Fix CVE-2014-9092 (RHBZ #1169851 #1169853)

2014-12-22 17:23:44 +01:00 · 2014-12-22 17:23:44 +01:00 · e968c5631e
commit e968c5631e
parent 8f63a1adb4
3 changed files with 68 additions and 1 deletions
--- a/libjpeg-turbo-commit-1365.patch
+++ b/libjpeg-turbo-commit-1365.patch
@ -0,0 +1,29 @@
+--- a/jchuff.c
+++ b/jchuff.c
+@@ -4,7 +4,7 @@
+  * This file was part of the Independent JPEG Group's software:
+  * Copyright (C) 1991-1997, Thomas G. Lane.
+  * libjpeg-turbo Modifications:
+- * Copyright (C) 2009-2011, D. R. Commander.
+ * Copyright (C) 2009-2011, 2014 D. R. Commander.
+  * For conditions of distribution and use, see the accompanying README file.
+  *
+  * This file contains Huffman entropy encoding routines.
+@@ -426,7 +426,7 @@
+ LOCAL(boolean)
+ flush_bits (working_state * state)
+ {
+-  JOCTET _buffer[BUFSIZE], *buffer;
+  JOCTET _buffer[BUFSIZE + 8], *buffer;
+   size_t put_buffer;  int put_bits;
+   size_t bytes, bytestocopy;  int localbuf = 0;
+ 
+@@ -455,7 +455,7 @@
+   int temp, temp2, temp3;
+   int nbits;
+   int r, code, size;
+-  JOCTET _buffer[BUFSIZE], *buffer;
+  JOCTET _buffer[BUFSIZE + 8], *buffer;
+   size_t put_buffer;  int put_bits;
+   int code_0xf0 = actbl->ehufco[0xf0], size_0xf0 = actbl->ehufsi[0xf0];
+   size_t bytes, bytestocopy;  int localbuf = 0;
--- a/libjpeg-turbo-commit-1367.patch
+++ b/libjpeg-turbo-commit-1367.patch
@ -0,0 +1,29 @@
+--- a/jchuff.c
+++ b/jchuff.c
+@@ -408,7 +408,7 @@
+ #endif
+ 
+ 
+-#define BUFSIZE (DCTSIZE2 * 2)
+#define BUFSIZE (DCTSIZE2 * 2) + 8
+ 
+ #define LOAD_BUFFER() { \
+   if (state->free_in_buffer < BUFSIZE) { \
+@@ -443,7 +443,7 @@
+ LOCAL(boolean)
+ flush_bits (working_state * state)
+ {
+-  JOCTET _buffer[BUFSIZE + 8], *buffer;
+  JOCTET _buffer[BUFSIZE], *buffer;
+   size_t put_buffer;  int put_bits;
+   size_t bytes, bytestocopy;  int localbuf = 0;
+ 
+@@ -472,7 +472,7 @@
+   int temp, temp2, temp3;
+   int nbits;
+   int r, code, size;
+-  JOCTET _buffer[BUFSIZE + 8], *buffer;
+  JOCTET _buffer[BUFSIZE], *buffer;
+   size_t put_buffer;  int put_bits;
+   int code_0xf0 = actbl->ehufco[0xf0], size_0xf0 = actbl->ehufsi[0xf0];
+   size_t bytes, bytestocopy;  int localbuf = 0;
--- a/mingw-libjpeg-turbo.spec
+++ b/mingw-libjpeg-turbo.spec
@ -6,7 +6,7 @@

 Name:           mingw-libjpeg-turbo
 Version:        1.3.1
-Release:        3%{?dist}
+Release:        4%{?dist}
 Summary:        MinGW Windows Libjpeg-turbo library

 License:        wxWidgets
@ -21,6 +21,10 @@ Patch0:         libjpeg-turbo-match-autoconf-behavior.patch
 # Fix compatibility with older CMake versions (as used on RHEL7)
 Patch1:         libjpeg-turbo-r1237.patch

+# Fix CVE-2014-9092 (RHBZ #1169851 #1169853)
+Patch2:         libjpeg-turbo-commit-1365.patch
+Patch3:         libjpeg-turbo-commit-1367.patch
+
 BuildArch:      noarch

 BuildRequires:  mingw32-filesystem >= 95
@ -84,6 +88,8 @@ Static version of the MinGW Windows cross compiled Libjpeg-turbo library.
 %setup -q -n libjpeg-turbo-%{version}
 %patch0 -p1
 %patch1 -p1
+%patch2 -p1
+%patch3 -p1


 %build
@ -154,6 +160,9 @@ chmod -x README-turbo.txt


 %changelog
+* Mon Dec 22 2014 Erik van Pienbroek <epienbro@fedoraproject.org> - 1.3.1-4
+- Fix CVE-2014-9092 (RHBZ #1169851 #1169853)
+
 * Sat Jun 07 2014 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 1.3.1-3
 - Rebuilt for https://fedoraproject.org/wiki/Fedora_21_Mass_Rebuild