From 200c331ef41d5abcea86c061c2357e450e04ba0bf737cdebd047f44032d35f0b Mon Sep 17 00:00:00 2001 From: Petr Gajdos Date: Thu, 12 Oct 2017 11:25:22 +0000 Subject: [PATCH] - security update: * CVE-2017-15232 [bsc#1062937] + libjpeg-turbo-CVE-2017-15232.patch - security update: * CVE-2017-15232 [bsc#1062937] + libjpeg-turbo-CVE-2017-15232.patch OBS-URL: https://build.opensuse.org/package/show/graphics/libjpeg-turbo?expand=0&rev=70 --- libjpeg-turbo-CVE-2017-15232.patch | 43 ++++++++++++++++++++++++++++++ libjpeg-turbo.changes | 7 +++++ libjpeg-turbo.spec | 2 ++ libjpeg62-turbo.changes | 7 +++++ libjpeg62-turbo.spec | 2 ++ 5 files changed, 61 insertions(+) create mode 100644 libjpeg-turbo-CVE-2017-15232.patch diff --git a/libjpeg-turbo-CVE-2017-15232.patch b/libjpeg-turbo-CVE-2017-15232.patch new file mode 100644 index 0000000..aa544a1 --- /dev/null +++ b/libjpeg-turbo-CVE-2017-15232.patch @@ -0,0 +1,43 @@ +Index: libjpeg-turbo-1.5.2/jdpostct.c +=================================================================== +--- libjpeg-turbo-1.5.2.orig/jdpostct.c 2017-07-07 22:31:10.000000000 +0200 ++++ libjpeg-turbo-1.5.2/jdpostct.c 2017-10-12 13:02:48.572975302 +0200 +@@ -132,6 +132,11 @@ post_process_1pass (j_decompress_ptr cin + my_post_ptr post = (my_post_ptr) cinfo->post; + JDIMENSION num_rows, max_rows; + ++ /* read_and_discard_scanlines may call it with rows "available", but no buffer */ ++ if (output_buf == NULL) { ++ return; ++ } ++ + /* Fill the buffer, but not more than what we can dump out in one go. */ + /* Note we rely on the upsampler to detect bottom of image. */ + max_rows = out_rows_avail - *out_row_ctr; +Index: libjpeg-turbo-1.5.2/jquant1.c +=================================================================== +--- libjpeg-turbo-1.5.2.orig/jquant1.c 2017-07-07 22:31:10.000000000 +0200 ++++ libjpeg-turbo-1.5.2/jquant1.c 2017-10-12 13:02:48.572975302 +0200 +@@ -531,6 +531,10 @@ quantize_ord_dither (j_decompress_ptr ci + JDIMENSION col; + JDIMENSION width = cinfo->output_width; + ++ if (output_buf == NULL && num_rows) { ++ ERREXIT(cinfo, JERR_BAD_PARAM); ++ } ++ + for (row = 0; row < num_rows; row++) { + /* Initialize output values to 0 so can process components separately */ + jzero_far((void *) output_buf[row], (size_t) (width * sizeof(JSAMPLE))); +Index: libjpeg-turbo-1.5.2/jerror.h +=================================================================== +--- libjpeg-turbo-1.5.2.orig/jerror.h 2017-07-07 22:31:10.000000000 +0200 ++++ libjpeg-turbo-1.5.2/jerror.h 2017-10-12 13:24:01.349954012 +0200 +@@ -208,6 +208,7 @@ JMESSAGE(JERR_NO_ARITH_TABLE, "Arithmeti + JMESSAGE(JWRN_ARITH_BAD_CODE, "Corrupt JPEG data: bad arithmetic code") + #endif + #endif ++JMESSAGE(JERR_BAD_PARAM, "Bogus parameter") + + #ifdef JMAKE_ENUM_LIST + diff --git a/libjpeg-turbo.changes b/libjpeg-turbo.changes index 3e804e7..0919608 100644 --- a/libjpeg-turbo.changes +++ b/libjpeg-turbo.changes @@ -1,3 +1,10 @@ +------------------------------------------------------------------- +Thu Oct 12 10:59:03 UTC 2017 - pgajdos@suse.com + +- security update: + * CVE-2017-15232 [bsc#1062937] + + libjpeg-turbo-CVE-2017-15232.patch + ------------------------------------------------------------------- Thu Oct 12 10:22:05 UTC 2017 - pgajdos@suse.com diff --git a/libjpeg-turbo.spec b/libjpeg-turbo.spec index fcbe582..b1d2a5d 100644 --- a/libjpeg-turbo.spec +++ b/libjpeg-turbo.spec @@ -37,6 +37,7 @@ Source0: http://downloads.sf.net/libjpeg-turbo/libjpeg-turbo-%{version}.t Source1: baselibs.conf Patch1: libjpeg-turbo-1.3.0-tiff-ojpeg.patch Patch2: libjpeg-1.4.0-ocloexec.patch +Patch3: libjpeg-turbo-CVE-2017-15232.patch BuildRequires: gcc-c++ BuildRequires: libtool BuildRequires: pkgconfig @@ -108,6 +109,7 @@ files using the libjpeg library. %setup -q %patch1 %patch2 +%patch3 -p1 %build export LDFLAGS="-Wl,-z,relro,-z,now" diff --git a/libjpeg62-turbo.changes b/libjpeg62-turbo.changes index 8bc99fa..bdc06e2 100644 --- a/libjpeg62-turbo.changes +++ b/libjpeg62-turbo.changes @@ -1,3 +1,10 @@ +------------------------------------------------------------------- +Thu Oct 12 10:59:03 UTC 2017 - pgajdos@suse.com + +- security update: + * CVE-2017-15232 [bsc#1062937] + + libjpeg-turbo-CVE-2017-15232.patch + ------------------------------------------------------------------- Thu Oct 12 10:22:05 UTC 2017 - pgajdos@suse.com diff --git a/libjpeg62-turbo.spec b/libjpeg62-turbo.spec index b15688a..dccb359 100644 --- a/libjpeg62-turbo.spec +++ b/libjpeg62-turbo.spec @@ -33,6 +33,7 @@ Source0: http://downloads.sf.net/libjpeg-turbo/libjpeg-turbo-%{version}.t Source1: baselibs.conf Patch1: libjpeg-turbo-1.3.0-tiff-ojpeg.patch Patch2: libjpeg-1.4.0-ocloexec.patch +Patch3: libjpeg-turbo-CVE-2017-15232.patch BuildRequires: gcc-c++ BuildRequires: libtool BuildRequires: pkgconfig @@ -84,6 +85,7 @@ files using the libjpeg library. %setup -q -n libjpeg-turbo-%{srcver} %patch1 %patch2 +%patch3 -p1 %build export LDFLAGS="-Wl,-z,relro,-z,now"