gnu: openjpeg: Fix CVE-2017-12982.

* gnu/packages/image.scm (openjepg)[source]: Add patch. * gnu/packages/patches/openjpeg-CVE-2017-12982.patch: New file. * gnu/local.mk (dist_patch_DATA): Register it.
2025-01-11 13:49:23 -05:00 · 2017-08-23 21:07:07 +03:00 · 2017-08-23 21:07:07 +03:00 · f00e328fd3
commit f00e328fd3
parent d7eea7d7ae
3 changed files with 31 additions and 1 deletions
--- a/gnu/local.mk
+++ b/gnu/local.mk
@ -901,6 +901,7 @@ dist_patch_DATA =						\
  %D%/packages/patches/ola-readdir-r.patch			\
  %D%/packages/patches/openscenegraph-ffmpeg3.patch             \
  %D%/packages/patches/openexr-missing-samples.patch		\
  %D%/packages/patches/openjpeg-CVE-2017-12982.patch		\
  %D%/packages/patches/openldap-CVE-2017-9287.patch		\
  %D%/packages/patches/openocd-nrf52.patch			\
  %D%/packages/patches/openssl-runpath.patch			\
--- a/gnu/packages/image.scm
+++ b/gnu/packages/image.scm
@ -549,7 +549,8 @@ (define-public openjpeg
        (file-name (string-append name "-" version ".tar.gz"))
        (sha256
         (base32
-          "0yvfghxwfm3dcqr9krkw63pcd76hzkknc3fh7bh11s8qlvjvrpbg"))))
+          "0yvfghxwfm3dcqr9krkw63pcd76hzkknc3fh7bh11s8qlvjvrpbg"))
        (patches (search-patches "openjpeg-CVE-2017-12982.patch"))))
    (build-system cmake-build-system)
    (arguments
      ;; Trying to run `$ make check' results in a no rule fault.
--- a/gnu/packages/patches/openjpeg-CVE-2017-12982.patch
+++ b/gnu/packages/patches/openjpeg-CVE-2017-12982.patch
@ -0,0 +1,28 @@
 http://openwall.com/lists/oss-security/2017/08/21/1
 https://github.com/uclouvain/openjpeg/commit/baf0c1ad4572daa89caa3b12985bdd93530f0dd7.patch
 From baf0c1ad4572daa89caa3b12985bdd93530f0dd7 Mon Sep 17 00:00:00 2001
 From: Even Rouault <even.rouault@spatialys.com>
 Date: Mon, 14 Aug 2017 17:26:58 +0200
 Subject: [PATCH] bmp_read_info_header(): reject bmp files with biBitCount == 0
 (#983)
 ---
 src/bin/jp2/convertbmp.c | 4 ++++
 1 file changed, 4 insertions(+)
 diff --git a/src/bin/jp2/convertbmp.c b/src/bin/jp2/convertbmp.c
 index b49e7a080..2715fdf24 100644
 --- a/src/bin/jp2/convertbmp.c
 +++ b/src/bin/jp2/convertbmp.c
@@ -392,6 +392,10 @@ static OPJ_BOOL bmp_read_info_header(FILE* IN, OPJ_BITMAPINFOHEADER* header)
     header->biBitCount  = (OPJ_UINT16)getc(IN);
     header->biBitCount |= (OPJ_UINT16)((OPJ_UINT32)getc(IN) << 8);
 +    if (header->biBitCount == 0) {
 +        fprintf(stderr, "Error, invalid biBitCount %d\n", 0);
 +        return OPJ_FALSE;
 +    }
     if (header->biSize >= 40U) {
         header->biCompression  = (OPJ_UINT32)getc(IN);