Hello community, here is the log from the commit of package libjpeg-turbo for openSUSE:Factory checked in at 2017-10-18 12:50:21 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/libjpeg-turbo (Old) and /work/SRC/openSUSE:Factory/.libjpeg-turbo.new (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "libjpeg-turbo" Wed Oct 18 12:50:21 2017 rev:37 rq:533647 version:unknown Changes: -------- --- /work/SRC/openSUSE:Factory/libjpeg-turbo/libjpeg-turbo.changes 2017-10-11 23:01:57.811298321 +0200 +++ /work/SRC/openSUSE:Factory/.libjpeg-turbo.new/libjpeg-turbo.changes 2017-10-18 12:50:22.907501114 +0200 @@ -1,0 +2,35 @@ +Thu Oct 12 10:59:03 UTC 2017 - [email protected] + +- security update: + * CVE-2017-15232 [bsc#1062937] + + libjpeg-turbo-CVE-2017-15232.patch + +------------------------------------------------------------------- +Thu Oct 12 10:22:05 UTC 2017 - [email protected] + +- Update to version 1.5.2 + + Fixed several memory leaks in the TurboJPEG API library that + could occur if the library was built with certain compilers + and optimization levels. + + The libjpeg-turbo memory manager will now honor the + max_memory_to_use structure member in jpeg_memory_mgr, + which can be set to the maximum amount of memory (in bytes) + that libjpeg-turbo should use during decompression or + multi-pass (including progressive) compression. This limit + can also be set using the JPEGMEM environment variable or + using the -maxmemory switch in cjpeg/djpeg/jpegtran. + + TJBench will now run each benchmark for 1 second prior to + starting the timer, in order to improve the consistency of + the results. Furthermore, the -warmup option is now used to + specify the amount of warmup time rather than the number of + warmup iterations. + + Fixed an error (short jump is out of range) that occurred + when assembling the 32-bit x86 SIMD extensions with NASM + versions prior to 2.04. + + Fixed a regression introduced by 1.5 beta1[11] that prevented + the Java version of TJBench from outputting any reference images + (the -nowrite switch was accidentally enabled by default.) + libjpeg-turbo should now build and run with full AltiVec SIMD + acceleration on PowerPC-based AmigaOS 4 and OpenBSD systems. + +------------------------------------------------------------------- libjpeg62-turbo.changes: same change Old: ---- libjpeg-turbo-1.5.1.tar.gz New: ---- libjpeg-turbo-1.5.2.tar.gz libjpeg-turbo-CVE-2017-15232.patch ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ libjpeg-turbo.spec ++++++ --- /var/tmp/diff_new_pack.IIVXys/_old 2017-10-18 12:50:24.499426555 +0200 +++ /var/tmp/diff_new_pack.IIVXys/_new 2017-10-18 12:50:24.503426368 +0200 @@ -16,7 +16,7 @@ # -%define srcver 1.5.1 +%define srcver 1.5.2 %define major 8 %define minor 1 %define micro 2 @@ -37,6 +37,7 @@ Source1: baselibs.conf Patch1: libjpeg-turbo-1.3.0-tiff-ojpeg.patch Patch2: libjpeg-1.4.0-ocloexec.patch +Patch3: libjpeg-turbo-CVE-2017-15232.patch BuildRequires: gcc-c++ BuildRequires: libtool BuildRequires: pkgconfig @@ -108,6 +109,7 @@ %setup -q %patch1 %patch2 +%patch3 -p1 %build export LDFLAGS="-Wl,-z,relro,-z,now" ++++++ libjpeg62-turbo.spec ++++++ --- /var/tmp/diff_new_pack.IIVXys/_old 2017-10-18 12:50:24.551424120 +0200 +++ /var/tmp/diff_new_pack.IIVXys/_new 2017-10-18 12:50:24.563423558 +0200 @@ -19,7 +19,7 @@ %define major 62 %define minor 2 %define micro 0 -%define srcver 1.5.1 +%define srcver 1.5.2 %define libver %{major}.%{minor}.%{micro} Name: libjpeg62-turbo @@ -33,6 +33,7 @@ Source1: baselibs.conf Patch1: libjpeg-turbo-1.3.0-tiff-ojpeg.patch Patch2: libjpeg-1.4.0-ocloexec.patch +Patch3: libjpeg-turbo-CVE-2017-15232.patch BuildRequires: gcc-c++ BuildRequires: libtool BuildRequires: pkgconfig @@ -84,6 +85,7 @@ %setup -q -n libjpeg-turbo-%{srcver} %patch1 %patch2 +%patch3 -p1 %build export LDFLAGS="-Wl,-z,relro,-z,now" ++++++ libjpeg-turbo-1.5.1.tar.gz -> libjpeg-turbo-1.5.2.tar.gz ++++++ ++++ 3455 lines of diff (skipped) ++++++ libjpeg-turbo-CVE-2017-15232.patch ++++++ Index: libjpeg-turbo-1.5.2/jdpostct.c =================================================================== --- libjpeg-turbo-1.5.2.orig/jdpostct.c 2017-07-07 22:31:10.000000000 +0200 +++ libjpeg-turbo-1.5.2/jdpostct.c 2017-10-12 13:02:48.572975302 +0200 @@ -132,6 +132,11 @@ post_process_1pass (j_decompress_ptr cin my_post_ptr post = (my_post_ptr) cinfo->post; JDIMENSION num_rows, max_rows; + /* read_and_discard_scanlines may call it with rows "available", but no buffer */ + if (output_buf == NULL) { + return; + } + /* Fill the buffer, but not more than what we can dump out in one go. */ /* Note we rely on the upsampler to detect bottom of image. */ max_rows = out_rows_avail - *out_row_ctr; Index: libjpeg-turbo-1.5.2/jquant1.c =================================================================== --- libjpeg-turbo-1.5.2.orig/jquant1.c 2017-07-07 22:31:10.000000000 +0200 +++ libjpeg-turbo-1.5.2/jquant1.c 2017-10-12 13:02:48.572975302 +0200 @@ -531,6 +531,10 @@ quantize_ord_dither (j_decompress_ptr ci JDIMENSION col; JDIMENSION width = cinfo->output_width; + if (output_buf == NULL && num_rows) { + ERREXIT(cinfo, JERR_BAD_PARAM); + } + for (row = 0; row < num_rows; row++) { /* Initialize output values to 0 so can process components separately */ jzero_far((void *) output_buf[row], (size_t) (width * sizeof(JSAMPLE))); Index: libjpeg-turbo-1.5.2/jerror.h =================================================================== --- libjpeg-turbo-1.5.2.orig/jerror.h 2017-07-07 22:31:10.000000000 +0200 +++ libjpeg-turbo-1.5.2/jerror.h 2017-10-12 13:24:01.349954012 +0200 @@ -208,6 +208,7 @@ JMESSAGE(JERR_NO_ARITH_TABLE, "Arithmeti JMESSAGE(JWRN_ARITH_BAD_CODE, "Corrupt JPEG data: bad arithmetic code") #endif #endif +JMESSAGE(JERR_BAD_PARAM, "Bogus parameter") #ifdef JMAKE_ENUM_LIST
