jcgruenhage/void-packages
1
0
Fork 0
Code Issues Pull requests Projects Releases Wiki Activity

openjpeg2: update to 2.3.1.

Browse source
This commit is contained in:
maxice8 2019-04-02 16:52:42 -03:00 committed by maxice8
parent 8ce768c2c7
commit 0950c55b25
6 changed files with 5 additions and 289 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

42
srcpkgs/openjpeg2/patches/CVE-2017-17480.patch
View file

@ -1,42 +0,0 @@
From 0bc90e4062a5f9258c91eca018c019b179066c62 Mon Sep 17 00:00:00 2001
From: Hugo Lefeuvre <hle@debian.org>
Date: Mon, 22 Oct 2018 16:59:41 +0200
Subject: [PATCH] jp3d/jpwl convert: fix write stack buffer overflow
Missing buffer length formatter in fscanf call might lead to write
stack buffer overflow.
fixes #1044 (CVE-2017-17480)
---
src/bin/jp3d/convert.c | 4 ++--
src/bin/jpwl/convert.c | 2 +-
2 files changed, 3 insertions(+), 3 deletions(-)
diff --git a/src/bin/jp3d/convert.c b/src/bin/jp3d/convert.c
index 23fd70b04..acad8f82a 100644
--- src/bin/jp3d/convert.c
+++ src/bin/jp3d/convert.c
@@ -297,8 +297,8 @@ opj_volume_t* pgxtovolume(char *relpath, opj_cparameters_t *parameters)
fprintf(stdout, "[INFO] Loading %s \n", pgxfiles[pos]);
fseek(f, 0, SEEK_SET);
- fscanf(f, "PG%[ \t]%c%c%[ \t+-]%d%[ \t]%d%[ \t]%d", temp, &endian1, &endian2,
- signtmp, &prec, temp, &w, temp, &h);
+ fscanf(f, "PG%31[ \t]%c%c%31[ \t+-]%d%31[ \t]%d%31[ \t]%d", temp, &endian1,
+ &endian2, signtmp, &prec, temp, &w, temp, &h);
i = 0;
sign = '+';
diff --git a/src/bin/jpwl/convert.c b/src/bin/jpwl/convert.c
index f3bb670b0..73c1be729 100644
--- src/bin/jpwl/convert.c
+++ src/bin/jpwl/convert.c
@@ -1349,7 +1349,7 @@ opj_image_t* pgxtoimage(const char *filename, opj_cparameters_t *parameters)
}
fseek(f, 0, SEEK_SET);
- if (fscanf(f, "PG%[ \t]%c%c%[ \t+-]%d%[ \t]%d%[ \t]%d", temp, &endian1,
+ if (fscanf(f, "PG%31[ \t]%c%c%31[ \t+-]%d%31[ \t]%d%31[ \t]%d", temp, &endian1,
&endian2, signtmp, &prec, temp, &w, temp, &h) != 9) {
fprintf(stderr,
"ERROR: Failed to read the right number of element from the fscanf() function!\n");

60
srcpkgs/openjpeg2/patches/CVE-2018-14423.patch
View file

@ -1,60 +0,0 @@
From bd88611ed9ad7144ec4f3de54790cd848175891b Mon Sep 17 00:00:00 2001
From: Young_X <YangX92@hotmail.com>
Date: Fri, 23 Nov 2018 17:15:05 +0800
Subject: [PATCH] [JP3D] To avoid divisions by zero / undefined behaviour on
shift (CVE-2018-14423
Signed-off-by: Young_X <YangX92@hotmail.com>
---
src/lib/openjp3d/pi.c | 24 ++++++++++++++++++++++++
1 file changed, 24 insertions(+)
diff --git a/src/lib/openjp3d/pi.c b/src/lib/openjp3d/pi.c
index a03be45e7..a58ebcc7c 100644
--- src/lib/openjp3d/pi.c
+++ src/lib/openjp3d/pi.c
@@ -223,6 +223,14 @@ static bool pi_next_rpcl(opj_pi_iterator_t * pi)
rpx = res->pdx + levelnox;
rpy = res->pdy + levelnoy;
rpz = res->pdz + levelnoz;
+
+ /* To avoid divisions by zero / undefined behaviour on shift */
+ if (rpx >= 31 || ((comp->dx << rpx) >> rpx) != comp->dx ||
+ rpy >= 31 || ((comp->dy << rpy) >> rpy) != comp->dy ||
+ rpz >= 31 || ((comp->dz << rpz) >> rpz) != comp->dz) {
+ continue;
+ }
+
if ((!(pi->x % (comp->dx << rpx) == 0) || (pi->x == pi->tx0 &&
(trx0 << levelnox) % (1 << rpx)))) {
continue;
@@ -329,6 +337,14 @@ static bool pi_next_pcrl(opj_pi_iterator_t * pi)
rpx = res->pdx + levelnox;
rpy = res->pdy + levelnoy;
rpz = res->pdz + levelnoz;
+
+ /* To avoid divisions by zero / undefined behaviour on shift */
+ if (rpx >= 31 || ((comp->dx << rpx) >> rpx) != comp->dx ||
+ rpy >= 31 || ((comp->dy << rpy) >> rpy) != comp->dy ||
+ rpz >= 31 || ((comp->dz << rpz) >> rpz) != comp->dz) {
+ continue;
+ }
+
if ((!(pi->x % (comp->dx << rpx) == 0) || (pi->x == pi->tx0 &&
(trx0 << levelnox) % (1 << rpx)))) {
continue;
@@ -432,6 +448,14 @@ static bool pi_next_cprl(opj_pi_iterator_t * pi)
rpx = res->pdx + levelnox;
rpy = res->pdy + levelnoy;
rpz = res->pdz + levelnoz;
+
+ /* To avoid divisions by zero / undefined behaviour on shift */
+ if (rpx >= 31 || ((comp->dx << rpx) >> rpx) != comp->dx ||
+ rpy >= 31 || ((comp->dy << rpy) >> rpy) != comp->dy ||
+ rpz >= 31 || ((comp->dz << rpz) >> rpz) != comp->dz) {
+ continue;
+ }
+
if ((!(pi->x % (comp->dx << rpx) == 0) || (pi->x == pi->tx0 &&
(trx0 << levelnox) % (1 << rpx)))) {
continue;

34
srcpkgs/openjpeg2/patches/CVE-2018-18088.patch
View file

@ -1,34 +0,0 @@
From cab352e249ed3372dd9355c85e837613fff98fa2 Mon Sep 17 00:00:00 2001
From: Hugo Lefeuvre <hle@debian.org>
Date: Wed, 7 Nov 2018 18:48:29 +0100
Subject: [PATCH] jp2: convert: fix null pointer dereference
Tile components in a JP2 image might have null data pointer by defining a
zero component size (for example using large horizontal or vertical
sampling periods). This null data pointer leads to null image component
data pointer, causing crash when dereferenced without != null check in
imagetopnm.
Add != null check.
This commit addresses #1152 (CVE-2018-18088).
---
src/bin/jp2/convert.c | 5 +++++
1 file changed, 5 insertions(+)
diff --git a/src/bin/jp2/convert.c b/src/bin/jp2/convert.c
index fa02e31c5..e670cd82f 100644
--- src/bin/jp2/convert.c
+++ src/bin/jp2/convert.c
@@ -2233,6 +2233,11 @@ int imagetopnm(opj_image_t * image, const char *outfile, int force_split)
opj_version(), wr, hr, max);
red = image->comps[compno].data;
+ if (!red) {
+ fclose(fdest);
+ continue;
+ }
+
adjustR =
(image->comps[compno].sgnd ? 1 << (image->comps[compno].prec - 1) : 0);

79
srcpkgs/openjpeg2/patches/CVE-2018-5785.patch
View file

@ -1,79 +0,0 @@
From ca16fe55014c57090dd97369256c7657aeb25975 Mon Sep 17 00:00:00 2001
From: Hugo Lefeuvre <hle@debian.org>
Date: Sat, 22 Sep 2018 14:33:19 -0400
Subject: [PATCH] convertbmp: fix issues with zero bitmasks
In the case where a BMP file declares compression 3 (BI_BITFIELDS)
with header size <= 56, all bitmask values keep their initialization
value 0. This may lead to various undefined behavior later e.g. when
doing 1 << (l_comp->prec - 1).
This issue does not affect files with bit count 16 because of a check
added in 16240e2 which sets default values to the color masks if they
are all 0.
This commit adds similar checks for the 32 bit case.
Also, if a BMP file declares compression 3 with header size >= 56 and
intentional 0 bitmasks, the same issue will be triggered in both the
16 and 32 bit count case.
This commit adds checks to bmp_read_info_header() rejecting BMP files
with "intentional" 0 bitmasks. These checks might be removed in the
future when proper handling of zero bitmasks will be available in
openjpeg2.
fixes #1057 (CVE-2018-5785)
---
src/bin/jp2/convertbmp.c | 21 +++++++++++++++++++++
1 file changed, 21 insertions(+)
diff --git a/src/bin/jp2/convertbmp.c b/src/bin/jp2/convertbmp.c
index 084f70bb7..7fde99ab3 100644
--- src/bin/jp2/convertbmp.c
+++ src/bin/jp2/convertbmp.c
@@ -435,16 +435,31 @@ static OPJ_BOOL bmp_read_info_header(FILE* IN, OPJ_BITMAPINFOHEADER* header)
header->biRedMask |= (OPJ_UINT32)getc(IN) << 16;
header->biRedMask |= (OPJ_UINT32)getc(IN) << 24;
+ if (!header->biRedMask) {
+ fprintf(stderr, "Error, invalid red mask value %d\n", header->biRedMask);
+ return OPJ_FALSE;
+ }
+
header->biGreenMask = (OPJ_UINT32)getc(IN);
header->biGreenMask |= (OPJ_UINT32)getc(IN) << 8;
header->biGreenMask |= (OPJ_UINT32)getc(IN) << 16;
header->biGreenMask |= (OPJ_UINT32)getc(IN) << 24;
+ if (!header->biGreenMask) {
+ fprintf(stderr, "Error, invalid green mask value %d\n", header->biGreenMask);
+ return OPJ_FALSE;
+ }
+
header->biBlueMask = (OPJ_UINT32)getc(IN);
header->biBlueMask |= (OPJ_UINT32)getc(IN) << 8;
header->biBlueMask |= (OPJ_UINT32)getc(IN) << 16;
header->biBlueMask |= (OPJ_UINT32)getc(IN) << 24;
+ if (!header->biBlueMask) {
+ fprintf(stderr, "Error, invalid blue mask value %d\n", header->biBlueMask);
+ return OPJ_FALSE;
+ }
+
header->biAlphaMask = (OPJ_UINT32)getc(IN);
header->biAlphaMask |= (OPJ_UINT32)getc(IN) << 8;
header->biAlphaMask |= (OPJ_UINT32)getc(IN) << 16;
@@ -831,6 +846,12 @@ opj_image_t* bmptoimage(const char *filename, opj_cparameters_t *parameters)
bmpmask32toimage(pData, stride, image, 0x00FF0000U, 0x0000FF00U, 0x000000FFU,
0x00000000U);
} else if (Info_h.biBitCount == 32 && Info_h.biCompression == 3) { /* bitmask */
+ if ((Info_h.biRedMask == 0U) && (Info_h.biGreenMask == 0U) &&
+ (Info_h.biBlueMask == 0U)) {
+ Info_h.biRedMask = 0x00FF0000U;
+ Info_h.biGreenMask = 0x0000FF00U;
+ Info_h.biBlueMask = 0x000000FFU;
+ }
bmpmask32toimage(pData, stride, image, Info_h.biRedMask, Info_h.biGreenMask,
Info_h.biBlueMask, Info_h.biAlphaMask);
} else if (Info_h.biBitCount == 16 && Info_h.biCompression == 0) { /* RGBX */

69
srcpkgs/openjpeg2/patches/CVE-2018-6616.patch
View file

@ -1,69 +0,0 @@
From 8ee335227bbcaf1614124046aa25e53d67b11ec3 Mon Sep 17 00:00:00 2001
From: Hugo Lefeuvre <hle@debian.org>
Date: Fri, 14 Dec 2018 04:58:40 +0100
Subject: [PATCH] convertbmp: detect invalid file dimensions early
width/length dimensions read from bmp headers are not necessarily
valid. For instance they may have been maliciously set to very large
values with the intention to cause DoS (large memory allocation, stack
overflow). In these cases we want to detect the invalid size as early
as possible.
This commit introduces a counter which verifies that the number of
written bytes corresponds to the advertized width/length.
Fixes #1059 (CVE-2018-6616).
---
src/bin/jp2/convertbmp.c | 12 ++++++++++--
1 file changed, 10 insertions(+), 2 deletions(-)
diff --git a/src/bin/jp2/convertbmp.c b/src/bin/jp2/convertbmp.c
index 85a47feaf..0af52f816 100644
--- src/bin/jp2/convertbmp.c
+++ src/bin/jp2/convertbmp.c
@@ -534,14 +534,14 @@ static OPJ_BOOL bmp_read_raw_data(FILE* IN, OPJ_UINT8* pData, OPJ_UINT32 stride,
static OPJ_BOOL bmp_read_rle8_data(FILE* IN, OPJ_UINT8* pData,
OPJ_UINT32 stride, OPJ_UINT32 width, OPJ_UINT32 height)
{
- OPJ_UINT32 x, y;
+ OPJ_UINT32 x, y, written;
OPJ_UINT8 *pix;
const OPJ_UINT8 *beyond;
beyond = pData + stride * height;
pix = pData;
- x = y = 0U;
+ x = y = written = 0U;
while (y < height) {
int c = getc(IN);
if (c == EOF) {
@@ -561,6 +561,7 @@ static OPJ_BOOL bmp_read_rle8_data(FILE* IN, OPJ_UINT8* pData,
for (j = 0; (j < c) && (x < width) &&
((OPJ_SIZE_T)pix < (OPJ_SIZE_T)beyond); j++, x++, pix++) {
*pix = c1;
+ written++;
}
} else {
c = getc(IN);
@@ -598,6 +599,7 @@ static OPJ_BOOL bmp_read_rle8_data(FILE* IN, OPJ_UINT8* pData,
}
c1 = (OPJ_UINT8)c1_int;
*pix = c1;
+ written++;
}
if ((OPJ_UINT32)c & 1U) { /* skip padding byte */
c = getc(IN);
@@ -608,6 +610,12 @@ static OPJ_BOOL bmp_read_rle8_data(FILE* IN, OPJ_UINT8* pData,
}
}
}/* while() */
+
+ if (written != width * height) {
+ fprintf(stderr, "warning, image's actual size does not match advertized one\n");
+ return OPJ_FALSE;
+ }
+
return OPJ_TRUE;
}

10
srcpkgs/openjpeg2/template
View file

@ -1,16 +1,16 @@
# Template file for 'openjpeg2'
pkgname=openjpeg2
version=2.3.0
revision=3
version=2.3.1
revision=1
wrksrc="openjpeg-${version}"
build_style=cmake
makedepends="libpng-devel lcms2-devel tiff-devel"
maintainer="Orphaned <orphan@voidlinux.org>"
short_desc="Open-source JPEG 2000 codec written in C language (Version 2)"
homepage="http://www.openjpeg.org/"
maintainer="Orphaned <orphan@voidlinux.org>"
license="BSD-2-Clause"
homepage="http://www.openjpeg.org/"
distfiles="https://github.com/uclouvain/openjpeg/archive/v${version}.tar.gz"
checksum=3dc787c1bb6023ba846c2a0d9b1f6e179f1cd255172bde9eb75b01f1e6c7d71a
checksum=63f5a4713ecafc86de51bfad89cc07bb788e9bba24ebbf0c4ca637621aadb6a9
post_install() {
vlicense LICENSE