Accepting request 662705 from graphics

- security update
  * CVE-2018-20330 [bsc#1120646]
    + libjpeg-turbo-CVE-2018-20330.patch

- security update
  * CVE-2018-19644 [bsc#1117890]
    + libjpeg-turbo-CVE-2018-19644.patch

- security update
  * CVE-2018-20330 [bsc#1120646]
    + libjpeg-turbo-CVE-2018-20330.patch

- security update
  * CVE-2018-19644 [bsc#1117890]
    + libjpeg-turbo-CVE-2018-19644.patch

OBS-URL: https://build.opensuse.org/request/show/662705
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/libjpeg-turbo?expand=0&rev=45

libjpeg-turbo-CVE-2018-19644.patch

@@ -0,0 +1,17 @@
+diff --git a/wrbmp.c b/wrbmp.c
+index 4bf81426b..239f64eb3 100644
+--- a/wrbmp.c
++++ b/wrbmp.c
+@@ -502,8 +502,9 @@ jinit_write_bmp(j_decompress_ptr cinfo, boolean is_os2,
+       dest->pub.put_pixel_rows = put_gray_rows;
+     else
+       dest->pub.put_pixel_rows = put_pixel_rows;
+-  } else if (cinfo->out_color_space == JCS_RGB565 ||
+-             cinfo->out_color_space == JCS_CMYK) {
++  } else if (!cinfo->quantize_colors &&
++             (cinfo->out_color_space == JCS_RGB565 ||
++              cinfo->out_color_space == JCS_CMYK)) {
+     dest->pub.put_pixel_rows = put_pixel_rows;
+   } else {
+     ERREXIT(cinfo, JERR_BMP_COLORSPACE);
+

libjpeg-turbo-CVE-2018-20330.patch

@@ -0,0 +1,33 @@
+diff --git a/turbojpeg.c b/turbojpeg.c
+index 90a9ce6a0..3f7cd6406 100644
+--- a/turbojpeg.c
++++ b/turbojpeg.c
+@@ -1,5 +1,5 @@
+ /*
+- * Copyright (C)2009-2018 D. R. Commander.  All Rights Reserved.
++ * Copyright (C)2009-2019 D. R. Commander.  All Rights Reserved.
+  *
+  * Redistribution and use in source and binary forms, with or without
+  * modification, are permitted provided that the following conditions are met:
+@@ -1960,7 +1960,8 @@ DLLEXPORT unsigned char *tjLoadImage(const char *filename, int *width,
+                                      int align, int *height, int *pixelFormat,
+                                      int flags)
+ {
+-  int retval = 0, tempc, pitch;
++  int retval = 0, tempc;
++  size_t pitch;
+   tjhandle handle = NULL;
+   tjinstance *this;
+   j_compress_ptr cinfo = NULL;
+@@ -2013,7 +2014,9 @@ DLLEXPORT unsigned char *tjLoadImage(const char *filename, int *width,
+   *pixelFormat = cs2pf[cinfo->in_color_space];
+ 
+   pitch = PAD((*width) * tjPixelSize[*pixelFormat], align);
+-  if ((dstBuf = (unsigned char *)malloc(pitch * (*height))) == NULL)
++  if ((unsigned long long)pitch * (unsigned long long)(*height) >
++      (unsigned long long)((size_t)-1) ||
++      (dstBuf = (unsigned char *)malloc(pitch * (*height))) == NULL)
+     _throwg("tjLoadImage(): Memory allocation failure");
+ 
+   if (setjmp(this->jerr.setjmp_buffer)) {
+

libjpeg-turbo.changes

@@ -1,3 +1,17 @@
+-------------------------------------------------------------------
+Thu Jan  3 16:45:38 UTC 2019 - Petr Gajdos <pgajdos@suse.com>
+
+- security update
+  * CVE-2018-20330 [bsc#1120646]
+    + libjpeg-turbo-CVE-2018-20330.patch
+
+-------------------------------------------------------------------
+Wed Jan  2 10:13:10 UTC 2019 - Petr Gajdos <pgajdos@suse.com>
+
+- security update
+  * CVE-2018-19644 [bsc#1117890]
+    + libjpeg-turbo-CVE-2018-19644.patch
+
 -------------------------------------------------------------------
 Mon Dec  3 10:48:42 UTC 2018 - Petr Gajdos <pgajdos@suse.com>
 

libjpeg-turbo.spec

@@ -1,7 +1,7 @@
 #
 # spec file for package libjpeg-turbo
 #
-# Copyright (c) 2018 SUSE LINUX GmbH, Nuernberg, Germany.
+# Copyright (c) 2019 SUSE LINUX GmbH, Nuernberg, Germany.
 #
 # All modifications and additions to the file contributed by third parties
 # remain the property of their copyright owners, unless otherwise agreed
@@ -39,6 +39,8 @@ Source0:        http://downloads.sf.net/libjpeg-turbo/libjpeg-turbo-%{version}.t
 Source1:        baselibs.conf
 Patch1:         libjpeg-turbo-1.3.0-tiff-ojpeg.patch
 Patch2:         ctest-depends.patch
+Patch3:         libjpeg-turbo-CVE-2018-19644.patch
+Patch4:         libjpeg-turbo-CVE-2018-20330.patch
 BuildRequires:  cmake
 BuildRequires:  gcc-c++
 BuildRequires:  pkgconfig
@@ -104,6 +106,8 @@ files using the libjpeg library.
 %setup -q
 %patch1
 %patch2 -p1
+%patch4 -p1
+#%patch3 -p1
 
 %build
 MYLDFLAGS="-Wl,-z,relro,-z,now"

libjpeg62-turbo.changes

@@ -1,3 +1,17 @@
+-------------------------------------------------------------------
+Thu Jan  3 16:46:46 UTC 2019 - Petr Gajdos <pgajdos@suse.com>
+
+- security update
+  * CVE-2018-20330 [bsc#1120646]
+    + libjpeg-turbo-CVE-2018-20330.patch
+
+-------------------------------------------------------------------
+Wed Jan  2 10:13:00 UTC 2019 - Petr Gajdos <pgajdos@suse.com>
+
+- security update
+  * CVE-2018-19644 [bsc#1117890]
+    + libjpeg-turbo-CVE-2018-19644.patch
+
 -------------------------------------------------------------------
 Tue Nov 13 11:10:50 UTC 2018 - Petr Gajdos <pgajdos@suse.com>
 

libjpeg62-turbo.spec

@@ -1,7 +1,7 @@
 #
 # spec file for package libjpeg62-turbo
 #
-# Copyright (c) 2018 SUSE LINUX GmbH, Nuernberg, Germany.
+# Copyright (c) 2019 SUSE LINUX GmbH, Nuernberg, Germany.
 #
 # All modifications and additions to the file contributed by third parties
 # remain the property of their copyright owners, unless otherwise agreed
@@ -32,6 +32,8 @@ Source0:        http://downloads.sf.net/libjpeg-turbo/libjpeg-turbo-%{version}.t
 Source1:        baselibs.conf
 Patch1:         libjpeg-turbo-1.3.0-tiff-ojpeg.patch
 Patch2:         ctest-depends.patch
+Patch3:         libjpeg-turbo-CVE-2018-19644.patch
+Patch4:         libjpeg-turbo-CVE-2018-20330.patch
 BuildRequires:  cmake
 BuildRequires:  gcc-c++
 # needed for tests as we remove the lib here
@@ -76,6 +78,8 @@ files using the libjpeg library.
 %setup -q -n libjpeg-turbo-%{srcver}
 %patch1
 %patch2 -p1
+%patch4 -p1
+%patch3 -p1
 
 %build
 export LDFLAGS="-Wl,-z,relro,-z,now"