2 files changed, 36 insertions, 3 deletions
diff --git a/meta-oe/recipes-graphics/openjpeg/files/0001-bmp_read_info_header-reject-bmp-files-with-biBitCoun.patch b/meta-oe/recipes-graphics/openjpeg/files/0001-bmp_read_info_header-reject-bmp-files-with-biBitCoun.patch
new file mode 100644
index 0000000000..866d9aa41b
--- /dev/null
+++ b/meta-oe/recipes-graphics/openjpeg/files/0001-bmp_read_info_header-reject-bmp-files-with-biBitCoun.patch
@@ -0,0 +1,31 @@
+From 226f07e4b49c2757b181c62e6841000c512054e3 Mon Sep 17 00:00:00 2001
+From: Even Rouault <even.rouault@spatialys.com>
+Date: Mon, 14 Aug 2017 17:26:58 +0200
+Subject: [PATCH] bmp_read_info_header(): reject bmp files with biBitCount == 0
+ (#983)
+Upstream-Status: Backport [https://github.com/uclouvain/openjpeg/commit/baf0c1ad4572daa89caa3b12985bdd93530f0dd7]
+CVE: CVE-2017-12982
+Signed-off-by: Dengke Du <dengke.du@windriver.com>
+---
+ src/bin/jp2/convertbmp.c | 4 ++++
+ 1 file changed, 4 insertions(+)
+diff --git a/src/bin/jp2/convertbmp.c b/src/bin/jp2/convertbmp.c
+index b49e7a0..2715fdf 100644
+--- a/src/bin/jp2/convertbmp.c
+++ b/src/bin/jp2/convertbmp.c
+@@ -392,6 +392,10 @@ static OPJ_BOOL bmp_read_info_header(FILE* IN, OPJ_BITMAPINFOHEADER* header)
+ 
+     header->biBitCount  = (OPJ_UINT16)getc(IN);
+     header->biBitCount |= (OPJ_UINT16)((OPJ_UINT32)getc(IN) << 8);
+    if (header->biBitCount == 0) {
+        fprintf(stderr, "Error, invalid biBitCount %d\n", 0);
+        return OPJ_FALSE;
+    }
+ 
+     if (header->biSize >= 40U) {
+         header->biCompression  = (OPJ_UINT32)getc(IN);
+-- 
+2.8.1
diff --git a/meta-oe/recipes-graphics/openjpeg/openjpeg_2.1.1.bb b/meta-oe/recipes-graphics/openjpeg/openjpeg_2.2.0.bb
index fa4f7964a2..4ef1c408fd 100644
--- a/meta-oe/recipes-graphics/openjpeg/openjpeg_2.1.1.bb
+++ b/meta-oe/recipes-graphics/openjpeg/openjpeg_2.2.0.bb
@@ -4,9 +4,11 @@ HOMEPAGE = "http://www.openjpeg.org"
 LICENSE = "BSD"
 LIC_FILES_CHKSUM = "file://LICENSE;md5=c648878b4840d7babaade1303e7f108c"
-SRC_URI = "https://github.com/uclouvain/${BPN}/archive/v${PV}.tar.gz;downloadfilename=${BP}.tar.gz"
+SRC_URI = "https://github.com/uclouvain/${BPN}/archive/v${PV}.tar.gz;downloadfilename=${BP}.tar.gz \
-SRC_URI[md5sum] = "0cc4b2aee0a9b6e9e21b7abcd201a3ec"
+           file://0001-bmp_read_info_header-reject-bmp-files-with-biBitCoun.patch \
-SRC_URI[sha256sum] = "82c27f47fc7219e2ed5537ac69545bf15ed8c6ba8e6e1e529f89f7356506dbaa"
+          "
+SRC_URI[md5sum] = "269bb0b175476f3addcc0d03bd9a97b6"
+SRC_URI[sha256sum] = "6fddbce5a618e910e03ad00d66e7fcd09cc6ee307ce69932666d54c73b7c6e7b"
 inherit cmake

diff --git a/meta-oe/recipes-graphics/openjpeg/files/0001-bmp_read_info_header-reject-bmp-files-with-biBitCoun.patch b/meta-oe/recipes-graphics/openjpeg/files/0001-bmp_read_info_header-reject-bmp-files-with-biBitCoun.patch new file mode 100644 index 0000000000..866d9aa41b --- /dev/null +++ b/meta-oe/recipes-graphics/openjpeg/files/0001-bmp_read_info_header-reject-bmp-files-with-biBitCoun.patch
@@ -0,0 +1,31 @@
		1	From 226f07e4b49c2757b181c62e6841000c512054e3 Mon Sep 17 00:00:00 2001
		2	From: Even Rouault <even.rouault@spatialys.com>
		3	Date: Mon, 14 Aug 2017 17:26:58 +0200
		4	Subject: [PATCH] bmp_read_info_header(): reject bmp files with biBitCount == 0
		5	(#983)
		6
		7	Upstream-Status: Backport [https://github.com/uclouvain/openjpeg/commit/baf0c1ad4572daa89caa3b12985bdd93530f0dd7]
		8	CVE: CVE-2017-12982
		9	Signed-off-by: Dengke Du <dengke.du@windriver.com>
		10	---
		11	src/bin/jp2/convertbmp.c \| 4 ++++
		12	1 file changed, 4 insertions(+)
		13
		14	diff --git a/src/bin/jp2/convertbmp.c b/src/bin/jp2/convertbmp.c
		15	index b49e7a0..2715fdf 100644
		16	--- a/src/bin/jp2/convertbmp.c
		17	+++ b/src/bin/jp2/convertbmp.c
		18	@@ -392,6 +392,10 @@ static OPJ_BOOL bmp_read_info_header(FILE* IN, OPJ_BITMAPINFOHEADER* header)
		19
		20	header->biBitCount = (OPJ_UINT16)getc(IN);
		21	header->biBitCount \|= (OPJ_UINT16)((OPJ_UINT32)getc(IN) << 8);
		22	+ if (header->biBitCount == 0) {
		23	+ fprintf(stderr, "Error, invalid biBitCount %d\n", 0);
		24	+ return OPJ_FALSE;
		25	+ }
		26
		27	if (header->biSize >= 40U) {
		28	header->biCompression = (OPJ_UINT32)getc(IN);
		29	--
		30	2.8.1
		31


diff --git a/meta-oe/recipes-graphics/openjpeg/openjpeg_2.1.1.bb b/meta-oe/recipes-graphics/openjpeg/openjpeg_2.2.0.bb index fa4f7964a2..4ef1c408fd 100644 --- a/meta-oe/recipes-graphics/openjpeg/openjpeg_2.1.1.bb +++ b/meta-oe/recipes-graphics/openjpeg/openjpeg_2.2.0.bb
@@ -4,9 +4,11 @@ HOMEPAGE = "http://www.openjpeg.org"
4	LICENSE = "BSD"	4	LICENSE = "BSD"
5	LIC_FILES_CHKSUM = "file://LICENSE;md5=c648878b4840d7babaade1303e7f108c"	5	LIC_FILES_CHKSUM = "file://LICENSE;md5=c648878b4840d7babaade1303e7f108c"
6		6
7	SRC_URI = "https://github.com/uclouvain/${BPN}/archive/v${PV}.tar.gz;downloadfilename=${BP}.tar.gz"	7	SRC_URI = "https://github.com/uclouvain/${BPN}/archive/v${PV}.tar.gz;downloadfilename=${BP}.tar.gz \
8	SRC_URI[md5sum] = "0cc4b2aee0a9b6e9e21b7abcd201a3ec"	8	file://0001-bmp_read_info_header-reject-bmp-files-with-biBitCoun.patch \
9	SRC_URI[sha256sum] = "82c27f47fc7219e2ed5537ac69545bf15ed8c6ba8e6e1e529f89f7356506dbaa"	9	"
		10	SRC_URI[md5sum] = "269bb0b175476f3addcc0d03bd9a97b6"
		11	SRC_URI[sha256sum] = "6fddbce5a618e910e03ad00d66e7fcd09cc6ee307ce69932666d54c73b7c6e7b"
10		12
11	inherit cmake	13	inherit cmake
12		14