gnu: openjpeg: Update to 2.3.0.

* gnu/packages/patches/openjpeg-CVE-2017-12982.patch, gnu/packages/patches/openjpeg-CVE-2017-14040.patch, gnu/packages/patches/openjpeg-CVE-2017-14041.patch, gnu/packages/patches/openjpeg-CVE-2017-14151.patch, gnu/packages/patches/openjpeg-CVE-2017-14152.patch, gnu/packages/patches/openjpeg-CVE-2017-14164.patch: Delete files. * gnu/local.mk (dist_patch_DATA): Remove them. * gnu/packages/image.scm (openjpeg): Update to 2.3.0. [source](patches): Remove. * gnu/packages/gstreamer.scm (gst-plugins-bad)[arguments]: Adjust openjpeg substitution.
2017-10-05 20:23:06 +02:00 · 2017-10-05 20:23:06 +02:00 · 3f697ff2e8
commit 3f697ff2e8
parent 6d89a1ab4e
9 changed files with 4 additions and 325 deletions
--- a/gnu/local.mk
+++ b/gnu/local.mk
@ -904,12 +904,6 @@ dist_patch_DATA =						\
  %D%/packages/patches/openscenegraph-ffmpeg3.patch             \
  %D%/packages/patches/openexr-missing-samples.patch		\
  %D%/packages/patches/openfoam-4.1-cleanup.patch			\
  %D%/packages/patches/openjpeg-CVE-2017-12982.patch		\
  %D%/packages/patches/openjpeg-CVE-2017-14040.patch		\
  %D%/packages/patches/openjpeg-CVE-2017-14041.patch		\
  %D%/packages/patches/openjpeg-CVE-2017-14151.patch		\
  %D%/packages/patches/openjpeg-CVE-2017-14152.patch		\
  %D%/packages/patches/openjpeg-CVE-2017-14164.patch		\
  %D%/packages/patches/openldap-CVE-2017-9287.patch		\
  %D%/packages/patches/openocd-nrf52.patch			\
  %D%/packages/patches/openssl-runpath.patch			\
--- a/gnu/packages/gstreamer.scm
+++ b/gnu/packages/gstreamer.scm
@ -280,10 +280,10 @@ developers consider to have good quality code and correct functionality.")
       (modify-phases %standard-phases
         (add-after 'unpack 'patch-openjpeg-reference
           (lambda _
-             ;; Remove hard-coded openjpeg-2.1 path. 2.2 is API- and
+             ;; Remove hard-coded openjpeg-2.2 path. 2.3 is API- and
             ;; ABI-compatible.
             (substitute* "ext/openjpeg/gstopenjpeg.h"
-               (("<openjpeg-2\\.1/") "<openjpeg-2.2/"))
+               (("<openjpeg-2\\.2/") "<openjpeg-2.3/"))
             #t)))))
    (propagated-inputs
     `(("gst-plugins-base" ,gst-plugins-base)))
--- a/gnu/packages/image.scm
+++ b/gnu/packages/image.scm
@ -510,7 +510,7 @@ work.")
 (define-public openjpeg
  (package
    (name "openjpeg")
-    (version "2.2.0")
+    (version "2.3.0")
    (source
      (origin
        (method url-fetch)
@ -520,13 +520,7 @@ work.")
        (file-name (string-append name "-" version ".tar.gz"))
        (sha256
         (base32
-          "0yvfghxwfm3dcqr9krkw63pcd76hzkknc3fh7bh11s8qlvjvrpbg"))
+          "06npqzkg20avnygdwaqpap91r7qpdqgrn39adj2bl8v0pg0qgirx"))))
        (patches (search-patches "openjpeg-CVE-2017-12982.patch"
                                 "openjpeg-CVE-2017-14040.patch"
                                 "openjpeg-CVE-2017-14041.patch"
                                 "openjpeg-CVE-2017-14151.patch"
                                 "openjpeg-CVE-2017-14152.patch"
                                 "openjpeg-CVE-2017-14164.patch"))))
    (build-system cmake-build-system)
    (arguments
      ;; Trying to run `$ make check' results in a no rule fault.
--- a/gnu/packages/patches/openjpeg-CVE-2017-12982.patch
+++ b/gnu/packages/patches/openjpeg-CVE-2017-12982.patch
@ -1,28 +0,0 @@
 http://openwall.com/lists/oss-security/2017/08/21/1
 https://github.com/uclouvain/openjpeg/commit/baf0c1ad4572daa89caa3b12985bdd93530f0dd7.patch
 From baf0c1ad4572daa89caa3b12985bdd93530f0dd7 Mon Sep 17 00:00:00 2001
 From: Even Rouault <even.rouault@spatialys.com>
 Date: Mon, 14 Aug 2017 17:26:58 +0200
 Subject: [PATCH] bmp_read_info_header(): reject bmp files with biBitCount == 0
 (#983)
 ---
 src/bin/jp2/convertbmp.c | 4 ++++
 1 file changed, 4 insertions(+)
 diff --git a/src/bin/jp2/convertbmp.c b/src/bin/jp2/convertbmp.c
 index b49e7a080..2715fdf24 100644
 --- a/src/bin/jp2/convertbmp.c
 +++ b/src/bin/jp2/convertbmp.c
@@ -392,6 +392,10 @@ static OPJ_BOOL bmp_read_info_header(FILE* IN, OPJ_BITMAPINFOHEADER* header)
     header->biBitCount  = (OPJ_UINT16)getc(IN);
     header->biBitCount |= (OPJ_UINT16)((OPJ_UINT32)getc(IN) << 8);
 +    if (header->biBitCount == 0) {
 +        fprintf(stderr, "Error, invalid biBitCount %d\n", 0);
 +        return OPJ_FALSE;
 +    }
     if (header->biSize >= 40U) {
         header->biCompression  = (OPJ_UINT32)getc(IN);
--- a/gnu/packages/patches/openjpeg-CVE-2017-14040.patch
+++ b/gnu/packages/patches/openjpeg-CVE-2017-14040.patch
@ -1,83 +0,0 @@
 http://openwall.com/lists/oss-security/2017/08/28/3
 https://github.com/uclouvain/openjpeg/commit/2cd30c2b06ce332dede81cccad8b334cde997281.patch
 From 2cd30c2b06ce332dede81cccad8b334cde997281 Mon Sep 17 00:00:00 2001
 From: Even Rouault <even.rouault@spatialys.com>
 Date: Thu, 17 Aug 2017 11:47:40 +0200
 Subject: [PATCH] tgatoimage(): avoid excessive memory allocation attempt, and
 fixes unaligned load (#995)
 ---
 src/bin/jp2/convert.c | 39 +++++++++++++++++++++++++++------------
 1 file changed, 27 insertions(+), 12 deletions(-)
 diff --git a/src/bin/jp2/convert.c b/src/bin/jp2/convert.c
 index a4eb81f6a..73dfc8d5f 100644
 --- a/src/bin/jp2/convert.c
 +++ b/src/bin/jp2/convert.c
@@ -580,13 +580,10 @@ struct tga_header {
 };
 #endif /* INFORMATION_ONLY */
 -static unsigned short get_ushort(const unsigned char *data)
 +/* Returns a ushort from a little-endian serialized value */
 +static unsigned short get_tga_ushort(const unsigned char *data)
 {
 -    unsigned short val = *(const unsigned short *)data;
 -#ifdef OPJ_BIG_ENDIAN
 -    val = ((val & 0xffU) << 8) | (val >> 8);
 -#endif
 -    return val;
 +    return data[0] | (data[1] << 8);
 }
 #define TGA_HEADER_SIZE 18
@@ -613,17 +610,17 @@ static int tga_readheader(FILE *fp, unsigned int *bits_per_pixel,
     id_len = tga[0];
     /*cmap_type = tga[1];*/
     image_type = tga[2];
 -    /*cmap_index = get_ushort(&tga[3]);*/
 -    cmap_len = get_ushort(&tga[5]);
 +    /*cmap_index = get_tga_ushort(&tga[3]);*/
 +    cmap_len = get_tga_ushort(&tga[5]);
     cmap_entry_size = tga[7];
 #if 0
 -    x_origin = get_ushort(&tga[8]);
 -    y_origin = get_ushort(&tga[10]);
 +    x_origin = get_tga_ushort(&tga[8]);
 +    y_origin = get_tga_ushort(&tga[10]);
 #endif
 -    image_w = get_ushort(&tga[12]);
 -    image_h = get_ushort(&tga[14]);
 +    image_w = get_tga_ushort(&tga[12]);
 +    image_h = get_tga_ushort(&tga[14]);
     pixel_depth = tga[16];
     image_desc  = tga[17];
@@ -817,6 +814,24 @@ opj_image_t* tgatoimage(const char *filename, opj_cparameters_t *parameters)
         color_space = OPJ_CLRSPC_SRGB;
     }
 +    /* If the declared file size is > 10 MB, check that the file is big */
 +    /* enough to avoid excessive memory allocations */
 +    if (image_height != 0 && image_width > 10000000 / image_height / numcomps) {
 +        char ch;
 +        OPJ_UINT64 expected_file_size =
 +            (OPJ_UINT64)image_width * image_height * numcomps;
 +        long curpos = ftell(f);
 +        if (expected_file_size > (OPJ_UINT64)INT_MAX) {
 +            expected_file_size = (OPJ_UINT64)INT_MAX;
 +        }
 +        fseek(f, (long)expected_file_size - 1, SEEK_SET);
 +        if (fread(&ch, 1, 1, f) != 1) {
 +            fclose(f);
 +            return NULL;
 +        }
 +        fseek(f, curpos, SEEK_SET);
 +    }
 +
     subsampling_dx = parameters->subsampling_dx;
     subsampling_dy = parameters->subsampling_dy;
--- a/gnu/packages/patches/openjpeg-CVE-2017-14041.patch
+++ b/gnu/packages/patches/openjpeg-CVE-2017-14041.patch
@ -1,25 +0,0 @@
 http://openwall.com/lists/oss-security/2017/08/28/4
 https://github.com/uclouvain/openjpeg/commit/e5285319229a5d77bf316bb0d3a6cbd3cb8666d9.patch
 From e5285319229a5d77bf316bb0d3a6cbd3cb8666d9 Mon Sep 17 00:00:00 2001
 From: Even Rouault <even.rouault@spatialys.com>
 Date: Fri, 18 Aug 2017 13:39:20 +0200
 Subject: [PATCH] pgxtoimage(): fix write stack buffer overflow (#997)
 ---
 src/bin/jp2/convert.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)
 diff --git a/src/bin/jp2/convert.c b/src/bin/jp2/convert.c
 index 5459f7d44..e606c9be7 100644
 --- a/src/bin/jp2/convert.c
 +++ b/src/bin/jp2/convert.c
@@ -1185,7 +1185,7 @@ opj_image_t* pgxtoimage(const char *filename, opj_cparameters_t *parameters)
     }
     fseek(f, 0, SEEK_SET);
 -    if (fscanf(f, "PG%[ \t]%c%c%[ \t+-]%d%[ \t]%d%[ \t]%d", temp, &endian1,
 +    if (fscanf(f, "PG%31[ \t]%c%c%31[ \t+-]%d%31[ \t]%d%31[ \t]%d", temp, &endian1,
                &endian2, signtmp, &prec, temp, &w, temp, &h) != 9) {
         fclose(f);
         fprintf(stderr,
--- a/gnu/packages/patches/openjpeg-CVE-2017-14151.patch
+++ b/gnu/packages/patches/openjpeg-CVE-2017-14151.patch
@ -1,46 +0,0 @@
 https://github.com/uclouvain/openjpeg/commit/afb308b9ccbe129608c9205cf3bb39bbefad90b9.patch
 http://openwall.com/lists/oss-security/2017/09/06/1
 From afb308b9ccbe129608c9205cf3bb39bbefad90b9 Mon Sep 17 00:00:00 2001
 From: Even Rouault <even.rouault@spatialys.com>
 Date: Mon, 14 Aug 2017 17:20:37 +0200
 Subject: [PATCH] Encoder: grow buffer size in
 opj_tcd_code_block_enc_allocate_data() to avoid write heap buffer overflow in
 opj_mqc_flush (#982)
 ---
 src/lib/openjp2/tcd.c                   | 7 +++++--
 tests/nonregression/test_suite.ctest.in | 2 ++
 2 files changed, 7 insertions(+), 2 deletions(-)
 diff --git a/src/lib/openjp2/tcd.c b/src/lib/openjp2/tcd.c
 index 301c7213e..53cdcf64d 100644
 --- a/src/lib/openjp2/tcd.c
 +++ b/src/lib/openjp2/tcd.c
@@ -1187,8 +1187,11 @@ static OPJ_BOOL opj_tcd_code_block_enc_allocate_data(opj_tcd_cblk_enc_t *
 {
     OPJ_UINT32 l_data_size;
 -    /* The +1 is needed for https://github.com/uclouvain/openjpeg/issues/835 */
 -    l_data_size = 1 + (OPJ_UINT32)((p_code_block->x1 - p_code_block->x0) *
 +    /* +1 is needed for https://github.com/uclouvain/openjpeg/issues/835 */
 +    /* and actually +2 required for https://github.com/uclouvain/openjpeg/issues/982 */
 +    /* TODO: is there a theoretical upper-bound for the compressed code */
 +    /* block size ? */
 +    l_data_size = 2 + (OPJ_UINT32)((p_code_block->x1 - p_code_block->x0) *
                                    (p_code_block->y1 - p_code_block->y0) * (OPJ_INT32)sizeof(OPJ_UINT32));
     if (l_data_size > p_code_block->data_size) {
 diff --git a/tests/nonregression/test_suite.ctest.in b/tests/nonregression/test_suite.ctest.in
 index aaf40d7d0..ffd964c2a 100644
 --- a/tests/nonregression/test_suite.ctest.in
 +++ b/tests/nonregression/test_suite.ctest.in
@@ -169,6 +169,8 @@ opj_compress -i @INPUT_NR_PATH@/Bretagne2.ppm -o @TEMP_PATH@/Bretagne2_empty_ban
 # Same rate as Bretagne2_4.j2k
 opj_compress -i @INPUT_NR_PATH@/Bretagne2.ppm -o @TEMP_PATH@/Bretagne2_empty_band_r800.j2k -t 2591,1943 -n 2 -r 800
 +opj_compress -i @INPUT_NR_PATH@/issue982.bmp -o @TEMP_PATH@/issue982.j2k -n 1
 +
 # DECODER TEST SUITE
 opj_decompress -i  @INPUT_NR_PATH@/Bretagne2.j2k -o @TEMP_PATH@/Bretagne2.j2k.pgx
 opj_decompress -i  @INPUT_NR_PATH@/_00042.j2k -o @TEMP_PATH@/_00042.j2k.pgx
--- a/gnu/packages/patches/openjpeg-CVE-2017-14152.patch
+++ b/gnu/packages/patches/openjpeg-CVE-2017-14152.patch
@ -1,38 +0,0 @@
 https://github.com/uclouvain/openjpeg/commit/4241ae6fbbf1de9658764a80944dc8108f2b4154.patch
 http://openwall.com/lists/oss-security/2017/09/06/2
 From 4241ae6fbbf1de9658764a80944dc8108f2b4154 Mon Sep 17 00:00:00 2001
 From: Even Rouault <even.rouault@spatialys.com>
 Date: Tue, 15 Aug 2017 11:55:58 +0200
 Subject: [PATCH] Fix assertion in debug mode / heap-based buffer overflow in
 opj_write_bytes_LE for Cinema profiles with numresolutions = 1 (#985)
 ---
 src/lib/openjp2/j2k.c | 14 ++++++++++----
 1 file changed, 10 insertions(+), 4 deletions(-)
 diff --git a/src/lib/openjp2/j2k.c b/src/lib/openjp2/j2k.c
 index a2521ebbc..54b490a8c 100644
 --- a/src/lib/openjp2/j2k.c
 +++ b/src/lib/openjp2/j2k.c
@@ -6573,10 +6573,16 @@ static void opj_j2k_set_cinema_parameters(opj_cparameters_t *parameters,
     /* Precincts */
     parameters->csty |= 0x01;
 -    parameters->res_spec = parameters->numresolution - 1;
 -    for (i = 0; i < parameters->res_spec; i++) {
 -        parameters->prcw_init[i] = 256;
 -        parameters->prch_init[i] = 256;
 +    if (parameters->numresolution == 1) {
 +        parameters->res_spec = 1;
 +        parameters->prcw_init[0] = 128;
 +        parameters->prch_init[0] = 128;
 +    } else {
 +        parameters->res_spec = parameters->numresolution - 1;
 +        for (i = 0; i < parameters->res_spec; i++) {
 +            parameters->prcw_init[i] = 256;
 +            parameters->prch_init[i] = 256;
 +        }
     }
     /* The progression order shall be CPRL */
--- a/gnu/packages/patches/openjpeg-CVE-2017-14164.patch
+++ b/gnu/packages/patches/openjpeg-CVE-2017-14164.patch
@ -1,89 +0,0 @@
 https://github.com/uclouvain/openjpeg/commit/dcac91b8c72f743bda7dbfa9032356bc8110098a.patch
 http://openwall.com/lists/oss-security/2017/09/06/3
 From dcac91b8c72f743bda7dbfa9032356bc8110098a Mon Sep 17 00:00:00 2001
 From: Even Rouault <even.rouault@spatialys.com>
 Date: Wed, 16 Aug 2017 17:09:10 +0200
 Subject: [PATCH] opj_j2k_write_sot(): fix potential write heap buffer overflow
 (#991)
 ---
 src/lib/openjp2/j2k.c | 25 ++++++++++++++++++++-----
 1 file changed, 20 insertions(+), 5 deletions(-)
 diff --git a/src/lib/openjp2/j2k.c b/src/lib/openjp2/j2k.c
 index 54b490a8c..16915452e 100644
 --- a/src/lib/openjp2/j2k.c
 +++ b/src/lib/openjp2/j2k.c
@@ -832,13 +832,15 @@ static OPJ_BOOL opj_j2k_write_tlm(opj_j2k_t *p_j2k,
  * Writes the SOT marker (Start of tile-part)
  *
  * @param       p_j2k            J2K codec.
 - * @param       p_data           FIXME DOC
 - * @param       p_data_written   FIXME DOC
 + * @param       p_data           Output buffer
 + * @param       p_total_data_size Output buffer size
 + * @param       p_data_written   Number of bytes written into stream
  * @param       p_stream         the stream to write data to.
  * @param       p_manager        the user event manager.
 */
 static OPJ_BOOL opj_j2k_write_sot(opj_j2k_t *p_j2k,
                                   OPJ_BYTE * p_data,
 +                                  OPJ_UINT32 p_total_data_size,
                                   OPJ_UINT32 * p_data_written,
                                   const opj_stream_private_t *p_stream,
                                   opj_event_mgr_t * p_manager);
@@ -4201,6 +4203,7 @@ static OPJ_BOOL opj_j2k_write_tlm(opj_j2k_t *p_j2k,
 static OPJ_BOOL opj_j2k_write_sot(opj_j2k_t *p_j2k,
                                   OPJ_BYTE * p_data,
 +                                  OPJ_UINT32 p_total_data_size,
                                   OPJ_UINT32 * p_data_written,
                                   const opj_stream_private_t *p_stream,
                                   opj_event_mgr_t * p_manager
@@ -4214,6 +4217,12 @@ static OPJ_BOOL opj_j2k_write_sot(opj_j2k_t *p_j2k,
     OPJ_UNUSED(p_stream);
     OPJ_UNUSED(p_manager);
 +    if (p_total_data_size < 12) {
 +        opj_event_msg(p_manager, EVT_ERROR,
 +                      "Not enough bytes in output buffer to write SOT marker\n");
 +        return OPJ_FALSE;
 +    }
 +
     opj_write_bytes(p_data, J2K_MS_SOT,
                     2);                                 /* SOT */
     p_data += 2;
@@ -11480,7 +11489,8 @@ static OPJ_BOOL opj_j2k_write_first_tile_part(opj_j2k_t *p_j2k,
     l_current_nb_bytes_written = 0;
     l_begin_data = p_data;
 -    if (! opj_j2k_write_sot(p_j2k, p_data, &l_current_nb_bytes_written, p_stream,
 +    if (! opj_j2k_write_sot(p_j2k, p_data, p_total_data_size,
 +                            &l_current_nb_bytes_written, p_stream,
                             p_manager)) {
         return OPJ_FALSE;
     }
@@ -11572,7 +11582,10 @@ static OPJ_BOOL opj_j2k_write_all_tile_parts(opj_j2k_t *p_j2k,
         l_part_tile_size = 0;
         l_begin_data = p_data;
 -        if (! opj_j2k_write_sot(p_j2k, p_data, &l_current_nb_bytes_written, p_stream,
 +        if (! opj_j2k_write_sot(p_j2k, p_data,
 +                                p_total_data_size,
 +                                &l_current_nb_bytes_written,
 +                                p_stream,
                                 p_manager)) {
             return OPJ_FALSE;
         }
@@ -11615,7 +11628,9 @@ static OPJ_BOOL opj_j2k_write_all_tile_parts(opj_j2k_t *p_j2k,
             l_part_tile_size = 0;
             l_begin_data = p_data;
 -            if (! opj_j2k_write_sot(p_j2k, p_data, &l_current_nb_bytes_written, p_stream,
 +            if (! opj_j2k_write_sot(p_j2k, p_data,
 +                                    p_total_data_size,
 +                                    &l_current_nb_bytes_written, p_stream,
                                     p_manager)) {
                 return OPJ_FALSE;
             }