01/01: gnu: openjpeg: Fix CVE-2017-12982.

guix-commits

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

01/01: gnu: openjpeg: Fix CVE-2017-12982.

From:	Efraim Flashner
Subject:	01/01: gnu: openjpeg: Fix CVE-2017-12982.
Date:	Wed, 23 Aug 2017 14:09:02 -0400 (EDT)

efraim pushed a commit to branch master
in repository guix.

commit f00e328fd37eda2ed0f706ca03a021e72a6b2350
Author: Efraim Flashner <address@hidden>
Date:   Wed Aug 23 21:07:07 2017 +0300

    gnu: openjpeg: Fix CVE-2017-12982.
    
    * gnu/packages/image.scm (openjepg)[source]: Add patch.
    * gnu/packages/patches/openjpeg-CVE-2017-12982.patch: New file.
    * gnu/local.mk (dist_patch_DATA): Register it.
---
 gnu/local.mk                                       |  1 +
 gnu/packages/image.scm                             |  3 ++-
 gnu/packages/patches/openjpeg-CVE-2017-12982.patch | 28 ++++++++++++++++++++++
 3 files changed, 31 insertions(+), 1 deletion(-)

diff --git a/gnu/local.mk b/gnu/local.mk
index 253e0c8..f72bb52 100644
--- a/gnu/local.mk
+++ b/gnu/local.mk
@@ -901,6 +901,7 @@ dist_patch_DATA =                                           
\
   %D%/packages/patches/ola-readdir-r.patch                     \
   %D%/packages/patches/openscenegraph-ffmpeg3.patch             \
   %D%/packages/patches/openexr-missing-samples.patch           \
+  %D%/packages/patches/openjpeg-CVE-2017-12982.patch           \
   %D%/packages/patches/openldap-CVE-2017-9287.patch            \
   %D%/packages/patches/openocd-nrf52.patch                     \
   %D%/packages/patches/openssl-runpath.patch                   \
diff --git a/gnu/packages/image.scm b/gnu/packages/image.scm
index 3f8b520..b629d3b 100644
--- a/gnu/packages/image.scm
+++ b/gnu/packages/image.scm
@@ -549,7 +549,8 @@ work.")
         (file-name (string-append name "-" version ".tar.gz"))
         (sha256
          (base32
-          "0yvfghxwfm3dcqr9krkw63pcd76hzkknc3fh7bh11s8qlvjvrpbg"))))
+          "0yvfghxwfm3dcqr9krkw63pcd76hzkknc3fh7bh11s8qlvjvrpbg"))
+        (patches (search-patches "openjpeg-CVE-2017-12982.patch"))))
     (build-system cmake-build-system)
     (arguments
       ;; Trying to run `$ make check' results in a no rule fault.
diff --git a/gnu/packages/patches/openjpeg-CVE-2017-12982.patch 
b/gnu/packages/patches/openjpeg-CVE-2017-12982.patch
new file mode 100644
index 0000000..3929a73
--- /dev/null
+++ b/gnu/packages/patches/openjpeg-CVE-2017-12982.patch
@@ -0,0 +1,28 @@
+http://openwall.com/lists/oss-security/2017/08/21/1
+https://github.com/uclouvain/openjpeg/commit/baf0c1ad4572daa89caa3b12985bdd93530f0dd7.patch
+
+From baf0c1ad4572daa89caa3b12985bdd93530f0dd7 Mon Sep 17 00:00:00 2001
+From: Even Rouault <address@hidden>
+Date: Mon, 14 Aug 2017 17:26:58 +0200
+Subject: [PATCH] bmp_read_info_header(): reject bmp files with biBitCount == 0
+ (#983)
+
+---
+ src/bin/jp2/convertbmp.c | 4 ++++
+ 1 file changed, 4 insertions(+)
+
+diff --git a/src/bin/jp2/convertbmp.c b/src/bin/jp2/convertbmp.c
+index b49e7a080..2715fdf24 100644
+--- a/src/bin/jp2/convertbmp.c
++++ b/src/bin/jp2/convertbmp.c
+@@ -392,6 +392,10 @@ static OPJ_BOOL bmp_read_info_header(FILE* IN, 
OPJ_BITMAPINFOHEADER* header)
+ 
+     header->biBitCount  = (OPJ_UINT16)getc(IN);
+     header->biBitCount |= (OPJ_UINT16)((OPJ_UINT32)getc(IN) << 8);
++    if (header->biBitCount == 0) {
++        fprintf(stderr, "Error, invalid biBitCount %d\n", 0);
++        return OPJ_FALSE;
++    }
+ 
+     if (header->biSize >= 40U) {
+         header->biCompression  = (OPJ_UINT32)getc(IN);

[Prev in Thread]

Current Thread

[Next in Thread]

branch master updated (d7eea7d -> f00e328), Efraim Flashner, 2017/08/23
- 01/01: gnu: openjpeg: Fix CVE-2017-12982., Efraim Flashner <=

Prev by Date: branch master updated (d7eea7d -> f00e328)
Next by Date: branch master updated (f00e328 -> f810390)
Previous by thread: branch master updated (d7eea7d -> f00e328)
Next by thread: branch master updated (f00e328 -> f810390)
Index(es):
- Date
- Thread