rpms/libjpeg-turbo
5
0
Fork 0
Code Issues Pull Requests Releases Activity

import UBI libjpeg-turbo-2.0.90-7.el9

Browse Source
This commit is contained in:
eabdullin 2024-04-30 15:27:45 +00:00
parent bf189a3951
commit e95bb34380
2 changed files with 62 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

56
SOURCES/libjpeg-turbo-2.0.90-cve-2021-29390.patch Normal file
View File

@ -0,0 +1,56 @@
From caf7c8978025eb0cc307bfeffdad46a16d47dad9 Mon Sep 17 00:00:00 2001
From: DRC <information@libjpeg-turbo.org>
Date: Wed, 25 Nov 2020 14:55:55 -0600
Subject: [PATCH] Fix buffer overrun with certain narrow prog JPEGs
Regression introduced by 6d91e950c871103a11bac2f10c63bf998796c719
last_block_column in decompress_smooth_data() can be 0 if, for instance,
decompressing a 4:4:4 image of width 8 or less or a 4:2:2 or 4:2:0 image
of width 16 or less. Since last_block_column is an unsigned int,
subtracting 1 from it produced 0xFFFFFFFF, the test in line 590 passed,
and we attempted to access blocks from a second block column that didn't
actually exist.
Closes #476
(cherry picked from commit ccaba5d7894ecfb5a8f11e48d3f86e1f14d5a469)
---
ChangeLog.md | 10 ++++++++++
jdcoefct.c | 2 +-
2 files changed, 11 insertions(+), 1 deletion(-)
diff --git a/ChangeLog.md b/ChangeLog.md
index 6eb06f0e..9084bee0 100644
--- a/ChangeLog.md
+++ b/ChangeLog.md
@@ -1,3 +1,13 @@
+2.1 post-beta
+=============
+
+### Significant changes relative to 2.1 beta1
+
+1. Fixed a regression introduced by 2.1 beta1[6(b)] whereby attempting to
+decompress certain progressive JPEG images with one or more component planes of
+width 8 or less caused a buffer overrun.
+
+
2.0.90 (2.1 beta1)
==================
diff --git a/jdcoefct.c b/jdcoefct.c
index 699a4809..a3c6d4e8 100644
--- a/jdcoefct.c
+++ b/jdcoefct.c
@@ -587,7 +587,7 @@ decompress_smooth_data(j_decompress_ptr cinfo, JSAMPIMAGE output_buf)
DC19 = (int)next_block_row[1][0];
DC24 = (int)next_next_block_row[1][0];
}
- if (block_num < last_block_column - 1) {
+ if (block_num + 1 < last_block_column) {
DC05 = (int)prev_prev_block_row[2][0];
DC10 = (int)prev_block_row[2][0];
DC15 = (int)buffer_ptr[2][0];
--
2.41.0

8
SPECS/libjpeg-turbo.spec
View File

@ -1,6 +1,6 @@
Name: libjpeg-turbo Name: libjpeg-turbo
Version: 2.0.90 Version: 2.0.90
Release: 6%{?dist} Release: 7%{?dist}
Summary: A MMX/SSE2/SIMD accelerated library for manipulating JPEG image files Summary: A MMX/SSE2/SIMD accelerated library for manipulating JPEG image files
License: IJG License: IJG
URL: http://sourceforge.net/projects/libjpeg-turbo URL: http://sourceforge.net/projects/libjpeg-turbo
@ -11,6 +11,7 @@ Patch1: libjpeg-turbo-CET.patch
Patch3: libjpeg-turbo-CVE-2021-20205.patch Patch3: libjpeg-turbo-CVE-2021-20205.patch
Patch4: libjpeg-turbo-CVE-2021-37972.patch Patch4: libjpeg-turbo-CVE-2021-37972.patch
Patch5: libjpeg-turbo-CVE-2021-46822.patch Patch5: libjpeg-turbo-CVE-2021-46822.patch
Patch6: libjpeg-turbo-2.0.90-cve-2021-29390.patch
BuildRequires: gcc BuildRequires: gcc
BuildRequires: cmake BuildRequires: cmake
@ -86,7 +87,6 @@ export LDFLAGS="$RPM_LD_FLAGS -Wl,-z,ibt -Wl,-z,shstk"
-DFLOATTEST:STRING="fp-contract" \ -DFLOATTEST:STRING="fp-contract" \
%endif %endif
-DENABLE_STATIC:BOOL=NO -DENABLE_STATIC:BOOL=NO
%cmake_build %cmake_build
%install %install
@ -182,6 +182,10 @@ export LD_LIBRARY_PATH=%{buildroot}%{_libdir}
%{_libdir}/pkgconfig/libturbojpeg.pc %{_libdir}/pkgconfig/libturbojpeg.pc
%changelog %changelog
* Tue Jan 09 2024 Matej Mužila <mmuzila@redhat.com> - 2.0.90.7
- Fix CVE-2021-29390
- Resolves: RHEL-5413
* Thu Jul 21 2022 Matej Mužila <mmuzila@redhat.com> - 2.0.90-6 * Thu Jul 21 2022 Matej Mužila <mmuzila@redhat.com> - 2.0.90-6
- Fix CVE-2021-46822 - Fix CVE-2021-46822
- Resolves: CVE-2021-46822 - Resolves: CVE-2021-46822