Package: release.debian.org Severity: normal User: release.debian....@packages.debian.org Usertags: unblock X-Debbugs-Cc: ope...@packages.debian.org Control: affects -1 + src:opencv
Please unblock package opencv [ Reason ] This upload fixes two bugs: 1. #1035886 that adds a single Breaks: against an old library version to easy the upgrade. 2. #1035954 that adds upstream patches for two CVEs. [ Impact ] For 1. users could have problems upgrading. For 2. I'm not sure about the impact of the CVEs but I guess it is better to get them fixed before the release. [ Tests ] The CVEs carry a test, I did not verify the Breaks: but I assume Andreas tested it :). [ Risks ] The Breaks: means users can't keep the old version, I think that is acceptable if apt finds a upgrade solution. For the CVEs the patch looks reasonable but I'm not sure if there is any risk to it. Given that it applied cleanly to the version in unstable and that upstream accepted it, I think it is fine. [ Checklist ] [X] all changes are documented in the d/changelog [X] I reviewed all changes and I approve them [X] attach debdiff against the package in testing [ Other info ] The patch carries a change to debian/gbp.conf which is not imported for the package in the archive. unblock opencv/4.6.0+dfsg-12
diff --git a/debian/changelog b/debian/changelog index 35b4b87d7..6ddf7e440 100644 --- a/debian/changelog +++ b/debian/changelog @@ -1,3 +1,16 @@ +opencv (4.6.0+dfsg-12) unstable; urgency=medium + + * Team upload. + + [ Andreas Beckmann ] + * libopencv-core406: Add Breaks: libopencv-core4.5 for smoother upgrades from bullseye + (Closes: #1035886) + + [ Jochen Sprickerhof ] + * Add upstream patches for CVE-2023-2617 and CVE-2023-2618 (Closes: #1035954) + + -- Jochen Sprickerhof <jspri...@debian.org> Fri, 12 May 2023 11:40:38 +0200 + opencv (4.6.0+dfsg-11) unstable; urgency=medium * Update d/rules. diff --git a/debian/control b/debian/control index 4b6a4c095..421f0eb14 100644 --- a/debian/control +++ b/debian/control @@ -168,6 +168,7 @@ Section: libs Depends: ${misc:Depends}, ${shlibs:Depends} Pre-Depends: ${misc:Pre-Depends} +Breaks: libopencv-core4.5 (<< 4.6), Description: computer vision core library This package contains the OpenCV (Open Computer Vision) core runtime libraries. . diff --git a/debian/gbp.conf b/debian/gbp.conf index b5d1dad92..f2905a065 100644 --- a/debian/gbp.conf +++ b/debian/gbp.conf @@ -1,3 +1,5 @@ +[DEFAULT] +component = contrib + [import-orig] pristine-tar = True -component = contrib diff --git a/debian/patches/0009-fix-wechat_qrcode-Init-nBytes-after-the-count-value-.patch b/debian/patches/0009-fix-wechat_qrcode-Init-nBytes-after-the-count-value-.patch new file mode 100644 index 000000000..879403e4b --- /dev/null +++ b/debian/patches/0009-fix-wechat_qrcode-Init-nBytes-after-the-count-value-.patch @@ -0,0 +1,84 @@ +From: Nano <nanoape...@gmail.com> +Date: Wed, 26 Apr 2023 15:09:52 +0800 +Subject: fix(wechat_qrcode): Init nBytes after the count value is determined + (#3480) + +* fix(wechat_qrcode): Initialize nBytes after the count value is determined + +* fix(wechat_qrcode): Incorrect count data repair + +* chore: format expr + +* fix(wechat_qrcode): Avoid null pointer exception + +* fix(wechat_qrcode): return when bytes_ is empty + +* test(wechat_qrcode): add test case + +--------- + +Co-authored-by: GZTime <time...@outlook.com> +--- + .../src/zxing/qrcode/decoder/decoded_bit_stream_parser.cpp | 13 +++++++++---- + contrib/modules/wechat_qrcode/test/test_qrcode.cpp | 11 +++++++++++ + 2 files changed, 20 insertions(+), 4 deletions(-) + +diff --git a/contrib/modules/wechat_qrcode/src/zxing/qrcode/decoder/decoded_bit_stream_parser.cpp b/contrib/modules/wechat_qrcode/src/zxing/qrcode/decoder/decoded_bit_stream_parser.cpp +index 05de793..b3a0a69 100644 +--- a/contrib/modules/wechat_qrcode/src/zxing/qrcode/decoder/decoded_bit_stream_parser.cpp ++++ b/contrib/modules/wechat_qrcode/src/zxing/qrcode/decoder/decoded_bit_stream_parser.cpp +@@ -65,7 +65,8 @@ void DecodedBitStreamParser::append(std::string& result, string const& in, + + void DecodedBitStreamParser::append(std::string& result, const char* bufIn, size_t nIn, + ErrorHandler& err_handler) { +- if (err_handler.ErrCode()) return; ++ // avoid null pointer exception ++ if (err_handler.ErrCode() || bufIn == nullptr) return; + #ifndef NO_ICONV_INSIDE + if (nIn == 0) { + return; +@@ -190,16 +191,20 @@ void DecodedBitStreamParser::decodeByteSegment(Ref<BitSource> bits_, string& res + CharacterSetECI* currentCharacterSetECI, + ArrayRef<ArrayRef<char> >& byteSegments, + ErrorHandler& err_handler) { +- int nBytes = count; + BitSource& bits(*bits_); + // Don't crash trying to read more bits than we have available. + int available = bits.available(); + // try to repair count data if count data is invalid + if (count * 8 > available) { +- count = (available + 7 / 8); ++ count = (available + 7) / 8; + } ++ size_t nBytes = count; ++ ++ ArrayRef<char> bytes_(nBytes); ++ // issue https://github.com/opencv/opencv_contrib/issues/3478 ++ if (bytes_->empty()) ++ return; + +- ArrayRef<char> bytes_(count); + char* readBytes = &(*bytes_)[0]; + for (int i = 0; i < count; i++) { + // readBytes[i] = (char) bits.readBits(8); +diff --git a/contrib/modules/wechat_qrcode/test/test_qrcode.cpp b/contrib/modules/wechat_qrcode/test/test_qrcode.cpp +index 5de6533..6989563 100644 +--- a/contrib/modules/wechat_qrcode/test/test_qrcode.cpp ++++ b/contrib/modules/wechat_qrcode/test/test_qrcode.cpp +@@ -289,5 +289,16 @@ INSTANTIATE_TEST_CASE_P(/**/, Objdetect_QRCode_Monitor, testing::ValuesIn(qrcode + INSTANTIATE_TEST_CASE_P(/**/, Objdetect_QRCode_Curved, testing::ValuesIn(qrcode_images_curved)); + // INSTANTIATE_TEST_CASE_P(/**/, Objdetect_QRCode_Multi, testing::ValuesIn(qrcode_images_multiple)); + ++TEST(Objdetect_QRCode_bug, issue_3478) { ++ auto detector = wechat_qrcode::WeChatQRCode(); ++ std::string image_path = findDataFile("qrcode/issue_3478.png"); ++ Mat src = imread(image_path, IMREAD_GRAYSCALE); ++ ASSERT_FALSE(src.empty()) << "Can't read image: " << image_path; ++ std::vector<std::string> outs = detector.detectAndDecode(src); ++ ASSERT_EQ(1, (int) outs.size()); ++ ASSERT_EQ(16, (int) outs[0].size()); ++ ASSERT_EQ("KFCVW50 ", outs[0]); ++} ++ + } // namespace + } // namespace opencv_test diff --git a/debian/patches/0010-fix-wechat_qrcode-fixed-memory-leaks.patch b/debian/patches/0010-fix-wechat_qrcode-fixed-memory-leaks.patch new file mode 100644 index 000000000..cc4b0e194 --- /dev/null +++ b/debian/patches/0010-fix-wechat_qrcode-fixed-memory-leaks.patch @@ -0,0 +1,24 @@ +From: Nano <nanoape...@gmail.com> +Date: Thu, 27 Apr 2023 17:38:35 +0800 +Subject: fix(wechat_qrcode): fixed memory leaks + +--- + .../src/zxing/qrcode/decoder/decoded_bit_stream_parser.cpp | 5 ++++- + 1 file changed, 4 insertions(+), 1 deletion(-) + +diff --git a/contrib/modules/wechat_qrcode/src/zxing/qrcode/decoder/decoded_bit_stream_parser.cpp b/contrib/modules/wechat_qrcode/src/zxing/qrcode/decoder/decoded_bit_stream_parser.cpp +index b3a0a69..f02435d 100644 +--- a/contrib/modules/wechat_qrcode/src/zxing/qrcode/decoder/decoded_bit_stream_parser.cpp ++++ b/contrib/modules/wechat_qrcode/src/zxing/qrcode/decoder/decoded_bit_stream_parser.cpp +@@ -127,7 +127,10 @@ void DecodedBitStreamParser::decodeHanziSegment(Ref<BitSource> bits_, string& re + while (count > 0) { + // Each 13 bits encodes a 2-byte character + int twoBytes = bits.readBits(13, err_handler); +- if (err_handler.ErrCode()) return; ++ if (err_handler.ErrCode()) { ++ delete[] buffer; ++ return; ++ } + int assembledTwoBytes = ((twoBytes / 0x060) << 8) | (twoBytes % 0x060); + if (assembledTwoBytes < 0x003BF) { + // In the 0xA1A1 to 0xAAFE range diff --git a/debian/patches/series b/debian/patches/series index 338b2f884..5488e53a5 100644 --- a/debian/patches/series +++ b/debian/patches/series @@ -6,3 +6,5 @@ cmake-dont-install-inexistent-files.patch 0007-Build-highgui-module-with-QT-support.patch 0008-Do-not-embed-build-directory-in-binaries.patch 0009-Do-not-embed-build-directory-in-documentation.patch +0009-fix-wechat_qrcode-Init-nBytes-after-the-count-value-.patch +0010-fix-wechat_qrcode-fixed-memory-leaks.patch