Hello community,
here is the log from the commit of package libjpeg-turbo for openSUSE:Factory checked in at 2019-01-08 12:19:09
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:Factory/libjpeg-turbo (Old)
and /work/SRC/openSUSE:Factory/.libjpeg-turbo.new.28833 (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "libjpeg-turbo"
Tue Jan 8 12:19:09 2019 rev:45 rq:662705 version:unknown
Changes:
--------
--- /work/SRC/openSUSE:Factory/libjpeg-turbo/libjpeg-turbo.changes 2018-12-19 13:24:35.377296110 +0100
+++ /work/SRC/openSUSE:Factory/.libjpeg-turbo.new.28833/libjpeg-turbo.changes 2019-01-08 12:19:11.296885664 +0100
@@ -1,0 +2,14 @@
+Thu Jan 3 16:45:38 UTC 2019 - Petr Gajdos
+
+- security update
+ * CVE-2018-20330 [bsc#1120646]
+ + libjpeg-turbo-CVE-2018-20330.patch
+
+-------------------------------------------------------------------
+Wed Jan 2 10:13:10 UTC 2019 - Petr Gajdos
+
+- security update
+ * CVE-2018-19644 [bsc#1117890]
+ + libjpeg-turbo-CVE-2018-19644.patch
+
+-------------------------------------------------------------------
--- /work/SRC/openSUSE:Factory/libjpeg-turbo/libjpeg62-turbo.changes 2018-11-18 23:21:20.902266915 +0100
+++ /work/SRC/openSUSE:Factory/.libjpeg-turbo.new.28833/libjpeg62-turbo.changes 2019-01-08 12:19:11.388885578 +0100
@@ -1,0 +2,14 @@
+Thu Jan 3 16:46:46 UTC 2019 - Petr Gajdos
+
+- security update
+ * CVE-2018-20330 [bsc#1120646]
+ + libjpeg-turbo-CVE-2018-20330.patch
+
+-------------------------------------------------------------------
+Wed Jan 2 10:13:00 UTC 2019 - Petr Gajdos
+
+- security update
+ * CVE-2018-19644 [bsc#1117890]
+ + libjpeg-turbo-CVE-2018-19644.patch
+
+-------------------------------------------------------------------
New:
----
libjpeg-turbo-CVE-2018-19644.patch
libjpeg-turbo-CVE-2018-20330.patch
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Other differences:
------------------
++++++ libjpeg-turbo.spec ++++++
--- /var/tmp/diff_new_pack.EZQMal/_old 2019-01-08 12:19:11.992885011 +0100
+++ /var/tmp/diff_new_pack.EZQMal/_new 2019-01-08 12:19:11.992885011 +0100
@@ -1,7 +1,7 @@
#
# spec file for package libjpeg-turbo
#
-# Copyright (c) 2018 SUSE LINUX GmbH, Nuernberg, Germany.
+# Copyright (c) 2019 SUSE LINUX GmbH, Nuernberg, Germany.
#
# All modifications and additions to the file contributed by third parties
# remain the property of their copyright owners, unless otherwise agreed
@@ -39,6 +39,8 @@
Source1: baselibs.conf
Patch1: libjpeg-turbo-1.3.0-tiff-ojpeg.patch
Patch2: ctest-depends.patch
+Patch3: libjpeg-turbo-CVE-2018-19644.patch
+Patch4: libjpeg-turbo-CVE-2018-20330.patch
BuildRequires: cmake
BuildRequires: gcc-c++
BuildRequires: pkgconfig
@@ -104,6 +106,8 @@
%setup -q
%patch1
%patch2 -p1
+%patch4 -p1
+#%patch3 -p1
%build
MYLDFLAGS="-Wl,-z,relro,-z,now"
++++++ libjpeg62-turbo.spec ++++++
--- /var/tmp/diff_new_pack.EZQMal/_old 2019-01-08 12:19:12.012884993 +0100
+++ /var/tmp/diff_new_pack.EZQMal/_new 2019-01-08 12:19:12.012884993 +0100
@@ -1,7 +1,7 @@
#
# spec file for package libjpeg62-turbo
#
-# Copyright (c) 2018 SUSE LINUX GmbH, Nuernberg, Germany.
+# Copyright (c) 2019 SUSE LINUX GmbH, Nuernberg, Germany.
#
# All modifications and additions to the file contributed by third parties
# remain the property of their copyright owners, unless otherwise agreed
@@ -32,6 +32,8 @@
Source1: baselibs.conf
Patch1: libjpeg-turbo-1.3.0-tiff-ojpeg.patch
Patch2: ctest-depends.patch
+Patch3: libjpeg-turbo-CVE-2018-19644.patch
+Patch4: libjpeg-turbo-CVE-2018-20330.patch
BuildRequires: cmake
BuildRequires: gcc-c++
# needed for tests as we remove the lib here
@@ -76,6 +78,8 @@
%setup -q -n libjpeg-turbo-%{srcver}
%patch1
%patch2 -p1
+%patch4 -p1
+%patch3 -p1
%build
export LDFLAGS="-Wl,-z,relro,-z,now"
++++++ libjpeg-turbo-CVE-2018-19644.patch ++++++
diff --git a/wrbmp.c b/wrbmp.c
index 4bf81426b..239f64eb3 100644
--- a/wrbmp.c
+++ b/wrbmp.c
@@ -502,8 +502,9 @@ jinit_write_bmp(j_decompress_ptr cinfo, boolean is_os2,
dest->pub.put_pixel_rows = put_gray_rows;
else
dest->pub.put_pixel_rows = put_pixel_rows;
- } else if (cinfo->out_color_space == JCS_RGB565 ||
- cinfo->out_color_space == JCS_CMYK) {
+ } else if (!cinfo->quantize_colors &&
+ (cinfo->out_color_space == JCS_RGB565 ||
+ cinfo->out_color_space == JCS_CMYK)) {
dest->pub.put_pixel_rows = put_pixel_rows;
} else {
ERREXIT(cinfo, JERR_BMP_COLORSPACE);
++++++ libjpeg-turbo-CVE-2018-20330.patch ++++++
diff --git a/turbojpeg.c b/turbojpeg.c
index 90a9ce6a0..3f7cd6406 100644
--- a/turbojpeg.c
+++ b/turbojpeg.c
@@ -1,5 +1,5 @@
/*
- * Copyright (C)2009-2018 D. R. Commander. All Rights Reserved.
+ * Copyright (C)2009-2019 D. R. Commander. All Rights Reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions are met:
@@ -1960,7 +1960,8 @@ DLLEXPORT unsigned char *tjLoadImage(const char *filename, int *width,
int align, int *height, int *pixelFormat,
int flags)
{
- int retval = 0, tempc, pitch;
+ int retval = 0, tempc;
+ size_t pitch;
tjhandle handle = NULL;
tjinstance *this;
j_compress_ptr cinfo = NULL;
@@ -2013,7 +2014,9 @@ DLLEXPORT unsigned char *tjLoadImage(const char *filename, int *width,
*pixelFormat = cs2pf[cinfo->in_color_space];
pitch = PAD((*width) * tjPixelSize[*pixelFormat], align);
- if ((dstBuf = (unsigned char *)malloc(pitch * (*height))) == NULL)
+ if ((unsigned long long)pitch * (unsigned long long)(*height) >
+ (unsigned long long)((size_t)-1) ||
+ (dstBuf = (unsigned char *)malloc(pitch * (*height))) == NULL)
_throwg("tjLoadImage(): Memory allocation failure");
if (setjmp(this->jerr.setjmp_buffer)) {