rpms/mingw-libjpeg-turbo
7
0
Fork 0
Code Issues Pull Requests Releases Activity

Backport patch for CVE-2021-20205

Browse Source
This commit is contained in:
Sandro Mani 2021-04-12 10:21:18 +02:00
parent e880d53e50
commit eba9d4c993
3 changed files with 83 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

72
CVE-2021-20205.patch Normal file
View File

@ -0,0 +1,72 @@
diff -rupN --no-dereference libjpeg-turbo-2.0.90/cderror.h libjpeg-turbo-2.0.90-new/cderror.h
--- libjpeg-turbo-2.0.90/cderror.h 2020-11-25 04:56:19.000000000 +0100
+++ libjpeg-turbo-2.0.90-new/cderror.h 2021-04-12 10:20:58.463111547 +0200
@@ -1,9 +1,11 @@
/*
* cderror.h
*
+ * This file was part of the Independent JPEG Group's software:
* Copyright (C) 1994-1997, Thomas G. Lane.
* Modified 2009-2017 by Guido Vollbeding.
- * This file is part of the Independent JPEG Group's software.
+ * libjpeg-turbo Modifications:
+ * Copyright (C) 2021, D. R. Commander.
* For conditions of distribution and use, see the accompanying README.ijg
* file.
*
@@ -60,6 +62,7 @@ JMESSAGE(JTRC_BMP_OS2_MAPPED, "%ux%u 8-b
JMESSAGE(JERR_GIF_BUG, "GIF output got confused")
JMESSAGE(JERR_GIF_CODESIZE, "Bogus GIF codesize %d")
JMESSAGE(JERR_GIF_COLORSPACE, "GIF output must be grayscale or RGB")
+JMESSAGE(JERR_GIF_EMPTY, "Empty GIF image")
JMESSAGE(JERR_GIF_IMAGENOTFOUND, "Too few images in GIF file")
JMESSAGE(JERR_GIF_NOT, "Not a GIF file")
JMESSAGE(JTRC_GIF, "%ux%ux%d GIF image")
diff -rupN --no-dereference libjpeg-turbo-2.0.90/ChangeLog.md libjpeg-turbo-2.0.90-new/ChangeLog.md
--- libjpeg-turbo-2.0.90/ChangeLog.md 2020-11-25 04:56:19.000000000 +0100
+++ libjpeg-turbo-2.0.90-new/ChangeLog.md 2021-04-12 10:20:58.463111547 +0200
@@ -140,6 +140,10 @@ been reverted.
15. The build system can now be used to generate a universal x86-64 + Armv8
libjpeg-turbo SDK package for both iOS and macOS.
+4. Fixed a floating point exception that occurred when attempting to compress a
+specially-crafted malformed GIF image with a specified image width of 0 using
+cjpeg.
+
2.0.6
=====
diff -rupN --no-dereference libjpeg-turbo-2.0.90/rdgif.c libjpeg-turbo-2.0.90-new/rdgif.c
--- libjpeg-turbo-2.0.90/rdgif.c 2020-11-25 04:56:19.000000000 +0100
+++ libjpeg-turbo-2.0.90-new/rdgif.c 2021-04-12 10:20:58.463111547 +0200
@@ -1,9 +1,11 @@
/*
* rdgif.c
*
+ * This file was part of the Independent JPEG Group's software:
* Copyright (C) 1991-1997, Thomas G. Lane.
* Modified 2019 by Guido Vollbeding.
- * This file is part of the Independent JPEG Group's software.
+ * libjpeg-turbo Modifications:
+ * Copyright (C) 2021, D. R. Commander.
* For conditions of distribution and use, see the accompanying README.ijg
* file.
*
@@ -404,6 +406,8 @@ start_input_gif(j_compress_ptr cinfo, cj
ERREXIT(cinfo, JERR_INPUT_EOF);
width = LM_to_uint(hdrbuf, 0);
height = LM_to_uint(hdrbuf, 2);
+ if (width == 0 || height == 0)
+ ERREXIT(cinfo, JERR_GIF_EMPTY);
/* we ignore the color resolution, sort flag, and background color index */
aspectRatio = UCH(hdrbuf[6]);
if (aspectRatio != 0 && aspectRatio != 49)
@@ -446,6 +450,8 @@ start_input_gif(j_compress_ptr cinfo, cj
/* we ignore top/left position info, also sort flag */
width = LM_to_uint(hdrbuf, 4);
height = LM_to_uint(hdrbuf, 6);
+ if (width == 0 || height == 0)
+ ERREXIT(cinfo, JERR_GIF_EMPTY);
source->is_interlaced = (BitSet(hdrbuf[8], INTERLACE) != 0);
/* Read local colormap if header indicates it is present */

2
libjpeg-turbo-match-autoconf-behavior.patch
View File

@ -1,6 +1,6 @@
diff -rupN --no-dereference libjpeg-turbo-2.0.90/win/jconfig.h.in libjpeg-turbo-2.0.90-new/win/jconfig.h.in diff -rupN --no-dereference libjpeg-turbo-2.0.90/win/jconfig.h.in libjpeg-turbo-2.0.90-new/win/jconfig.h.in
--- libjpeg-turbo-2.0.90/win/jconfig.h.in 2020-11-25 04:56:19.000000000 +0100 --- libjpeg-turbo-2.0.90/win/jconfig.h.in 2020-11-25 04:56:19.000000000 +0100
+++ libjpeg-turbo-2.0.90-new/win/jconfig.h.in 2021-01-28 13:40:54.823347735 +0100 +++ libjpeg-turbo-2.0.90-new/win/jconfig.h.in 2021-04-12 10:20:58.427111546 +0200
@@ -9,13 +9,13 @@ @@ -9,13 +9,13 @@
#define BITS_IN_JSAMPLE @BITS_IN_JSAMPLE@ /* use 8 or 12 */ #define BITS_IN_JSAMPLE @BITS_IN_JSAMPLE@ /* use 8 or 12 */

12
mingw-libjpeg-turbo.spec
View File

@ -6,7 +6,7 @@
Name: mingw-libjpeg-turbo Name: mingw-libjpeg-turbo
Version: 2.0.90 Version: 2.0.90
Release: 1%{?dist} Release: 2%{?dist}
Summary: MinGW Windows Libjpeg-turbo library Summary: MinGW Windows Libjpeg-turbo library
License: wxWidgets License: wxWidgets
@ -17,9 +17,12 @@ Source0: http://downloads.sourceforge.net/libjpeg-turbo/libjpeg-turbo-%{v
# https://bugzilla.redhat.com/show_bug.cgi?id=843193 # https://bugzilla.redhat.com/show_bug.cgi?id=843193
Patch0: libjpeg-turbo-match-autoconf-behavior.patch Patch0: libjpeg-turbo-match-autoconf-behavior.patch
# Backport patch for CVE-2021-20205
# https://github.com/libjpeg-turbo/libjpeg-turbo/commit/1719d12e51641cce5c77e259516649ba5ef6303c
Patch1: CVE-2021-20205.patch
BuildArch: noarch BuildArch: noarch
BuildRequires: make
BuildRequires: mingw32-filesystem >= 95 BuildRequires: mingw32-filesystem >= 95
BuildRequires: mingw32-gcc BuildRequires: mingw32-gcc
BuildRequires: mingw32-gcc-c++ BuildRequires: mingw32-gcc-c++
@ -32,6 +35,8 @@ BuildRequires: mingw64-binutils
BuildRequires: nasm BuildRequires: nasm
BuildRequires: cmake BuildRequires: cmake
BuildRequires: make
%description %description
MinGW Windows cross compiled Libjpeg-turbo library. MinGW Windows cross compiled Libjpeg-turbo library.
@ -159,6 +164,9 @@ chmod -x README.md
%changelog %changelog
* Mon Apr 12 2021 Sandro Mani <manisandro@gmail.com> - 2.0.90-2
- Backport patch for CVE-2021-20205
* Thu Jan 28 2021 Sandro Mani <manisandro@gmail.com> - 2.0.90-1 * Thu Jan 28 2021 Sandro Mani <manisandro@gmail.com> - 2.0.90-1
- Update to 2.0.90 - Update to 2.0.90