--- openjpeg-1.3+dfsg.orig/debian/README.Debian +++ openjpeg-1.3+dfsg/debian/README.Debian @@ -0,0 +1,15 @@ +openjpeg (1.3+dfsg-1) unstable; urgency=low + + * The file j2kviewer/src/Exec.java does not have a DFSG compatible licence + and therefore has been removed from the Debian source package. As the + other files in j2kviewer/src/ depend on Exec.java, they too have been + removed. In addition upstream no longer supports these files and they have + been removed from upstream SVN and will not appear in any future upstream + releases. + + * The files /JavaOpenJPEG/java\ sources/org/openJpeg/* have been removed from + this release as they have a copyright that indicates a non DFSG free + licence. Upstream confirms that this is a mistake and it will be corrected + for the next release. + + -- Robin Cornelius Tue, 07 Mar 2008 09:04:15 +0000 --- openjpeg-1.3+dfsg.orig/debian/TODO +++ openjpeg-1.3+dfsg/debian/TODO @@ -0,0 +1,21 @@ +TODO for openjpeg: +------------------ + + * Reintroduce the files /JavaOpenJPEG/java\ sources/org/openJpeg/* to the + source package when upstream marks the copyright and licence correctly. + + * Build and distribute some of the additional tools including: + + mj2/ - motion tools for jpeg2000 files. + + jpwl/ - JPEG 2000 Wireless tools: encode JPEG2000 files to + withstand transmission errors. + + jp3d/ - Volumetric Imaging. + + JavaOpenJPEG/ - Java Encoder/Decoder interface for libopenjpeg. + Note, none of these tools are built by default in the standard OpenJPEG2000 + distribution. They are also not built from the top level makefile. Some of + the tools do not build cleanly from the source distribution and require + further work to be able to be included in the openjpeg-tools package. + + * Improve the handling of the .so symlinks, which are at the moment manually + created through debian/*.links, with hardcoded filenames. + + -- Robin Cornelius Tue, 04 Mar 2008 09:19:20 +0000 --- openjpeg-1.3+dfsg.orig/debian/changelog +++ openjpeg-1.3+dfsg/debian/changelog @@ -0,0 +1,233 @@ +openjpeg (1.3+dfsg-4.7ubuntu1) trusty; urgency=low + + * Merge from Debian unstable. Remaining changes: + - debian/control: Build-depend on libtiff-dev rather than libtiff4-dev. + + -- Logan Rosen Thu, 12 Dec 2013 15:28:18 -0500 + +openjpeg (1.3+dfsg-4.7) wheezy-security; urgency=high + + * Non-maintainer upload by the Security Team. + * Fix CVE-2013-6052: information leak. + * Fix CVE-2013-6045: multiple heap buffer overflows. + * Fix CVE-2013-6054: a heap buffer overflow. + * Fix CVE-2013-1447: multiple crashers. + + -- Raphael Geissert Sun, 01 Dec 2013 23:52:17 +0100 + +openjpeg (1.3+dfsg-4.6ubuntu2) saucy; urgency=low + + * Actually build-depend on libtiff-dev rather than libtiff4-dev. + + -- Logan Rosen Sun, 11 Aug 2013 21:59:12 -0400 + +openjpeg (1.3+dfsg-4.6ubuntu1) raring; urgency=low + + * Resynchronize on Debian, remaining change + * Build-depend on libtiff-dev rather than libtiff4-dev. + + -- Sebastien Bacher Tue, 06 Nov 2012 12:06:27 +0100 + +openjpeg (1.3+dfsg-4.6) unstable; urgency=low + + * Non-maintainer upload. + * Reduce debhelper dependency and debian/compat to 5 + - Don't include openjpeg-tools binaries in the debug package since + those files are not multiarch co-installable at this compat level. + * Fix cve-2012-3535: buffer overflow in JPEG2000 decoding (closes: #685970). + + -- Michael Gilbert Wed, 19 Sep 2012 00:34:07 -0400 + +openjpeg (1.3+dfsg-4.5) unstable; urgency=low + + * Non-maintainer upload. + * Build-depend on debhelper >= 9 to ensure a multiarch-capable version is + installed (closes: #681722). + + -- Michael Gilbert Sun, 15 Jul 2012 18:40:53 -0400 + +openjpeg (1.3+dfsg-4.4) unstable; urgency=high + + * Non-maintainer upload by the Security Team. + * Fix cve-2012-3358: buffer overflow in JPEG2000 image file handling. + + -- Michael Gilbert Wed, 11 Jul 2012 14:51:21 -0400 + +openjpeg (1.3+dfsg-4.3) unstable; urgency=low + + * Non-maintainer upload with permission of the maintainer. + * Set debian/compat to 9 (closes: #680887). + + -- Michael Gilbert Tue, 10 Jul 2012 09:32:36 -0400 + +openjpeg (1.3+dfsg-4.2) unstable; urgency=low + + * Non-maintainer upload. + * Enable multiarch (closes: #675773). + + -- Michael Gilbert Mon, 02 Jul 2012 16:13:27 -0400 + +openjpeg (1.3+dfsg-4.1) unstable; urgency=high + + * Non-maintainer upload by the Security Team. + * Fix CVE-2009-5030: Avoid memory overrun (Closes: #672455). + + -- Luk Claes Sat, 23 Jun 2012 18:26:27 +0200 + +openjpeg (1.3+dfsg-4) unstable; urgency=high + + * Fix FTBFS on alpha for real (Closes: #483048). + - Update 32_fix_FTBFS_on_alpha.dpatch with the patch provided by + Arthur Loiret (thanks). + * Set urgency to “high” for RC bugfix. + + -- Cyril Brulebois Mon, 09 Mar 2009 16:59:02 +0100 + +openjpeg (1.3+dfsg-3) unstable; urgency=low + + * Fix FTBFS on alpha. Modify codec/dirent.h to not generate error if __linux__ + is defined as well as __alpha__. (Closes: #483048) + + -- Robin Cornelius Sun, 08 Jun 2008 06:48:24 +0200 + +openjpeg (1.3+dfsg-2) unstable; urgency=low + + * Fix FTBFS when “sudo” is used (which is the case on alpha, mips, and + mipsel buildds) by using chmod in a better way, recursively removing + -x and adding +X, so that sufficient permissions remain. + * debian/control: + - Add myself to Uploaders. + * debian/copyright: + - Update my mail address. + + -- Cyril Brulebois Tue, 29 Apr 2008 08:23:56 +0200 + +openjpeg (1.3+dfsg-1) unstable; urgency=low + + [ Cyril Brulebois ] + * Remove leftover codec/{image_to_j2k, j2k_to_image} in the clean + target (fix double-build failure) + * Indent list in the long description (per lintian) + * Replace XS-Vcs-{Svn, Browser} with Vcs-{Git, Browser} + * Nuke trailing whitespaces. + * Rephrase descriptions. + * Remove remaining trailing whitespaces. + * Use “$(MAKE) dist” instead of “make dist”. + * Move .PHONY and .SUFFIXES to the bottom. + * Use an include of dpatch.make instead of defining the rules + manually. + * Remove unneeded get-orig-source target and the mode line. + * Try and adjust permissions during “clean” since upstream ships + everything with a+x. + * Rename manpages to build-manpages, adjust .PHONY. + * Remove extra (no longer needed with recent dpkg-dev versions) -L and + -l flags from dh_shlibdeps. + * Nuke trailing whitespaces in copyright file. + * Document in debian/TODO that the hardcoded shared object symlinks is a + target for further uploads. + + [ Robin Cornelius ] + * Build codec tools against system libtiff headers. + * Remove non-dfsg files from package and edit copyright and README.Debian to + document changes and removals. + * Tidy up control file package descriptions and use soname in -dbg + package + * Do not keep upstream source in our git tree. We should use a get- + orig-source + * Apply Cyril Brulebois' suggestion for watchfile regex. + * Update debian/rules. Note get-orig-source needs further work. + * Change maintainer address to be the group address. + * Fix build warning, add final new line to debian/watch. + * Fix lintian warnings due to different email address in changelog and + Uploaders: + * In debian/rules clean target, use dh_clean to remove all files, + don't use rm + * Update debian/copyright as I have made changes in 2008. + * Switch from txt2man to perlpod: + - txt2man is buggy and generates incorrectly formatted man pages + (#416391). + - Remove it from Build-Depends. + - Use perlpod manpages (debian/*.pod). + - Generate manpages during the build through pod2man. + - Delete them through dh_clean. + + -- Robin Cornelius Wed, 19 Mar 2008 10:59:56 +0000 + +openjpeg (1.3-1) unstable; urgency=low + + * New upstream release + - Drop SVN merge patch as v1.3 contains all required fixes. + - Update debian/rules to match upstream changes to makefile. + - Stop ignoring make errors and rm errors in debian/rules. + - Fix build environment via dpatch to use -O0 or -O3 when requested, use -g + to build library and strip via dh_strip and build codecs against shared + not static library. + - Remove linkage against unused libs and add linkage against missing libs + (via dpatch). + - Change debian/copyright to take advantage of proposed format and ensure + all authors and licences are listed. + + -- Robin Cornelius Thu, 27 Dec 2007 16:25:12 +0000 + +openjpeg (1.2-3) unstable; urgency=low + + * Sync up to SVN 485. + Fixes major memory leak in last version. + * remove my so-name damage from last version and revert to original. + + -- Robin Cornelius Tue, 27 Nov 2007 23:38:38 +0000 + +openjpeg (1.2-2) unstable; urgency=low + + * Updated to SVN version 465 as there are important bug fixes for 64 bit + systems as well as performance gains. Update is done via patch only not + source update. See native changelog for full details of differences. + * Correctly set so name to so.2 with version 1.2.0.so.2. + * Rebased patch to strip debug symbols to work with SVN update patch. + + -- Robin Cornelius Tue, 13 Nov 2007 13:41:38 +0000 + +openjpeg (1.2-1) unstable; urgency=low + + * New upstream release + - Now soversion 2 + - Refresh debian patches + - Codecs now link to libtiff + * Update manpages for new codec options + + -- Paul "TBBle" Hampson Fri, 15 Jun 2007 00:48:29 +1000 + +openjpeg (1.1.1-4) unstable; urgency=low + + * Convert five lines of Makefile patching into dpatches + + -- Paul Hampson Thu, 29 Mar 2007 23:28:56 +1000 + +openjpeg (1.1.1-3) unstable; urgency=low + + * Remove build-depend on autotools-dev, there's no autotools use here + * Rename libopenjpeg-tools to openjpeg-tools + * Correctly install libopenjpeg.so.1.0.0 rather than libopenjpeg-1.0.0.so + * Make libopenjpeg1-dbg depend on the same-source version of libopenjpeg1 + * Create manpages for image_to_j2k, j2k_to_image and index_create + * Update debian/copyright with full details of all contained licenses and + copyrights + - Thanks again to Romain Beauxis for reviewing + + -- Paul Hampson Wed, 28 Mar 2007 20:01:10 +1000 + +openjpeg (1.1.1-2) unstable; urgency=low + + * Build-depend on autotools-dev to keep config.{sub,guess} up to date + * Correct description of libopenjpeg-tools + * Don't try to build so file without -fPIC + * Reformat copyright file to not conflate license and copyright statement + - Thanks to Romain Beauxis for reviewing + + -- Paul Hampson Wed, 21 Mar 2007 19:42:08 +1100 + +openjpeg (1.1.1-1) unstable; urgency=low + + * Initial release (Closes: #413987) + + -- Paul Hampson Tue, 20 Mar 2007 12:52:33 +1100 --- openjpeg-1.3+dfsg.orig/debian/compat +++ openjpeg-1.3+dfsg/debian/compat @@ -0,0 +1 @@ +5 --- openjpeg-1.3+dfsg.orig/debian/control +++ openjpeg-1.3+dfsg/debian/control @@ -0,0 +1,55 @@ +Source: openjpeg +Priority: extra +Maintainer: Ubuntu Developers +XSBC-Original-Maintainer: Debian PhotoTools Maintainers +Uploaders: Robin Cornelius , Cyril Brulebois +Homepage: http://www.openjpeg.org +Build-Depends: debhelper (>= 5), dpatch (>= 2), libtiff-dev, dpkg-dev (>= 1.16.0) +Standards-Version: 3.7.3 +Section: libs +Vcs-Browser: http://git.debian.org/?p=pkg-phototools/openjpeg.git +Vcs-Git: git://git.debian.org/git/pkg-phototools/openjpeg.git + +Package: libopenjpeg-dev +Section: libdevel +Architecture: any +Depends: libopenjpeg2 (= ${binary:Version}) +Description: development files for libopenjpeg2, a JPEG 2000 image library + Libopenjpeg2 is a library for handling the JPEG 2000 image compression format. + JPEG 2000 is a wavelet-based image compression standard and permits progressive + transmission by pixel and resolution accuracy for progressive downloads of an + encoded image. It supports lossless and lossy compression, supports higher + compression than JPEG 1991, and has resilience to errors in the image. + +Package: libopenjpeg2 +Section: libs +Architecture: any +Multi-Arch: same +Pre-Depends: ${misc:Pre-Depends} +Depends: ${shlibs:Depends} +Description: JPEG 2000 image compression/decompression library + Libopenjpeg2 is a library for handling the JPEG 2000 image compression format. + +Package: libopenjpeg2-dbg +Section: libdevel +Architecture: any +Multi-Arch: same +Depends: libopenjpeg2 (= ${binary:Version}) +Description: debug symbols for libopenjpeg2, a JPEG 2000 image library + This package contains the debug symbols to match the runtime component of the + libopenjpeg2 library, allowing debugging of a program using libopenjpeg2 to + access debugging details within the library itself. + +Package: openjpeg-tools +Section: graphics +Architecture: any +Multi-Arch: foreign +Depends: ${shlibs:Depends} +Description: command-line tools using the JPEG 2000 library + This package provides with command-line tools allowing for conversions between + several formats: + - j2k_to_image: decodes j2k, jp2, and jpt files to pgm, ppm, pnm, + pgx, and bmp. + - image_to_j2k: encodes pnm, pgm, pgx, bmp, and ppm files to j2k, + and jp2. + - index_create: create jp2 with JPIP index file from a j2k file. --- openjpeg-1.3+dfsg.orig/debian/copyright +++ openjpeg-1.3+dfsg/debian/copyright @@ -0,0 +1,206 @@ +Original source may be found at: http://www.openjpeg.org/index.php?menu=download + +Files: * +Copyright: © 2001-2003, David Janssens + © 2002-2007, Communications and Remote Sensing Laboratory, Universite catholique de Louvain (UCL), Belgium + © 2002-2007, Professor Benoit Macq + © 2002-2003, Yannick Verschueren + © 2003-2007, Francois-Olivier Devaux and Antonin Descampe + © 2005, Herve Drolon, FreeImage Team + © 2005-2006, Dept. of Electronic and Information Engineering, Universita' degli Studi di Perugia, Italy + © 2006-2007, Parvatha Elangovan + © 2006, Mónica Díez García, Image Processing Laboratory, University of Valladolid, Spain + © 2007, Digital Signal Processing Laboratory, Università degli studi di Perugia (UPG), Italy + © 2007, Jonathan Ballard + © 2007, Callum Lerwick + © 2007, Patrick Piscaglia (Telemis) +Licence: BSD-2 + Redistribution and use in source and binary forms, with or without + modification, are permitted provided that the following conditions + are met: + 1. Redistributions of source code must retain the above copyright + notice, this list of conditions and the following disclaimer. + 2. Redistributions in binary form must reproduce the above copyright + notice, this list of conditions and the following disclaimer in the + documentation and/or other materials provided with the distribution. + + + THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS `AS IS' + AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE + LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR + CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF + SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS + INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN + CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE + POSSIBILITY OF SUCH DAMAGE. + + +Files: debian/* +Copyright: © 2007, Paul Hampson + © 2007-2008, Robin Cornelius + © 2008, Cyril Brulebois +Licence: other + This appears in Core Web Programming from Prentice Hall Publishers, and may be + freely used or adapted. + +Files: j2kviewer/src/* +Copyright: None specified +Licence: None + No licence is specified for these files. + +Files: JavaOpenJPEG/java\ sources/org/openJpeg/* +Copyright: © 1999-2007 Telemis SA. All Rights Reserved +Licence: None + No licence is specified for these files. + +Files: libs/libtiff/libtiff.lib +Copyright: Unknown +Licence: Unknown + This is a binary static library for win32 systems. As the file is not + required, a binary library and there is no clear copyright and/or licence it + has been removed from the Debian source package. + --- openjpeg-1.3+dfsg.orig/debian/image_to_j2k.pod +++ openjpeg-1.3+dfsg/debian/image_to_j2k.pod @@ -0,0 +1,171 @@ +=head1 NAME + +image_to_j2k - convert a PNM, PGM, PPM, PGX or BMP into a J2K or JP2 file + + +=head1 SYNOPSIS + +=for + TODO: Eventually introduce B<>'s and I<>'s in the synopsis + line, but that might be tedious for a non-obvious benefit. +=cut + +B -i source -o destination [-cinema2k] [-cinema4k] [-r ratios | -q psnr] [-n rescount] [-b blocksize] [-c precintsize] [-t tilesize] [-p progression] [-s subsampling] [-POC orders] [-SOP] [-EPH] [-M modeflags] [-x indexfile] [-ROI:quantize] [-d imageoffset] [-T tileoffset] [-I] +image_to_j2k -ImgDir sourcedir -OutFor extension [-cinema2k] [-cinema4k] [-r ratios | -q psnr] [-n rescount] [-b blocksize] [-c precintsize] [-t tilesize] [-p progression] [-s subsampling] [-POC orders] [-SOP] [-EPH] [-M modeflags] [-x indexfile] [-ROI:quantize] [-d imageoffset] [-T tileoffset] [-I] +image_to_j2k -h + + +=head1 DESCRIPTION + +image_to_j2k converts an image into a JPEG 2000-encoded image + + +=head1 OPTIONS + +=over + +=item B<-ImgDir> I + +Directory of PGM, PPM, PNM, PGX or BMP files to convert + +=item B<-OutFor> I + +J2K or JP2 output file format + +=item B<-i> I + +PNM, PGM or PPM file to convert + +=item B<-o> I + +J2K or JP2 file to output to + +=item B<-h> + +Display help information + +=item B<-cinema2k> I + +Digital Cinema 2K profile compliant codestream for 2K resolution. 24 or 48 fps. + +=item B<-cinema4k> [I] + +Digital Cinema 4K profile compliant codestream for 4K resolution. fps default is 24 + +=item B<-r> I + +compression factor for successive layers, comma seperated + +=item B<-q> I + +psnr for successive layers, comma seperated + +=item B<-n> I + +number of resolutions + +=item B<-b> I + +width and height of code block, comma-seperated + +=item B<-c> I + +width and height of precinct, comma-seperated + +=item B<-t> I + +width and height of tile, comma-seperated + +=item B<-p> I + +progression order, one of LRCP, RLCP, RPCL, PCRL, CPRL + +=item B<-s> I + +subsampling factor in X and Y, comma-seperated. Values larger than 2 can produce errors + +=item B<-POC> I + +progression order change + +=item B<-SOP> + +write SOP marker before each packet + +=item B<-EPH> + +write EPH marker after each header packet + +=item B<-M> I + +Sum of the values of the modes, as follows: + +=over + +=item 1. BYPASS (LAZY) + +=item 2. RESET + +=item 4. RESTART (TERMALL) + +=item 8. VSC + +=item 16. ERTERM (SEGTERM) + +=item 32. SEGMARK (SEGSYM) + +=back + +=for + TODO: a line bre3ak seems to be missing here. I don't know how to + handle this one. Please let me know when you've found how to + do it. :) +=cut + +=item B<-x> I + +create an index file + +=item B<-ROI:>I + +quantization indices upshifted for component c between 0 and 2 inclusive with an upshift of U between 0 and 37 inclusive + +=item B<-d> I + +X and Y offset of the origin of the image, comma-seperated + +=item B<-T> I + +X and Y offset of the origin of the tiles, comma-seperated + +=item B<-I> + +use the irreversible DWT 9-7 + +=back + + +=head1 EXAMPLE + +ratios: 20,10,1 Quality 1: compress 20x; Quality 2: compress 10x; Quality 3: lossless compression + +psnr: 30,40,50 + +quantize: c=0,U=25 + +orders: T1=0,0,1,5,3,CPRL Title 1: Resolution 0 start, component 0 start, layer 1 end, resolution 5 end, component 3 end, CPRL progression + + +=head1 AUTHOR + +Written by Paul Hampson based on the output of image_to_j2k -h as part of the Debian packaging of OpenJPEG + + +=head1 COPYRIGHT + +Copyright 2007 Paul Hampson + + +=head1 SEE ALSO + +L, L --- openjpeg-1.3+dfsg.orig/debian/index_create.pod +++ openjpeg-1.3+dfsg/debian/index_create.pod @@ -0,0 +1,59 @@ +=head1 NAME + +index_create - create a JPIP (JPEG 2000 Part 9) indexed JP2 file from a J2K file + + +=head1 SYNOPSIS + +B I I I + + +=head1 DESCRIPTION + +B creates a JPIP-indexed JP2 file from a J2K file + + +=head1 OPTIONS + +=over + +=item I + +J2K file to index + +=item I + +J2P file to write the indexed file to + +=item I + +Index version to use: + +=over + +=item 0. [faix] 4-byte and no AUX fields + +=item 1. [faix] 8-byte and no AUX fields + +=item 2. [faix] 4-byte and AUX fields + +=item 3. [faix] 8-byte and AUX fields + +=back + +=back + + +=head1 AUTHOR + +Written by Paul Hampson based on the output of index_create -h as part of the Debian packaging of OpenJPEG + + +=head1 COPYRIGHT + +Copyright 2007 Paul Hampson + + +=head1 SEE ALSO + +Annex I from JPIP-FCD-version 2 (SC 29 N5727), L --- openjpeg-1.3+dfsg.orig/debian/j2k_to_image.pod +++ openjpeg-1.3+dfsg/debian/j2k_to_image.pod @@ -0,0 +1,67 @@ +=head1 NAME + +j2k_to_image - convert a J2K, JP2 or JPT file into a PGM, PPM, PNM, PGX or BMP file + + +=head1 SYNOPSIS + +B B<-i> I B<-o> I [B<-r> I] [B<-l> I] + +B B<-ImgDir> I B<-OutFor> I [B<-r> I] [B<-l> I] + +B B<-h> + + +=head1 DESCRIPTION + +j2k_to_image decodes a JPEG 2000-encoded image into another image format + + +=head1 OPTIONS + +=over + +=item B<-ImgDir> I + +Directory of J2K, JP2 or JPT files to convert + +=item B<-OutFor> I + +PGM, PPM, PNM, PGX or BMP output file format + +=item B<-i> I + +J2K, JP2 or JPT file to convert + +=item B<-o> I + +PGM, PPM, PNM, PGX or BMP file to output to + +=item B<-h> + +Display help information + +=item B<-r> I + +Number of highest resolution levels to be discarded. Output resolution is effectively divided by 2^reduction + +=item B<-l> I + +Maximum count of quality layers to decode + +=back + + +=head1 AUTHOR + +Written by Paul Hampson based on the output of j2k_to_image -h as part of the Debian packaging of OpenJPEG + + +=head1 COPYRIGHT + +Copyright 2007 Paul Hampson + + +=head1 SEE ALSO + +L, L --- openjpeg-1.3+dfsg.orig/debian/jp2-thumbnailer +++ openjpeg-1.3+dfsg/debian/jp2-thumbnailer @@ -0,0 +1,72 @@ +#!/bin/bash + +# FILE: jp2-thumbnailer -- +# AUTHOR: Robin Cornelius +# DATE: 08 June 2008 +# +# Copyright (C) 2008 Robin Cornelius +# Copyright (C) 2003 W. Michael Petullo +# All rights reserved. +# +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation; either version 2 of the License, or +# (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program; if not, write to the Free Software +# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA + +OUT=/dev/stdout + +USAGE="[OPTION]... + + -h, -? print this message + -i path set the input path [ $IN ] + -o path set the output path [ $OUT ]" + +while :; + do case "$1" in + -h | "-?" ) + echo -e usage: ${0##*/} "$USAGE" >&2 + exit 1 ;; + -i ) + IN=$2 + shift ;; + -o ) + OUT=$2 + shift ;; + -?* ) + echo "${0##*/}: unrecognised option: $1" >&2 + exit 1 ;; + * ) + break ;; + esac + shift +done + +# We need to determine what type of jpeg2000 we can be either a codestream +# or an actual jpeg2000 file + +#j2k_to_image is a bit dumb and makes its decisions based on file extension +# we can help it here with file -i + +mime=`file -i $IN | sed "s/^.*: //g"` + +if [[ $mime = "image/jp2" ]] + then ext="jp2" +else + ext="j2k" +fi + +temp=`mktemp -p /tmp` +cp "$IN" "$temp.$ext" +/usr/bin/j2k_to_image -i "$temp.$ext" -o "$temp.bmp" +rm "$temp.$ext" +mv "$temp.bmp" "$OUT" + --- openjpeg-1.3+dfsg.orig/debian/libopenjpeg-dev.install +++ openjpeg-1.3+dfsg/debian/libopenjpeg-dev.install @@ -0,0 +1,3 @@ +usr/include +usr/lib/*/lib*.a +usr/lib/*/libopenjpeg.so --- openjpeg-1.3+dfsg.orig/debian/libopenjpeg2.install +++ openjpeg-1.3+dfsg/debian/libopenjpeg2.install @@ -0,0 +1,2 @@ +usr/lib/*/lib*.so.* +usr/lib/*/lib*-*.so --- openjpeg-1.3+dfsg.orig/debian/openjpeg-tools.gconf-defaults +++ openjpeg-1.3+dfsg/debian/openjpeg-tools.gconf-defaults @@ -0,0 +1,2 @@ +/desktop/gnome/thumbnailers/image@jp2/command jp2-thumbnailer -i %i -o %o +/desktop/gnome/thumbnailers/image@jp2/enable true --- openjpeg-1.3+dfsg.orig/debian/openjpeg-tools.install +++ openjpeg-1.3+dfsg/debian/openjpeg-tools.install @@ -0,0 +1,4 @@ +j2k_to_image /usr/bin/ +image_to_j2k /usr/bin/ +index_create /usr/bin/ +jp2-thumbnailer /usr/bin/ --- openjpeg-1.3+dfsg.orig/debian/openjpeg-tools.manpages +++ openjpeg-1.3+dfsg/debian/openjpeg-tools.manpages @@ -0,0 +1,3 @@ +debian/image_to_j2k.1 +debian/index_create.1 +debian/j2k_to_image.1 --- openjpeg-1.3+dfsg.orig/debian/patches/00list +++ openjpeg-1.3+dfsg/debian/patches/00list @@ -0,0 +1,27 @@ +30_fix_build_for_debian.dpatch +31_use_system_tiff_headers.dpatch +32_fix_FTBFS_on_alpha.dpatch +33_avoid_memory_overrun.dpatch +cve-2012-3358.dpatch +cve-2012-3535.dpatch + +# CVE-2013-6052: +shifting_too_much.dpatch +# CVE-2013-6045: +segfault0.dpatch +segfault1.dpatch +segfault2.dpatch +segfault5.dpatch +segfault7.dpatch +# CVE-2013-6054: +qcx_backport.dpatch +# CVE-2013-1447: +bloop1.dpatch +bloop2.dpatch +divbyzero.dpatch +null-ptr-deref.dpatch +segfault4.dpatch +segfault6.dpatch +segfault8.dpatch +segfault10.dpatch +uint_overflow.dpatch --- openjpeg-1.3+dfsg.orig/debian/patches/30_fix_build_for_debian.dpatch +++ openjpeg-1.3+dfsg/debian/patches/30_fix_build_for_debian.dpatch @@ -0,0 +1,68 @@ +#! /bin/sh /usr/share/dpatch/dpatch-run +## 30_fix_build_for_debian.dpatch by +## +## All lines beginning with `## DP:' are a description of the patch. +## DP: Dont apply the -s strip flag to the shared lib debian will do it for us +## DP: where necessary +## DP: Remove unnecessary linkage on lstdc++ and lm and add missing linkage for -lm + +@DPATCH@ + +Index: ./Makefile +=================================================================== +--- ./Makefile (revision 96) ++++ ./Makefile (working copy) +@@ -18,8 +18,7 @@ + # Converts cr/lf to just lf + DOS2UNIX = dos2unix + +-COMPILERFLAGS = -Wall -O3 -ffast-math -std=c99 -fPIC +-LIBRARIES = -lstdc++ ++COMPILERFLAGS = -Wall -O3 -ffast-math -std=c99 -fPIC -g $(EXTRA_CFLAGS) + + MODULES = $(SRCS:.c=.o) + CFLAGS = $(COMPILERFLAGS) $(INCLUDE) +@@ -54,7 +53,7 @@ + $(AR) r $@ $(MODULES) + + $(SHAREDLIB): $(MODULES) +- $(CC) -s -shared -Wl,-soname,$(LIBNAME) -o $@ $(MODULES) $(LIBRARIES) ++ $(CC) -shared -Wl,-soname,$(LIBNAME) -o $@ $(MODULES) -lm + + install: OpenJPEG + install -d '$(DESTDIR)$(INSTALL_LIBDIR)' '$(DESTDIR)$(INSTALL_INCLUDE)' + +Index: ./indexer_JPIP/Makefile +=================================================================== +--- ./indexer_JPIP/Makefile (revision 95) ++++ ./indexer_JPIP/Makefile (working copy) +@@ -1,7 +1,6 @@ + CC = gcc + +-LDFLAGS = -lm +-CFLAGS = -Wall ++CFLAGS = -Wall $(EXTRA_CFLAGS) + + all: index_create + +Index: ./codec/Makefile +=================================================================== +--- ./codec/Makefile (revision 96) ++++ ./codec/Makefile (working copy) +@@ -1,13 +1,13 @@ + # Makefile for the main OpenJPEG codecs: j2k_to_image and image_to_j2k + +-CFLAGS = -O3 -lstdc++ # -g -p -pg ++CFLAGS = $(EXTRA_CFLAGS) # -g -p -pg + + all: j2k_to_image image_to_j2k + +-j2k_to_image: j2k_to_image.c ../libopenjpeg.a ++j2k_to_image: j2k_to_image.c + gcc $(CFLAGS) compat/getopt.c index.c convert.c j2k_to_image.c -o j2k_to_image -L.. -lopenjpeg -I ../libopenjpeg/ -lm -ltiff + +-image_to_j2k: image_to_j2k.c ../libopenjpeg.a ++image_to_j2k: image_to_j2k.c + gcc $(CFLAGS) compat/getopt.c index.c convert.c image_to_j2k.c -o image_to_j2k -L.. -lopenjpeg -I ../libopenjpeg/ -lm -ltiff + + clean: --- openjpeg-1.3+dfsg.orig/debian/patches/31_use_system_tiff_headers.dpatch +++ openjpeg-1.3+dfsg/debian/patches/31_use_system_tiff_headers.dpatch @@ -0,0 +1,21 @@ +#! /bin/sh /usr/share/dpatch/dpatch-run +## Use system tiff headers.dpatch by Robin Cornelius +## +## All lines beginning with `## DP:' are a description of the patch. +## DP: Use system tiff headers + +@DPATCH@ + +Index: ./codec/convert.c +=================================================================== +--- ./codec/convert.c (revision 507) ++++ ./codec/convert.c (working copy) +@@ -33,7 +33,7 @@ + #include + #include + #include "openjpeg.h" +-#include "../libs/libtiff/tiffio.h" ++#include + #include "convert.h" + + /* --- openjpeg-1.3+dfsg.orig/debian/patches/32_fix_FTBFS_on_alpha.dpatch +++ openjpeg-1.3+dfsg/debian/patches/32_fix_FTBFS_on_alpha.dpatch @@ -0,0 +1,21 @@ +#! /bin/sh /usr/share/dpatch/dpatch-run +## Fix FTBFS on alpha platforms.dpatch by Arthur Loiret +## +## All lines beginning with `## DP:' are a description of the patch. +## DP: Don't abort compilation when alpha is detected, if linux is +## DP: detected as well. In this case, that's not Alpha OSF1, but +## DP: Linux on Alpha, which has dirent.h. + +@DPATCH@ + +--- a/codec/dirent.h ++++ b/codec/dirent.h +@@ -118,7 +118,7 @@ + # define HAVE_SYS_DIR_H + # elif defined(__hpux) /* HP-UX */ + # define HAVE_DIRENT_H +-# elif defined(__alpha) || defined(__alpha__) /* Alpha OSF1 */ ++# elif defined(__osf__) || defined(__digital__) /* Alpha OSF1 */ + # error "not implemented" + # elif defined(__sgi) /* Silicon Graphics */ + # define HAVE_DIRENT_H diff --git a/codec/dirent.h b/codec/dirent.h --- openjpeg-1.3+dfsg.orig/debian/patches/33_avoid_memory_overrun.dpatch +++ openjpeg-1.3+dfsg/debian/patches/33_avoid_memory_overrun.dpatch @@ -0,0 +1,23 @@ +#! /bin/sh /usr/share/dpatch/dpatch-run +## 33_avoid_memory_overrun.dpatch by +## +## All lines beginning with `## DP:' are a description of the patch. +## DP: Dont apply the -s strip flag to the shared lib debian will do it for us +## DP: where necessary +## DP: Remove unnecessary linkage on lstdc++ and lm and add missing linkage for -lm + +@DPATCH@ + +Index: ./libopenjpeg/tcd.c +=================================================================== +--- ./libopenjpeg/tcd.c ++++ ./libopenjpeg/tcd.c +@@ -332,7 +332,7 @@ + cblk->y0 = int_max(cblkystart, prc->y0); + cblk->x1 = int_min(cblkxend, prc->x1); + cblk->y1 = int_min(cblkyend, prc->y1); +- cblk->data = (unsigned char*) opj_calloc(8192+2, sizeof(unsigned char)); ++ cblk->data = (unsigned char*) opj_calloc(9728+2, sizeof(unsigned char)); + /* FIXME: mqc_init_enc and mqc_byteout underrun the buffer if we don't do this. Why? */ + cblk->data += 2; + cblk->layers = (opj_tcd_layer_t*) opj_calloc(100, sizeof(opj_tcd_layer_t)); --- openjpeg-1.3+dfsg.orig/debian/patches/bloop1.dpatch +++ openjpeg-1.3+dfsg/debian/patches/bloop1.dpatch @@ -0,0 +1,21 @@ +#!/bin/sh /usr/share/dpatch/dpatch-run + +@DPATCH@ +Index: openjpeg-1.5.1/libopenjpeg/jp2.c +=================================================================== +--- openjpeg-1.5.1.orig/libopenjpeg/jp2.c 2013-01-01 01:01:01.000000000 +0000 ++++ openjpeg-1.5.1/libopenjpeg/jp2.c 2013-01-01 01:01:01.000000000 +0000 +@@ -861,6 +861,13 @@ static opj_bool jp2_read_ftyp(opj_jp2_t + jp2->numcl = (box.length - 16) / 4; + jp2->cl = (unsigned int *) opj_malloc(jp2->numcl * sizeof(unsigned int)); + ++ if (cio_numbytesleft(cio) < ((int)jp2->numcl * 4)) { ++ opj_event_msg(cinfo, EVT_ERROR, "Not enough bytes in FTYP Box " ++ "(expected %d, but only %d left)\n", ++ ((int)jp2->numcl * 4), cio_numbytesleft(cio)); ++ return false; ++ } ++ + for (i = 0; i < (int)jp2->numcl; i++) { + jp2->cl[i] = cio_read(cio, 4); /* CLi */ + } --- openjpeg-1.3+dfsg.orig/debian/patches/bloop2.dpatch +++ openjpeg-1.3+dfsg/debian/patches/bloop2.dpatch @@ -0,0 +1,61 @@ +#!/bin/sh /usr/share/dpatch/dpatch-run + +@DPATCH@ +Index: openjpeg-1.5.1/libopenjpeg/cio.c +=================================================================== +--- openjpeg-1.5.1.orig/libopenjpeg/cio.c 2013-01-01 01:01:01.000000000 +0000 ++++ openjpeg-1.5.1/libopenjpeg/cio.c 2013-01-01 01:01:01.000000000 +0000 +@@ -107,6 +107,11 @@ int OPJ_CALLCONV cio_tell(opj_cio_t *cio + * pos : position, in number of bytes, from the beginning of the stream + */ + void OPJ_CALLCONV cio_seek(opj_cio_t *cio, int pos) { ++ if ((cio->start + pos) > cio->end) { ++ opj_event_msg(cio->cinfo, EVT_ERROR, "error: trying to seek past the end of the codestream (start = %d, change = %d, end = %d\n", cio->start, pos, cio->end); ++ cio->bp = cio->end; ++ return; ++ } + cio->bp = cio->start + pos; + } + +@@ -114,6 +119,7 @@ void OPJ_CALLCONV cio_seek(opj_cio_t *ci + * Number of bytes left before the end of the stream. + */ + int cio_numbytesleft(opj_cio_t *cio) { ++ assert((cio->end - cio->bp) >= 0); + return cio->end - cio->bp; + } + +@@ -191,6 +197,11 @@ unsigned int cio_read(opj_cio_t *cio, in + */ + void cio_skip(opj_cio_t *cio, int n) { + assert((cio->bp + n) >= cio->bp); ++ if (((cio->bp + n) < cio->start) || ((cio->bp + n) > cio->end)) { ++ opj_event_msg(cio->cinfo, EVT_ERROR, "error: trying to skip bytes past the end of the codestream (current = %d, change = %d, end = %d\n", cio->bp, n, cio->end); ++ cio->bp = cio->end; ++ return; ++ } + cio->bp += n; + } + +Index: openjpeg-1.5.1/libopenjpeg/jp2.c +=================================================================== +--- openjpeg-1.5.1.orig/libopenjpeg/jp2.c 2013-01-01 01:01:01.000000000 +0000 ++++ openjpeg-1.5.1/libopenjpeg/jp2.c 2013-01-01 01:01:01.000000000 +0000 +@@ -339,6 +339,17 @@ + if (!jp2_read_ihdr(jp2, cio)) + return false; + ++ { ++ int curpos = cio_tell(cio); ++ cio_seek(cio, box.init_pos); ++ cio_skip(cio, box.length); ++ if ((cio_tell(cio) - box.init_pos) != box.length) { ++ opj_event_msg(cinfo, EVT_ERROR, "Box size exceeds size of codestream (expected: %d, real: %d)\n", box.length, (cio_tell(cio) - box.init_pos)); ++ return false; ++ } ++ cio_seek(cio, curpos); ++ } ++ + if (jp2->bpc == 255) { + if (!jp2_read_bpcc(jp2, cio)) + return false; --- openjpeg-1.3+dfsg.orig/debian/patches/cve-2012-3358.dpatch +++ openjpeg-1.3+dfsg/debian/patches/cve-2012-3358.dpatch @@ -0,0 +1,60 @@ +#! /bin/sh /usr/share/dpatch/dpatch-run +## cve-2012-3358.dpatch by Michael Gilbert +## +## All lines beginning with `## DP:' are a description of the patch. +## DP: fix buffer overflow in JPEG2000 file handling. +## DP: https://bugzilla.redhat.com/show_bug.cgi?id=835767 + +@DPATCH@ +diff -urNad '--exclude=CVS' '--exclude=.svn' '--exclude=.git' '--exclude=.arch' '--exclude=.hg' '--exclude=_darcs' '--exclude=.bzr' openjpeg-1.3+dfsg~/libopenjpeg/j2k.c openjpeg-1.3+dfsg/libopenjpeg/j2k.c +--- openjpeg-1.3+dfsg~/libopenjpeg/j2k.c 2012-07-11 16:04:38.000000000 -0400 ++++ openjpeg-1.3+dfsg/libopenjpeg/j2k.c 2012-07-11 16:06:07.000000000 -0400 +@@ -1282,7 +1282,7 @@ + static int backup_tileno = 0; + + /* tileno is negative or larger than the number of tiles!!! */ +- if ((tileno < 0) || (tileno > (cp->tw * cp->th))) { ++ if ((tileno < 0) || (tileno >= (cp->tw * cp->th))) { + opj_event_msg(j2k->cinfo, EVT_ERROR, + "JPWL: bad tile number (%d out of a maximum of %d)\n", + tileno, (cp->tw * cp->th)); +@@ -1299,8 +1299,18 @@ + + /* keep your private count of tiles */ + backup_tileno++; +- }; ++ } ++ else + #endif /* USE_JPWL */ ++ { ++ /* tileno is negative or larger than the number of tiles!!! */ ++ if ((tileno < 0) || (tileno >= (cp->tw * cp->th))) { ++ opj_event_msg(j2k->cinfo, EVT_ERROR, ++ "JPWL: bad tile number (%d out of a maximum of %d)\n", ++ tileno, (cp->tw * cp->th)); ++ return; ++ } ++ } + + if (cp->tileno_size == 0) { + cp->tileno[cp->tileno_size] = tileno; +@@ -1338,8 +1348,18 @@ + totlen); + } + +- }; ++ } ++ else + #endif /* USE_JPWL */ ++ { ++ /* totlen is negative or larger than the bytes left!!! */ ++ if ((totlen < 0) || (totlen > (cio_numbytesleft(cio) + 8))) { ++ opj_event_msg(j2k->cinfo, EVT_ERROR, ++ "JPWL: bad tile byte size (%d bytes against %d bytes left)\n", ++ totlen, cio_numbytesleft(cio) + 8); ++ return; ++ } ++ } + + if (!totlen) + totlen = cio_numbytesleft(cio) + 8; --- openjpeg-1.3+dfsg.orig/debian/patches/cve-2012-3535.dpatch +++ openjpeg-1.3+dfsg/debian/patches/cve-2012-3535.dpatch @@ -0,0 +1,35 @@ +#! /bin/sh /usr/share/dpatch/dpatch-run +## cve-2012-3535.dpatch by Michael Gilbert +## +## All lines beginning with `## DP:' are a description of the patch. +## DP: No description. + +@DPATCH@ +diff -urNad '--exclude=CVS' '--exclude=.svn' '--exclude=.git' '--exclude=.arch' '--exclude=.hg' '--exclude=_darcs' '--exclude=.bzr' openjpeg-1.3+dfsg~/libopenjpeg/j2k.c openjpeg-1.3+dfsg/libopenjpeg/j2k.c +--- openjpeg-1.3+dfsg~/libopenjpeg/j2k.c 2012-10-13 17:39:04.000000000 -0400 ++++ openjpeg-1.3+dfsg/libopenjpeg/j2k.c 2012-10-13 17:39:05.000000000 -0400 +@@ -719,6 +719,11 @@ + "of resolutions of this component\nModify the cp_reduce parameter.\n\n", compno); + j2k->state |= J2K_STATE_ERR; + } ++ if( tccp->numresolutions > J2K_MAXRLVLS ) { ++ opj_event_msg(j2k->cinfo, EVT_ERROR, "Error decoding, truncating.\n"); ++ j2k->state |= J2K_STATE_ERR; ++ tccp->numresolutions = J2K_MAXRLVLS; ++ } + + tccp->cblkw = cio_read(cio, 1) + 2; /* SPcox (E) */ + tccp->cblkh = cio_read(cio, 1) + 2; /* SPcox (F) */ +diff -urNad '--exclude=CVS' '--exclude=.svn' '--exclude=.git' '--exclude=.arch' '--exclude=.hg' '--exclude=_darcs' '--exclude=.bzr' openjpeg-1.3+dfsg~/libopenjpeg/t2.c openjpeg-1.3+dfsg/libopenjpeg/t2.c +--- openjpeg-1.3+dfsg~/libopenjpeg/t2.c 2012-10-13 17:38:59.000000000 -0400 ++++ openjpeg-1.3+dfsg/libopenjpeg/t2.c 2012-10-13 17:40:46.053362086 -0400 +@@ -566,6 +566,9 @@ + #endif /* USE_JPWL */ + + cblk->data = (unsigned char*) opj_realloc(cblk->data, (cblk->len + seg->newlen) * sizeof(unsigned char*)); ++ if ((cblk->len + seg->newlen) > 8192) { ++ return -999; ++ } + memcpy(cblk->data + cblk->len, c, seg->newlen); + if (seg->numpasses == 0) { + seg->data = &cblk->data; --- openjpeg-1.3+dfsg.orig/debian/patches/divbyzero.dpatch +++ openjpeg-1.3+dfsg/debian/patches/divbyzero.dpatch @@ -0,0 +1,48 @@ +#!/bin/sh /usr/share/dpatch/dpatch-run + +@DPATCH@ +The code from the first chunk is optimised away when using -O > 0 + +Index: openjpeg-1.5.1/libopenjpeg/j2k.c +=================================================================== +--- openjpeg-1.5.1.orig/libopenjpeg/j2k.c 2013-01-01 01:01:01.000000000 +0000 ++++ openjpeg-1.5.1/libopenjpeg/j2k.c 2013-01-01 01:01:01.000000000 +0000 +@@ -470,7 +470,7 @@ static void j2k_read_siz(opj_j2k_t *j2k) + + image->comps = (opj_image_comp_t*) opj_calloc(image->numcomps, sizeof(opj_image_comp_t)); + for (i = 0; i < image->numcomps; i++) { +- int tmp, w, h; ++ int tmp/*, w, h*/; + tmp = cio_read(cio, 1); /* Ssiz_i */ + image->comps[i].prec = (tmp & 0x7f) + 1; + image->comps[i].sgnd = tmp >> 7; +@@ -507,8 +507,8 @@ static void j2k_read_siz(opj_j2k_t *j2k) + #endif /* USE_JPWL */ + + /* TODO: unused ? */ +- w = int_ceildiv(image->x1 - image->x0, image->comps[i].dx); +- h = int_ceildiv(image->y1 - image->y0, image->comps[i].dy); ++/* w = int_ceildiv(image->x1 - image->x0, image->comps[i].dx); ++ h = int_ceildiv(image->y1 - image->y0, image->comps[i].dy);*/ + + image->comps[i].resno_decoded = 0; /* number of resolution decoded */ + image->comps[i].factor = cp->reduce; /* reducing factor per component */ +Index: openjpeg-1.5.1/libopenjpeg/j2k.c +=================================================================== +--- openjpeg-1.5.1.orig/libopenjpeg/j2k.c 2013-01-01 01:01:01.000000000 +0000 ++++ openjpeg-1.5.1/libopenjpeg/j2k.c 2013-01-01 01:01:01.000000000 +0000 +@@ -505,6 +505,14 @@ static void j2k_read_siz(opj_j2k_t *j2k) + + } + #endif /* USE_JPWL */ ++ { ++ if (!(image->comps[i].dx * image->comps[i].dy)) { ++ opj_event_msg(j2k->cinfo, EVT_ERROR, ++ "JPWL: bad XRsiz_%d/YRsiz_%d (%d x %d)\n", ++ i, i, image->comps[i].dx, image->comps[i].dy); ++ return; ++ } ++ } + + /* TODO: unused ? */ + /* w = int_ceildiv(image->x1 - image->x0, image->comps[i].dx); --- openjpeg-1.3+dfsg.orig/debian/patches/null-ptr-deref.dpatch +++ openjpeg-1.3+dfsg/debian/patches/null-ptr-deref.dpatch @@ -0,0 +1,31 @@ +#!/bin/sh /usr/share/dpatch/dpatch-run + +@DPATCH@ +Index: openjpeg-1.5.1/libopenjpeg/t2.c +=================================================================== +--- openjpeg-1.5.1.orig/libopenjpeg/t2.c 2012-09-13 09:58:39.000000000 +0000 ++++ openjpeg-1.5.1/libopenjpeg/t2.c 2013-01-01 01:01:01.000000000 +0000 +@@ -340,6 +340,11 @@ static int t2_decode_packet(opj_t2_t* t2 + int precno = pi->precno; /* precinct value */ + int layno = pi->layno; /* quality layer value */ + ++ if (!&(tile->comps[compno])) { ++ opj_event_msg(t2->cinfo, EVT_ERROR, "Trying to decode tile with no components!\n"); ++ return -999; ++ } ++ + opj_tcd_resolution_t* res = &tile->comps[compno].resolutions[resno]; + + unsigned char *hd = NULL; +Index: openjpeg-1.5.1/libopenjpeg/tcd.c +=================================================================== +--- openjpeg-1.5.1.orig/libopenjpeg/tcd.c 2013-01-01 01:01:01.000000000 +0000 ++++ openjpeg-1.5.1/libopenjpeg/tcd.c 2013-01-01 01:01:01.000000000 +0000 +@@ -1381,6 +1381,7 @@ opj_bool tcd_decode_tile(opj_tcd_t *tcd, + if (l == -999) { + eof = 1; + opj_event_msg(tcd->cinfo, EVT_ERROR, "tcd_decode: incomplete bistream\n"); ++ return false; + } + + /*------------------TIER1-----------------*/ --- openjpeg-1.3+dfsg.orig/debian/patches/qcx_backport.dpatch +++ openjpeg-1.3+dfsg/debian/patches/qcx_backport.dpatch @@ -0,0 +1,34 @@ +#!/bin/sh /usr/share/dpatch/dpatch-run + +@DPATCH@ +Index: openjpeg-1.5.1/libopenjpeg/j2k.c +=================================================================== +--- openjpeg-1.5.1.orig/libopenjpeg/j2k.c 2013-01-01 01:01:01.000000000 +0000 ++++ openjpeg-1.5.1/libopenjpeg/j2k.c 2013-01-01 01:01:01.000000000 +0000 +@@ -920,6 +920,13 @@ static void j2k_read_qcx(opj_j2k_t *j2k, + }; + + }; ++#else ++ /* We check whether there are too many subbands */ ++ if ((numbands < 0) || (numbands >= J2K_MAXBANDS)) { ++ opj_event_msg(j2k->cinfo, EVT_WARNING , ++ "bad number of subbands in Sqcx (%d) regarding to J2K_MAXBANDS (%d) \n" ++ "- limiting number of bands to J2K_MAXBANDS and try to move to the next markers\n", numbands, J2K_MAXBANDS); ++ } + #endif /* USE_JPWL */ + + for (bandno = 0; bandno < numbands; bandno++) { +@@ -932,8 +939,10 @@ static void j2k_read_qcx(opj_j2k_t *j2k, + expn = tmp >> 11; + mant = tmp & 0x7ff; + } +- tccp->stepsizes[bandno].expn = expn; +- tccp->stepsizes[bandno].mant = mant; ++ if (bandno < J2K_MAXBANDS) { ++ tccp->stepsizes[bandno].expn = expn; ++ tccp->stepsizes[bandno].mant = mant; ++ } + } + + /* Add Antonin : if scalar_derived -> compute other stepsizes */ --- openjpeg-1.3+dfsg.orig/debian/patches/segfault0.dpatch +++ openjpeg-1.3+dfsg/debian/patches/segfault0.dpatch @@ -0,0 +1,25 @@ +#!/bin/sh /usr/share/dpatch/dpatch-run + +@DPATCH@ +Index: openjpeg-1.5.1/libopenjpeg/j2k.c +=================================================================== +--- openjpeg-1.5.1.orig/libopenjpeg/j2k.c 2013-01-01 01:01:01.000000000 +0000 ++++ openjpeg-1.5.1/libopenjpeg/j2k.c 2013-01-01 01:01:01.000000000 +0000 +@@ -1067,6 +1067,17 @@ static void j2k_read_poc(opj_j2k_t *j2k) + tcp->POC = 1; + len = cio_read(cio, 2); /* Lpoc */ + numpchgs = (len - 2) / (5 + 2 * (numcomps <= 256 ? 1 : 2)); ++ ++ { ++ /* old_poc < 0 "just in case" */ ++ int maxpocs = (sizeof(tcp->pocs)/sizeof(tcp->pocs[0])); ++ if ((old_poc < 0) || ((numpchgs + old_poc) >= maxpocs)) { ++ opj_event_msg(j2k->cinfo, EVT_ERROR, ++ "JPWL: bad number of progression order changes (%d out of a maximum of %d)\n", ++ (numpchgs + old_poc), maxpocs); ++ return; ++ } ++ } + + for (i = old_poc; i < numpchgs + old_poc; i++) { + opj_poc_t *poc; --- openjpeg-1.3+dfsg.orig/debian/patches/segfault1.dpatch +++ openjpeg-1.3+dfsg/debian/patches/segfault1.dpatch @@ -0,0 +1,29 @@ +#!/bin/sh /usr/share/dpatch/dpatch-run + +@DPATCH@ +Index: openjpeg-1.5.1/libopenjpeg/tcd.c +=================================================================== +--- openjpeg-1.5.1.orig/libopenjpeg/tcd.c 2012-09-13 09:58:39.000000000 +0000 ++++ openjpeg-1.5.1/libopenjpeg/tcd.c 2013-01-01 01:01:01.000000000 +0000 +@@ -1364,10 +1364,19 @@ + + t1_time = opj_clock(); /* time needed to decode a tile */ + t1 = t1_create(tcd->cinfo); ++ int comp0size = (tile->comps[0].x1 - tile->comps[0].x0) * (tile->comps[0].y1 - tile->comps[0].y0); + for (compno = 0; compno < tile->numcomps; ++compno) { + opj_tcd_tilecomp_t* tilec = &tile->comps[compno]; +- /* The +3 is headroom required by the vectorized DWT */ +- tilec->data = (int*) opj_aligned_malloc((((tilec->x1 - tilec->x0) * (tilec->y1 - tilec->y0))+3) * sizeof(int)); ++ int compcsize = ((tilec->x1 - tilec->x0) * (tilec->y1 - tilec->y0)); ++ /* Later-on it is assumed that all components are of at least comp0size blocks */ ++ if (compcsize < comp0size) ++ { ++ opj_event_msg(tcd->cinfo, EVT_ERROR, "Error decoding tile. Component %d contains only %d blocks " ++ "while component 0 has %d blocks\n", compno, compcsize, comp0size); ++ return false; ++ } ++ /* The +3 is headroom required by the vectorized DWT */ ++ tilec->data = (int*) opj_aligned_malloc((comp0size+3) * sizeof(int)); + t1_decode_cblks(t1, tilec, &tcd->tcp->tccps[compno]); + } + t1_destroy(t1); --- openjpeg-1.3+dfsg.orig/debian/patches/segfault10.dpatch +++ openjpeg-1.3+dfsg/debian/patches/segfault10.dpatch @@ -0,0 +1,15 @@ +#!/bin/sh /usr/share/dpatch/dpatch-run + +@DPATCH@ +Index: openjpeg-1.5.1/libopenjpeg/jp2.c +=================================================================== +--- openjpeg-1.5.1.orig/libopenjpeg/jp2.c 2013-01-01 01:01:01.000000000 +0000 ++++ openjpeg-1.5.1/libopenjpeg/jp2.c 2013-01-01 01:01:01.000000000 +0000 +@@ -582,6 +582,7 @@ opj_image_t* jp2_decode(opj_jp2_t *jp2, + image = j2k_decode(jp2->j2k, cio, cstr_info); + if(!image) { + opj_event_msg(cinfo, EVT_ERROR, "Failed to decode J2K image\n"); ++ return NULL; + } + + /* Set Image Color Space */ --- openjpeg-1.3+dfsg.orig/debian/patches/segfault2.dpatch +++ openjpeg-1.3+dfsg/debian/patches/segfault2.dpatch @@ -0,0 +1,27 @@ +#!/bin/sh /usr/share/dpatch/dpatch-run + +@DPATCH@ +Index: openjpeg-1.5.1/libopenjpeg/j2k.c +=================================================================== +--- openjpeg-1.5.1.orig/libopenjpeg/j2k.c 2013-01-01 01:01:01.000000000 +0000 ++++ openjpeg-1.5.1/libopenjpeg/j2k.c 2013-01-01 01:01:01.000000000 +0000 +@@ -1004,8 +1004,18 @@ static void j2k_read_qcc(opj_j2k_t *j2k) + + /* keep your private count of tiles */ + backup_compno++; +- }; ++ } ++ else + #endif /* USE_JPWL */ ++ { ++ /* compno is negative or larger than the number of components!!! */ ++ if ((compno < 0) || (compno >= numcomp)) { ++ opj_event_msg(j2k->cinfo, EVT_ERROR, ++ "JPWL: bad component number in QCC (%d out of a maximum of %d)\n", ++ compno, numcomp); ++ return; ++ } ++ } + + j2k_read_qcx(j2k, compno, len - 2 - (numcomp <= 256 ? 1 : 2)); + } --- openjpeg-1.3+dfsg.orig/debian/patches/segfault4.dpatch +++ openjpeg-1.3+dfsg/debian/patches/segfault4.dpatch @@ -0,0 +1,15 @@ +#!/bin/sh + +dpatch_patch () +{ + sed -ri 's/ malloc\(/ calloc(1, /' libopenjpeg/opj_malloc.h +} + +dpatch_unpatch () +{ + sed -ri 's/ calloc\(1, / malloc(/' libopenjpeg/opj_malloc.h +} + +DPATCH_LIB_NO_DEFAULT=1 + +. /usr/share/dpatch/dpatch.lib.sh --- openjpeg-1.3+dfsg.orig/debian/patches/segfault5.dpatch +++ openjpeg-1.3+dfsg/debian/patches/segfault5.dpatch @@ -0,0 +1,20 @@ +#!/bin/sh /usr/share/dpatch/dpatch-run + +@DPATCH@ +Index: openjpeg-1.5.1/libopenjpeg/j2k.c +=================================================================== +--- openjpeg-1.5.1.orig/libopenjpeg/j2k.c 2013-01-01 01:01:01.000000000 +0000 ++++ openjpeg-1.5.1/libopenjpeg/j2k.c 2013-01-01 01:01:01.000000000 +0000 +@@ -823,6 +823,12 @@ static void j2k_read_coc(opj_j2k_t *j2k) + + len = cio_read(cio, 2); /* Lcoc */ + compno = cio_read(cio, image->numcomps <= 256 ? 1 : 2); /* Ccoc */ ++ if ((compno < 0) || (compno >= image->numcomps)) { ++ opj_event_msg(j2k->cinfo, EVT_ERROR , ++ "bad component number in COC (%d out of a maximum of %d)\n", ++ compno, image->numcomps); ++ return; ++ } + tcp->tccps[compno].csty = cio_read(cio, 1); /* Scoc */ + j2k_read_cox(j2k, compno); + } --- openjpeg-1.3+dfsg.orig/debian/patches/segfault6.dpatch +++ openjpeg-1.3+dfsg/debian/patches/segfault6.dpatch @@ -0,0 +1,19 @@ +#!/bin/sh /usr/share/dpatch/dpatch-run + +@DPATCH@ +Index: openjpeg-1.5.1/libopenjpeg/j2k.c +=================================================================== +--- openjpeg-1.5.1.orig/libopenjpeg/j2k.c 2013-01-01 01:01:01.000000000 +0000 ++++ openjpeg-1.5.1/libopenjpeg/j2k.c 2013-01-01 01:01:01.000000000 +0000 +@@ -1980,6 +1980,11 @@ opj_image_t* j2k_decode(opj_j2k_t *j2k, + } + if (j2k->state == J2K_STATE_NEOC) { + j2k_read_eoc(j2k); ++ /* Check one last time for errors during decoding before returning */ ++ if (j2k->state & J2K_STATE_ERR) { ++ opj_image_destroy(image); ++ return NULL; ++ } + } + + if (j2k->state != J2K_STATE_MT) { --- openjpeg-1.3+dfsg.orig/debian/patches/segfault7.dpatch +++ openjpeg-1.3+dfsg/debian/patches/segfault7.dpatch @@ -0,0 +1,22 @@ +#!/bin/sh /usr/share/dpatch/dpatch-run + +@DPATCH@ +Index: openjpeg-1.5.1/libopenjpeg/j2k.c +=================================================================== +--- openjpeg-1.5.1.orig/libopenjpeg/j2k.c 2013-01-01 01:01:01.000000000 +0000 ++++ openjpeg-1.5.1/libopenjpeg/j2k.c 2013-01-01 01:01:01.000000000 +0000 +@@ -1606,6 +1606,14 @@ static void j2k_read_rgn(opj_j2k_t *j2k) + }; + #endif /* USE_JPWL */ + ++ /* totlen is negative or larger than the bytes left!!! */ ++ if (compno >= numcomps) { ++ opj_event_msg(j2k->cinfo, EVT_ERROR, ++ "JPWL: bad component number in RGN (%d when there are only %d)\n", ++ compno, numcomps); ++ return; ++ } ++ + tcp->tccps[compno].roishift = cio_read(cio, 1); /* SPrgn */ + } + --- openjpeg-1.3+dfsg.orig/debian/patches/segfault8.dpatch +++ openjpeg-1.3+dfsg/debian/patches/segfault8.dpatch @@ -0,0 +1,20 @@ +#!/bin/sh /usr/share/dpatch/dpatch-run + +@DPATCH@ +diff -urp a/libopenjpeg/tcd.c b/libopenjpeg/tcd.c +--- a/libopenjpeg/tcd.c 2013-01-01 01:01:01.000000000 +0000 ++++ b/libopenjpeg/tcd.c 2013-01-01 01:01:01.000000000 +0000 +@@ -1360,6 +1360,13 @@ bool tcd_decode_tile(opj_tcd_t *tcd, uns + opj_event_msg(tcd->cinfo, EVT_ERROR, "tcd_decode: incomplete bistream\n"); + return false; + } ++ ++ /* The code below assumes that numcomps > 0 */ ++ if (tile->numcomps <= 0) { ++ opj_event_msg(tcd->cinfo, EVT_ERROR, "tcd_decode: tile has a zero or negative numcomps\n"); ++ return true; ++ } ++ + + /*------------------TIER1-----------------*/ + --- openjpeg-1.3+dfsg.orig/debian/patches/shifting_too_much.dpatch +++ openjpeg-1.3+dfsg/debian/patches/shifting_too_much.dpatch @@ -0,0 +1,58 @@ +#!/bin/sh /usr/share/dpatch/dpatch-run + +@DPATCH@ +Index: openjpeg-1.5.1/libopenjpeg/cio.c +=================================================================== +--- openjpeg-1.5.1.orig/libopenjpeg/cio.c 2012-09-13 09:58:39.000000000 +0000 ++++ openjpeg-1.5.1/libopenjpeg/cio.c 2013-01-01 01:01:01.000000000 +0000 +@@ -30,6 +30,7 @@ + */ + + #include "opj_includes.h" ++#include + + /* ----------------------------------------------------------------------- */ + +@@ -139,6 +140,11 @@ opj_bool cio_byteout(opj_cio_t *cio, uns + * Read a byte. + */ + unsigned char cio_bytein(opj_cio_t *cio) { ++ if (cio->bp < cio->start) { ++ opj_event_msg(cio->cinfo, EVT_ERROR, "read error: trying to read from before the start of the codestream (start = %d, current = %d, end = %d\n", cio->start, cio->bp, cio->end); ++ abort(); ++ return 0; ++ } + if (cio->bp >= cio->end) { + opj_event_msg(cio->cinfo, EVT_ERROR, "read error: passed the end of the codestream (start = %d, current = %d, end = %d\n", cio->start, cio->bp, cio->end); + return 0; +@@ -173,7 +179,7 @@ unsigned int cio_read(opj_cio_t *cio, in + unsigned int v; + v = 0; + for (i = n - 1; i >= 0; i--) { +- v += cio_bytein(cio) << (i << 3); ++ v += (unsigned int)cio_bytein(cio) << (i << 3); + } + return v; + } +@@ -184,6 +190,7 @@ unsigned int cio_read(opj_cio_t *cio, in + * n : number of bytes to skip + */ + void cio_skip(opj_cio_t *cio, int n) { ++ assert((cio->bp + n) >= cio->bp); + cio->bp += n; + } + +Index: openjpeg-1.5.1/libopenjpeg/jp2.c +=================================================================== +--- openjpeg-1.5.1.orig/libopenjpeg/jp2.c 2012-09-13 09:58:39.000000000 +0200 ++++ openjpeg-1.5.1/libopenjpeg/jp2.c 2013-01-01 01:01:01.000000000 +0000 +@@ -172,6 +172,9 @@ static opj_bool jp2_read_boxhdr(opj_comm + } + else if (box->length == 0) { + box->length = cio_numbytesleft(cio) + 8; ++ } else if (box->length < 0) { ++ opj_event_msg(cinfo, EVT_ERROR, "Invalid, negative, size of box\n"); ++ return false; + } + + return true; --- openjpeg-1.3+dfsg.orig/debian/patches/uint_overflow.dpatch +++ openjpeg-1.3+dfsg/debian/patches/uint_overflow.dpatch @@ -0,0 +1,18 @@ +#!/bin/sh /usr/share/dpatch/dpatch-run + +@DPATCH@ +Index: openjpeg-1.5.1/libopenjpeg/tcd.c +=================================================================== +--- openjpeg-1.5.1.orig/libopenjpeg/tcd.c 2013-01-01 01:01:01.000000000 +0000 ++++ openjpeg-1.5.1/libopenjpeg/tcd.c 2013-01-01 01:01:01.000000000 +0000 +@@ -669,8 +669,8 @@ void tcd_malloc_decode(opj_tcd_t *tcd, o + y1 = j == 0 ? tilec->y1 : int_max(y1, (unsigned int) tilec->y1); + } + +- w = int_ceildivpow2(x1 - x0, image->comps[i].factor); +- h = int_ceildivpow2(y1 - y0, image->comps[i].factor); ++ w = int_ceildivpow2((long)(x1) - (long)(x0), image->comps[i].factor); ++ h = int_ceildivpow2((long)(y1) - (long)(y0), image->comps[i].factor); + + image->comps[i].w = w; + image->comps[i].h = h; --- openjpeg-1.3+dfsg.orig/debian/rules +++ openjpeg-1.3+dfsg/debian/rules @@ -0,0 +1,103 @@ +#!/usr/bin/make -f + +include /usr/share/dpatch/dpatch.make + +# used as trailer in the generated manpages +UVERSION = $(shell dpkg-parsechangelog | perl -ne 'print "$$1\n" if (/^Version: (.*?)(?:\.dfsg)?\-.*?$$/)') + +DEB_HOST_MULTIARCH = $(shell dpkg-architecture -qDEB_HOST_MULTIARCH) + +ifneq (,$(findstring noopt,$(DEB_BUILD_OPTIONS))) + EXTRA_CFLAGS += -O0 +else + # Upstream default optimisation level + EXTRA_CFLAGS += -O3 +endif + +build: build-stamp +build-stamp: patch + dh_testdir + + # build all library targets + $(MAKE) OpenJPEG + $(MAKE) -C codec + $(MAKE) -C indexer_JPIP + + # build manpages + for i in debian/*.pod; do \ + pod2man --center 'OPENJPEG TOOLS' \ + --release $(UVERSION) \ + $$i $${i%%.pod}.1 ; \ + done + + touch $@ + +clean: realclean unpatch +realclean: + dh_testdir + dh_testroot + + # Remove execute permission since upstreams ships all files with +x + chmod -R a-x . + chmod -R a+X . + chmod a+x debian/rules + + [ ! -f codec/*.o ] || $(MAKE) -C codec clean + [ ! -f indexer_JPIP/*.o ] || $(MAKE) -C indexer_JPIP clean + + $(MAKE) clean + + # delete the manpages which were built from perlpod (not using *.1, + # in case a later file is added and not checked in) + for i in debian/*.pod; do \ + rm -f $${i%%.pod}.1; \ + done + + dh_clean indexer_JPIP/index_create codec/image_to_j2k codec/j2k_to_image libopenjpeg.a.nopic libopenjpeg.so build-stamp + +install: build + dh_testdir + dh_testroot + dh_clean -k + dh_installdirs + + $(MAKE) install DESTDIR=dist INSTALL_LIBDIR=\$${PREFIX}/lib/$(DEB_HOST_MULTIARCH) + cd dist/usr/lib/$(DEB_HOST_MULTIARCH) && ln -s libopenjpeg.so.2 libopenjpeg.so + + # The libraries and header file are in dist/ + # So we'll dump the binaries there too + cp codec/j2k_to_image codec/image_to_j2k dist/ + cp indexer_JPIP/index_create dist/ + cp debian/jp2-thumbnailer dist/ + +binary-indep: build install +# We have nothing to do by default. + +binary-arch: build install + dh_testdir + dh_testroot + dh_installchangelogs ChangeLog + dh_installdocs + dh_installexamples + dh_install --sourcedir=dist/ + dh_installman + dh_gconf + dh_link + dh_strip --dbg-package=libopenjpeg2-dbg + + # remove arch-specific tools from debug package + rm -rf debian/libopenjpeg2-dbg/usr/lib/debug/usr/bin + + dh_compress + dh_fixperms + dh_makeshlibs + dh_installdeb + dh_shlibdeps + dh_gencontrol + dh_md5sums + dh_builddeb + +binary: binary-indep binary-arch + +.PHONY: build clean realclean binary-indep binary-arch binary install +.SUFFIXES: .1 .help --- openjpeg-1.3+dfsg.orig/debian/watch +++ openjpeg-1.3+dfsg/debian/watch @@ -0,0 +1,4 @@ +# Compulsory line, this is a version 3 file +version=3 +opts=uversionmangle=s/_/./g,dversionmangle=s/\+dfsg// http://www.openjpeg.org/index.php?menu=download openjpeg_v([0-9_.]+)\.tar\.gz +