From 715593d8294d0cfd111f2755ab6f938d7ca71aa889cdbc2ef8998a94a24493cd Mon Sep 17 00:00:00 2001 From: Petr Gajdos Date: Thu, 3 Jan 2019 16:48:10 +0000 Subject: [PATCH] - security update * CVE-2018-20330 [bsc#1120646] + libjpeg-turbo-CVE-2018-20330.patch - security update * CVE-2018-20330 [bsc#1120646] + libjpeg-turbo-CVE-2018-20330.patch OBS-URL: https://build.opensuse.org/package/show/graphics/libjpeg-turbo?expand=0&rev=90 --- libjpeg-turbo-CVE-2018-20330.patch | 33 ++++++++++++++++++++++++++++++ libjpeg-turbo.changes | 7 +++++++ libjpeg-turbo.spec | 2 ++ libjpeg62-turbo.changes | 7 +++++++ libjpeg62-turbo.spec | 2 ++ 5 files changed, 51 insertions(+) create mode 100644 libjpeg-turbo-CVE-2018-20330.patch diff --git a/libjpeg-turbo-CVE-2018-20330.patch b/libjpeg-turbo-CVE-2018-20330.patch new file mode 100644 index 0000000..6fcdab1 --- /dev/null +++ b/libjpeg-turbo-CVE-2018-20330.patch @@ -0,0 +1,33 @@ +diff --git a/turbojpeg.c b/turbojpeg.c +index 90a9ce6a0..3f7cd6406 100644 +--- a/turbojpeg.c ++++ b/turbojpeg.c +@@ -1,5 +1,5 @@ + /* +- * Copyright (C)2009-2018 D. R. Commander. All Rights Reserved. ++ * Copyright (C)2009-2019 D. R. Commander. All Rights Reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions are met: +@@ -1960,7 +1960,8 @@ DLLEXPORT unsigned char *tjLoadImage(const char *filename, int *width, + int align, int *height, int *pixelFormat, + int flags) + { +- int retval = 0, tempc, pitch; ++ int retval = 0, tempc; ++ size_t pitch; + tjhandle handle = NULL; + tjinstance *this; + j_compress_ptr cinfo = NULL; +@@ -2013,7 +2014,9 @@ DLLEXPORT unsigned char *tjLoadImage(const char *filename, int *width, + *pixelFormat = cs2pf[cinfo->in_color_space]; + + pitch = PAD((*width) * tjPixelSize[*pixelFormat], align); +- if ((dstBuf = (unsigned char *)malloc(pitch * (*height))) == NULL) ++ if ((unsigned long long)pitch * (unsigned long long)(*height) > ++ (unsigned long long)((size_t)-1) || ++ (dstBuf = (unsigned char *)malloc(pitch * (*height))) == NULL) + _throwg("tjLoadImage(): Memory allocation failure"); + + if (setjmp(this->jerr.setjmp_buffer)) { + diff --git a/libjpeg-turbo.changes b/libjpeg-turbo.changes index 25c5b4e..77065ca 100644 --- a/libjpeg-turbo.changes +++ b/libjpeg-turbo.changes @@ -1,3 +1,10 @@ +------------------------------------------------------------------- +Thu Jan 3 16:45:38 UTC 2019 - Petr Gajdos + +- security update + * CVE-2018-20330 [bsc#1120646] + + libjpeg-turbo-CVE-2018-20330.patch + ------------------------------------------------------------------- Wed Jan 2 10:13:10 UTC 2019 - Petr Gajdos diff --git a/libjpeg-turbo.spec b/libjpeg-turbo.spec index ca8a65c..b2e837b 100644 --- a/libjpeg-turbo.spec +++ b/libjpeg-turbo.spec @@ -40,6 +40,7 @@ Source1: baselibs.conf Patch1: libjpeg-turbo-1.3.0-tiff-ojpeg.patch Patch2: ctest-depends.patch Patch3: libjpeg-turbo-CVE-2018-19644.patch +Patch4: libjpeg-turbo-CVE-2018-20330.patch BuildRequires: cmake BuildRequires: gcc-c++ BuildRequires: pkgconfig @@ -105,6 +106,7 @@ files using the libjpeg library. %setup -q %patch1 %patch2 -p1 +%patch4 -p1 #%patch3 -p1 %build diff --git a/libjpeg62-turbo.changes b/libjpeg62-turbo.changes index 5db2fb6..de01c68 100644 --- a/libjpeg62-turbo.changes +++ b/libjpeg62-turbo.changes @@ -1,3 +1,10 @@ +------------------------------------------------------------------- +Thu Jan 3 16:46:46 UTC 2019 - Petr Gajdos + +- security update + * CVE-2018-20330 [bsc#1120646] + + libjpeg-turbo-CVE-2018-20330.patch + ------------------------------------------------------------------- Wed Jan 2 10:13:00 UTC 2019 - Petr Gajdos diff --git a/libjpeg62-turbo.spec b/libjpeg62-turbo.spec index 63a4301..3cc3eec 100644 --- a/libjpeg62-turbo.spec +++ b/libjpeg62-turbo.spec @@ -33,6 +33,7 @@ Source1: baselibs.conf Patch1: libjpeg-turbo-1.3.0-tiff-ojpeg.patch Patch2: ctest-depends.patch Patch3: libjpeg-turbo-CVE-2018-19644.patch +Patch4: libjpeg-turbo-CVE-2018-20330.patch BuildRequires: cmake BuildRequires: gcc-c++ # needed for tests as we remove the lib here @@ -77,6 +78,7 @@ files using the libjpeg library. %setup -q -n libjpeg-turbo-%{srcver} %patch1 %patch2 -p1 +%patch4 -p1 %patch3 -p1 %build