From 414f3350fdb37c3372051083a0e734387683c223 Mon Sep 17 00:00:00 2001 From: Josef Ridky Date: Apr 10 2018 10:52:16 +0000 Subject: CVE-2017-17760 --- diff --git a/opencv-CVE-2017-17760.patch b/opencv-CVE-2017-17760.patch new file mode 100644 index 0000000..ad53391 --- /dev/null +++ b/opencv-CVE-2017-17760.patch @@ -0,0 +1,12 @@ +diff -urNp old/modules/imgcodecs/src/grfmt_pxm.cpp new/modules/imgcodecs/src/grfmt_pxm.cpp +--- old/modules/imgcodecs/src/grfmt_pxm.cpp 2018-04-10 12:40:15.926177118 +0200 ++++ new/modules/imgcodecs/src/grfmt_pxm.cpp 2018-04-10 12:42:39.932022243 +0200 +@@ -309,7 +309,7 @@ bool PxMDecoder::readData( Mat& img ) + } + } + else +- memcpy( data, src, CV_ELEM_SIZE1(m_type)*m_width); ++ memcpy( data, src, img.elemSize1()*m_width); + } + else + { diff --git a/opencv.spec b/opencv.spec index 83435dd..2af6192 100644 --- a/opencv.spec +++ b/opencv.spec @@ -34,7 +34,7 @@ Name: opencv Version: 3.2.0 -Release: 14%{?dist} +Release: 15%{?dist} Summary: Collection of algorithms for computer vision Group: Development/Libraries # This is normal three clause BSD. @@ -65,6 +65,7 @@ Source1: %{name}_contrib-clean-%{version}.tar.gz Patch1: opencv-3.2.0-cmake_paths.patch Patch2: opencv-3.1-pillow.patch Patch3: opencv-3.2.0-test-file-fix.patch +Patch4: opencv-CVE-2017-17760.patch BuildRequires: libtool BuildRequires: cmake >= 2.6.3 @@ -222,6 +223,7 @@ rm -rf modules/dnn/ %patch3 -p1 -b .fixtest popd +%patch4 -p1 -b .CVE-2017-17760 # fix dos end of lines #sed -i 's|\r||g' samples/c/adaptiveskindetector.cpp @@ -393,6 +395,9 @@ popd %{_libdir}/libopencv_xphoto.so.%{abiver}* %changelog +* Tue Apr 10 2018 Josef Ridky - 3.2.0-15 +- Fix for CVE-2017-17760 (#1530748) + * Sun Jan 28 2018 Sérgio Basto - 3.2.0-14 - Rebuilt (#1533660)