Accepting request 812575 from graphics

- security update - added patches fix CVE-2020-13790 [bsc#1172491], heap-based buffer over-read in get_rgb_row() in rdppm.c via a malformed PPM input file + libjpeg-turbo-CVE-2020-13790.patch - security update - added patches fix CVE-2020-13790 [bsc#1172491], heap-based buffer over-read in get_rgb_row() in rdppm.c via a malformed PPM input file + libjpeg-turbo-CVE-2020-13790.patch OBS-URL: https://build.opensuse.org/request/show/812575 OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/libjpeg-turbo?expand=0&rev=52
2020-06-09 22:34:41 +00:00 · 2020-06-09 22:34:41 +00:00 · e4a73e6d9f
commit e4a73e6d9f
parent ca6e17a150 1711474781
5 changed files with 34 additions and 0 deletions
--- a/libjpeg-turbo-CVE-2020-13790.patch
+++ b/libjpeg-turbo-CVE-2020-13790.patch
@ -0,0 +1,12 @@
+--- a/rdppm.c
+++ b/rdppm.c
+@@ -720,7 +720,7 @@ start_input_ppm(j_compress_ptr cinfo, cjpeg_source_ptr sinfo)
+     /* On 16-bit-int machines we have to be careful of maxval = 65535 */
+     source->rescale = (JSAMPLE *)
+       (*cinfo->mem->alloc_small) ((j_common_ptr)cinfo, JPOOL_IMAGE,
+-                                  (size_t)(((long)maxval + 1L) *
+                                  (size_t)(((long)MAX(maxval, 255) + 1L) *
+                                            sizeof(JSAMPLE)));
+     half_maxval = maxval / 2;
+     for (val = 0; val <= (long)maxval; val++) {
+
--- a/libjpeg-turbo.changes
+++ b/libjpeg-turbo.changes
@ -1,3 +1,11 @@
+-------------------------------------------------------------------
+Mon Jun  8 11:49:47 UTC 2020 - pgajdos@suse.com
+
+- security update
+- added patches
+  fix CVE-2020-13790 [bsc#1172491], heap-based buffer over-read in get_rgb_row() in rdppm.c via a malformed PPM input file
+  + libjpeg-turbo-CVE-2020-13790.patch
+
 -------------------------------------------------------------------
 Sun Mar 29 10:02:02 UTC 2020 - Aaron Stern <ukbeast89@protonmail.com>

--- a/libjpeg-turbo.spec
+++ b/libjpeg-turbo.spec
@ -39,6 +39,8 @@ Source0:        http://downloads.sf.net/libjpeg-turbo/libjpeg-turbo-%{version}.t
 Source1:        baselibs.conf
 Patch1:         libjpeg-turbo-1.3.0-tiff-ojpeg.patch
 Patch2:         ctest-depends.patch
+# CVE-2020-13790 [bsc#1172491], heap-based buffer over-read in get_rgb_row() in rdppm.c via a malformed PPM input file
+Patch3:         libjpeg-turbo-CVE-2020-13790.patch
 BuildRequires:  cmake
 BuildRequires:  gcc-c++
 BuildRequires:  pkgconfig
@ -104,6 +106,7 @@ files using the libjpeg library.
 %setup -q
 %patch1
 %patch2 -p1
+%patch3 -p1

 %build
 MYLDFLAGS="-Wl,-z,relro,-z,now"
--- a/libjpeg62-turbo.changes
+++ b/libjpeg62-turbo.changes
@ -1,3 +1,11 @@
+-------------------------------------------------------------------
+Mon Jun  8 11:49:47 UTC 2020 - pgajdos@suse.com
+
+- security update
+- added patches
+  fix CVE-2020-13790 [bsc#1172491], heap-based buffer over-read in get_rgb_row() in rdppm.c via a malformed PPM input file
+  + libjpeg-turbo-CVE-2020-13790.patch
+   
 -------------------------------------------------------------------
 Sun Mar 29 10:17:03 UTC 2020 - Aaron Stern <ukbeast89@protonmail.com>

--- a/libjpeg62-turbo.spec
+++ b/libjpeg62-turbo.spec
@ -34,6 +34,8 @@ Source2:        libjpeg-turbo.keyring
 Source3:        baselibs.conf
 Patch1:         libjpeg-turbo-1.3.0-tiff-ojpeg.patch
 Patch2:         ctest-depends.patch
+# CVE-2020-13790 [bsc#1172491], heap-based buffer over-read in get_rgb_row() in rdppm.c via a malformed PPM input file
+Patch3:         libjpeg-turbo-CVE-2020-13790.patch
 BuildRequires:  cmake
 BuildRequires:  gcc-c++
 # needed for tests as we remove the lib here
@ -78,6 +80,7 @@ files using the libjpeg library.
 %setup -q -n libjpeg-turbo-%{srcver}
 %patch1
 %patch2 -p1
+%patch3 -p1

 %build
 export LDFLAGS="-Wl,-z,relro,-z,now"