diff options
-rw-r--r-- | main/openjpeg/APKBUILD | 14 | ||||
-rw-r--r-- | main/openjpeg/CVE-2020-27814.patch | 30 | ||||
-rw-r--r-- | main/openjpeg/CVE-2020-27823.patch | 28 | ||||
-rw-r--r-- | main/openjpeg/CVE-2020-27824.patch | 25 |
4 files changed, 95 insertions, 2 deletions
diff --git a/main/openjpeg/APKBUILD b/main/openjpeg/APKBUILD index 9fb4f019c76..71848afd208 100644 --- a/main/openjpeg/APKBUILD +++ b/main/openjpeg/APKBUILD @@ -1,7 +1,7 @@ # Maintainer: Francesco Colista <fcolista@alpinelinux.org> pkgname=openjpeg pkgver=2.3.1 -pkgrel=5 +pkgrel=6 pkgdesc="Open-source implementation of JPEG2000 image codec" url="https://www.openjpeg.org/" arch="all" @@ -15,6 +15,9 @@ source="$pkgname-$pkgver.tar.gz::https://github.com/uclouvain/openjpeg/archive/v CVE-2020-8112.patch CVE-2019-12973.patch CVE-2020-15389.patch + CVE-2020-27814.patch + CVE-2020-27823.patch + CVE-2020-27824.patch " build() { @@ -26,6 +29,10 @@ build() { } # secfixes: +# 2.3.1-r6: +# - CVE-2020-27814 +# - CVE-2020-27823 +# - CVE-2020-27824 # 2.3.1-r5: # - CVE-2019-12973 # - CVE-2020-15389 @@ -69,4 +76,7 @@ b50cd382d08647db18f202769aae7df87613a18143a30e360e8f00aba1ec1b7fd0a153685dbea395 c8ffc926d91392b38250fd4e00fff5f93fbf5e17487d0e4a0184c9bd191aa2233c5c5dcf097dd62824714097bba2d8cc865bed31193d1a072aa954f216011297 CVE-2020-6851.patch 9659e04087e0d80bf53555e9807aae59205adef2d49d7a49e05bf250c484a2e92132d471ec6076e57ca69b5ce98fd81462a6a8c01205ca7096781eec06e401cc CVE-2020-8112.patch 472deba1d521553f9c7af805ba3d0c4fc31564fd36e37c598646f468b7d05bf5f81d2320fd6fadf8c0e3344ebce7bc0d04cece55a1b3cec2ef693a6e65bd2516 CVE-2019-12973.patch -f36ea384272b3918d194f7d64bcc321a66fa6ebb2d73ece3d69225f883ec8a2777284f633902cf954f9a847bd758da2c36c74d8ef28c4cd82a3bf076e326c611 CVE-2020-15389.patch" +f36ea384272b3918d194f7d64bcc321a66fa6ebb2d73ece3d69225f883ec8a2777284f633902cf954f9a847bd758da2c36c74d8ef28c4cd82a3bf076e326c611 CVE-2020-15389.patch +fffaa91a3c67b4edbd313bb9bbd7a9f5abeb65bc0ddda3f676eed86662c0ef844b06a1331bfea785cc6178f31750cb9172a81a7359a618694b740915a9ce494a CVE-2020-27814.patch +a5d5ff618a78ca16a5958c95860652101c59f39bb48ad13c1d802f559dca11d3a9c069e5898a48c5c5e5186ba186afe091653949bca6dfd3bdff236283a50be8 CVE-2020-27823.patch +796f75d61db2cbb07dd8e3d7e52895a1b22dbf9e01763a1b0caaed413e76ef9b2f4927ceaefd5b07775639a4aaac5c50e641bcff6d646166d8d7160f17026f6f CVE-2020-27824.patch" diff --git a/main/openjpeg/CVE-2020-27814.patch b/main/openjpeg/CVE-2020-27814.patch new file mode 100644 index 00000000000..85e92be8d61 --- /dev/null +++ b/main/openjpeg/CVE-2020-27814.patch @@ -0,0 +1,30 @@ +From 6cdba6bbdc78ce668a7e9147ba89fc8421187d72 Mon Sep 17 00:00:00 2001 +From: Leo <thinkabit.ukim@gmail.com> +Date: Wed, 23 Dec 2020 00:00:17 -0300 +Subject: [PATCH 1/3] CVE-2020-27814 + +--- + src/lib/openjp2/tcd.c | 5 ++++- + 1 file changed, 4 insertions(+), 1 deletion(-) + +diff --git a/src/lib/openjp2/tcd.c b/src/lib/openjp2/tcd.c +index be3b843..e6b84f9 100644 +--- a/src/lib/openjp2/tcd.c ++++ b/src/lib/openjp2/tcd.c +@@ -1219,9 +1219,12 @@ static OPJ_BOOL opj_tcd_code_block_enc_allocate_data(opj_tcd_cblk_enc_t * + + /* +1 is needed for https://github.com/uclouvain/openjpeg/issues/835 */ + /* and actually +2 required for https://github.com/uclouvain/openjpeg/issues/982 */ ++ /* and +7 for https://github.com/uclouvain/openjpeg/issues/1283 (-M 3) */ ++ /* and +26 for https://github.com/uclouvain/openjpeg/issues/1283 (-M 7) */ ++ /* and +28 for https://github.com/uclouvain/openjpeg/issues/1283 (-M 44) */ + /* TODO: is there a theoretical upper-bound for the compressed code */ + /* block size ? */ +- l_data_size = 2 + (OPJ_UINT32)((p_code_block->x1 - p_code_block->x0) * ++ l_data_size = 28 + (OPJ_UINT32)((p_code_block->x1 - p_code_block->x0) * + (p_code_block->y1 - p_code_block->y0) * (OPJ_INT32)sizeof(OPJ_UINT32)); + + if (l_data_size > p_code_block->data_size) { +-- +2.29.2 + diff --git a/main/openjpeg/CVE-2020-27823.patch b/main/openjpeg/CVE-2020-27823.patch new file mode 100644 index 00000000000..58193afd4c2 --- /dev/null +++ b/main/openjpeg/CVE-2020-27823.patch @@ -0,0 +1,28 @@ +From 40b4a8ea26a16cf95d9a63cec928eb0fbe65e04e Mon Sep 17 00:00:00 2001 +From: Leo <thinkabit.ukim@gmail.com> +Date: Wed, 23 Dec 2020 00:01:02 -0300 +Subject: [PATCH 2/3] CVE-2020-27823 + +--- + src/bin/jp2/convertpng.c | 4 ++-- + 1 file changed, 2 insertions(+), 2 deletions(-) + +diff --git a/src/bin/jp2/convertpng.c b/src/bin/jp2/convertpng.c +index 44d985f..1559c8f 100644 +--- a/src/bin/jp2/convertpng.c ++++ b/src/bin/jp2/convertpng.c +@@ -223,9 +223,9 @@ opj_image_t *pngtoimage(const char *read_idf, opj_cparameters_t * params) + image->x0 = (OPJ_UINT32)params->image_offset_x0; + image->y0 = (OPJ_UINT32)params->image_offset_y0; + image->x1 = (OPJ_UINT32)(image->x0 + (width - 1) * (OPJ_UINT32) +- params->subsampling_dx + 1 + image->x0); ++ params->subsampling_dx + 1); + image->y1 = (OPJ_UINT32)(image->y0 + (height - 1) * (OPJ_UINT32) +- params->subsampling_dy + 1 + image->y0); ++ params->subsampling_dy + 1); + + row32s = (OPJ_INT32 *)malloc((size_t)width * nr_comp * sizeof(OPJ_INT32)); + if (row32s == NULL) { +-- +2.29.2 + diff --git a/main/openjpeg/CVE-2020-27824.patch b/main/openjpeg/CVE-2020-27824.patch new file mode 100644 index 00000000000..b176d60b1e7 --- /dev/null +++ b/main/openjpeg/CVE-2020-27824.patch @@ -0,0 +1,25 @@ +From dcb3063cd8101c751f3fd97249f41aaabe17ec82 Mon Sep 17 00:00:00 2001 +From: Leo <thinkabit.ukim@gmail.com> +Date: Wed, 23 Dec 2020 00:01:25 -0300 +Subject: [PATCH 3/3] CVE-2020-27824 + +--- + src/lib/openjp2/dwt.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/src/lib/openjp2/dwt.c b/src/lib/openjp2/dwt.c +index 5930d1c..a1d5d61 100644 +--- a/src/lib/openjp2/dwt.c ++++ b/src/lib/openjp2/dwt.c +@@ -1293,7 +1293,7 @@ void opj_dwt_calc_explicit_stepsizes(opj_tccp_t * tccp, OPJ_UINT32 prec) + if (tccp->qntsty == J2K_CCP_QNTSTY_NOQNT) { + stepsize = 1.0; + } else { +- OPJ_FLOAT64 norm = opj_dwt_norms_real[orient][level]; ++ OPJ_FLOAT64 norm = opj_dwt_getnorm_real(level, orient); + stepsize = (1 << (gain)) / norm; + } + opj_dwt_encode_stepsize((OPJ_INT32) floor(stepsize * 8192.0), +-- +2.29.2 + |