aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorFrancesco Colista <fcolista@alpinelinux.org>2019-03-14 17:17:34 +0000
committerFrancesco Colista <fcolista@alpinelinux.org>2019-03-14 17:29:02 +0000
commit673878b2056caeeae7b119dc6845c6299a153c69 (patch)
treeb9c93fb7732838cbda0e8a8352dd0f6231fe629d
parentab46a3d24f841cdaa8c90dd0878f55d30dfb518d (diff)
downloadaports-673878b2056caeeae7b119dc6845c6299a153c69.tar.bz2
aports-673878b2056caeeae7b119dc6845c6299a153c69.tar.xz
main/openjpeg: security fixes
- CVE-2018-5785 this commit fixes #10097
-rw-r--r--main/openjpeg/APKBUILD8
-rw-r--r--main/openjpeg/CVE-2018-5785.patch79
2 files changed, 85 insertions, 2 deletions
diff --git a/main/openjpeg/APKBUILD b/main/openjpeg/APKBUILD
index 66ef7f5166..0403c5f0f8 100644
--- a/main/openjpeg/APKBUILD
+++ b/main/openjpeg/APKBUILD
@@ -2,7 +2,7 @@
# Maintainer: Francesco Colista <fcolista@alpinelinux.org>
pkgname=openjpeg
pkgver=2.3.0
-pkgrel=1
+pkgrel=2
pkgdesc="Open-source implementation of JPEG2000 image codec"
url="http://www.openjpeg.org/"
arch="all"
@@ -14,6 +14,7 @@ source="$pkgname-$pkgver.tar.gz::https://github.com/uclouvain/openjpeg/archive/v
CVE-2018-18088.patch
CVE-2018-14423.patch
CVE-2018-6616.patch
+ CVE-2018-5785.patch
"
builddir="${srcdir}/$pkgname-$pkgver"
@@ -28,6 +29,8 @@ build() {
}
# secfixes:
+# 2.3.0-r2:
+# - CVE-2018-5785
# 2.3.0-r1:
# - CVE-2018-14423
# - CVE-2018-6616
@@ -62,4 +65,5 @@ sha512sums="0a9d427be4a820b1d759fca4b50e293721b45fe4885aa61ca1ae09e099f75ed93520
15f4292ab6e19ecad1d47772ea28154bc7bbf9b9ba68467c5750e0c823efe3657e5973c08b81456f649fb789b6772ddaf5122f23a530ae0f6a9e5adb61c51c74 CVE-2017-17480.patch
24b646f2b24cfbe9babe8b5c622069178998f35d0b82f5034ff12f8df5f3ffd35f4f8bcc195dfec1072d8f8847d200c3d28f689ec16f29ab9ce895dbabd044bb CVE-2018-18088.patch
4292a05e63ec1ba1ec30e02cd981e9aab617e42831a799bc777b03174bcbc4c49d8b45534668a5237f06c0361865b0ff9bd71f40e2fcab370af6cf9c256c8537 CVE-2018-14423.patch
-9c5eccb7b00e8ed6e473db61aaaf9d37462b9a5c5efabb2af3e0d701922c54827aee55253404c149605fa9103adf6f4375a684c89f17a7fe7bdf85988b5db222 CVE-2018-6616.patch"
+9c5eccb7b00e8ed6e473db61aaaf9d37462b9a5c5efabb2af3e0d701922c54827aee55253404c149605fa9103adf6f4375a684c89f17a7fe7bdf85988b5db222 CVE-2018-6616.patch
+ec48472de6c6d34abff949bbae1ae1e92e0b59939c13345a3a69c8219fdf91ea2c07dda59fe212a88212b3116cae1fb8c47aa5d12b84af669a28aa52864f55de CVE-2018-5785.patch"
diff --git a/main/openjpeg/CVE-2018-5785.patch b/main/openjpeg/CVE-2018-5785.patch
new file mode 100644
index 0000000000..b93515ccd4
--- /dev/null
+++ b/main/openjpeg/CVE-2018-5785.patch
@@ -0,0 +1,79 @@
+From ca16fe55014c57090dd97369256c7657aeb25975 Mon Sep 17 00:00:00 2001
+From: Hugo Lefeuvre <hle@debian.org>
+Date: Sat, 22 Sep 2018 14:33:19 -0400
+Subject: [PATCH] convertbmp: fix issues with zero bitmasks
+
+In the case where a BMP file declares compression 3 (BI_BITFIELDS)
+with header size <= 56, all bitmask values keep their initialization
+value 0. This may lead to various undefined behavior later e.g. when
+doing 1 << (l_comp->prec - 1).
+
+This issue does not affect files with bit count 16 because of a check
+added in 16240e2 which sets default values to the color masks if they
+are all 0.
+
+This commit adds similar checks for the 32 bit case.
+
+Also, if a BMP file declares compression 3 with header size >= 56 and
+intentional 0 bitmasks, the same issue will be triggered in both the
+16 and 32 bit count case.
+
+This commit adds checks to bmp_read_info_header() rejecting BMP files
+with "intentional" 0 bitmasks. These checks might be removed in the
+future when proper handling of zero bitmasks will be available in
+openjpeg2.
+
+fixes #1057 (CVE-2018-5785)
+---
+ src/bin/jp2/convertbmp.c | 21 +++++++++++++++++++++
+ 1 file changed, 21 insertions(+)
+
+diff --git a/src/bin/jp2/convertbmp.c b/src/bin/jp2/convertbmp.c
+index 084f70bb7..7fde99ab3 100644
+--- a/src/bin/jp2/convertbmp.c
++++ b/src/bin/jp2/convertbmp.c
+@@ -435,16 +435,31 @@ static OPJ_BOOL bmp_read_info_header(FILE* IN, OPJ_BITMAPINFOHEADER* header)
+ header->biRedMask |= (OPJ_UINT32)getc(IN) << 16;
+ header->biRedMask |= (OPJ_UINT32)getc(IN) << 24;
+
++ if (!header->biRedMask) {
++ fprintf(stderr, "Error, invalid red mask value %d\n", header->biRedMask);
++ return OPJ_FALSE;
++ }
++
+ header->biGreenMask = (OPJ_UINT32)getc(IN);
+ header->biGreenMask |= (OPJ_UINT32)getc(IN) << 8;
+ header->biGreenMask |= (OPJ_UINT32)getc(IN) << 16;
+ header->biGreenMask |= (OPJ_UINT32)getc(IN) << 24;
+
++ if (!header->biGreenMask) {
++ fprintf(stderr, "Error, invalid green mask value %d\n", header->biGreenMask);
++ return OPJ_FALSE;
++ }
++
+ header->biBlueMask = (OPJ_UINT32)getc(IN);
+ header->biBlueMask |= (OPJ_UINT32)getc(IN) << 8;
+ header->biBlueMask |= (OPJ_UINT32)getc(IN) << 16;
+ header->biBlueMask |= (OPJ_UINT32)getc(IN) << 24;
+
++ if (!header->biBlueMask) {
++ fprintf(stderr, "Error, invalid blue mask value %d\n", header->biBlueMask);
++ return OPJ_FALSE;
++ }
++
+ header->biAlphaMask = (OPJ_UINT32)getc(IN);
+ header->biAlphaMask |= (OPJ_UINT32)getc(IN) << 8;
+ header->biAlphaMask |= (OPJ_UINT32)getc(IN) << 16;
+@@ -831,6 +846,12 @@ opj_image_t* bmptoimage(const char *filename, opj_cparameters_t *parameters)
+ bmpmask32toimage(pData, stride, image, 0x00FF0000U, 0x0000FF00U, 0x000000FFU,
+ 0x00000000U);
+ } else if (Info_h.biBitCount == 32 && Info_h.biCompression == 3) { /* bitmask */
++ if ((Info_h.biRedMask == 0U) && (Info_h.biGreenMask == 0U) &&
++ (Info_h.biBlueMask == 0U)) {
++ Info_h.biRedMask = 0x00FF0000U;
++ Info_h.biGreenMask = 0x0000FF00U;
++ Info_h.biBlueMask = 0x000000FFU;
++ }
+ bmpmask32toimage(pData, stride, image, Info_h.biRedMask, Info_h.biGreenMask,
+ Info_h.biBlueMask, Info_h.biAlphaMask);
+ } else if (Info_h.biBitCount == 16 && Info_h.biCompression == 0) { /* RGBX */