From f6242ae2f1469ee2f390a4da8e686b0374048698 Mon Sep 17 00:00:00 2001 From: Max Rees Date: Tue, 17 Sep 2019 16:02:23 -0500 Subject: user/opencv: patch CVE-2019-16249 --- user/opencv/APKBUILD | 10 +++++-- user/opencv/CVE-2019-16249.patch | 57 ++++++++++++++++++++++++++++++++++++++++ 2 files changed, 65 insertions(+), 2 deletions(-) create mode 100644 user/opencv/CVE-2019-16249.patch (limited to 'user/opencv') diff --git a/user/opencv/APKBUILD b/user/opencv/APKBUILD index 76403ac60..a8a38c149 100644 --- a/user/opencv/APKBUILD +++ b/user/opencv/APKBUILD @@ -2,7 +2,7 @@ # Maintainer: pkgname=opencv pkgver=4.1.1 -pkgrel=0 +pkgrel=1 pkgdesc="Computer vision and machine learning software library" url="https://opencv.org" arch="all" @@ -15,8 +15,13 @@ makedepends="cmake doxygen ffmpeg-dev gst-plugins-base-dev gtk+2.0-dev subpackages="$pkgname-dev $pkgname-libs" source="opencv-$pkgver.tar.gz::https://github.com/opencv/opencv/archive/$pkgver.tar.gz cmake-license.patch + CVE-2019-16249.patch " +# secfixes: +# 4.1.1-r1: +# - CVE-2019-16249 + prepare() { default_prepare # purge 3rd party except carotene @@ -61,4 +66,5 @@ package() { } sha512sums="80fa48d992ca06a2a4ab6740df6d8c21f4926165486b393969da2c5bbe2f3a0b799fb76dee5e3654e90c743e49bbd2b5b02ad59a4766896bbf4cd5b4e3251e0f opencv-4.1.1.tar.gz -ffa6930086051c545a44d28b8e428de7faaeecf961cdee6eef007b2b01db7e5897c6f184b1059df9763c1bcd90f88b9ead710dc13b51a608f21d683f55f39bd6 cmake-license.patch" +ffa6930086051c545a44d28b8e428de7faaeecf961cdee6eef007b2b01db7e5897c6f184b1059df9763c1bcd90f88b9ead710dc13b51a608f21d683f55f39bd6 cmake-license.patch +39f2f9abb1051220d6b842e9337c3636ee229781c7efcc92e987dae47ac82072dc95568e6a766e01329ee61c0a3be4efdd82aa3b56c011b44e175444d81c134d CVE-2019-16249.patch" diff --git a/user/opencv/CVE-2019-16249.patch b/user/opencv/CVE-2019-16249.patch new file mode 100644 index 000000000..a7f0027ac --- /dev/null +++ b/user/opencv/CVE-2019-16249.patch @@ -0,0 +1,57 @@ +From cd7fa04985b10db5e66de542725d0da57f0d10b6 Mon Sep 17 00:00:00 2001 +From: Vitaly Tuzov +Date: Tue, 17 Sep 2019 15:53:18 +0300 +Subject: [PATCH] Fixed out of bound reading in DIS optical flow evaluation + implementation + +--- + modules/video/src/dis_flow.cpp | 18 +++++------------- + 1 file changed, 5 insertions(+), 13 deletions(-) + +diff --git a/modules/video/src/dis_flow.cpp b/modules/video/src/dis_flow.cpp +index 85400c71ca7..a260b8726bb 100644 +--- a/modules/video/src/dis_flow.cpp ++++ b/modules/video/src/dis_flow.cpp +@@ -494,7 +494,6 @@ DISOpticalFlowImpl::PatchInverseSearch_ParBody::PatchInverseSearch_ParBody(DISOp + v_float32x4 w10v = v_setall_f32(w10); \ + v_float32x4 w11v = v_setall_f32(w11); \ + \ +- v_uint8x16 I0_row_16, I1_row_16, I1_row_shifted_16, I1_row_next_16, I1_row_next_shifted_16; \ + v_uint16x8 I0_row_8, I1_row_8, I1_row_shifted_8, I1_row_next_8, I1_row_next_shifted_8, tmp; \ + v_uint32x4 I0_row_4_left, I1_row_4_left, I1_row_shifted_4_left, I1_row_next_4_left, I1_row_next_shifted_4_left; \ + v_uint32x4 I0_row_4_right, I1_row_4_right, I1_row_shifted_4_right, I1_row_next_4_right, \ +@@ -502,29 +501,22 @@ DISOpticalFlowImpl::PatchInverseSearch_ParBody::PatchInverseSearch_ParBody(DISOp + v_float32x4 I_diff_left, I_diff_right; \ + \ + /* Preload and expand the first row of I1: */ \ +- I1_row_16 = v_load(I1_ptr); \ +- I1_row_shifted_16 = v_extract<1>(I1_row_16, I1_row_16); \ +- v_expand(I1_row_16, I1_row_8, tmp); \ +- v_expand(I1_row_shifted_16, I1_row_shifted_8, tmp); \ ++ I1_row_8 = v_load_expand(I1_ptr); \ ++ I1_row_shifted_8 = v_load_expand(I1_ptr + 1); \ + v_expand(I1_row_8, I1_row_4_left, I1_row_4_right); \ + v_expand(I1_row_shifted_8, I1_row_shifted_4_left, I1_row_shifted_4_right); \ + I1_ptr += I1_stride; + + #define HAL_PROCESS_BILINEAR_8x8_PATCH_EXTRACTION \ + /* Load the next row of I1: */ \ +- I1_row_next_16 = v_load(I1_ptr); \ +- /* Circular shift left by 1 element: */ \ +- I1_row_next_shifted_16 = v_extract<1>(I1_row_next_16, I1_row_next_16); \ +- /* Expand to 8 ushorts (we only need the first 8 values): */ \ +- v_expand(I1_row_next_16, I1_row_next_8, tmp); \ +- v_expand(I1_row_next_shifted_16, I1_row_next_shifted_8, tmp); \ ++ I1_row_next_8 = v_load_expand(I1_ptr); \ ++ I1_row_next_shifted_8 = v_load_expand(I1_ptr + 1); \ + /* Separate the left and right halves: */ \ + v_expand(I1_row_next_8, I1_row_next_4_left, I1_row_next_4_right); \ + v_expand(I1_row_next_shifted_8, I1_row_next_shifted_4_left, I1_row_next_shifted_4_right); \ + \ + /* Load current row of I0: */ \ +- I0_row_16 = v_load(I0_ptr); \ +- v_expand(I0_row_16, I0_row_8, tmp); \ ++ I0_row_8 = v_load_expand(I0_ptr); \ + v_expand(I0_row_8, I0_row_4_left, I0_row_4_right); \ + \ + /* Compute diffs between I0 and bilinearly interpolated I1: */ \ -- cgit v1.2.3-60-g2f50