[mingw-openjpeg] Update spec, rebase patches
Sandro Mani
smani at fedoraproject.org
Thu Dec 5 09:58:41 UTC 2013
commit f4d7eb0ddc6111be942f625ef601046828f4adbe
Author: Sandro Mani <manisandro at gmail.com>
Date: Thu Dec 5 10:58:29 2013 +0100
Update spec, rebase patches
mingw-openjpeg.spec | 23 +++++++++++++++------
openjpeg-1.5-r2029.patch | 30 ++++++++-------------------
openjpeg-1.5-r2031.patch | 18 +++++++---------
openjpeg-1.5-r2032.patch | 11 ++++-----
openjpeg-1.5-r2033.patch | 49 ----------------------------------------------
5 files changed, 38 insertions(+), 93 deletions(-)
---
diff --git a/mingw-openjpeg.spec b/mingw-openjpeg.spec
index 29d04cd..1329023 100644
--- a/mingw-openjpeg.spec
+++ b/mingw-openjpeg.spec
@@ -4,7 +4,7 @@
Name: mingw-%{pkgname}
Version: 1.5.1
-Release: 4%{?dist}
+Release: 5%{?dist}
Summary: MinGW Windows OpenJPEG library
License: BSD
Group: Development/Libraries
@@ -13,6 +13,12 @@ URL: http://code.google.com/p/openjpeg/
Source0: http://openjpeg.googlecode.com/files/%{pkgname}-%{version}.tar.gz
# The replace the OPJ_CHECK_LIB macro with PKG_CHECK_MODULES, since OPJ_CHECK_LIB searches in /usr/include and screws up the build...
Patch0: openjpeg-1.5_tiff-pkgconfig.patch
+# CVE-2013-6052, see rhbz#1036491
+Patch1: rhbz1036491_CVE-2013-6052.patch
+# CVE-2013-6053, see rhbz#1036493
+Patch2: rhbz1036493_CVE-2013-6053.patch
+# CVE-2013-6045, see rhbz#1036495
+Patch3: rhbz1036495_CVE-2013-6045.patch
## Upstream patches:
# http://code.google.com/p/openjpeg/issues/detail?id=155
Patch100: openjpeg-1.5-r2029.patch
@@ -20,8 +26,6 @@ Patch100: openjpeg-1.5-r2029.patch
Patch101: openjpeg-1.5-r2031.patch
# http://code.google.com/p/openjpeg/issues/detail?id=169
Patch102: openjpeg-1.5-r2032.patch
-# http://code.google.com/p/openjpeg/issues/detail?id=166
-Patch103: openjpeg-1.5-r2033.patch
# There are some bogous includes...
BuildRequires: autoconf automake libtool
@@ -83,10 +87,12 @@ Static version of the MinGW Windows OpenJPEG library.
%prep
%setup -q -n %{pkgname}-%{version}
%patch0 -p1
-%patch100 -p0
-%patch101 -p0
-%patch102 -p0
-%patch103 -p0
+%patch1 -p1
+%patch2 -p1
+%patch3 -p1
+%patch100 -p1
+%patch101 -p1
+%patch102 -p1
%build
@@ -140,6 +146,9 @@ rm -f %{buildroot}%{mingw64_bindir}/*.exe
%changelog
+* Thu Dec 05 2013 Sandro Mani <manisandro at gmail.com> - 1.5.1-5
+- Fix CVE-2013-6045 CVE-2013-6052 CVE-2013-6053 (see rhbz#1038410)
+
* Sat Aug 03 2013 Fedora Release Engineering <rel-eng at lists.fedoraproject.org> - 1.5.1-4
- Rebuilt for https://fedoraproject.org/wiki/Fedora_20_Mass_Rebuild
diff --git a/openjpeg-1.5-r2029.patch b/openjpeg-1.5-r2029.patch
index a1a819a..f69ef2d 100644
--- a/openjpeg-1.5-r2029.patch
+++ b/openjpeg-1.5-r2029.patch
@@ -1,19 +1,7 @@
-Index: libopenjpeg/jp2.c
-===================================================================
---- libopenjpeg/jp2.c (revision 2028)
-+++ libopenjpeg/jp2.c (revision 2029)
-@@ -173,6 +173,10 @@
- else if (box->length == 0) {
- box->length = cio_numbytesleft(cio) + 8;
- }
-+ if (box->length < 0) {
-+ opj_event_msg(cinfo, EVT_ERROR, "Integer overflow in box->length\n");
-+ return OPJ_FALSE; // TODO: actually check jp2_read_boxhdr's return value
-+ }
-
- return OPJ_TRUE;
- }
-@@ -654,6 +658,7 @@
+diff -rupN openjpeg-1.5.1/libopenjpeg/jp2.c openjpeg-1.5.1-new/libopenjpeg/jp2.c
+--- openjpeg-1.5.1/libopenjpeg/jp2.c 2013-12-05 10:25:07.000000000 +0100
++++ openjpeg-1.5.1-new/libopenjpeg/jp2.c 2013-12-05 10:37:31.226998949 +0100
+@@ -657,6 +661,7 @@ opj_bool jp2_read_jp2h(opj_jp2_t *jp2, o
opj_event_msg(cinfo, EVT_ERROR, "Expected JP2H Marker\n");
return OPJ_FALSE;
}
@@ -21,7 +9,7 @@ Index: libopenjpeg/jp2.c
cio_skip(cio, box.length - 8);
if(cio->bp >= cio->end) return OPJ_FALSE;
-@@ -679,6 +684,7 @@
+@@ -682,6 +687,7 @@ opj_bool jp2_read_jp2h(opj_jp2_t *jp2, o
{
if( !jp2_read_colr(jp2, cio, &box, color))
{
@@ -29,7 +17,7 @@ Index: libopenjpeg/jp2.c
cio_seek(cio, box.init_pos + 8);
cio_skip(cio, box.length - 8);
}
-@@ -689,6 +695,7 @@
+@@ -692,6 +698,7 @@ opj_bool jp2_read_jp2h(opj_jp2_t *jp2, o
{
if( !jp2_read_cdef(jp2, cio, &box, color))
{
@@ -37,7 +25,7 @@ Index: libopenjpeg/jp2.c
cio_seek(cio, box.init_pos + 8);
cio_skip(cio, box.length - 8);
}
-@@ -699,6 +706,7 @@
+@@ -702,6 +709,7 @@ opj_bool jp2_read_jp2h(opj_jp2_t *jp2, o
{
if( !jp2_read_pclr(jp2, cio, &box, color))
{
@@ -45,7 +33,7 @@ Index: libopenjpeg/jp2.c
cio_seek(cio, box.init_pos + 8);
cio_skip(cio, box.length - 8);
}
-@@ -709,12 +717,14 @@
+@@ -712,12 +720,14 @@ opj_bool jp2_read_jp2h(opj_jp2_t *jp2, o
{
if( !jp2_read_cmap(jp2, cio, &box, color))
{
@@ -60,7 +48,7 @@ Index: libopenjpeg/jp2.c
cio_seek(cio, box.init_pos + 8);
cio_skip(cio, box.length - 8);
if( jp2_read_boxhdr(cinfo, cio, &box) == OPJ_FALSE ) return OPJ_FALSE;
-@@ -910,12 +920,14 @@
+@@ -913,12 +923,14 @@ static opj_bool jp2_read_jp2c(opj_jp2_t
}
do {
if(JP2_JP2C != box.type) {
diff --git a/openjpeg-1.5-r2031.patch b/openjpeg-1.5-r2031.patch
index d8249ac..25ff40e 100644
--- a/openjpeg-1.5-r2031.patch
+++ b/openjpeg-1.5-r2031.patch
@@ -1,8 +1,7 @@
-Index: libopenjpeg/jpwl/Makefile.am
-===================================================================
---- libopenjpeg/jpwl/Makefile.am (revision 2030)
-+++ libopenjpeg/jpwl/Makefile.am (revision 2031)
-@@ -18,7 +18,6 @@
+diff -rupN openjpeg-1.5.1/libopenjpeg/jpwl/Makefile.am openjpeg-1.5.1-new/libopenjpeg/jpwl/Makefile.am
+--- openjpeg-1.5.1/libopenjpeg/jpwl/Makefile.am 2012-09-13 09:58:39.000000000 +0200
++++ openjpeg-1.5.1-new/libopenjpeg/jpwl/Makefile.am 2013-12-05 10:38:30.812924789 +0100
+@@ -18,7 +18,6 @@ OPJ_SRC = \
../pi.c \
../raw.c \
../t1.c \
@@ -10,11 +9,10 @@ Index: libopenjpeg/jpwl/Makefile.am
../t2.c \
../tcd.c \
../tgt.c \
-Index: libopenjpeg/Makefile.am
-===================================================================
---- libopenjpeg/Makefile.am (revision 2030)
-+++ libopenjpeg/Makefile.am (revision 2031)
-@@ -35,7 +35,6 @@
+diff -rupN openjpeg-1.5.1/libopenjpeg/Makefile.am openjpeg-1.5.1-new/libopenjpeg/Makefile.am
+--- openjpeg-1.5.1/libopenjpeg/Makefile.am 2012-09-13 09:58:39.000000000 +0200
++++ openjpeg-1.5.1-new/libopenjpeg/Makefile.am 2013-12-05 10:38:30.812924789 +0100
+@@ -35,7 +35,6 @@ openjpeg.c \
pi.c \
raw.c \
t1.c \
diff --git a/openjpeg-1.5-r2032.patch b/openjpeg-1.5-r2032.patch
index 3d7d4fa..be142a4 100644
--- a/openjpeg-1.5-r2032.patch
+++ b/openjpeg-1.5-r2032.patch
@@ -1,8 +1,7 @@
-Index: libopenjpeg/j2k.c
-===================================================================
---- libopenjpeg/j2k.c (revision 2031)
-+++ libopenjpeg/j2k.c (revision 2032)
-@@ -468,6 +468,12 @@
+diff -rupN openjpeg-1.5.1/libopenjpeg/j2k.c openjpeg-1.5.1-new/libopenjpeg/j2k.c
+--- openjpeg-1.5.1/libopenjpeg/j2k.c 2013-12-05 10:32:34.000000000 +0100
++++ openjpeg-1.5.1-new/libopenjpeg/j2k.c 2013-12-05 10:38:58.140358825 +0100
+@@ -468,6 +468,12 @@ static void j2k_read_siz(opj_j2k_t *j2k)
}
#endif /* USE_JPWL */
@@ -15,7 +14,7 @@ Index: libopenjpeg/j2k.c
image->comps = (opj_image_comp_t*) opj_calloc(image->numcomps, sizeof(opj_image_comp_t));
for (i = 0; i < image->numcomps; i++) {
int tmp, w, h;
-@@ -506,6 +512,12 @@
+@@ -506,6 +512,12 @@ static void j2k_read_siz(opj_j2k_t *j2k)
}
#endif /* USE_JPWL */
More information about the scm-commits
mailing list