pool/libjpeg-turbo
SHA256
12
0
Fork 1
Code Issues Pull Requests Activity

- security update

Browse Source 
* CVE-2018-19644 [bsc#1117890]
    + libjpeg-turbo-CVE-2018-19644.patch

- security update
  * CVE-2018-19644 [bsc#1117890]
    + libjpeg-turbo-CVE-2018-19644.patch

OBS-URL: https://build.opensuse.org/package/show/graphics/libjpeg-turbo?expand=0&rev=89
This commit is contained in:
Petr Gajdos
2019-01-02 10:16:30 +00:00
committed by Git OBS Bridge
parent e2b114a63d
commit 74293dc58b
5 changed files with 37 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

17
libjpeg-turbo-CVE-2018-19644.patch Normal file
View File

@@ -0,0 +1,17 @@
diff --git a/wrbmp.c b/wrbmp.c
index 4bf81426b..239f64eb3 100644
--- a/wrbmp.c
+++ b/wrbmp.c
@@ -502,8 +502,9 @@ jinit_write_bmp(j_decompress_ptr cinfo, boolean is_os2,
dest->pub.put_pixel_rows = put_gray_rows;
else
dest->pub.put_pixel_rows = put_pixel_rows;
- } else if (cinfo->out_color_space == JCS_RGB565 ||
- cinfo->out_color_space == JCS_CMYK) {
+ } else if (!cinfo->quantize_colors &&
+ (cinfo->out_color_space == JCS_RGB565 ||
+ cinfo->out_color_space == JCS_CMYK)) {
dest->pub.put_pixel_rows = put_pixel_rows;
} else {
ERREXIT(cinfo, JERR_BMP_COLORSPACE);

7
libjpeg-turbo.changes
View File

@@ -1,3 +1,10 @@
-------------------------------------------------------------------
Wed Jan 2 10:13:10 UTC 2019 - Petr Gajdos <pgajdos@suse.com>
- security update
* CVE-2018-19644 [bsc#1117890]
+ libjpeg-turbo-CVE-2018-19644.patch
-------------------------------------------------------------------
Mon Dec 3 10:48:42 UTC 2018 - Petr Gajdos <pgajdos@suse.com>

4
libjpeg-turbo.spec
View File

@@ -1,7 +1,7 @@
#
# spec file for package libjpeg-turbo
#
# Copyright (c) 2018 SUSE LINUX GmbH, Nuernberg, Germany.
# Copyright (c) 2019 SUSE LINUX GmbH, Nuernberg, Germany.
#
# All modifications and additions to the file contributed by third parties
# remain the property of their copyright owners, unless otherwise agreed
@@ -39,6 +39,7 @@ Source0: http://downloads.sf.net/libjpeg-turbo/libjpeg-turbo-%{version}.t
Source1: baselibs.conf
Patch1: libjpeg-turbo-1.3.0-tiff-ojpeg.patch
Patch2: ctest-depends.patch
Patch3: libjpeg-turbo-CVE-2018-19644.patch
BuildRequires: cmake
BuildRequires: gcc-c++
BuildRequires: pkgconfig
@@ -104,6 +105,7 @@ files using the libjpeg library.
%setup -q
%patch1
%patch2 -p1
#%patch3 -p1
%build
MYLDFLAGS="-Wl,-z,relro,-z,now"

7
libjpeg62-turbo.changes
View File

@@ -1,3 +1,10 @@
-------------------------------------------------------------------
Wed Jan 2 10:13:00 UTC 2019 - Petr Gajdos <pgajdos@suse.com>
- security update
* CVE-2018-19644 [bsc#1117890]
+ libjpeg-turbo-CVE-2018-19644.patch
-------------------------------------------------------------------
Tue Nov 13 11:10:50 UTC 2018 - Petr Gajdos <pgajdos@suse.com>

4
libjpeg62-turbo.spec
View File

@@ -1,7 +1,7 @@
#
# spec file for package libjpeg62-turbo
#
# Copyright (c) 2018 SUSE LINUX GmbH, Nuernberg, Germany.
# Copyright (c) 2019 SUSE LINUX GmbH, Nuernberg, Germany.
#
# All modifications and additions to the file contributed by third parties
# remain the property of their copyright owners, unless otherwise agreed
@@ -32,6 +32,7 @@ Source0: http://downloads.sf.net/libjpeg-turbo/libjpeg-turbo-%{version}.t
Source1: baselibs.conf
Patch1: libjpeg-turbo-1.3.0-tiff-ojpeg.patch
Patch2: ctest-depends.patch
Patch3: libjpeg-turbo-CVE-2018-19644.patch
BuildRequires: cmake
BuildRequires: gcc-c++
# needed for tests as we remove the lib here
@@ -76,6 +77,7 @@ files using the libjpeg library.
%setup -q -n libjpeg-turbo-%{srcver}
%patch1
%patch2 -p1
%patch3 -p1
%build
export LDFLAGS="-Wl,-z,relro,-z,now"