pool/openjpeg2
SHA256
6
0
Fork 1
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Accepting request 447006 from graphics

Browse Source 
- update to version 2.1.2
  Bug fixes including security fixes among which:
  CVE-2016-8332 CVE-2016-7163
  CVE-2016-5139 CVE-2016-5159
  CVE-2016-5158 (not listed but solved different way)
  Huge amount of critical bugfixes
  Speed improvements
  No API/ABI break compared to v2.1.1/v2.1
- some doc files now have '.md' suffix (like README.md)
- CVE-2016-5152 with new 0018-tcd_get_decoded_tile_size.patch

OBS-URL: https://build.opensuse.org/request/show/447006
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/openjpeg2?expand=0&rev=9
This commit is contained in:
Ludwig Nussel 2016-12-22 15:00:00 +00:00 committed by Git OBS Bridge
commit e40e4f753b
5 changed files with 87 additions and 7 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

61
0018-tcd_get_decoded_tile_size.patch Normal file
View File

@ -0,0 +1,61 @@
---
src/lib/openjp2/j2k.c | 4 ++++
src/lib/openjp2/tcd.c | 16 ++++++++++++++--
2 files changed, 18 insertions(+), 2 deletions(-)
Index: openjpeg-2.1.2/src/lib/openjp2/j2k.c
===================================================================
--- openjpeg-2.1.2.orig/src/lib/openjp2/j2k.c
+++ openjpeg-2.1.2/src/lib/openjp2/j2k.c
@@ -8097,6 +8097,10 @@ OPJ_BOOL opj_j2k_read_tile_header(
*p_tile_index = p_j2k->m_current_tile_number;
*p_go_on = OPJ_TRUE;
*p_data_size = opj_tcd_get_decoded_tile_size(p_j2k->m_tcd);
+ if (*p_data_size == (OPJ_UINT32)-1) {
+ return OPJ_FALSE;
+ }
+
*p_tile_x0 = p_j2k->m_tcd->tcd_image->tiles->x0;
*p_tile_y0 = p_j2k->m_tcd->tcd_image->tiles->y0;
*p_tile_x1 = p_j2k->m_tcd->tcd_image->tiles->x1;
Index: openjpeg-2.1.2/src/lib/openjp2/tcd.c
===================================================================
--- openjpeg-2.1.2.orig/src/lib/openjp2/tcd.c
+++ openjpeg-2.1.2/src/lib/openjp2/tcd.c
@@ -1154,6 +1154,7 @@ OPJ_UINT32 opj_tcd_get_decoded_tile_size
opj_tcd_tilecomp_t * l_tile_comp = 00;
opj_tcd_resolution_t * l_res = 00;
OPJ_UINT32 l_size_comp, l_remaining;
+ OPJ_UINT32 l_temp;
l_tile_comp = p_tcd->tcd_image->tiles->comps;
l_img_comp = p_tcd->image->comps;
@@ -1171,7 +1172,18 @@ OPJ_UINT32 opj_tcd_get_decoded_tile_size
}
l_res = l_tile_comp->resolutions + l_tile_comp->minimum_num_resolutions - 1;
- l_data_size += l_size_comp * (OPJ_UINT32)((l_res->x1 - l_res->x0) * (l_res->y1 - l_res->y0));
+ l_temp = (OPJ_UINT32)((l_res->x1 - l_res->x0) * (l_res->y1 - l_res->y0)); /* x1*y1 can't overflow */
+
+ if (l_size_comp && ((OPJ_UINT32)-1) / l_size_comp < l_temp) {
+ return (OPJ_UINT32)-1;
+ }
+ l_temp *= l_size_comp;
+
+ if (l_temp > ((OPJ_UINT32)-1) - l_data_size) {
+ return (OPJ_UINT32)-1;
+ }
+ l_data_size += l_temp;
+
++l_img_comp;
++l_tile_comp;
}
@@ -1366,7 +1378,7 @@ OPJ_BOOL opj_tcd_update_tile_data ( opj_
OPJ_UINT32 l_stride, l_width,l_height;
l_data_size = opj_tcd_get_decoded_tile_size(p_tcd);
- if (l_data_size > p_dest_length) {
+ if (l_data_size == (OPJ_UINT32)-1 || l_data_size > p_dest_length) {
return OPJ_FALSE;
}

3
openjpeg-2.1.0.tar.gz
View File

@ -1,3 +0,0 @@
version https://git-lfs.github.com/spec/v1
oid sha256:1232bb814fd88d8ed314c94f0bfebb03de8559583a33abbe8c64ef3fc0a8ff03
size 1789675

3
openjpeg-2.1.2.tar.gz Normal file
View File

@ -0,0 +1,3 @@
version https://git-lfs.github.com/spec/v1
oid sha256:4ce77b6ef538ef090d9bde1d5eeff8b3069ab56c4906f083475517c2c023dfa7
size 1987071

14
openjpeg2.changes
View File

@ -1,3 +1,17 @@
-------------------------------------------------------------------
Mon Dec 19 08:42:02 UTC 2016 - normand@linux.vnet.ibm.com
- update to version 2.1.2
Bug fixes including security fixes among which:
CVE-2016-8332 CVE-2016-7163
CVE-2016-5139 CVE-2016-5159
CVE-2016-5158 (not listed but solved different way)
Huge amount of critical bugfixes
Speed improvements
No API/ABI break compared to v2.1.1/v2.1
- some doc files now have '.md' suffix (like README.md)
- CVE-2016-5152 with new 0018-tcd_get_decoded_tile_size.patch
------------------------------------------------------------------- -------------------------------------------------------------------
Tue Dec 8 15:13:03 UTC 2015 - p.drouand@gmail.com Tue Dec 8 15:13:03 UTC 2015 - p.drouand@gmail.com

13
openjpeg2.spec
View File

@ -1,7 +1,7 @@
# #
# spec file for package openjpeg2 # spec file for package openjpeg2
# #
# Copyright (c) 2015 SUSE LINUX GmbH, Nuernberg, Germany. # Copyright (c) 2016 SUSE LINUX GmbH, Nuernberg, Germany.
# #
# All modifications and additions to the file contributed by third parties # All modifications and additions to the file contributed by third parties
# remain the property of their copyright owners, unless otherwise agreed # remain the property of their copyright owners, unless otherwise agreed
@ -19,13 +19,13 @@
%define library_name libopenjp2-7 %define library_name libopenjp2-7
%define base_version 2.1 %define base_version 2.1
Name: openjpeg2 Name: openjpeg2
Version: %{base_version}.0 Version: %{base_version}.2
Release: 0 Release: 0
Summary: Opensource JPEG 2000 Codec Implementation Summary: Opensource JPEG 2000 Codec Implementation
License: BSD-2-Clause License: BSD-2-Clause
Group: Productivity/Graphics/Other Group: Productivity/Graphics/Other
Url: http://www.openjpeg.org/ Url: http://www.openjpeg.org/
Source0: http://sourceforge.net/projects/openjpeg.mirror/files/%{version}/openjpeg-%{version}.tar.gz Source0: https://github.com/uclouvain/openjpeg/archive/v%{version}.tar.gz#/openjpeg-%{version}.tar.gz
Source1: baselibs.conf Source1: baselibs.conf
BuildRequires: cmake > 2.8.2 BuildRequires: cmake > 2.8.2
BuildRequires: doxygen BuildRequires: doxygen
@ -36,6 +36,10 @@ BuildRequires: pkgconfig(libpng)
BuildRequires: pkgconfig(libtiff-4) BuildRequires: pkgconfig(libtiff-4)
BuildRoot: %{_tmppath}/%{name}-%{version}-build BuildRoot: %{_tmppath}/%{name}-%{version}-build
# CVE-2016-5152 is
# https://pdfium.googlesource.com/pdfium.git/+/d8cc503575463ff3d81b22dad292665f2c88911e/third_party/libopenjpeg20/0018-tcd_get_decoded_tile_size.patch
Patch1: 0018-tcd_get_decoded_tile_size.patch
%description %description
The OpenJPEG library is an open-source JPEG 2000 codec written in C language. The OpenJPEG library is an open-source JPEG 2000 codec written in C language.
It has been developed in order to promote the use of JPEG 2000, the new It has been developed in order to promote the use of JPEG 2000, the new
@ -76,6 +80,7 @@ sed -i 's|^HTML_TIMESTAMP[ =].*$|HTML_TIMESTAMP = NO|' doc/Doxyfile.dox.cmake.in
for d in thirdparty/*; do for d in thirdparty/*; do
[ -d "$d" ] && rm -rf "$d" [ -d "$d" ] && rm -rf "$d"
done done
%patch1 -p1
%build %build
%cmake \ %cmake \
@ -114,7 +119,7 @@ rm -rf %{buildroot}%{_datadir}/doc
%files %files
%defattr(-,root,root,-) %defattr(-,root,root,-)
%doc AUTHORS CHANGES NEWS LICENSE README THANKS %doc AUTHORS.md CHANGELOG.md NEWS.md LICENSE README.md THANKS.md
%{_bindir}/opj_* %{_bindir}/opj_*
%{_mandir}/man1/opj_*.1%{ext_man} %{_mandir}/man1/opj_*.1%{ext_man}