Hello community, here is the log from the commit of package libjpeg-turbo for openSUSE:Factory checked in at 2014-11-28 08:44:29 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/libjpeg-turbo (Old) and /work/SRC/openSUSE:Factory/.libjpeg-turbo.new (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "libjpeg-turbo" Changes: -------- --- /work/SRC/openSUSE:Factory/libjpeg-turbo/libjpeg-turbo.changes 2014-10-18 09:08:30.000000000 +0200 +++ /work/SRC/openSUSE:Factory/.libjpeg-turbo.new/libjpeg-turbo.changes 2014-11-28 08:44:31.000000000 +0100 @@ -1,0 +2,6 @@ +Thu Nov 27 09:50:00 UTC 2014 - [email protected] + +- security update CVE-2014-9092 [bnc#906761] + * added libjpeg-turbo-CVE-2014-9092.patch + +------------------------------------------------------------------- --- /work/SRC/openSUSE:Factory/libjpeg-turbo/libjpeg62-turbo.changes 2014-10-07 18:23:57.000000000 +0200 +++ /work/SRC/openSUSE:Factory/.libjpeg-turbo.new/libjpeg62-turbo.changes 2014-11-28 08:44:31.000000000 +0100 @@ -1,0 +2,6 @@ +Thu Nov 27 09:49:28 UTC 2014 - [email protected] + +- security update CVE-2014-9092 [bnc#906761] + * added libjpeg-turbo-CVE-2014-9092.patch + +------------------------------------------------------------------- New: ---- libjpeg-turbo-CVE-2014-9092.patch ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ libjpeg-turbo.spec ++++++ --- /var/tmp/diff_new_pack.81YQGe/_old 2014-11-28 08:44:32.000000000 +0100 +++ /var/tmp/diff_new_pack.81YQGe/_new 2014-11-28 08:44:32.000000000 +0100 @@ -38,6 +38,7 @@ Patch0: libjpeg-turbo-1.3.0-int32.patch Patch1: libjpeg-turbo-1.3.0-tiff-ojpeg.patch Patch2: libjpeg-ocloexec.patch +Patch3: libjpeg-turbo-CVE-2014-9092.patch BuildRequires: gcc-c++ BuildRequires: libtool BuildRequires: yasm @@ -106,6 +107,7 @@ %patch0 %patch1 %patch2 +%patch3 %build autoreconf -fiv ++++++ libjpeg62-turbo.spec ++++++ --- /var/tmp/diff_new_pack.81YQGe/_old 2014-11-28 08:44:32.000000000 +0100 +++ /var/tmp/diff_new_pack.81YQGe/_new 2014-11-28 08:44:32.000000000 +0100 @@ -34,6 +34,7 @@ Patch0: libjpeg-turbo-1.3.0-int32.patch Patch1: libjpeg-turbo-1.3.0-tiff-ojpeg.patch Patch2: libjpeg-ocloexec.patch +Patch3: libjpeg-turbo-CVE-2014-9092.patch BuildRequires: gcc-c++ BuildRequires: libtool BuildRequires: yasm @@ -87,6 +88,7 @@ %patch0 %patch1 %patch2 +%patch3 %build autoreconf -fiv ++++++ libjpeg-turbo-CVE-2014-9092.patch ++++++ Index: jchuff.c =================================================================== --- jchuff.c.orig 2012-06-30 01:52:08.000000000 +0200 +++ jchuff.c 2014-11-24 13:52:20.214638106 +0100 @@ -392,7 +392,7 @@ #endif -#define BUFSIZE (DCTSIZE2 * 2) +#define BUFSIZE (DCTSIZE2 * 4) #define LOAD_BUFFER() { \ if (state->free_in_buffer < BUFSIZE) { \ -- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
