diff options
| author | Leo <thinkabit.ukim@gmail.com> | 2021-03-05 17:29:14 -0300 |
|---|---|---|
| committer | Leo <thinkabit.ukim@gmail.com> | 2021-03-05 17:29:14 -0300 |
| commit | 07e6303c1d1d9a72b3bac74755c46ad558bb504e (patch) | |
| tree | 21a625d723774e3105771e7ba9d2aac9b583f4f1 | |
| parent | 4958842c0fa6292f4bc7d05c10b34a588f7e71be (diff) | |
Revert "main/openjpeg: fix CVE-2020-27844"
This reverts commit 4958842c0fa6292f4bc7d05c10b34a588f7e71be.
| -rw-r--r-- | main/openjpeg/APKBUILD | 8 | ||||
| -rw-r--r-- | main/openjpeg/CVE-2021-27844.patch | 30 |
2 files changed, 2 insertions, 36 deletions
diff --git a/main/openjpeg/APKBUILD b/main/openjpeg/APKBUILD index ea09b7abf1f..deaef8e92fe 100644 --- a/main/openjpeg/APKBUILD +++ b/main/openjpeg/APKBUILD @@ -1,7 +1,7 @@ # Maintainer: Francesco Colista <fcolista@alpinelinux.org> pkgname=openjpeg pkgver=2.3.1 -pkgrel=6 +pkgrel=5 pkgdesc="Open-source implementation of JPEG2000 image codec" url="https://www.openjpeg.org/" arch="all" @@ -18,7 +18,6 @@ source="$pkgname-$pkgver.tar.gz::https://github.com/uclouvain/openjpeg/archive/v CVE-2020-27814.patch CVE-2020-27823.patch CVE-2020-27824.patch - CVE-2021-27844.patch " build() { @@ -30,8 +29,6 @@ build() { } # secfixes: -# 2.3.1-r6: -# - CVE-2021-27844 # 2.3.1-r5: # - CVE-2020-27814 # - CVE-2020-27823 @@ -82,5 +79,4 @@ c8ffc926d91392b38250fd4e00fff5f93fbf5e17487d0e4a0184c9bd191aa2233c5c5dcf097dd628 f36ea384272b3918d194f7d64bcc321a66fa6ebb2d73ece3d69225f883ec8a2777284f633902cf954f9a847bd758da2c36c74d8ef28c4cd82a3bf076e326c611 CVE-2020-15389.patch fffaa91a3c67b4edbd313bb9bbd7a9f5abeb65bc0ddda3f676eed86662c0ef844b06a1331bfea785cc6178f31750cb9172a81a7359a618694b740915a9ce494a CVE-2020-27814.patch a5d5ff618a78ca16a5958c95860652101c59f39bb48ad13c1d802f559dca11d3a9c069e5898a48c5c5e5186ba186afe091653949bca6dfd3bdff236283a50be8 CVE-2020-27823.patch -796f75d61db2cbb07dd8e3d7e52895a1b22dbf9e01763a1b0caaed413e76ef9b2f4927ceaefd5b07775639a4aaac5c50e641bcff6d646166d8d7160f17026f6f CVE-2020-27824.patch -f160570b66655bea6a7a56b37bafe8c1856219df31f2e52bdb4788c3abfd716aa2200f05c7d7389a143d9249302c3f96aac4a49ac222af5f5823fa41f8bc2d5f CVE-2021-27844.patch" +796f75d61db2cbb07dd8e3d7e52895a1b22dbf9e01763a1b0caaed413e76ef9b2f4927ceaefd5b07775639a4aaac5c50e641bcff6d646166d8d7160f17026f6f CVE-2020-27824.patch" diff --git a/main/openjpeg/CVE-2021-27844.patch b/main/openjpeg/CVE-2021-27844.patch deleted file mode 100644 index 5791abe1bbf..00000000000 --- a/main/openjpeg/CVE-2021-27844.patch +++ /dev/null @@ -1,30 +0,0 @@ -From 73fdf28342e4594019af26eb6a347a34eceb6296 Mon Sep 17 00:00:00 2001 -From: Even Rouault <even.rouault@spatialys.com> -Date: Wed, 2 Dec 2020 14:10:16 +0100 -Subject: [PATCH] opj_j2k_write_sod(): avoid potential heap buffer overflow - (fixes #1299) (probably master only) - ---- - src/lib/openjp2/j2k.c | 9 +++++++-- - 1 file changed, 7 insertions(+), 2 deletions(-) - -diff --git a/src/lib/openjp2/j2k.c b/src/lib/openjp2/j2k.c -index 78d459259..8e343ab2e 100644 ---- a/src/lib/openjp2/j2k.c -+++ b/src/lib/openjp2/j2k.c -@@ -4806,8 +4806,13 @@ static OPJ_BOOL opj_j2k_write_sod(opj_j2k_t *p_j2k, - } - } - -- assert(l_remaining_data > -- p_j2k->m_specific_param.m_encoder.m_reserved_bytes_for_PLT); -+ if (l_remaining_data < -+ p_j2k->m_specific_param.m_encoder.m_reserved_bytes_for_PLT) { -+ opj_event_msg(p_manager, EVT_ERROR, -+ "Not enough bytes in output buffer to write SOD marker\n"); -+ opj_tcd_marker_info_destroy(marker_info); -+ return OPJ_FALSE; -+ } - l_remaining_data -= p_j2k->m_specific_param.m_encoder.m_reserved_bytes_for_PLT; - - if (! opj_tcd_encode_tile(p_tile_coder, p_j2k->m_current_tile_number, |