Backport patch for CVE-2017-12982

baf0c1ad4572daa89caa3b12985bdd93530f0dd7.patch

@@ -0,0 +1,25 @@
+From baf0c1ad4572daa89caa3b12985bdd93530f0dd7 Mon Sep 17 00:00:00 2001
+From: Even Rouault <even.rouault@spatialys.com>
+Date: Mon, 14 Aug 2017 17:26:58 +0200
+Subject: [PATCH] bmp_read_info_header(): reject bmp files with biBitCount == 0
+ (#983)
+
+---
+ src/bin/jp2/convertbmp.c | 4 ++++
+ 1 file changed, 4 insertions(+)
+
+diff --git a/src/bin/jp2/convertbmp.c b/src/bin/jp2/convertbmp.c
+index b49e7a080..2715fdf24 100644
+--- a/src/bin/jp2/convertbmp.c
++++ b/src/bin/jp2/convertbmp.c
+@@ -392,6 +392,10 @@ static OPJ_BOOL bmp_read_info_header(FILE* IN, OPJ_BITMAPINFOHEADER* header)
+ 
+     header->biBitCount  = (OPJ_UINT16)getc(IN);
+     header->biBitCount |= (OPJ_UINT16)((OPJ_UINT32)getc(IN) << 8);
++    if (header->biBitCount == 0) {
++        fprintf(stderr, "Error, invalid biBitCount %d\n", 0);
++        return OPJ_FALSE;
++    }
+ 
+     if (header->biSize >= 40U) {
+         header->biCompression  = (OPJ_UINT32)getc(IN);

openjpeg2.spec

@@ -5,7 +5,7 @@
 
 Name:           openjpeg2
 Version:        2.2.0
-Release:        1%{?dist}
+Release:        2%{?dist}
 Summary:        C-Library for JPEG 2000
 
 # windirent.h is MIT, the rest is BSD
@@ -19,6 +19,8 @@ Source1:        data.tar.xz
 
 # Remove bundled libraries
 Patch0:         openjpeg2_remove-thirdparty.patch
+# Backport: bmp_read_info_header(): reject bmp files with biBitCount == 0 (CVE-2017-12982)
+Patch1:         baf0c1ad4572daa89caa3b12985bdd93530f0dd7.patch
 
 BuildRequires:  cmake
 BuildRequires:  zlib-devel
@@ -326,6 +328,9 @@ make test -C %{_target_platform}
 
 
 %changelog
+* Thu Aug 31 2017 Sandro Mani <manisandro@gmail.com> - 2.2.0-2
+- Backport patch for CVE-2017-12982
+
 * Thu Aug 10 2017 Sandro Mani <manisandro@gmail.com> - 2.2.0-1
 - Update to 2.2.0