ_INT32 num_images, imageno;
+     img_fol_t img_fol;
+@@ -1393,6 +1389,10 @@ int main(int argc, char **argv)
+ 
+     /*Decoding image one by one*/
+     for (imageno = 0; imageno < num_images ; imageno++)  {
+	opj_image_t* image = NULL;
+	opj_stream_t *l_stream = NULL;              /* stream */
+	opj_codec_t* l_codec = NULL;                /* Handle to a decompressor */
+	opj_codestream_index_t* cstr_index = NULL;
+ 
+         if (!parameters.quiet) {
+             fprintf(stderr, "\n");
+-- 
+2.23.0
+
--- a/openjpeg2.spec
+++ b/openjpeg2.spec
@ -1,6 +1,6 @@
 Name:           openjpeg2
 Version:        2.3.1
-Release:        2
+Release:        3
 Summary:        C-Library for JPEG 2000
 License:        BSD and MIT
 URL:            https://github.com/uclouvain/openjpeg
@ -11,6 +11,7 @@ Patch1:         openjpeg2_opj2.patch

 Patch6000:	CVE-2016-10505.patch
 Patch6001:	CVE-2016-7445.patch
+Patch6002:      CVE-2020-15389.patch

 BuildRequires:  cmake gcc-c++ make zlib-devel libpng-devel libtiff-devel lcms2-devel doxygen

@ -86,6 +87,9 @@ mv %{buildroot}%{_mandir}/man1/opj_dump.1 %{buildroot}%{_mandir}/man1/opj2_dump.
 %{_mandir}/man3/*.3*

 %changelog
+* Sat Jul 25 2020 zhangnaru <zhangnaru@huawei.com> -2.3.1-3
+- fix CVE-2020-15389 
+
 * Thu Sep 19 2019 openEuler Buildteam <buildteam@openeuler.org> - 2.3.1-2
 - fix CVE-2016-10505 and CVE-2016-7445