- security update
* CVE-2018-20330 [bsc#1120646] + libjpeg-turbo-CVE-2018-20330.patch - security update * CVE-2018-20330 [bsc#1120646] + libjpeg-turbo-CVE-2018-20330.patch OBS-URL: https://build.opensuse.org/package/show/graphics/libjpeg-turbo?expand=0&rev=90
This commit is contained in:
parent
74293dc58b
commit
715593d829
33
libjpeg-turbo-CVE-2018-20330.patch
Normal file
33
libjpeg-turbo-CVE-2018-20330.patch
Normal file
@ -0,0 +1,33 @@
|
||||
diff --git a/turbojpeg.c b/turbojpeg.c
|
||||
index 90a9ce6a0..3f7cd6406 100644
|
||||
--- a/turbojpeg.c
|
||||
+++ b/turbojpeg.c
|
||||
@@ -1,5 +1,5 @@
|
||||
/*
|
||||
- * Copyright (C)2009-2018 D. R. Commander. All Rights Reserved.
|
||||
+ * Copyright (C)2009-2019 D. R. Commander. All Rights Reserved.
|
||||
*
|
||||
* Redistribution and use in source and binary forms, with or without
|
||||
* modification, are permitted provided that the following conditions are met:
|
||||
@@ -1960,7 +1960,8 @@ DLLEXPORT unsigned char *tjLoadImage(const char *filename, int *width,
|
||||
int align, int *height, int *pixelFormat,
|
||||
int flags)
|
||||
{
|
||||
- int retval = 0, tempc, pitch;
|
||||
+ int retval = 0, tempc;
|
||||
+ size_t pitch;
|
||||
tjhandle handle = NULL;
|
||||
tjinstance *this;
|
||||
j_compress_ptr cinfo = NULL;
|
||||
@@ -2013,7 +2014,9 @@ DLLEXPORT unsigned char *tjLoadImage(const char *filename, int *width,
|
||||
*pixelFormat = cs2pf[cinfo->in_color_space];
|
||||
|
||||
pitch = PAD((*width) * tjPixelSize[*pixelFormat], align);
|
||||
- if ((dstBuf = (unsigned char *)malloc(pitch * (*height))) == NULL)
|
||||
+ if ((unsigned long long)pitch * (unsigned long long)(*height) >
|
||||
+ (unsigned long long)((size_t)-1) ||
|
||||
+ (dstBuf = (unsigned char *)malloc(pitch * (*height))) == NULL)
|
||||
_throwg("tjLoadImage(): Memory allocation failure");
|
||||
|
||||
if (setjmp(this->jerr.setjmp_buffer)) {
|
||||
|
@ -1,3 +1,10 @@
|
||||
-------------------------------------------------------------------
|
||||
Thu Jan 3 16:45:38 UTC 2019 - Petr Gajdos <pgajdos@suse.com>
|
||||
|
||||
- security update
|
||||
* CVE-2018-20330 [bsc#1120646]
|
||||
+ libjpeg-turbo-CVE-2018-20330.patch
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Wed Jan 2 10:13:10 UTC 2019 - Petr Gajdos <pgajdos@suse.com>
|
||||
|
||||
|
@ -40,6 +40,7 @@ Source1: baselibs.conf
|
||||
Patch1: libjpeg-turbo-1.3.0-tiff-ojpeg.patch
|
||||
Patch2: ctest-depends.patch
|
||||
Patch3: libjpeg-turbo-CVE-2018-19644.patch
|
||||
Patch4: libjpeg-turbo-CVE-2018-20330.patch
|
||||
BuildRequires: cmake
|
||||
BuildRequires: gcc-c++
|
||||
BuildRequires: pkgconfig
|
||||
@ -105,6 +106,7 @@ files using the libjpeg library.
|
||||
%setup -q
|
||||
%patch1
|
||||
%patch2 -p1
|
||||
%patch4 -p1
|
||||
#%patch3 -p1
|
||||
|
||||
%build
|
||||
|
@ -1,3 +1,10 @@
|
||||
-------------------------------------------------------------------
|
||||
Thu Jan 3 16:46:46 UTC 2019 - Petr Gajdos <pgajdos@suse.com>
|
||||
|
||||
- security update
|
||||
* CVE-2018-20330 [bsc#1120646]
|
||||
+ libjpeg-turbo-CVE-2018-20330.patch
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Wed Jan 2 10:13:00 UTC 2019 - Petr Gajdos <pgajdos@suse.com>
|
||||
|
||||
|
@ -33,6 +33,7 @@ Source1: baselibs.conf
|
||||
Patch1: libjpeg-turbo-1.3.0-tiff-ojpeg.patch
|
||||
Patch2: ctest-depends.patch
|
||||
Patch3: libjpeg-turbo-CVE-2018-19644.patch
|
||||
Patch4: libjpeg-turbo-CVE-2018-20330.patch
|
||||
BuildRequires: cmake
|
||||
BuildRequires: gcc-c++
|
||||
# needed for tests as we remove the lib here
|
||||
@ -77,6 +78,7 @@ files using the libjpeg library.
|
||||
%setup -q -n libjpeg-turbo-%{srcver}
|
||||
%patch1
|
||||
%patch2 -p1
|
||||
%patch4 -p1
|
||||
%patch3 -p1
|
||||
|
||||
%build
|
||||
|
Loading…
Reference in New Issue
Block a user