Hello community, here is the log from the commit of package openjpeg for openSUSE:Factory checked in at 2012-09-13 07:03:41 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/openjpeg (Old) and /work/SRC/openSUSE:Factory/.openjpeg.new (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Package is "openjpeg", Maintainer is "" Changes: -------- --- /work/SRC/openSUSE:Factory/openjpeg/openjpeg.changes 2012-07-18 17:37:14.000000000 +0200 +++ /work/SRC/openSUSE:Factory/.openjpeg.new/openjpeg.changes 2012-09-13 07:03:43.000000000 +0200 @@ -1,0 +2,6 @@ +Tue Sep 11 18:28:55 UTC 2012 - asterios.dramis@gmail.com + +- Added a patch (heap_buffer_overflow_2_fix.patch) to fix heap-based buffer + overflow when processing JPEG2000 images - (CVE-2012-3535), (bnc#777445). + +------------------------------------------------------------------- New: ---- heap_buffer_overflow_2_fix.patch ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ openjpeg.spec ++++++ --- /var/tmp/diff_new_pack.vOxHtD/_old 2012-09-13 07:03:45.000000000 +0200 +++ /var/tmp/diff_new_pack.vOxHtD/_new 2012-09-13 07:03:45.000000000 +0200 @@ -37,6 +37,8 @@ Patch4: heap_corruption_fix.patch # PATCH-FIX-UPSTREAM heap_buffer_overflow_fix.patch CVE-2012-3358 bnc#770649 asterios.dramis@gmail.com -- Fix heap-based buffer overflow when processing JPEG2000 images (http://code.google.com/p/openjpeg/source/detail?r=1727) Patch5: heap_buffer_overflow_fix.patch +# PATCH-FIX-UPSTREAM heap_buffer_overflow_2_fix.patch CVE-2012-3535 bnc#777445 asterios.dramis@gmail.com -- Fix heap-based buffer overflow when processing JPEG2000 images (http://code.google.com/p/openjpeg/source/detail?r=1919) +Patch6: heap_buffer_overflow_2_fix.patch BuildRequires: cmake BuildRequires: doxygen BuildRequires: liblcms2-devel @@ -76,6 +78,7 @@ %patch3 -p1 %patch4 -p1 %patch5 -p1 +%patch6 # Remove build time references so build-compare can do its work sed -i "s/HTML_TIMESTAMP = YES/HTML_TIMESTAMP = NO/g" doc/Doxyfile.dox.cmake.in ++++++ heap_buffer_overflow_2_fix.patch ++++++ Index: libopenjpeg/j2k.c =================================================================== --- libopenjpeg/j2k.c (revision 1918) +++ libopenjpeg/j2k.c (revision 1919) @@ -694,6 +694,12 @@ "of resolutions of this component\nModify the cp_reduce parameter.\n\n", compno); j2k->state |= J2K_STATE_ERR; } + if( tccp->numresolutions > J2K_MAXRLVLS ) { + opj_event_msg(j2k->cinfo, EVT_ERROR, "Error decoding component %d.\nThe number of resolutions is too big: %d vs max= %d. Truncating.\n\n", + compno, tccp->numresolutions, J2K_MAXRLVLS); + j2k->state |= J2K_STATE_ERR; + tccp->numresolutions = J2K_MAXRLVLS; + } tccp->cblkw = cio_read(cio, 1) + 2; /* SPcox (E) */ tccp->cblkh = cio_read(cio, 1) + 2; /* SPcox (F) */ -- To unsubscribe, e-mail: opensuse-commit+unsubscribe@opensuse.org For additional commands, e-mail: opensuse-commit+help@opensuse.org