From 44d305e1c9349e65ac0217e43b91d8c2f3f1fbe8 Mon Sep 17 00:00:00 2001
From: CentOS Sources <bugs@centos.org>
Date: Oct 06 2021 08:19:50 +0000
Subject: import jasper-2.0.14-5.el8


---

diff --git a/SOURCES/jasper-2.0.14-CVE-2020-27828.patch b/SOURCES/jasper-2.0.14-CVE-2020-27828.patch
new file mode 100644
index 0000000..5a3677c
--- /dev/null
+++ b/SOURCES/jasper-2.0.14-CVE-2020-27828.patch
@@ -0,0 +1,14 @@
+diff -urNp a/src/libjasper/jpc/jpc_enc.c b/src/libjasper/jpc/jpc_enc.c
+--- a/src/libjasper/jpc/jpc_enc.c	2021-06-01 14:07:34.988061153 +0200
++++ b/src/libjasper/jpc/jpc_enc.c	2021-06-01 14:08:32.100584582 +0200
+@@ -508,6 +508,10 @@ static jpc_enc_cp_t *cp_create(const cha
+ 			break;
+ 		case OPT_MAXRLVLS:
+ 			tccp->maxrlvls = atoi(jas_tvparser_getval(tvp));
++            if(tccp->maxrlvls > JPC_MAXRLVLS) {
++				jas_eprintf("invalid number of resolution levels upper than %d\n",JPC_MAXRLVLS);
++				goto error;
++			}
+ 			break;
+ 		case OPT_SOP:
+ 			cp->tcp.csty |= JPC_COD_SOP;
diff --git a/SOURCES/jasper-2.0.14-CVE-2021-26927.patch b/SOURCES/jasper-2.0.14-CVE-2021-26927.patch
new file mode 100644
index 0000000..aeebae1
--- /dev/null
+++ b/SOURCES/jasper-2.0.14-CVE-2021-26927.patch
@@ -0,0 +1,47 @@
+diff -urNp a/src/libjasper/jp2/jp2_dec.c b/src/libjasper/jp2/jp2_dec.c
+--- a/src/libjasper/jp2/jp2_dec.c	2021-06-01 13:32:59.330396797 +0200
++++ b/src/libjasper/jp2/jp2_dec.c	2021-06-01 13:46:16.982925961 +0200
+@@ -230,7 +230,8 @@ jas_image_t *jp2_decode(jas_stream_t *in
+ 	  the value specified in the code stream? */
+ 	if (dec->ihdr->data.ihdr.numcmpts != JAS_CAST(jas_uint,
+ 	  jas_image_numcmpts(dec->image))) {
+-		jas_eprintf("warning: number of components mismatch\n");
++		jas_eprintf("error: number of components mismatch (IHDR)\n");
++        goto error;
+ 	}
+ 
+ 	/* At least one component must be present. */
+@@ -253,7 +254,8 @@ jas_image_t *jp2_decode(jas_stream_t *in
+ 	  with the data in the code stream? */
+ 	if ((samedtype && dec->ihdr->data.ihdr.bpc != JP2_DTYPETOBPC(dtype)) ||
+ 	  (!samedtype && dec->ihdr->data.ihdr.bpc != JP2_IHDR_BPCNULL)) {
+-		jas_eprintf("warning: component data type mismatch\n");
++		jas_eprintf("error: component data type mismatch (IHDR)\n");
++        goto error;
+ 	}
+ 
+ 	/* Is the compression type supported? */
+@@ -265,9 +267,10 @@ jas_image_t *jp2_decode(jas_stream_t *in
+ 	if (dec->bpcc) {
+ 		/* Is the number of components indicated in the BPCC box
+ 		  consistent with the code stream data? */
+-		if (dec->bpcc->data.bpcc.numcmpts != JAS_CAST(jas_uint, jas_image_numcmpts(
+-		  dec->image))) {
+-			jas_eprintf("warning: number of components mismatch\n");
++		if (dec->bpcc->data.bpcc.numcmpts !=
++          JAS_CAST(jas_uint, jas_image_numcmpts(dec->image))) {
++			    jas_eprintf("error: number of components mismatch (BPCC)\n");
++                goto error;
+ 		}
+ 		/* Is the component data type information indicated in the BPCC
+ 		  box consistent with the code stream data? */
+@@ -276,7 +279,8 @@ jas_image_t *jp2_decode(jas_stream_t *in
+ 			  ++i) {
+ 				if (jas_image_cmptdtype(dec->image, i) !=
+ 				  JP2_BPCTODTYPE(dec->bpcc->data.bpcc.bpcs[i])) {
+-					jas_eprintf("warning: component data type mismatch\n");
++					    jas_eprintf("error: component data type mismatch (BPCC)\n");
++                        goto error;
+ 				}
+ 			}
+ 		} else {
diff --git a/SOURCES/jasper-2.0.14-CVE-2021-3272.patch b/SOURCES/jasper-2.0.14-CVE-2021-3272.patch
new file mode 100644
index 0000000..c239ad5
--- /dev/null
+++ b/SOURCES/jasper-2.0.14-CVE-2021-3272.patch
@@ -0,0 +1,18 @@
+diff -urNp a/src/libjasper/jp2/jp2_dec.c b/src/libjasper/jp2/jp2_dec.c
+--- a/src/libjasper/jp2/jp2_dec.c	2021-06-01 13:50:54.213552191 +0200
++++ b/src/libjasper/jp2/jp2_dec.c	2021-06-01 14:02:40.016274587 +0200
+@@ -396,6 +396,14 @@ jas_image_t *jp2_decode(jas_stream_t *in
+ 		}
+ 	}
+ 
++    /* Ensure that the number of channels being used by the decoder
++	  matches the number of image components. */
++	if (dec->numchans != jas_image_numcmpts(dec->image)) {
++		jas_eprintf("error: mismatch in number of components (%d != %d)\n",
++		  dec->numchans, jas_image_numcmpts(dec->image));
++		goto error;
++	}
++
+ 	/* Mark all components as being of unknown type. */
+ 
+ 	for (i = 0; i < JAS_CAST(jas_uint, jas_image_numcmpts(dec->image)); ++i) {
diff --git a/SPECS/jasper.spec b/SPECS/jasper.spec
index 3dc31bf..5b1b653 100644
--- a/SPECS/jasper.spec
+++ b/SPECS/jasper.spec
@@ -6,7 +6,7 @@
 Summary: Implementation of the JPEG-2000 standard, Part 1
 Name:    jasper
 Version: 2.0.14
-Release: 4%{?dist}
+Release: 5%{?dist}
 
 License: JasPer
 URL:     http://www.ece.uvic.ca/~frodo/jasper/
@@ -14,6 +14,10 @@ Source0: http://www.ece.uvic.ca/~frodo/jasper/software/jasper-%{version}.tar.gz
 
 
 Patch1: jasper-2.0.14-CVE-2016-9396.patch
+Patch2: jasper-2.0.14-CVE-2021-26927.patch
+Patch3: jasper-2.0.14-CVE-2021-3272.patch
+Patch4: jasper-2.0.14-CVE-2020-27828.patch
+
 # architecture related patches
 Patch100: jasper-2.0.2-test-ppc64-disable.patch
 Patch101: jasper-2.0.2-test-ppc64le-disable.patch
@@ -62,6 +66,9 @@ Requires: %{name}-libs%{?_isa} = %{version}-%{release}
 %setup -q -n %{name}-%{version}
 
 %patch1 -p1 -b .CVE-2016-9396
+%patch2 -p1 -b .CVE-2021-26927
+%patch3 -p1 -b .CVE-2021-3272
+%patch4 -p1 -b .CVE-2020-27828
 # Need to disable one test to be able to build it on ppc64 arch
 # At ppc64 this test just stuck (nothing happend - no exception or error)
 
@@ -136,6 +143,12 @@ popd
 
 
 %changelog
+* Tue Jun 01 2021 Josef Ridky <jridky@redhat.com> - 2.0.14-5
+- Fix CVE-2021-26927 (#1933860)
+- Fix CVE-2021-26926 (#1922316)
+- Fix CVE-2021-3272 (#1922283)
+- Fix CVE-2020-27828 (#1905692)
+
 * Wed May 30 2018 Josef Ridky <jridky@redhat.com> - 2.0.14-4
 - Fix CVE-2016-9396 (#1583722)