import libjpeg-turbo-2.0.90-5.el9
This commit is contained in:
CentOS Sources
Stepan Oksanichenko
parent
9d9db6fd14
commit
a51fbe6221
41
SOURCES/libjpeg-turbo-CVE-2021-37972.patch
Normal file
41
SOURCES/libjpeg-turbo-CVE-2021-37972.patch
Normal file
@ -0,0 +1,41 @@
|
||||
From 1057a4a2d00b7d30cd7e827f577ee2ee640f508a Mon Sep 17 00:00:00 2001
|
||||
From: DRC <information@libjpeg-turbo.org>
|
||||
Date: Fri, 6 Aug 2021 13:41:15 -0500
|
||||
Subject: [PATCH] SSE2/64-bit: Fix trans. segfault w/ malformed JPEG
|
||||
|
||||
Attempting to losslessly transform certain malformed JPEG images can
|
||||
cause the nbits table index in the Huffman encoder to exceed 32768, so
|
||||
we need to pad the SSE2 implementation of that table to 65536 entries as
|
||||
we do with the C implementation.
|
||||
|
||||
Regression introduced by 087c29e07f7533ec82fd7eb1dafc84c29e7870ec
|
||||
|
||||
Fixes #543
|
||||
---
|
||||
simd/x86_64/jchuff-sse2.asm | 3 ++-
|
||||
1 file changed, 2 insertions(+), 1 deletion(-)
|
||||
|
||||
diff --git a/simd/x86_64/jchuff-sse2.asm b/simd/x86_64/jchuff-sse2.asm
|
||||
index 1770a84..7e5ca30 100644
|
||||
--- a/simd/x86_64/jchuff-sse2.asm
|
||||
+++ b/simd/x86_64/jchuff-sse2.asm
|
||||
@@ -1,7 +1,7 @@
|
||||
;
|
||||
; jchuff-sse2.asm - Huffman entropy encoding (64-bit SSE2)
|
||||
;
|
||||
-; Copyright (C) 2009-2011, 2014-2016, 2019, D. R. Commander.
|
||||
+; Copyright (C) 2009-2011, 2014-2016, 2019, 2021, D. R. Commander.
|
||||
; Copyright (C) 2015, Matthieu Darbois.
|
||||
; Copyright (C) 2018, Matthias Räncker.
|
||||
;
|
||||
@@ -83,6 +83,7 @@ times 1 << 11 db 12
|
||||
times 1 << 12 db 13
|
||||
times 1 << 13 db 14
|
||||
times 1 << 14 db 15
|
||||
+times 1 << 15 db 16
|
||||
|
||||
alignz 32
|
||||
|
||||
--
|
||||
2.32.0
|
||||
|
||||
@ -1,6 +1,6 @@
|
||||
Name: libjpeg-turbo
|
||||
Version: 2.0.90
|
||||
Release: 4%{?dist}
|
||||
Release: 5%{?dist}
|
||||
Summary: A MMX/SSE2/SIMD accelerated library for manipulating JPEG image files
|
||||
License: IJG
|
||||
URL: http://sourceforge.net/projects/libjpeg-turbo
|
||||
@ -9,6 +9,7 @@ Source0: http://downloads.sourceforge.net/%{name}/%{name}-%{version}.tar.
|
||||
Patch0: libjpeg-turbo-cmake.patch
|
||||
Patch1: libjpeg-turbo-CET.patch
|
||||
Patch3: libjpeg-turbo-CVE-2021-20205.patch
|
||||
Patch4: libjpeg-turbo-CVE-2021-37972.patch
|
||||
|
||||
BuildRequires: gcc
|
||||
BuildRequires: cmake
|
||||
@ -180,6 +181,9 @@ export LD_LIBRARY_PATH=%{buildroot}%{_libdir}
|
||||
%{_libdir}/pkgconfig/libturbojpeg.pc
|
||||
|
||||
%changelog
|
||||
* Sat Sep 25 2021 Nikola Forró <nforro@redhat.com> - 2.0.90-5
|
||||
- Fix CVE-2021-37972 (#2007679)
|
||||
|
||||
* Mon Aug 09 2021 Mohan Boddu <mboddu@redhat.com> - 2.0.90-4
|
||||
- Rebuilt for IMA sigs, glibc 2.34, aarch64 flags
|
||||
Related: rhbz#1991688
|
||||
|
||||
Loading…
Reference in New Issue
Block a user