From df77f0c0f6ce284e00e3eca802e9cc768a9c202a Mon Sep 17 00:00:00 2001 From: Remi Collet Date: Mon, 20 Jan 2020 12:27:54 +0100 Subject: sync with Fedora Backport patch for CVE 2020-6851 --- openjpeg2-static.spec | 24 +++++++++++++++++++----- openjpeg2_CVE-2020-6851.patch | 29 +++++++++++++++++++++++++++++ openjpeg2_remove-thirdparty.patch | 11 ----------- 3 files changed, 48 insertions(+), 16 deletions(-) create mode 100644 openjpeg2_CVE-2020-6851.patch delete mode 100644 openjpeg2_remove-thirdparty.patch diff --git a/openjpeg2-static.spec b/openjpeg2-static.spec index 7ee2dba..35f14e9 100644 --- a/openjpeg2-static.spec +++ b/openjpeg2-static.spec @@ -6,9 +6,12 @@ #global optional_components 1 +# https://bugzilla.redhat.com/show_bug.cgi?id=1751749 +%global _target_platform %{_vendor}-%{_target_os} + Name: openjpeg2-static Version: 2.3.1 -Release: 2%{?dist} +Release: 4%{?dist} Summary: C-Library for JPEG 2000 # windirent.h is MIT, the rest is BSD @@ -20,10 +23,11 @@ Source0: https://github.com/uclouvain/openjpeg/archive/v%{version}/openjp Source1: data.tar.xz %endif -# Remove bundled libraries -Patch0: openjpeg2_remove-thirdparty.patch # Rename tool names to avoid conflicts with openjpeg-1.x -Patch1: openjpeg2_opj2.patch +Patch0: openjpeg2_opj2.patch +# Backport patch for CVE 2020-6851 +# https://github.com/uclouvain/openjpeg/issues/1228 +Patch1: openjpeg2_CVE-2020-6851.patch BuildRequires: cmake @@ -209,7 +213,7 @@ OpenJPEG2 JP3D module command line tools %patch1 -p1 # Remove all third party libraries just to be sure -rm -rf thirdparty +find thirdparty/ -mindepth 1 -maxdepth 1 -type d -exec rm -rf {} \; %build @@ -338,6 +342,16 @@ make test -C %{_target_platform} %changelog +* Mon Jan 20 2020 Remi Collet - 2.3.1-4 +- sync with Fedora +- Backport patch for CVE 2020-6851 + +* Fri Jan 17 2020 Sandro Mani - 2.3.1-4 +- Backport patch for CVE 2020-6851 + +* Wed Oct 02 2019 Sandro Mani - 2.3.1-3 +- Fix unbundling 3rd party libraries (#1757822) + * Thu Apr 4 2019 Remi Collet - 2.3.1-2 - re-add -fPIC build flag diff --git a/openjpeg2_CVE-2020-6851.patch b/openjpeg2_CVE-2020-6851.patch new file mode 100644 index 0000000..9a70291 --- /dev/null +++ b/openjpeg2_CVE-2020-6851.patch @@ -0,0 +1,29 @@ +From 024b8407392cb0b82b04b58ed256094ed5799e04 Mon Sep 17 00:00:00 2001 +From: Even Rouault +Date: Sat, 11 Jan 2020 01:51:19 +0100 +Subject: [PATCH] opj_j2k_update_image_dimensions(): reject images whose + coordinates are beyond INT_MAX (fixes #1228) + +--- + src/lib/openjp2/j2k.c | 8 ++++++++ + 1 file changed, 8 insertions(+) + +diff --git a/src/lib/openjp2/j2k.c b/src/lib/openjp2/j2k.c +index 14f6ff41a..922550eb1 100644 +--- a/src/lib/openjp2/j2k.c ++++ b/src/lib/openjp2/j2k.c +@@ -9221,6 +9221,14 @@ static OPJ_BOOL opj_j2k_update_image_dimensions(opj_image_t* p_image, + l_img_comp = p_image->comps; + for (it_comp = 0; it_comp < p_image->numcomps; ++it_comp) { + OPJ_INT32 l_h, l_w; ++ if (p_image->x0 > (OPJ_UINT32)INT_MAX || ++ p_image->y0 > (OPJ_UINT32)INT_MAX || ++ p_image->x1 > (OPJ_UINT32)INT_MAX || ++ p_image->y1 > (OPJ_UINT32)INT_MAX) { ++ opj_event_msg(p_manager, EVT_ERROR, ++ "Image coordinates above INT_MAX are not supported\n"); ++ return OPJ_FALSE; ++ } + + l_img_comp->x0 = (OPJ_UINT32)opj_int_ceildiv((OPJ_INT32)p_image->x0, + (OPJ_INT32)l_img_comp->dx); diff --git a/openjpeg2_remove-thirdparty.patch b/openjpeg2_remove-thirdparty.patch deleted file mode 100644 index 12ac763..0000000 --- a/openjpeg2_remove-thirdparty.patch +++ /dev/null @@ -1,11 +0,0 @@ -diff -rupN openjpeg-2.3.1/CMakeLists.txt openjpeg-2.3.1-new/CMakeLists.txt ---- openjpeg-2.3.1/CMakeLists.txt 2019-04-02 14:45:15.000000000 +0200 -+++ openjpeg-2.3.1-new/CMakeLists.txt 2019-04-02 16:14:13.688252343 +0200 -@@ -278,7 +278,6 @@ if(BUILD_CODEC OR BUILD_MJ2) - # OFF: It will only build 3rd party libs if they are not found on the system - # ON: 3rd party libs will ALWAYS be build, and used - option(BUILD_THIRDPARTY "Build the thirdparty executables if it is needed" OFF) -- add_subdirectory(thirdparty) - add_subdirectory(src/bin) - endif () - add_subdirectory(wrapping) -- cgit