commit jasper for openSUSE:Factory

Sat, 06 Mar 2021 12:19:04 -0800 

Script 'mail_helper' called by obssrc
Hello community,

here is the log from the commit of package jasper for openSUSE:Factory checked 
in at 2021-03-06 21:18:52
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:Factory/jasper (Old)
 and      /work/SRC/openSUSE:Factory/.jasper.new.2378 (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

Package is "jasper"

Sat Mar  6 21:18:52 2021 rev:7 rq:877263 version:2.0.26

Changes:
--------
--- /work/SRC/openSUSE:Factory/jasper/jasper.changes    2021-02-09 
21:16:10.518767719 +0100
+++ /work/SRC/openSUSE:Factory/.jasper.new.2378/jasper.changes  2021-03-06 
21:18:52.973251512 +0100
@@ -1,0 +2,7 @@
+Fri Mar  5 15:42:31 UTC 2021 - Michael Vetter <[email protected]>
+
+- Update to 2.0.26:
+  * Fix JP2 decoder bug that can cause a null pointer dereference
+    for some invalid CDEF boxes. (#268)
+
+-------------------------------------------------------------------

Old:
----
  version-2.0.25.tar.gz

New:
----
  version-2.0.26.tar.gz

++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

Other differences:
------------------
++++++ jasper.spec ++++++
--- /var/tmp/diff_new_pack.DlaIcA/_old  2021-03-06 21:18:54.721253306 +0100
+++ /var/tmp/diff_new_pack.DlaIcA/_new  2021-03-06 21:18:54.721253306 +0100
@@ -17,7 +17,7 @@
 
 
 Name:           jasper
-Version:        2.0.25
+Version:        2.0.26
 Release:        0
 Summary:        An Implementation of the JPEG-2000 Standard, Part 1
 License:        SUSE-Public-Domain

++++++ version-2.0.25.tar.gz -> version-2.0.26.tar.gz ++++++
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' 
'--exclude=.svnignore' old/jasper-version-2.0.25/CMakeLists.txt 
new/jasper-version-2.0.26/CMakeLists.txt
--- old/jasper-version-2.0.25/CMakeLists.txt    2021-02-07 22:12:04.000000000 
+0100
+++ new/jasper-version-2.0.26/CMakeLists.txt    2021-03-05 14:59:24.000000000 
+0100
@@ -17,7 +17,7 @@
 # The major, minor, and micro version numbers of the project.
 set(JAS_VERSION_MAJOR 2)
 set(JAS_VERSION_MINOR 0)
-set(JAS_VERSION_PATCH 25)
+set(JAS_VERSION_PATCH 26)
 
 # The project version.
 set(JAS_VERSION
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' 
'--exclude=.svnignore' old/jasper-version-2.0.25/NEWS 
new/jasper-version-2.0.26/NEWS
--- old/jasper-version-2.0.25/NEWS      2021-02-07 22:12:04.000000000 +0100
+++ new/jasper-version-2.0.26/NEWS      2021-03-05 14:59:24.000000000 +0100
@@ -1,8 +1,17 @@
+2.0.26 (2021-03-05)
+===================
+
+* Fix JP2 decoder bug that can cause a null pointer dereference for
+  some invalid CDEF boxes. (#268)
+
 2.0.25 (2021-02-07)
 ===================
 
 * Fix memory-related bugs in the JPEG-2000 codec resulting from
   attempting to decode invalid code streams. (#264, #265)
+  This fix is associated with CVE-2021-26926 and CVE-2021-26927.
+* Fix wrong return value under some compilers (#260)
+* Fix CVE-2021-3272 heap buffer overflow in jp2_decode (#259) 
 
 2.0.24 (2021-01-03)
 ===================
Binary files old/jasper-version-2.0.25/data/test/bad/268_poc.jp2 and 
new/jasper-version-2.0.26/data/test/bad/268_poc.jp2 differ
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' 
'--exclude=.svnignore' old/jasper-version-2.0.25/src/libjasper/jp2/jp2_dec.c 
new/jasper-version-2.0.26/src/libjasper/jp2/jp2_dec.c
--- old/jasper-version-2.0.25/src/libjasper/jp2/jp2_dec.c       2021-02-07 
22:12:04.000000000 +0100
+++ new/jasper-version-2.0.26/src/libjasper/jp2/jp2_dec.c       2021-03-05 
14:59:24.000000000 +0100
@@ -430,13 +430,21 @@
        /* Determine the type of each component. */
        if (dec->cdef) {
                for (i = 0; i < dec->cdef->data.cdef.numchans; ++i) {
+                       uint_fast16_t channo = 
dec->cdef->data.cdef.ents[i].channo;
                        /* Is the channel number reasonable? */
-                       if (dec->cdef->data.cdef.ents[i].channo >= 
dec->numchans) {
-                               jas_eprintf("error: invalid channel number in 
CDEF box\n");
+                       if (channo >= dec->numchans) {
+                               jas_eprintf("error: invalid channel number in 
CDEF box (%d)\n",
+                                 channo);
                                goto error;
                        }
-                       jas_image_setcmpttype(dec->image,
-                         
dec->chantocmptlut[dec->cdef->data.cdef.ents[i].channo],
+                       unsigned compno = dec->chantocmptlut[channo];
+                       if (compno >= jas_image_numcmpts(dec->image)) {
+                               jas_eprintf(
+                                 "error: invalid component reference in CDEF 
box (%d)\n",
+                                 compno);
+                               goto error;
+                       }
+                       jas_image_setcmpttype(dec->image, compno,
                          jp2_getct(jas_image_clrspc(dec->image),
                          dec->cdef->data.cdef.ents[i].type,
                          dec->cdef->data.cdef.ents[i].assoc));

Reply via email to