packages/openjpeg2
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Compare commits

base: packages:dd66ecb1cc496b8fdb35b4be0eb9a05bbff34400
Branches Tags
packages:main
..
compare: packages:32991ac581eb15ca756fe746155781396d6d7c0f
Branches Tags
packages:main

No commits in common. "dd66ecb1cc496b8fdb35b4be0eb9a05bbff34400" and "32991ac581eb15ca756fe746155781396d6d7c0f" have entirely different histories.
dd66ecb1cc ... 32991ac581

6 changed files with 29 additions and 258 deletions
Show Stats Expand all files Collapse all files

43
backport-CVE-2021-3575.patch
View File

@ -1,43 +0,0 @@
From 7bd884f8750892de4f50bf4642fcfbe7011c6bdf Mon Sep 17 00:00:00 2001
From: Even Rouault <even.rouault@spatialys.com>
Date: Sun, 18 Feb 2024 17:02:25 +0100
Subject: [PATCH] opj_decompress: fix off-by-one read heap-buffer-overflow in
sycc420_to_rgb() when x0 and y0 are odd (CVE-2021-3575, fixes #1347)
Reference:https://github.com/uclouvain/openjpeg/commit/7bd884f8750892de4f50bf4642fcfbe7011c6bdf
Conflict:NA
---
src/bin/common/color.c | 12 ++++++++++--
1 file changed, 10 insertions(+), 2 deletions(-)
diff --git a/src/bin/common/color.c b/src/bin/common/color.c
index 27f15f137..ae5d648da 100644
--- a/src/bin/common/color.c
+++ b/src/bin/common/color.c
@@ -358,7 +358,15 @@ static void sycc420_to_rgb(opj_image_t *img)
if (i < loopmaxh) {
size_t j;
- for (j = 0U; j < (maxw & ~(size_t)1U); j += 2U) {
+ if (offx > 0U) {
+ sycc_to_rgb(offset, upb, *y, 0, 0, r, g, b);
+ ++y;
+ ++r;
+ ++g;
+ ++b;
+ }
+
+ for (j = 0U; j < (loopmaxw & ~(size_t)1U); j += 2U) {
sycc_to_rgb(offset, upb, *y, *cb, *cr, r, g, b);
++y;
@@ -375,7 +383,7 @@ static void sycc420_to_rgb(opj_image_t *img)
++cb;
++cr;
}
- if (j < maxw) {
+ if (j < loopmaxw) {
sycc_to_rgb(offset, upb, *y, *cb, *cr, r, g, b);
}
}

32
backport-CVE-2023-39328.patch
View File

@ -1,32 +0,0 @@
From b287b27a87ecfbbd3b1206b17269d19e76a1b467 Mon Sep 17 00:00:00 2001
From: pic4xiu <40382944+pic4xiu@users.noreply.github.com>
Date: Thu, 29 Jun 2023 19:50:47 +0800
Subject: [PATCH] Update opj_malloc.c
Conflict: NA
Reference: https://github.com/uclouvain/openjpeg/commit/b287b27a87ecfbbd3b1206b17269d19e76a1b467
---
src/lib/openjp2/opj_malloc.c | 10 ++++++++++
1 file changed, 10 insertions(+)
diff --git a/src/lib/openjp2/opj_malloc.c b/src/lib/openjp2/opj_malloc.c
index dca91bfcb..6242614f9 100644
--- a/src/lib/openjp2/opj_malloc.c
+++ b/src/lib/openjp2/opj_malloc.c
@@ -197,6 +197,16 @@ void * opj_malloc(size_t size)
}
void * opj_calloc(size_t num, size_t size)
{
+ static unsigned long long allocated_size = 0;
+ static unsigned long long max_allocated_size = 4ULL * 1024 * 1024 * 1024;
+ /*Restrict this function can only malloc 4GB of memory*/
+
+ unsigned long long total_size = (unsigned long long)(num * size);
+ allocated_size += total_size;
+ if (allocated_size > max_allocated_size) {
+ /*Prevent excessive resource allocation*/
+ return NULL;
+ }
if (num == 0 || size == 0) {
/* prevent implementation defined behavior of realloc */
return NULL;

122
backport-CVE-2024-56826.patch
View File

@ -1,122 +0,0 @@
From 98592ee6d6904f1b48e8207238779b89a63befa2 Mon Sep 17 00:00:00 2001
From: Even Rouault <even.rouault@spatialys.com>
Date: Mon, 25 Nov 2024 23:11:24 +0100
Subject: [PATCH] sycc422_to_rgb(): fix out-of-bounds read accesses when 2 *
width_component_1_or_2 + 1 == with_component_0
Fixes #1563
Also adjusts sycc420_to_rgb() for potential similar issue (amending
commit 7bd884f8750892de4f50bf4642fcfbe7011c6bdf)
---
src/bin/common/color.c | 42 ++++++++++++++++++++++++++++++++----------
1 file changed, 32 insertions(+), 10 deletions(-)
diff --git a/src/bin/common/color.c b/src/bin/common/color.c
index ae5d648da..e4924a152 100644
--- a/src/bin/common/color.c
+++ b/src/bin/common/color.c
@@ -158,7 +158,7 @@ static void sycc422_to_rgb(opj_image_t *img)
{
int *d0, *d1, *d2, *r, *g, *b;
const int *y, *cb, *cr;
- size_t maxw, maxh, max, offx, loopmaxw;
+ size_t maxw, maxh, max, offx, loopmaxw, comp12w;
int offset, upb;
size_t i;
@@ -167,6 +167,7 @@ static void sycc422_to_rgb(opj_image_t *img)
upb = (1 << upb) - 1;
maxw = (size_t)img->comps[0].w;
+ comp12w = (size_t)img->comps[1].w;
maxh = (size_t)img->comps[0].h;
max = maxw * maxh;
@@ -212,13 +213,19 @@ static void sycc422_to_rgb(opj_image_t *img)
++cr;
}
if (j < loopmaxw) {
- sycc_to_rgb(offset, upb, *y, *cb, *cr, r, g, b);
+ if (j / 2 == comp12w) {
+ sycc_to_rgb(offset, upb, *y, 0, 0, r, g, b);
+ } else {
+ sycc_to_rgb(offset, upb, *y, *cb, *cr, r, g, b);
+ }
++y;
++r;
++g;
++b;
- ++cb;
- ++cr;
+ if (j / 2 < comp12w) {
+ ++cb;
+ ++cr;
+ }
}
}
@@ -246,7 +253,7 @@ static void sycc420_to_rgb(opj_image_t *img)
{
int *d0, *d1, *d2, *r, *g, *b, *nr, *ng, *nb;
const int *y, *cb, *cr, *ny;
- size_t maxw, maxh, max, offx, loopmaxw, offy, loopmaxh;
+ size_t maxw, maxh, max, offx, loopmaxw, offy, loopmaxh, comp12w;
int offset, upb;
size_t i;
@@ -255,6 +262,7 @@ static void sycc420_to_rgb(opj_image_t *img)
upb = (1 << upb) - 1;
maxw = (size_t)img->comps[0].w;
+ comp12w = (size_t)img->comps[1].w;
maxh = (size_t)img->comps[0].h;
max = maxw * maxh;
@@ -336,19 +344,29 @@ static void sycc420_to_rgb(opj_image_t *img)
++cr;
}
if (j < loopmaxw) {
- sycc_to_rgb(offset, upb, *y, *cb, *cr, r, g, b);
+ if (j / 2 == comp12w) {
+ sycc_to_rgb(offset, upb, *y, 0, 0, r, g, b);
+ } else {
+ sycc_to_rgb(offset, upb, *y, *cb, *cr, r, g, b);
+ }
++y;
++r;
++g;
++b;
- sycc_to_rgb(offset, upb, *ny, *cb, *cr, nr, ng, nb);
+ if (j / 2 == comp12w) {
+ sycc_to_rgb(offset, upb, *ny, 0, 0, nr, ng, nb);
+ } else {
+ sycc_to_rgb(offset, upb, *ny, *cb, *cr, nr, ng, nb);
+ }
++ny;
++nr;
++ng;
++nb;
- ++cb;
- ++cr;
+ if (j / 2 < comp12w) {
+ ++cb;
+ ++cr;
+ }
}
y += maxw;
r += maxw;
@@ -384,7 +402,11 @@ static void sycc420_to_rgb(opj_image_t *img)
++cr;
}
if (j < loopmaxw) {
- sycc_to_rgb(offset, upb, *y, *cb, *cr, r, g, b);
+ if (j / 2 == comp12w) {
+ sycc_to_rgb(offset, upb, *y, 0, 0, r, g, b);
+ } else {
+ sycc_to_rgb(offset, upb, *y, *cb, *cr, r, g, b);
+ }
}
}

28
backport-CVE-2024-56827.patch
View File

@ -1,28 +0,0 @@
From e492644fbded4c820ca55b5e50e598d346e850e8 Mon Sep 17 00:00:00 2001
From: Even Rouault <even.rouault@spatialys.com>
Date: Mon, 25 Nov 2024 22:02:54 +0100
Subject: [PATCH] opj_j2k_add_tlmarker(): validate that current tile-part
number if smaller that total number of tile-parts
Fixes #1564
---
src/lib/openjp2/j2k.c | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/src/lib/openjp2/j2k.c b/src/lib/openjp2/j2k.c
index bcce316..dce786e 100644
--- a/src/lib/openjp2/j2k.c
+++ b/src/lib/openjp2/j2k.c
@@ -8362,7 +8362,8 @@ static OPJ_BOOL opj_j2k_add_tlmarker(OPJ_UINT32 tileno,
if (type == J2K_MS_SOT) {
OPJ_UINT32 l_current_tile_part = cstr_index->tile_index[tileno].current_tpsno;
- if (cstr_index->tile_index[tileno].tp_index) {
+ if (cstr_index->tile_index[tileno].tp_index &&
+ l_current_tile_part < cstr_index->tile_index[tileno].nb_tps) {
cstr_index->tile_index[tileno].tp_index[l_current_tile_part].start_pos = pos;
}
--
2.46.0

22
heap-buffer-overflow.patch Normal file
View File

@ -0,0 +1,22 @@
diff -rupN --no-dereference openjpeg-2.4.0/src/bin/common/color.c openjpeg-2.4.0-new/src/bin/common/color.c
--- openjpeg-2.4.0/src/bin/common/color.c 2020-12-28 21:59:39.000000000 +0100
+++ openjpeg-2.4.0-new/src/bin/common/color.c 2021-05-27 23:46:46.961130438 +0200
@@ -368,12 +368,15 @@ static void sycc420_to_rgb(opj_image_t *
sycc_to_rgb(offset, upb, *y, *cb, *cr, r, g, b);
- ++y;
+ if (*y != img->comps[0].data[loopmaxh])
+ ++y;
++r;
++g;
++b;
- ++cb;
- ++cr;
+ if (*cb != img->comps[1].data[loopmaxh])
+ ++cb;
+ if (*cr != img->comps[2].data[loopmaxh])
+ ++cr;
}
if (j < maxw) {
sycc_to_rgb(offset, upb, *y, *cb, *cr, r, g, b);

40
openjpeg2.spec
View File

@ -1,18 +1,13 @@
%global BuildDir %{_vendor}-%{_target_os}%{?_gnu}
Name: openjpeg2 Name: openjpeg2
Version: 2.5.0 Version: 2.5.0
Release: 7 Release: 2
Summary: C-Library for JPEG 2000 Summary: C-Library for JPEG 2000
License: BSD and MIT License: BSD and MIT
URL: https://github.com/uclouvain/openjpeg URL: https://github.com/uclouvain/openjpeg
Source0: https://github.com/uclouvain/openjpeg/archive/v%{version}/openjpeg-%{version}.tar.gz Source0: https://github.com/uclouvain/openjpeg/archive/v%{version}/openjpeg-%{version}.tar.gz
Patch0: openjpeg2_opj2.patch Patch0: openjpeg2_opj2.patch
Patch1: backport-CVE-2023-39328.patch Patch1: heap-buffer-overflow.patch
Patch2: backport-CVE-2021-3575.patch
Patch3: backport-CVE-2024-56826.patch
Patch4: backport-CVE-2024-56827.patch
BuildRequires: cmake gcc-c++ make zlib-devel libpng-devel libtiff-devel lcms2-devel doxygen java-devel BuildRequires: cmake gcc-c++ make zlib-devel libpng-devel libtiff-devel lcms2-devel doxygen java-devel
BuildRequires: jbigkit-devel libjpeg-turbo-devel BuildRequires: jbigkit-devel libjpeg-turbo-devel
@ -52,8 +47,8 @@ Command line tools for JPEG 2000 file manipulation, using OpenJPEG2:
find thirdparty/ -mindepth 1 -maxdepth 1 -type d -exec rm -rf {} \; find thirdparty/ -mindepth 1 -maxdepth 1 -type d -exec rm -rf {} \;
%build %build
mkdir %{BuildDir} mkdir %{_target_platform}
pushd %{BuildDir} pushd %{_target_platform}
%cmake -DCMAKE_BUILD_TYPE=RelWithDebInfo -DOPENJPEG_INSTALL_LIB_DIR=%{_lib} \ %cmake -DCMAKE_BUILD_TYPE=RelWithDebInfo -DOPENJPEG_INSTALL_LIB_DIR=%{_lib} \
%{?optional_components:-DBUILD_MJ2=ON -DBUILD_JPWL=ON -DBUILD_JPIP=ON -DBUILD_JP3D=ON} \ %{?optional_components:-DBUILD_MJ2=ON -DBUILD_JPWL=ON -DBUILD_JPIP=ON -DBUILD_JP3D=ON} \
-DBUILD_DOC=ON \ -DBUILD_DOC=ON \
@ -63,11 +58,11 @@ pushd %{BuildDir}
.. ..
popd popd
%make_build VERBOSE=1 -C %{BuildDir} %make_build VERBOSE=1 -C %{_target_platform}
%install %install
%make_install -C %{BuildDir} %make_install -C %{_target_platform}
mv %{buildroot}%{_mandir}/man1/opj_compress.1 %{buildroot}%{_mandir}/man1/opj2_compress.1 mv %{buildroot}%{_mandir}/man1/opj_compress.1 %{buildroot}%{_mandir}/man1/opj2_compress.1
mv %{buildroot}%{_mandir}/man1/opj_decompress.1 %{buildroot}%{_mandir}/man1/opj2_decompress.1 mv %{buildroot}%{_mandir}/man1/opj_decompress.1 %{buildroot}%{_mandir}/man1/opj2_decompress.1
@ -92,7 +87,7 @@ mv %{buildroot}%{_mandir}/man1/opj_dump.1 %{buildroot}%{_mandir}/man1/opj2_dump.
%files help %files help
%defattr(-,root,root) %defattr(-,root,root)
%doc %{BuildDir}/doc/html %doc %{_target_platform}/doc/html
%doc NEWS.md README.md THANKS.md %doc NEWS.md README.md THANKS.md
%{_mandir}/man1/*.1* %{_mandir}/man1/*.1*
%{_mandir}/man3/*.3* %{_mandir}/man3/*.3*
@ -103,27 +98,6 @@ mv %{buildroot}%{_mandir}/man1/opj_dump.1 %{buildroot}%{_mandir}/man1/opj2_dump.
%{_bindir}/opj2_dump %{_bindir}/opj2_dump
%changelog %changelog
* Tue Jan 7 2025 changtao <changtao@kylinos.cn> - 2.5.0-7
- Type: CVE
- CVE: CVE-2024-56827
- SUG: NA
- DESC: fix CVE-2024-56827
* Tue Jan 7 2025 zhangpan <zhangpan103@h-partners.com> - 2.5.0-6
- fix CVE-2024-56826
* Tue Oct 29 2024 zhangpan <zhangpan103@h-partners.com> - 2.5.0-5
- fix CVE-2021-3575
* Thu Jul 11 2024 xinghe <xinghe2@h-partners.com> - 2.5.0-4
- Type:cves
- ID:CVE-2023-39328
- SUG:NA
- DESC:fix CVE-2023-39328
* Mon May 29 2023 Jia Chao <jiachao2130@126.com> - 2.5.0-3
- Fix: builddir contains arch info make help create different noarch pkg.
* Tue Feb 28 2023 zhangpan <zhangpan103@h-partners.com> - 2.5.0-2 * Tue Feb 28 2023 zhangpan <zhangpan103@h-partners.com> - 2.5.0-2
- Remove useless buildrequires - Remove useless buildrequires