diff --git a/0018-tcd_get_decoded_tile_size.patch b/0018-tcd_get_decoded_tile_size.patch new file mode 100644 index 0000000..98aa3e6 --- /dev/null +++ b/0018-tcd_get_decoded_tile_size.patch @@ -0,0 +1,61 @@ +--- + src/lib/openjp2/j2k.c | 4 ++++ + src/lib/openjp2/tcd.c | 16 ++++++++++++++-- + 2 files changed, 18 insertions(+), 2 deletions(-) + +Index: openjpeg-2.1.2/src/lib/openjp2/j2k.c +=================================================================== +--- openjpeg-2.1.2.orig/src/lib/openjp2/j2k.c ++++ openjpeg-2.1.2/src/lib/openjp2/j2k.c +@@ -8097,6 +8097,10 @@ OPJ_BOOL opj_j2k_read_tile_header( + *p_tile_index = p_j2k->m_current_tile_number; + *p_go_on = OPJ_TRUE; + *p_data_size = opj_tcd_get_decoded_tile_size(p_j2k->m_tcd); ++ if (*p_data_size == (OPJ_UINT32)-1) { ++ return OPJ_FALSE; ++ } ++ + *p_tile_x0 = p_j2k->m_tcd->tcd_image->tiles->x0; + *p_tile_y0 = p_j2k->m_tcd->tcd_image->tiles->y0; + *p_tile_x1 = p_j2k->m_tcd->tcd_image->tiles->x1; +Index: openjpeg-2.1.2/src/lib/openjp2/tcd.c +=================================================================== +--- openjpeg-2.1.2.orig/src/lib/openjp2/tcd.c ++++ openjpeg-2.1.2/src/lib/openjp2/tcd.c +@@ -1154,6 +1154,7 @@ OPJ_UINT32 opj_tcd_get_decoded_tile_size + opj_tcd_tilecomp_t * l_tile_comp = 00; + opj_tcd_resolution_t * l_res = 00; + OPJ_UINT32 l_size_comp, l_remaining; ++ OPJ_UINT32 l_temp; + + l_tile_comp = p_tcd->tcd_image->tiles->comps; + l_img_comp = p_tcd->image->comps; +@@ -1171,7 +1172,18 @@ OPJ_UINT32 opj_tcd_get_decoded_tile_size + } + + l_res = l_tile_comp->resolutions + l_tile_comp->minimum_num_resolutions - 1; +- l_data_size += l_size_comp * (OPJ_UINT32)((l_res->x1 - l_res->x0) * (l_res->y1 - l_res->y0)); ++ l_temp = (OPJ_UINT32)((l_res->x1 - l_res->x0) * (l_res->y1 - l_res->y0)); /* x1*y1 can't overflow */ ++ ++ if (l_size_comp && ((OPJ_UINT32)-1) / l_size_comp < l_temp) { ++ return (OPJ_UINT32)-1; ++ } ++ l_temp *= l_size_comp; ++ ++ if (l_temp > ((OPJ_UINT32)-1) - l_data_size) { ++ return (OPJ_UINT32)-1; ++ } ++ l_data_size += l_temp; ++ + ++l_img_comp; + ++l_tile_comp; + } +@@ -1366,7 +1378,7 @@ OPJ_BOOL opj_tcd_update_tile_data ( opj_ + OPJ_UINT32 l_stride, l_width,l_height; + + l_data_size = opj_tcd_get_decoded_tile_size(p_tcd); +- if (l_data_size > p_dest_length) { ++ if (l_data_size == (OPJ_UINT32)-1 || l_data_size > p_dest_length) { + return OPJ_FALSE; + } + diff --git a/openjpeg-2.1.0.tar.gz b/openjpeg-2.1.0.tar.gz deleted file mode 100644 index a75d58f..0000000 --- a/openjpeg-2.1.0.tar.gz +++ /dev/null @@ -1,3 +0,0 @@ -version https://git-lfs.github.com/spec/v1 -oid sha256:1232bb814fd88d8ed314c94f0bfebb03de8559583a33abbe8c64ef3fc0a8ff03 -size 1789675 diff --git a/openjpeg-2.1.2.tar.gz b/openjpeg-2.1.2.tar.gz new file mode 100644 index 0000000..ae17661 --- /dev/null +++ b/openjpeg-2.1.2.tar.gz @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:4ce77b6ef538ef090d9bde1d5eeff8b3069ab56c4906f083475517c2c023dfa7 +size 1987071 diff --git a/openjpeg2.changes b/openjpeg2.changes index 2bdd7f1..273ee8d 100644 --- a/openjpeg2.changes +++ b/openjpeg2.changes @@ -1,3 +1,17 @@ +------------------------------------------------------------------- +Mon Dec 19 08:42:02 UTC 2016 - normand@linux.vnet.ibm.com + +- update to version 2.1.2 + Bug fixes including security fixes among which: + CVE-2016-8332 CVE-2016-7163 + CVE-2016-5139 CVE-2016-5159 + CVE-2016-5158 (not listed but solved different way) + Huge amount of critical bugfixes + Speed improvements + No API/ABI break compared to v2.1.1/v2.1 +- some doc files now have '.md' suffix (like README.md) +- CVE-2016-5152 with new 0018-tcd_get_decoded_tile_size.patch + ------------------------------------------------------------------- Tue Dec 8 15:13:03 UTC 2015 - p.drouand@gmail.com diff --git a/openjpeg2.spec b/openjpeg2.spec index 3e0f345..9c0d6d1 100644 --- a/openjpeg2.spec +++ b/openjpeg2.spec @@ -1,7 +1,7 @@ # # spec file for package openjpeg2 # -# Copyright (c) 2015 SUSE LINUX GmbH, Nuernberg, Germany. +# Copyright (c) 2016 SUSE LINUX GmbH, Nuernberg, Germany. # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed @@ -19,13 +19,13 @@ %define library_name libopenjp2-7 %define base_version 2.1 Name: openjpeg2 -Version: %{base_version}.0 +Version: %{base_version}.2 Release: 0 Summary: Opensource JPEG 2000 Codec Implementation License: BSD-2-Clause Group: Productivity/Graphics/Other Url: http://www.openjpeg.org/ -Source0: http://sourceforge.net/projects/openjpeg.mirror/files/%{version}/openjpeg-%{version}.tar.gz +Source0: https://github.com/uclouvain/openjpeg/archive/v%{version}.tar.gz#/openjpeg-%{version}.tar.gz Source1: baselibs.conf BuildRequires: cmake > 2.8.2 BuildRequires: doxygen @@ -36,6 +36,10 @@ BuildRequires: pkgconfig(libpng) BuildRequires: pkgconfig(libtiff-4) BuildRoot: %{_tmppath}/%{name}-%{version}-build +# CVE-2016-5152 is +# https://pdfium.googlesource.com/pdfium.git/+/d8cc503575463ff3d81b22dad292665f2c88911e/third_party/libopenjpeg20/0018-tcd_get_decoded_tile_size.patch +Patch1: 0018-tcd_get_decoded_tile_size.patch + %description The OpenJPEG library is an open-source JPEG 2000 codec written in C language. It has been developed in order to promote the use of JPEG 2000, the new @@ -76,6 +80,7 @@ sed -i 's|^HTML_TIMESTAMP[ =].*$|HTML_TIMESTAMP = NO|' doc/Doxyfile.dox.cmake.in for d in thirdparty/*; do [ -d "$d" ] && rm -rf "$d" done +%patch1 -p1 %build %cmake \ @@ -114,7 +119,7 @@ rm -rf %{buildroot}%{_datadir}/doc %files %defattr(-,root,root,-) -%doc AUTHORS CHANGES NEWS LICENSE README THANKS +%doc AUTHORS.md CHANGELOG.md NEWS.md LICENSE README.md THANKS.md %{_bindir}/opj_* %{_mandir}/man1/opj_*.1%{ext_man}