pool/libjpeg-turbo
SHA256
2
0
Fork 1
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

- security update

Browse Source 
* CVE-2018-20330 [bsc#1120646]
    + libjpeg-turbo-CVE-2018-20330.patch

- security update
  * CVE-2018-20330 [bsc#1120646]
    + libjpeg-turbo-CVE-2018-20330.patch

OBS-URL: https://build.opensuse.org/package/show/graphics/libjpeg-turbo?expand=0&rev=90
This commit is contained in:
Petr Gajdos 2019-01-03 16:48:10 +00:00 committed by Git OBS Bridge
parent 74293dc58b
commit 715593d829
5 changed files with 51 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

33
libjpeg-turbo-CVE-2018-20330.patch Normal file
View File

@ -0,0 +1,33 @@
diff --git a/turbojpeg.c b/turbojpeg.c
index 90a9ce6a0..3f7cd6406 100644
--- a/turbojpeg.c
+++ b/turbojpeg.c
@@ -1,5 +1,5 @@
/*
- * Copyright (C)2009-2018 D. R. Commander. All Rights Reserved.
+ * Copyright (C)2009-2019 D. R. Commander. All Rights Reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions are met:
@@ -1960,7 +1960,8 @@ DLLEXPORT unsigned char *tjLoadImage(const char *filename, int *width,
int align, int *height, int *pixelFormat,
int flags)
{
- int retval = 0, tempc, pitch;
+ int retval = 0, tempc;
+ size_t pitch;
tjhandle handle = NULL;
tjinstance *this;
j_compress_ptr cinfo = NULL;
@@ -2013,7 +2014,9 @@ DLLEXPORT unsigned char *tjLoadImage(const char *filename, int *width,
*pixelFormat = cs2pf[cinfo->in_color_space];
pitch = PAD((*width) * tjPixelSize[*pixelFormat], align);
- if ((dstBuf = (unsigned char *)malloc(pitch * (*height))) == NULL)
+ if ((unsigned long long)pitch * (unsigned long long)(*height) >
+ (unsigned long long)((size_t)-1) ||
+ (dstBuf = (unsigned char *)malloc(pitch * (*height))) == NULL)
_throwg("tjLoadImage(): Memory allocation failure");
if (setjmp(this->jerr.setjmp_buffer)) {

7
libjpeg-turbo.changes
View File

@ -1,3 +1,10 @@
-------------------------------------------------------------------
Thu Jan 3 16:45:38 UTC 2019 - Petr Gajdos <pgajdos@suse.com>
- security update
* CVE-2018-20330 [bsc#1120646]
+ libjpeg-turbo-CVE-2018-20330.patch
-------------------------------------------------------------------
Wed Jan 2 10:13:10 UTC 2019 - Petr Gajdos <pgajdos@suse.com>

2
libjpeg-turbo.spec
View File

@ -40,6 +40,7 @@ Source1: baselibs.conf
Patch1: libjpeg-turbo-1.3.0-tiff-ojpeg.patch
Patch2: ctest-depends.patch
Patch3: libjpeg-turbo-CVE-2018-19644.patch
Patch4: libjpeg-turbo-CVE-2018-20330.patch
BuildRequires: cmake
BuildRequires: gcc-c++
BuildRequires: pkgconfig
@ -105,6 +106,7 @@ files using the libjpeg library.
%setup -q
%patch1
%patch2 -p1
%patch4 -p1
#%patch3 -p1
%build

7
libjpeg62-turbo.changes
View File

@ -1,3 +1,10 @@
-------------------------------------------------------------------
Thu Jan 3 16:46:46 UTC 2019 - Petr Gajdos <pgajdos@suse.com>
- security update
* CVE-2018-20330 [bsc#1120646]
+ libjpeg-turbo-CVE-2018-20330.patch
-------------------------------------------------------------------
Wed Jan 2 10:13:00 UTC 2019 - Petr Gajdos <pgajdos@suse.com>

2
libjpeg62-turbo.spec
View File

@ -33,6 +33,7 @@ Source1: baselibs.conf
Patch1: libjpeg-turbo-1.3.0-tiff-ojpeg.patch
Patch2: ctest-depends.patch
Patch3: libjpeg-turbo-CVE-2018-19644.patch
Patch4: libjpeg-turbo-CVE-2018-20330.patch
BuildRequires: cmake
BuildRequires: gcc-c++
# needed for tests as we remove the lib here
@ -77,6 +78,7 @@ files using the libjpeg library.
%setup -q -n libjpeg-turbo-%{srcver}
%patch1
%patch2 -p1
%patch4 -p1
%patch3 -p1
%build