Hello community, here is the log from the commit of package libjpeg-turbo for openSUSE:Factory checked in at 2019-01-08 12:19:09 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/libjpeg-turbo (Old) and /work/SRC/openSUSE:Factory/.libjpeg-turbo.new.28833 (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "libjpeg-turbo" Tue Jan 8 12:19:09 2019 rev:45 rq:662705 version:unknown Changes: -------- --- /work/SRC/openSUSE:Factory/libjpeg-turbo/libjpeg-turbo.changes 2018-12-19 13:24:35.377296110 +0100 +++ /work/SRC/openSUSE:Factory/.libjpeg-turbo.new.28833/libjpeg-turbo.changes 2019-01-08 12:19:11.296885664 +0100 @@ -1,0 +2,14 @@ +Thu Jan 3 16:45:38 UTC 2019 - Petr Gajdos <[email protected]> + +- security update + * CVE-2018-20330 [bsc#1120646] + + libjpeg-turbo-CVE-2018-20330.patch + +------------------------------------------------------------------- +Wed Jan 2 10:13:10 UTC 2019 - Petr Gajdos <[email protected]> + +- security update + * CVE-2018-19644 [bsc#1117890] + + libjpeg-turbo-CVE-2018-19644.patch + +------------------------------------------------------------------- --- /work/SRC/openSUSE:Factory/libjpeg-turbo/libjpeg62-turbo.changes 2018-11-18 23:21:20.902266915 +0100 +++ /work/SRC/openSUSE:Factory/.libjpeg-turbo.new.28833/libjpeg62-turbo.changes 2019-01-08 12:19:11.388885578 +0100 @@ -1,0 +2,14 @@ +Thu Jan 3 16:46:46 UTC 2019 - Petr Gajdos <[email protected]> + +- security update + * CVE-2018-20330 [bsc#1120646] + + libjpeg-turbo-CVE-2018-20330.patch + +------------------------------------------------------------------- +Wed Jan 2 10:13:00 UTC 2019 - Petr Gajdos <[email protected]> + +- security update + * CVE-2018-19644 [bsc#1117890] + + libjpeg-turbo-CVE-2018-19644.patch + +------------------------------------------------------------------- New: ---- libjpeg-turbo-CVE-2018-19644.patch libjpeg-turbo-CVE-2018-20330.patch ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ libjpeg-turbo.spec ++++++ --- /var/tmp/diff_new_pack.EZQMal/_old 2019-01-08 12:19:11.992885011 +0100 +++ /var/tmp/diff_new_pack.EZQMal/_new 2019-01-08 12:19:11.992885011 +0100 @@ -1,7 +1,7 @@ # # spec file for package libjpeg-turbo # -# Copyright (c) 2018 SUSE LINUX GmbH, Nuernberg, Germany. +# Copyright (c) 2019 SUSE LINUX GmbH, Nuernberg, Germany. # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed @@ -39,6 +39,8 @@ Source1: baselibs.conf Patch1: libjpeg-turbo-1.3.0-tiff-ojpeg.patch Patch2: ctest-depends.patch +Patch3: libjpeg-turbo-CVE-2018-19644.patch +Patch4: libjpeg-turbo-CVE-2018-20330.patch BuildRequires: cmake BuildRequires: gcc-c++ BuildRequires: pkgconfig @@ -104,6 +106,8 @@ %setup -q %patch1 %patch2 -p1 +%patch4 -p1 +#%patch3 -p1 %build MYLDFLAGS="-Wl,-z,relro,-z,now" ++++++ libjpeg62-turbo.spec ++++++ --- /var/tmp/diff_new_pack.EZQMal/_old 2019-01-08 12:19:12.012884993 +0100 +++ /var/tmp/diff_new_pack.EZQMal/_new 2019-01-08 12:19:12.012884993 +0100 @@ -1,7 +1,7 @@ # # spec file for package libjpeg62-turbo # -# Copyright (c) 2018 SUSE LINUX GmbH, Nuernberg, Germany. +# Copyright (c) 2019 SUSE LINUX GmbH, Nuernberg, Germany. # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed @@ -32,6 +32,8 @@ Source1: baselibs.conf Patch1: libjpeg-turbo-1.3.0-tiff-ojpeg.patch Patch2: ctest-depends.patch +Patch3: libjpeg-turbo-CVE-2018-19644.patch +Patch4: libjpeg-turbo-CVE-2018-20330.patch BuildRequires: cmake BuildRequires: gcc-c++ # needed for tests as we remove the lib here @@ -76,6 +78,8 @@ %setup -q -n libjpeg-turbo-%{srcver} %patch1 %patch2 -p1 +%patch4 -p1 +%patch3 -p1 %build export LDFLAGS="-Wl,-z,relro,-z,now" ++++++ libjpeg-turbo-CVE-2018-19644.patch ++++++ diff --git a/wrbmp.c b/wrbmp.c index 4bf81426b..239f64eb3 100644 --- a/wrbmp.c +++ b/wrbmp.c @@ -502,8 +502,9 @@ jinit_write_bmp(j_decompress_ptr cinfo, boolean is_os2, dest->pub.put_pixel_rows = put_gray_rows; else dest->pub.put_pixel_rows = put_pixel_rows; - } else if (cinfo->out_color_space == JCS_RGB565 || - cinfo->out_color_space == JCS_CMYK) { + } else if (!cinfo->quantize_colors && + (cinfo->out_color_space == JCS_RGB565 || + cinfo->out_color_space == JCS_CMYK)) { dest->pub.put_pixel_rows = put_pixel_rows; } else { ERREXIT(cinfo, JERR_BMP_COLORSPACE); ++++++ libjpeg-turbo-CVE-2018-20330.patch ++++++ diff --git a/turbojpeg.c b/turbojpeg.c index 90a9ce6a0..3f7cd6406 100644 --- a/turbojpeg.c +++ b/turbojpeg.c @@ -1,5 +1,5 @@ /* - * Copyright (C)2009-2018 D. R. Commander. All Rights Reserved. + * Copyright (C)2009-2019 D. R. Commander. All Rights Reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions are met: @@ -1960,7 +1960,8 @@ DLLEXPORT unsigned char *tjLoadImage(const char *filename, int *width, int align, int *height, int *pixelFormat, int flags) { - int retval = 0, tempc, pitch; + int retval = 0, tempc; + size_t pitch; tjhandle handle = NULL; tjinstance *this; j_compress_ptr cinfo = NULL; @@ -2013,7 +2014,9 @@ DLLEXPORT unsigned char *tjLoadImage(const char *filename, int *width, *pixelFormat = cs2pf[cinfo->in_color_space]; pitch = PAD((*width) * tjPixelSize[*pixelFormat], align); - if ((dstBuf = (unsigned char *)malloc(pitch * (*height))) == NULL) + if ((unsigned long long)pitch * (unsigned long long)(*height) > + (unsigned long long)((size_t)-1) || + (dstBuf = (unsigned char *)malloc(pitch * (*height))) == NULL) _throwg("tjLoadImage(): Memory allocation failure"); if (setjmp(this->jerr.setjmp_buffer)) {
