From abd9df8c4623cc44ef77be69977e2635c0fdd3bf Mon Sep 17 00:00:00 2001 From: Mark H Weaver Date: Mon, 4 Sep 2017 23:48:55 -0400 Subject: [PATCH 1/3] gnu: openjpeg: Update to 2.2.0-1.3a382d312. * gnu/packages/image.scm (openjpeg): Switch to using a git checkout, and update to 2.2.0-1.3a382d312. Remove patches. * gnu/packages/patches/openjpeg-CVE-2017-12982.patch, gnu/packages/patches/openjpeg-CVE-2017-14040.patch, gnu/packages/patches/openjpeg-CVE-2017-14041.patch, gnu/packages/patches/openjpeg-CVE-2017-14151.patch, gnu/packages/patches/openjpeg-CVE-2017-14152.patch: Delete files. * gnu/local.mk (dist_patch_DATA): Remove them. --- gnu/local.mk | 5 -- gnu/packages/image.scm | 48 ++++++------- gnu/packages/patches/openjpeg-CVE-2017-12982.patch | 28 -------- gnu/packages/patches/openjpeg-CVE-2017-14040.patch | 83 ---------------------- gnu/packages/patches/openjpeg-CVE-2017-14041.patch | 25 ------- gnu/packages/patches/openjpeg-CVE-2017-14151.patch | 46 ------------ gnu/packages/patches/openjpeg-CVE-2017-14152.patch | 38 ---------- 7 files changed, 22 insertions(+), 251 deletions(-) delete mode 100644 gnu/packages/patches/openjpeg-CVE-2017-12982.patch delete mode 100644 gnu/packages/patches/openjpeg-CVE-2017-14040.patch delete mode 100644 gnu/packages/patches/openjpeg-CVE-2017-14041.patch delete mode 100644 gnu/packages/patches/openjpeg-CVE-2017-14151.patch delete mode 100644 gnu/packages/patches/openjpeg-CVE-2017-14152.patch diff --git a/gnu/local.mk b/gnu/local.mk index 19077279a..7942993d9 100644 --- a/gnu/local.mk +++ b/gnu/local.mk @@ -899,11 +899,6 @@ dist_patch_DATA = \ %D%/packages/patches/ola-readdir-r.patch \ %D%/packages/patches/openscenegraph-ffmpeg3.patch \ %D%/packages/patches/openexr-missing-samples.patch \ - %D%/packages/patches/openjpeg-CVE-2017-12982.patch \ - %D%/packages/patches/openjpeg-CVE-2017-14040.patch \ - %D%/packages/patches/openjpeg-CVE-2017-14041.patch \ - %D%/packages/patches/openjpeg-CVE-2017-14151.patch \ - %D%/packages/patches/openjpeg-CVE-2017-14152.patch \ %D%/packages/patches/openldap-CVE-2017-9287.patch \ %D%/packages/patches/openocd-nrf52.patch \ %D%/packages/patches/openssl-runpath.patch \ diff --git a/gnu/packages/image.scm b/gnu/packages/image.scm index 3bb8de15c..0195ab2bd 100644 --- a/gnu/packages/image.scm +++ b/gnu/packages/image.scm @@ -1,7 +1,7 @@ ;;; GNU Guix --- Functional package management for GNU ;;; Copyright © 2013, 2017 Ludovic Courtès ;;; Copyright © 2013, 2015, 2016 Andreas Enge -;;; Copyright © 2014, 2015, 2016 Mark H Weaver +;;; Copyright © 2014, 2015, 2016, 2017 Mark H Weaver ;;; Copyright © 2014, 2015 Alex Kost ;;; Copyright © 2014, 2016, 2017 Ricardo Wurmus ;;; Copyright © 2015 Taylan Ulrich Bayırlı/Kammer @@ -507,35 +507,31 @@ work.") (license license:gpl2+))) (define-public openjpeg - (package - (name "openjpeg") - (version "2.2.0") - (source - (origin - (method url-fetch) - (uri - (string-append "https://github.com/uclouvain/openjpeg/archive/v" - version ".tar.gz")) - (file-name (string-append name "-" version ".tar.gz")) - (sha256 - (base32 - "0yvfghxwfm3dcqr9krkw63pcd76hzkknc3fh7bh11s8qlvjvrpbg")) - (patches (search-patches "openjpeg-CVE-2017-12982.patch" - "openjpeg-CVE-2017-14040.patch" - "openjpeg-CVE-2017-14041.patch" - "openjpeg-CVE-2017-14151.patch" - "openjpeg-CVE-2017-14152.patch")))) - (build-system cmake-build-system) - (arguments + (let ((commit "3a382d312306f45853b3ad78b770754d4bc7e440") + (revision "1")) + (package + (name "openjpeg") + (version (string-append "2.2.0-" revision "." (string-take commit 9))) + (source (origin + (method git-fetch) + (uri (git-reference + (url "https://github.com/uclouvain/openjpeg") + (commit commit))) + (file-name (string-append name "-" version "-checkout")) + (sha256 + (base32 + "1w3xpwhf3ik07g9xmzpy6l24zi79p78sih2mz8j398z64k546yd7")))) + (build-system cmake-build-system) + (arguments ;; Trying to run `$ make check' results in a no rule fault. '(#:tests? #f)) - (inputs + (inputs `(("lcms" ,lcms) ("libpng" ,libpng) ("libtiff" ,libtiff) ("zlib" ,zlib))) - (synopsis "JPEG 2000 codec") - (description + (synopsis "JPEG 2000 codec") + (description "The OpenJPEG library is a JPEG 2000 codec written in C. It has been developed in order to promote the use of JPEG 2000, the new still-image compression standard from the Joint Photographic Experts @@ -545,8 +541,8 @@ In addition to the basic codec, various other features are under development, among them the JP2 and MJ2 (Motion JPEG 2000) file formats, an indexing tool useful for the JPIP protocol, JPWL-tools for error-resilience, a Java-viewer for j2k-images, ...") - (home-page "https://github.com/uclouvain/openjpeg") - (license license:bsd-2))) + (home-page "https://github.com/uclouvain/openjpeg") + (license license:bsd-2)))) (define-public openjpeg-1 (package (inherit openjpeg) diff --git a/gnu/packages/patches/openjpeg-CVE-2017-12982.patch b/gnu/packages/patches/openjpeg-CVE-2017-12982.patch deleted file mode 100644 index 3929a7357..000000000 --- a/gnu/packages/patches/openjpeg-CVE-2017-12982.patch +++ /dev/null @@ -1,28 +0,0 @@ -http://openwall.com/lists/oss-security/2017/08/21/1 -https://github.com/uclouvain/openjpeg/commit/baf0c1ad4572daa89caa3b12985bdd93530f0dd7.patch - -From baf0c1ad4572daa89caa3b12985bdd93530f0dd7 Mon Sep 17 00:00:00 2001 -From: Even Rouault -Date: Mon, 14 Aug 2017 17:26:58 +0200 -Subject: [PATCH] bmp_read_info_header(): reject bmp files with biBitCount == 0 - (#983) - ---- - src/bin/jp2/convertbmp.c | 4 ++++ - 1 file changed, 4 insertions(+) - -diff --git a/src/bin/jp2/convertbmp.c b/src/bin/jp2/convertbmp.c -index b49e7a080..2715fdf24 100644 ---- a/src/bin/jp2/convertbmp.c -+++ b/src/bin/jp2/convertbmp.c -@@ -392,6 +392,10 @@ static OPJ_BOOL bmp_read_info_header(FILE* IN, OPJ_BITMAPINFOHEADER* header) - - header->biBitCount = (OPJ_UINT16)getc(IN); - header->biBitCount |= (OPJ_UINT16)((OPJ_UINT32)getc(IN) << 8); -+ if (header->biBitCount == 0) { -+ fprintf(stderr, "Error, invalid biBitCount %d\n", 0); -+ return OPJ_FALSE; -+ } - - if (header->biSize >= 40U) { - header->biCompression = (OPJ_UINT32)getc(IN); diff --git a/gnu/packages/patches/openjpeg-CVE-2017-14040.patch b/gnu/packages/patches/openjpeg-CVE-2017-14040.patch deleted file mode 100644 index bd7473ba0..000000000 --- a/gnu/packages/patches/openjpeg-CVE-2017-14040.patch +++ /dev/null @@ -1,83 +0,0 @@ -http://openwall.com/lists/oss-security/2017/08/28/3 -https://github.com/uclouvain/openjpeg/commit/2cd30c2b06ce332dede81cccad8b334cde997281.patch - -From 2cd30c2b06ce332dede81cccad8b334cde997281 Mon Sep 17 00:00:00 2001 -From: Even Rouault -Date: Thu, 17 Aug 2017 11:47:40 +0200 -Subject: [PATCH] tgatoimage(): avoid excessive memory allocation attempt, and - fixes unaligned load (#995) - ---- - src/bin/jp2/convert.c | 39 +++++++++++++++++++++++++++------------ - 1 file changed, 27 insertions(+), 12 deletions(-) - -diff --git a/src/bin/jp2/convert.c b/src/bin/jp2/convert.c -index a4eb81f6a..73dfc8d5f 100644 ---- a/src/bin/jp2/convert.c -+++ b/src/bin/jp2/convert.c -@@ -580,13 +580,10 @@ struct tga_header { - }; - #endif /* INFORMATION_ONLY */ - --static unsigned short get_ushort(const unsigned char *data) -+/* Returns a ushort from a little-endian serialized value */ -+static unsigned short get_tga_ushort(const unsigned char *data) - { -- unsigned short val = *(const unsigned short *)data; --#ifdef OPJ_BIG_ENDIAN -- val = ((val & 0xffU) << 8) | (val >> 8); --#endif -- return val; -+ return data[0] | (data[1] << 8); - } - - #define TGA_HEADER_SIZE 18 -@@ -613,17 +610,17 @@ static int tga_readheader(FILE *fp, unsigned int *bits_per_pixel, - id_len = tga[0]; - /*cmap_type = tga[1];*/ - image_type = tga[2]; -- /*cmap_index = get_ushort(&tga[3]);*/ -- cmap_len = get_ushort(&tga[5]); -+ /*cmap_index = get_tga_ushort(&tga[3]);*/ -+ cmap_len = get_tga_ushort(&tga[5]); - cmap_entry_size = tga[7]; - - - #if 0 -- x_origin = get_ushort(&tga[8]); -- y_origin = get_ushort(&tga[10]); -+ x_origin = get_tga_ushort(&tga[8]); -+ y_origin = get_tga_ushort(&tga[10]); - #endif -- image_w = get_ushort(&tga[12]); -- image_h = get_ushort(&tga[14]); -+ image_w = get_tga_ushort(&tga[12]); -+ image_h = get_tga_ushort(&tga[14]); - pixel_depth = tga[16]; - image_desc = tga[17]; - -@@ -817,6 +814,24 @@ opj_image_t* tgatoimage(const char *filename, opj_cparameters_t *parameters) - color_space = OPJ_CLRSPC_SRGB; - } - -+ /* If the declared file size is > 10 MB, check that the file is big */ -+ /* enough to avoid excessive memory allocations */ -+ if (image_height != 0 && image_width > 10000000 / image_height / numcomps) { -+ char ch; -+ OPJ_UINT64 expected_file_size = -+ (OPJ_UINT64)image_width * image_height * numcomps; -+ long curpos = ftell(f); -+ if (expected_file_size > (OPJ_UINT64)INT_MAX) { -+ expected_file_size = (OPJ_UINT64)INT_MAX; -+ } -+ fseek(f, (long)expected_file_size - 1, SEEK_SET); -+ if (fread(&ch, 1, 1, f) != 1) { -+ fclose(f); -+ return NULL; -+ } -+ fseek(f, curpos, SEEK_SET); -+ } -+ - subsampling_dx = parameters->subsampling_dx; - subsampling_dy = parameters->subsampling_dy; - diff --git a/gnu/packages/patches/openjpeg-CVE-2017-14041.patch b/gnu/packages/patches/openjpeg-CVE-2017-14041.patch deleted file mode 100644 index 6e3fccf3c..000000000 --- a/gnu/packages/patches/openjpeg-CVE-2017-14041.patch +++ /dev/null @@ -1,25 +0,0 @@ -http://openwall.com/lists/oss-security/2017/08/28/4 -https://github.com/uclouvain/openjpeg/commit/e5285319229a5d77bf316bb0d3a6cbd3cb8666d9.patch - -From e5285319229a5d77bf316bb0d3a6cbd3cb8666d9 Mon Sep 17 00:00:00 2001 -From: Even Rouault -Date: Fri, 18 Aug 2017 13:39:20 +0200 -Subject: [PATCH] pgxtoimage(): fix write stack buffer overflow (#997) - ---- - src/bin/jp2/convert.c | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/src/bin/jp2/convert.c b/src/bin/jp2/convert.c -index 5459f7d44..e606c9be7 100644 ---- a/src/bin/jp2/convert.c -+++ b/src/bin/jp2/convert.c -@@ -1185,7 +1185,7 @@ opj_image_t* pgxtoimage(const char *filename, opj_cparameters_t *parameters) - } - - fseek(f, 0, SEEK_SET); -- if (fscanf(f, "PG%[ \t]%c%c%[ \t+-]%d%[ \t]%d%[ \t]%d", temp, &endian1, -+ if (fscanf(f, "PG%31[ \t]%c%c%31[ \t+-]%d%31[ \t]%d%31[ \t]%d", temp, &endian1, - &endian2, signtmp, &prec, temp, &w, temp, &h) != 9) { - fclose(f); - fprintf(stderr, diff --git a/gnu/packages/patches/openjpeg-CVE-2017-14151.patch b/gnu/packages/patches/openjpeg-CVE-2017-14151.patch deleted file mode 100644 index 4fcf6af6d..000000000 --- a/gnu/packages/patches/openjpeg-CVE-2017-14151.patch +++ /dev/null @@ -1,46 +0,0 @@ -https://github.com/uclouvain/openjpeg/commit/afb308b9ccbe129608c9205cf3bb39bbefad90b9.patch -http://openwall.com/lists/oss-security/2017/09/06/1 - -From afb308b9ccbe129608c9205cf3bb39bbefad90b9 Mon Sep 17 00:00:00 2001 -From: Even Rouault -Date: Mon, 14 Aug 2017 17:20:37 +0200 -Subject: [PATCH] Encoder: grow buffer size in - opj_tcd_code_block_enc_allocate_data() to avoid write heap buffer overflow in - opj_mqc_flush (#982) - ---- - src/lib/openjp2/tcd.c | 7 +++++-- - tests/nonregression/test_suite.ctest.in | 2 ++ - 2 files changed, 7 insertions(+), 2 deletions(-) - -diff --git a/src/lib/openjp2/tcd.c b/src/lib/openjp2/tcd.c -index 301c7213e..53cdcf64d 100644 ---- a/src/lib/openjp2/tcd.c -+++ b/src/lib/openjp2/tcd.c -@@ -1187,8 +1187,11 @@ static OPJ_BOOL opj_tcd_code_block_enc_allocate_data(opj_tcd_cblk_enc_t * - { - OPJ_UINT32 l_data_size; - -- /* The +1 is needed for https://github.com/uclouvain/openjpeg/issues/835 */ -- l_data_size = 1 + (OPJ_UINT32)((p_code_block->x1 - p_code_block->x0) * -+ /* +1 is needed for https://github.com/uclouvain/openjpeg/issues/835 */ -+ /* and actually +2 required for https://github.com/uclouvain/openjpeg/issues/982 */ -+ /* TODO: is there a theoretical upper-bound for the compressed code */ -+ /* block size ? */ -+ l_data_size = 2 + (OPJ_UINT32)((p_code_block->x1 - p_code_block->x0) * - (p_code_block->y1 - p_code_block->y0) * (OPJ_INT32)sizeof(OPJ_UINT32)); - - if (l_data_size > p_code_block->data_size) { -diff --git a/tests/nonregression/test_suite.ctest.in b/tests/nonregression/test_suite.ctest.in -index aaf40d7d0..ffd964c2a 100644 ---- a/tests/nonregression/test_suite.ctest.in -+++ b/tests/nonregression/test_suite.ctest.in -@@ -169,6 +169,8 @@ opj_compress -i @INPUT_NR_PATH@/Bretagne2.ppm -o @TEMP_PATH@/Bretagne2_empty_ban - # Same rate as Bretagne2_4.j2k - opj_compress -i @INPUT_NR_PATH@/Bretagne2.ppm -o @TEMP_PATH@/Bretagne2_empty_band_r800.j2k -t 2591,1943 -n 2 -r 800 - -+opj_compress -i @INPUT_NR_PATH@/issue982.bmp -o @TEMP_PATH@/issue982.j2k -n 1 -+ - # DECODER TEST SUITE - opj_decompress -i @INPUT_NR_PATH@/Bretagne2.j2k -o @TEMP_PATH@/Bretagne2.j2k.pgx - opj_decompress -i @INPUT_NR_PATH@/_00042.j2k -o @TEMP_PATH@/_00042.j2k.pgx diff --git a/gnu/packages/patches/openjpeg-CVE-2017-14152.patch b/gnu/packages/patches/openjpeg-CVE-2017-14152.patch deleted file mode 100644 index 6c083be12..000000000 --- a/gnu/packages/patches/openjpeg-CVE-2017-14152.patch +++ /dev/null @@ -1,38 +0,0 @@ -https://github.com/uclouvain/openjpeg/commit/4241ae6fbbf1de9658764a80944dc8108f2b4154.patch -http://openwall.com/lists/oss-security/2017/09/06/2 - -From 4241ae6fbbf1de9658764a80944dc8108f2b4154 Mon Sep 17 00:00:00 2001 -From: Even Rouault -Date: Tue, 15 Aug 2017 11:55:58 +0200 -Subject: [PATCH] Fix assertion in debug mode / heap-based buffer overflow in - opj_write_bytes_LE for Cinema profiles with numresolutions = 1 (#985) - ---- - src/lib/openjp2/j2k.c | 14 ++++++++++---- - 1 file changed, 10 insertions(+), 4 deletions(-) - -diff --git a/src/lib/openjp2/j2k.c b/src/lib/openjp2/j2k.c -index a2521ebbc..54b490a8c 100644 ---- a/src/lib/openjp2/j2k.c -+++ b/src/lib/openjp2/j2k.c -@@ -6573,10 +6573,16 @@ static void opj_j2k_set_cinema_parameters(opj_cparameters_t *parameters, - - /* Precincts */ - parameters->csty |= 0x01; -- parameters->res_spec = parameters->numresolution - 1; -- for (i = 0; i < parameters->res_spec; i++) { -- parameters->prcw_init[i] = 256; -- parameters->prch_init[i] = 256; -+ if (parameters->numresolution == 1) { -+ parameters->res_spec = 1; -+ parameters->prcw_init[0] = 128; -+ parameters->prch_init[0] = 128; -+ } else { -+ parameters->res_spec = parameters->numresolution - 1; -+ for (i = 0; i < parameters->res_spec; i++) { -+ parameters->prcw_init[i] = 256; -+ parameters->prch_init[i] = 256; -+ } - } - - /* The progression order shall be CPRL */ -- 2.14.1