Commit 81a3871e authored by Mathieu Malaterre's avatar Mathieu Malaterre

Import Debian changes 2.2.0-1

openjpeg2 (2.2.0-1) unstable; urgency=medium

  * New upstream release. Closes: #872041
  * Fix CVE-2016-9113. Closes: #844552
  * Fix CVE-2016-9114. Closes: #844553
  * Fix CVE-2016-9115. Closes: #844554
  * Fix CVE-2016-9116. Closes: #844555
  * Fix CVE-2016-9117. Closes: #844556
parents a21d5bd9 7bd7546e
......@@ -12,6 +12,7 @@ cmake_install.cmake
/src/bin/common/opj_apps_config.h
/src/lib/openjp2/opj_config.h
/src/lib/openjp2/opj_config_private.h
scripts/opjstyle*
# Ignore directories made by `make`.
/bin/
language: c
language: cpp
matrix:
include:
# OSX
- os: osx
compiler: clang
env: OPJ_CI_ARCH=x86_64 OPJ_CI_BUILD_CONFIGURATION=Release OPJ_CI_INCLUDE_IF_DEPLOY=1
# Test code style
- os: linux
compiler: gcc
env: OPJ_CI_ARCH=x86_64 OPJ_CI_BUILD_CONFIGURATION=Release OPJ_CI_INCLUDE_IF_DEPLOY=1
compiler: clang-3.8
env: OPJ_CI_CC=clang-3.8 OPJ_CI_CXX=clang-3.8 OPJ_CI_CHECK_STYLE=1 OPJ_CI_SKIP_TESTS=1
addons:
apt:
sources:
- llvm-toolchain-precise-3.8
- ubuntu-toolchain-r-test
packages:
- clang-3.8
- flip
# Performance test with GCC
- os: linux
compiler: g++
dist: precise
env: OPJ_CI_ARCH=x86_64 OPJ_CI_BUILD_CONFIGURATION=Release OPJ_CI_INCLUDE_IF_DEPLOY=1 OPJ_CI_PERF_TESTS=1
# Test compilation with AVX2
- os: linux
# "sudo: yes" and "dist: trusty" give us a worker with the AVX2 instruction set
sudo: yes
dist: trusty
compiler: clang-3.8
env: OPJ_CI_CC=clang-3.8 OPJ_CI_CXX=clang-3.8 OPJ_CI_INSTRUCTION_SETS="-mavx2" OPJ_CI_BUILD_CONFIGURATION=Release
addons:
apt:
sources:
- llvm-toolchain-precise-3.8
- ubuntu-toolchain-r-test
packages:
- clang-3.8
# Test multi-threading
- os: linux
compiler: g++
dist: precise
env: OPJ_CI_ARCH=x86_64 OPJ_CI_BUILD_CONFIGURATION=Release OPJ_NUM_THREADS=2
# Test 32-bit compilation
- os: linux
compiler: gcc
compiler: g++
env: OPJ_CI_ARCH=i386 OPJ_CI_BUILD_CONFIGURATION=Release
addons:
apt:
packages:
- gcc-multilib
- g++-multilib
# Profile code (gcc -pg)
- os: linux
compiler: gcc
env: OPJ_CI_ARCH=x86_64 OPJ_CI_BUILD_CONFIGURATION=Debug
compiler: g++
env: OPJ_CI_ARCH=x86_64 OPJ_CI_BUILD_CONFIGURATION=Debug OPJ_CI_PROFILE=1
addons:
apt:
packages:
- valgrind
# Test under ASAN
- os: linux
compiler: clang
env: OPJ_CI_ARCH=x86_64 OPJ_CI_BUILD_CONFIGURATION=Debug OPJ_CI_ASAN=1
# Test with CLang 3.8
- os: linux
compiler: clang-3.8
env: OPJ_CI_ARCH=x86_64 OPJ_CI_BUILD_CONFIGURATION=Release
env: OPJ_CI_CC=clang-3.8 OPJ_CI_CXX=clang-3.8 OPJ_CI_ARCH=x86_64 OPJ_CI_BUILD_CONFIGURATION=Release OPJ_CI_PERF_TESTS=1 OPJ_CI_BUILD_FUZZERS=1
addons:
apt:
sources:
......@@ -31,35 +82,47 @@ matrix:
- ubuntu-toolchain-r-test
packages:
- clang-3.8
# Test with mingw 32 bit
- os: linux
compiler: x86_64-w64-mingw32-gcc
env: OPJ_CI_ARCH=x86_64 OPJ_CI_BUILD_CONFIGURATION=Release
compiler: x86_64-w64-mingw32-g++
env: OPJ_CI_CC=x86_64-w64-mingw32-gcc OPJ_CI_CXX=x86_64-w64-mingw32-g++ OPJ_CI_ARCH=i386 OPJ_CI_BUILD_CONFIGURATION=Release
addons:
apt:
packages:
- gcc-mingw-w64-base
- binutils-mingw-w64-x86-64
- gcc-mingw-w64-x86-64
- gcc-mingw-w64
- binutils-mingw-w64-i686
- gcc-mingw-w64-i686
- gcc-mingw-w64
- g++-mingw-w64-i686
- gcc-multilib
- g++-multilib
# Test with mingw 64 bit
- os: linux
compiler: x86_64-w64-mingw32-gcc
env: OPJ_CI_ARCH=i386 OPJ_CI_BUILD_CONFIGURATION=Release
compiler: x86_64-w64-mingw32-g++
env: OPJ_CI_CC=x86_64-w64-mingw32-gcc OPJ_CI_CXX=x86_64-w64-mingw32-g++ OPJ_CI_ARCH=x86_64 OPJ_CI_BUILD_CONFIGURATION=Release
addons:
apt:
packages:
- gcc-mingw-w64-base
- binutils-mingw-w64-i686
- gcc-mingw-w64-i686
- gcc-mingw-w64
- binutils-mingw-w64-x86-64
- gcc-mingw-w64-x86-64
- gcc-mingw-w64
- g++-mingw-w64-x86-64
# Test with gcc 4.8
- os: linux
compiler: gcc-4.8
env: OPJ_CI_ABI_CHECK=1
compiler: g++-4.8
env: OPJ_CI_CC=gcc-4.8 OPJ_CI_CXX=g++-4.8 OPJ_CI_ABI_CHECK=1
dist: precise
addons:
apt:
sources:
- ubuntu-toolchain-r-test
packages:
- gcc-4.8
- g++-4.8
- libelf-dev
- elfutils
- texinfo
......
This diff is collapsed.
......@@ -24,7 +24,7 @@ endif()
#string(TOLOWER ${OPENJPEG_NAMESPACE} OPENJPEG_LIBRARY_NAME)
set(OPENJPEG_LIBRARY_NAME openjp2)
project(${OPENJPEG_NAMESPACE} C)
project(${OPENJPEG_NAMESPACE})
# Do full dependency headers.
include_regular_expression("^.*$")
......@@ -32,8 +32,8 @@ include_regular_expression("^.*$")
#-----------------------------------------------------------------------------
# OPENJPEG version number, useful for packaging and doxygen doc:
set(OPENJPEG_VERSION_MAJOR 2)
set(OPENJPEG_VERSION_MINOR 1)
set(OPENJPEG_VERSION_BUILD 2)
set(OPENJPEG_VERSION_MINOR 2)
set(OPENJPEG_VERSION_BUILD 0)
set(OPENJPEG_VERSION
"${OPENJPEG_VERSION_MAJOR}.${OPENJPEG_VERSION_MINOR}.${OPENJPEG_VERSION_BUILD}")
set(PACKAGE_VERSION
......@@ -54,6 +54,7 @@ set(PACKAGE_VERSION
# 2.1 | 7
# 2.1.1 | 7
# 2.1.2 | 7
# 2.2.0 | 7
# above is the recommendation by the OPJ team. If you really need to override this default,
# you can specify your own OPENJPEG_SOVERSION at cmake configuration time:
# cmake -DOPENJPEG_SOVERSION:STRING=42 /path/to/openjpeg
......@@ -193,6 +194,7 @@ if(CMAKE_COMPILER_IS_GNUCC)
# set(CMAKE_C_FLAGS "-Wall -std=c99 ${CMAKE_C_FLAGS}") # FIXME: this setting prevented us from setting a coverage build.
# Do not use ffast-math for all build, it would produce incorrect results, only set for release:
set(OPENJPEG_LIBRARY_COMPILE_OPTIONS ${OPENJPEG_LIBRARY_COMPILE_OPTIONS} "$<$<CONFIG:Release>:-ffast-math>")
set(OPENJP2_COMPILE_OPTIONS ${OPENJP2_COMPILE_OPTIONS} "$<$<CONFIG:Release>:-ffast-math>" -Wall -Wextra -Wconversion -Wunused-parameter -Wdeclaration-after-statement -Werror=declaration-after-statement)
endif()
#-----------------------------------------------------------------------------
......@@ -251,6 +253,7 @@ if(BUILD_JPIP_SERVER)
endif()
add_subdirectory(src/lib)
option(BUILD_LUTS_GENERATOR "Build utility to generate t1_luts.h" OFF)
option(BUILD_BENCH_DWT "Build bench_dwt utility (development benchmark)" OFF)
#-----------------------------------------------------------------------------
# Build Applications
......@@ -385,3 +388,6 @@ if(BUILD_PKGCONFIG_FILES)
endif()
#-----------------------------------------------------------------------------
# build our version of astyle
SET (WITH_ASTYLE FALSE CACHE BOOL "If you plan to contribute you should reindent with scripts/prepare-commit.sh (using 'our' astyle)")
......@@ -9,7 +9,7 @@ To build the library, type from source tree directory:
```
mkdir build
cd build
cmake ..
cmake .. -DCMAKE_BUILD_TYPE=Release
make
```
Binaries are then located in the 'bin' directory.
......@@ -31,6 +31,7 @@ Main available cmake flags:
* To build the shared libraries and links the executables against it: '-DBUILD\_SHARED\_LIBS:bool=on' (default: 'ON')
> Note: when using this option, static libraries are not built and executables are dynamically linked.
* To build the CODEC executables: '-DBUILD\_CODEC:bool=on' (default: 'ON')
* To build opjstyle (internal version of astyle) for OpenJPEG development: '-DWITH_ASTYLE=ON'
* [OBSOLETE] To build the MJ2 executables: '-DBUILD\_MJ2:bool=on' (default: 'OFF')
* [OBSOLETE] To build the JPWL executables and JPWL library: '-DBUILD\_JPWL:bool=on' (default: 'OFF')
* [OBSOLETE] To build the JPIP client (java compiler recommended) library and executables: '-DBUILD\_JPIP:bool=on' (default: 'OFF')
......@@ -62,6 +63,33 @@ Note 4 : On MacOS, if it does not work, try adding the following flag to the cma
You can use cmake to generate the project files for the IDE you are using (VC2010, XCode, etc).
Type 'cmake --help' for available generators on your platform.
# Enabling CPU specific optimizations
For Intel/AMD processors, OpenJPEG implements optimizations using the SSE4.1
instruction set (for example, for the 9x7 inverse MCT transform) and the AVX2
instruction set (for example, for the 5x3 inverse discrete wavelet transform).
Currently, those optimizations are only available if OpenJPEG is built to
use those instruction sets (and the resulting binary will only run on compatible
CPUs)
With gcc/clang, it is possible to enable those instruction sets with the following :
cmake -DCMAKE_C_FLAGS="-O3 -msse4.1 -DNDEBUG" ..
cmake -DCMAKE_C_FLAGS="-O3 -mavx2 -DNDEBUG" ..
(AVX2 implies SSE4.1)
Or if the binary is dedicated to run on the machine where it has
been compiled :
cmake -DCMAKE_C_FLAGS="-O3 -march=native -DNDEBUG" ..
# Modifying OpenJPEG
Before committing changes, run:
scripts/prepare-commit.sh
# Using OpenJPEG
To use openjpeg exported cmake file, simply create your application doing:
......
......@@ -2,6 +2,28 @@
More details in the [Changelog](https://github.com/uclouvain/openjpeg/blob/master/CHANGELOG.md)
## OpenJPEG 2.2.0
No API/ABI break compared to v2.1.2 but additional symbols for multithreading support (hence the MINOR version bump).
### Codebase improvements
* Memory consumption reduction at decoding side [\#968](https://github.com/uclouvain/openjpeg/pull/968)
* Multi-threading support at decoding side [\#786](https://github.com/uclouvain/openjpeg/pull/786)
* Tier-1 speed optimizations (encoder and decoder) [\#945](https://github.com/uclouvain/openjpeg/pull/945)
* Tier-1 decoder further optimization [\#783](https://github.com/uclouvain/openjpeg/pull/783)
* Inverse 5x3 DWT speed optimization: single-pass lifting and SSE2/AVX2 implementation [\#957](https://github.com/uclouvain/openjpeg/pull/957)
* Fixed a bug that prevented OpenJPEG to compress losslessly in some situations [\#949](https://github.com/uclouvain/openjpeg/pull/949)
* Fixed BYPASS/LAZY, RESTART/TERMALL and PTERM mode switches
* Many other bug fixes (including security fixes)
### Maintenance improvements
* Benchmarking scripts to automatically compare the speed of latest OpenJPEG build with latest release and/or Kakadu binaries [\#917](https://github.com/uclouvain/openjpeg/pull/917)
* CPU and RAM usage profiling scripts [\#918](https://github.com/uclouvain/openjpeg/pull/918)
* Codebase reformatting (with astyle) and scripts to automatically check that new commits comply with formatting guidelines [\#919](https://github.com/uclouvain/openjpeg/pull/919)
* Register OpenJPEG at Google OSS Fuzz initiative, so as to automatically have OpenJPEG tested against Google fuzzer [\#965](https://github.com/uclouvain/openjpeg/issues/965)
## OpenJPEG 2.1.2
* Bug fixes (including security fixes)
......
......@@ -49,6 +49,7 @@ The library is developed and maintained by the Image and Signal Processing Group
* doc: doxygen documentation setup file and man pages
* tests: configuration files and utilities for the openjpeg test suite. All test images are located in [openjpeg-data](https://github.com/uclouvain/openjpeg-data) repository.
* cmake: cmake related files
* scripts: scripts for developers
See [LICENSE][link-license] for license and copyright information.
......@@ -71,12 +72,12 @@ On windows, MSVC directly supports export/hiding function and as such the only
API available is the one supported by OpenJPEG.
[comment-license]: https://img.shields.io/github/license/uclouvain/openjpeg.svg "https://img.shields.io/badge/license-BSD--2--Clause-blue.svg"
[badge-license]: https://img.shields.io/badge/license-BSD--2--Clause-blue.svg "BSD 2-clause "Simplified" License"
[link-license]: https://github.com/uclouvain/openjpeg/blob/master/LICENSE "BSD 2-clause "Simplified" License"
[badge-build]: https://travis-ci.org/uclouvain/openjpeg.svg?branch=openjpeg-2.1 "Build Status"
[badge-license]: https://img.shields.io/badge/license-BSD--2--Clause-blue.svg "BSD 2-clause \"Simplified\" License"
[link-license]: https://github.com/uclouvain/openjpeg/blob/master/LICENSE "BSD 2-clause \"Simplified\" License"
[badge-build]: https://travis-ci.org/uclouvain/openjpeg.svg?branch=master "Build Status"
[link-build]: https://travis-ci.org/uclouvain/openjpeg "Build Status"
[badge-msvc-build]: https://ci.appveyor.com/api/projects/status/github/uclouvain/openjpeg?branch=openjpeg-2.1&svg=true "Windows Build Status"
[link-msvc-build]: https://ci.appveyor.com/project/detonin/openjpeg/branch/openjpeg-2.1 "Windows Build Status"
[badge-msvc-build]: https://ci.appveyor.com/api/projects/status/github/uclouvain/openjpeg?branch=master&svg=true "Windows Build Status"
[link-msvc-build]: https://ci.appveyor.com/project/detonin/openjpeg/branch/master "Windows Build Status"
[badge-coverity]: https://scan.coverity.com/projects/6383/badge.svg "Coverity Scan Build Status"
[link-coverity]: https://scan.coverity.com/projects/uclouvain-openjpeg "Coverity Scan Build Status"
[link-api-timeline]: http://www.openjpeg.org/abi-check/timeline/openjpeg "OpenJPEG API/ABI timeline"
......@@ -29,6 +29,7 @@ it complete and exempt of errors.
* Julien Malik
* Arnaud Maye
* Vincent Nicolas
* Aleksander Nikolic (Cisco Talos)
* Glenn Pearson
* Even Rouault
* Dzonatas Sol
......
version: 2.1.1.{build}
version: 2.2.0.{build}
branches:
except:
- coverity_scan
......@@ -6,6 +6,9 @@ skip_tags: false
clone_depth: 50
environment:
matrix:
- OPJ_CI_ARCH: x64
OPJ_CI_VSCOMNTOOLS: $(VS140COMNTOOLS)
OPJ_CI_INSTRUCTION_SETS: "/arch:AVX2"
- OPJ_CI_ARCH: x86
OPJ_CI_VSCOMNTOOLS: $(VS140COMNTOOLS)
OPJ_CI_INCLUDE_IF_DEPLOY: 1
......
openjpeg2 (2.1.2-1.3) unstable; urgency=medium
openjpeg2 (2.2.0-1) unstable; urgency=medium
* Fix FTFBS (Closes: #871905)
* New upstream release. Closes: #872041
* Fix CVE-2016-9113. Closes: #844552
* Fix CVE-2016-9114. Closes: #844553
* Fix CVE-2016-9115. Closes: #844554
* Fix CVE-2016-9116. Closes: #844555
* Fix CVE-2016-9117. Closes: #844556
-- Moritz Muehlenhoff <jmm@debian.org> Sat, 12 Aug 2017 15:54:38 +0200
openjpeg2 (2.1.2-1.2) unstable; urgency=medium
* Non-maintainer upload
* Fix CVE-2016-1626, CVE-2016-1628, CVE-2016-5152, CVE-2016-9112 and
CVE-2016-9118.patch
-- Moritz Muehlenhoff <jmm@debian.org> Fri, 11 Aug 2017 22:17:07 +0200
openjpeg2 (2.1.2-1.1) unstable; urgency=medium
* Non-maintainer upload.
* Add CVE-2016-9572_CVE-2016-9573.patch patch.
CVE-2016-9572: NULL pointer dereference in input decoding
CVE-2016-9573: Heap out-of-bounds read due to insufficient check in
imagetopnm(). (Closes: #851422)
-- Salvatore Bonaccorso <carnil@debian.org> Sun, 22 Jan 2017 14:18:13 +0100
-- Mathieu Malaterre <malat@debian.org> Fri, 22 Sep 2017 21:51:36 +0200
openjpeg2 (2.1.2-1) unstable; urgency=medium
......
......@@ -16,7 +16,7 @@ Build-Depends: cmake (>= 2.8.2),
libtiff-dev,
libxerces2-java,
zlib1g-dev
Standards-Version: 3.9.8
Standards-Version: 4.1.0
Section: libs
Vcs-Browser: http://anonscm.debian.org/viewvc/collab-maint/deb-maint/openjpeg2/trunk/
Vcs-Svn: svn://anonscm.debian.org/collab-maint/deb-maint/openjpeg2/trunk
......
......@@ -2,6 +2,7 @@ Format: http://www.debian.org/doc/packaging-manuals/copyright-format/1.0/
Upstream-Name: OpenJPEG
Upstream-Contact: openjpeg@googlegroups.com
Source: http://openjpeg.org
Files-Excluded: thirdparty/astyle scripts
Files: src/lib/openjpip/*
Copyright: 2002-2011, Communications and Remote Sensing Laboratory, Universite catholique de Louvain (UCL), Belgium
......@@ -45,6 +46,7 @@ Files: src/lib/openjp3d/jp3d.c
src/lib/openjp3d/tcd.h
src/lib/openjp3d/tcd.c
src/lib/openjp3d/t2.h
src/lib/openjp2/mqc_inl.h
Copyright: 2001-2003, David Janssens
2002-2003, Yannick Verschueren
2003-2005, Francois Devaux and Antonin Descampe
......@@ -313,12 +315,14 @@ Files:
tools/ctest_scripts/toolchain-mingw64.cmake
tools/ctest_scripts/travis-ci.cmake
tools/travis-ci/abi-check.sh
tools/travis-ci/detect-avx2.c
tools/travis-ci/install.sh
tools/travis-ci/knownfailures-Ubuntu12.04-clang3.4-x86_64-Debug-3rdP-ASan.txt
tools/travis-ci/knownfailures-Ubuntu12.04-clang3.9.0-x86_64-Debug-3rdP.txt
tools/travis-ci/knownfailures-Ubuntu12.04-clang3.9.0-x86_64-Release-3rdP.txt
tools/travis-ci/knownfailures-Ubuntu12.04-gcc4.6.3-i386-Release-3rdP.txt
tools/travis-ci/knownfailures-Ubuntu12.04-gcc4.6.4-i386-Release-3rdP.txt
tools/travis-ci/knownfailures-Ubuntu14.04-clang3.8.0-x86_64-Release-3rdP.txt
tools/travis-ci/knownfailures-Ubuntu14.04-gcc4.8.4-i386-Release-3rdP.txt
tools/travis-ci/knownfailures-all.txt
tools/travis-ci/knownfailures-windows-vs2010-x86-Release-3rdP.txt
......@@ -1076,8 +1080,29 @@ Files: cmake/FindKAKADU.cmake
Copyright: 2006-2011 Mathieu Malaterre <mathieu.malaterre@gmail.com>
License: BSD-2
Files: tests/profiling/filter_massif_output.py
tests/performance/compare_perfs.py
tests/performance/perf_test.py
tests/performance/perf_test_filelist.csv
tests/fuzzers/opj_decompress_fuzzer.cpp
tests/fuzzers/fuzzingengine.c
tests/fuzzers/build_seed_corpus.sh
tests/fuzzers/build_google_oss_fuzzers.sh
tests/fuzzers/README.TXT
tests/fuzzers/GNUmakefile
src/lib/openjp2/opj_common.h
src/lib/openjp2/bench_dwt.c
Copyright: Copyright (c) 2017, IntoPIX SA
License: BSD-2
Files: src/lib/openjp2/tls_keys.h
src/lib/openjp2/thread.h
src/lib/openjp2/thread.c
Copyright: Copyright (c) 2016, Even Rouault
License: BSD-2
Files: debian/*
Copyright: © 2014, Mathieu Malaterre <malat@debian.org>
Copyright: © 2014-2017, Mathieu Malaterre <malat@debian.org>
License: BSD-2
License: BSD-2
......
libopenjp2.so.7 libopenjp2-7 #MINVER#
opj_codec_set_threads@Base 2.2.0
opj_create_compress@Base 2.0.0
opj_create_decompress@Base 2.0.0
opj_decode@Base 2.0.0
......@@ -13,7 +14,11 @@ libopenjp2.so.7 libopenjp2-7 #MINVER#
opj_get_cstr_index@Base 2.0.0
opj_get_cstr_info@Base 2.0.0
opj_get_decoded_tile@Base 2.0.0
opj_get_num_cpus@Base 2.2.0
opj_has_thread_support@Base 2.2.0
opj_image_create@Base 2.0.0
opj_image_data_alloc@Base 2.2.0
opj_image_data_free@Base 2.2.0
opj_image_destroy@Base 2.0.0
opj_image_tile_create@Base 2.0.0
opj_read_header@Base 2.0.0
......
.\" DO NOT MODIFY THIS FILE! It was generated by help2man 1.47.4.
.TH OPJ_JP3D_COMPRESS "1" "September 2016" "opj_jp3d_compress 2.1.2" "User Commands"
.TH OPJ_JP3D_COMPRESS "1" "September 2017" "opj_jp3d_compress 2.2.0" "User Commands"
.SH NAME
opj_jp3d_compress \- Works with JPEG2000 files
.SH DESCRIPTION
......
.\" DO NOT MODIFY THIS FILE! It was generated by help2man 1.47.4.
.TH OPJ_JP3D_DECOMPRESS "1" "September 2016" "opj_jp3d_decompress 2.1.2" "User Commands"
.TH OPJ_JP3D_DECOMPRESS "1" "September 2017" "opj_jp3d_decompress 2.2.0" "User Commands"
.SH NAME
opj_jp3d_decompress \- Works with JPEG2000 files
.SH DESCRIPTION
......
.\" DO NOT MODIFY THIS FILE! It was generated by help2man 1.47.4.
.TH OPJ_JPIP_ADDXML "1" "September 2016" "opj_jpip_addxml 2.1.2" "User Commands"
.TH OPJ_JPIP_ADDXML "1" "September 2017" "opj_jpip_addxml 2.2.0" "User Commands"
.SH NAME
opj_jpip_addxml \- Works with JPEG2000 files
.SH DESCRIPTION
......
.\" DO NOT MODIFY THIS FILE! It was generated by help2man 1.47.4.
.TH OPJ_JPIP_TEST "1" "September 2016" "opj_jpip_test 2.1.2" "User Commands"
.TH OPJ_JPIP_TEST "1" "September 2017" "opj_jpip_test 2.2.0" "User Commands"
.SH NAME
opj_jpip_test \- Works with JPEG2000 files
.SH DESCRIPTION
......
.\" DO NOT MODIFY THIS FILE! It was generated by help2man 1.47.4.
.TH OPJ_JPIP_TRANSCODE "1" "September 2016" "opj_jpip_transcode 2.1.2" "User Commands"
.TH OPJ_JPIP_TRANSCODE "1" "September 2017" "opj_jpip_transcode 2.2.0" "User Commands"
.SH NAME
opj_jpip_transcode \- Works with JPEG2000 files
.SH DESCRIPTION
......
From 11445eddad7e7fa5b273d1c83c91011c44e5d586 Mon Sep 17 00:00:00 2001
From: Even Rouault <even.rouault@spatialys.com>
Date: Sat, 29 Jul 2017 19:03:13 +0200
Subject: [PATCH] opj_pi_update_decode_poc(): limit layno1 to the number of
layers (CVE-2016-1626 and CVE-2016-1628, #850)
This has been recently fixed in a less elegant way per
80818c39f5bfbac37768fcee95b0ffeceaa77264
--- openjpeg2-2.1.2.orig/src/lib/openjp2/pi.c
+++ openjpeg2-2.1.2/src/lib/openjp2/pi.c
@@ -1019,7 +1019,8 @@ static void opj_pi_update_decode_poc (op
l_current_pi->poc.precno0 = 0;
l_current_pi->poc.resno1 = l_current_poc->resno1; /* Resolution Level Index #0 (End) */
l_current_pi->poc.compno1 = l_current_poc->compno1; /* Component Index #0 (End) */
- l_current_pi->poc.layno1 = l_current_poc->layno1; /* Layer Index #0 (End) */
+ l_current_pi->poc.layno1 = opj_uint_min(l_current_poc->layno1,
+ p_tcp->numlayers); /* Layer Index #0 (End) */
l_current_pi->poc.precno1 = p_max_precision;
++l_current_pi;
++l_current_poc;
--- openjpeg2-2.1.2.orig/src/lib/openjp2/j2k.c
+++ openjpeg2-2.1.2/src/lib/openjp2/j2k.c
@@ -41,6 +41,7 @@
*/
#include "opj_includes.h"
+#include <limits.h>
/** @defgroup J2K J2K - JPEG-2000 codestream reader/writer */
/*@{*/
--- openjpeg2-2.1.2.orig/src/lib/openmj2/tcd.c
+++ openjpeg2-2.1.2/src/lib/openmj2/tcd.c
@@ -38,6 +38,7 @@
#define _ISOC99_SOURCE /* lrintf is C99 */
#include "opj_includes.h"
+#include <limits.h>
void tcd_dump(FILE *fd, opj_tcd_t *tcd, opj_tcd_image_t * img) {
int tileno, compno, resno, bandno, precno;/*, cblkno;*/
--- openjpeg2-2.1.2.orig/src/lib/openjp2/opj_includes.h
+++ openjpeg2-2.1.2/src/lib/openjp2/opj_includes.h
@@ -54,6 +54,7 @@
#include <stdarg.h>
#include <ctype.h>
#include <assert.h>
+#include <limits.h>
/*
Use fseeko() and ftello() if they are available since they use
From 3fbe71369019df0b47c7a2be4fab8c05768f2f32 Mon Sep 17 00:00:00 2001
From: Even Rouault <even.rouault@spatialys.com>
Date: Sat, 29 Jul 2017 18:38:16 +0200
Subject: [PATCH] opj_tcd_get_decoded_tile_size(): fix potential UINT32
overflow (#854, CVE-2016-5152)
Fix derived from https://pdfium.googlesource.com/pdfium.git/+/d8cc503575463ff3d81b22dad292665f2c88911e/third_party/libopenjpeg20/0018-tcd_get_decoded_tile_size.patch
--- openjpeg2-2.1.2.orig/src/lib/openjp2/j2k.c
+++ openjpeg2-2.1.2/src/lib/openjp2/j2k.c
@@ -8097,6 +8097,9 @@ OPJ_BOOL opj_j2k_read_tile_header(
*p_tile_index = p_j2k->m_current_tile_number;
*p_go_on = OPJ_TRUE;
*p_data_size = opj_tcd_get_decoded_tile_size(p_j2k->m_tcd);
+ if (*p_data_size == UINT_MAX) {
+ return OPJ_FALSE;
+ }
*p_tile_x0 = p_j2k->m_tcd->tcd_image->tiles->x0;
*p_tile_y0 = p_j2k->m_tcd->tcd_image->tiles->y0;
*p_tile_x1 = p_j2k->m_tcd->tcd_image->tiles->x1;
--- openjpeg2-2.1.2.orig/src/lib/openjp2/tcd.c
+++ openjpeg2-2.1.2/src/lib/openjp2/tcd.c
@@ -1154,6 +1154,7 @@ OPJ_UINT32 opj_tcd_get_decoded_tile_size
opj_tcd_tilecomp_t * l_tile_comp = 00;
opj_tcd_resolution_t * l_res = 00;
OPJ_UINT32 l_size_comp, l_remaining;
+ OPJ_UINT32 l_temp;
l_tile_comp = p_tcd->tcd_image->tiles->comps;
l_img_comp = p_tcd->image->comps;
@@ -1171,7 +1172,17 @@ OPJ_UINT32 opj_tcd_get_decoded_tile_size
}
l_res = l_tile_comp->resolutions + l_tile_comp->minimum_num_resolutions - 1;
- l_data_size += l_size_comp * (OPJ_UINT32)((l_res->x1 - l_res->x0) * (l_res->y1 - l_res->y0));
+ l_temp = (OPJ_UINT32)((l_res->x1 - l_res->x0) * (l_res->y1 -
+ l_res->y0)); /* x1*y1 can't overflow */
+ if (l_size_comp && UINT_MAX / l_size_comp < l_temp) {
+ return UINT_MAX;
+ }
+ l_temp *= l_size_comp;
+
+ if (l_temp > UINT_MAX - l_data_size) {
+ return UINT_MAX;
+ }
+ l_data_size += l_temp;
++l_img_comp;
++l_tile_comp;
}
@@ -1366,7 +1377,7 @@ OPJ_BOOL opj_tcd_update_tile_data ( opj_