aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorLeo <thinkabit.ukim@gmail.com>2021-03-05 14:05:10 -0300
committerLeo <thinkabit.ukim@gmail.com>2021-03-05 14:07:54 -0300
commit4958842c0fa6292f4bc7d05c10b34a588f7e71be (patch)
tree115e47de39439fa57f788fa6e1e995078d7a5cb4
parent78de4beeda863de268356e18368bdf4e384211c2 (diff)
downloadaports-4958842c0fa6292f4bc7d05c10b34a588f7e71be.tar.gz
aports-4958842c0fa6292f4bc7d05c10b34a588f7e71be.tar.bz2
aports-4958842c0fa6292f4bc7d05c10b34a588f7e71be.tar.xz
main/openjpeg: fix CVE-2020-27844
See: #12495
-rw-r--r--main/openjpeg/APKBUILD8
-rw-r--r--main/openjpeg/CVE-2021-27844.patch30
2 files changed, 36 insertions, 2 deletions
diff --git a/main/openjpeg/APKBUILD b/main/openjpeg/APKBUILD
index deaef8e92f..ea09b7abf1 100644
--- a/main/openjpeg/APKBUILD
+++ b/main/openjpeg/APKBUILD
@@ -1,7 +1,7 @@
# Maintainer: Francesco Colista <fcolista@alpinelinux.org>
pkgname=openjpeg
pkgver=2.3.1
-pkgrel=5
+pkgrel=6
pkgdesc="Open-source implementation of JPEG2000 image codec"
url="https://www.openjpeg.org/"
arch="all"
@@ -18,6 +18,7 @@ source="$pkgname-$pkgver.tar.gz::https://github.com/uclouvain/openjpeg/archive/v
CVE-2020-27814.patch
CVE-2020-27823.patch
CVE-2020-27824.patch
+ CVE-2021-27844.patch
"
build() {
@@ -29,6 +30,8 @@ build() {
}
# secfixes:
+# 2.3.1-r6:
+# - CVE-2021-27844
# 2.3.1-r5:
# - CVE-2020-27814
# - CVE-2020-27823
@@ -79,4 +82,5 @@ c8ffc926d91392b38250fd4e00fff5f93fbf5e17487d0e4a0184c9bd191aa2233c5c5dcf097dd628
f36ea384272b3918d194f7d64bcc321a66fa6ebb2d73ece3d69225f883ec8a2777284f633902cf954f9a847bd758da2c36c74d8ef28c4cd82a3bf076e326c611 CVE-2020-15389.patch
fffaa91a3c67b4edbd313bb9bbd7a9f5abeb65bc0ddda3f676eed86662c0ef844b06a1331bfea785cc6178f31750cb9172a81a7359a618694b740915a9ce494a CVE-2020-27814.patch
a5d5ff618a78ca16a5958c95860652101c59f39bb48ad13c1d802f559dca11d3a9c069e5898a48c5c5e5186ba186afe091653949bca6dfd3bdff236283a50be8 CVE-2020-27823.patch
-796f75d61db2cbb07dd8e3d7e52895a1b22dbf9e01763a1b0caaed413e76ef9b2f4927ceaefd5b07775639a4aaac5c50e641bcff6d646166d8d7160f17026f6f CVE-2020-27824.patch"
+796f75d61db2cbb07dd8e3d7e52895a1b22dbf9e01763a1b0caaed413e76ef9b2f4927ceaefd5b07775639a4aaac5c50e641bcff6d646166d8d7160f17026f6f CVE-2020-27824.patch
+f160570b66655bea6a7a56b37bafe8c1856219df31f2e52bdb4788c3abfd716aa2200f05c7d7389a143d9249302c3f96aac4a49ac222af5f5823fa41f8bc2d5f CVE-2021-27844.patch"
diff --git a/main/openjpeg/CVE-2021-27844.patch b/main/openjpeg/CVE-2021-27844.patch
new file mode 100644
index 0000000000..5791abe1bb
--- /dev/null
+++ b/main/openjpeg/CVE-2021-27844.patch
@@ -0,0 +1,30 @@
+From 73fdf28342e4594019af26eb6a347a34eceb6296 Mon Sep 17 00:00:00 2001
+From: Even Rouault <even.rouault@spatialys.com>
+Date: Wed, 2 Dec 2020 14:10:16 +0100
+Subject: [PATCH] opj_j2k_write_sod(): avoid potential heap buffer overflow
+ (fixes #1299) (probably master only)
+
+---
+ src/lib/openjp2/j2k.c | 9 +++++++--
+ 1 file changed, 7 insertions(+), 2 deletions(-)
+
+diff --git a/src/lib/openjp2/j2k.c b/src/lib/openjp2/j2k.c
+index 78d459259..8e343ab2e 100644
+--- a/src/lib/openjp2/j2k.c
++++ b/src/lib/openjp2/j2k.c
+@@ -4806,8 +4806,13 @@ static OPJ_BOOL opj_j2k_write_sod(opj_j2k_t *p_j2k,
+ }
+ }
+
+- assert(l_remaining_data >
+- p_j2k->m_specific_param.m_encoder.m_reserved_bytes_for_PLT);
++ if (l_remaining_data <
++ p_j2k->m_specific_param.m_encoder.m_reserved_bytes_for_PLT) {
++ opj_event_msg(p_manager, EVT_ERROR,
++ "Not enough bytes in output buffer to write SOD marker\n");
++ opj_tcd_marker_info_destroy(marker_info);
++ return OPJ_FALSE;
++ }
+ l_remaining_data -= p_j2k->m_specific_param.m_encoder.m_reserved_bytes_for_PLT;
+
+ if (! opj_tcd_encode_tile(p_tile_coder, p_j2k->m_current_tile_number,