Hello community, here is the log from the commit of package libjpeg-turbo for openSUSE:12.2 checked in at 2012-08-09 17:55:41 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:12.2/libjpeg-turbo (Old) and /work/SRC/openSUSE:12.2/.libjpeg-turbo.new (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "libjpeg-turbo", Maintainer is "" Changes: -------- --- /work/SRC/openSUSE:12.2/libjpeg-turbo/libjpeg-turbo.changes 2012-07-25 08:16:46.000000000 +0200 +++ /work/SRC/openSUSE:12.2/.libjpeg-turbo.new/libjpeg-turbo.changes 2012-08-09 17:56:01.000000000 +0200 @@ -1,0 +2,6 @@ +Mon Jul 23 14:29:35 UTC 2012 - [email protected] + +- fixed heap overflow [bnc#771791] + * CVE-2012-2806.patch + +------------------------------------------------------------------- New: ---- libjpeg-turbo-1.1.1-CVE-2012-2806.patch ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ libjpeg-turbo.spec ++++++ --- /var/tmp/diff_new_pack.UE3gaK/_old 2012-08-09 17:56:01.000000000 +0200 +++ /var/tmp/diff_new_pack.UE3gaK/_new 2012-08-09 17:56:01.000000000 +0200 @@ -1,7 +1,7 @@ # # spec file for package libjpeg-turbo # -# Copyright (c) 2011 SUSE LINUX Products GmbH, Nuernberg, Germany. +# Copyright (c) 2012 SUSE LINUX Products GmbH, Nuernberg, Germany. # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed @@ -15,7 +15,6 @@ # Please submit bugfixes or comments via http://bugs.opensuse.org/ # -# norootforbuild %define major 62 %define minor 0 @@ -26,13 +25,15 @@ %define cmajor 8 Name: libjpeg-turbo -License: BSD-3-Clause -Group: Productivity/Graphics/Convertors Version: %{srcver} -Release: 1 +Release: 0 Summary: A MMX/SSE2 accelerated library for manipulating JPEG image files +License: BSD-3-Clause +Group: Productivity/Graphics/Convertors Url: http://sourceforge.net/projects/libjpeg-turbo -BuildRequires: gcc-c++ libtool nasm +BuildRequires: gcc-c++ +BuildRequires: libtool +BuildRequires: nasm Provides: jpeg = %{version} Obsoletes: jpeg Conflicts: jpeg%{major} @@ -41,6 +42,7 @@ Patch0: %{name}-%{version}-int32.patch Patch1: %{name}-%{version}-tiff-ojpeg.patch Patch2: libjpeg-ocloexec.patch +Patch3: libjpeg-turbo-1.1.1-CVE-2012-2806.patch BuildRoot: %{_tmppath}/%{name}-%{version}-build %description @@ -49,15 +51,13 @@ %package -n libjpeg%{major} -License: BSD-3-Clause Summary: The MMX/SSE accelerated JPEG compression/decompression library +Group: System/Libraries Version: %{libver} - +Release: 0 Provides: libjpeg6 = %{version} Obsoletes: libjpeg6 -Group: System/Libraries -AutoReqProv: on # bug437293 %ifarch ppc64 Obsoletes: libjpeg-64bit @@ -75,12 +75,11 @@ Michael Mauldin <[email protected]> %package -n libjpeg%{major}-devel -License: BSD-3-Clause Summary: Development Tools for applications which will use the Libjpeg Library +Group: Development/Libraries/C and C++ Version: %{libver} +Release: 0 - -Group: Development/Libraries/C and C++ Requires: libjpeg%{major} = %{version} Provides: libjpeg-devel = %{version} Obsoletes: libjpeg-devel @@ -103,6 +102,7 @@ %patch0 %patch1 %patch2 +%patch3 %build autoreconf -fiv ++++++ libjpeg-turbo-1.1.1-CVE-2012-2806.patch ++++++ Index: jdmarker.c =================================================================== --- jdmarker.c.orig +++ jdmarker.c @@ -276,7 +276,7 @@ get_sof (j_decompress_ptr cinfo, boolean ((j_common_ptr) cinfo, JPOOL_IMAGE, cinfo->num_components * SIZEOF(jpeg_component_info)); - for (ci = 0, compptr = cinfo->comp_info; ci < cinfo->num_components; + for (ci = 0, compptr = cinfo->comp_info; ci < cinfo->num_components && ci < MAX_COMPS_IN_SCAN; ci++, compptr++) { compptr->component_index = ci; INPUT_BYTE(cinfo, compptr->component_id, return FALSE); -- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
