Projects
Mega:24.03:SP1:Everything
openjpeg2
Sign Up
Log In
Username
Password
Overview
Repositories
Revisions
Requests
Users
Attributes
Meta
Expand all
Collapse all
Changes of Revision 2
View file
_service:tar_scm:openjpeg2.spec
Changed
@@ -2,15 +2,15 @@ Name: openjpeg2 Version: 2.5.0 -Release: 4 +Release: 5 Summary: C-Library for JPEG 2000 License: BSD and MIT URL: https://github.com/uclouvain/openjpeg Source0: https://github.com/uclouvain/openjpeg/archive/v%{version}/openjpeg-%{version}.tar.gz Patch0: openjpeg2_opj2.patch -Patch1: heap-buffer-overflow.patch -Patch2: backport-CVE-2023-39328.patch +Patch1: backport-CVE-2023-39328.patch +Patch2: backport-CVE-2021-3575.patch BuildRequires: cmake gcc-c++ make zlib-devel libpng-devel libtiff-devel lcms2-devel doxygen java-devel BuildRequires: jbigkit-devel libjpeg-turbo-devel @@ -101,6 +101,9 @@ %{_bindir}/opj2_dump %changelog +* Tue Oct 29 2024 zhangpan <zhangpan103@h-partners.com> - 2.5.0-5 +- fix CVE-2021-3575 + * Thu Jul 11 2024 xinghe <xinghe2@h-partners.com> - 2.5.0-4 - Type:cves - ID:CVE-2023-39328
View file
_service:tar_scm:backport-CVE-2021-3575.patch
Added
@@ -0,0 +1,43 @@ +From 7bd884f8750892de4f50bf4642fcfbe7011c6bdf Mon Sep 17 00:00:00 2001 +From: Even Rouault <even.rouault@spatialys.com> +Date: Sun, 18 Feb 2024 17:02:25 +0100 +Subject: PATCH opj_decompress: fix off-by-one read heap-buffer-overflow in + sycc420_to_rgb() when x0 and y0 are odd (CVE-2021-3575, fixes #1347) + +Reference:https://github.com/uclouvain/openjpeg/commit/7bd884f8750892de4f50bf4642fcfbe7011c6bdf +Conflict:NA + +--- + src/bin/common/color.c | 12 ++++++++++-- + 1 file changed, 10 insertions(+), 2 deletions(-) + +diff --git a/src/bin/common/color.c b/src/bin/common/color.c +index 27f15f137..ae5d648da 100644 +--- a/src/bin/common/color.c ++++ b/src/bin/common/color.c +@@ -358,7 +358,15 @@ static void sycc420_to_rgb(opj_image_t *img) + if (i < loopmaxh) { + size_t j; + +- for (j = 0U; j < (maxw & ~(size_t)1U); j += 2U) { ++ if (offx > 0U) { ++ sycc_to_rgb(offset, upb, *y, 0, 0, r, g, b); ++ ++y; ++ ++r; ++ ++g; ++ ++b; ++ } ++ ++ for (j = 0U; j < (loopmaxw & ~(size_t)1U); j += 2U) { + sycc_to_rgb(offset, upb, *y, *cb, *cr, r, g, b); + + ++y; +@@ -375,7 +383,7 @@ static void sycc420_to_rgb(opj_image_t *img) + ++cb; + ++cr; + } +- if (j < maxw) { ++ if (j < loopmaxw) { + sycc_to_rgb(offset, upb, *y, *cb, *cr, r, g, b); + } + }
View file
_service:tar_scm:heap-buffer-overflow.patch
Deleted
@@ -1,22 +0,0 @@ -diff -rupN --no-dereference openjpeg-2.4.0/src/bin/common/color.c openjpeg-2.4.0-new/src/bin/common/color.c ---- openjpeg-2.4.0/src/bin/common/color.c 2020-12-28 21:59:39.000000000 +0100 -+++ openjpeg-2.4.0-new/src/bin/common/color.c 2021-05-27 23:46:46.961130438 +0200 -@@ -368,12 +368,15 @@ static void sycc420_to_rgb(opj_image_t * - - sycc_to_rgb(offset, upb, *y, *cb, *cr, r, g, b); - -- ++y; -+ if (*y != img->comps0.dataloopmaxh) -+ ++y; - ++r; - ++g; - ++b; -- ++cb; -- ++cr; -+ if (*cb != img->comps1.dataloopmaxh) -+ ++cb; -+ if (*cr != img->comps2.dataloopmaxh) -+ ++cr; - } - if (j < maxw) { - sycc_to_rgb(offset, upb, *y, *cb, *cr, r, g, b);
View file
_service
Changed
@@ -2,7 +2,7 @@ <service name="tar_scm"> <param name="scm">git</param> <param name="url">git@gitee.com:src-openeuler/openjpeg2.git</param> - <param name="revision">openEuler-24.03-LTS-Next</param> + <param name="revision">openEuler-24.03-LTS-SP1</param> <param name="exclude">*</param> <param name="extract">*</param> </service>
Locations
Projects
Search
Status Monitor
Help
Open Build Service
OBS Manuals
API Documentation
OBS Portal
Reporting a Bug
Contact
Mailing List
Forums
Chat (IRC)
Twitter
Open Build Service (OBS)
is an
openSUSE project
.
浙ICP备2022010568号-2