- security update:

* CVE-2018-1152 [bsc#1098155] + libjpeg-turbo-CVE-2018-1152.patch OBS-URL: https://build.opensuse.org/package/show/graphics/libjpeg-turbo?expand=0&rev=76
2018-06-19 13:41:42 +00:00 · 2018-06-19 13:41:42 +00:00 · 596364ea42
commit 596364ea42
parent 6a32bbef39
4 changed files with 28 additions and 0 deletions
--- a/libjpeg-turbo-CVE-2018-1152.patch
+++ b/libjpeg-turbo-CVE-2018-1152.patch
@ -0,0 +1,17 @@
+Index: libjpeg-turbo-1.5.3/rdbmp.c
+===================================================================
+--- libjpeg-turbo-1.5.3.orig/rdbmp.c
+++ libjpeg-turbo-1.5.3/rdbmp.c
+@@ -434,6 +434,12 @@ start_input_bmp (j_compress_ptr cinfo, c
+     progress->total_extra_passes++; /* count file input as separate pass */
+   }
+ 
+  /* Ensure that biWidth * cinfo->input_components doesn't exceed the maximum
+     value of the JDIMENSION type.  This is only a danger with BMP files, since
+     their width and height fields are 32-bit integers. */
+  if ((unsigned long long)biWidth *
+      (unsigned long long)cinfo->input_components > 0xFFFFFFFFULL)
+    ERREXIT(cinfo, JERR_WIDTH_OVERFLOW);
+   /* Allocate one-row buffer for returned data */
+   source->pub.buffer = (*cinfo->mem->alloc_sarray)
+     ((j_common_ptr) cinfo, JPOOL_IMAGE,
--- a/libjpeg-turbo.changes
+++ b/libjpeg-turbo.changes
@ -1,3 +1,10 @@
+-------------------------------------------------------------------
+Tue Jun 19 13:40:32 UTC 2018 - pgajdos@suse.com
+
+- security update:
+  * CVE-2018-1152 [bsc#1098155]
+    + libjpeg-turbo-CVE-2018-1152.patch
+
 -------------------------------------------------------------------
 Tue Jun 12 13:34:11 UTC 2018 - pgajdos@suse.com

--- a/libjpeg-turbo.spec
+++ b/libjpeg-turbo.spec
@ -38,6 +38,7 @@ Source1:        baselibs.conf
 Patch1:         libjpeg-turbo-1.3.0-tiff-ojpeg.patch
 Patch2:         libjpeg-1.4.0-ocloexec.patch
 Patch3:         libjpeg-turbo-CVE-2018-11813.patch
+Patch4:         libjpeg-turbo-CVE-2018-1152.patch
 BuildRequires:  gcc-c++
 BuildRequires:  libtool
 BuildRequires:  pkgconfig
@ -110,6 +111,7 @@ files using the libjpeg library.
 %patch1
 %patch2
 %patch3 -p1
+%patch4 -p1

 %build
 export LDFLAGS="-Wl,-z,relro,-z,now"
--- a/libjpeg62-turbo.spec
+++ b/libjpeg62-turbo.spec
@ -34,6 +34,7 @@ Source1:        baselibs.conf
 Patch1:         libjpeg-turbo-1.3.0-tiff-ojpeg.patch
 Patch2:         libjpeg-1.4.0-ocloexec.patch
 Patch3:         libjpeg-turbo-CVE-2018-11813.patch
+Patch4:         libjpeg-turbo-CVE-2018-1152.patch
 BuildRequires:  gcc-c++
 BuildRequires:  libtool
 BuildRequires:  pkgconfig
@ -86,6 +87,7 @@ files using the libjpeg library.
 %patch1
 %patch2
 %patch3 -p1
+%patch4 -p1

 %build
 export LDFLAGS="-Wl,-z,relro,-z,now"