[arch-commits] Commit in openjpeg/trunk (11 files)
Jan de Groot
jgc at nymeria.archlinux.org
Mon Apr 28 07:45:27 UTC 2014
Date: Monday, April 28, 2014 @ 09:45:26
Author: jgc
Revision: 211844
upgpkg: openjpeg 1.5.2-1
Bump to 1.5.2, remove all included security patches
Modified:
openjpeg/trunk/PKGBUILD
Deleted:
openjpeg/trunk/openjpeg-1.5-r2029.patch
openjpeg/trunk/openjpeg-1.5-r2031.patch
openjpeg/trunk/openjpeg-1.5-r2032.patch
openjpeg/trunk/openjpeg-1.5-r2033.patch
openjpeg/trunk/openjpeg-1.5.1-CVE-2013-1447.patch
openjpeg/trunk/openjpeg-1.5.1-CVE-2013-6045.patch
openjpeg/trunk/openjpeg-1.5.1-CVE-2013-6052.patch
openjpeg/trunk/openjpeg-1.5.1-CVE-2013-6053.patch
openjpeg/trunk/openjpeg-1.5.1-CVE-2013-6887.patch
openjpeg/trunk/openjpeg-1.5.1-doxygen_timestamp.patch
----------------------------------------+
PKGBUILD | 41 -------
openjpeg-1.5-r2029.patch | 77 --------------
openjpeg-1.5-r2031.patch | 24 ----
openjpeg-1.5-r2032.patch | 30 -----
openjpeg-1.5-r2033.patch | 49 ---------
openjpeg-1.5.1-CVE-2013-1447.patch | 165 -------------------------------
openjpeg-1.5.1-CVE-2013-6045.patch | 60 -----------
openjpeg-1.5.1-CVE-2013-6052.patch | 53 ---------
openjpeg-1.5.1-CVE-2013-6053.patch | 12 --
openjpeg-1.5.1-CVE-2013-6887.patch | 30 -----
openjpeg-1.5.1-doxygen_timestamp.patch | 24 ----
11 files changed, 4 insertions(+), 561 deletions(-)
Modified: PKGBUILD
===================================================================
--- PKGBUILD 2014-04-28 05:52:08 UTC (rev 211843)
+++ PKGBUILD 2014-04-28 07:45:26 UTC (rev 211844)
@@ -2,8 +2,8 @@
# Maintainer: Jan de Groot <jgc at archlinux.org>
pkgname=openjpeg
-pkgver=1.5.1
-pkgrel=2
+pkgver=1.5.2
+pkgrel=1
pkgdesc="An open source JPEG 2000 codec"
arch=(i686 x86_64)
license=('BSD')
@@ -12,42 +12,9 @@
makedepends=('libtiff' 'lcms2' 'libpng' 'doxygen')
optdepends=('lcms2: j2k_to_image and image_to_j2k programs'
'libpng: j2k_to_image and image_to_j2k programs')
-source=(http://openjpeg.googlecode.com/files/openjpeg-${pkgver}.tar.gz
- openjpeg-1.5.1-CVE-2013-1447.patch
- openjpeg-1.5.1-CVE-2013-6045.patch
- openjpeg-1.5.1-CVE-2013-6052.patch
- openjpeg-1.5.1-CVE-2013-6053.patch
- openjpeg-1.5.1-CVE-2013-6887.patch
- openjpeg-1.5.1-doxygen_timestamp.patch
- openjpeg-1.5-r2029.patch
- openjpeg-1.5-r2031.patch
- openjpeg-1.5-r2032.patch
- openjpeg-1.5-r2033.patch)
-sha1sums=('1b0b74d1af4c297fd82806a9325bb544caf9bb8b'
- 'f2baf9bde105c96c7016be907cd278f2878be2b9'
- 'f3764e473bd35508e83643a9257979eaa2c89c36'
- '1d600a13432b977c46a5b74bf87bf1b5a130abfb'
- '8d2da4b912d7e930abec31a956b678f62566884c'
- '038e471597decf36de0c7c78915744054704c601'
- '339677795a567c0f91b62141847b8e5dda53e763'
- '1cd97c1be5cedad136894db2b16f856a28387aeb'
- 'f68108dd25c7ed278678de11d5713fba87ab6017'
- '222769c17e69022902d4e49c9dc5294361a00c85'
- '9ec5c1e0909c8946a174733a598fbe38675a0c9c')
+source=(http://downloads.sourceforge.net/openjpeg.mirror/${pkgname}-${pkgver}.tar.gz)
+sha1sums=('496e99ff1d37b73bbce6a066dd9bd3576ebca0a2')
-prepare() {
- cd $pkgname-$pkgver
- patch -Np1 -i ../openjpeg-1.5.1-doxygen_timestamp.patch
- patch -Np0 -i ../openjpeg-1.5-r2029.patch
- patch -Np0 -i ../openjpeg-1.5-r2031.patch
- patch -Np0 -i ../openjpeg-1.5-r2032.patch
- patch -Np0 -i ../openjpeg-1.5-r2033.patch
- patch -Np1 -i ../openjpeg-1.5.1-CVE-2013-6052.patch
- patch -Np1 -i ../openjpeg-1.5.1-CVE-2013-6053.patch
-# patch -Np1 -i ../openjpeg-1.5.1-CVE-2013-6045.patch
- patch -Np1 -i ../openjpeg-1.5.1-CVE-2013-1447.patch
- patch -Np1 -i ../openjpeg-1.5.1-CVE-2013-6887.patch
-}
build() {
cd $pkgname-$pkgver
Deleted: openjpeg-1.5-r2029.patch
===================================================================
--- openjpeg-1.5-r2029.patch 2014-04-28 05:52:08 UTC (rev 211843)
+++ openjpeg-1.5-r2029.patch 2014-04-28 07:45:26 UTC (rev 211844)
@@ -1,77 +0,0 @@
-Index: libopenjpeg/jp2.c
-===================================================================
---- libopenjpeg/jp2.c (revision 2028)
-+++ libopenjpeg/jp2.c (revision 2029)
-@@ -173,6 +173,10 @@
- else if (box->length == 0) {
- box->length = cio_numbytesleft(cio) + 8;
- }
-+ if (box->length < 0) {
-+ opj_event_msg(cinfo, EVT_ERROR, "Integer overflow in box->length\n");
-+ return OPJ_FALSE; // TODO: actually check jp2_read_boxhdr's return value
-+ }
-
- return OPJ_TRUE;
- }
-@@ -654,6 +658,7 @@
- opj_event_msg(cinfo, EVT_ERROR, "Expected JP2H Marker\n");
- return OPJ_FALSE;
- }
-+ if (box.length <= 8) return OPJ_FALSE;
- cio_skip(cio, box.length - 8);
-
- if(cio->bp >= cio->end) return OPJ_FALSE;
-@@ -679,6 +684,7 @@
- {
- if( !jp2_read_colr(jp2, cio, &box, color))
- {
-+ if (box.length <= 8) return OPJ_FALSE;
- cio_seek(cio, box.init_pos + 8);
- cio_skip(cio, box.length - 8);
- }
-@@ -689,6 +695,7 @@
- {
- if( !jp2_read_cdef(jp2, cio, &box, color))
- {
-+ if (box.length <= 8) return OPJ_FALSE;
- cio_seek(cio, box.init_pos + 8);
- cio_skip(cio, box.length - 8);
- }
-@@ -699,6 +706,7 @@
- {
- if( !jp2_read_pclr(jp2, cio, &box, color))
- {
-+ if (box.length <= 8) return OPJ_FALSE;
- cio_seek(cio, box.init_pos + 8);
- cio_skip(cio, box.length - 8);
- }
-@@ -709,12 +717,14 @@
- {
- if( !jp2_read_cmap(jp2, cio, &box, color))
- {
-+ if (box.length <= 8) return OPJ_FALSE;
- cio_seek(cio, box.init_pos + 8);
- cio_skip(cio, box.length - 8);
- }
- if( jp2_read_boxhdr(cinfo, cio, &box) == OPJ_FALSE ) return OPJ_FALSE;
- continue;
- }
-+ if (box.length <= 8) return OPJ_FALSE;
- cio_seek(cio, box.init_pos + 8);
- cio_skip(cio, box.length - 8);
- if( jp2_read_boxhdr(cinfo, cio, &box) == OPJ_FALSE ) return OPJ_FALSE;
-@@ -910,12 +920,14 @@
- }
- do {
- if(JP2_JP2C != box.type) {
-+ if (box.length <= 8) return OPJ_FALSE;
- cio_skip(cio, box.length - 8);
- if( jp2_read_boxhdr(cinfo, cio, &box) == OPJ_FALSE ) return OPJ_FALSE;
- }
- } while(JP2_JP2C != box.type);
-
- *j2k_codestream_offset = cio_tell(cio);
-+ if (box.length <= 8) return OPJ_FALSE;
- *j2k_codestream_length = box.length - 8;
-
- return OPJ_TRUE;
Deleted: openjpeg-1.5-r2031.patch
===================================================================
--- openjpeg-1.5-r2031.patch 2014-04-28 05:52:08 UTC (rev 211843)
+++ openjpeg-1.5-r2031.patch 2014-04-28 07:45:26 UTC (rev 211844)
@@ -1,24 +0,0 @@
-Index: libopenjpeg/jpwl/Makefile.am
-===================================================================
---- libopenjpeg/jpwl/Makefile.am (revision 2030)
-+++ libopenjpeg/jpwl/Makefile.am (revision 2031)
-@@ -18,7 +18,6 @@
- ../pi.c \
- ../raw.c \
- ../t1.c \
--../t1_generate_luts.c \
- ../t2.c \
- ../tcd.c \
- ../tgt.c \
-Index: libopenjpeg/Makefile.am
-===================================================================
---- libopenjpeg/Makefile.am (revision 2030)
-+++ libopenjpeg/Makefile.am (revision 2031)
-@@ -35,7 +35,6 @@
- pi.c \
- raw.c \
- t1.c \
--t1_generate_luts.c \
- t2.c \
- tcd.c \
- tgt.c \
Deleted: openjpeg-1.5-r2032.patch
===================================================================
--- openjpeg-1.5-r2032.patch 2014-04-28 05:52:08 UTC (rev 211843)
+++ openjpeg-1.5-r2032.patch 2014-04-28 07:45:26 UTC (rev 211844)
@@ -1,30 +0,0 @@
-Index: libopenjpeg/j2k.c
-===================================================================
---- libopenjpeg/j2k.c (revision 2031)
-+++ libopenjpeg/j2k.c (revision 2032)
-@@ -468,6 +468,12 @@
- }
- #endif /* USE_JPWL */
-
-+ /* prevent division by zero */
-+ if (!(cp->tdx * cp->tdy)) {
-+ opj_event_msg(j2k->cinfo, EVT_ERROR, "JPWL: invalid tile size (tdx: %d, tdy: %d)\n", cp->tdx, cp->tdy);
-+ return;
-+ }
-+
- image->comps = (opj_image_comp_t*) opj_calloc(image->numcomps, sizeof(opj_image_comp_t));
- for (i = 0; i < image->numcomps; i++) {
- int tmp, w, h;
-@@ -506,6 +512,12 @@
- }
- #endif /* USE_JPWL */
-
-+ /* prevent division by zero */
-+ if (!(image->comps[i].dx * image->comps[i].dy)) {
-+ opj_event_msg(j2k->cinfo, EVT_ERROR, "JPWL: invalid component size (dx: %d, dy: %d)\n", image->comps[i].dx, image->comps[i].dy);
-+ return;
-+ }
-+
- /* TODO: unused ? */
- w = int_ceildiv(image->x1 - image->x0, image->comps[i].dx);
- h = int_ceildiv(image->y1 - image->y0, image->comps[i].dy);
Deleted: openjpeg-1.5-r2033.patch
===================================================================
--- openjpeg-1.5-r2033.patch 2014-04-28 05:52:08 UTC (rev 211843)
+++ openjpeg-1.5-r2033.patch 2014-04-28 07:45:26 UTC (rev 211844)
@@ -1,49 +0,0 @@
-Index: libopenjpeg/j2k.c
-===================================================================
---- libopenjpeg/j2k.c (revision 2032)
-+++ libopenjpeg/j2k.c (revision 2033)
-@@ -835,6 +835,12 @@
-
- len = cio_read(cio, 2); /* Lcoc */
- compno = cio_read(cio, image->numcomps <= 256 ? 1 : 2); /* Ccoc */
-+ if (compno >= image->numcomps) {
-+ opj_event_msg(j2k->cinfo, EVT_ERROR,
-+ "bad component number in COC (%d out of a maximum of %d)\n",
-+ compno, image->numcomps);
-+ return;
-+ }
- tcp->tccps[compno].csty = cio_read(cio, 1); /* Scoc */
- j2k_read_cox(j2k, compno);
- }
-@@ -1016,9 +1022,16 @@
-
- /* keep your private count of tiles */
- backup_compno++;
-- };
-+ }
- #endif /* USE_JPWL */
-
-+ if ((compno < 0) || (compno >= numcomp)) {
-+ opj_event_msg(j2k->cinfo, EVT_ERROR,
-+ "bad component number in QCC (%d out of a maximum of %d)\n",
-+ compno, j2k->image->numcomps);
-+ return;
-+ }
-+
- j2k_read_qcx(j2k, compno, len - 2 - (numcomp <= 256 ? 1 : 2));
- }
-
-@@ -1602,6 +1615,13 @@
- };
- #endif /* USE_JPWL */
-
-+ if (compno >= numcomps) {
-+ opj_event_msg(j2k->cinfo, EVT_ERROR,
-+ "bad component number in RGN (%d out of a maximum of %d)\n",
-+ compno, j2k->image->numcomps);
-+ return;
-+ }
-+
- tcp->tccps[compno].roishift = cio_read(cio, 1); /* SPrgn */
- }
-
Deleted: openjpeg-1.5.1-CVE-2013-1447.patch
===================================================================
--- openjpeg-1.5.1-CVE-2013-1447.patch 2014-04-28 05:52:08 UTC (rev 211843)
+++ openjpeg-1.5.1-CVE-2013-1447.patch 2014-04-28 07:45:26 UTC (rev 211844)
@@ -1,165 +0,0 @@
-diff -up openjpeg-1.5.1/libopenjpeg/cio.c.CVE-2013-1447 openjpeg-1.5.1/libopenjpeg/cio.c
---- openjpeg-1.5.1/libopenjpeg/cio.c.CVE-2013-1447 2014-01-07 15:12:20.517748762 -0600
-+++ openjpeg-1.5.1/libopenjpeg/cio.c 2014-01-07 15:12:20.533748592 -0600
-@@ -107,6 +107,11 @@ int OPJ_CALLCONV cio_tell(opj_cio_t *cio
- * pos : position, in number of bytes, from the beginning of the stream
- */
- void OPJ_CALLCONV cio_seek(opj_cio_t *cio, int pos) {
-+ if ((cio->start + pos) > cio->end) {
-+ opj_event_msg(cio->cinfo, EVT_ERROR, "error: trying to seek past the end of the codestream (start = %d, change = %d, end = %d\n", cio->start, pos, cio->end);
-+ cio->bp = cio->end;
-+ return;
-+ }
- cio->bp = cio->start + pos;
- }
-
-@@ -114,6 +119,7 @@ void OPJ_CALLCONV cio_seek(opj_cio_t *ci
- * Number of bytes left before the end of the stream.
- */
- int cio_numbytesleft(opj_cio_t *cio) {
-+ assert((cio->end - cio->bp) >= 0);
- return cio->end - cio->bp;
- }
-
-@@ -191,6 +197,11 @@ unsigned int cio_read(opj_cio_t *cio, in
- */
- void cio_skip(opj_cio_t *cio, int n) {
- assert((cio->bp + n) >= cio->bp);
-+ if (((cio->bp + n) < cio->start) || ((cio->bp + n) > cio->end)) {
-+ opj_event_msg(cio->cinfo, EVT_ERROR, "error: trying to skip bytes past the end of the codestream (current = %d, change = %d, end = %d\n", cio->bp, n, cio->end);
-+ cio->bp = cio->end;
-+ return;
-+ }
- cio->bp += n;
- }
-
-diff -up openjpeg-1.5.1/libopenjpeg/j2k.c.CVE-2013-1447 openjpeg-1.5.1/libopenjpeg/j2k.c
---- openjpeg-1.5.1/libopenjpeg/j2k.c.CVE-2013-1447 2014-01-07 15:12:20.525748677 -0600
-+++ openjpeg-1.5.1/libopenjpeg/j2k.c 2014-01-07 15:12:20.534748582 -0600
-@@ -476,7 +476,7 @@ static void j2k_read_siz(opj_j2k_t *j2k)
-
- image->comps = (opj_image_comp_t*) opj_calloc(image->numcomps, sizeof(opj_image_comp_t));
- for (i = 0; i < image->numcomps; i++) {
-- int tmp, w, h;
-+ int tmp/*, w, h*/;
- tmp = cio_read(cio, 1); /* Ssiz_i */
- image->comps[i].prec = (tmp & 0x7f) + 1;
- image->comps[i].sgnd = tmp >> 7;
-@@ -511,6 +511,14 @@ static void j2k_read_siz(opj_j2k_t *j2k)
-
- }
- #endif /* USE_JPWL */
-+ {
-+ if (!(image->comps[i].dx * image->comps[i].dy)) {
-+ opj_event_msg(j2k->cinfo, EVT_ERROR,
-+ "JPWL: bad XRsiz_%d/YRsiz_%d (%d x %d)\n",
-+ i, i, image->comps[i].dx, image->comps[i].dy);
-+ return;
-+ }
-+ }
-
- /* prevent division by zero */
- if (!(image->comps[i].dx * image->comps[i].dy)) {
-@@ -519,8 +527,8 @@ static void j2k_read_siz(opj_j2k_t *j2k)
- }
-
- /* TODO: unused ? */
-- w = int_ceildiv(image->x1 - image->x0, image->comps[i].dx);
-- h = int_ceildiv(image->y1 - image->y0, image->comps[i].dy);
-+/* w = int_ceildiv(image->x1 - image->x0, image->comps[i].dx);
-+ h = int_ceildiv(image->y1 - image->y0, image->comps[i].dy);*/
-
- image->comps[i].resno_decoded = 0; /* number of resolution decoded */
- image->comps[i].factor = cp->reduce; /* reducing factor per component */
-@@ -2015,6 +2023,11 @@ opj_image_t* j2k_decode(opj_j2k_t *j2k,
- }
- if (j2k->state == J2K_STATE_NEOC) {
- j2k_read_eoc(j2k);
-+ /* Check one last time for errors during decoding before returning */
-+ if (j2k->state & J2K_STATE_ERR) {
-+ opj_image_destroy(image);
-+ return NULL;
-+ }
- }
-
- if (j2k->state != J2K_STATE_MT) {
-diff -up openjpeg-1.5.1/libopenjpeg/jp2.c.CVE-2013-1447 openjpeg-1.5.1/libopenjpeg/jp2.c
---- openjpeg-1.5.1/libopenjpeg/jp2.c.CVE-2013-1447 2014-01-07 15:12:20.518748752 -0600
-+++ openjpeg-1.5.1/libopenjpeg/jp2.c 2014-01-07 15:12:20.535748571 -0600
-@@ -819,6 +819,17 @@ void jp2_write_jp2h(opj_jp2_t *jp2, opj_
-
- jp2_write_ihdr(jp2, cio);
-
-+ {
-+ int curpos = cio_tell(cio);
-+ cio_seek(cio, box.init_pos);
-+ cio_skip(cio, box.length);
-+ if ((cio_tell(cio) - box.init_pos) != box.length) {
-+ opj_event_msg(jp2->cinfo, EVT_ERROR, "Box size exceeds size of codestream (expected: %d, real: %d)\n", box.length, (cio_tell(cio) - box.init_pos));
-+ return OPJ_FALSE;
-+ }
-+ cio_seek(cio, curpos);
-+ }
-+
- if (jp2->bpc == 255) {
- jp2_write_bpcc(jp2, cio);
- }
-@@ -871,6 +882,13 @@ static opj_bool jp2_read_ftyp(opj_jp2_t
- jp2->numcl = (box.length - 16) / 4;
- jp2->cl = (unsigned int *) opj_malloc(jp2->numcl * sizeof(unsigned int));
-
-+ if (cio_numbytesleft(cio) < ((int)jp2->numcl * 4)) {
-+ opj_event_msg(cinfo, EVT_ERROR, "Not enough bytes in FTYP Box "
-+ "(expected %d, but only %d left)\n",
-+ ((int)jp2->numcl * 4), cio_numbytesleft(cio));
-+ return OPJ_FALSE;
-+ }
-+
- for (i = 0; i < (int)jp2->numcl; i++) {
- jp2->cl[i] = cio_read(cio, 4); /* CLi */
- }
-diff -up openjpeg-1.5.1/libopenjpeg/t2.c.CVE-2013-1447 openjpeg-1.5.1/libopenjpeg/t2.c
---- openjpeg-1.5.1/libopenjpeg/t2.c.CVE-2013-1447 2012-09-13 02:58:39.000000000 -0500
-+++ openjpeg-1.5.1/libopenjpeg/t2.c 2014-01-07 15:12:20.535748571 -0600
-@@ -340,6 +340,11 @@ static int t2_decode_packet(opj_t2_t* t2
- int precno = pi->precno; /* precinct value */
- int layno = pi->layno; /* quality layer value */
-
-+ if (!&(tile->comps[compno])) {
-+ opj_event_msg(t2->cinfo, EVT_ERROR, "Trying to decode tile with no components!\n");
-+ return -999;
-+ }
-+
- opj_tcd_resolution_t* res = &tile->comps[compno].resolutions[resno];
-
- unsigned char *hd = NULL;
-diff -up openjpeg-1.5.1/libopenjpeg/tcd.c.CVE-2013-1447 openjpeg-1.5.1/libopenjpeg/tcd.c
---- openjpeg-1.5.1/libopenjpeg/tcd.c.CVE-2013-1447 2014-01-07 15:12:20.526748667 -0600
-+++ openjpeg-1.5.1/libopenjpeg/tcd.c 2014-01-07 15:12:20.536748561 -0600
-@@ -667,8 +667,8 @@ void tcd_malloc_decode(opj_tcd_t *tcd, o
- y1 = j == 0 ? tilec->y1 : int_max(y1, (unsigned int) tilec->y1);
- }
-
-- w = int_ceildivpow2(x1 - x0, image->comps[i].factor);
-- h = int_ceildivpow2(y1 - y0, image->comps[i].factor);
-+ w = int_ceildivpow2((long)(x1) - (long)(x0), image->comps[i].factor);
-+ h = int_ceildivpow2((long)(y1) - (long)(y0), image->comps[i].factor);
-
- image->comps[i].w = w;
- image->comps[i].h = h;
-@@ -1381,7 +1381,15 @@ opj_bool tcd_decode_tile(opj_tcd_t *tcd,
- if (l == -999) {
- eof = 1;
- opj_event_msg(tcd->cinfo, EVT_ERROR, "tcd_decode: incomplete bistream\n");
-+ return OPJ_FALSE;
- }
-+
-+ /* The code below assumes that numcomps > 0 */
-+ if (tile->numcomps <= 0) {
-+ opj_event_msg(tcd->cinfo, EVT_ERROR, "tcd_decode: tile has a zero or negative numcomps\n");
-+ return OPJ_TRUE;
-+ }
-+
-
- /*------------------TIER1-----------------*/
-
Deleted: openjpeg-1.5.1-CVE-2013-6045.patch
===================================================================
--- openjpeg-1.5.1-CVE-2013-6045.patch 2014-04-28 05:52:08 UTC (rev 211843)
+++ openjpeg-1.5.1-CVE-2013-6045.patch 2014-04-28 07:45:26 UTC (rev 211844)
@@ -1,60 +0,0 @@
-diff -up openjpeg-1.5.1/libopenjpeg/j2k.c.CVE-2013-6045 openjpeg-1.5.1/libopenjpeg/j2k.c
---- openjpeg-1.5.1/libopenjpeg/j2k.c.CVE-2013-6045 2014-01-07 15:11:30.622278207 -0600
-+++ openjpeg-1.5.1/libopenjpeg/j2k.c 2014-01-07 15:11:30.626278165 -0600
-@@ -1076,6 +1076,17 @@ static void j2k_read_poc(opj_j2k_t *j2k)
- tcp->POC = 1;
- len = cio_read(cio, 2); /* Lpoc */
- numpchgs = (len - 2) / (5 + 2 * (numcomps <= 256 ? 1 : 2));
-+
-+ {
-+ /* old_poc < 0 "just in case" */
-+ int maxpocs = (sizeof(tcp->pocs)/sizeof(tcp->pocs[0]));
-+ if ((old_poc < 0) || ((numpchgs + old_poc) >= maxpocs)) {
-+ opj_event_msg(j2k->cinfo, EVT_ERROR,
-+ "JPWL: bad number of progression order changes (%d out of a maximum of %d)\n",
-+ (numpchgs + old_poc), maxpocs);
-+ return;
-+ }
-+ }
-
- for (i = old_poc; i < numpchgs + old_poc; i++) {
- opj_poc_t *poc;
-@@ -1622,6 +1633,14 @@ static void j2k_read_rgn(opj_j2k_t *j2k)
- return;
- }
-
-+ /* totlen is negative or larger than the bytes left!!! */
-+ if (compno >= numcomps) {
-+ opj_event_msg(j2k->cinfo, EVT_ERROR,
-+ "JPWL: bad component number in RGN (%d when there are only %d)\n",
-+ compno, numcomps);
-+ return;
-+ }
-+
- tcp->tccps[compno].roishift = cio_read(cio, 1); /* SPrgn */
- }
-
-diff -up openjpeg-1.5.1/libopenjpeg/tcd.c.CVE-2013-6045 openjpeg-1.5.1/libopenjpeg/tcd.c
---- openjpeg-1.5.1/libopenjpeg/tcd.c.CVE-2013-6045 2012-09-13 02:58:39.000000000 -0500
-+++ openjpeg-1.5.1/libopenjpeg/tcd.c 2014-01-07 15:11:30.626278165 -0600
-@@ -1394,10 +1394,19 @@ opj_bool tcd_decode_tile(opj_tcd_t *tcd,
- return OPJ_FALSE;
- }
-
-+ int comp0size = (tile->comps[0].x1 - tile->comps[0].x0) * (tile->comps[0].y1 - tile->comps[0].y0);
- for (compno = 0; compno < tile->numcomps; ++compno) {
- opj_tcd_tilecomp_t* tilec = &tile->comps[compno];
-+ int compcsize = ((tilec->x1 - tilec->x0) * (tilec->y1 - tilec->y0));
-+ /* Later-on it is assumed that all components are of at least comp0size blocks */
-+ if (compcsize < comp0size)
-+ {
-+ opj_event_msg(tcd->cinfo, EVT_ERROR, "Error decoding tile. Component %d contains only %d blocks "
-+ "while component 0 has %d blocks\n", compno, compcsize, comp0size);
-+ return OPJ_FALSE;
-+ }
- /* The +3 is headroom required by the vectorized DWT */
-- tilec->data = (int*) opj_aligned_malloc((((tilec->x1 - tilec->x0) * (tilec->y1 - tilec->y0))+3) * sizeof(int));
-+ tilec->data = (int*) opj_aligned_malloc((comp0size+3) * sizeof(int));
- if (tilec->data == NULL)
- {
- opj_event_msg(tcd->cinfo, EVT_ERROR, "Out of memory\n");
Deleted: openjpeg-1.5.1-CVE-2013-6052.patch
===================================================================
--- openjpeg-1.5.1-CVE-2013-6052.patch 2014-04-28 05:52:08 UTC (rev 211843)
+++ openjpeg-1.5.1-CVE-2013-6052.patch 2014-04-28 07:45:26 UTC (rev 211844)
@@ -1,53 +0,0 @@
-diff -up openjpeg-1.5.1/libopenjpeg/cio.c.CVE-2013-6052 openjpeg-1.5.1/libopenjpeg/cio.c
---- openjpeg-1.5.1/libopenjpeg/cio.c.CVE-2013-6052 2012-09-13 02:58:39.000000000 -0500
-+++ openjpeg-1.5.1/libopenjpeg/cio.c 2014-01-07 14:43:14.213256439 -0600
-@@ -30,6 +30,7 @@
- */
-
- #include "opj_includes.h"
-+#include <assert.h>
-
- /* ----------------------------------------------------------------------- */
-
-@@ -139,6 +140,11 @@ opj_bool cio_byteout(opj_cio_t *cio, uns
- * Read a byte.
- */
- unsigned char cio_bytein(opj_cio_t *cio) {
-+ if (cio->bp < cio->start) {
-+ opj_event_msg(cio->cinfo, EVT_ERROR, "read error: trying to read from before the start of the codestream (start = %d, current = %d, end = %d\n", cio->start, cio->bp, cio->end);
-+ abort();
-+ return 0;
-+ }
- if (cio->bp >= cio->end) {
- opj_event_msg(cio->cinfo, EVT_ERROR, "read error: passed the end of the codestream (start = %d, current = %d, end = %d\n", cio->start, cio->bp, cio->end);
- return 0;
-@@ -173,7 +179,7 @@ unsigned int cio_read(opj_cio_t *cio, in
- unsigned int v;
- v = 0;
- for (i = n - 1; i >= 0; i--) {
-- v += cio_bytein(cio) << (i << 3);
-+ v += (unsigned int)cio_bytein(cio) << (i << 3);
- }
- return v;
- }
-@@ -184,6 +190,7 @@ unsigned int cio_read(opj_cio_t *cio, in
- * n : number of bytes to skip
- */
- void cio_skip(opj_cio_t *cio, int n) {
-+ assert((cio->bp + n) >= cio->bp);
- cio->bp += n;
- }
-
-diff -up openjpeg-1.5.1/libopenjpeg/jp2.c.CVE-2013-6052 openjpeg-1.5.1/libopenjpeg/jp2.c
---- openjpeg-1.5.1/libopenjpeg/jp2.c.CVE-2013-6052 2014-01-07 14:43:14.201256566 -0600
-+++ openjpeg-1.5.1/libopenjpeg/jp2.c 2014-01-07 14:43:14.214256428 -0600
-@@ -172,6 +172,9 @@ static opj_bool jp2_read_boxhdr(opj_comm
- }
- else if (box->length == 0) {
- box->length = cio_numbytesleft(cio) + 8;
-+ } else if (box->length < 0) {
-+ opj_event_msg(cinfo, EVT_ERROR, "Invalid, negative, size of box\n");
-+ return OPJ_FALSE;
- }
- if (box->length < 0) {
- opj_event_msg(cinfo, EVT_ERROR, "Integer overflow in box->length\n");
Deleted: openjpeg-1.5.1-CVE-2013-6053.patch
===================================================================
--- openjpeg-1.5.1-CVE-2013-6053.patch 2014-04-28 05:52:08 UTC (rev 211843)
+++ openjpeg-1.5.1-CVE-2013-6053.patch 2014-04-28 07:45:26 UTC (rev 211844)
@@ -1,12 +0,0 @@
-diff -up openjpeg-1.5.1/libopenjpeg/j2k.c.CVE-2013-6053 openjpeg-1.5.1/libopenjpeg/j2k.c
---- openjpeg-1.5.1/libopenjpeg/j2k.c.CVE-2013-6053 2014-01-07 14:44:40.086344624 -0600
-+++ openjpeg-1.5.1/libopenjpeg/j2k.c 2014-01-07 14:44:40.092344561 -0600
-@@ -422,7 +422,7 @@ static void j2k_read_siz(opj_j2k_t *j2k)
-
- if ((image->x0<0)||(image->x1<0)||(image->y0<0)||(image->y1<0)) {
- opj_event_msg(j2k->cinfo, EVT_ERROR,
-- "%s: invalid image size (x0:%d, x1:%d, y0:%d, y1:%d)\n",
-+ "invalid image size (x0:%d, x1:%d, y0:%d, y1:%d)\n",
- image->x0,image->x1,image->y0,image->y1);
- return;
- }
Deleted: openjpeg-1.5.1-CVE-2013-6887.patch
===================================================================
--- openjpeg-1.5.1-CVE-2013-6887.patch 2014-04-28 05:52:08 UTC (rev 211843)
+++ openjpeg-1.5.1-CVE-2013-6887.patch 2014-04-28 07:45:26 UTC (rev 211844)
@@ -1,30 +0,0 @@
-diff -up openjpeg-1.5.1/libopenjpeg/j2k.c.CVE-2013-6887 openjpeg-1.5.1/libopenjpeg/j2k.c
---- openjpeg-1.5.1/libopenjpeg/j2k.c.CVE-2013-6887 2014-01-07 15:13:20.297114457 -0600
-+++ openjpeg-1.5.1/libopenjpeg/j2k.c 2014-01-07 15:13:20.302114404 -0600
-@@ -1697,8 +1697,11 @@ static void j2k_read_eoc(opj_j2k_t *j2k)
- else {
- for (i = 0; i < j2k->cp->tileno_size; i++) {
- tileno = j2k->cp->tileno[i];
-- opj_free(j2k->tile_data[tileno]);
-- j2k->tile_data[tileno] = NULL;
-+ /* not sure if this can actually happen */
-+ if (tileno != -1) {
-+ opj_free(j2k->tile_data[tileno]);
-+ j2k->tile_data[tileno] = NULL;
-+ }
- }
- }
- if (j2k->state & J2K_STATE_ERR)
-@@ -1858,8 +1861,10 @@ void j2k_destroy_decompress(opj_j2k_t *j
- if(j2k->cp != NULL) {
- for (i = 0; i < j2k->cp->tileno_size; i++) {
- int tileno = j2k->cp->tileno[i];
-- opj_free(j2k->tile_data[tileno]);
-- j2k->tile_data[tileno] = NULL;
-+ if (tileno != -1) {
-+ opj_free(j2k->tile_data[tileno]);
-+ j2k->tile_data[tileno] = NULL;
-+ }
- }
- }
-
Deleted: openjpeg-1.5.1-doxygen_timestamp.patch
===================================================================
--- openjpeg-1.5.1-doxygen_timestamp.patch 2014-04-28 05:52:08 UTC (rev 211843)
+++ openjpeg-1.5.1-doxygen_timestamp.patch 2014-04-28 07:45:26 UTC (rev 211844)
@@ -1,24 +0,0 @@
-diff -up openjpeg-1.5.1/doc/Doxyfile.dox.cmake.in.doxygen_timestamp openjpeg-1.5.1/doc/Doxyfile.dox.cmake.in
---- openjpeg-1.5.1/doc/Doxyfile.dox.cmake.in.doxygen_timestamp 2012-09-13 02:58:39.000000000 -0500
-+++ openjpeg-1.5.1/doc/Doxyfile.dox.cmake.in 2012-12-06 15:23:35.079838524 -0600
-@@ -148,7 +148,7 @@ HTML_STYLESHEET =
- HTML_COLORSTYLE_HUE = 220
- HTML_COLORSTYLE_SAT = 100
- HTML_COLORSTYLE_GAMMA = 80
--HTML_TIMESTAMP = YES
-+HTML_TIMESTAMP = NO
- HTML_ALIGN_MEMBERS = YES
- HTML_DYNAMIC_SECTIONS = NO
- GENERATE_DOCSET = NO
-diff -up openjpeg-1.5.1/doc/Doxyfile.dox.doxygen_timestamp openjpeg-1.5.1/doc/Doxyfile.dox
---- openjpeg-1.5.1/doc/Doxyfile.dox.doxygen_timestamp 2012-09-13 02:58:39.000000000 -0500
-+++ openjpeg-1.5.1/doc/Doxyfile.dox 2012-12-06 15:23:37.177813275 -0600
-@@ -147,7 +147,7 @@ HTML_STYLESHEET =
- HTML_COLORSTYLE_HUE = 220
- HTML_COLORSTYLE_SAT = 100
- HTML_COLORSTYLE_GAMMA = 80
--HTML_TIMESTAMP = YES
-+HTML_TIMESTAMP = NO
- HTML_ALIGN_MEMBERS = YES
- HTML_DYNAMIC_SECTIONS = NO
- GENERATE_DOCSET = NO
More information about the arch-commits
mailing list