commit openjpeg for openSUSE:12.2
Hello community, here is the log from the commit of package openjpeg for openSUSE:12.2 checked in at 2012-07-18 17:37:17 Comparing /work/SRC/openSUSE:12.2/openjpeg (Old) and /work/SRC/openSUSE:12.2/.openjpeg.new (New) Package is openjpeg, Maintainer is Changes: --- /work/SRC/openSUSE:12.2/openjpeg/openjpeg.changes 2012-07-12 10:49:54.0 +0200 +++ /work/SRC/openSUSE:12.2/.openjpeg.new/openjpeg.changes 2012-07-18 17:37:18.0 +0200 @@ -1,0 +2,5 @@ +Tue Jul 17 08:44:15 UTC 2012 - idon...@suse.com + +- Add baselibs.conf + +--- New: baselibs.conf Other differences: -- ++ openjpeg.spec ++ --- /var/tmp/diff_new_pack.CMV4Ca/_old 2012-07-18 17:37:18.0 +0200 +++ /var/tmp/diff_new_pack.CMV4Ca/_new 2012-07-18 17:37:18.0 +0200 @@ -24,6 +24,7 @@ Group: Productivity/Graphics/Other Url:http://www.openjpeg.org/ Source0:http://openjpeg.googlecode.com/files/%{name}-%{version}.tar.gz +Source1:baselibs.conf # PATCH-FIX-OPENSUSE openjpeg-1.5.0-cmake_Config.patch rh#669425 asterios.dra...@gmail.com -- Fix OpenJPEGConfig.cmake (taken from Fedora) Patch0: openjpeg-1.5.0-cmake_Config.patch # PATCH-FIX-OPENSUSE openjpeg-1.5.0-cmake_header_symlink.patch asterios.dra...@gmail.com -- Fix cmake create_symlink usage for header file (taken from Fedora) ++ baselibs.conf ++ libopenjpeg1 openjpeg-devel requires -openjpeg-targettype requires libopenjpeg1-targettype = version -- To unsubscribe, e-mail: opensuse-commit+unsubscr...@opensuse.org For additional commands, e-mail: opensuse-commit+h...@opensuse.org
commit openjpeg for openSUSE:12.2
Hello community, here is the log from the commit of package openjpeg for openSUSE:12.2 checked in at 2012-07-12 10:49:53 Comparing /work/SRC/openSUSE:12.2/openjpeg (Old) and /work/SRC/openSUSE:12.2/.openjpeg.new (New) Package is openjpeg, Maintainer is Changes: --- /work/SRC/openSUSE:12.2/openjpeg/openjpeg.changes 2012-06-29 11:21:17.0 +0200 +++ /work/SRC/openSUSE:12.2/.openjpeg.new/openjpeg.changes 2012-07-12 10:49:54.0 +0200 @@ -1,0 +2,6 @@ +Wed Jul 11 18:08:54 UTC 2012 - asterios.dra...@gmail.com + +- Added a patch (heap_buffer_overflow_fix.patch) to fix heap-based buffer + overflow when processing JPEG2000 images - (CVE-2012-3358), (bnc#770649). + +--- New: heap_buffer_overflow_fix.patch Other differences: -- ++ openjpeg.spec ++ --- /var/tmp/diff_new_pack.B8wAhb/_old 2012-07-12 10:49:54.0 +0200 +++ /var/tmp/diff_new_pack.B8wAhb/_new 2012-07-12 10:49:54.0 +0200 @@ -34,6 +34,8 @@ Patch3: openjpeg-1.5.0-pkgconfig_includedir.patch # PATCH-FIX-UPSTREAM heap_corruption_fix.patch CVE-2009-5030 bnc#757260 asterios.dra...@gmail.com -- Fix heap corruption when processing certain Gray16 TIFF images (http://code.google.com/p/openjpeg/source/detail?r=1703) Patch4: heap_corruption_fix.patch +# PATCH-FIX-UPSTREAM heap_buffer_overflow_fix.patch CVE-2012-3358 bnc#770649 asterios.dra...@gmail.com -- Fix heap-based buffer overflow when processing JPEG2000 images (http://code.google.com/p/openjpeg/source/detail?r=1727) +Patch5: heap_buffer_overflow_fix.patch BuildRequires: cmake BuildRequires: doxygen BuildRequires: liblcms2-devel @@ -72,6 +74,7 @@ %patch2 -p1 %patch3 -p1 %patch4 -p1 +%patch5 -p1 # Remove build time references so build-compare can do its work sed -i s/HTML_TIMESTAMP = YES/HTML_TIMESTAMP = NO/g doc/Doxyfile.dox.cmake.in ++ heap_buffer_overflow_fix.patch ++ --- openjpeg-1.5.0/libopenjpeg/j2k.c2012-07-11 20:58:56.750305572 +0300 +++ openjpeg-1.5.0/libopenjpeg/j2k.c.r1727 2012-07-11 20:56:20.576415007 +0300 @@ -1279,7 +1279,7 @@ static int backup_tileno = 0; /* tileno is negative or larger than the number of tiles!!! */ - if ((tileno 0) || (tileno (cp-tw * cp-th))) { + if ((tileno 0) || (tileno = (cp-tw * cp-th))) { opj_event_msg(j2k-cinfo, EVT_ERROR, JPWL: bad tile number (%d out of a maximum of %d)\n, tileno, (cp-tw * cp-th)); @@ -1296,8 +1296,18 @@ /* keep your private count of tiles */ backup_tileno++; - }; + } + else #endif /* USE_JPWL */ + { +/* tileno is negative or larger than the number of tiles!!! */ +if ((tileno 0) || (tileno = (cp-tw * cp-th))) { + opj_event_msg(j2k-cinfo, EVT_ERROR, +JPWL: bad tile number (%d out of a maximum of %d)\n, +tileno, (cp-tw * cp-th)); + return; +} + } if (cp-tileno_size == 0) { cp-tileno[cp-tileno_size] = tileno; @@ -1335,8 +1345,18 @@ totlen); } - }; + } + else #endif /* USE_JPWL */ + { +/* totlen is negative or larger than the bytes left!!! */ +if ((totlen 0) || (totlen (cio_numbytesleft(cio) + 8))) { + opj_event_msg(j2k-cinfo, EVT_ERROR, +JPWL: bad tile byte size (%d bytes against %d bytes left)\n, +totlen, cio_numbytesleft(cio) + 8); + return; +} + } if (!totlen) totlen = cio_numbytesleft(cio) + 8; -- To unsubscribe, e-mail: opensuse-commit+unsubscr...@opensuse.org For additional commands, e-mail: opensuse-commit+h...@opensuse.org
commit openjpeg for openSUSE:12.2
Hello community, here is the log from the commit of package openjpeg for openSUSE:12.2 checked in at 2012-06-29 10:21:38 Comparing /work/SRC/openSUSE:12.2/openjpeg (Old) and /work/SRC/openSUSE:12.2/.openjpeg.new (New) Package is openjpeg, Maintainer is Changes: --- /work/SRC/openSUSE:12.2/openjpeg/openjpeg.changes 2012-06-25 15:47:37.0 +0200 +++ /work/SRC/openSUSE:12.2/.openjpeg.new/openjpeg.changes 2012-06-29 11:21:17.0 +0200 @@ -1,0 +2,6 @@ +Thu Jun 28 18:42:41 UTC 2012 - asterios.dra...@gmail.com + +- Added a patch (heap_corruption_fix.patch) to fix heap corruption when + processing certain Gray16 TIFF images - (CVE-2009-5030), (bnc#757260). + +--- New: heap_corruption_fix.patch Other differences: -- ++ openjpeg.spec ++ --- /var/tmp/diff_new_pack.0Fadt2/_old 2012-06-29 11:21:17.0 +0200 +++ /var/tmp/diff_new_pack.0Fadt2/_new 2012-06-29 11:21:17.0 +0200 @@ -32,6 +32,8 @@ Patch2: openjpeg-1.5.0-cmake_libdir.patch # PATCH-FIX-UPSTREAM openjpeg-1.5.0-pkgconfig_includedir.patch asterios.dra...@gmail.com -- Fix includedir in pkgconfig file (taken from Fedora) Patch3: openjpeg-1.5.0-pkgconfig_includedir.patch +# PATCH-FIX-UPSTREAM heap_corruption_fix.patch CVE-2009-5030 bnc#757260 asterios.dra...@gmail.com -- Fix heap corruption when processing certain Gray16 TIFF images (http://code.google.com/p/openjpeg/source/detail?r=1703) +Patch4: heap_corruption_fix.patch BuildRequires: cmake BuildRequires: doxygen BuildRequires: liblcms2-devel @@ -69,6 +71,7 @@ %patch1 -p1 %patch2 -p1 %patch3 -p1 +%patch4 -p1 # Remove build time references so build-compare can do its work sed -i s/HTML_TIMESTAMP = YES/HTML_TIMESTAMP = NO/g doc/Doxyfile.dox.cmake.in ++ heap_corruption_fix.patch ++ --- openjpeg-1.5.0/libopenjpeg/tcd.c2012-02-07 12:49:55.0 +0200 +++ openjpeg-1.5.0/libopenjpeg/tcd.c.r1703 2012-06-28 20:34:17.633818590 +0300 @@ -333,7 +333,7 @@ cblk-y0 = int_max(cblkystart, prc-y0); cblk-x1 = int_min(cblkxend, prc-x1); cblk-y1 = int_min(cblkyend, prc-y1); - cblk-data = (unsigned char*) opj_calloc(8192+2, sizeof(unsigned char)); + cblk-data = (unsigned char*) opj_calloc(9728+2, sizeof(unsigned char)); /* FIXME: mqc_init_enc and mqc_byteout underrun the buffer if we don't do this. Why? */ cblk-data += 2; cblk-layers = (opj_tcd_layer_t*) opj_calloc(100, sizeof(opj_tcd_layer_t)); -- To unsubscribe, e-mail: opensuse-commit+unsubscr...@opensuse.org For additional commands, e-mail: opensuse-commit+h...@opensuse.org