Hello community,
here is the log from the commit of package libjpeg-turbo for openSUSE:Factory
checked in at 2018-06-22 13:16:26
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:Factory/libjpeg-turbo (Old)
and /work/SRC/openSUSE:Factory/.libjpeg-turbo.new (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "libjpeg-turbo"
Fri Jun 22 13:16:26 2018 rev:39 rq:617768 version:unknown
Changes:
--------
--- /work/SRC/openSUSE:Factory/libjpeg-turbo/libjpeg-turbo.changes
2017-12-23 12:18:07.911546053 +0100
+++ /work/SRC/openSUSE:Factory/.libjpeg-turbo.new/libjpeg-turbo.changes
2018-06-22 13:16:29.216582154 +0200
@@ -1,0 +2,16 @@
+Tue Jun 19 13:40:32 UTC 2018 - pgaj...@suse.com
+
+- security update:
+ * CVE-2018-1152 [bsc#1098155]
+ + libjpeg-turbo-CVE-2018-1152.patch
+
+-------------------------------------------------------------------
+Tue Jun 12 13:34:11 UTC 2018 - pgaj...@suse.com
+
+- security update:
+ * CVE-2018-11813 [bsc#1096209]
+ + libjpeg-turbo-CVE-2018-11813.patch
+ * remove redundant libjpeg-turbo-CVE-2017-15232.patch
+ [bsc#1062937#c17]
+
+-------------------------------------------------------------------
--- /work/SRC/openSUSE:Factory/libjpeg-turbo/libjpeg62-turbo.changes
2017-12-23 12:18:07.947544298 +0100
+++ /work/SRC/openSUSE:Factory/.libjpeg-turbo.new/libjpeg62-turbo.changes
2018-06-22 13:16:29.248580967 +0200
@@ -1,0 +2,16 @@
+Tue Jun 19 13:45:31 UTC 2018 - pgaj...@suse.com
+
+- security update:
+ * CVE-2018-1152 [bsc#1098155]
+ + libjpeg-turbo-CVE-2018-1152.patch
+
+-------------------------------------------------------------------
+Tue Jun 12 13:34:11 UTC 2018 - pgaj...@suse.com
+
+- security update:
+ * CVE-2018-11813 [bsc#1096209]
+ + libjpeg-turbo-CVE-2018-11813.patch
+ * remove redundant libjpeg-turbo-CVE-2017-15232.patch
+ [bsc#1062937#c17]
+
+-------------------------------------------------------------------
Old:
----
libjpeg-turbo-CVE-2017-15232.patch
New:
----
libjpeg-turbo-CVE-2018-1152.patch
libjpeg-turbo-CVE-2018-11813.patch
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Other differences:
------------------
++++++ libjpeg-turbo.spec ++++++
--- /var/tmp/diff_new_pack.gg8dVF/_old 2018-06-22 13:16:30.196545816 +0200
+++ /var/tmp/diff_new_pack.gg8dVF/_new 2018-06-22 13:16:30.200545667 +0200
@@ -1,7 +1,7 @@
#
# spec file for package libjpeg-turbo
#
-# Copyright (c) 2017 SUSE LINUX GmbH, Nuernberg, Germany.
+# Copyright (c) 2018 SUSE LINUX GmbH, Nuernberg, Germany.
#
# All modifications and additions to the file contributed by third parties
# remain the property of their copyright owners, unless otherwise agreed
@@ -37,7 +37,8 @@
Source1: baselibs.conf
Patch1: libjpeg-turbo-1.3.0-tiff-ojpeg.patch
Patch2: libjpeg-1.4.0-ocloexec.patch
-Patch3: libjpeg-turbo-CVE-2017-15232.patch
+Patch3: libjpeg-turbo-CVE-2018-11813.patch
+Patch4: libjpeg-turbo-CVE-2018-1152.patch
BuildRequires: gcc-c++
BuildRequires: libtool
BuildRequires: pkgconfig
@@ -110,6 +111,7 @@
%patch1
%patch2
%patch3 -p1
+%patch4 -p1
%build
export LDFLAGS="-Wl,-z,relro,-z,now"
++++++ libjpeg62-turbo.spec ++++++
--- /var/tmp/diff_new_pack.gg8dVF/_old 2018-06-22 13:16:30.220544926 +0200
+++ /var/tmp/diff_new_pack.gg8dVF/_new 2018-06-22 13:16:30.224544778 +0200
@@ -1,7 +1,7 @@
#
# spec file for package libjpeg62-turbo
#
-# Copyright (c) 2017 SUSE LINUX GmbH, Nuernberg, Germany.
+# Copyright (c) 2018 SUSE LINUX GmbH, Nuernberg, Germany.
#
# All modifications and additions to the file contributed by third parties
# remain the property of their copyright owners, unless otherwise agreed
@@ -33,7 +33,8 @@
Source1: baselibs.conf
Patch1: libjpeg-turbo-1.3.0-tiff-ojpeg.patch
Patch2: libjpeg-1.4.0-ocloexec.patch
-Patch3: libjpeg-turbo-CVE-2017-15232.patch
+Patch3: libjpeg-turbo-CVE-2018-11813.patch
+Patch4: libjpeg-turbo-CVE-2018-1152.patch
BuildRequires: gcc-c++
BuildRequires: libtool
BuildRequires: pkgconfig
@@ -86,6 +87,7 @@
%patch1
%patch2
%patch3 -p1
+%patch4 -p1
%build
export LDFLAGS="-Wl,-z,relro,-z,now"
++++++ libjpeg-turbo-CVE-2017-15232.patch -> libjpeg-turbo-CVE-2018-1152.patch
++++++
--- /work/SRC/openSUSE:Factory/libjpeg-turbo/libjpeg-turbo-CVE-2017-15232.patch
2017-10-18 12:50:22.503520035 +0200
+++
/work/SRC/openSUSE:Factory/.libjpeg-turbo.new/libjpeg-turbo-CVE-2018-1152.patch
2018-06-22 13:16:29.084587048 +0200
@@ -1,43 +1,17 @@
-Index: libjpeg-turbo-1.5.2/jdpostct.c
+Index: libjpeg-turbo-1.5.3/rdbmp.c
===================================================================
---- libjpeg-turbo-1.5.2.orig/jdpostct.c 2017-07-07 22:31:10.000000000
+0200
-+++ libjpeg-turbo-1.5.2/jdpostct.c 2017-10-12 13:02:48.572975302 +0200
-@@ -132,6 +132,11 @@ post_process_1pass (j_decompress_ptr cin
- my_post_ptr post = (my_post_ptr) cinfo->post;
- JDIMENSION num_rows, max_rows;
-
-+ /* read_and_discard_scanlines may call it with rows "available", but no
buffer */
-+ if (output_buf == NULL) {
-+ return;
-+ }
-+
- /* Fill the buffer, but not more than what we can dump out in one go. */
- /* Note we rely on the upsampler to detect bottom of image. */
- max_rows = out_rows_avail - *out_row_ctr;
-Index: libjpeg-turbo-1.5.2/jquant1.c
-===================================================================
---- libjpeg-turbo-1.5.2.orig/jquant1.c 2017-07-07 22:31:10.000000000 +0200
-+++ libjpeg-turbo-1.5.2/jquant1.c 2017-10-12 13:02:48.572975302 +0200
-@@ -531,6 +531,10 @@ quantize_ord_dither (j_decompress_ptr ci
- JDIMENSION col;
- JDIMENSION width = cinfo->output_width;
-
-+ if (output_buf == NULL && num_rows) {
-+ ERREXIT(cinfo, JERR_BAD_PARAM);
-+ }
-+
- for (row = 0; row < num_rows; row++) {
- /* Initialize output values to 0 so can process components separately */
- jzero_far((void *) output_buf[row], (size_t) (width * sizeof(JSAMPLE)));
-Index: libjpeg-turbo-1.5.2/jerror.h
-===================================================================
---- libjpeg-turbo-1.5.2.orig/jerror.h 2017-07-07 22:31:10.000000000 +0200
-+++ libjpeg-turbo-1.5.2/jerror.h 2017-10-12 13:24:01.349954012 +0200
-@@ -208,6 +208,7 @@ JMESSAGE(JERR_NO_ARITH_TABLE, "Arithmeti
- JMESSAGE(JWRN_ARITH_BAD_CODE, "Corrupt JPEG data: bad arithmetic code")
- #endif
- #endif
-+JMESSAGE(JERR_BAD_PARAM, "Bogus parameter")
-
- #ifdef JMAKE_ENUM_LIST
+--- libjpeg-turbo-1.5.3.orig/rdbmp.c
++++ libjpeg-turbo-1.5.3/rdbmp.c
+@@ -434,6 +434,12 @@ start_input_bmp (j_compress_ptr cinfo, c
+ progress->total_extra_passes++; /* count file input as separate pass */
+ }
++ /* Ensure that biWidth * cinfo->input_components doesn't exceed the maximum
++ value of the JDIMENSION type. This is only a danger with BMP files,
since
++ their width and height fields are 32-bit integers. */
++ if ((unsigned long long)biWidth *
++ (unsigned long long)cinfo->input_components > 0xFFFFFFFFULL)
++ ERREXIT(cinfo, JERR_WIDTH_OVERFLOW);
+ /* Allocate one-row buffer for returned data */
+ source->pub.buffer = (*cinfo->mem->alloc_sarray)
+ ((j_common_ptr) cinfo, JPOOL_IMAGE,
++++++ libjpeg-turbo-CVE-2017-15232.patch -> libjpeg-turbo-CVE-2018-11813.patch
++++++
--- /work/SRC/openSUSE:Factory/libjpeg-turbo/libjpeg-turbo-CVE-2017-15232.patch
2017-10-18 12:50:22.503520035 +0200
+++
/work/SRC/openSUSE:Factory/.libjpeg-turbo.new/libjpeg-turbo-CVE-2018-11813.patch
2018-06-22 13:16:29.200582747 +0200
@@ -1,43 +1,34 @@
-Index: libjpeg-turbo-1.5.2/jdpostct.c
+Index: libjpeg-turbo-1.5.3/rdtarga.c
===================================================================
---- libjpeg-turbo-1.5.2.orig/jdpostct.c 2017-07-07 22:31:10.000000000
+0200
-+++ libjpeg-turbo-1.5.2/jdpostct.c 2017-10-12 13:02:48.572975302 +0200
-@@ -132,6 +132,11 @@ post_process_1pass (j_decompress_ptr cin
- my_post_ptr post = (my_post_ptr) cinfo->post;
- JDIMENSION num_rows, max_rows;
+--- libjpeg-turbo-1.5.3.orig/rdtarga.c 2017-12-14 05:39:01.000000000 +0100
++++ libjpeg-turbo-1.5.3/rdtarga.c 2018-06-13 09:32:33.927652164 +0200
+@@ -125,11 +125,10 @@ METHODDEF(void)
+ read_non_rle_pixel (tga_source_ptr sinfo)
+ /* Read one Targa pixel from the input file; no RLE expansion */
+ {
+- register FILE *infile = sinfo->pub.input_file;
+ register int i;
-+ /* read_and_discard_scanlines may call it with rows "available", but no
buffer */
-+ if (output_buf == NULL) {
-+ return;
-+ }
-+
- /* Fill the buffer, but not more than what we can dump out in one go. */
- /* Note we rely on the upsampler to detect bottom of image. */
- max_rows = out_rows_avail - *out_row_ctr;
-Index: libjpeg-turbo-1.5.2/jquant1.c
-===================================================================
---- libjpeg-turbo-1.5.2.orig/jquant1.c 2017-07-07 22:31:10.000000000 +0200
-+++ libjpeg-turbo-1.5.2/jquant1.c 2017-10-12 13:02:48.572975302 +0200
-@@ -531,6 +531,10 @@ quantize_ord_dither (j_decompress_ptr ci
- JDIMENSION col;
- JDIMENSION width = cinfo->output_width;
+ for (i = 0; i < sinfo->pixel_size; i++) {
+- sinfo->tga_pixel[i] = (U_CHAR) getc(infile);
++ sinfo->tga_pixel[i] = (U_CHAR)read_byte(sinfo);
+ }
+ }
-+ if (output_buf == NULL && num_rows) {
-+ ERREXIT(cinfo, JERR_BAD_PARAM);
-+ }
-+
- for (row = 0; row < num_rows; row++) {
- /* Initialize output values to 0 so can process components separately */
- jzero_far((void *) output_buf[row], (size_t) (width * sizeof(JSAMPLE)));
-Index: libjpeg-turbo-1.5.2/jerror.h
-===================================================================
---- libjpeg-turbo-1.5.2.orig/jerror.h 2017-07-07 22:31:10.000000000 +0200
-+++ libjpeg-turbo-1.5.2/jerror.h 2017-10-12 13:24:01.349954012 +0200
-@@ -208,6 +208,7 @@ JMESSAGE(JERR_NO_ARITH_TABLE, "Arithmeti
- JMESSAGE(JWRN_ARITH_BAD_CODE, "Corrupt JPEG data: bad arithmetic code")
- #endif
- #endif
-+JMESSAGE(JERR_BAD_PARAM, "Bogus parameter")
+@@ -138,7 +137,6 @@ METHODDEF(void)
+ read_rle_pixel (tga_source_ptr sinfo)
+ /* Read one Targa pixel from the input file, expanding RLE data as needed */
+ {
+- register FILE *infile = sinfo->pub.input_file;
+ register int i;
+
+ /* Duplicate previously read pixel? */
+@@ -160,7 +158,7 @@ read_rle_pixel (tga_source_ptr sinfo)
- #ifdef JMAKE_ENUM_LIST
+ /* Read next pixel */
+ for (i = 0; i < sinfo->pixel_size; i++) {
+- sinfo->tga_pixel[i] = (U_CHAR) getc(infile);
++ sinfo->tga_pixel[i] = (U_CHAR)read_byte(sinfo);
+ }
+ }
