summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorMax Rees <maxcrees@me.com>2020-06-10 12:13:22 -0500
committerMax Rees <maxcrees@me.com>2020-06-10 17:10:39 -0500
commit985b73b871df35bfb163c3a180691ac7b8aa55bd (patch)
tree38b13423075bde1ee81d4116038a8469fd80c6d3
parentddb2347a2da3758bfd6bc10dabf5e636c638626a (diff)
downloadpackages-985b73b871df35bfb163c3a180691ac7b8aa55bd.tar.gz
packages-985b73b871df35bfb163c3a180691ac7b8aa55bd.tar.bz2
packages-985b73b871df35bfb163c3a180691ac7b8aa55bd.tar.xz
packages-985b73b871df35bfb163c3a180691ac7b8aa55bd.zip
user/libjpeg-turbo: [CVE] patch CVE-2020-13790 (#298)
-rw-r--r--user/libjpeg-turbo/APKBUILD11
-rw-r--r--user/libjpeg-turbo/CVE-2020-13790.patch35
2 files changed, 43 insertions, 3 deletions
diff --git a/user/libjpeg-turbo/APKBUILD b/user/libjpeg-turbo/APKBUILD
index ad4a4076a..00b4ec314 100644
--- a/user/libjpeg-turbo/APKBUILD
+++ b/user/libjpeg-turbo/APKBUILD
@@ -2,7 +2,7 @@
# Maintainer: A. Wilcox <awilfox@adelielinux.org>
pkgname=libjpeg-turbo
pkgver=2.0.4
-pkgrel=0
+pkgrel=1
pkgdesc="Accelerated JPEG compression and decompression library"
url="https://libjpeg-turbo.org/"
arch="all"
@@ -10,7 +10,9 @@ license="IJG AND BSD-3-Clause AND Zlib"
depends=""
makedepends="cmake"
subpackages="$pkgname-doc $pkgname-dev $pkgname-utils"
-source="https://downloads.sourceforge.net/libjpeg-turbo/libjpeg-turbo-$pkgver.tar.gz"
+source="https://downloads.sourceforge.net/libjpeg-turbo/libjpeg-turbo-$pkgver.tar.gz
+ CVE-2020-13790.patch
+ "
case "$CTARGET_ARCH" in
pmmx | x86 | x86_64) makedepends="$makedepends nasm" ;;
@@ -19,6 +21,8 @@ esac
# secfixes:
# 2.0.3-r0:
# - CVE-2019-2201
+# 2.0.4-r1:
+# - CVE-2020-13790
build() {
if [ "$CBUILD" != "$CHOST" ]; then
@@ -51,4 +55,5 @@ utils() {
mv "$pkgdir"/usr/bin "$subpkgdir"/usr/
}
-sha512sums="708c2e7418d9ed5abca313e2ff5a08f8176d79cad2127573cda6036583c201973db4cfb0eafc0fc8f57ecc7b000d2b4af95980de54de5a0aed45969e993a5bf9 libjpeg-turbo-2.0.4.tar.gz"
+sha512sums="708c2e7418d9ed5abca313e2ff5a08f8176d79cad2127573cda6036583c201973db4cfb0eafc0fc8f57ecc7b000d2b4af95980de54de5a0aed45969e993a5bf9 libjpeg-turbo-2.0.4.tar.gz
+83752558d0cf60508a9ccd55505b91f4faa22277537916629a045b2aaa0cb3649e2f90b0df26d389687dc4aba78bdf76e64fc5e5eb324a65026ec86cd95dbe6a CVE-2020-13790.patch"
diff --git a/user/libjpeg-turbo/CVE-2020-13790.patch b/user/libjpeg-turbo/CVE-2020-13790.patch
new file mode 100644
index 000000000..aaeec0c9c
--- /dev/null
+++ b/user/libjpeg-turbo/CVE-2020-13790.patch
@@ -0,0 +1,35 @@
+From 3de15e0c344d11d4b90f4a47136467053eb2d09a Mon Sep 17 00:00:00 2001
+From: DRC <information@libjpeg-turbo.org>
+Date: Tue, 2 Jun 2020 14:15:37 -0500
+Subject: [PATCH] rdppm.c: Fix buf overrun caused by bad binary PPM
+
+This extends the fix in 1e81b0c3ea26f4ea8f56de05367469333de64a9f to
+include binary PPM files with maximum values < 255, thus preventing a
+malformed binary PPM input file with those specifications from
+triggering an overrun of the rescale array and potentially crashing
+cjpeg, TJBench, or any program that uses the tjLoadImage() function.
+
+Fixes #433
+
+diff --git a/rdppm.c b/rdppm.c
+index 87bc33090..a8507b902 100644
+--- a/rdppm.c
++++ b/rdppm.c
+@@ -5,7 +5,7 @@
+ * Copyright (C) 1991-1997, Thomas G. Lane.
+ * Modified 2009 by Bill Allombert, Guido Vollbeding.
+ * libjpeg-turbo Modifications:
+- * Copyright (C) 2015-2017, D. R. Commander.
++ * Copyright (C) 2015-2017, 2020, D. R. Commander.
+ * For conditions of distribution and use, see the accompanying README.ijg
+ * file.
+ *
+@@ -720,7 +720,7 @@ start_input_ppm(j_compress_ptr cinfo, cjpeg_source_ptr sinfo)
+ /* On 16-bit-int machines we have to be careful of maxval = 65535 */
+ source->rescale = (JSAMPLE *)
+ (*cinfo->mem->alloc_small) ((j_common_ptr)cinfo, JPOOL_IMAGE,
+- (size_t)(((long)maxval + 1L) *
++ (size_t)(((long)MAX(maxval, 255) + 1L) *
+ sizeof(JSAMPLE)));
+ half_maxval = maxval / 2;
+ for (val = 0; val <= (long)maxval; val++) {