From 80c5fd18afed5b041b8c0119989596bce12a675e29beb91541e5917008e6501b Mon Sep 17 00:00:00 2001 From: Petr Gajdos Date: Thu, 27 Nov 2014 09:52:47 +0000 Subject: [PATCH] - security update CVE-2014-9092 [bnc#906761] * added libjpeg-turbo-CVE-2014-9092.patch - security update CVE-2014-9092 [bnc#906761] * added libjpeg-turbo-CVE-2014-9092.patch OBS-URL: https://build.opensuse.org/package/show/graphics/libjpeg-turbo?expand=0&rev=48 --- libjpeg-turbo-CVE-2014-9092.patch | 13 +++++++++++++ libjpeg-turbo.changes | 6 ++++++ libjpeg-turbo.spec | 2 ++ libjpeg62-turbo.changes | 6 ++++++ libjpeg62-turbo.spec | 2 ++ 5 files changed, 29 insertions(+) create mode 100644 libjpeg-turbo-CVE-2014-9092.patch diff --git a/libjpeg-turbo-CVE-2014-9092.patch b/libjpeg-turbo-CVE-2014-9092.patch new file mode 100644 index 0000000..b10e79f --- /dev/null +++ b/libjpeg-turbo-CVE-2014-9092.patch @@ -0,0 +1,13 @@ +Index: jchuff.c +=================================================================== +--- jchuff.c.orig 2012-06-30 01:52:08.000000000 +0200 ++++ jchuff.c 2014-11-24 13:52:20.214638106 +0100 +@@ -392,7 +392,7 @@ + #endif + + +-#define BUFSIZE (DCTSIZE2 * 2) ++#define BUFSIZE (DCTSIZE2 * 4) + + #define LOAD_BUFFER() { \ + if (state->free_in_buffer < BUFSIZE) { \ diff --git a/libjpeg-turbo.changes b/libjpeg-turbo.changes index bee9213..d5a8713 100644 --- a/libjpeg-turbo.changes +++ b/libjpeg-turbo.changes @@ -1,3 +1,9 @@ +------------------------------------------------------------------- +Thu Nov 27 09:50:00 UTC 2014 - pgajdos@suse.com + +- security update CVE-2014-9092 [bnc#906761] + * added libjpeg-turbo-CVE-2014-9092.patch + ------------------------------------------------------------------- Wed Oct 15 11:39:09 UTC 2014 - olaf@aepfle.de diff --git a/libjpeg-turbo.spec b/libjpeg-turbo.spec index 99f0eee..7159875 100644 --- a/libjpeg-turbo.spec +++ b/libjpeg-turbo.spec @@ -38,6 +38,7 @@ Source1: baselibs.conf Patch0: libjpeg-turbo-1.3.0-int32.patch Patch1: libjpeg-turbo-1.3.0-tiff-ojpeg.patch Patch2: libjpeg-ocloexec.patch +Patch3: libjpeg-turbo-CVE-2014-9092.patch BuildRequires: gcc-c++ BuildRequires: libtool BuildRequires: yasm @@ -106,6 +107,7 @@ files using the libjpeg library. %patch0 %patch1 %patch2 +%patch3 %build autoreconf -fiv diff --git a/libjpeg62-turbo.changes b/libjpeg62-turbo.changes index 45e332c..dc087da 100644 --- a/libjpeg62-turbo.changes +++ b/libjpeg62-turbo.changes @@ -1,3 +1,9 @@ +------------------------------------------------------------------- +Thu Nov 27 09:49:28 UTC 2014 - pgajdos@suse.com + +- security update CVE-2014-9092 [bnc#906761] + * added libjpeg-turbo-CVE-2014-9092.patch + ------------------------------------------------------------------- Tue Oct 7 07:31:55 UTC 2014 - coolo@suse.com diff --git a/libjpeg62-turbo.spec b/libjpeg62-turbo.spec index 458190c..c956e56 100644 --- a/libjpeg62-turbo.spec +++ b/libjpeg62-turbo.spec @@ -34,6 +34,7 @@ Source1: baselibs.conf Patch0: libjpeg-turbo-1.3.0-int32.patch Patch1: libjpeg-turbo-1.3.0-tiff-ojpeg.patch Patch2: libjpeg-ocloexec.patch +Patch3: libjpeg-turbo-CVE-2014-9092.patch BuildRequires: gcc-c++ BuildRequires: libtool BuildRequires: yasm @@ -87,6 +88,7 @@ files using the libjpeg library. %patch0 %patch1 %patch2 +%patch3 %build autoreconf -fiv