From 033447d1343432ae9305be2e79da2e45e70f68a8 Mon Sep 17 00:00:00 2001 From: dogsheng <960055655@qq.com> Date: Wed, 25 Dec 2019 16:00:06 +0800 Subject: [PATCH] Package init --- CVE-2016-10505.patch | 45 ++++++++++++++++++++++++++++++++++++++++++++ CVE-2016-7445.patch | 23 ++++++++++++++++++++++ openjpeg2.spec | 8 +++++++- 3 files changed, 75 insertions(+), 1 deletion(-) create mode 100644 CVE-2016-10505.patch create mode 100644 CVE-2016-7445.patch diff --git a/CVE-2016-10505.patch b/CVE-2016-10505.patch new file mode 100644 index 0000000..161df03 --- /dev/null +++ b/CVE-2016-10505.patch @@ -0,0 +1,45 @@ +diff -Nur openjpeg-2.3.1_bak/src/bin/common/color.c openjpeg-2.3.1/src/bin/common/color.c +--- openjpeg-2.3.1_bak/src/bin/common/color.c 2019-10-14 06:31:49.372000000 -0400 ++++ openjpeg-2.3.1/src/bin/common/color.c 2019-10-14 06:33:30.080000000 -0400 +@@ -126,6 +126,7 @@ + d1 = g = (int*)opj_image_data_alloc(sizeof(int) * max); + d2 = b = (int*)opj_image_data_alloc(sizeof(int) * max); + ++ if(y == NULL || cb == NULL || cr == NULL) goto fails; + if (r == NULL || g == NULL || b == NULL) { + goto fails; + } +@@ -178,6 +179,7 @@ + d1 = g = (int*)opj_image_data_alloc(sizeof(int) * max); + d2 = b = (int*)opj_image_data_alloc(sizeof(int) * max); + ++ if(y == NULL || cb == NULL || cr == NULL) goto fails; + if (r == NULL || g == NULL || b == NULL) { + goto fails; + } +@@ -1062,6 +1064,7 @@ + (image->comps[0].dx != image->comps[2].dx) + || (image->comps[0].dy != image->comps[1].dy) || + (image->comps[0].dy != image->comps[2].dy) ++ || !image->comps [0].data || !image->comps [1].data || !image->comps [2].data + ) { + fprintf(stderr, "%s:%d:color_esycc_to_rgb\n\tCAN NOT CONVERT\n", __FILE__, + __LINE__); +diff -Nur openjpeg-2.3.1_bak/src/bin/jp2/convertbmp.c openjpeg-2.3.1/src/bin/jp2/convertbmp.c +--- openjpeg-2.3.1_bak/src/bin/jp2/convertbmp.c 2019-10-14 06:31:49.372000000 -0400 ++++ openjpeg-2.3.1/src/bin/jp2/convertbmp.c 2019-10-14 06:34:34.480000000 -0400 +@@ -889,6 +889,13 @@ + image->comps[0].prec); + return 1; + } ++ ++ for (i = 0; i < image->numcomps; i++) { ++ if (image->comps[i].data == NULL) { ++ fprintf(stderr, "Missing image data\n"); ++ return 1; ++ } ++ } + if (image->numcomps >= 3 && image->comps[0].dx == image->comps[1].dx + && image->comps[1].dx == image->comps[2].dx + && image->comps[0].dy == image->comps[1].dy + diff --git a/CVE-2016-7445.patch b/CVE-2016-7445.patch new file mode 100644 index 0000000..ef74c29 --- /dev/null +++ b/CVE-2016-7445.patch @@ -0,0 +1,23 @@ +diff -Nur openjpeg-2.3.1_old/src/bin/jpwl/convert.c openjpeg-2.3.1/src/bin/jpwl/convert.c +--- openjpeg-2.3.1_old/src/bin/jpwl/convert.c 2019-10-15 16:06:40.623000000 +0800 ++++ openjpeg-2.3.1/src/bin/jpwl/convert.c 2019-10-15 16:08:59.642000000 +0800 +@@ -1730,8 +1730,10 @@ + + if (!have_wh) { + s = skip_int(s, &ph->width); ++ if(s == NULL || *s == 0) return; + + s = skip_int(s, &ph->height); ++ if(s == NULL || *s == 0) return; + + have_wh = 1; + +@@ -1744,6 +1746,7 @@ + if (format == 2 || format == 3 || format == 5 || format == 6) { + /* P2, P3, P5, P6: */ + s = skip_int(s, &ph->maxval); ++ if(s == NULL || *s == 0) return; + + if (ph->maxval > 65535) { + return; + diff --git a/openjpeg2.spec b/openjpeg2.spec index e19f857..d75ebcc 100644 --- a/openjpeg2.spec +++ b/openjpeg2.spec @@ -1,6 +1,6 @@ Name: openjpeg2 Version: 2.3.1 -Release: 1 +Release: 2 Summary: C-Library for JPEG 2000 License: BSD and MIT URL: https://github.com/uclouvain/openjpeg @@ -9,6 +9,9 @@ Source0: https://github.com/uclouvain/openjpeg/archive/v%{version}/openjp Patch0: openjpeg2_remove-thirdparty.patch Patch1: openjpeg2_opj2.patch +Patch6000: CVE-2016-10505.patch +Patch6001: CVE-2016-7445.patch + BuildRequires: cmake gcc-c++ make zlib-devel libpng-devel libtiff-devel lcms2-devel doxygen Provides: %{name}-tools @@ -83,5 +86,8 @@ mv %{buildroot}%{_mandir}/man1/opj_dump.1 %{buildroot}%{_mandir}/man1/opj2_dump. %{_mandir}/man3/*.3* %changelog +* Thu Sep 19 2019 openEuler Buildteam - 2.3.1-2 +- fix CVE-2016-10505 and CVE-2016-7445 + * Thu Sep 19 2019 openEuler Buildteam - 2.3.1-1 - Package init