Attachment 885078 Details for Bug 1031740 – apply the CVE fixes from the libjpeg-turbo package

[patch] apply the CVE fixes from the libjpeg-turbo package

0001-Apply-fixes-for-CVE-2013-6629-and-CVE-2013-6630-1031.patch (text/plain), 3.12 KB, created by David King on 2014-04-10 18:43:16 UTC

(hide)

Description:

Filename:

MIME Type:

Creator: David King

Created: 2014-04-10 18:43:16 UTC

Size: 3.12 KB

patch

obsolete

>From cc3c07ef37db851ab3baf0e89b282ccbfc3b77bc Mon Sep 17 00:00:00 2001
>From: David King <amigadave@amigadave.com>
>Date: Thu, 10 Apr 2014 19:38:50 +0100
>Subject: [PATCH] Apply fixes for CVE-2013-6629 and CVE-2013-6630 (#1031740)
>
>---
> libjpeg-turbo-CVE-2013-6629.patch | 17 +++++++++++++++++
> libjpeg-turbo-CVE-2013-6630.patch | 12 ++++++++++++
> mingw-libjpeg-turbo.spec          | 10 +++++++++-
> 3 files changed, 38 insertions(+), 1 deletion(-)
> create mode 100644 libjpeg-turbo-CVE-2013-6629.patch
> create mode 100644 libjpeg-turbo-CVE-2013-6630.patch
>
>diff --git a/libjpeg-turbo-CVE-2013-6629.patch b/libjpeg-turbo-CVE-2013-6629.patch
>new file mode 100644
>index 0000000..1ee5fbe
>--- /dev/null
>+++ b/libjpeg-turbo-CVE-2013-6629.patch
>@@ -0,0 +1,17 @@
>+diff --git a/jdmarker.c b/jdmarker.c
>+index 77f7274..7b4c12d 100644
>+--- a/jdmarker.c
>++++ b/jdmarker.c
>+@@ -348,6 +348,12 @@ get_sos (j_decompress_ptr cinfo)
>+     
>+     TRACEMS3(cinfo, 1, JTRC_SOS_COMPONENT, cc,
>+ 	     compptr->dc_tbl_no, compptr->ac_tbl_no);
>++
>++    /* This CSi (cc) should differ from the previous CSi */
>++    for (ci = 0; ci < i; ci++) {
>++      if (cinfo->cur_comp_info[ci] == compptr)
>++        ERREXIT1(cinfo, JERR_BAD_COMPONENT_ID, cc);
>++    }
>+   }
>+ 
>+   /* Collect the additional scan parameters Ss, Se, Ah/Al. */
>diff --git a/libjpeg-turbo-CVE-2013-6630.patch b/libjpeg-turbo-CVE-2013-6630.patch
>new file mode 100644
>index 0000000..a398278
>--- /dev/null
>+++ b/libjpeg-turbo-CVE-2013-6630.patch
>@@ -0,0 +1,12 @@
>+diff --git a/jdmarker.c b/jdmarker.c
>+index 7b4c12d..381835b 100644
>+--- a/jdmarker.c
>++++ b/jdmarker.c
>+@@ -471,6 +471,7 @@ get_dht (j_decompress_ptr cinfo)
>+     for (i = 0; i < count; i++)
>+       INPUT_BYTE(cinfo, huffval[i], return FALSE);
>+ 
>++    MEMZERO(&huffval[count], (256 - count) * SIZEOF(UINT8));
>+     length -= count;
>+ 
>+     if (index & 0x10) {		/* AC table definition */
>diff --git a/mingw-libjpeg-turbo.spec b/mingw-libjpeg-turbo.spec
>index 00cfb85..27c63d5 100644
>--- a/mingw-libjpeg-turbo.spec
>+++ b/mingw-libjpeg-turbo.spec
>@@ -6,7 +6,7 @@
> 
> Name:           mingw-libjpeg-turbo
> Version:        1.3.0
>-Release:        1%{?dist}
>+Release:        2%{?dist}
> Summary:        MinGW Windows Libjpeg-turbo library
> 
> License:        wxWidgets
>@@ -18,6 +18,9 @@ Source0:        http://downloads.sourceforge.net/libjpeg-turbo/libjpeg-turbo-%{v
> # https://bugzilla.redhat.com/show_bug.cgi?id=843193
> Patch0:         libjpeg-turbo-match-autoconf-behavior.patch
> 
>+Patch1:         libjpeg-turbo-CVE-2013-6629.patch
>+Patch2:         libjpeg-turbo-CVE-2013-6630.patch
>+
> BuildArch:      noarch
> 
> BuildRequires:  mingw32-filesystem >= 95
>@@ -80,6 +83,8 @@ Static version of the MinGW Windows cross compiled Libjpeg-turbo library.
> %prep
> %setup -q -n libjpeg-turbo-%{version}
> %patch0 -p1
>+%patch1 -p1
>+%patch2 -p1
> 
> 
> %build
>@@ -150,6 +155,9 @@ chmod -x README-turbo.txt
> 
> 
> %changelog
>+* Thu Apr 10 2014 David King <amigadave@amigadave.com> - 1.3.0-2
>+- Apply fixes for CVE-2013-6629 and CVE-2013-6630 (#1031740)
>+
> * Sat Aug  3 2013 Erik van Pienbroek <epienbro@fedoraproject.org> - 1.3.0-1
> - Update to 1.3.0
> - Make jconfig.h more autoconf friendly (RHBZ #843193)
>-- 
>1.9.0
>

Actions: View | Diff

Attachments on bug 1031740: 885078