diff options
| author | Efraim Flashner <efraim@flashner.co.il> | 2017-08-23 21:07:07 +0300 |
|---|---|---|
| committer | Efraim Flashner <efraim@flashner.co.il> | 2017-08-23 21:07:07 +0300 |
| commit | f00e328fd37eda2ed0f706ca03a021e72a6b2350 (patch) | |
| tree | e06986cca7231116ffd5ce487ce1086f659c885f /gnu/packages | |
| parent | d7eea7d7ae8ba2e97eadb487f1a532fa19b1f294 (diff) | |
| download | gnu-guix-f00e328fd37eda2ed0f706ca03a021e72a6b2350.tar gnu-guix-f00e328fd37eda2ed0f706ca03a021e72a6b2350.tar.gz | |
gnu: openjpeg: Fix CVE-2017-12982.
* gnu/packages/image.scm (openjepg)[source]: Add patch.
* gnu/packages/patches/openjpeg-CVE-2017-12982.patch: New file.
* gnu/local.mk (dist_patch_DATA): Register it.
Diffstat (limited to 'gnu/packages')
| -rw-r--r-- | gnu/packages/image.scm | 3 | ||||
| -rw-r--r-- | gnu/packages/patches/openjpeg-CVE-2017-12982.patch | 28 |
2 files changed, 30 insertions, 1 deletions
diff --git a/gnu/packages/image.scm b/gnu/packages/image.scm index 3f8b520aec..b629d3b206 100644 --- a/gnu/packages/image.scm +++ b/gnu/packages/image.scm @@ -549,7 +549,8 @@ work.") (file-name (string-append name "-" version ".tar.gz")) (sha256 (base32 - "0yvfghxwfm3dcqr9krkw63pcd76hzkknc3fh7bh11s8qlvjvrpbg")))) + "0yvfghxwfm3dcqr9krkw63pcd76hzkknc3fh7bh11s8qlvjvrpbg")) + (patches (search-patches "openjpeg-CVE-2017-12982.patch")))) (build-system cmake-build-system) (arguments ;; Trying to run `$ make check' results in a no rule fault. diff --git a/gnu/packages/patches/openjpeg-CVE-2017-12982.patch b/gnu/packages/patches/openjpeg-CVE-2017-12982.patch new file mode 100644 index 0000000000..3929a73570 --- /dev/null +++ b/gnu/packages/patches/openjpeg-CVE-2017-12982.patch @@ -0,0 +1,28 @@ +http://openwall.com/lists/oss-security/2017/08/21/1 +https://github.com/uclouvain/openjpeg/commit/baf0c1ad4572daa89caa3b12985bdd93530f0dd7.patch + +From baf0c1ad4572daa89caa3b12985bdd93530f0dd7 Mon Sep 17 00:00:00 2001 +From: Even Rouault <even.rouault@spatialys.com> +Date: Mon, 14 Aug 2017 17:26:58 +0200 +Subject: [PATCH] bmp_read_info_header(): reject bmp files with biBitCount == 0 + (#983) + +--- + src/bin/jp2/convertbmp.c | 4 ++++ + 1 file changed, 4 insertions(+) + +diff --git a/src/bin/jp2/convertbmp.c b/src/bin/jp2/convertbmp.c +index b49e7a080..2715fdf24 100644 +--- a/src/bin/jp2/convertbmp.c ++++ b/src/bin/jp2/convertbmp.c +@@ -392,6 +392,10 @@ static OPJ_BOOL bmp_read_info_header(FILE* IN, OPJ_BITMAPINFOHEADER* header) + + header->biBitCount = (OPJ_UINT16)getc(IN); + header->biBitCount |= (OPJ_UINT16)((OPJ_UINT32)getc(IN) << 8); ++ if (header->biBitCount == 0) { ++ fprintf(stderr, "Error, invalid biBitCount %d\n", 0); ++ return OPJ_FALSE; ++ } + + if (header->biSize >= 40U) { + header->biCompression = (OPJ_UINT32)getc(IN); |