packages/openjpeg2
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

!87 update to 2.5.0

Browse Source 
From: @zhouwenpei 
Reviewed-by: @t_feng 
Signed-off-by: @t_feng
This commit is contained in:
openeuler-ci-bot 2022-11-08 02:16:41 +00:00 committed by Gitee
commit abab703955
No known key found for this signature in database
GPG Key ID: 173E9B9CA92EEF8F
5 changed files with 9 additions and 201 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

164
backport-CVE-2021-29338.patch
View File

@ -1,164 +0,0 @@
From 0b14feaf9c169f774a9adc66cd1a70e892170b92 Mon Sep 17 00:00:00 2001
From: root <root@localhost.localdomain>
Date: Fri, 24 Sep 2021 15:21:23 +0800
Subject: [PATCH] CVE-2021-29338
---
src/bin/jp2/opj_compress.c | 12 ++++++------
src/bin/jp2/opj_decompress.c | 13 ++++++-------
src/bin/jp2/opj_dump.c | 14 +++++++-------
3 files changed, 19 insertions(+), 20 deletions(-)
diff --git a/src/bin/jp2/opj_compress.c b/src/bin/jp2/opj_compress.c
index 148bf95..66b8da4 100644
--- a/src/bin/jp2/opj_compress.c
+++ b/src/bin/jp2/opj_compress.c
@@ -530,8 +530,8 @@ static char * get_file_name(char *name)
static char get_next_file(int imageno, dircnt_t *dirptr, img_fol_t *img_fol,
opj_cparameters_t *parameters)
{
- char image_filename[OPJ_PATH_LEN], infilename[OPJ_PATH_LEN],
- outfilename[OPJ_PATH_LEN], temp_ofname[OPJ_PATH_LEN];
+ char image_filename[OPJ_PATH_LEN], infilename[OPJ_PATH_LEN * 2],
+ outfilename[OPJ_PATH_LEN * 2], temp_ofname[OPJ_PATH_LEN];
char *temp_p, temp1[OPJ_PATH_LEN] = "";
strcpy(image_filename, dirptr->filename[imageno]);
@@ -540,7 +540,7 @@ static char get_next_file(int imageno, dircnt_t *dirptr, img_fol_t *img_fol,
if (parameters->decod_format == -1) {
return 1;
}
- sprintf(infilename, "%s/%s", img_fol->imgdirpath, image_filename);
+ snprintf(infilename, OPJ_PATH_LEN * 2, "%s/%s", img_fol->imgdirpath, image_filename);
if (opj_strcpy_s(parameters->infile, sizeof(parameters->infile),
infilename) != 0) {
return 1;
@@ -553,7 +553,7 @@ static char get_next_file(int imageno, dircnt_t *dirptr, img_fol_t *img_fol,
sprintf(temp1, ".%s", temp_p);
}
if (img_fol->set_out_format == 1) {
- sprintf(outfilename, "%s/%s.%s", img_fol->imgdirpath, temp_ofname,
+ snprintf(outfilename, OPJ_PATH_LEN * 2, "%s/%s.%s", img_fol->imgdirpath, temp_ofname,
img_fol->out_format);
if (opj_strcpy_s(parameters->outfile, sizeof(parameters->outfile),
outfilename) != 0) {
@@ -1775,9 +1775,9 @@ int main(int argc, char **argv)
num_images = get_num_images(img_fol.imgdirpath);
dirptr = (dircnt_t*)malloc(sizeof(dircnt_t));
if (dirptr) {
- dirptr->filename_buf = (char*)malloc(num_images * OPJ_PATH_LEN * sizeof(
+ dirptr->filename_buf = (char*)calloc(num_images, OPJ_PATH_LEN * sizeof(
char)); /* Stores at max 10 image file names*/
- dirptr->filename = (char**) malloc(num_images * sizeof(char*));
+ dirptr->filename = (char**) calloc(num_images, sizeof(char*));
if (!dirptr->filename_buf) {
ret = 0;
goto fin;
diff --git a/src/bin/jp2/opj_decompress.c b/src/bin/jp2/opj_decompress.c
index af1661e..cdc543a 100644
--- a/src/bin/jp2/opj_decompress.c
+++ b/src/bin/jp2/opj_decompress.c
@@ -455,13 +455,13 @@ const char* path_separator = "/";
char get_next_file(int imageno, dircnt_t *dirptr, img_fol_t *img_fol,
opj_decompress_parameters *parameters)
{
- char image_filename[OPJ_PATH_LEN], infilename[OPJ_PATH_LEN],
- outfilename[OPJ_PATH_LEN], temp_ofname[OPJ_PATH_LEN];
+ char image_filename[OPJ_PATH_LEN], infilename[OPJ_PATH_LEN * 2],
+ outfilename[OPJ_PATH_LEN * 2], temp_ofname[OPJ_PATH_LEN];
char *temp_p, temp1[OPJ_PATH_LEN] = "";
strcpy(image_filename, dirptr->filename[imageno]);
fprintf(stderr, "File Number %d \"%s\"\n", imageno, image_filename);
- sprintf(infilename, "%s%s%s", img_fol->imgdirpath, path_separator,
+ snprintf(infilename, OPJ_PATH_LEN * 2, "%s%s%s", img_fol->imgdirpath, path_separator,
image_filename);
parameters->decod_format = infile_format(infilename);
if (parameters->decod_format == -1) {
@@ -479,7 +479,7 @@ char get_next_file(int imageno, dircnt_t *dirptr, img_fol_t *img_fol,
sprintf(temp1, ".%s", temp_p);
}
if (img_fol->set_out_format == 1) {
- sprintf(outfilename, "%s/%s.%s", img_fol->imgdirpath, temp_ofname,
+ snprintf(outfilename, OPJ_PATH_LEN * 2, "%s/%s.%s", img_fol->imgdirpath, temp_ofname,
img_fol->out_format);
if (opj_strcpy_s(parameters->outfile, sizeof(parameters->outfile),
outfilename) != 0) {
@@ -1357,14 +1357,13 @@ int main(int argc, char **argv)
return EXIT_FAILURE;
}
/* Stores at max 10 image file names */
- dirptr->filename_buf = (char*)malloc(sizeof(char) *
- (size_t)num_images * OPJ_PATH_LEN);
+ dirptr->filename_buf = calloc((size_t) num_images, sizeof(char) * OPJ_PATH_LEN);
if (!dirptr->filename_buf) {
failed = 1;
goto fin;
}
- dirptr->filename = (char**) malloc((size_t)num_images * sizeof(char*));
+ dirptr->filename = (char**) calloc((size_t) num_images, sizeof(char*));
if (!dirptr->filename) {
failed = 1;
diff --git a/src/bin/jp2/opj_dump.c b/src/bin/jp2/opj_dump.c
index 6e15fee..d016fe5 100644
--- a/src/bin/jp2/opj_dump.c
+++ b/src/bin/jp2/opj_dump.c
@@ -201,8 +201,8 @@ static int get_file_format(const char *filename)
static char get_next_file(int imageno, dircnt_t *dirptr, img_fol_t *img_fol,
opj_dparameters_t *parameters)
{
- char image_filename[OPJ_PATH_LEN], infilename[OPJ_PATH_LEN],
- outfilename[OPJ_PATH_LEN], temp_ofname[OPJ_PATH_LEN];
+ char image_filename[OPJ_PATH_LEN], infilename[OPJ_PATH_LEN * 2],
+ outfilename[OPJ_PATH_LEN * 2], temp_ofname[OPJ_PATH_LEN];
char *temp_p, temp1[OPJ_PATH_LEN] = "";
strcpy(image_filename, dirptr->filename[imageno]);
@@ -211,7 +211,7 @@ static char get_next_file(int imageno, dircnt_t *dirptr, img_fol_t *img_fol,
if (parameters->decod_format == -1) {
return 1;
}
- sprintf(infilename, "%s/%s", img_fol->imgdirpath, image_filename);
+ snprintf(infilename, OPJ_PATH_LEN * 2, "%s/%s", img_fol->imgdirpath, image_filename);
if (opj_strcpy_s(parameters->infile, sizeof(parameters->infile),
infilename) != 0) {
return 1;
@@ -224,7 +224,7 @@ static char get_next_file(int imageno, dircnt_t *dirptr, img_fol_t *img_fol,
sprintf(temp1, ".%s", temp_p);
}
if (img_fol->set_out_format == 1) {
- sprintf(outfilename, "%s/%s.%s", img_fol->imgdirpath, temp_ofname,
+ snprintf(outfilename, OPJ_PATH_LEN * 2, "%s/%s.%s", img_fol->imgdirpath, temp_ofname,
img_fol->out_format);
if (opj_strcpy_s(parameters->outfile, sizeof(parameters->outfile),
outfilename) != 0) {
@@ -457,7 +457,7 @@ int main(int argc, char *argv[])
opj_codestream_info_v2_t* cstr_info = NULL;
opj_codestream_index_t* cstr_index = NULL;
- OPJ_INT32 num_images, imageno;
+ int num_images, imageno;
img_fol_t img_fol;
dircnt_t *dirptr = NULL;
@@ -486,13 +486,13 @@ int main(int argc, char *argv[])
if (!dirptr) {
return EXIT_FAILURE;
}
- dirptr->filename_buf = (char*)malloc((size_t)num_images * OPJ_PATH_LEN * sizeof(
+ dirptr->filename_buf = (char*) calloc((size_t) num_images, OPJ_PATH_LEN * sizeof(
char)); /* Stores at max 10 image file names*/
if (!dirptr->filename_buf) {
free(dirptr);
return EXIT_FAILURE;
}
- dirptr->filename = (char**) malloc((size_t)num_images * sizeof(char*));
+ dirptr->filename = (char**) calloc((size_t) num_images, sizeof(char*));
if (!dirptr->filename) {
goto fails;
--
2.27.0

29
backport-CVE-2022-1122.patch
View File

@ -1,29 +0,0 @@
From 0afbdcf3e6d0d2bd2e16a0c4d513ee3cf86e460d Mon Sep 17 00:00:00 2001
From: xiaoxiaoafeifei <lliangliang2007@163.com>
Date: Wed, 14 Jul 2021 09:35:13 +0800
Subject: [PATCH] Fix segfault in src/bin/jp2/opj_decompress.c due to
uninitialized pointer (fixes #1368) (#1369)
Conflict:NA
Reference:https://github.com/uclouvain/openjpeg/commit/0afbdcf3e6d0d2bd2e16a0c4d513ee3cf86e460d
---
src/bin/jp2/opj_decompress.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/src/bin/jp2/opj_decompress.c b/src/bin/jp2/opj_decompress.c
index 38e273d..6c517a8 100644
--- a/src/bin/jp2/opj_decompress.c
+++ b/src/bin/jp2/opj_decompress.c
@@ -1351,7 +1351,7 @@ int main(int argc, char **argv)
int it_image;
num_images = get_num_images(img_fol.imgdirpath);
- dirptr = (dircnt_t*)malloc(sizeof(dircnt_t));
+ dirptr = (dircnt_t*)calloc(1, sizeof(dircnt_t));
if (!dirptr) {
destroy_parameters(&parameters);
return EXIT_FAILURE;
--
2.27.0

BIN
openjpeg-2.4.0.tar.gz
View File

Binary file not shown.

BIN
openjpeg-2.5.0.tar.gz Normal file
View File

Binary file not shown.

17
openjpeg2.spec
View File

@ -1,18 +1,16 @@
Name: openjpeg2 Name: openjpeg2
Version: 2.4.0 Version: 2.5.0
Release: 6 Release: 1
Summary: C-Library for JPEG 2000 Summary: C-Library for JPEG 2000
License: BSD and MIT License: BSD and MIT
URL: https://github.com/uclouvain/openjpeg URL: https://github.com/uclouvain/openjpeg
Source0: https://github.com/uclouvain/openjpeg/archive/openjpeg-2.4.0.tar.gz Source0: https://github.com/uclouvain/openjpeg/archive/v%{version}/openjpeg-%{version}.tar.gz
Patch0: openjpeg2_opj2.patch Patch0: openjpeg2_opj2.patch
Patch1: heap-buffer-overflow.patch Patch1: heap-buffer-overflow.patch
Patch6000: backport-CVE-2021-29338.patch
Patch6001: backport-CVE-2022-1122.patch
BuildRequires: cmake gcc-c++ make zlib-devel libpng-devel libtiff-devel lcms2-devel doxygen java-devel xerces-j2 BuildRequires: cmake gcc-c++ make zlib-devel libpng-devel libtiff-devel lcms2-devel doxygen java-devel xerces-j2
BuildRequires: jbigkit-devel libjpeg-turbo-devel
%description %description
OpenJPEG is an open-source JPEG 2000 codec written in C language. It has been developed in order OpenJPEG is an open-source JPEG 2000 codec written in C language. It has been developed in order
@ -82,9 +80,9 @@ mv %{buildroot}%{_mandir}/man1/opj_dump.1 %{buildroot}%{_mandir}/man1/opj2_dump.
%files devel %files devel
%defattr(-,root,root) %defattr(-,root,root)
%{_includedir}/openjpeg-2.4/*.h %{_includedir}/openjpeg-2.5/*.h
%{_libdir}/*.so %{_libdir}/*.so
%{_libdir}/openjpeg-2.4/ %{_libdir}/openjpeg-2.5/
%{_libdir}/pkgconfig/libopenjp2.pc %{_libdir}/pkgconfig/libopenjp2.pc
%files help %files help
@ -100,6 +98,9 @@ mv %{buildroot}%{_mandir}/man1/opj_dump.1 %{buildroot}%{_mandir}/man1/opj2_dump.
%{_bindir}/opj2_dump %{_bindir}/opj2_dump
%changelog %changelog
* Sat Nov 05 2022 zhouwenpei <zhouwenpei1@h-partners.com> - 2.5.0-1
- update 2.5.0
* Mon May 16 2022 dongyuzhen <dongyuzhen@h-partners.com> - 2.4.0-6 * Mon May 16 2022 dongyuzhen <dongyuzhen@h-partners.com> - 2.4.0-6
- fix CVE-2022-1122 - fix CVE-2022-1122