pool/openjpeg2
SHA256
6
0
Fork 1
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Accepting request 867967 from graphics

Browse Source 
OBS-URL: https://build.opensuse.org/request/show/867967
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/openjpeg2?expand=0&rev=15
This commit is contained in:
Dominique Leuenberger 2021-02-16 21:34:49 +00:00 committed by Git OBS Bridge
commit 0013475aa8
9 changed files with 25 additions and 329 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

29
024b8407392cb0b8.patch
View File

@ -1,29 +0,0 @@
From 024b8407392cb0b82b04b58ed256094ed5799e04 Mon Sep 17 00:00:00 2001
From: Even Rouault <even.rouault@spatialys.com>
Date: Sat, 11 Jan 2020 01:51:19 +0100
Subject: [PATCH] opj_j2k_update_image_dimensions(): reject images whose
coordinates are beyond INT_MAX (fixes #1228)
---
src/lib/openjp2/j2k.c | 8 ++++++++
1 file changed, 8 insertions(+)
diff --git a/src/lib/openjp2/j2k.c b/src/lib/openjp2/j2k.c
index 14f6ff41a..922550eb1 100644
--- a/src/lib/openjp2/j2k.c
+++ b/src/lib/openjp2/j2k.c
@@ -9221,6 +9221,14 @@ static OPJ_BOOL opj_j2k_update_image_dimensions(opj_image_t* p_image,
l_img_comp = p_image->comps;
for (it_comp = 0; it_comp < p_image->numcomps; ++it_comp) {
OPJ_INT32 l_h, l_w;
+ if (p_image->x0 > (OPJ_UINT32)INT_MAX ||
+ p_image->y0 > (OPJ_UINT32)INT_MAX ||
+ p_image->x1 > (OPJ_UINT32)INT_MAX ||
+ p_image->y1 > (OPJ_UINT32)INT_MAX) {
+ opj_event_msg(p_manager, EVT_ERROR,
+ "Image coordinates above INT_MAX are not supported\n");
+ return OPJ_FALSE;
+ }
l_img_comp->x0 = (OPJ_UINT32)opj_int_ceildiv((OPJ_INT32)p_image->x0,
(OPJ_INT32)l_img_comp->dx);

43
05f9b91e60debda0.patch
View File

@ -1,43 +0,0 @@
From 05f9b91e60debda0e83977e5e63b2e66486f7074 Mon Sep 17 00:00:00 2001
From: Even Rouault <even.rouault@spatialys.com>
Date: Thu, 30 Jan 2020 00:59:57 +0100
Subject: [PATCH] opj_tcd_init_tile(): avoid integer overflow
That could lead to later assertion failures.
Fixes #1231 / CVE-2020-8112
---
src/lib/openjp2/tcd.c | 20 ++++++++++++++++++--
1 file changed, 18 insertions(+), 2 deletions(-)
diff --git a/src/lib/openjp2/tcd.c b/src/lib/openjp2/tcd.c
index deecc4dff..aa419030a 100644
--- a/src/lib/openjp2/tcd.c
+++ b/src/lib/openjp2/tcd.c
@@ -905,8 +905,24 @@ static INLINE OPJ_BOOL opj_tcd_init_tile(opj_tcd_t *p_tcd, OPJ_UINT32 p_tile_no,
/* p. 64, B.6, ISO/IEC FDIS15444-1 : 2000 (18 august 2000) */
l_tl_prc_x_start = opj_int_floordivpow2(l_res->x0, (OPJ_INT32)l_pdx) << l_pdx;
l_tl_prc_y_start = opj_int_floordivpow2(l_res->y0, (OPJ_INT32)l_pdy) << l_pdy;
- l_br_prc_x_end = opj_int_ceildivpow2(l_res->x1, (OPJ_INT32)l_pdx) << l_pdx;
- l_br_prc_y_end = opj_int_ceildivpow2(l_res->y1, (OPJ_INT32)l_pdy) << l_pdy;
+ {
+ OPJ_UINT32 tmp = ((OPJ_UINT32)opj_int_ceildivpow2(l_res->x1,
+ (OPJ_INT32)l_pdx)) << l_pdx;
+ if (tmp > (OPJ_UINT32)INT_MAX) {
+ opj_event_msg(manager, EVT_ERROR, "Integer overflow\n");
+ return OPJ_FALSE;
+ }
+ l_br_prc_x_end = (OPJ_INT32)tmp;
+ }
+ {
+ OPJ_UINT32 tmp = ((OPJ_UINT32)opj_int_ceildivpow2(l_res->y1,
+ (OPJ_INT32)l_pdy)) << l_pdy;
+ if (tmp > (OPJ_UINT32)INT_MAX) {
+ opj_event_msg(manager, EVT_ERROR, "Integer overflow\n");
+ return OPJ_FALSE;
+ }
+ l_br_prc_y_end = (OPJ_INT32)tmp;
+ }
/*fprintf(stderr, "\t\t\tprc_x_start=%d, prc_y_start=%d, br_prc_x_end=%d, br_prc_y_end=%d \n", l_tl_prc_x_start, l_tl_prc_y_start, l_br_prc_x_end ,l_br_prc_y_end );*/
l_res->pw = (l_res->x0 == l_res->x1) ? 0U : (OPJ_UINT32)((

68
21399f6b7d318fcd.patch
View File

@ -1,68 +0,0 @@
From 21399f6b7d318fcdf4406d5e88723c4922202aa3 Mon Sep 17 00:00:00 2001
From: Young Xiao <YangX92@hotmail.com>
Date: Sat, 16 Mar 2019 19:57:27 +0800
Subject: [PATCH] convertbmp: detect invalid file dimensions early
width/length dimensions read from bmp headers are not necessarily
valid. For instance they may have been maliciously set to very large
values with the intention to cause DoS (large memory allocation, stack
overflow). In these cases we want to detect the invalid size as early
as possible.
This commit introduces a counter which verifies that the number of
written bytes corresponds to the advertized width/length.
See commit 8ee335227bbc for details.
Signed-off-by: Young Xiao <YangX92@hotmail.com>
---
src/bin/jp2/convertbmp.c | 10 ++++++++--
1 file changed, 8 insertions(+), 2 deletions(-)
diff --git a/src/bin/jp2/convertbmp.c b/src/bin/jp2/convertbmp.c
index 0af52f816..ec34f535b 100644
--- a/src/bin/jp2/convertbmp.c
+++ b/src/bin/jp2/convertbmp.c
@@ -622,13 +622,13 @@ static OPJ_BOOL bmp_read_rle8_data(FILE* IN, OPJ_UINT8* pData,
static OPJ_BOOL bmp_read_rle4_data(FILE* IN, OPJ_UINT8* pData,
OPJ_UINT32 stride, OPJ_UINT32 width, OPJ_UINT32 height)
{
- OPJ_UINT32 x, y;
+ OPJ_UINT32 x, y, written;
OPJ_UINT8 *pix;
const OPJ_UINT8 *beyond;
beyond = pData + stride * height;
pix = pData;
- x = y = 0U;
+ x = y = written = 0U;
while (y < height) {
int c = getc(IN);
if (c == EOF) {
@@ -642,6 +642,7 @@ static OPJ_BOOL bmp_read_rle4_data(FILE* IN, OPJ_UINT8* pData,
for (j = 0; (j < c) && (x < width) &&
((OPJ_SIZE_T)pix < (OPJ_SIZE_T)beyond); j++, x++, pix++) {
*pix = (OPJ_UINT8)((j & 1) ? (c1 & 0x0fU) : ((c1 >> 4) & 0x0fU));
+ written++;
}
} else { /* absolute mode */
c = getc(IN);
@@ -671,6 +672,7 @@ static OPJ_BOOL bmp_read_rle4_data(FILE* IN, OPJ_UINT8* pData,
c1 = (OPJ_UINT8)getc(IN);
}
*pix = (OPJ_UINT8)((j & 1) ? (c1 & 0x0fU) : ((c1 >> 4) & 0x0fU));
+ written++;
}
if (((c & 3) == 1) || ((c & 3) == 2)) { /* skip padding byte */
getc(IN);
@@ -678,6 +680,10 @@ static OPJ_BOOL bmp_read_rle4_data(FILE* IN, OPJ_UINT8* pData,
}
}
} /* while(y < height) */
+ if (written != width * height) {
+ fprintf(stderr, "warning, image's actual size does not match advertized one\n");
+ return OPJ_FALSE;
+ }
return OPJ_TRUE;
}

83
3aef207f90e937d4.patch
View File

@ -1,83 +0,0 @@
From 3aef207f90e937d4931daf6d411e092f76d82e66 Mon Sep 17 00:00:00 2001
From: Young Xiao <YangX92@hotmail.com>
Date: Sat, 16 Mar 2019 20:09:59 +0800
Subject: [PATCH] bmp_read_rle4_data(): avoid potential infinite loop
---
src/bin/jp2/convertbmp.c | 32 ++++++++++++++++++++++++++------
1 file changed, 26 insertions(+), 6 deletions(-)
diff --git a/src/bin/jp2/convertbmp.c b/src/bin/jp2/convertbmp.c
index ec34f535b..2fc4e9bc4 100644
--- a/src/bin/jp2/convertbmp.c
+++ b/src/bin/jp2/convertbmp.c
@@ -632,12 +632,18 @@ static OPJ_BOOL bmp_read_rle4_data(FILE* IN, OPJ_UINT8* pData,
while (y < height) {
int c = getc(IN);
if (c == EOF) {
- break;
+ return OPJ_FALSE;
}
if (c) { /* encoded mode */
- int j;
- OPJ_UINT8 c1 = (OPJ_UINT8)getc(IN);
+ int j, c1_int;
+ OPJ_UINT8 c1;
+
+ c1_int = getc(IN);
+ if (c1_int == EOF) {
+ return OPJ_FALSE;
+ }
+ c1 = (OPJ_UINT8)c1_int;
for (j = 0; (j < c) && (x < width) &&
((OPJ_SIZE_T)pix < (OPJ_SIZE_T)beyond); j++, x++, pix++) {
@@ -647,7 +653,7 @@ static OPJ_BOOL bmp_read_rle4_data(FILE* IN, OPJ_UINT8* pData,
} else { /* absolute mode */
c = getc(IN);
if (c == EOF) {
- break;
+ return OPJ_FALSE;
}
if (c == 0x00) { /* EOL */
@@ -658,8 +664,14 @@ static OPJ_BOOL bmp_read_rle4_data(FILE* IN, OPJ_UINT8* pData,
break;
} else if (c == 0x02) { /* MOVE by dxdy */
c = getc(IN);
+ if (c == EOF) {
+ return OPJ_FALSE;
+ }
x += (OPJ_UINT32)c;
c = getc(IN);
+ if (c == EOF) {
+ return OPJ_FALSE;
+ }
y += (OPJ_UINT32)c;
pix = pData + y * stride + x;
} else { /* 03 .. 255 : absolute mode */
@@ -669,13 +681,21 @@ static OPJ_BOOL bmp_read_rle4_data(FILE* IN, OPJ_UINT8* pData,
for (j = 0; (j < c) && (x < width) &&
((OPJ_SIZE_T)pix < (OPJ_SIZE_T)beyond); j++, x++, pix++) {
if ((j & 1) == 0) {
- c1 = (OPJ_UINT8)getc(IN);
+ int c1_int;
+ c1_int = getc(IN);
+ if (c1_int == EOF) {
+ return OPJ_FALSE;
+ }
+ c1 = (OPJ_UINT8)c1_int;
}
*pix = (OPJ_UINT8)((j & 1) ? (c1 & 0x0fU) : ((c1 >> 4) & 0x0fU));
written++;
}
if (((c & 3) == 1) || ((c & 3) == 2)) { /* skip padding byte */
- getc(IN);
+ c = getc(IN);
+ if (c == EOF) {
+ return OPJ_FALSE;
+ }
}
}
}

77
4cb1f663049aab96.patch
View File

@ -1,77 +0,0 @@
From 4cb1f663049aab96e122d1ff16f601d0cc0be976 Mon Sep 17 00:00:00 2001
From: Even Rouault <even.rouault@spatialys.com>
Date: Sun, 17 Nov 2019 01:18:26 +0100
Subject: [PATCH] pi.c: avoid integer overflow, resulting in later invalid
access to memory in opj_t2_decode_packets(). Fixes
https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=18979
---
src/lib/openjp2/pi.c | 24 ++++++++++++------------
src/lib/openjp2/pi.h | 4 ++--
2 files changed, 14 insertions(+), 14 deletions(-)
diff --git a/src/lib/openjp2/pi.c b/src/lib/openjp2/pi.c
index 4a6ed68e2..3ddb4a0c5 100644
--- a/src/lib/openjp2/pi.c
+++ b/src/lib/openjp2/pi.c
@@ -376,10 +376,10 @@ static OPJ_BOOL opj_pi_next_rpcl(opj_pi_iterator_t * pi)
pi->poc.tx1 = pi->tx1;
}
for (pi->resno = pi->poc.resno0; pi->resno < pi->poc.resno1; pi->resno++) {
- for (pi->y = pi->poc.ty0; pi->y < pi->poc.ty1;
- pi->y += (OPJ_INT32)(pi->dy - (OPJ_UINT32)(pi->y % (OPJ_INT32)pi->dy))) {
- for (pi->x = pi->poc.tx0; pi->x < pi->poc.tx1;
- pi->x += (OPJ_INT32)(pi->dx - (OPJ_UINT32)(pi->x % (OPJ_INT32)pi->dx))) {
+ for (pi->y = (OPJ_UINT32)pi->poc.ty0; pi->y < (OPJ_UINT32)pi->poc.ty1;
+ pi->y += (pi->dy - (pi->y % pi->dy))) {
+ for (pi->x = (OPJ_UINT32)pi->poc.tx0; pi->x < (OPJ_UINT32)pi->poc.tx1;
+ pi->x += (pi->dx - (pi->x % pi->dx))) {
for (pi->compno = pi->poc.compno0; pi->compno < pi->poc.compno1; pi->compno++) {
OPJ_UINT32 levelno;
OPJ_INT32 trx0, try0;
@@ -508,10 +508,10 @@ static OPJ_BOOL opj_pi_next_pcrl(opj_pi_iterator_t * pi)
pi->poc.ty1 = pi->ty1;
pi->poc.tx1 = pi->tx1;
}
- for (pi->y = pi->poc.ty0; pi->y < pi->poc.ty1;
- pi->y += (OPJ_INT32)(pi->dy - (OPJ_UINT32)(pi->y % (OPJ_INT32)pi->dy))) {
- for (pi->x = pi->poc.tx0; pi->x < pi->poc.tx1;
- pi->x += (OPJ_INT32)(pi->dx - (OPJ_UINT32)(pi->x % (OPJ_INT32)pi->dx))) {
+ for (pi->y = (OPJ_UINT32)pi->poc.ty0; pi->y < (OPJ_UINT32)pi->poc.ty1;
+ pi->y += (pi->dy - (pi->y % pi->dy))) {
+ for (pi->x = (OPJ_UINT32)pi->poc.tx0; pi->x < (OPJ_UINT32)pi->poc.tx1;
+ pi->x += (pi->dx - (pi->x % pi->dx))) {
for (pi->compno = pi->poc.compno0; pi->compno < pi->poc.compno1; pi->compno++) {
comp = &pi->comps[pi->compno];
for (pi->resno = pi->poc.resno0;
@@ -639,10 +639,10 @@ static OPJ_BOOL opj_pi_next_cprl(opj_pi_iterator_t * pi)
pi->poc.ty1 = pi->ty1;
pi->poc.tx1 = pi->tx1;
}
- for (pi->y = pi->poc.ty0; pi->y < pi->poc.ty1;
- pi->y += (OPJ_INT32)(pi->dy - (OPJ_UINT32)(pi->y % (OPJ_INT32)pi->dy))) {
- for (pi->x = pi->poc.tx0; pi->x < pi->poc.tx1;
- pi->x += (OPJ_INT32)(pi->dx - (OPJ_UINT32)(pi->x % (OPJ_INT32)pi->dx))) {
+ for (pi->y = (OPJ_UINT32)pi->poc.ty0; pi->y < (OPJ_UINT32)pi->poc.ty1;
+ pi->y += (pi->dy - (pi->y % pi->dy))) {
+ for (pi->x = (OPJ_UINT32)pi->poc.tx0; pi->x < (OPJ_UINT32)pi->poc.tx1;
+ pi->x += (pi->dx - (pi->x % pi->dx))) {
for (pi->resno = pi->poc.resno0;
pi->resno < opj_uint_min(pi->poc.resno1, comp->numresolutions); pi->resno++) {
OPJ_UINT32 levelno;
diff --git a/src/lib/openjp2/pi.h b/src/lib/openjp2/pi.h
index 8c0dc25c1..873802089 100644
--- a/src/lib/openjp2/pi.h
+++ b/src/lib/openjp2/pi.h
@@ -102,9 +102,9 @@ typedef struct opj_pi_iterator {
/** Components*/
opj_pi_comp_t *comps;
/** FIXME DOC*/
- OPJ_INT32 tx0, ty0, tx1, ty1;
+ OPJ_UINT32 tx0, ty0, tx1, ty1;
/** FIXME DOC*/
- OPJ_INT32 x, y;
+ OPJ_UINT32 x, y;
/** FIXME DOC*/
OPJ_UINT32 dx, dy;
} opj_pi_iterator_t;

3
openjpeg-2.3.1.tar.gz
View File

@ -1,3 +0,0 @@
version https://git-lfs.github.com/spec/v1
oid sha256:63f5a4713ecafc86de51bfad89cc07bb788e9bba24ebbf0c4ca637621aadb6a9
size 2214401

3
openjpeg-2.4.0.tar.gz Normal file
View File

@ -0,0 +1,3 @@
version https://git-lfs.github.com/spec/v1
oid sha256:8702ba68b442657f11aaeb2b338443ca8d5fb95b0d845757968a7be31ef7f16d
size 2233229

14
openjpeg2.changes
View File

@ -1,3 +1,17 @@
-------------------------------------------------------------------
Mon Jan 18 23:00:45 UTC 2021 - Dirk Müller <dmueller@suse.com>
- update to 2.4.0:
* Encoder: add support for multithreading #1248
* Encoder: add support for generation of PLT markers #1246
* Encoder: single-threaded performance improvements in forward DWT for 5-3 and 9-7 (and other improvements) #1253
* Encoder: support IMF profiles #1235
* Many bug fixes (including security fixes)
- drop 024b8407392cb0b8.patch, 05f9b91e60debda0.patch,
21399f6b7d318fcd.patch, 3aef207f90e937d4.patch,
4cb1f663049aab96.patch: upstream
-------------------------------------------------------------------
Fri Jan 31 16:21:36 UTC 2020 - Stefan Brüns <stefan.bruens@rwth-aachen.de>

34
openjpeg2.spec
View File

@ -1,7 +1,7 @@
#
# spec file for package openjpeg2
#
# Copyright (c) 2020 SUSE LLC
# Copyright (c) 2021 SUSE LLC
#
# All modifications and additions to the file contributed by third parties
# remain the property of their copyright owners, unless otherwise agreed
@ -17,36 +17,24 @@
%define library_name libopenjp2-7
%define base_version 2.3
%define base_version 2.4
Name: openjpeg2
Version: 2.3.1
Version: 2.4.0
Release: 0
Summary: Opensource JPEG 2000 Codec Implementation
License: BSD-2-Clause
Group: Productivity/Graphics/Other
URL: http://www.openjpeg.org/
URL: https://www.openjpeg.org/
Source0: https://github.com/uclouvain/openjpeg/archive/v%{version}.tar.gz#/openjpeg-%{version}.tar.gz
Source1: baselibs.conf
# PATCH-FIX-UPSTREAM -- like CVE-2018-6616, but rle4 instead of rle8, bsc#1079845, https://github.com/uclouvain/openjpeg/commit/21399f6b7d318fcd.patch
Patch0: 21399f6b7d318fcd.patch
# PATCH-FIX-UPSTREAM -- CVE-2019-12973, bsc#1140359, https://github.com/uclouvain/openjpeg/commit/3aef207f90e937d4.patch
Patch1: 3aef207f90e937d4.patch
# PATCH-FIX-UPSTREAM -- OSS-fuzz, https://github.com/uclouvain/openjpeg/commit/4cb1f663049aab96.patch
Patch2: 4cb1f663049aab96.patch
# PATCH-FIX-UPSTREAM -- CVE-2020-6851, bsc#1160782, https://github.com/uclouvain/openjpeg/commit/024b8407392cb0b8.patch
Patch3: 024b8407392cb0b8.patch
# PATCH-FIX-UPSTREAM -- CVE-2020-8112, bsc#1162090, https://github.com/uclouvain/openjpeg/commit/05f9b91e60debda0.patch
Patch4: 05f9b91e60debda0.patch
BuildRequires: cmake > 2.8.2
BuildRequires: doxygen
BuildRequires: fdupes
BuildRequires: gcc-c++
BuildRequires: pkg-config
BuildRequires: pkgconfig
BuildRequires: pkgconfig(lcms2)
BuildRequires: pkgconfig(libpng)
BuildRequires: pkgconfig(libtiff-4)
BuildRoot: %{_tmppath}/%{name}-%{version}-build
%description
The OpenJPEG library is an open-source JPEG 2000 codec written in C language.
@ -117,38 +105,32 @@ done
-DOPENJPEG_INSTALL_LIB_DIR=%{_lib} \
-DOPENJPEG_INSTALL_DOC_DIR=share/doc/packages/%{name}-devel-doc
make %{?_smp_mflags} VERBOSE=1 all doc
%make_build all doc
%install
%cmake_install
rm %{buildroot}%{_defaultdocdir}/%{name}-devel-doc/LICENSE
mv %{buildroot}%{_prefix}/share/doc/html %{buildroot}%{_defaultdocdir}/%{name}-devel-doc
%fdupes %{buildroot}%{_defaultdocdir}
%post -n %{library_name} -p /sbin/ldconfig
%postun -n %{library_name} -p /sbin/ldconfig
%files
%defattr(-,root,root,-)
%license LICENSE
%{_bindir}/opj_*
%{_mandir}/man1/opj_*.1%{ext_man}
%{_mandir}/man1/opj_*.1%{?ext_man}
%files -n %{library_name}
%defattr(-,root,root,-)
%{_libdir}/libopenjp2.so.*
%files devel
%defattr(-,root,root,-)
%{_includedir}/openjpeg-%{base_version}/
%{_libdir}/libopenjp2.so
%{_libdir}/pkgconfig/libopenjp2.pc
%{_libdir}/openjpeg-%{base_version}/
%{_mandir}/man3/libopenjp2.3%{ext_man}
%{_mandir}/man3/libopenjp2.3%{?ext_man}
%files devel-doc
%defattr(-,root,root,-)
%license LICENSE
%doc AUTHORS.md CHANGELOG.md NEWS.md README.md THANKS.md
%doc %{_defaultdocdir}/%{name}-devel-doc/html