aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
Diffstat
-rw-r--r--main/openjpeg/APKBUILD16
-rw-r--r--main/openjpeg/CVE-2017-12982.patch25
2 files changed, 36 insertions, 5 deletions
diff --git a/main/openjpeg/APKBUILD b/main/openjpeg/APKBUILD
index d1e2ab558f..7f8c248fb1 100644
--- a/main/openjpeg/APKBUILD
+++ b/main/openjpeg/APKBUILD
@@ -2,7 +2,7 @@
# Maintainer:
pkgname=openjpeg
pkgver=2.1.2
-pkgrel=1
+pkgrel=2
pkgdesc="Open-source implementation of JPEG2000 image codec"
url="http://www.openjpeg.org/"
arch="all"
@@ -13,7 +13,8 @@ makedepends="$depends_dev libpng-dev tiff-dev lcms-dev doxygen cmake"
install=""
subpackages="$pkgname-dev $pkgname-tools"
source="$pkgname-$pkgver.tar.gz::https://github.com/uclouvain/openjpeg/archive/v$pkgver.tar.gz
-CVE-2016-9580-9581.patch"
+ CVE-2016-9580-9581.patch
+ CVE-2017-12982.patch"
builddir="${srcdir}/$pkgname-$pkgver"
build() {
@@ -28,6 +29,8 @@ build() {
}
# secfixes:
+# 2.1.2-r2:
+# - CVE-2017-12982
# 2.1.2-r1:
# - CVE-2016-9580
# - CVE-2016-9581
@@ -44,8 +47,11 @@ tools() {
}
md5sums="40a7bfdcc66280b3c1402a0eb1a27624 openjpeg-2.1.2.tar.gz
-a5971d486b670e76d5e473ff15e65405 CVE-2016-9580-9581.patch"
+a5971d486b670e76d5e473ff15e65405 CVE-2016-9580-9581.patch
+8dac6b8c8cb72f43e59ce785ea07eb32 CVE-2017-12982.patch"
sha256sums="4ce77b6ef538ef090d9bde1d5eeff8b3069ab56c4906f083475517c2c023dfa7 openjpeg-2.1.2.tar.gz
-e352e9480925a31804d965c673545eeaa32d0a47605abaaa09b515ca956058ba CVE-2016-9580-9581.patch"
+e352e9480925a31804d965c673545eeaa32d0a47605abaaa09b515ca956058ba CVE-2016-9580-9581.patch
+2693934f4e57a57ec28f9b4fa7664c79e8a200910ef7fbe41a72b8cf1e5b711f CVE-2017-12982.patch"
sha512sums="411067e33c8e4da9921d0281e932a4ac2af592cf822bfad828daea9e2b9c414859455bcec6d912ce76460ea462fa4cbd94a401333bda5716ec017d18b8e5942c openjpeg-2.1.2.tar.gz
-bffe1126c18296fdc1e7f98437e2b468b8b16c4903d504dc9abf24a9b8e02f18e86200038c5a59c061c40d41b42f6b378776ed0040559bb362a3a592928941d7 CVE-2016-9580-9581.patch"
+bffe1126c18296fdc1e7f98437e2b468b8b16c4903d504dc9abf24a9b8e02f18e86200038c5a59c061c40d41b42f6b378776ed0040559bb362a3a592928941d7 CVE-2016-9580-9581.patch
+0e0ce7bdf53c4b6f1b2e9e5f855186763a1bea39b70bdc1fd5b60a5516036a04562cb43030e9946972009e3733d0efadb8ba4825939e32ba6b9419d6428ee9ad CVE-2017-12982.patch"
diff --git a/main/openjpeg/CVE-2017-12982.patch b/main/openjpeg/CVE-2017-12982.patch
new file mode 100644
index 0000000000..724cf602d1
--- /dev/null
+++ b/main/openjpeg/CVE-2017-12982.patch
@@ -0,0 +1,25 @@
+From baf0c1ad4572daa89caa3b12985bdd93530f0dd7 Mon Sep 17 00:00:00 2001
+From: Even Rouault <even.rouault@spatialys.com>
+Date: Mon, 14 Aug 2017 17:26:58 +0200
+Subject: [PATCH] bmp_read_info_header(): reject bmp files with biBitCount == 0
+ (#983)
+
+---
+ src/bin/jp2/convertbmp.c | 4 ++++
+ 1 file changed, 4 insertions(+)
+
+diff --git a/src/bin/jp2/convertbmp.c b/src/bin/jp2/convertbmp.c
+index b49e7a080..2715fdf24 100644
+--- a/src/bin/jp2/convertbmp.c
++++ b/src/bin/jp2/convertbmp.c
+@@ -392,6 +392,10 @@ static OPJ_BOOL bmp_read_info_header(FILE* IN, OPJ_BITMAPINFOHEADER* header)
+
+ header->biBitCount = (OPJ_UINT16)getc(IN);
+ header->biBitCount |= (OPJ_UINT16)((OPJ_UINT32)getc(IN) << 8);
++ if (header->biBitCount == 0) {
++ fprintf(stderr, "Error, invalid biBitCount %d\n", 0);
++ return OPJ_FALSE;
++ }
+
+ if (header->biSize >= 40U) {
+ header->biCompression = (OPJ_UINT32)getc(IN);
generated by cgit v1.2.3 (git 2.25.1) at 2025-09-12 22:07:48 +0000