diff --git a/Bugfix-for-CVE-2024-31744.patch b/Bugfix-for-CVE-2024-31744.patch new file mode 100644 index 0000000000000000000000000000000000000000..e5f1827b70c1baee575ec2d1a3c06c4bea737a9b --- /dev/null +++ b/Bugfix-for-CVE-2024-31744.patch @@ -0,0 +1,27 @@ +From 3ae57e936a335ef809ba5579cc3d9e0cc3c80534 Mon Sep 17 00:00:00 2001 +From: rpm-build +Date: Tue, 10 Sep 2024 14:25:07 +0800 +Subject: [PATCH] Bugfix for CVE-2024-31744 + +--- + src/libjasper/jpc/jpc_dec.c | 4 +++- + 1 file changed, 3 insertions(+), 1 deletion(-) + +diff --git a/src/libjasper/jpc/jpc_dec.c b/src/libjasper/jpc/jpc_dec.c +index e76aa40..a0390fa 100644 +--- a/src/libjasper/jpc/jpc_dec.c ++++ b/src/libjasper/jpc/jpc_dec.c +@@ -611,7 +611,9 @@ static int jpc_dec_process_sod(jpc_dec_t *dec, jpc_ms_t *ms) + if (dec->pkthdrstreams) { + /* Get the stream containing the packet header data for this + tile-part. */ +- if (!(tile->pkthdrstream = jpc_streamlist_remove(dec->pkthdrstreams, 0))) { ++ if (jpc_streamlist_numstreams(dec->pkthdrstreams) != 0 && ++ !(tile->pkthdrstream = jpc_streamlist_remove(dec->pkthdrstreams, ++ 0))) { + return -1; + } + } +-- +2.27.0 + diff --git a/jasper.spec b/jasper.spec index f3d356486fc442535a37da5c07e8d33bdebe38f7..dd74d9cc9316cf7ce44d7ee770831cf28e981b91 100644 --- a/jasper.spec +++ b/jasper.spec @@ -1,4 +1,4 @@ -%define anolis_release 2 +%define anolis_release 3 Summary: Implementation of the JPEG-2000 standard, Part 1 Name: jasper @@ -12,6 +12,9 @@ Source0: https://github.com/jasper-software/jasper/releases/download/version-%{v # skip hard-coded prefix/lib rpath Patch1: jasper-3.0.0-rpath.patch Patch2: 0001-CVE-2023-51257.patch +# CVE-2024-31744 +# Upstream fix: https://github.com/jasper-software/jasper/commit/6d084c53a77762f41bb5310713a5f1872fef55f5 +Patch3: Bugfix-for-CVE-2024-31744.patch # autoreconf BuildRequires: cmake @@ -105,6 +108,9 @@ Requires: %{name}-libs = %{version}-%{release} %{_mandir}/man1/jiv.1* %changelog +* Tue Sep 10 2024 lidongyue - 4.0.0-3 +- CVE-2024-31744 + * Mon Jul 08 2024 pangqing - 4.0.0-2 - Fix CVE-2023-51257