Hello community, here is the log from the commit of package libjpeg-turbo for openSUSE:Factory checked in at 2020-06-10 00:34:41 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/libjpeg-turbo (Old) and /work/SRC/openSUSE:Factory/.libjpeg-turbo.new.3606 (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "libjpeg-turbo" Wed Jun 10 00:34:41 2020 rev:52 rq:812575 version:unknown Changes: -------- --- /work/SRC/openSUSE:Factory/libjpeg-turbo/libjpeg-turbo.changes 2020-03-31 17:32:47.296279565 +0200 +++ /work/SRC/openSUSE:Factory/.libjpeg-turbo.new.3606/libjpeg-turbo.changes 2020-06-10 00:34:58.632844753 +0200 @@ -1,0 +2,8 @@ +Mon Jun 8 11:49:47 UTC 2020 - [email protected] + +- security update +- added patches + fix CVE-2020-13790 [bsc#1172491], heap-based buffer over-read in get_rgb_row() in rdppm.c via a malformed PPM input file + + libjpeg-turbo-CVE-2020-13790.patch + +------------------------------------------------------------------- --- /work/SRC/openSUSE:Factory/libjpeg-turbo/libjpeg62-turbo.changes 2020-03-31 17:32:47.508279689 +0200 +++ /work/SRC/openSUSE:Factory/.libjpeg-turbo.new.3606/libjpeg62-turbo.changes 2020-06-10 00:35:00.180848905 +0200 @@ -1,0 +2,8 @@ +Mon Jun 8 11:49:47 UTC 2020 - [email protected] + +- security update +- added patches + fix CVE-2020-13790 [bsc#1172491], heap-based buffer over-read in get_rgb_row() in rdppm.c via a malformed PPM input file + + libjpeg-turbo-CVE-2020-13790.patch + +------------------------------------------------------------------- New: ---- libjpeg-turbo-CVE-2020-13790.patch ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ libjpeg-turbo.spec ++++++ --- /var/tmp/diff_new_pack.Srw61F/_old 2020-06-10 00:35:01.936853615 +0200 +++ /var/tmp/diff_new_pack.Srw61F/_new 2020-06-10 00:35:01.936853615 +0200 @@ -39,6 +39,8 @@ Source1: baselibs.conf Patch1: libjpeg-turbo-1.3.0-tiff-ojpeg.patch Patch2: ctest-depends.patch +# CVE-2020-13790 [bsc#1172491], heap-based buffer over-read in get_rgb_row() in rdppm.c via a malformed PPM input file +Patch3: libjpeg-turbo-CVE-2020-13790.patch BuildRequires: cmake BuildRequires: gcc-c++ BuildRequires: pkgconfig @@ -104,6 +106,7 @@ %setup -q %patch1 %patch2 -p1 +%patch3 -p1 %build MYLDFLAGS="-Wl,-z,relro,-z,now" ++++++ libjpeg62-turbo.spec ++++++ --- /var/tmp/diff_new_pack.Srw61F/_old 2020-06-10 00:35:01.964853691 +0200 +++ /var/tmp/diff_new_pack.Srw61F/_new 2020-06-10 00:35:01.968853701 +0200 @@ -34,6 +34,8 @@ Source3: baselibs.conf Patch1: libjpeg-turbo-1.3.0-tiff-ojpeg.patch Patch2: ctest-depends.patch +# CVE-2020-13790 [bsc#1172491], heap-based buffer over-read in get_rgb_row() in rdppm.c via a malformed PPM input file +Patch3: libjpeg-turbo-CVE-2020-13790.patch BuildRequires: cmake BuildRequires: gcc-c++ # needed for tests as we remove the lib here @@ -78,6 +80,7 @@ %setup -q -n libjpeg-turbo-%{srcver} %patch1 %patch2 -p1 +%patch3 -p1 %build export LDFLAGS="-Wl,-z,relro,-z,now" ++++++ libjpeg-turbo-CVE-2020-13790.patch ++++++ --- a/rdppm.c +++ b/rdppm.c @@ -720,7 +720,7 @@ start_input_ppm(j_compress_ptr cinfo, cjpeg_source_ptr sinfo) /* On 16-bit-int machines we have to be careful of maxval = 65535 */ source->rescale = (JSAMPLE *) (*cinfo->mem->alloc_small) ((j_common_ptr)cinfo, JPOOL_IMAGE, - (size_t)(((long)maxval + 1L) * + (size_t)(((long)MAX(maxval, 255) + 1L) * sizeof(JSAMPLE))); half_maxval = maxval / 2; for (val = 0; val <= (long)maxval; val++) {
