main/openjpeg: security fixes

- CVE-2017-14040
- CVE-2017-14041
- CVE-2017-14151
- CVE-2017-14152
- CVE-2017-14164

Fixes partially #7825.
Not yet fixed CVE-2017-14039 since patch is not available for 2.2.0

1 files changed, 22 insertions, 0 deletions

diff --git a/main/openjpeg/CVE-2017-14041.patch b/main/openjpeg/CVE-2017-14041.patch
new file mode 100644
index 0000000000..ebfe1ad27f
--- /dev/null
+++ b/main/openjpeg/CVE-2017-14041.patch
@@ -0,0 +1,22 @@
+From e5285319229a5d77bf316bb0d3a6cbd3cb8666d9 Mon Sep 17 00:00:00 2001
+From: Even Rouault <even.rouault@spatialys.com>
+Date: Fri, 18 Aug 2017 13:39:20 +0200
+Subject: [PATCH] pgxtoimage(): fix write stack buffer overflow (#997)
+
+---
+ src/bin/jp2/convert.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/src/bin/jp2/convert.c b/src/bin/jp2/convert.c
+index 5459f7d44..e606c9be7 100644
+--- a/src/bin/jp2/convert.c
++++ b/src/bin/jp2/convert.c
+@@ -1185,7 +1185,7 @@ opj_image_t* pgxtoimage(const char *filename, opj_cparameters_t *parameters)
+     }
+ 
+     fseek(f, 0, SEEK_SET);
+-    if (fscanf(f, "PG%[ \t]%c%c%[ \t+-]%d%[ \t]%d%[ \t]%d", temp, &endian1,
++    if (fscanf(f, "PG%31[ \t]%c%c%31[ \t+-]%d%31[ \t]%d%31[ \t]%d", temp, &endian1,
+                &endian2, signtmp, &prec, temp, &w, temp, &h) != 9) {
+         fclose(f);
+         fprintf(stderr,