- security update:
* CVE-2018-1152 [bsc#1098155] + libjpeg-turbo-CVE-2018-1152.patch OBS-URL: https://build.opensuse.org/package/show/graphics/libjpeg-turbo?expand=0&rev=76
This commit is contained in:
parent
6a32bbef39
commit
596364ea42
17
libjpeg-turbo-CVE-2018-1152.patch
Normal file
17
libjpeg-turbo-CVE-2018-1152.patch
Normal file
@ -0,0 +1,17 @@
|
||||
Index: libjpeg-turbo-1.5.3/rdbmp.c
|
||||
===================================================================
|
||||
--- libjpeg-turbo-1.5.3.orig/rdbmp.c
|
||||
+++ libjpeg-turbo-1.5.3/rdbmp.c
|
||||
@@ -434,6 +434,12 @@ start_input_bmp (j_compress_ptr cinfo, c
|
||||
progress->total_extra_passes++; /* count file input as separate pass */
|
||||
}
|
||||
|
||||
+ /* Ensure that biWidth * cinfo->input_components doesn't exceed the maximum
|
||||
+ value of the JDIMENSION type. This is only a danger with BMP files, since
|
||||
+ their width and height fields are 32-bit integers. */
|
||||
+ if ((unsigned long long)biWidth *
|
||||
+ (unsigned long long)cinfo->input_components > 0xFFFFFFFFULL)
|
||||
+ ERREXIT(cinfo, JERR_WIDTH_OVERFLOW);
|
||||
/* Allocate one-row buffer for returned data */
|
||||
source->pub.buffer = (*cinfo->mem->alloc_sarray)
|
||||
((j_common_ptr) cinfo, JPOOL_IMAGE,
|
@ -1,3 +1,10 @@
|
||||
-------------------------------------------------------------------
|
||||
Tue Jun 19 13:40:32 UTC 2018 - pgajdos@suse.com
|
||||
|
||||
- security update:
|
||||
* CVE-2018-1152 [bsc#1098155]
|
||||
+ libjpeg-turbo-CVE-2018-1152.patch
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Tue Jun 12 13:34:11 UTC 2018 - pgajdos@suse.com
|
||||
|
||||
|
@ -38,6 +38,7 @@ Source1: baselibs.conf
|
||||
Patch1: libjpeg-turbo-1.3.0-tiff-ojpeg.patch
|
||||
Patch2: libjpeg-1.4.0-ocloexec.patch
|
||||
Patch3: libjpeg-turbo-CVE-2018-11813.patch
|
||||
Patch4: libjpeg-turbo-CVE-2018-1152.patch
|
||||
BuildRequires: gcc-c++
|
||||
BuildRequires: libtool
|
||||
BuildRequires: pkgconfig
|
||||
@ -110,6 +111,7 @@ files using the libjpeg library.
|
||||
%patch1
|
||||
%patch2
|
||||
%patch3 -p1
|
||||
%patch4 -p1
|
||||
|
||||
%build
|
||||
export LDFLAGS="-Wl,-z,relro,-z,now"
|
||||
|
@ -34,6 +34,7 @@ Source1: baselibs.conf
|
||||
Patch1: libjpeg-turbo-1.3.0-tiff-ojpeg.patch
|
||||
Patch2: libjpeg-1.4.0-ocloexec.patch
|
||||
Patch3: libjpeg-turbo-CVE-2018-11813.patch
|
||||
Patch4: libjpeg-turbo-CVE-2018-1152.patch
|
||||
BuildRequires: gcc-c++
|
||||
BuildRequires: libtool
|
||||
BuildRequires: pkgconfig
|
||||
@ -86,6 +87,7 @@ files using the libjpeg library.
|
||||
%patch1
|
||||
%patch2
|
||||
%patch3 -p1
|
||||
%patch4 -p1
|
||||
|
||||
%build
|
||||
export LDFLAGS="-Wl,-z,relro,-z,now"
|
||||
|
Loading…
Reference in New Issue
Block a user