diff options
author | Leo <thinkabit.ukim@gmail.com> | 2021-03-05 14:05:10 -0300 |
---|---|---|
committer | Leo <thinkabit.ukim@gmail.com> | 2021-03-05 14:07:54 -0300 |
commit | 4958842c0fa6292f4bc7d05c10b34a588f7e71be (patch) | |
tree | 115e47de39439fa57f788fa6e1e995078d7a5cb4 | |
parent | 78de4beeda863de268356e18368bdf4e384211c2 (diff) |
main/openjpeg: fix CVE-2020-27844
See: #12495
-rw-r--r-- | main/openjpeg/APKBUILD | 8 | ||||
-rw-r--r-- | main/openjpeg/CVE-2021-27844.patch | 30 |
2 files changed, 36 insertions, 2 deletions
diff --git a/main/openjpeg/APKBUILD b/main/openjpeg/APKBUILD index deaef8e92fe..ea09b7abf1f 100644 --- a/main/openjpeg/APKBUILD +++ b/main/openjpeg/APKBUILD @@ -1,7 +1,7 @@ # Maintainer: Francesco Colista <fcolista@alpinelinux.org> pkgname=openjpeg pkgver=2.3.1 -pkgrel=5 +pkgrel=6 pkgdesc="Open-source implementation of JPEG2000 image codec" url="https://www.openjpeg.org/" arch="all" @@ -18,6 +18,7 @@ source="$pkgname-$pkgver.tar.gz::https://github.com/uclouvain/openjpeg/archive/v CVE-2020-27814.patch CVE-2020-27823.patch CVE-2020-27824.patch + CVE-2021-27844.patch " build() { @@ -29,6 +30,8 @@ build() { } # secfixes: +# 2.3.1-r6: +# - CVE-2021-27844 # 2.3.1-r5: # - CVE-2020-27814 # - CVE-2020-27823 @@ -79,4 +82,5 @@ c8ffc926d91392b38250fd4e00fff5f93fbf5e17487d0e4a0184c9bd191aa2233c5c5dcf097dd628 f36ea384272b3918d194f7d64bcc321a66fa6ebb2d73ece3d69225f883ec8a2777284f633902cf954f9a847bd758da2c36c74d8ef28c4cd82a3bf076e326c611 CVE-2020-15389.patch fffaa91a3c67b4edbd313bb9bbd7a9f5abeb65bc0ddda3f676eed86662c0ef844b06a1331bfea785cc6178f31750cb9172a81a7359a618694b740915a9ce494a CVE-2020-27814.patch a5d5ff618a78ca16a5958c95860652101c59f39bb48ad13c1d802f559dca11d3a9c069e5898a48c5c5e5186ba186afe091653949bca6dfd3bdff236283a50be8 CVE-2020-27823.patch -796f75d61db2cbb07dd8e3d7e52895a1b22dbf9e01763a1b0caaed413e76ef9b2f4927ceaefd5b07775639a4aaac5c50e641bcff6d646166d8d7160f17026f6f CVE-2020-27824.patch" +796f75d61db2cbb07dd8e3d7e52895a1b22dbf9e01763a1b0caaed413e76ef9b2f4927ceaefd5b07775639a4aaac5c50e641bcff6d646166d8d7160f17026f6f CVE-2020-27824.patch +f160570b66655bea6a7a56b37bafe8c1856219df31f2e52bdb4788c3abfd716aa2200f05c7d7389a143d9249302c3f96aac4a49ac222af5f5823fa41f8bc2d5f CVE-2021-27844.patch" diff --git a/main/openjpeg/CVE-2021-27844.patch b/main/openjpeg/CVE-2021-27844.patch new file mode 100644 index 00000000000..5791abe1bbf --- /dev/null +++ b/main/openjpeg/CVE-2021-27844.patch @@ -0,0 +1,30 @@ +From 73fdf28342e4594019af26eb6a347a34eceb6296 Mon Sep 17 00:00:00 2001 +From: Even Rouault <even.rouault@spatialys.com> +Date: Wed, 2 Dec 2020 14:10:16 +0100 +Subject: [PATCH] opj_j2k_write_sod(): avoid potential heap buffer overflow + (fixes #1299) (probably master only) + +--- + src/lib/openjp2/j2k.c | 9 +++++++-- + 1 file changed, 7 insertions(+), 2 deletions(-) + +diff --git a/src/lib/openjp2/j2k.c b/src/lib/openjp2/j2k.c +index 78d459259..8e343ab2e 100644 +--- a/src/lib/openjp2/j2k.c ++++ b/src/lib/openjp2/j2k.c +@@ -4806,8 +4806,13 @@ static OPJ_BOOL opj_j2k_write_sod(opj_j2k_t *p_j2k, + } + } + +- assert(l_remaining_data > +- p_j2k->m_specific_param.m_encoder.m_reserved_bytes_for_PLT); ++ if (l_remaining_data < ++ p_j2k->m_specific_param.m_encoder.m_reserved_bytes_for_PLT) { ++ opj_event_msg(p_manager, EVT_ERROR, ++ "Not enough bytes in output buffer to write SOD marker\n"); ++ opj_tcd_marker_info_destroy(marker_info); ++ return OPJ_FALSE; ++ } + l_remaining_data -= p_j2k->m_specific_param.m_encoder.m_reserved_bytes_for_PLT; + + if (! opj_tcd_encode_tile(p_tile_coder, p_j2k->m_current_tile_number, |