From 34f4894858aa2d324834979d6f51baf9010e1d6e Mon Sep 17 00:00:00 2001 From: CentOS Sources Date: Jul 08 2021 14:24:17 +0000 Subject: import openjpeg2-2.4.0-4.el8 --- diff --git a/SOURCES/openjpeg2_coverity.patch b/SOURCES/openjpeg2_coverity.patch index 1279efa..39314cd 100644 --- a/SOURCES/openjpeg2_coverity.patch +++ b/SOURCES/openjpeg2_coverity.patch @@ -47,6 +47,19 @@ index 9d1037a..8d5002a 100644 buffer32s = (OPJ_INT32 *)malloc(sizeof(OPJ_INT32) * tiWidth * tiSpp); if (buffer32s == NULL) { _TIFFfree(buf); +diff --git a/src/lib/openjp2/j2k.c b/src/lib/openjp2/j2k.c +index 8e343ab..c13d229 100644 +--- a/src/lib/openjp2/j2k.c ++++ b/src/lib/openjp2/j2k.c +@@ -7075,7 +7075,7 @@ static OPJ_BOOL opj_j2k_is_imf_compliant(opj_cparameters_t *parameters, + /* Validate sublevel */ + assert(sizeof(tabMaxSubLevelFromMainLevel) == + (OPJ_IMF_MAINLEVEL_MAX + 1) * sizeof(tabMaxSubLevelFromMainLevel[0])); +- if (sublevel > tabMaxSubLevelFromMainLevel[mainlevel]) { ++ if (mainlevel <= OPJ_IMF_MAINLEVEL_MAX && sublevel > tabMaxSubLevelFromMainLevel[mainlevel]) { + opj_event_msg(p_manager, EVT_WARNING, + "IMF profile require sublevel <= %d for mainlevel = %d.\n" + "-> %d is thus not compliant\n" diff --git a/src/lib/openjp2/t2.c b/src/lib/openjp2/t2.c index 1481e16..d46bfb4 100644 --- a/src/lib/openjp2/t2.c diff --git a/SPECS/openjpeg2.spec b/SPECS/openjpeg2.spec index 777096c..9f51c8e 100644 --- a/SPECS/openjpeg2.spec +++ b/SPECS/openjpeg2.spec @@ -5,7 +5,7 @@ Name: openjpeg2 Version: 2.4.0 -Release: 3%{?dist} +Release: 4%{?dist} Summary: C-Library for JPEG 2000 # windirent.h is MIT, the rest is BSD @@ -331,6 +331,9 @@ make test -C %{_target_platform} %changelog +* Fri Jul 02 2021 Nikola Forró - 2.4.0-4 +- Fix Covscan defect + * Wed Jun 09 2021 Nikola Forró - 2.4.0-3 - Fix CVE-2021-3575 (#1969279) - Fix resource leak identified by Covscan