diff --git a/baf0c1ad4572daa89caa3b12985bdd93530f0dd7.patch b/baf0c1ad4572daa89caa3b12985bdd93530f0dd7.patch new file mode 100644 index 0000000..724cf60 --- /dev/null +++ b/baf0c1ad4572daa89caa3b12985bdd93530f0dd7.patch @@ -0,0 +1,25 @@ +From baf0c1ad4572daa89caa3b12985bdd93530f0dd7 Mon Sep 17 00:00:00 2001 +From: Even Rouault +Date: Mon, 14 Aug 2017 17:26:58 +0200 +Subject: [PATCH] bmp_read_info_header(): reject bmp files with biBitCount == 0 + (#983) + +--- + src/bin/jp2/convertbmp.c | 4 ++++ + 1 file changed, 4 insertions(+) + +diff --git a/src/bin/jp2/convertbmp.c b/src/bin/jp2/convertbmp.c +index b49e7a080..2715fdf24 100644 +--- a/src/bin/jp2/convertbmp.c ++++ b/src/bin/jp2/convertbmp.c +@@ -392,6 +392,10 @@ static OPJ_BOOL bmp_read_info_header(FILE* IN, OPJ_BITMAPINFOHEADER* header) + + header->biBitCount = (OPJ_UINT16)getc(IN); + header->biBitCount |= (OPJ_UINT16)((OPJ_UINT32)getc(IN) << 8); ++ if (header->biBitCount == 0) { ++ fprintf(stderr, "Error, invalid biBitCount %d\n", 0); ++ return OPJ_FALSE; ++ } + + if (header->biSize >= 40U) { + header->biCompression = (OPJ_UINT32)getc(IN); diff --git a/openjpeg2.spec b/openjpeg2.spec index 36c9ceb..6424eac 100644 --- a/openjpeg2.spec +++ b/openjpeg2.spec @@ -5,7 +5,7 @@ Name: openjpeg2 Version: 2.2.0 -Release: 1%{?dist} +Release: 2%{?dist} Summary: C-Library for JPEG 2000 # windirent.h is MIT, the rest is BSD @@ -19,6 +19,8 @@ Source1: data.tar.xz # Remove bundled libraries Patch0: openjpeg2_remove-thirdparty.patch +# Backport: bmp_read_info_header(): reject bmp files with biBitCount == 0 (CVE-2017-12982) +Patch1: baf0c1ad4572daa89caa3b12985bdd93530f0dd7.patch BuildRequires: cmake BuildRequires: zlib-devel @@ -326,6 +328,9 @@ make test -C %{_target_platform} %changelog +* Thu Aug 31 2017 Sandro Mani - 2.2.0-2 +- Backport patch for CVE-2017-12982 + * Thu Aug 10 2017 Sandro Mani - 2.2.0-1 - Update to 2.2.0