- security update:

* CVE-2017-15232 [bsc#1062937]
    + libjpeg-turbo-CVE-2017-15232.patch

- security update:
  * CVE-2017-15232 [bsc#1062937]
    + libjpeg-turbo-CVE-2017-15232.patch

OBS-URL: https://build.opensuse.org/package/show/graphics/libjpeg-turbo?expand=0&rev=70

libjpeg-turbo-CVE-2017-15232.patch

@@ -0,0 +1,43 @@
+Index: libjpeg-turbo-1.5.2/jdpostct.c
+===================================================================
+--- libjpeg-turbo-1.5.2.orig/jdpostct.c	2017-07-07 22:31:10.000000000 +0200
++++ libjpeg-turbo-1.5.2/jdpostct.c	2017-10-12 13:02:48.572975302 +0200
+@@ -132,6 +132,11 @@ post_process_1pass (j_decompress_ptr cin
+   my_post_ptr post = (my_post_ptr) cinfo->post;
+   JDIMENSION num_rows, max_rows;
+ 
++  /* read_and_discard_scanlines may call it with rows "available", but no buffer */
++  if (output_buf == NULL) {
++    return;
++  }
++
+   /* Fill the buffer, but not more than what we can dump out in one go. */
+   /* Note we rely on the upsampler to detect bottom of image. */
+   max_rows = out_rows_avail - *out_row_ctr;
+Index: libjpeg-turbo-1.5.2/jquant1.c
+===================================================================
+--- libjpeg-turbo-1.5.2.orig/jquant1.c	2017-07-07 22:31:10.000000000 +0200
++++ libjpeg-turbo-1.5.2/jquant1.c	2017-10-12 13:02:48.572975302 +0200
+@@ -531,6 +531,10 @@ quantize_ord_dither (j_decompress_ptr ci
+   JDIMENSION col;
+   JDIMENSION width = cinfo->output_width;
+ 
++  if (output_buf == NULL && num_rows) {
++    ERREXIT(cinfo, JERR_BAD_PARAM);
++  }
++
+   for (row = 0; row < num_rows; row++) {
+     /* Initialize output values to 0 so can process components separately */
+     jzero_far((void *) output_buf[row], (size_t) (width * sizeof(JSAMPLE)));
+Index: libjpeg-turbo-1.5.2/jerror.h
+===================================================================
+--- libjpeg-turbo-1.5.2.orig/jerror.h	2017-07-07 22:31:10.000000000 +0200
++++ libjpeg-turbo-1.5.2/jerror.h	2017-10-12 13:24:01.349954012 +0200
+@@ -208,6 +208,7 @@ JMESSAGE(JERR_NO_ARITH_TABLE, "Arithmeti
+ JMESSAGE(JWRN_ARITH_BAD_CODE, "Corrupt JPEG data: bad arithmetic code")
+ #endif
+ #endif
++JMESSAGE(JERR_BAD_PARAM, "Bogus parameter")
+ 
+ #ifdef JMAKE_ENUM_LIST
+ 

libjpeg-turbo.changes

@@ -1,3 +1,10 @@
+-------------------------------------------------------------------
+Thu Oct 12 10:59:03 UTC 2017 - pgajdos@suse.com
+
+- security update:
+  * CVE-2017-15232 [bsc#1062937]
+    + libjpeg-turbo-CVE-2017-15232.patch
+
 -------------------------------------------------------------------
 Thu Oct 12 10:22:05 UTC 2017 - pgajdos@suse.com
 

libjpeg-turbo.spec

@@ -37,6 +37,7 @@ Source0:        http://downloads.sf.net/libjpeg-turbo/libjpeg-turbo-%{version}.t
 Source1:        baselibs.conf
 Patch1:         libjpeg-turbo-1.3.0-tiff-ojpeg.patch
 Patch2:         libjpeg-1.4.0-ocloexec.patch
+Patch3:         libjpeg-turbo-CVE-2017-15232.patch
 BuildRequires:  gcc-c++
 BuildRequires:  libtool
 BuildRequires:  pkgconfig
@@ -108,6 +109,7 @@ files using the libjpeg library.
 %setup -q 
 %patch1
 %patch2
+%patch3 -p1
 
 %build
 export LDFLAGS="-Wl,-z,relro,-z,now"

libjpeg62-turbo.changes

@@ -1,3 +1,10 @@
+-------------------------------------------------------------------
+Thu Oct 12 10:59:03 UTC 2017 - pgajdos@suse.com
+
+- security update:
+  * CVE-2017-15232 [bsc#1062937]
+    + libjpeg-turbo-CVE-2017-15232.patch
+
 -------------------------------------------------------------------
 Thu Oct 12 10:22:05 UTC 2017 - pgajdos@suse.com
 

libjpeg62-turbo.spec

@@ -33,6 +33,7 @@ Source0:        http://downloads.sf.net/libjpeg-turbo/libjpeg-turbo-%{version}.t
 Source1:        baselibs.conf
 Patch1:         libjpeg-turbo-1.3.0-tiff-ojpeg.patch
 Patch2:         libjpeg-1.4.0-ocloexec.patch
+Patch3:         libjpeg-turbo-CVE-2017-15232.patch
 BuildRequires:  gcc-c++
 BuildRequires:  libtool
 BuildRequires:  pkgconfig
@@ -84,6 +85,7 @@ files using the libjpeg library.
 %setup -q -n libjpeg-turbo-%{srcver}
 %patch1
 %patch2
+%patch3 -p1
 
 %build
 export LDFLAGS="-Wl,-z,relro,-z,now"