diff --git a/openjpeg-2.5.2.tar.gz b/openjpeg-2.5.2.tar.gz deleted file mode 100644 index 15647ab..0000000 --- a/openjpeg-2.5.2.tar.gz +++ /dev/null @@ -1,3 +0,0 @@ -version https://git-lfs.github.com/spec/v1 -oid sha256:90e3896fed910c376aaf79cdd98bdfdaf98c6472efd8e1debf0a854938cbda6a -size 1871948 diff --git a/openjpeg-2.5.3.tar.gz b/openjpeg-2.5.3.tar.gz new file mode 100644 index 0000000..e15ba0b --- /dev/null +++ b/openjpeg-2.5.3.tar.gz @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:368fe0468228e767433c9ebdea82ad9d801a3ad1e4234421f352c8b06e7aa707 +size 2155188 diff --git a/openjpeg2-CVE-2024-56826.patch b/openjpeg2-CVE-2024-56826.patch deleted file mode 100644 index 2f7b29b..0000000 --- a/openjpeg2-CVE-2024-56826.patch +++ /dev/null @@ -1,136 +0,0 @@ -From 98592ee6d6904f1b48e8207238779b89a63befa2 Mon Sep 17 00:00:00 2001 -From: Even Rouault -Date: Mon, 25 Nov 2024 23:11:24 +0100 -Subject: [PATCH] sycc422_to_rgb(): fix out-of-bounds read accesses when 2 * - width_component_1_or_2 + 1 == with_component_0 - -Fixes #1563 - -Also adjusts sycc420_to_rgb() for potential similar issue (amending -commit 7bd884f8750892de4f50bf4642fcfbe7011c6bdf) ---- - src/bin/common/color.c | 42 ++++++++++++++++++++++++++++++++---------- - 1 file changed, 32 insertions(+), 10 deletions(-) - -Index: openjpeg-2.5.2/src/bin/common/color.c -=================================================================== ---- openjpeg-2.5.2.orig/src/bin/common/color.c -+++ openjpeg-2.5.2/src/bin/common/color.c -@@ -158,7 +158,7 @@ static void sycc422_to_rgb(opj_image_t * - { - int *d0, *d1, *d2, *r, *g, *b; - const int *y, *cb, *cr; -- size_t maxw, maxh, max, offx, loopmaxw; -+ size_t maxw, maxh, max, offx, loopmaxw, comp12w; - int offset, upb; - size_t i; - -@@ -167,6 +167,7 @@ static void sycc422_to_rgb(opj_image_t * - upb = (1 << upb) - 1; - - maxw = (size_t)img->comps[0].w; -+ comp12w = (size_t)img->comps[1].w; - maxh = (size_t)img->comps[0].h; - max = maxw * maxh; - -@@ -212,13 +213,19 @@ static void sycc422_to_rgb(opj_image_t * - ++cr; - } - if (j < loopmaxw) { -- sycc_to_rgb(offset, upb, *y, *cb, *cr, r, g, b); -+ if (j / 2 == comp12w) { -+ sycc_to_rgb(offset, upb, *y, 0, 0, r, g, b); -+ } else { -+ sycc_to_rgb(offset, upb, *y, *cb, *cr, r, g, b); -+ } - ++y; - ++r; - ++g; - ++b; -- ++cb; -- ++cr; -+ if (j / 2 < comp12w) { -+ ++cb; -+ ++cr; -+ } - } - } - -@@ -246,7 +253,7 @@ static void sycc420_to_rgb(opj_image_t * - { - int *d0, *d1, *d2, *r, *g, *b, *nr, *ng, *nb; - const int *y, *cb, *cr, *ny; -- size_t maxw, maxh, max, offx, loopmaxw, offy, loopmaxh; -+ size_t maxw, maxh, max, offx, loopmaxw, offy, loopmaxh, comp12w; - int offset, upb; - size_t i; - -@@ -255,6 +262,7 @@ static void sycc420_to_rgb(opj_image_t * - upb = (1 << upb) - 1; - - maxw = (size_t)img->comps[0].w; -+ comp12w = (size_t)img->comps[1].w; - maxh = (size_t)img->comps[0].h; - max = maxw * maxh; - -@@ -336,19 +344,29 @@ static void sycc420_to_rgb(opj_image_t * - ++cr; - } - if (j < loopmaxw) { -- sycc_to_rgb(offset, upb, *y, *cb, *cr, r, g, b); -+ if (j / 2 == comp12w) { -+ sycc_to_rgb(offset, upb, *y, 0, 0, r, g, b); -+ } else { -+ sycc_to_rgb(offset, upb, *y, *cb, *cr, r, g, b); -+ } - ++y; - ++r; - ++g; - ++b; - -- sycc_to_rgb(offset, upb, *ny, *cb, *cr, nr, ng, nb); -+ if (j / 2 == comp12w) { -+ sycc_to_rgb(offset, upb, *ny, 0, 0, nr, ng, nb); -+ } else { -+ sycc_to_rgb(offset, upb, *ny, *cb, *cr, nr, ng, nb); -+ } - ++ny; - ++nr; - ++ng; - ++nb; -- ++cb; -- ++cr; -+ if (j / 2 < comp12w) { -+ ++cb; -+ ++cr; -+ } - } - y += maxw; - r += maxw; -@@ -384,7 +402,11 @@ static void sycc420_to_rgb(opj_image_t * - ++cr; - } - if (j < loopmaxw) { -- sycc_to_rgb(offset, upb, *y, *cb, *cr, r, g, b); -+ if (j / 2 == comp12w) { -+ sycc_to_rgb(offset, upb, *y, 0, 0, r, g, b); -+ } else { -+ sycc_to_rgb(offset, upb, *y, *cb, *cr, r, g, b); -+ } - } - } - -Index: openjpeg-2.5.2/src/lib/openjp2/j2k.c -=================================================================== ---- openjpeg-2.5.2.orig/src/lib/openjp2/j2k.c -+++ openjpeg-2.5.2/src/lib/openjp2/j2k.c -@@ -8390,7 +8390,8 @@ static OPJ_BOOL opj_j2k_add_tlmarker(OPJ - if (type == J2K_MS_SOT) { - OPJ_UINT32 l_current_tile_part = cstr_index->tile_index[tileno].current_tpsno; - -- if (cstr_index->tile_index[tileno].tp_index) { -+ if (cstr_index->tile_index[tileno].tp_index && -+ l_current_tile_part < cstr_index->tile_index[tileno].nb_tps) { - cstr_index->tile_index[tileno].tp_index[l_current_tile_part].start_pos = pos; - } - diff --git a/openjpeg2.changes b/openjpeg2.changes index 8d2f7ba..c718ac6 100644 --- a/openjpeg2.changes +++ b/openjpeg2.changes @@ -1,10 +1,32 @@ ------------------------------------------------------------------- -Fri Jan 3 12:46:26 UTC 2025 - pgajdos@suse.com +Mon Dec 16 11:15:35 UTC 2024 - Michael Vetter -- security update -- added patches - fix CVE-2024-56826 [bsc#1235029], heap buffer overflow in bin/common/color.c - + openjpeg2-CVE-2024-56826.patch +- Update to 2.5.3: + * No API/ABI break compared to v2.5.2 + New Features: + * Use TLM (Tile Length Marker) segments to optimize decoding #1538 + * Add AVX2 and AVX512 optimization #1552 + * Support setting enumcs for CMYK and EYCC color space #1529 + Bug fixes: + * Do not turn on 'TPsot==TNsot detection fix' when TNsot==1, and + add a OPJ_DPARAMETERS_DISABLE_TPSOT_FIX flag to disable it #1560 + * opj_j2k_setup_encoder(): set numgbits = 1 for Cinema2K #1559 + * fix: when EPH markers are specified, they are required. #1547 + * sycc422_to_rgb(): fix out-of-bounds read accesses when 2 * + width_component_1_or_2 + 1 == with_component_0 #1566 + * Avoid heap-buffer-overflow read on corrupted image in non-strict mode #1536 + * opj_j2k_read_sod(): validate opj_stream_read_data() return to + avoid potential later heap-buffer-overflow in in opj_t1_decode_cblk when disabling strict mode #1534 + * fix integer Overflow at j2k.c:9614 #1530 + * Memory leak fixes in error code path of opj_compress #1567 + * opj_j2k_decode_tiles(): avoid use of uninitialized l_current_tile_no variable #1528 + * Do not allow header length to be zero in non-zero length packet #1526 + * Fix building on OpenBSD big endian hosts #1520 + Changes in third party components: + * thirdparty/libz: update to zlib-1.3.1 #1542 + * thirdparty/libpng: update to libpng-1.6.43 #1541 + * thirdparty/libtiff: update to libtiff 4.6.0 #1540 +- fixes CVE-2024-56826 [bsc#1235029] ------------------------------------------------------------------- Fri Aug 16 16:59:14 UTC 2024 - Manfred Hollstein diff --git a/openjpeg2.spec b/openjpeg2.spec index e105799..afdca6d 100644 --- a/openjpeg2.spec +++ b/openjpeg2.spec @@ -19,7 +19,7 @@ %define library_name libopenjp2-7 %define base_version 2.5 Name: openjpeg2 -Version: 2.5.2 +Version: 2.5.3 Release: 0 Summary: Opensource JPEG 2000 Codec Implementation License: BSD-2-Clause @@ -27,8 +27,6 @@ Group: Productivity/Graphics/Other URL: https://www.openjpeg.org/ Source0: https://github.com/uclouvain/openjpeg/archive/v%{version}.tar.gz#/openjpeg-%{version}.tar.gz Source1: baselibs.conf -# CVE-2024-56826 [bsc#1235029], heap buffer overflow in bin/common/color.c -Patch0: openjpeg2-CVE-2024-56826.patch BuildRequires: cmake > 3.5 BuildRequires: doxygen BuildRequires: fdupes @@ -89,7 +87,7 @@ The OpenJPEG library is an open-source JPEG 2000 codec written in C language. This package provides the API documentation for %{name}. %prep -%autosetup -n openjpeg-%{version} -p1 +%autosetup -n openjpeg-%{version} -p0 # do not embed timestamps into html documentation sed -i 's|^HTML_TIMESTAMP[ =].*$|HTML_TIMESTAMP = NO|' doc/Doxyfile.dox.cmake.in