[Libreoffice-commits] core.git: Branch 'libreoffice-7-2' - 2 commits - download.lst external/libjpeg-turbo

Fri, 05 Nov 2021 13:10:22 -0700 

 download.lst                                                            |    4 
-
 external/libjpeg-turbo/UnpackedTarball_libjpeg-turbo.mk                 |    1 
 external/libjpeg-turbo/c76f4a08263b0cea40d2967560ac7c21f6959079.patch.1 |   38 
++++++++++
 3 files changed, 41 insertions(+), 2 deletions(-)

New commits:
commit ebd556220a5045c1c81891b712648d220a168c70
Author:     Michael Stahl <michael.st...@allotropia.de>
AuthorDate: Fri Nov 5 19:40:49 2021 +0100
Commit:     Caolán McNamara <caol...@redhat.com>
CommitDate: Fri Nov 5 21:09:56 2021 +0100

    libjpeg-turbo: add patch for CVE-2020-17541
    
    Change-Id: Ie3fe30bea6a62e7cafeaed957d6ef6aeb879047b
    Reviewed-on: https://gerrit.libreoffice.org/c/core/+/124778
    Tested-by: Jenkins
    Reviewed-by: Caolán McNamara <caol...@redhat.com>

diff --git a/external/libjpeg-turbo/UnpackedTarball_libjpeg-turbo.mk 
b/external/libjpeg-turbo/UnpackedTarball_libjpeg-turbo.mk
index a99df67bb011..5440d16ecfc1 100644
--- a/external/libjpeg-turbo/UnpackedTarball_libjpeg-turbo.mk
+++ b/external/libjpeg-turbo/UnpackedTarball_libjpeg-turbo.mk
@@ -19,6 +19,7 @@ $(eval $(call gb_UnpackedTarball_add_patches,libjpeg-turbo,\
        external/libjpeg-turbo/jpeg-turbo.build.patch.1 \
        $(if $(filter 
WNT,$(OS)),external/libjpeg-turbo/jpeg-turbo.win_build.patch.1) \
        external/libjpeg-turbo/ubsan.patch \
+       external/libjpeg-turbo/c76f4a08263b0cea40d2967560ac7c21f6959079.patch.1 
\
 ))
 
 # vim: set noet sw=4 ts=4:
diff --git 
a/external/libjpeg-turbo/c76f4a08263b0cea40d2967560ac7c21f6959079.patch.1 
b/external/libjpeg-turbo/c76f4a08263b0cea40d2967560ac7c21f6959079.patch.1
new file mode 100644
index 000000000000..cc3da737e7b0
--- /dev/null
+++ b/external/libjpeg-turbo/c76f4a08263b0cea40d2967560ac7c21f6959079.patch.1
@@ -0,0 +1,38 @@
+From c76f4a08263b0cea40d2967560ac7c21f6959079 Mon Sep 17 00:00:00 2001
+From: DRC <informat...@libjpeg-turbo.org>
+Date: Thu, 5 Dec 2019 13:12:28 -0600
+Subject: [PATCH] Huffman enc.: Fix very rare local buffer overrun
+
+... detected by ASan.  This is a similar issue to the issue that was
+fixed with 402a715f82313384ef4606660c32d8678c79f197.  Apparently it is
+possible to create a malformed JPEG image that exceeds the Huffman
+encoder's 256-byte local buffer when attempting to losslessly tranform
+the image.  That makes sense, given that it was necessary to extend the
+Huffman decoder's local buffer to 512 bytes in order to handle all
+pathological cases (refer to 0463f7c9aad060fcd56e98d025ce16185279e2bc.)
+
+Since this issue affected only lossless transformation, a workflow that
+isn't generally exposed to arbitrary data exploits, and since the
+overrun did not overflow the stack (i.e. it did not result in a segfault
+or other user-visible issue, and valgrind didn't even detect it), it did
+not likely pose a security risk.
+
+Fixes #392
+---
+ ChangeLog.md | 10 ++++++++++
+ jchuff.c     |  2 +-
+ 2 files changed, 11 insertions(+), 1 deletion(-)
+
+diff --git a/jchuff.c b/jchuff.c
+index 206958e2f..cb05055d9 100644
+--- a/jchuff.c
++++ b/jchuff.c
+@@ -432,7 +432,7 @@ dump_buffer(working_state *state)
+  * scanning order-- 1, 8, 16, etc.), then this will produce an encoded block
+  * larger than 200 bytes.
+  */
+-#define BUFSIZE (DCTSIZE2 * 4)
++#define BUFSIZE (DCTSIZE2 * 8)
+ 
+ #define LOAD_BUFFER() { \
+   if (state->free_in_buffer < BUFSIZE) { \
commit 7208197a4ac718411fa6e3b4c770fdec8c67557d
Author:     Michael Stahl <michael.st...@allotropia.de>
AuthorDate: Fri Nov 5 14:03:05 2021 +0100
Commit:     Caolán McNamara <caol...@redhat.com>
CommitDate: Fri Nov 5 21:09:41 2021 +0100

    bzip2: upgrade to release 1.0.8
    
    Fixes CVE-2019-12900
    
    Change-Id: If3fcfff78a61c60014ba6d96f1ee0c432ccc52a1
    Reviewed-on: https://gerrit.libreoffice.org/c/core/+/124758
    Tested-by: Jenkins
    Reviewed-by: Michael Stahl <michael.st...@allotropia.de>
    (cherry picked from commit 1289125532a029dc80e4ee3d0a49dca253f51888)
    Reviewed-on: https://gerrit.libreoffice.org/c/core/+/124762
    Reviewed-by: Caolán McNamara <caol...@redhat.com>

diff --git a/download.lst b/download.lst
index 34bb426c8021..23acc03b2b65 100644
--- a/download.lst
+++ b/download.lst
@@ -18,8 +18,8 @@ export BREAKPAD_SHA256SUM := 
c44a2e898895cfc13b42d2371ba4b88b0777d7782214d6cdc91
 export BREAKPAD_TARBALL := 
breakpad-b324760c7f53667af128a6b77b790323da04fcb9.tar.xz
 export BSH_SHA256SUM := 
9e93c73e23aff644b17dfff656444474c14150e7f3b38b19635e622235e01c96
 export BSH_TARBALL := beeca87be45ec87d241ddd0e1bad80c1-bsh-2.0b6-src.zip
-export BZIP2_SHA256SUM := 
a2848f34fcd5d6cf47def00461fcb528a0484d8edef8208d6d2e2909dc61d9cd
-export BZIP2_TARBALL := 00b516f4704d4a7cb50a1d97e6e8e15b-bzip2-1.0.6.tar.gz
+export BZIP2_SHA256SUM := 
ab5a03176ee106d3f0fa90e381da478ddae405918153cca248e682cd0c4a2269
+export BZIP2_TARBALL := bzip2-1.0.8.tar.gz
 export CAIRO_SHA256SUM := 
5e7b29b3f113ef870d1e3ecf8adf21f923396401604bda16d44be45e66052331
 export CAIRO_VERSION_MICRO := 0
 export CAIRO_TARBALL := cairo-1.16.$(CAIRO_VERSION_MICRO).tar.xz

Reply via email to