Sync from SUSE:SLFO:Main openjpeg2 revision 05cacda574de9a2c74f279bbbec6f5f3

openjpeg2-CVE-2024-56826.patch

@@ -0,0 +1,136 @@
+From 98592ee6d6904f1b48e8207238779b89a63befa2 Mon Sep 17 00:00:00 2001
+From: Even Rouault <even.rouault@spatialys.com>
+Date: Mon, 25 Nov 2024 23:11:24 +0100
+Subject: [PATCH] sycc422_to_rgb(): fix out-of-bounds read accesses when 2 *
+ width_component_1_or_2 + 1 == with_component_0
+
+Fixes #1563
+
+Also adjusts sycc420_to_rgb() for potential similar issue (amending
+commit 7bd884f8750892de4f50bf4642fcfbe7011c6bdf)
+---
+ src/bin/common/color.c | 42 ++++++++++++++++++++++++++++++++----------
+ 1 file changed, 32 insertions(+), 10 deletions(-)
+
+Index: openjpeg-2.5.2/src/bin/common/color.c
+===================================================================
+--- openjpeg-2.5.2.orig/src/bin/common/color.c
++++ openjpeg-2.5.2/src/bin/common/color.c
+@@ -158,7 +158,7 @@ static void sycc422_to_rgb(opj_image_t *
+ {
+     int *d0, *d1, *d2, *r, *g, *b;
+     const int *y, *cb, *cr;
+-    size_t maxw, maxh, max, offx, loopmaxw;
++    size_t maxw, maxh, max, offx, loopmaxw, comp12w;
+     int offset, upb;
+     size_t i;
+ 
+@@ -167,6 +167,7 @@ static void sycc422_to_rgb(opj_image_t *
+     upb = (1 << upb) - 1;
+ 
+     maxw = (size_t)img->comps[0].w;
++    comp12w = (size_t)img->comps[1].w;
+     maxh = (size_t)img->comps[0].h;
+     max = maxw * maxh;
+ 
+@@ -212,13 +213,19 @@ static void sycc422_to_rgb(opj_image_t *
+             ++cr;
+         }
+         if (j < loopmaxw) {
+-            sycc_to_rgb(offset, upb, *y, *cb, *cr, r, g, b);
++            if (j / 2 == comp12w) {
++                sycc_to_rgb(offset, upb, *y, 0, 0, r, g, b);
++            } else {
++                sycc_to_rgb(offset, upb, *y, *cb, *cr, r, g, b);
++            }
+             ++y;
+             ++r;
+             ++g;
+             ++b;
+-            ++cb;
+-            ++cr;
++            if (j / 2 < comp12w) {
++                ++cb;
++                ++cr;
++            }
+         }
+     }
+ 
+@@ -246,7 +253,7 @@ static void sycc420_to_rgb(opj_image_t *
+ {
+     int *d0, *d1, *d2, *r, *g, *b, *nr, *ng, *nb;
+     const int *y, *cb, *cr, *ny;
+-    size_t maxw, maxh, max, offx, loopmaxw, offy, loopmaxh;
++    size_t maxw, maxh, max, offx, loopmaxw, offy, loopmaxh, comp12w;
+     int offset, upb;
+     size_t i;
+ 
+@@ -255,6 +262,7 @@ static void sycc420_to_rgb(opj_image_t *
+     upb = (1 << upb) - 1;
+ 
+     maxw = (size_t)img->comps[0].w;
++    comp12w = (size_t)img->comps[1].w;
+     maxh = (size_t)img->comps[0].h;
+     max = maxw * maxh;
+ 
+@@ -336,19 +344,29 @@ static void sycc420_to_rgb(opj_image_t *
+             ++cr;
+         }
+         if (j < loopmaxw) {
+-            sycc_to_rgb(offset, upb, *y, *cb, *cr, r, g, b);
++            if (j / 2 == comp12w) {
++                sycc_to_rgb(offset, upb, *y, 0, 0, r, g, b);
++            } else {
++                sycc_to_rgb(offset, upb, *y, *cb, *cr, r, g, b);
++            }
+             ++y;
+             ++r;
+             ++g;
+             ++b;
+ 
+-            sycc_to_rgb(offset, upb, *ny, *cb, *cr, nr, ng, nb);
++            if (j / 2 == comp12w) {
++                sycc_to_rgb(offset, upb, *ny, 0, 0, nr, ng, nb);
++            } else {
++                sycc_to_rgb(offset, upb, *ny, *cb, *cr, nr, ng, nb);
++            }
+             ++ny;
+             ++nr;
+             ++ng;
+             ++nb;
+-            ++cb;
+-            ++cr;
++            if (j / 2 < comp12w) {
++                ++cb;
++                ++cr;
++            }
+         }
+         y += maxw;
+         r += maxw;
+@@ -384,7 +402,11 @@ static void sycc420_to_rgb(opj_image_t *
+             ++cr;
+         }
+         if (j < loopmaxw) {
+-            sycc_to_rgb(offset, upb, *y, *cb, *cr, r, g, b);
++            if (j / 2 == comp12w) {
++                sycc_to_rgb(offset, upb, *y, 0, 0, r, g, b);
++            } else {
++                sycc_to_rgb(offset, upb, *y, *cb, *cr, r, g, b);
++            }
+         }
+     }
+ 
+Index: openjpeg-2.5.2/src/lib/openjp2/j2k.c
+===================================================================
+--- openjpeg-2.5.2.orig/src/lib/openjp2/j2k.c
++++ openjpeg-2.5.2/src/lib/openjp2/j2k.c
+@@ -8390,7 +8390,8 @@ static OPJ_BOOL opj_j2k_add_tlmarker(OPJ
+     if (type == J2K_MS_SOT) {
+         OPJ_UINT32 l_current_tile_part = cstr_index->tile_index[tileno].current_tpsno;
+ 
+-        if (cstr_index->tile_index[tileno].tp_index) {
++        if (cstr_index->tile_index[tileno].tp_index &&
++                l_current_tile_part < cstr_index->tile_index[tileno].nb_tps) {
+             cstr_index->tile_index[tileno].tp_index[l_current_tile_part].start_pos = pos;
+         }
+ 

openjpeg2.changes

@@ -1,3 +1,11 @@
+-------------------------------------------------------------------
+Fri Jan  3 12:46:26 UTC 2025 - pgajdos@suse.com
+
+- security update
+- added patches
+  fix CVE-2024-56826 [bsc#1235029], heap buffer overflow in bin/common/color.c
+  + openjpeg2-CVE-2024-56826.patch
+
 -------------------------------------------------------------------
 Fri Aug 16 16:59:14 UTC 2024 - Manfred Hollstein <manfred.h@gmx.net>
 

openjpeg2.spec

@@ -27,6 +27,8 @@ Group:          Productivity/Graphics/Other
 URL:            https://www.openjpeg.org/
 Source0:        https://github.com/uclouvain/openjpeg/archive/v%{version}.tar.gz#/openjpeg-%{version}.tar.gz
 Source1:        baselibs.conf
+# CVE-2024-56826 [bsc#1235029], heap buffer overflow in bin/common/color.c
+Patch0:         openjpeg2-CVE-2024-56826.patch
 BuildRequires:  cmake > 3.5
 BuildRequires:  doxygen
 BuildRequires:  fdupes
@@ -87,7 +89,7 @@ The OpenJPEG library is an open-source JPEG 2000 codec written in C language.
 This package provides the API documentation for %{name}.
 
 %prep
-%autosetup -n openjpeg-%{version} -p0
+%autosetup -n openjpeg-%{version} -p1
 
 # do not embed timestamps into html documentation
 sed -i 's|^HTML_TIMESTAMP[ =].*$|HTML_TIMESTAMP = NO|' doc/Doxyfile.dox.cmake.in