Update openjpeg to 2.2.0 to address multiple CVEs

Summary: This new release includes a significant number of improvements and bug fixes. In particular: - Multi-threading support at decoding side - Several speed optimisations both at encoder and decoder, and both on Wavelet Transform and Entropy Coding parts. On our test set, a single-threaded execution is now around 20% faster (encoding or decoding). - Huge memory consumption reduction at decoding side (~60% reduction on large images) - Several important bug fixes, in particular the one that was preventing OpenJPEG to encode lossless in some specific situations, as well as those related to mode switches (BYPASS/LAZY, RESTART/TERMALL, etc). - Several security fixes thanks to the inclusion of OpenJPEG in the Google OSS Fuzz project. Beside that, several improvements have been brought to the project maintenance, like inclusion of benchmarking scripts to compare speed with latest available kakadu binaries. Security fixes: - CVE-2016-5139, CVE-2016-5152, CVE-2016-5158, CVE-2016-5159 [#854](uclouvain/openjpeg#854) - CVE-2016-1626 and CVE-2016-1628 [#850](uclouvain/openjpeg#850) For more info check the [NEWS](https://github.com/uclouvain/openjpeg/blob/v2.2.0/NEWS.md) and the [Changelog](https://github.com/uclouvain/openjpeg/blob/v2.2.0/CHANGELOG.md) Signed-off-by: Pierre-Yves <pyu@riseup.net> Test Plan: ``` $ opj_compress -i test.png -o test.j2k [INFO] tile number 1 / 1 [INFO] Generated outfile test.j2k encode time: 283 ms ``` Reviewers: #triage_team, JoshStrobl Reviewed By: #triage_team, JoshStrobl Subscribers: sunnyflunk, JoshStrobl Tags: #security Differential Revision: https://dev.solus-project.com/D794
solus-packages · Aug 12, 2017 · 01687bc · 01687bc
1 parent 5671fff
commit 01687bc
Show file tree

Hide file tree

Showing 14 changed files with 104 additions and 723 deletions.
diff --git a/abi_symbols b/abi_symbols
@@ -7,6 +7,8 @@ libopenjp2.so.7:j2k_get_cstr_info
 libopenjp2.so.7:jp2_dump
 libopenjp2.so.7:jp2_get_cstr_index
 libopenjp2.so.7:jp2_get_cstr_info
+libopenjp2.so.7:opj_aligned_32_malloc
+libopenjp2.so.7:opj_aligned_32_realloc
 libopenjp2.so.7:opj_aligned_free
 libopenjp2.so.7:opj_aligned_malloc
 libopenjp2.so.7:opj_aligned_realloc
@@ -23,6 +25,11 @@ libopenjp2.so.7:opj_bio_write
 libopenjp2.so.7:opj_calculate_norms
 libopenjp2.so.7:opj_calloc
 libopenjp2.so.7:opj_clock
+libopenjp2.so.7:opj_codec_set_threads
+libopenjp2.so.7:opj_cond_create
+libopenjp2.so.7:opj_cond_destroy
+libopenjp2.so.7:opj_cond_signal
+libopenjp2.so.7:opj_cond_wait
 libopenjp2.so.7:opj_copy_image_header
 libopenjp2.so.7:opj_create_compress
 libopenjp2.so.7:opj_create_decompress
@@ -49,9 +56,13 @@ libopenjp2.so.7:opj_free
 libopenjp2.so.7:opj_get_cstr_index
 libopenjp2.so.7:opj_get_cstr_info
 libopenjp2.so.7:opj_get_decoded_tile
+libopenjp2.so.7:opj_get_num_cpus
+libopenjp2.so.7:opj_has_thread_support
 libopenjp2.so.7:opj_image_comp_header_update
 libopenjp2.so.7:opj_image_create
 libopenjp2.so.7:opj_image_create0
+libopenjp2.so.7:opj_image_data_alloc
+libopenjp2.so.7:opj_image_data_free
 libopenjp2.so.7:opj_image_destroy
 libopenjp2.so.7:opj_image_tile_create
 libopenjp2.so.7:opj_j2k_convert_progression_order
@@ -68,6 +79,7 @@ libopenjp2.so.7:opj_j2k_read_header
 libopenjp2.so.7:opj_j2k_read_tile_header
 libopenjp2.so.7:opj_j2k_set_decode_area
 libopenjp2.so.7:opj_j2k_set_decoded_resolution_factor
+libopenjp2.so.7:opj_j2k_set_threads
 libopenjp2.so.7:opj_j2k_setup_decoder
 libopenjp2.so.7:opj_j2k_setup_encoder
 libopenjp2.so.7:opj_j2k_setup_mct_encoding
@@ -85,6 +97,7 @@ libopenjp2.so.7:opj_jp2_read_header
 libopenjp2.so.7:opj_jp2_read_tile_header
 libopenjp2.so.7:opj_jp2_set_decode_area
 libopenjp2.so.7:opj_jp2_set_decoded_resolution_factor
+libopenjp2.so.7:opj_jp2_set_threads
 libopenjp2.so.7:opj_jp2_setup_decoder
 libopenjp2.so.7:opj_jp2_setup_encoder
 libopenjp2.so.7:opj_jp2_start_compress
@@ -103,22 +116,24 @@ libopenjp2.so.7:opj_mct_getnorm
 libopenjp2.so.7:opj_mct_getnorm_real
 libopenjp2.so.7:opj_mqc_bypass_enc
 libopenjp2.so.7:opj_mqc_bypass_flush_enc
+libopenjp2.so.7:opj_mqc_bypass_get_extra_bytes
 libopenjp2.so.7:opj_mqc_bypass_init_enc
-libopenjp2.so.7:opj_mqc_create
-libopenjp2.so.7:opj_mqc_decode
-libopenjp2.so.7:opj_mqc_destroy
 libopenjp2.so.7:opj_mqc_encode
 libopenjp2.so.7:opj_mqc_erterm_enc
 libopenjp2.so.7:opj_mqc_flush
 libopenjp2.so.7:opj_mqc_init_dec
 libopenjp2.so.7:opj_mqc_init_enc
 libopenjp2.so.7:opj_mqc_numbytes
+libopenjp2.so.7:opj_mqc_raw_init_dec
 libopenjp2.so.7:opj_mqc_reset_enc
 libopenjp2.so.7:opj_mqc_resetstates
-libopenjp2.so.7:opj_mqc_restart_enc
 libopenjp2.so.7:opj_mqc_restart_init_enc
 libopenjp2.so.7:opj_mqc_segmark_enc
 libopenjp2.so.7:opj_mqc_setstate
+libopenjp2.so.7:opj_mutex_create
+libopenjp2.so.7:opj_mutex_destroy
+libopenjp2.so.7:opj_mutex_lock
+libopenjp2.so.7:opj_mutex_unlock
 libopenjp2.so.7:opj_pi_create_decode
 libopenjp2.so.7:opj_pi_create_encode
 libopenjp2.so.7:opj_pi_destroy
@@ -131,11 +146,6 @@ libopenjp2.so.7:opj_procedure_list_create
 libopenjp2.so.7:opj_procedure_list_destroy
 libopenjp2.so.7:opj_procedure_list_get_first_procedure
 libopenjp2.so.7:opj_procedure_list_get_nb_procedures
-libopenjp2.so.7:opj_raw_create
-libopenjp2.so.7:opj_raw_decode
-libopenjp2.so.7:opj_raw_destroy
-libopenjp2.so.7:opj_raw_init_dec
-libopenjp2.so.7:opj_raw_numbytes
 libopenjp2.so.7:opj_read_bytes_BE
 libopenjp2.so.7:opj_read_bytes_LE
 libopenjp2.so.7:opj_read_double_BE
@@ -202,10 +212,12 @@ libopenjp2.so.7:opj_tcd_get_encoded_tile_size
 libopenjp2.so.7:opj_tcd_init
 libopenjp2.so.7:opj_tcd_init_decode_tile
 libopenjp2.so.7:opj_tcd_init_encode_tile
+libopenjp2.so.7:opj_tcd_is_band_empty
 libopenjp2.so.7:opj_tcd_makelayer
 libopenjp2.so.7:opj_tcd_makelayer_fixed
 libopenjp2.so.7:opj_tcd_rateallocate
 libopenjp2.so.7:opj_tcd_rateallocate_fixed
+libopenjp2.so.7:opj_tcd_reinit_segment
 libopenjp2.so.7:opj_tcd_update_tile_data
 libopenjp2.so.7:opj_tgt_create
 libopenjp2.so.7:opj_tgt_decode
@@ -214,6 +226,15 @@ libopenjp2.so.7:opj_tgt_encode
 libopenjp2.so.7:opj_tgt_init
 libopenjp2.so.7:opj_tgt_reset
 libopenjp2.so.7:opj_tgt_setvalue
+libopenjp2.so.7:opj_thread_create
+libopenjp2.so.7:opj_thread_join
+libopenjp2.so.7:opj_thread_pool_create
+libopenjp2.so.7:opj_thread_pool_destroy
+libopenjp2.so.7:opj_thread_pool_get_thread_count
+libopenjp2.so.7:opj_thread_pool_submit_job
+libopenjp2.so.7:opj_thread_pool_wait_completion
+libopenjp2.so.7:opj_tls_get
+libopenjp2.so.7:opj_tls_set
 libopenjp2.so.7:opj_version
 libopenjp2.so.7:opj_write_bytes_BE
 libopenjp2.so.7:opj_write_bytes_LE
@@ -222,3 +243,4 @@ libopenjp2.so.7:opj_write_double_LE
 libopenjp2.so.7:opj_write_float_BE
 libopenjp2.so.7:opj_write_float_LE
 libopenjp2.so.7:opj_write_tile
+libopenjp2.so.7:opq_mqc_finish_dec
diff --git a/abi_used_libs b/abi_used_libs
@@ -2,4 +2,6 @@ libc.so.6
 liblcms2.so.2
 libm.so.6
 libpng15.so.15
+libpthread.so.0
+librt.so.1
 libtiff.so.5
diff --git a/files/security/CVE-2016-9112.patch b/files/security/CVE-2016-9112.patch
diff --git a/files/security/CVE-2016-9113.patch b/files/security/CVE-2016-9113.patch
@@ -1,19 +1,20 @@
-From e0047b38dee408a63e0af72823d8a00eb8681779 Mon Sep 17 00:00:00 2001
-From: Hans Petter Jansson <hpj@cl.no>
-Date: Wed, 14 Dec 2016 21:34:11 +0100
-Subject: [PATCH 03/10] CVE-2016-9113
+From b5039e257dafbb58ddc60e78c887dd45de62e19d Mon Sep 17 00:00:00 2001
+From: Pierre-Yves <pyu@riseup.net>
+Date: Thu, 10 Aug 2017 11:43:01 +0200
+Subject: [PATCH] CVE-2016-9113
 
+Signed-off-by: Pierre-Yves <pyu@riseup.net>
 ---
  src/bin/jp2/convertbmp.c | 10 ++++++++++
  1 file changed, 10 insertions(+)
 
 diff --git a/src/bin/jp2/convertbmp.c b/src/bin/jp2/convertbmp.c
-index 40b0325..15942bf 100644
+index b49e7a0..3356b23 100644
 --- a/src/bin/jp2/convertbmp.c
 +++ b/src/bin/jp2/convertbmp.c
-@@ -1049,6 +1049,11 @@ int imagetobmp(opj_image_t * image, const char *outfile) {
- && image->comps[0].prec == image->comps[1].prec
- && image->comps[1].prec == image->comps[2].prec) {
+@@ -845,6 +845,11 @@ int imagetobmp(opj_image_t * image, const char *outfile)
+ && image->comps[0].sgnd == image->comps[1].sgnd
+ && image->comps[1].sgnd == image->comps[2].sgnd) {
 
 + if (!image->comps[0].data || !image->comps[1].data || !image->comps[2].data) {
 + fprintf(stderr, "ERROR -> Missing image data in input file\n");
@@ -23,9 +24,9 @@ index 40b0325..15942bf 100644
  /* -->> -->> -->> -->>
  24 bits color
  <<-- <<-- <<-- <<-- */
-@@ -1148,6 +1153,11 @@ int imagetobmp(opj_image_t * image, const char *outfile) {
+@@ -974,6 +979,11 @@ int imagetobmp(opj_image_t * image, const char *outfile)
  fclose(fdest);
- } else { /* Gray-scale */
+ } else { /* Gray-scale */
 
 + if (!image->comps[0].data) {
 + fprintf(stderr, "ERROR -> Missing image data in input file\n");
@@ -36,5 +37,5 @@ index 40b0325..15942bf 100644
  8 bits non code (Gray scale)
  <<-- <<-- <<-- <<-- */
 -- 
-1.8.4.5
+2.13.4
 
diff --git a/files/security/CVE-2016-9114.patch b/files/security/CVE-2016-9114.patch
@@ -1,34 +1,35 @@
-From 525525ecc7c70a078b5372df2484a8d0cd1c84e5 Mon Sep 17 00:00:00 2001
-From: Hans Petter Jansson <hpj@cl.no>
-Date: Wed, 14 Dec 2016 21:46:14 +0100
-Subject: [PATCH 4/9] CVE-2016-9114
+From de42fd16c5cacfc76c45771632946cffd3e8a3ec Mon Sep 17 00:00:00 2001
+From: Pierre-Yves <pyu@riseup.net>
+Date: Thu, 10 Aug 2017 13:25:42 +0200
+Subject: [PATCH] CVE-2016-9114
 
+Signed-off-by: Pierre-Yves <pyu@riseup.net>
 ---
  src/bin/jp2/convert.c | 4 ++--
  1 file changed, 2 insertions(+), 2 deletions(-)
 
 diff --git a/src/bin/jp2/convert.c b/src/bin/jp2/convert.c
-index ee65920..63703a8 100644
+index e2e1602..86743de 100644
 --- a/src/bin/jp2/convert.c
 +++ b/src/bin/jp2/convert.c
-@@ -2153,7 +2153,7 @@ if(v > 65535) v = 65535; else if(v < 0) v = 0;
+@@ -2137,7 +2137,7 @@ int imagetopnm(opj_image_t * image, const char *outfile, int force_split)
  adjustR =
-  (image->comps[compno].sgnd ? 1 << (image->comps[compno].prec - 1) : 0);
+ (image->comps[compno].sgnd ? 1 << (image->comps[compno].prec - 1) : 0);
 
-- if(prec > 8)
-+ if(prec > 8 && red)
- {
- for (i = 0; i < wr * hr; i++)
- {
-@@ -2173,7 +2173,7 @@ if(v > 65535) v = 65535; else if(v < 0) v = 0;
+- if (prec > 8) {
++ if (prec > 8 && red) {
+ for (i = 0; i < wr * hr; i++) {
+ v = *red + adjustR;
+ ++red;
+@@ -2162,7 +2162,7 @@ int imagetopnm(opj_image_t * image, const char *outfile, int force_split)
+ fprintf(fdest, "%c%c", (unsigned char)(v >> 8), (unsigned char)v);
  }
  }/* for(i */
- }
-- else /* prec <= 8 */
-+ else if (red) /* prec <= 8 */
- {
- for(i = 0; i < wr * hr; ++i)
- {
+- } else { /* prec <= 8 */
++ } else if (red) { /* prec <= 8 */
+ for (i = 0; i < wr * hr; ++i) {
+ v = *red + adjustR;
+ ++red;
 -- 
-1.8.4.5
+2.13.4