Bug#1036007: unblock: opencv/4.6.0+dfsg-12
Jochen Sprickerhof
jspricke at debian.org
Fri May 12 21:09:54 BST 2023
Package: release.debian.org
Severity: normal
User: release.debian.org at packages.debian.org
Usertags: unblock
X-Debbugs-Cc: opencv at packages.debian.org
Control: affects -1 + src:opencv
Please unblock package opencv
[ Reason ]
This upload fixes two bugs:
1. #1035886 that adds a single Breaks: against an old library version to
easy the upgrade.
2. #1035954 that adds upstream patches for two CVEs.
[ Impact ]
For 1. users could have problems upgrading.
For 2. I'm not sure about the impact of the CVEs but I guess it is
better to get them fixed before the release.
[ Tests ]
The CVEs carry a test, I did not verify the Breaks: but I assume Andreas
tested it :).
[ Risks ]
The Breaks: means users can't keep the old version, I think that is
acceptable if apt finds a upgrade solution.
For the CVEs the patch looks reasonable but I'm not sure if there is any
risk to it. Given that it applied cleanly to the version in unstable and
that upstream accepted it, I think it is fine.
[ Checklist ]
[X] all changes are documented in the d/changelog
[X] I reviewed all changes and I approve them
[X] attach debdiff against the package in testing
[ Other info ]
The patch carries a change to debian/gbp.conf which is not imported for
the package in the archive.
unblock opencv/4.6.0+dfsg-12
-------------- next part --------------
diff --git a/debian/changelog b/debian/changelog
index 35b4b87d7..6ddf7e440 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,3 +1,16 @@
+opencv (4.6.0+dfsg-12) unstable; urgency=medium
+
+ * Team upload.
+
+ [ Andreas Beckmann ]
+ * libopencv-core406: Add Breaks: libopencv-core4.5 for smoother upgrades from bullseye
+ (Closes: #1035886)
+
+ [ Jochen Sprickerhof ]
+ * Add upstream patches for CVE-2023-2617 and CVE-2023-2618 (Closes: #1035954)
+
+ -- Jochen Sprickerhof <jspricke at debian.org> Fri, 12 May 2023 11:40:38 +0200
+
opencv (4.6.0+dfsg-11) unstable; urgency=medium
* Update d/rules.
diff --git a/debian/control b/debian/control
index 4b6a4c095..421f0eb14 100644
--- a/debian/control
+++ b/debian/control
@@ -168,6 +168,7 @@ Section: libs
Depends: ${misc:Depends},
${shlibs:Depends}
Pre-Depends: ${misc:Pre-Depends}
+Breaks: libopencv-core4.5 (<< 4.6),
Description: computer vision core library
This package contains the OpenCV (Open Computer Vision) core runtime libraries.
.
diff --git a/debian/gbp.conf b/debian/gbp.conf
index b5d1dad92..f2905a065 100644
--- a/debian/gbp.conf
+++ b/debian/gbp.conf
@@ -1,3 +1,5 @@
+[DEFAULT]
+component = contrib
+
[import-orig]
pristine-tar = True
-component = contrib
diff --git a/debian/patches/0009-fix-wechat_qrcode-Init-nBytes-after-the-count-value-.patch b/debian/patches/0009-fix-wechat_qrcode-Init-nBytes-after-the-count-value-.patch
new file mode 100644
index 000000000..879403e4b
--- /dev/null
+++ b/debian/patches/0009-fix-wechat_qrcode-Init-nBytes-after-the-count-value-.patch
@@ -0,0 +1,84 @@
+From: Nano <nanoapezlk at gmail.com>
+Date: Wed, 26 Apr 2023 15:09:52 +0800
+Subject: fix(wechat_qrcode): Init nBytes after the count value is determined
+ (#3480)
+
+* fix(wechat_qrcode): Initialize nBytes after the count value is determined
+
+* fix(wechat_qrcode): Incorrect count data repair
+
+* chore: format expr
+
+* fix(wechat_qrcode): Avoid null pointer exception
+
+* fix(wechat_qrcode): return when bytes_ is empty
+
+* test(wechat_qrcode): add test case
+
+---------
+
+Co-authored-by: GZTime <Time.GZ at outlook.com>
+---
+ .../src/zxing/qrcode/decoder/decoded_bit_stream_parser.cpp | 13 +++++++++----
+ contrib/modules/wechat_qrcode/test/test_qrcode.cpp | 11 +++++++++++
+ 2 files changed, 20 insertions(+), 4 deletions(-)
+
+diff --git a/contrib/modules/wechat_qrcode/src/zxing/qrcode/decoder/decoded_bit_stream_parser.cpp b/contrib/modules/wechat_qrcode/src/zxing/qrcode/decoder/decoded_bit_stream_parser.cpp
+index 05de793..b3a0a69 100644
+--- a/contrib/modules/wechat_qrcode/src/zxing/qrcode/decoder/decoded_bit_stream_parser.cpp
++++ b/contrib/modules/wechat_qrcode/src/zxing/qrcode/decoder/decoded_bit_stream_parser.cpp
+@@ -65,7 +65,8 @@ void DecodedBitStreamParser::append(std::string& result, string const& in,
+
+ void DecodedBitStreamParser::append(std::string& result, const char* bufIn, size_t nIn,
+ ErrorHandler& err_handler) {
+- if (err_handler.ErrCode()) return;
++ // avoid null pointer exception
++ if (err_handler.ErrCode() || bufIn == nullptr) return;
+ #ifndef NO_ICONV_INSIDE
+ if (nIn == 0) {
+ return;
+@@ -190,16 +191,20 @@ void DecodedBitStreamParser::decodeByteSegment(Ref<BitSource> bits_, string& res
+ CharacterSetECI* currentCharacterSetECI,
+ ArrayRef<ArrayRef<char> >& byteSegments,
+ ErrorHandler& err_handler) {
+- int nBytes = count;
+ BitSource& bits(*bits_);
+ // Don't crash trying to read more bits than we have available.
+ int available = bits.available();
+ // try to repair count data if count data is invalid
+ if (count * 8 > available) {
+- count = (available + 7 / 8);
++ count = (available + 7) / 8;
+ }
++ size_t nBytes = count;
++
++ ArrayRef<char> bytes_(nBytes);
++ // issue https://github.com/opencv/opencv_contrib/issues/3478
++ if (bytes_->empty())
++ return;
+
+- ArrayRef<char> bytes_(count);
+ char* readBytes = &(*bytes_)[0];
+ for (int i = 0; i < count; i++) {
+ // readBytes[i] = (char) bits.readBits(8);
+diff --git a/contrib/modules/wechat_qrcode/test/test_qrcode.cpp b/contrib/modules/wechat_qrcode/test/test_qrcode.cpp
+index 5de6533..6989563 100644
+--- a/contrib/modules/wechat_qrcode/test/test_qrcode.cpp
++++ b/contrib/modules/wechat_qrcode/test/test_qrcode.cpp
+@@ -289,5 +289,16 @@ INSTANTIATE_TEST_CASE_P(/**/, Objdetect_QRCode_Monitor, testing::ValuesIn(qrcode
+ INSTANTIATE_TEST_CASE_P(/**/, Objdetect_QRCode_Curved, testing::ValuesIn(qrcode_images_curved));
+ // INSTANTIATE_TEST_CASE_P(/**/, Objdetect_QRCode_Multi, testing::ValuesIn(qrcode_images_multiple));
+
++TEST(Objdetect_QRCode_bug, issue_3478) {
++ auto detector = wechat_qrcode::WeChatQRCode();
++ std::string image_path = findDataFile("qrcode/issue_3478.png");
++ Mat src = imread(image_path, IMREAD_GRAYSCALE);
++ ASSERT_FALSE(src.empty()) << "Can't read image: " << image_path;
++ std::vector<std::string> outs = detector.detectAndDecode(src);
++ ASSERT_EQ(1, (int) outs.size());
++ ASSERT_EQ(16, (int) outs[0].size());
++ ASSERT_EQ("KFCVW50 ", outs[0]);
++}
++
+ } // namespace
+ } // namespace opencv_test
diff --git a/debian/patches/0010-fix-wechat_qrcode-fixed-memory-leaks.patch b/debian/patches/0010-fix-wechat_qrcode-fixed-memory-leaks.patch
new file mode 100644
index 000000000..cc4b0e194
--- /dev/null
+++ b/debian/patches/0010-fix-wechat_qrcode-fixed-memory-leaks.patch
@@ -0,0 +1,24 @@
+From: Nano <nanoapezlk at gmail.com>
+Date: Thu, 27 Apr 2023 17:38:35 +0800
+Subject: fix(wechat_qrcode): fixed memory leaks
+
+---
+ .../src/zxing/qrcode/decoder/decoded_bit_stream_parser.cpp | 5 ++++-
+ 1 file changed, 4 insertions(+), 1 deletion(-)
+
+diff --git a/contrib/modules/wechat_qrcode/src/zxing/qrcode/decoder/decoded_bit_stream_parser.cpp b/contrib/modules/wechat_qrcode/src/zxing/qrcode/decoder/decoded_bit_stream_parser.cpp
+index b3a0a69..f02435d 100644
+--- a/contrib/modules/wechat_qrcode/src/zxing/qrcode/decoder/decoded_bit_stream_parser.cpp
++++ b/contrib/modules/wechat_qrcode/src/zxing/qrcode/decoder/decoded_bit_stream_parser.cpp
+@@ -127,7 +127,10 @@ void DecodedBitStreamParser::decodeHanziSegment(Ref<BitSource> bits_, string& re
+ while (count > 0) {
+ // Each 13 bits encodes a 2-byte character
+ int twoBytes = bits.readBits(13, err_handler);
+- if (err_handler.ErrCode()) return;
++ if (err_handler.ErrCode()) {
++ delete[] buffer;
++ return;
++ }
+ int assembledTwoBytes = ((twoBytes / 0x060) << 8) | (twoBytes % 0x060);
+ if (assembledTwoBytes < 0x003BF) {
+ // In the 0xA1A1 to 0xAAFE range
diff --git a/debian/patches/series b/debian/patches/series
index 338b2f884..5488e53a5 100644
--- a/debian/patches/series
+++ b/debian/patches/series
@@ -6,3 +6,5 @@ cmake-dont-install-inexistent-files.patch
0007-Build-highgui-module-with-QT-support.patch
0008-Do-not-embed-build-directory-in-binaries.patch
0009-Do-not-embed-build-directory-in-documentation.patch
+0009-fix-wechat_qrcode-Init-nBytes-after-the-count-value-.patch
+0010-fix-wechat_qrcode-fixed-memory-leaks.patch
More information about the debian-science-maintainers
mailing list