Hello community, here is the log from the commit of package libjpeg-turbo for openSUSE:Factory checked in at 2018-06-22 13:16:26 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/libjpeg-turbo (Old) and /work/SRC/openSUSE:Factory/.libjpeg-turbo.new (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "libjpeg-turbo" Fri Jun 22 13:16:26 2018 rev:39 rq:617768 version:unknown Changes: -------- --- /work/SRC/openSUSE:Factory/libjpeg-turbo/libjpeg-turbo.changes 2017-12-23 12:18:07.911546053 +0100 +++ /work/SRC/openSUSE:Factory/.libjpeg-turbo.new/libjpeg-turbo.changes 2018-06-22 13:16:29.216582154 +0200 @@ -1,0 +2,16 @@ +Tue Jun 19 13:40:32 UTC 2018 - pgaj...@suse.com + +- security update: + * CVE-2018-1152 [bsc#1098155] + + libjpeg-turbo-CVE-2018-1152.patch + +------------------------------------------------------------------- +Tue Jun 12 13:34:11 UTC 2018 - pgaj...@suse.com + +- security update: + * CVE-2018-11813 [bsc#1096209] + + libjpeg-turbo-CVE-2018-11813.patch + * remove redundant libjpeg-turbo-CVE-2017-15232.patch + [bsc#1062937#c17] + +------------------------------------------------------------------- --- /work/SRC/openSUSE:Factory/libjpeg-turbo/libjpeg62-turbo.changes 2017-12-23 12:18:07.947544298 +0100 +++ /work/SRC/openSUSE:Factory/.libjpeg-turbo.new/libjpeg62-turbo.changes 2018-06-22 13:16:29.248580967 +0200 @@ -1,0 +2,16 @@ +Tue Jun 19 13:45:31 UTC 2018 - pgaj...@suse.com + +- security update: + * CVE-2018-1152 [bsc#1098155] + + libjpeg-turbo-CVE-2018-1152.patch + +------------------------------------------------------------------- +Tue Jun 12 13:34:11 UTC 2018 - pgaj...@suse.com + +- security update: + * CVE-2018-11813 [bsc#1096209] + + libjpeg-turbo-CVE-2018-11813.patch + * remove redundant libjpeg-turbo-CVE-2017-15232.patch + [bsc#1062937#c17] + +------------------------------------------------------------------- Old: ---- libjpeg-turbo-CVE-2017-15232.patch New: ---- libjpeg-turbo-CVE-2018-1152.patch libjpeg-turbo-CVE-2018-11813.patch ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ libjpeg-turbo.spec ++++++ --- /var/tmp/diff_new_pack.gg8dVF/_old 2018-06-22 13:16:30.196545816 +0200 +++ /var/tmp/diff_new_pack.gg8dVF/_new 2018-06-22 13:16:30.200545667 +0200 @@ -1,7 +1,7 @@ # # spec file for package libjpeg-turbo # -# Copyright (c) 2017 SUSE LINUX GmbH, Nuernberg, Germany. +# Copyright (c) 2018 SUSE LINUX GmbH, Nuernberg, Germany. # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed @@ -37,7 +37,8 @@ Source1: baselibs.conf Patch1: libjpeg-turbo-1.3.0-tiff-ojpeg.patch Patch2: libjpeg-1.4.0-ocloexec.patch -Patch3: libjpeg-turbo-CVE-2017-15232.patch +Patch3: libjpeg-turbo-CVE-2018-11813.patch +Patch4: libjpeg-turbo-CVE-2018-1152.patch BuildRequires: gcc-c++ BuildRequires: libtool BuildRequires: pkgconfig @@ -110,6 +111,7 @@ %patch1 %patch2 %patch3 -p1 +%patch4 -p1 %build export LDFLAGS="-Wl,-z,relro,-z,now" ++++++ libjpeg62-turbo.spec ++++++ --- /var/tmp/diff_new_pack.gg8dVF/_old 2018-06-22 13:16:30.220544926 +0200 +++ /var/tmp/diff_new_pack.gg8dVF/_new 2018-06-22 13:16:30.224544778 +0200 @@ -1,7 +1,7 @@ # # spec file for package libjpeg62-turbo # -# Copyright (c) 2017 SUSE LINUX GmbH, Nuernberg, Germany. +# Copyright (c) 2018 SUSE LINUX GmbH, Nuernberg, Germany. # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed @@ -33,7 +33,8 @@ Source1: baselibs.conf Patch1: libjpeg-turbo-1.3.0-tiff-ojpeg.patch Patch2: libjpeg-1.4.0-ocloexec.patch -Patch3: libjpeg-turbo-CVE-2017-15232.patch +Patch3: libjpeg-turbo-CVE-2018-11813.patch +Patch4: libjpeg-turbo-CVE-2018-1152.patch BuildRequires: gcc-c++ BuildRequires: libtool BuildRequires: pkgconfig @@ -86,6 +87,7 @@ %patch1 %patch2 %patch3 -p1 +%patch4 -p1 %build export LDFLAGS="-Wl,-z,relro,-z,now" ++++++ libjpeg-turbo-CVE-2017-15232.patch -> libjpeg-turbo-CVE-2018-1152.patch ++++++ --- /work/SRC/openSUSE:Factory/libjpeg-turbo/libjpeg-turbo-CVE-2017-15232.patch 2017-10-18 12:50:22.503520035 +0200 +++ /work/SRC/openSUSE:Factory/.libjpeg-turbo.new/libjpeg-turbo-CVE-2018-1152.patch 2018-06-22 13:16:29.084587048 +0200 @@ -1,43 +1,17 @@ -Index: libjpeg-turbo-1.5.2/jdpostct.c +Index: libjpeg-turbo-1.5.3/rdbmp.c =================================================================== ---- libjpeg-turbo-1.5.2.orig/jdpostct.c 2017-07-07 22:31:10.000000000 +0200 -+++ libjpeg-turbo-1.5.2/jdpostct.c 2017-10-12 13:02:48.572975302 +0200 -@@ -132,6 +132,11 @@ post_process_1pass (j_decompress_ptr cin - my_post_ptr post = (my_post_ptr) cinfo->post; - JDIMENSION num_rows, max_rows; - -+ /* read_and_discard_scanlines may call it with rows "available", but no buffer */ -+ if (output_buf == NULL) { -+ return; -+ } -+ - /* Fill the buffer, but not more than what we can dump out in one go. */ - /* Note we rely on the upsampler to detect bottom of image. */ - max_rows = out_rows_avail - *out_row_ctr; -Index: libjpeg-turbo-1.5.2/jquant1.c -=================================================================== ---- libjpeg-turbo-1.5.2.orig/jquant1.c 2017-07-07 22:31:10.000000000 +0200 -+++ libjpeg-turbo-1.5.2/jquant1.c 2017-10-12 13:02:48.572975302 +0200 -@@ -531,6 +531,10 @@ quantize_ord_dither (j_decompress_ptr ci - JDIMENSION col; - JDIMENSION width = cinfo->output_width; - -+ if (output_buf == NULL && num_rows) { -+ ERREXIT(cinfo, JERR_BAD_PARAM); -+ } -+ - for (row = 0; row < num_rows; row++) { - /* Initialize output values to 0 so can process components separately */ - jzero_far((void *) output_buf[row], (size_t) (width * sizeof(JSAMPLE))); -Index: libjpeg-turbo-1.5.2/jerror.h -=================================================================== ---- libjpeg-turbo-1.5.2.orig/jerror.h 2017-07-07 22:31:10.000000000 +0200 -+++ libjpeg-turbo-1.5.2/jerror.h 2017-10-12 13:24:01.349954012 +0200 -@@ -208,6 +208,7 @@ JMESSAGE(JERR_NO_ARITH_TABLE, "Arithmeti - JMESSAGE(JWRN_ARITH_BAD_CODE, "Corrupt JPEG data: bad arithmetic code") - #endif - #endif -+JMESSAGE(JERR_BAD_PARAM, "Bogus parameter") - - #ifdef JMAKE_ENUM_LIST +--- libjpeg-turbo-1.5.3.orig/rdbmp.c ++++ libjpeg-turbo-1.5.3/rdbmp.c +@@ -434,6 +434,12 @@ start_input_bmp (j_compress_ptr cinfo, c + progress->total_extra_passes++; /* count file input as separate pass */ + } ++ /* Ensure that biWidth * cinfo->input_components doesn't exceed the maximum ++ value of the JDIMENSION type. This is only a danger with BMP files, since ++ their width and height fields are 32-bit integers. */ ++ if ((unsigned long long)biWidth * ++ (unsigned long long)cinfo->input_components > 0xFFFFFFFFULL) ++ ERREXIT(cinfo, JERR_WIDTH_OVERFLOW); + /* Allocate one-row buffer for returned data */ + source->pub.buffer = (*cinfo->mem->alloc_sarray) + ((j_common_ptr) cinfo, JPOOL_IMAGE, ++++++ libjpeg-turbo-CVE-2017-15232.patch -> libjpeg-turbo-CVE-2018-11813.patch ++++++ --- /work/SRC/openSUSE:Factory/libjpeg-turbo/libjpeg-turbo-CVE-2017-15232.patch 2017-10-18 12:50:22.503520035 +0200 +++ /work/SRC/openSUSE:Factory/.libjpeg-turbo.new/libjpeg-turbo-CVE-2018-11813.patch 2018-06-22 13:16:29.200582747 +0200 @@ -1,43 +1,34 @@ -Index: libjpeg-turbo-1.5.2/jdpostct.c +Index: libjpeg-turbo-1.5.3/rdtarga.c =================================================================== ---- libjpeg-turbo-1.5.2.orig/jdpostct.c 2017-07-07 22:31:10.000000000 +0200 -+++ libjpeg-turbo-1.5.2/jdpostct.c 2017-10-12 13:02:48.572975302 +0200 -@@ -132,6 +132,11 @@ post_process_1pass (j_decompress_ptr cin - my_post_ptr post = (my_post_ptr) cinfo->post; - JDIMENSION num_rows, max_rows; +--- libjpeg-turbo-1.5.3.orig/rdtarga.c 2017-12-14 05:39:01.000000000 +0100 ++++ libjpeg-turbo-1.5.3/rdtarga.c 2018-06-13 09:32:33.927652164 +0200 +@@ -125,11 +125,10 @@ METHODDEF(void) + read_non_rle_pixel (tga_source_ptr sinfo) + /* Read one Targa pixel from the input file; no RLE expansion */ + { +- register FILE *infile = sinfo->pub.input_file; + register int i; -+ /* read_and_discard_scanlines may call it with rows "available", but no buffer */ -+ if (output_buf == NULL) { -+ return; -+ } -+ - /* Fill the buffer, but not more than what we can dump out in one go. */ - /* Note we rely on the upsampler to detect bottom of image. */ - max_rows = out_rows_avail - *out_row_ctr; -Index: libjpeg-turbo-1.5.2/jquant1.c -=================================================================== ---- libjpeg-turbo-1.5.2.orig/jquant1.c 2017-07-07 22:31:10.000000000 +0200 -+++ libjpeg-turbo-1.5.2/jquant1.c 2017-10-12 13:02:48.572975302 +0200 -@@ -531,6 +531,10 @@ quantize_ord_dither (j_decompress_ptr ci - JDIMENSION col; - JDIMENSION width = cinfo->output_width; + for (i = 0; i < sinfo->pixel_size; i++) { +- sinfo->tga_pixel[i] = (U_CHAR) getc(infile); ++ sinfo->tga_pixel[i] = (U_CHAR)read_byte(sinfo); + } + } -+ if (output_buf == NULL && num_rows) { -+ ERREXIT(cinfo, JERR_BAD_PARAM); -+ } -+ - for (row = 0; row < num_rows; row++) { - /* Initialize output values to 0 so can process components separately */ - jzero_far((void *) output_buf[row], (size_t) (width * sizeof(JSAMPLE))); -Index: libjpeg-turbo-1.5.2/jerror.h -=================================================================== ---- libjpeg-turbo-1.5.2.orig/jerror.h 2017-07-07 22:31:10.000000000 +0200 -+++ libjpeg-turbo-1.5.2/jerror.h 2017-10-12 13:24:01.349954012 +0200 -@@ -208,6 +208,7 @@ JMESSAGE(JERR_NO_ARITH_TABLE, "Arithmeti - JMESSAGE(JWRN_ARITH_BAD_CODE, "Corrupt JPEG data: bad arithmetic code") - #endif - #endif -+JMESSAGE(JERR_BAD_PARAM, "Bogus parameter") +@@ -138,7 +137,6 @@ METHODDEF(void) + read_rle_pixel (tga_source_ptr sinfo) + /* Read one Targa pixel from the input file, expanding RLE data as needed */ + { +- register FILE *infile = sinfo->pub.input_file; + register int i; + + /* Duplicate previously read pixel? */ +@@ -160,7 +158,7 @@ read_rle_pixel (tga_source_ptr sinfo) - #ifdef JMAKE_ENUM_LIST + /* Read next pixel */ + for (i = 0; i < sinfo->pixel_size; i++) { +- sinfo->tga_pixel[i] = (U_CHAR) getc(infile); ++ sinfo->tga_pixel[i] = (U_CHAR)read_byte(sinfo); + } + }