diff options
| author | Francesco Colista <fcolista@alpinelinux.org> | 2017-08-23 09:51:25 +0000 |
|---|---|---|
| committer | Francesco Colista <fcolista@alpinelinux.org> | 2017-08-23 10:00:32 +0000 |
| commit | 46b2f52fae679185e9d21306e7c3ae07197d1425 (patch) | |
| tree | 79ede179ffacecb46d8a5e4664ebebf33054350e /main/openjpeg | |
| parent | 02dbd8c295772ce0004692ce03757de470e16af4 (diff) | |
| download | aports-46b2f52fae679185e9d21306e7c3ae07197d1425.tar.bz2 aports-46b2f52fae679185e9d21306e7c3ae07197d1425.tar.xz | |
main/openjpeg: security fix for CVE-2017-12982. Fixes #7712
Diffstat (limited to 'main/openjpeg')
| -rw-r--r-- | main/openjpeg/APKBUILD | 10 | ||||
| -rw-r--r-- | main/openjpeg/CVE-2017-12982.patch | 25 |
2 files changed, 32 insertions, 3 deletions
diff --git a/main/openjpeg/APKBUILD b/main/openjpeg/APKBUILD index 39271f79ea..bc3a38e750 100644 --- a/main/openjpeg/APKBUILD +++ b/main/openjpeg/APKBUILD @@ -2,7 +2,7 @@ # Maintainer: Francesco Colista <fcolista@alpinelinux.org> pkgname=openjpeg pkgver=2.2.0 -pkgrel=0 +pkgrel=1 pkgdesc="Open-source implementation of JPEG2000 image codec" url="http://www.openjpeg.org/" arch="all" @@ -12,7 +12,8 @@ depends_dev="" makedepends="$depends_dev libpng-dev tiff-dev lcms-dev doxygen cmake" install="" subpackages="$pkgname-dev $pkgname-tools" -source="$pkgname-$pkgver.tar.gz::https://github.com/uclouvain/openjpeg/archive/v$pkgver.tar.gz" +source="$pkgname-$pkgver.tar.gz::https://github.com/uclouvain/openjpeg/archive/v$pkgver.tar.gz + CVE-2017-12982.patch" builddir="${srcdir}/$pkgname-$pkgver" build() { @@ -27,6 +28,8 @@ build() { } # secfixes: +# 2.2.0-r1: +# - CVE-2017-12982 # 2.1.2-r1: # - CVE-2016-9580 # - CVE-2016-9581 @@ -42,4 +45,5 @@ tools() { mv "$pkgdir"/usr/bin "$subpkgdir"/usr/ } -sha512sums="20651c380bee582ab1950994c424cc00061ad852e9c5438fb32a9809e3f275571a4cc7e92589add0d91debf2394262e58f441c2dd918809fc1c602ed68396a3a openjpeg-2.2.0.tar.gz" +sha512sums="20651c380bee582ab1950994c424cc00061ad852e9c5438fb32a9809e3f275571a4cc7e92589add0d91debf2394262e58f441c2dd918809fc1c602ed68396a3a openjpeg-2.2.0.tar.gz +0e0ce7bdf53c4b6f1b2e9e5f855186763a1bea39b70bdc1fd5b60a5516036a04562cb43030e9946972009e3733d0efadb8ba4825939e32ba6b9419d6428ee9ad CVE-2017-12982.patch" diff --git a/main/openjpeg/CVE-2017-12982.patch b/main/openjpeg/CVE-2017-12982.patch new file mode 100644 index 0000000000..724cf602d1 --- /dev/null +++ b/main/openjpeg/CVE-2017-12982.patch @@ -0,0 +1,25 @@ +From baf0c1ad4572daa89caa3b12985bdd93530f0dd7 Mon Sep 17 00:00:00 2001 +From: Even Rouault <even.rouault@spatialys.com> +Date: Mon, 14 Aug 2017 17:26:58 +0200 +Subject: [PATCH] bmp_read_info_header(): reject bmp files with biBitCount == 0 + (#983) + +--- + src/bin/jp2/convertbmp.c | 4 ++++ + 1 file changed, 4 insertions(+) + +diff --git a/src/bin/jp2/convertbmp.c b/src/bin/jp2/convertbmp.c +index b49e7a080..2715fdf24 100644 +--- a/src/bin/jp2/convertbmp.c ++++ b/src/bin/jp2/convertbmp.c +@@ -392,6 +392,10 @@ static OPJ_BOOL bmp_read_info_header(FILE* IN, OPJ_BITMAPINFOHEADER* header) + + header->biBitCount = (OPJ_UINT16)getc(IN); + header->biBitCount |= (OPJ_UINT16)((OPJ_UINT32)getc(IN) << 8); ++ if (header->biBitCount == 0) { ++ fprintf(stderr, "Error, invalid biBitCount %d\n", 0); ++ return OPJ_FALSE; ++ } + + if (header->biSize >= 40U) { + header->biCompression = (OPJ_UINT32)getc(IN); |