diff --git a/backport-CVE-2014-0158.patch b/backport-CVE-2014-0158.patch new file mode 100644 index 0000000000000000000000000000000000000000..93b59bc4b0ec265fd4db782953c252edf81f52d2 --- /dev/null +++ b/backport-CVE-2014-0158.patch @@ -0,0 +1,27 @@ +From 51fe6c31166d9ac581f7869c4f558797aeb72e35 Mon Sep 17 00:00:00 2001 +Subject: [PATCH] fix CVE-2014-0158 + +--- + libopenjpeg/j2k.c | 9 ++++++++- + 1 file changed, 8 insertions(+), 1 deletion(-) + +diff -rupN openjpeg-1.5.1/libopenjpeg/j2k.c openjpeg-1.5.1-new/libopenjpeg/j2k.c +--- openjpeg-1.5.1/libopenjpeg/j2k.c 2014-04-02 18:37:07.416252336 +0200 ++++ openjpeg-1.5.1-new/libopenjpeg/j2k.c 2014-04-02 18:40:00.605658397 +0200 +@@ -2119,7 +2119,14 @@ opj_image_t* j2k_decode_jpt_stream(opj_j + if (j2k->state == J2K_STATE_NEOC) { + j2k_read_eoc(j2k); + } +- ++ ++ if (j2k->state & J2K_STATE_ERR) ++ { ++ opj_event_msg(cinfo, EVT_ERROR, "Error in decoding tile\n"); ++ opj_image_destroy(image); ++ return NULL; ++ } ++ + if (j2k->state != J2K_STATE_MT) { + opj_event_msg(cinfo, EVT_WARNING, "Incomplete bitstream\n"); + } + diff --git a/openjpeg.spec b/openjpeg.spec index 536e0e2e9cf5030716eb99192ef9945cb37c70cb..65c0997bcb9ffbda4a6c527c817892879878042e 100644 --- a/openjpeg.spec +++ b/openjpeg.spec @@ -2,7 +2,7 @@ Name: openjpeg Version: 1.5.1 -Release: 24 +Release: 25 Summary: JPEG 2000 command line tools License: BSD URL: https://code.google.com/p/openjpeg/ @@ -31,7 +31,7 @@ Patch204: openjpeg-1.5.1-CVE-2013-6887.patch Patch6000: CVE-2016-7445.patch Patch6001: CVE-2016-10506.patch - +Patch6002: backport-CVE-2014-0158.patch BuildRequires: cmake git pkgconfig(zlib) pkgconfig(libpng) pkgconfig(lcms2) BuildRequires: doxygen gcc-c++ libtiff-devel @@ -117,6 +117,12 @@ test -f %{buildroot}%{_includedir}/openjpeg.h %{_mandir}/man3/*libopenjpeg.3* %changelog +* Thu Jan 28 2021 hanhui - 1.5.1-25 +- Type:cves +- ID:CVE-2014-0158 +- SUG:restart +- DESC:fix CVE-2014-0158 + * Sat Dec 21 2019 openEuler Buildteam - 1.5.1-24 - Type:cves - ID:CVE-2016-10506 CVE-2016-7445