From afe0b43191249030d6e86b63c251ee83d89ef64e Mon Sep 17 00:00:00 2001 From: CentOS Sources Date: Oct 30 2018 04:51:59 +0000 Subject: import jasper-1.900.1-33.el7 --- diff --git a/SOURCES/jasper-1.900.1-CVE-2016-9396.patch b/SOURCES/jasper-1.900.1-CVE-2016-9396.patch new file mode 100644 index 0000000..84b2716 --- /dev/null +++ b/SOURCES/jasper-1.900.1-CVE-2016-9396.patch @@ -0,0 +1,50 @@ +diff -urNp old/src/libjasper/jpc/jpc_cs.c new/src/libjasper/jpc/jpc_cs.c +--- old/src/libjasper/jpc/jpc_cs.c 2018-06-21 09:16:03.401642013 +0200 ++++ new/src/libjasper/jpc/jpc_cs.c 2018-06-21 09:36:47.278110112 +0200 +@@ -782,29 +782,37 @@ static int jpc_cox_getcompparms(jpc_ms_t + jpc_getuint8(in, &compparms->qmfbid)) { + return -1; + } ++ if (compparms->numdlvls > 32) { ++ goto error; ++ } ++ if (compparms->qmfbid != JPC_COX_INS && ++ compparms->qmfbid != JPC_COX_RFT) ++ goto error; + compparms->numrlvls = compparms->numdlvls + 1; + if (compparms->numrlvls > JPC_MAXRLVLS) { +- jpc_cox_destroycompparms(compparms); +- return -1; ++ goto error; + } + if (prtflag) { + for (i = 0; i < compparms->numrlvls; ++i) { + if (jpc_getuint8(in, &tmp)) { +- jpc_cox_destroycompparms(compparms); +- return -1; ++ goto error; + } + compparms->rlvls[i].parwidthval = tmp & 0xf; + compparms->rlvls[i].parheightval = (tmp >> 4) & 0xf; + } +-/* Sigh. This bit should be in the same field in both COC and COD mrk segs. */ +-compparms->csty |= JPC_COX_PRT; +- } else { ++ /* Sigh. ++ This bit should be in the same field in both COC and COD mrk segs. */ ++ compparms->csty |= JPC_COX_PRT; + } + if (jas_stream_eof(in)) { +- jpc_cox_destroycompparms(compparms); +- return -1; ++ goto error; + } + return 0; ++error: ++ if (compparms) { ++ jpc_cox_destroycompparms(compparms); ++ } ++ return -1; + } + + static int jpc_cox_putcompparms(jpc_ms_t *ms, jpc_cstate_t *cstate, diff --git a/SOURCES/jasper-1.900.1-CVE-2017-1000050.patch b/SOURCES/jasper-1.900.1-CVE-2017-1000050.patch new file mode 100644 index 0000000..d6d4ad9 --- /dev/null +++ b/SOURCES/jasper-1.900.1-CVE-2017-1000050.patch @@ -0,0 +1,15 @@ +diff -urNp old/src/libjasper/jp2/jp2_enc.c new/src/libjasper/jp2/jp2_enc.c +--- old/src/libjasper/jp2/jp2_enc.c 2018-06-21 09:46:45.090301777 +0200 ++++ new/src/libjasper/jp2/jp2_enc.c 2018-06-21 10:18:17.602305787 +0200 +@@ -115,6 +115,11 @@ int sgnd; + iccstream = 0; + iccprof = 0; + ++ if (jas_image_numcmpts(image) < 1) { ++ // jas_eprintf("image must have at least one component\n"); ++ goto error; ++ } ++ + allcmptssame = 1; + sgnd = jas_image_cmptsgnd(image, 0); + prec = jas_image_cmptprec(image, 0); diff --git a/SPECS/jasper.spec b/SPECS/jasper.spec index 4fd6a60..a0583b3 100644 --- a/SPECS/jasper.spec +++ b/SPECS/jasper.spec @@ -7,7 +7,7 @@ Summary: Implementation of the JPEG-2000 standard, Part 1 Name: jasper Group: System Environment/Libraries Version: 1.900.1 -Release: 31%{?dist} +Release: 33%{?dist} License: JasPer URL: http://www.ece.uvic.ca/~frodo/jasper/ @@ -74,6 +74,8 @@ Patch37: jasper-CVE-2016-9391.patch Patch38: jasper-CVE-implicit-declaration-fix.patch Patch39: jasper-1.900.1-define-SIZE-MAX.patch +Patch40: jasper-1.900.1-CVE-2016-9396.patch +Patch41: jasper-1.900.1-CVE-2017-1000050.patch # autoreconf BuildRequires: autoconf automake libtool @@ -167,6 +169,8 @@ Requires: %{name}-libs%{?_isa} = %{version}-%{release} %patch37 -p1 -b .CVE-2016-9391 %patch38 -p1 -b .CVE-implicit-declaration-fix %patch39 -p1 -b .define-SIZE-MAX +%patch40 -p1 -b .CVE-2016-9396 +%patch41 -p1 -b .CVE-2017-1000050 autoreconf --verbose --force --install @@ -236,6 +240,13 @@ make check %changelog +* Thu Jun 21 2018 Josef Ridky - 1.900.1-33 +- remove implicit declaration of jas_eprintf (#1585830) + +* Thu Jun 21 2018 Josef Ridky - 1.900.1-32 +- Fix CVE-2016-9396 (#1583721) +- Fix CVE-2017-1000050 (#1585830) + * Wed May 31 2017 Josef Ridky - 1.900.1-31 - Fix missing declaration of SIZE_MAX constant in jas_math.h (#1455489)