Sync from SUSE:SLFO:Main openjpeg2 revision 6900b10d40a1b7d8f4d66cc587d6589d

This commit is contained in:
2025-03-23 18:31:22 +01:00
parent a2489294a5
commit 203178d966
5 changed files with 32 additions and 148 deletions

BIN
openjpeg-2.5.2.tar.gz (Stored with Git LFS)

Binary file not shown.

BIN
openjpeg-2.5.3.tar.gz (Stored with Git LFS) Normal file

Binary file not shown.

View File

@@ -1,136 +0,0 @@
From 98592ee6d6904f1b48e8207238779b89a63befa2 Mon Sep 17 00:00:00 2001
From: Even Rouault <even.rouault@spatialys.com>
Date: Mon, 25 Nov 2024 23:11:24 +0100
Subject: [PATCH] sycc422_to_rgb(): fix out-of-bounds read accesses when 2 *
width_component_1_or_2 + 1 == with_component_0
Fixes #1563
Also adjusts sycc420_to_rgb() for potential similar issue (amending
commit 7bd884f8750892de4f50bf4642fcfbe7011c6bdf)
---
src/bin/common/color.c | 42 ++++++++++++++++++++++++++++++++----------
1 file changed, 32 insertions(+), 10 deletions(-)
Index: openjpeg-2.5.2/src/bin/common/color.c
===================================================================
--- openjpeg-2.5.2.orig/src/bin/common/color.c
+++ openjpeg-2.5.2/src/bin/common/color.c
@@ -158,7 +158,7 @@ static void sycc422_to_rgb(opj_image_t *
{
int *d0, *d1, *d2, *r, *g, *b;
const int *y, *cb, *cr;
- size_t maxw, maxh, max, offx, loopmaxw;
+ size_t maxw, maxh, max, offx, loopmaxw, comp12w;
int offset, upb;
size_t i;
@@ -167,6 +167,7 @@ static void sycc422_to_rgb(opj_image_t *
upb = (1 << upb) - 1;
maxw = (size_t)img->comps[0].w;
+ comp12w = (size_t)img->comps[1].w;
maxh = (size_t)img->comps[0].h;
max = maxw * maxh;
@@ -212,13 +213,19 @@ static void sycc422_to_rgb(opj_image_t *
++cr;
}
if (j < loopmaxw) {
- sycc_to_rgb(offset, upb, *y, *cb, *cr, r, g, b);
+ if (j / 2 == comp12w) {
+ sycc_to_rgb(offset, upb, *y, 0, 0, r, g, b);
+ } else {
+ sycc_to_rgb(offset, upb, *y, *cb, *cr, r, g, b);
+ }
++y;
++r;
++g;
++b;
- ++cb;
- ++cr;
+ if (j / 2 < comp12w) {
+ ++cb;
+ ++cr;
+ }
}
}
@@ -246,7 +253,7 @@ static void sycc420_to_rgb(opj_image_t *
{
int *d0, *d1, *d2, *r, *g, *b, *nr, *ng, *nb;
const int *y, *cb, *cr, *ny;
- size_t maxw, maxh, max, offx, loopmaxw, offy, loopmaxh;
+ size_t maxw, maxh, max, offx, loopmaxw, offy, loopmaxh, comp12w;
int offset, upb;
size_t i;
@@ -255,6 +262,7 @@ static void sycc420_to_rgb(opj_image_t *
upb = (1 << upb) - 1;
maxw = (size_t)img->comps[0].w;
+ comp12w = (size_t)img->comps[1].w;
maxh = (size_t)img->comps[0].h;
max = maxw * maxh;
@@ -336,19 +344,29 @@ static void sycc420_to_rgb(opj_image_t *
++cr;
}
if (j < loopmaxw) {
- sycc_to_rgb(offset, upb, *y, *cb, *cr, r, g, b);
+ if (j / 2 == comp12w) {
+ sycc_to_rgb(offset, upb, *y, 0, 0, r, g, b);
+ } else {
+ sycc_to_rgb(offset, upb, *y, *cb, *cr, r, g, b);
+ }
++y;
++r;
++g;
++b;
- sycc_to_rgb(offset, upb, *ny, *cb, *cr, nr, ng, nb);
+ if (j / 2 == comp12w) {
+ sycc_to_rgb(offset, upb, *ny, 0, 0, nr, ng, nb);
+ } else {
+ sycc_to_rgb(offset, upb, *ny, *cb, *cr, nr, ng, nb);
+ }
++ny;
++nr;
++ng;
++nb;
- ++cb;
- ++cr;
+ if (j / 2 < comp12w) {
+ ++cb;
+ ++cr;
+ }
}
y += maxw;
r += maxw;
@@ -384,7 +402,11 @@ static void sycc420_to_rgb(opj_image_t *
++cr;
}
if (j < loopmaxw) {
- sycc_to_rgb(offset, upb, *y, *cb, *cr, r, g, b);
+ if (j / 2 == comp12w) {
+ sycc_to_rgb(offset, upb, *y, 0, 0, r, g, b);
+ } else {
+ sycc_to_rgb(offset, upb, *y, *cb, *cr, r, g, b);
+ }
}
}
Index: openjpeg-2.5.2/src/lib/openjp2/j2k.c
===================================================================
--- openjpeg-2.5.2.orig/src/lib/openjp2/j2k.c
+++ openjpeg-2.5.2/src/lib/openjp2/j2k.c
@@ -8390,7 +8390,8 @@ static OPJ_BOOL opj_j2k_add_tlmarker(OPJ
if (type == J2K_MS_SOT) {
OPJ_UINT32 l_current_tile_part = cstr_index->tile_index[tileno].current_tpsno;
- if (cstr_index->tile_index[tileno].tp_index) {
+ if (cstr_index->tile_index[tileno].tp_index &&
+ l_current_tile_part < cstr_index->tile_index[tileno].nb_tps) {
cstr_index->tile_index[tileno].tp_index[l_current_tile_part].start_pos = pos;
}

View File

@@ -1,10 +1,32 @@
-------------------------------------------------------------------
Fri Jan 3 12:46:26 UTC 2025 - pgajdos@suse.com
Mon Dec 16 11:15:35 UTC 2024 - Michael Vetter <mvetter@suse.com>
- security update
- added patches
fix CVE-2024-56826 [bsc#1235029], heap buffer overflow in bin/common/color.c
+ openjpeg2-CVE-2024-56826.patch
- Update to 2.5.3:
* No API/ABI break compared to v2.5.2
New Features:
* Use TLM (Tile Length Marker) segments to optimize decoding #1538
* Add AVX2 and AVX512 optimization #1552
* Support setting enumcs for CMYK and EYCC color space #1529
Bug fixes:
* Do not turn on 'TPsot==TNsot detection fix' when TNsot==1, and
add a OPJ_DPARAMETERS_DISABLE_TPSOT_FIX flag to disable it #1560
* opj_j2k_setup_encoder(): set numgbits = 1 for Cinema2K #1559
* fix: when EPH markers are specified, they are required. #1547
* sycc422_to_rgb(): fix out-of-bounds read accesses when 2 *
width_component_1_or_2 + 1 == with_component_0 #1566
* Avoid heap-buffer-overflow read on corrupted image in non-strict mode #1536
* opj_j2k_read_sod(): validate opj_stream_read_data() return to
avoid potential later heap-buffer-overflow in in opj_t1_decode_cblk when disabling strict mode #1534
* fix integer Overflow at j2k.c:9614 #1530
* Memory leak fixes in error code path of opj_compress #1567
* opj_j2k_decode_tiles(): avoid use of uninitialized l_current_tile_no variable #1528
* Do not allow header length to be zero in non-zero length packet #1526
* Fix building on OpenBSD big endian hosts #1520
Changes in third party components:
* thirdparty/libz: update to zlib-1.3.1 #1542
* thirdparty/libpng: update to libpng-1.6.43 #1541
* thirdparty/libtiff: update to libtiff 4.6.0 #1540
- fixes CVE-2024-56826 [bsc#1235029]
-------------------------------------------------------------------
Fri Aug 16 16:59:14 UTC 2024 - Manfred Hollstein <manfred.h@gmx.net>

View File

@@ -19,7 +19,7 @@
%define library_name libopenjp2-7
%define base_version 2.5
Name: openjpeg2
Version: 2.5.2
Version: 2.5.3
Release: 0
Summary: Opensource JPEG 2000 Codec Implementation
License: BSD-2-Clause
@@ -27,8 +27,6 @@ Group: Productivity/Graphics/Other
URL: https://www.openjpeg.org/
Source0: https://github.com/uclouvain/openjpeg/archive/v%{version}.tar.gz#/openjpeg-%{version}.tar.gz
Source1: baselibs.conf
# CVE-2024-56826 [bsc#1235029], heap buffer overflow in bin/common/color.c
Patch0: openjpeg2-CVE-2024-56826.patch
BuildRequires: cmake > 3.5
BuildRequires: doxygen
BuildRequires: fdupes
@@ -89,7 +87,7 @@ The OpenJPEG library is an open-source JPEG 2000 codec written in C language.
This package provides the API documentation for %{name}.
%prep
%autosetup -n openjpeg-%{version} -p1
%autosetup -n openjpeg-%{version} -p0
# do not embed timestamps into html documentation
sed -i 's|^HTML_TIMESTAMP[ =].*$|HTML_TIMESTAMP = NO|' doc/Doxyfile.dox.cmake.in