aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorLeo <thinkabit.ukim@gmail.com>2020-12-23 00:03:52 -0300
committerLeo <thinkabit.ukim@gmail.com>2020-12-23 03:24:29 +0000
commit9352de21cafbdad89af79fdf299027a2a542eca2 (patch)
tree6f1d012f074dccef503b42d8d64e0224d7edbb00
parent600182bf4fc56cf3f21da1aca9bb8c286d573382 (diff)
downloadaports-9352de21cafbdad89af79fdf299027a2a542eca2.tar.gz
aports-9352de21cafbdad89af79fdf299027a2a542eca2.tar.bz2
aports-9352de21cafbdad89af79fdf299027a2a542eca2.tar.xz
See: #12219
-rw-r--r--main/openjpeg/APKBUILD14
-rw-r--r--main/openjpeg/CVE-2020-27814.patch30
-rw-r--r--main/openjpeg/CVE-2020-27823.patch28
-rw-r--r--main/openjpeg/CVE-2020-27824.patch25
4 files changed, 95 insertions, 2 deletions
diff --git a/main/openjpeg/APKBUILD b/main/openjpeg/APKBUILD
index 9fb4f019c7..71848afd20 100644
--- a/main/openjpeg/APKBUILD
+++ b/main/openjpeg/APKBUILD
@@ -1,7 +1,7 @@
# Maintainer: Francesco Colista <fcolista@alpinelinux.org>
pkgname=openjpeg
pkgver=2.3.1
-pkgrel=5
+pkgrel=6
pkgdesc="Open-source implementation of JPEG2000 image codec"
url="https://www.openjpeg.org/"
arch="all"
@@ -15,6 +15,9 @@ source="$pkgname-$pkgver.tar.gz::https://github.com/uclouvain/openjpeg/archive/v
CVE-2020-8112.patch
CVE-2019-12973.patch
CVE-2020-15389.patch
+ CVE-2020-27814.patch
+ CVE-2020-27823.patch
+ CVE-2020-27824.patch
"
build() {
@@ -26,6 +29,10 @@ build() {
}
# secfixes:
+# 2.3.1-r6:
+# - CVE-2020-27814
+# - CVE-2020-27823
+# - CVE-2020-27824
# 2.3.1-r5:
# - CVE-2019-12973
# - CVE-2020-15389
@@ -69,4 +76,7 @@ b50cd382d08647db18f202769aae7df87613a18143a30e360e8f00aba1ec1b7fd0a153685dbea395
c8ffc926d91392b38250fd4e00fff5f93fbf5e17487d0e4a0184c9bd191aa2233c5c5dcf097dd62824714097bba2d8cc865bed31193d1a072aa954f216011297 CVE-2020-6851.patch
9659e04087e0d80bf53555e9807aae59205adef2d49d7a49e05bf250c484a2e92132d471ec6076e57ca69b5ce98fd81462a6a8c01205ca7096781eec06e401cc CVE-2020-8112.patch
472deba1d521553f9c7af805ba3d0c4fc31564fd36e37c598646f468b7d05bf5f81d2320fd6fadf8c0e3344ebce7bc0d04cece55a1b3cec2ef693a6e65bd2516 CVE-2019-12973.patch
-f36ea384272b3918d194f7d64bcc321a66fa6ebb2d73ece3d69225f883ec8a2777284f633902cf954f9a847bd758da2c36c74d8ef28c4cd82a3bf076e326c611 CVE-2020-15389.patch"
+f36ea384272b3918d194f7d64bcc321a66fa6ebb2d73ece3d69225f883ec8a2777284f633902cf954f9a847bd758da2c36c74d8ef28c4cd82a3bf076e326c611 CVE-2020-15389.patch
+fffaa91a3c67b4edbd313bb9bbd7a9f5abeb65bc0ddda3f676eed86662c0ef844b06a1331bfea785cc6178f31750cb9172a81a7359a618694b740915a9ce494a CVE-2020-27814.patch
+a5d5ff618a78ca16a5958c95860652101c59f39bb48ad13c1d802f559dca11d3a9c069e5898a48c5c5e5186ba186afe091653949bca6dfd3bdff236283a50be8 CVE-2020-27823.patch
+796f75d61db2cbb07dd8e3d7e52895a1b22dbf9e01763a1b0caaed413e76ef9b2f4927ceaefd5b07775639a4aaac5c50e641bcff6d646166d8d7160f17026f6f CVE-2020-27824.patch"
diff --git a/main/openjpeg/CVE-2020-27814.patch b/main/openjpeg/CVE-2020-27814.patch
new file mode 100644
index 0000000000..85e92be8d6
--- /dev/null
+++ b/main/openjpeg/CVE-2020-27814.patch
@@ -0,0 +1,30 @@
+From 6cdba6bbdc78ce668a7e9147ba89fc8421187d72 Mon Sep 17 00:00:00 2001
+From: Leo <thinkabit.ukim@gmail.com>
+Date: Wed, 23 Dec 2020 00:00:17 -0300
+Subject: [PATCH 1/3] CVE-2020-27814
+
+---
+ src/lib/openjp2/tcd.c | 5 ++++-
+ 1 file changed, 4 insertions(+), 1 deletion(-)
+
+diff --git a/src/lib/openjp2/tcd.c b/src/lib/openjp2/tcd.c
+index be3b843..e6b84f9 100644
+--- a/src/lib/openjp2/tcd.c
++++ b/src/lib/openjp2/tcd.c
+@@ -1219,9 +1219,12 @@ static OPJ_BOOL opj_tcd_code_block_enc_allocate_data(opj_tcd_cblk_enc_t *
+
+ /* +1 is needed for https://github.com/uclouvain/openjpeg/issues/835 */
+ /* and actually +2 required for https://github.com/uclouvain/openjpeg/issues/982 */
++ /* and +7 for https://github.com/uclouvain/openjpeg/issues/1283 (-M 3) */
++ /* and +26 for https://github.com/uclouvain/openjpeg/issues/1283 (-M 7) */
++ /* and +28 for https://github.com/uclouvain/openjpeg/issues/1283 (-M 44) */
+ /* TODO: is there a theoretical upper-bound for the compressed code */
+ /* block size ? */
+- l_data_size = 2 + (OPJ_UINT32)((p_code_block->x1 - p_code_block->x0) *
++ l_data_size = 28 + (OPJ_UINT32)((p_code_block->x1 - p_code_block->x0) *
+ (p_code_block->y1 - p_code_block->y0) * (OPJ_INT32)sizeof(OPJ_UINT32));
+
+ if (l_data_size > p_code_block->data_size) {
+--
+2.29.2
+
diff --git a/main/openjpeg/CVE-2020-27823.patch b/main/openjpeg/CVE-2020-27823.patch
new file mode 100644
index 0000000000..58193afd4c
--- /dev/null
+++ b/main/openjpeg/CVE-2020-27823.patch
@@ -0,0 +1,28 @@
+From 40b4a8ea26a16cf95d9a63cec928eb0fbe65e04e Mon Sep 17 00:00:00 2001
+From: Leo <thinkabit.ukim@gmail.com>
+Date: Wed, 23 Dec 2020 00:01:02 -0300
+Subject: [PATCH 2/3] CVE-2020-27823
+
+---
+ src/bin/jp2/convertpng.c | 4 ++--
+ 1 file changed, 2 insertions(+), 2 deletions(-)
+
+diff --git a/src/bin/jp2/convertpng.c b/src/bin/jp2/convertpng.c
+index 44d985f..1559c8f 100644
+--- a/src/bin/jp2/convertpng.c
++++ b/src/bin/jp2/convertpng.c
+@@ -223,9 +223,9 @@ opj_image_t *pngtoimage(const char *read_idf, opj_cparameters_t * params)
+ image->x0 = (OPJ_UINT32)params->image_offset_x0;
+ image->y0 = (OPJ_UINT32)params->image_offset_y0;
+ image->x1 = (OPJ_UINT32)(image->x0 + (width - 1) * (OPJ_UINT32)
+- params->subsampling_dx + 1 + image->x0);
++ params->subsampling_dx + 1);
+ image->y1 = (OPJ_UINT32)(image->y0 + (height - 1) * (OPJ_UINT32)
+- params->subsampling_dy + 1 + image->y0);
++ params->subsampling_dy + 1);
+
+ row32s = (OPJ_INT32 *)malloc((size_t)width * nr_comp * sizeof(OPJ_INT32));
+ if (row32s == NULL) {
+--
+2.29.2
+
diff --git a/main/openjpeg/CVE-2020-27824.patch b/main/openjpeg/CVE-2020-27824.patch
new file mode 100644
index 0000000000..b176d60b1e
--- /dev/null
+++ b/main/openjpeg/CVE-2020-27824.patch
@@ -0,0 +1,25 @@
+From dcb3063cd8101c751f3fd97249f41aaabe17ec82 Mon Sep 17 00:00:00 2001
+From: Leo <thinkabit.ukim@gmail.com>
+Date: Wed, 23 Dec 2020 00:01:25 -0300
+Subject: [PATCH 3/3] CVE-2020-27824
+
+---
+ src/lib/openjp2/dwt.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/src/lib/openjp2/dwt.c b/src/lib/openjp2/dwt.c
+index 5930d1c..a1d5d61 100644
+--- a/src/lib/openjp2/dwt.c
++++ b/src/lib/openjp2/dwt.c
+@@ -1293,7 +1293,7 @@ void opj_dwt_calc_explicit_stepsizes(opj_tccp_t * tccp, OPJ_UINT32 prec)
+ if (tccp->qntsty == J2K_CCP_QNTSTY_NOQNT) {
+ stepsize = 1.0;
+ } else {
+- OPJ_FLOAT64 norm = opj_dwt_norms_real[orient][level];
++ OPJ_FLOAT64 norm = opj_dwt_getnorm_real(level, orient);
+ stepsize = (1 << (gain)) / norm;
+ }
+ opj_dwt_encode_stepsize((OPJ_INT32) floor(stepsize * 8192.0),
+--
+2.29.2
+