2 files changed, 3 insertions, 36 deletions
diff --git a/meta-oe/recipes-graphics/openjpeg/files/0001-bmp_read_info_header-reject-bmp-files-with-biBitCoun.patch b/meta-oe/recipes-graphics/openjpeg/files/0001-bmp_read_info_header-reject-bmp-files-with-biBitCoun.patch
deleted file mode 100644
index 866d9aa41b..0000000000
--- a/meta-oe/recipes-graphics/openjpeg/files/0001-bmp_read_info_header-reject-bmp-files-with-biBitCoun.patch
+++ /dev/null
@@ -1,31 +0,0 @@
-From 226f07e4b49c2757b181c62e6841000c512054e3 Mon Sep 17 00:00:00 2001
-From: Even Rouault <even.rouault@spatialys.com>
-Date: Mon, 14 Aug 2017 17:26:58 +0200
-Subject: [PATCH] bmp_read_info_header(): reject bmp files with biBitCount == 0
- (#983)
-Upstream-Status: Backport [https://github.com/uclouvain/openjpeg/commit/baf0c1ad4572daa89caa3b12985bdd93530f0dd7]
-CVE: CVE-2017-12982
-Signed-off-by: Dengke Du <dengke.du@windriver.com>
---
- src/bin/jp2/convertbmp.c | 4 ++++
- 1 file changed, 4 insertions(+)
-diff --git a/src/bin/jp2/convertbmp.c b/src/bin/jp2/convertbmp.c
-index b49e7a0..2715fdf 100644
--- a/src/bin/jp2/convertbmp.c
-+++ b/src/bin/jp2/convertbmp.c
-@@ -392,6 +392,10 @@ static OPJ_BOOL bmp_read_info_header(FILE* IN, OPJ_BITMAPINFOHEADER* header)
- 
-     header->biBitCount  = (OPJ_UINT16)getc(IN);
-     header->biBitCount |= (OPJ_UINT16)((OPJ_UINT32)getc(IN) << 8);
-+    if (header->biBitCount == 0) {
-+        fprintf(stderr, "Error, invalid biBitCount %d\n", 0);
-+        return OPJ_FALSE;
-+    }
- 
-     if (header->biSize >= 40U) {
-         header->biCompression  = (OPJ_UINT32)getc(IN);
-- 
-2.8.1
diff --git a/meta-oe/recipes-graphics/openjpeg/openjpeg_2.2.0.bb b/meta-oe/recipes-graphics/openjpeg/openjpeg_2.3.0.bb
index 22b75d9623..d5d06206d8 100644
--- a/meta-oe/recipes-graphics/openjpeg/openjpeg_2.2.0.bb
+++ b/meta-oe/recipes-graphics/openjpeg/openjpeg_2.3.0.bb
@@ -5,11 +5,9 @@ LIC_FILES_CHKSUM = "file://LICENSE;md5=c648878b4840d7babaade1303e7f108c"
 DEPENDS = "libpng tiff lcms zlib"
-SRC_URI = "https://github.com/uclouvain/${BPN}/archive/v${PV}.tar.gz;downloadfilename=${BP}.tar.gz \
+SRC_URI = "git://github.com/uclouvain/openjpeg.git"
-           file://0001-bmp_read_info_header-reject-bmp-files-with-biBitCoun.patch \
+SRCREV = "081de4b15f54cb4482035b7bf5e3fb443e4bc84b"
-          "
+S = "${WORKDIR}/git"
-SRC_URI[md5sum] = "269bb0b175476f3addcc0d03bd9a97b6"
-SRC_URI[sha256sum] = "6fddbce5a618e910e03ad00d66e7fcd09cc6ee307ce69932666d54c73b7c6e7b"
 inherit cmake

diff --git a/meta-oe/recipes-graphics/openjpeg/files/0001-bmp_read_info_header-reject-bmp-files-with-biBitCoun.patch b/meta-oe/recipes-graphics/openjpeg/files/0001-bmp_read_info_header-reject-bmp-files-with-biBitCoun.patch deleted file mode 100644 index 866d9aa41b..0000000000 --- a/meta-oe/recipes-graphics/openjpeg/files/0001-bmp_read_info_header-reject-bmp-files-with-biBitCoun.patch +++ /dev/null
@@ -1,31 +0,0 @@
1	From 226f07e4b49c2757b181c62e6841000c512054e3 Mon Sep 17 00:00:00 2001
2	From: Even Rouault <even.rouault@spatialys.com>
3	Date: Mon, 14 Aug 2017 17:26:58 +0200
4	Subject: [PATCH] bmp_read_info_header(): reject bmp files with biBitCount == 0
5	(#983)
6
7	Upstream-Status: Backport [https://github.com/uclouvain/openjpeg/commit/baf0c1ad4572daa89caa3b12985bdd93530f0dd7]
8	CVE: CVE-2017-12982
9	Signed-off-by: Dengke Du <dengke.du@windriver.com>
10	---
11	src/bin/jp2/convertbmp.c \| 4 ++++
12	1 file changed, 4 insertions(+)
13
14	diff --git a/src/bin/jp2/convertbmp.c b/src/bin/jp2/convertbmp.c
15	index b49e7a0..2715fdf 100644
16	--- a/src/bin/jp2/convertbmp.c
17	+++ b/src/bin/jp2/convertbmp.c
18	@@ -392,6 +392,10 @@ static OPJ_BOOL bmp_read_info_header(FILE* IN, OPJ_BITMAPINFOHEADER* header)
19
20	header->biBitCount = (OPJ_UINT16)getc(IN);
21	header->biBitCount \|= (OPJ_UINT16)((OPJ_UINT32)getc(IN) << 8);
22	+ if (header->biBitCount == 0) {
23	+ fprintf(stderr, "Error, invalid biBitCount %d\n", 0);
24	+ return OPJ_FALSE;
25	+ }
26
27	if (header->biSize >= 40U) {
28	header->biCompression = (OPJ_UINT32)getc(IN);
29	--
30	2.8.1
31


diff --git a/meta-oe/recipes-graphics/openjpeg/openjpeg_2.2.0.bb b/meta-oe/recipes-graphics/openjpeg/openjpeg_2.3.0.bb index 22b75d9623..d5d06206d8 100644 --- a/meta-oe/recipes-graphics/openjpeg/openjpeg_2.2.0.bb +++ b/meta-oe/recipes-graphics/openjpeg/openjpeg_2.3.0.bb
@@ -5,11 +5,9 @@ LIC_FILES_CHKSUM = "file://LICENSE;md5=c648878b4840d7babaade1303e7f108c"
5		5
6	DEPENDS = "libpng tiff lcms zlib"	6	DEPENDS = "libpng tiff lcms zlib"
7		7
8	SRC_URI = "https://github.com/uclouvain/${BPN}/archive/v${PV}.tar.gz;downloadfilename=${BP}.tar.gz \	8	SRC_URI = "git://github.com/uclouvain/openjpeg.git"
9	file://0001-bmp_read_info_header-reject-bmp-files-with-biBitCoun.patch \	9	SRCREV = "081de4b15f54cb4482035b7bf5e3fb443e4bc84b"
10	"	10	S = "${WORKDIR}/git"
11	SRC_URI[md5sum] = "269bb0b175476f3addcc0d03bd9a97b6"
12	SRC_URI[sha256sum] = "6fddbce5a618e910e03ad00d66e7fcd09cc6ee307ce69932666d54c73b7c6e7b"
13		11
14	inherit cmake	12	inherit cmake
15		13