Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

media-libs/openjpeg: Fix segfault, security bug 832007 #24822

Closed
wants to merge 1 commit into from
Closed

media-libs/openjpeg: Fix segfault, security bug 832007 #24822

wants to merge 1 commit into from

Conversation

laumann
Copy link
Contributor

@laumann laumann commented Mar 30, 2022

See: uclouvain/openjpeg@0afbdcf
Bug: https://bugs.gentoo.org/832007
Signed-off-by: Thomas Bracht Laumann Jespersen t@laumann.xyz

@gentoo-bot
Copy link

Pull Request assignment

Submitter: @laumann
Areas affected: ebuilds
Packages affected: media-libs/openjpeg

media-libs/openjpeg: @gentoo/proxy-maint (maintainer needed)

Linked bugs

Bugs linked: 832007

In order to force reassignment and/or bug reference scan, please append [please reassign] to the pull request title.

Docs: Code of ConductCopyright policy (expl.) ● DevmanualGitHub PRsProxy-maint guide

@gentoo-bot gentoo-bot added maintainer-needed There is at least one affected package with no maintainer. Review it if you can. assigned PR successfully assigned to the package maintainer(s). bug linked Bug/Closes found in footer, and cross-linked with the PR. security PR that needs to be merged promptly as it addresses security issues labels Mar 30, 2022
laumann
laumann commented Mar 30, 2022
View reviewed changes
media-libs/openjpeg/files/openjpeg-2.4.0-fix-segfault.patch Outdated
Comment on lines 1 to 12
From 0afbdcf3e6d0d2bd2e16a0c4d513ee3cf86e460d Mon Sep 17 00:00:00 2001
From: xiaoxiaoafeifei <lliangliang2007@163.com>
Date: Wed, 14 Jul 2021 09:35:13 +0800
Subject: [PATCH] Fix segfault in src/bin/jp2/opj_decompress.c due to
uninitialized pointer (fixes #1368) (#1369)

---
src/bin/jp2/opj_decompress.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/bin/jp2/opj_decompress.c b/src/bin/jp2/opj_decompress.c
index 0e0287350..18ead6721 100644
Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Normally, I would scrub a patch to remove some cruft, but as I am not the author of the patch, I figured it's maybe best to leave it as-is. Let me know if I should scrub it.

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Scrubbing (at least the iwdevtools version) won't remove From or Subject, just git noise, so it should be fine to scrub.

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Scrubbed!

Some output from scrub-patch. I'll add a link.

QA: openjpeg-2.4.0-r2-fix-segfault.patch has generated warnings:

001: From 0afbdcf3e6d0d2bd2e16a0c4d513ee3cf86e460d Mon Sep 17 00:00:00 2001
^^^ suggest replacing line with a http link pointing the upstream commit hash

@laumann
Copy link
Contributor Author

laumann commented Mar 30, 2022

Wasn't sure if it should be an -r2.

@laumann
Copy link
Contributor Author

laumann commented Mar 30, 2022

Wasn't sure if it should be an -r2.

From the devmanual:

Examples of changes that warrant a new revision are:

  • adding a patch to fix a runtime issue,

Guess that answers that :-)

@laumann laumann force-pushed the media-libs/openjpeg-fix-segfault branch from a718a76 to ebbb31f Compare March 30, 2022 20:49
@gentoo-repo-qa-bot
Copy link
Collaborator

Pull request CI report

Report generated at: 2022-03-30 20:52 UTC
Newest commit scanned: a718a76
Status: ✅ good

There are existing issues already. Please look into the report to make sure none of them affect the packages in question:
https://qa-reports.gentoo.org/output/gentoo-ci/7c798281dc/output.html

@gentoo-repo-qa-bot
Copy link
Collaborator

Pull request CI report

Report generated at: 2022-03-30 21:37 UTC
Newest commit scanned: ebbb31f
Status: ✅ good

There are existing issues already. Please look into the report to make sure none of them affect the packages in question:
https://qa-reports.gentoo.org/output/gentoo-ci/a52a4957fc/output.html

@thesamesam
Copy link
Member

Wasn't sure if it should be an -r2.

From the devmanual:

Examples of changes that warrant a new revision are:

  • adding a patch to fix a runtime issue,

Guess that answers that :-)

Reason being: we want it to be re-emerged so the patch can be applied. No revbump? No reason for package managed to re-emerge it.

@laumann laumann force-pushed the media-libs/openjpeg-fix-segfault branch from ebbb31f to 95ee66f Compare March 31, 2022 08:05
@laumann
media-libs/openjpeg: Fix segfault, security bug 832007
d735b3b 
See: uclouvain/openjpeg@0afbdcf
Bug: https://bugs.gentoo.org/832007
Signed-off-by: Thomas Bracht Laumann Jespersen <t@laumann.xyz>
@laumann laumann force-pushed the media-libs/openjpeg-fix-segfault branch from 95ee66f to d735b3b Compare March 31, 2022 08:09
@gentoo-repo-qa-bot
Copy link
Collaborator

Pull request CI report

Report generated at: 2022-03-31 08:22 UTC
Newest commit scanned: d735b3b
Status: ✅ good

There are existing issues already. Please look into the report to make sure none of them affect the packages in question:
https://qa-reports.gentoo.org/output/gentoo-ci/f60d0b7056/output.html

@gentoo-bot gentoo-bot closed this in 65217c3 Apr 7, 2022
@laumann laumann deleted the media-libs/openjpeg-fix-segfault branch April 18, 2022 13:01
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@thesamesam thesamesam thesamesam left review comments

Assignees
No one assigned
Labels
assigned PR successfully assigned to the package maintainer(s). bug linked Bug/Closes found in footer, and cross-linked with the PR. maintainer-needed There is at least one affected package with no maintainer. Review it if you can. security PR that needs to be merged promptly as it addresses security issues
Projects
None yet
Milestone
No milestone
4 participants
@laumann @gentoo-bot @gentoo-repo-qa-bot @thesamesam