[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Bug#1036007: marked as done (unblock: opencv/4.6.0+dfsg-12)

Your message dated Tue, 23 May 2023 15:41:47 +0200
with message-id <ebcde802-5714-96d7-f65e-9b0466c77359@debian.org>
and subject line Re: Bug#1036007: unblock: opencv/4.6.0+dfsg-12
has caused the Debian Bug report #1036007,
regarding unblock: opencv/4.6.0+dfsg-12
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact owner@bugs.debian.org
immediately.)


-- 
1036007: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1036007
Debian Bug Tracking System
Contact owner@bugs.debian.org with problems
--- Begin Message --- 
Package: release.debian.org
Severity: normal
User: release.debian.org@packages.debian.org
Usertags: unblock
X-Debbugs-Cc: opencv@packages.debian.org
Control: affects -1 + src:opencv

Please unblock package opencv

[ Reason ]
This upload fixes two bugs:

1. #1035886 that adds a single Breaks: against an old library version to
   easy the upgrade.

2. #1035954 that adds upstream patches for two CVEs.

[ Impact ]
For 1. users could have problems upgrading.
For 2. I'm not sure about the impact of the CVEs but I guess it is
better to get them fixed before the release.

[ Tests ]
The CVEs carry a test, I did not verify the Breaks: but I assume Andreas
tested it :).

[ Risks ]
The Breaks: means users can't keep the old version, I think that is
acceptable if apt finds a upgrade solution.
For the CVEs the patch looks reasonable but I'm not sure if there is any
risk to it. Given that it applied cleanly to the version in unstable and
that upstream accepted it, I think it is fine.

[ Checklist ]
  [X] all changes are documented in the d/changelog
  [X] I reviewed all changes and I approve them
  [X] attach debdiff against the package in testing

[ Other info ]
The patch carries a change to debian/gbp.conf which is not imported for
the package in the archive.

unblock opencv/4.6.0+dfsg-12

diff --git a/debian/changelog b/debian/changelog
index 35b4b87d7..6ddf7e440 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,3 +1,16 @@
+opencv (4.6.0+dfsg-12) unstable; urgency=medium
+
+  * Team upload.
+
+  [ Andreas Beckmann ]
+  * libopencv-core406: Add Breaks: libopencv-core4.5 for smoother upgrades from bullseye
+    (Closes: #1035886)
+
+  [ Jochen Sprickerhof ]
+  * Add upstream patches for CVE-2023-2617 and CVE-2023-2618 (Closes: #1035954)
+
+ -- Jochen Sprickerhof <jspricke@debian.org>  Fri, 12 May 2023 11:40:38 +0200
+
 opencv (4.6.0+dfsg-11) unstable; urgency=medium
 
   * Update d/rules.
diff --git a/debian/control b/debian/control
index 4b6a4c095..421f0eb14 100644
--- a/debian/control
+++ b/debian/control
@@ -168,6 +168,7 @@ Section: libs
 Depends: ${misc:Depends},
          ${shlibs:Depends}
 Pre-Depends: ${misc:Pre-Depends}
+Breaks: libopencv-core4.5 (<< 4.6),
 Description: computer vision core library
  This package contains the OpenCV (Open Computer Vision) core runtime libraries.
  .
diff --git a/debian/gbp.conf b/debian/gbp.conf
index b5d1dad92..f2905a065 100644
--- a/debian/gbp.conf
+++ b/debian/gbp.conf
@@ -1,3 +1,5 @@
+[DEFAULT]
+component = contrib
+
 [import-orig]
 pristine-tar = True
-component = contrib
diff --git a/debian/patches/0009-fix-wechat_qrcode-Init-nBytes-after-the-count-value-.patch b/debian/patches/0009-fix-wechat_qrcode-Init-nBytes-after-the-count-value-.patch
new file mode 100644
index 000000000..879403e4b
--- /dev/null
+++ b/debian/patches/0009-fix-wechat_qrcode-Init-nBytes-after-the-count-value-.patch
@@ -0,0 +1,84 @@
+From: Nano <nanoapezlk@gmail.com>
+Date: Wed, 26 Apr 2023 15:09:52 +0800
+Subject: fix(wechat_qrcode): Init nBytes after the count value is determined
+ (#3480)
+
+* fix(wechat_qrcode): Initialize nBytes after the count value is determined
+
+* fix(wechat_qrcode): Incorrect count data repair
+
+* chore: format expr
+
+* fix(wechat_qrcode): Avoid null pointer exception
+
+* fix(wechat_qrcode): return when bytes_ is empty
+
+* test(wechat_qrcode): add test case
+
+---------
+
+Co-authored-by: GZTime <Time.GZ@outlook.com>
+---
+ .../src/zxing/qrcode/decoder/decoded_bit_stream_parser.cpp  | 13 +++++++++----
+ contrib/modules/wechat_qrcode/test/test_qrcode.cpp          | 11 +++++++++++
+ 2 files changed, 20 insertions(+), 4 deletions(-)
+
+diff --git a/contrib/modules/wechat_qrcode/src/zxing/qrcode/decoder/decoded_bit_stream_parser.cpp b/contrib/modules/wechat_qrcode/src/zxing/qrcode/decoder/decoded_bit_stream_parser.cpp
+index 05de793..b3a0a69 100644
+--- a/contrib/modules/wechat_qrcode/src/zxing/qrcode/decoder/decoded_bit_stream_parser.cpp
++++ b/contrib/modules/wechat_qrcode/src/zxing/qrcode/decoder/decoded_bit_stream_parser.cpp
+@@ -65,7 +65,8 @@ void DecodedBitStreamParser::append(std::string& result, string const& in,
+ 
+ void DecodedBitStreamParser::append(std::string& result, const char* bufIn, size_t nIn,
+                                     ErrorHandler& err_handler) {
+-    if (err_handler.ErrCode()) return;
++    // avoid null pointer exception
++    if (err_handler.ErrCode() || bufIn == nullptr) return;
+ #ifndef NO_ICONV_INSIDE
+     if (nIn == 0) {
+         return;
+@@ -190,16 +191,20 @@ void DecodedBitStreamParser::decodeByteSegment(Ref<BitSource> bits_, string& res
+                                                CharacterSetECI* currentCharacterSetECI,
+                                                ArrayRef<ArrayRef<char> >& byteSegments,
+                                                ErrorHandler& err_handler) {
+-    int nBytes = count;
+     BitSource& bits(*bits_);
+     // Don't crash trying to read more bits than we have available.
+     int available = bits.available();
+     // try to repair count data if count data is invalid
+     if (count * 8 > available) {
+-        count = (available + 7 / 8);
++        count = (available + 7) / 8;
+     }
++    size_t nBytes = count;
++
++    ArrayRef<char> bytes_(nBytes);
++    // issue https://github.com/opencv/opencv_contrib/issues/3478
++    if (bytes_->empty())
++        return;
+ 
+-    ArrayRef<char> bytes_(count);
+     char* readBytes = &(*bytes_)[0];
+     for (int i = 0; i < count; i++) {
+         //    readBytes[i] = (char) bits.readBits(8);
+diff --git a/contrib/modules/wechat_qrcode/test/test_qrcode.cpp b/contrib/modules/wechat_qrcode/test/test_qrcode.cpp
+index 5de6533..6989563 100644
+--- a/contrib/modules/wechat_qrcode/test/test_qrcode.cpp
++++ b/contrib/modules/wechat_qrcode/test/test_qrcode.cpp
+@@ -289,5 +289,16 @@ INSTANTIATE_TEST_CASE_P(/**/, Objdetect_QRCode_Monitor, testing::ValuesIn(qrcode
+ INSTANTIATE_TEST_CASE_P(/**/, Objdetect_QRCode_Curved, testing::ValuesIn(qrcode_images_curved));
+ // INSTANTIATE_TEST_CASE_P(/**/, Objdetect_QRCode_Multi, testing::ValuesIn(qrcode_images_multiple));
+ 
++TEST(Objdetect_QRCode_bug, issue_3478) {
++    auto detector = wechat_qrcode::WeChatQRCode();
++    std::string image_path = findDataFile("qrcode/issue_3478.png");
++    Mat src = imread(image_path, IMREAD_GRAYSCALE);
++    ASSERT_FALSE(src.empty()) << "Can't read image: " << image_path;
++    std::vector<std::string> outs = detector.detectAndDecode(src);
++    ASSERT_EQ(1, (int) outs.size());
++    ASSERT_EQ(16, (int) outs[0].size());
++    ASSERT_EQ("KFCVW50         ", outs[0]);
++}
++
+ }  // namespace
+ }  // namespace opencv_test
diff --git a/debian/patches/0010-fix-wechat_qrcode-fixed-memory-leaks.patch b/debian/patches/0010-fix-wechat_qrcode-fixed-memory-leaks.patch
new file mode 100644
index 000000000..cc4b0e194
--- /dev/null
+++ b/debian/patches/0010-fix-wechat_qrcode-fixed-memory-leaks.patch
@@ -0,0 +1,24 @@
+From: Nano <nanoapezlk@gmail.com>
+Date: Thu, 27 Apr 2023 17:38:35 +0800
+Subject: fix(wechat_qrcode): fixed memory leaks
+
+---
+ .../src/zxing/qrcode/decoder/decoded_bit_stream_parser.cpp           | 5 ++++-
+ 1 file changed, 4 insertions(+), 1 deletion(-)
+
+diff --git a/contrib/modules/wechat_qrcode/src/zxing/qrcode/decoder/decoded_bit_stream_parser.cpp b/contrib/modules/wechat_qrcode/src/zxing/qrcode/decoder/decoded_bit_stream_parser.cpp
+index b3a0a69..f02435d 100644
+--- a/contrib/modules/wechat_qrcode/src/zxing/qrcode/decoder/decoded_bit_stream_parser.cpp
++++ b/contrib/modules/wechat_qrcode/src/zxing/qrcode/decoder/decoded_bit_stream_parser.cpp
+@@ -127,7 +127,10 @@ void DecodedBitStreamParser::decodeHanziSegment(Ref<BitSource> bits_, string& re
+     while (count > 0) {
+         // Each 13 bits encodes a 2-byte character
+         int twoBytes = bits.readBits(13, err_handler);
+-        if (err_handler.ErrCode()) return;
++        if (err_handler.ErrCode()) {
++            delete[] buffer;
++            return;
++        }
+         int assembledTwoBytes = ((twoBytes / 0x060) << 8) | (twoBytes % 0x060);
+         if (assembledTwoBytes < 0x003BF) {
+             // In the 0xA1A1 to 0xAAFE range
diff --git a/debian/patches/series b/debian/patches/series
index 338b2f884..5488e53a5 100644
--- a/debian/patches/series
+++ b/debian/patches/series
@@ -6,3 +6,5 @@ cmake-dont-install-inexistent-files.patch
 0007-Build-highgui-module-with-QT-support.patch
 0008-Do-not-embed-build-directory-in-binaries.patch
 0009-Do-not-embed-build-directory-in-documentation.patch
+0009-fix-wechat_qrcode-Init-nBytes-after-the-count-value-.patch
+0010-fix-wechat_qrcode-fixed-memory-leaks.patch

--- End Message ---
--- Begin Message --- 
Hi,

On 12-05-2023 22:09, Jochen Sprickerhof wrote:

unblock opencv/4.6.0+dfsg-12


done and aged.

Paul

Attachment: OpenPGP_signature
Description: OpenPGP digital signature


--- End Message ---
Reply to: