[gentoo-commits] repo/gentoo:master commit in: media-libs/libjpeg-turbo/files/, media-libs/libjpeg-turbo/

Thu, 16 Aug 2018 04:03:00 -0700 

commit:     0ba1f0cf1f00c16bd2efcf96fcba79f17dffc0ee
Author:     Jason Zaman <perfinion <AT> gentoo <DOT> org>
AuthorDate: Thu Aug 16 11:01:30 2018 +0000
Commit:     Jason Zaman <perfinion <AT> gentoo <DOT> org>
CommitDate: Thu Aug 16 11:02:03 2018 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=0ba1f0cf

media-libs/libjpeg-turbo-1.5.3-r2: Fix CVE-2018-11813

libjpeg 9c has a large loop because read_pixel in rdtarga.c mishandles EOF

https://nvd.nist.gov/vuln/detail/CVE-2018-11813

Bug: https://bugs.gentoo.org/658624
Package-Manager: Portage-2.3.40, Repoman-2.3.9

 .../files/libjpeg-turbo-1.5.3-cve-2018-11813.patch | 45 ++++++++++++++++++++++
 ...5.3-r1.ebuild => libjpeg-turbo-1.5.3-r2.ebuild} |  1 +
 2 files changed, 46 insertions(+)

diff --git 
a/media-libs/libjpeg-turbo/files/libjpeg-turbo-1.5.3-cve-2018-11813.patch 
b/media-libs/libjpeg-turbo/files/libjpeg-turbo-1.5.3-cve-2018-11813.patch
new file mode 100644
index 00000000000..f99a1ab27f9
--- /dev/null
+++ b/media-libs/libjpeg-turbo/files/libjpeg-turbo-1.5.3-cve-2018-11813.patch
@@ -0,0 +1,45 @@
+From 909a8cfc7bca9b2e6707425bdb74da997e8fa499 Mon Sep 17 00:00:00 2001
+From: DRC <[email protected]>
+Date: Tue, 12 Jun 2018 16:08:26 -0500
+Subject: [PATCH] Fix CVE-2018-11813
+
+Refer to change log for details.
+
+Fixes #242
+---
+ ChangeLog.md | 14 ++++++++++++++
+ rdtarga.c    |  6 ++----
+ 2 files changed, 16 insertions(+), 4 deletions(-)
+
+--- libjpeg-turbo-1.5.3/rdtarga.c
++++ libjpeg-turbo-1.5.3/rdtarga.c
+@@ -125,11 +125,10 @@
+ read_non_rle_pixel (tga_source_ptr sinfo)
+ /* Read one Targa pixel from the input file; no RLE expansion */
+ {
+-  register FILE *infile = sinfo->pub.input_file;
+   register int i;
+ 
+   for (i = 0; i < sinfo->pixel_size; i++) {
+-    sinfo->tga_pixel[i] = (U_CHAR) getc(infile);
++    sinfo->tga_pixel[i] = (U_CHAR) read_byte(sinfo);
+   }
+ }
+ 
+@@ -138,7 +137,6 @@
+ read_rle_pixel (tga_source_ptr sinfo)
+ /* Read one Targa pixel from the input file, expanding RLE data as needed */
+ {
+-  register FILE *infile = sinfo->pub.input_file;
+   register int i;
+ 
+   /* Duplicate previously read pixel? */
+@@ -160,7 +158,7 @@
+ 
+   /* Read next pixel */
+   for (i = 0; i < sinfo->pixel_size; i++) {
+-    sinfo->tga_pixel[i] = (U_CHAR) getc(infile);
++    sinfo->tga_pixel[i] = (U_CHAR) read_byte(sinfo);
+   }
+ }
+ 

diff --git a/media-libs/libjpeg-turbo/libjpeg-turbo-1.5.3-r1.ebuild 
b/media-libs/libjpeg-turbo/libjpeg-turbo-1.5.3-r2.ebuild
similarity index 98%
rename from media-libs/libjpeg-turbo/libjpeg-turbo-1.5.3-r1.ebuild
rename to media-libs/libjpeg-turbo/libjpeg-turbo-1.5.3-r2.ebuild
index a18bcc5812b..578f104e04f 100644
--- a/media-libs/libjpeg-turbo/libjpeg-turbo-1.5.3-r1.ebuild
+++ b/media-libs/libjpeg-turbo/libjpeg-turbo-1.5.3-r2.ebuild
@@ -36,6 +36,7 @@ MULTILIB_WRAPPED_HEADERS=( /usr/include/jconfig.h )
 PATCHES=(
        "${FILESDIR}"/${PN}-1.2.0-x32.patch #420239
        "${FILESDIR}"/${P}-divzero_fix.patch #658624
+       "${FILESDIR}"/${P}-cve-2018-11813.patch
 )
 
 src_prepare() {

Reply via email to