Script 'mail_helper' called by obssrc Hello community, here is the log from the commit of package jasper for openSUSE:Factory checked in at 2021-02-09 21:16:09 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/jasper (Old) and /work/SRC/openSUSE:Factory/.jasper.new.28504 (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "jasper" Tue Feb 9 21:16:09 2021 rev:6 rq:870221 version:2.0.25 Changes: -------- --- /work/SRC/openSUSE:Factory/jasper/jasper.changes 2021-01-04 19:08:46.355352860 +0100 +++ /work/SRC/openSUSE:Factory/.jasper.new.28504/jasper.changes 2021-02-09 21:16:10.518767719 +0100 @@ -1,0 +2,10 @@ +Mon Feb 8 09:02:13 UTC 2021 - Michael Vetter <[email protected]> + +- Update to 2.0.25: + * Fix memory-related bugs in the JPEG-2000 codec resulting from + attempting to decode invalid code streams. (#264, #265) + * Fix wrong return value under some compilers (#260) + * Fix bsc#1181483 CVE-2021-3272 heap buffer overflow + in jp2_decode (#259) + +------------------------------------------------------------------- Old: ---- version-2.0.24.tar.gz New: ---- version-2.0.25.tar.gz ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ jasper.spec ++++++ --- /var/tmp/diff_new_pack.rp4z15/_old 2021-02-09 21:16:11.282768589 +0100 +++ /var/tmp/diff_new_pack.rp4z15/_new 2021-02-09 21:16:11.286768593 +0100 @@ -17,7 +17,7 @@ Name: jasper -Version: 2.0.24 +Version: 2.0.25 Release: 0 Summary: An Implementation of the JPEG-2000 Standard, Part 1 License: SUSE-Public-Domain ++++++ version-2.0.24.tar.gz -> version-2.0.25.tar.gz ++++++ diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/jasper-version-2.0.24/CMakeLists.txt new/jasper-version-2.0.25/CMakeLists.txt --- old/jasper-version-2.0.24/CMakeLists.txt 2021-01-04 10:11:50.000000000 +0100 +++ new/jasper-version-2.0.25/CMakeLists.txt 2021-02-07 22:12:04.000000000 +0100 @@ -17,7 +17,7 @@ # The major, minor, and micro version numbers of the project. set(JAS_VERSION_MAJOR 2) set(JAS_VERSION_MINOR 0) -set(JAS_VERSION_PATCH 24) +set(JAS_VERSION_PATCH 25) # The project version. set(JAS_VERSION diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/jasper-version-2.0.24/NEWS new/jasper-version-2.0.25/NEWS --- old/jasper-version-2.0.24/NEWS 2021-01-04 10:11:50.000000000 +0100 +++ new/jasper-version-2.0.25/NEWS 2021-02-07 22:12:04.000000000 +0100 @@ -1,3 +1,9 @@ +2.0.25 (2021-02-07) +=================== + +* Fix memory-related bugs in the JPEG-2000 codec resulting from + attempting to decode invalid code streams. (#264, #265) + 2.0.24 (2021-01-03) =================== Binary files old/jasper-version-2.0.24/data/test/bad/hoob_8.jp2 and new/jasper-version-2.0.25/data/test/bad/hoob_8.jp2 differ Binary files old/jasper-version-2.0.24/data/test/bad/poc_264.jp2 and new/jasper-version-2.0.25/data/test/bad/poc_264.jp2 differ Binary files old/jasper-version-2.0.24/data/test/bad/poc_265.jp2 and new/jasper-version-2.0.25/data/test/bad/poc_265.jp2 differ diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/jasper-version-2.0.24/src/libjasper/jp2/jp2_dec.c new/jasper-version-2.0.25/src/libjasper/jp2/jp2_dec.c --- old/jasper-version-2.0.24/src/libjasper/jp2/jp2_dec.c 2021-01-04 10:11:50.000000000 +0100 +++ new/jasper-version-2.0.25/src/libjasper/jp2/jp2_dec.c 2021-02-07 22:12:04.000000000 +0100 @@ -232,7 +232,8 @@ the value specified in the code stream? */ if (dec->ihdr->data.ihdr.numcmpts != JAS_CAST(jas_uint, jas_image_numcmpts(dec->image))) { - jas_eprintf("warning: number of components mismatch\n"); + jas_eprintf("error: number of components mismatch (IHDR)\n"); + goto error; } /* At least one component must be present. */ @@ -255,7 +256,8 @@ with the data in the code stream? */ if ((samedtype && dec->ihdr->data.ihdr.bpc != JP2_DTYPETOBPC(dtype)) || (!samedtype && dec->ihdr->data.ihdr.bpc != JP2_IHDR_BPCNULL)) { - jas_eprintf("warning: component data type mismatch\n"); + jas_eprintf("error: component data type mismatch (IHDR)\n"); + goto error; } /* Is the compression type supported? */ @@ -267,9 +269,10 @@ if (dec->bpcc) { /* Is the number of components indicated in the BPCC box consistent with the code stream data? */ - if (dec->bpcc->data.bpcc.numcmpts != JAS_CAST(jas_uint, jas_image_numcmpts( - dec->image))) { - jas_eprintf("warning: number of components mismatch\n"); + if (dec->bpcc->data.bpcc.numcmpts != + JAS_CAST(jas_uint, jas_image_numcmpts(dec->image))) { + jas_eprintf("error: number of components mismatch (BPCC)\n"); + goto error; } /* Is the component data type information indicated in the BPCC box consistent with the code stream data? */ @@ -278,7 +281,8 @@ ++i) { if (jas_image_cmptdtype(dec->image, i) != JP2_BPCTODTYPE(dec->bpcc->data.bpcc.bpcs[i])) { - jas_eprintf("warning: component data type mismatch\n"); + jas_eprintf("error: component data type mismatch (BPCC)\n"); + goto error; } } } else { @@ -409,6 +413,14 @@ } } + /* Ensure that the number of channels being used by the decoder + matches the number of image components. */ + if (dec->numchans != jas_image_numcmpts(dec->image)) { + jas_eprintf("error: mismatch in number of components (%d != %d)\n", + dec->numchans, jas_image_numcmpts(dec->image)); + goto error; + } + /* Mark all components as being of unknown type. */ for (i = 0; i < JAS_CAST(jas_uint, jas_image_numcmpts(dec->image)); ++i) { diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/jasper-version-2.0.24/src/libjasper/jpc/jpc_enc.c new/jasper-version-2.0.25/src/libjasper/jpc/jpc_enc.c --- old/jasper-version-2.0.24/src/libjasper/jpc/jpc_enc.c 2021-01-04 10:11:50.000000000 +0100 +++ new/jasper-version-2.0.25/src/libjasper/jpc/jpc_enc.c 2021-02-07 22:12:04.000000000 +0100 @@ -390,6 +390,7 @@ cp->tilewidth = 0; cp->tileheight = 0; cp->numcmpts = jas_image_numcmpts(image); + cp->tcp.ilyrrates = NULL; hsteplcm = 1; vsteplcm = 1; @@ -1386,20 +1387,13 @@ tile->lyrsizes[lyrno] = tile->rawsize * jpc_fixtodbl( cp->tcp.ilyrrates[lyrno]); } -#if !defined(__clang__) - // WARNING: - // Some versions of Clang (e.g., 3.7.1 and 3.8.1) appear to generate - // incorrect code for the following line. - tile->lyrsizes[tile->numlyrs - 1] = - (cp->totalsize != UINT_FAST32_MAX) ? - (rho * enc->mainbodysize) : UINT_FAST32_MAX; -#else + if (cp->totalsize != UINT_FAST32_MAX) { tile->lyrsizes[tile->numlyrs - 1] = (rho * enc->mainbodysize); } else { tile->lyrsizes[tile->numlyrs - 1] = UINT_FAST32_MAX; } -#endif + //jas_eprintf("TESTING %ld %ld\n", cp->totalsize != UINT_FAST32_MAX, tile->lyrsizes[0]); for (unsigned lyrno = 0; lyrno < tile->numlyrs; ++lyrno) { if (tile->lyrsizes[lyrno] != UINT_FAST32_MAX) {
