Script 'mail_helper' called by obssrc
Hello community,
here is the log from the commit of package jasper for openSUSE:Factory checked
in at 2024-04-30 17:25:54
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:Factory/jasper (Old)
and /work/SRC/openSUSE:Factory/.jasper.new.1880 (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "jasper"
Tue Apr 30 17:25:54 2024 rev:33 rq:1170497 version:4.2.4
Changes:
--------
--- /work/SRC/openSUSE:Factory/jasper/jasper.changes 2024-04-21
20:27:48.503082260 +0200
+++ /work/SRC/openSUSE:Factory/.jasper.new.1880/jasper.changes 2024-04-30
17:26:15.603771700 +0200
@@ -1,0 +2,7 @@
+Sat Apr 27 19:31:14 UTC 2024 - Michael Vetter <mvet...@suse.com>
+
+- Update to 4.2.4:
+ * Added some missing checks to the jas_heic_decode function in the
+ HEIC codec (#383).
+
+-------------------------------------------------------------------
Old:
----
version-4.2.3.tar.gz
New:
----
version-4.2.4.tar.gz
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Other differences:
------------------
++++++ jasper.spec ++++++
--- /var/tmp/diff_new_pack.qNZNOB/_old 2024-04-30 17:26:19.595916864 +0200
+++ /var/tmp/diff_new_pack.qNZNOB/_new 2024-04-30 17:26:19.599917010 +0200
@@ -20,7 +20,7 @@
%global __builddir obs_build
Name: jasper
-Version: 4.2.3
+Version: 4.2.4
Release: 0
Summary: An Implementation of the JPEG-2000 Standard, Part 1
License: JasPer-2.0
++++++ version-4.2.3.tar.gz -> version-4.2.4.tar.gz ++++++
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/jasper-version-4.2.3/CMakeLists.txt
new/jasper-version-4.2.4/CMakeLists.txt
--- old/jasper-version-4.2.3/CMakeLists.txt 2024-03-30 17:57:05.000000000
+0100
+++ new/jasper-version-4.2.4/CMakeLists.txt 2024-04-27 19:53:19.000000000
+0200
@@ -12,7 +12,7 @@
# The major, minor, and micro version numbers of the project.
set(JAS_VERSION_MAJOR 4)
set(JAS_VERSION_MINOR 2)
-set(JAS_VERSION_PATCH 3)
+set(JAS_VERSION_PATCH 4)
# The shared library versioning information.
# Guidelines on how to change this information can be found below.
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/jasper-version-4.2.3/NEWS.txt
new/jasper-version-4.2.4/NEWS.txt
--- old/jasper-version-4.2.3/NEWS.txt 2024-03-30 17:57:05.000000000 +0100
+++ new/jasper-version-4.2.4/NEWS.txt 2024-04-27 19:53:19.000000000 +0200
@@ -1,7 +1,13 @@
+4.2.4 (2024-04-27)
+==================
+
+* Added some missing checks to the jas_heic_decode function in the
+ HEIC codec (#383).
+
4.2.3 (2024-03-30)
==================
-* Added a missing check in the JPC codec (#381).
+* Added a missing check in the JPC codec (#381) (CVE-2024-31744).
4.2.2 (2024-03-11)
==================
Binary files old/jasper-version-4.2.3/data/test/bad/383.heic and
new/jasper-version-4.2.4/data/test/bad/383.heic differ
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/jasper-version-4.2.3/src/libjasper/heic/heic_dec.c
new/jasper-version-4.2.4/src/libjasper/heic/heic_dec.c
--- old/jasper-version-4.2.3/src/libjasper/heic/heic_dec.c 2024-03-30
17:57:05.000000000 +0100
+++ new/jasper-version-4.2.4/src/libjasper/heic/heic_dec.c 2024-04-27
19:53:19.000000000 +0200
@@ -188,12 +188,20 @@
jas_logerrorf("heif_context_alloc failed\n");
goto error;
}
-#if 0
-#endif
- heif_context_read_from_memory_without_copy(ctx, ptr, size, 0);
+
+ struct heif_error err;
+ err = heif_context_read_from_memory_without_copy(ctx, ptr, size, 0);
+ if (err.code != 0) {
+ jas_logerrorf("heif_context_read_from_memory_without_copy
failed\n");
+ goto error;
+ }
/* Get a handle to the primary image. */
- heif_context_get_primary_image_handle(ctx, &handle);
+ err = heif_context_get_primary_image_handle(ctx, &handle);
+ if (err.code != 0) {
+ jas_logerrorf("heif_context_get_primary_image_handle failed\n");
+ goto error;
+ }
int width = heif_image_handle_get_width(handle);
int height = heif_image_handle_get_height(handle);
@@ -218,7 +226,6 @@
/* Decode the image and convert the colorspace to RGB,
saved as 24bit interleaved. */
- struct heif_error err;
err = heif_decode_image(handle, &img, heif_colorspace_RGB,
heif_chroma_interleaved_RGB, 0);
if (err.code != 0) {
@@ -247,6 +254,7 @@
for (cmptno = 0; cmptno < numcmpts; ++cmptno) {
if (width > JAS_IMAGE_COORD_MAX ||
height > JAS_IMAGE_COORD_MAX) {
+ jas_logerrorf("image size too large\n");
goto error;
}
cmptparm.tlx = 0;
@@ -290,6 +298,8 @@
data[3 * width * y + 3 * x + cmptno]);
}
if (jas_image_writecmpt(image, cmptno, 0, y, width, 1,
matrix)) {
+ jas_logerrorf("jas_image_writecmpt failed\n");
+ goto error;
}
}
}
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/jasper-version-4.2.3/test/bin/run_test_1
new/jasper-version-4.2.4/test/bin/run_test_1
--- old/jasper-version-4.2.3/test/bin/run_test_1 2024-03-30
17:57:05.000000000 +0100
+++ new/jasper-version-4.2.4/test/bin/run_test_1 2024-04-27
19:53:19.000000000 +0200
@@ -46,10 +46,15 @@
panic "cannot determine if JPG is supported format"
has_mif="$(is_supported_format mif)" || \
panic "cannot determine if MIF is supported format"
+has_heic="$(is_supported_format heic)" || \
+ panic "cannot determine if HEIF is supported format"
if [ "$internal_testing_mode" -ne 0 -a "$has_mif" -eq 0 ]; then
echo "warning: MIF support is missing"
fi
+if [ "$internal_testing_mode" -ne 0 -a "$has_heic" -eq 0 ]; then
+ echo "warning: HEIF support is missing"
+fi
if [ "$has_jpg" -eq 0 ]; then
echo "warning: JPEG support is missing"
fi
@@ -70,6 +75,11 @@
skip=1
fi
;;
+ *.heic)
+ if [ "$has_heic" -eq 0 ]; then
+ skip=1
+ fi
+ ;;
*.txt)
skip=1
;;
