diff options
Diffstat (limited to 'user')
-rw-r--r-- | user/libjpeg-turbo/APKBUILD | 8 | ||||
-rw-r--r-- | user/libjpeg-turbo/CVE-2020-13790.patch | 35 |
2 files changed, 3 insertions, 40 deletions
diff --git a/user/libjpeg-turbo/APKBUILD b/user/libjpeg-turbo/APKBUILD index cbecdd1a4..5910e7011 100644 --- a/user/libjpeg-turbo/APKBUILD +++ b/user/libjpeg-turbo/APKBUILD @@ -1,8 +1,8 @@ # Contributor: Carlo Landmeter <clandmeter@gmail.com> # Maintainer: A. Wilcox <awilfox@adelielinux.org> pkgname=libjpeg-turbo -pkgver=2.0.4 -pkgrel=1 +pkgver=2.0.5 +pkgrel=0 pkgdesc="Accelerated JPEG compression and decompression library" url="https://libjpeg-turbo.org/" arch="all" @@ -11,7 +11,6 @@ depends="" makedepends="cmake" subpackages="$pkgname-doc $pkgname-dev $pkgname-utils" source="https://downloads.sourceforge.net/libjpeg-turbo/libjpeg-turbo-$pkgver.tar.gz - CVE-2020-13790.patch " case "$CTARGET_ARCH" in @@ -63,5 +62,4 @@ utils() { mv "$pkgdir"/usr/bin "$subpkgdir"/usr/ } -sha512sums="708c2e7418d9ed5abca313e2ff5a08f8176d79cad2127573cda6036583c201973db4cfb0eafc0fc8f57ecc7b000d2b4af95980de54de5a0aed45969e993a5bf9 libjpeg-turbo-2.0.4.tar.gz -83752558d0cf60508a9ccd55505b91f4faa22277537916629a045b2aaa0cb3649e2f90b0df26d389687dc4aba78bdf76e64fc5e5eb324a65026ec86cd95dbe6a CVE-2020-13790.patch" +sha512sums="5bf9ecf069b43783ff24365febf36dda69ccb92d6397efec6069b2b4f359bfd7b87934a6ce4311873220fccc73acabdacef5ce0604b79209eb1912e8ba478555 libjpeg-turbo-2.0.5.tar.gz" diff --git a/user/libjpeg-turbo/CVE-2020-13790.patch b/user/libjpeg-turbo/CVE-2020-13790.patch deleted file mode 100644 index aaeec0c9c..000000000 --- a/user/libjpeg-turbo/CVE-2020-13790.patch +++ /dev/null @@ -1,35 +0,0 @@ -From 3de15e0c344d11d4b90f4a47136467053eb2d09a Mon Sep 17 00:00:00 2001 -From: DRC <information@libjpeg-turbo.org> -Date: Tue, 2 Jun 2020 14:15:37 -0500 -Subject: [PATCH] rdppm.c: Fix buf overrun caused by bad binary PPM - -This extends the fix in 1e81b0c3ea26f4ea8f56de05367469333de64a9f to -include binary PPM files with maximum values < 255, thus preventing a -malformed binary PPM input file with those specifications from -triggering an overrun of the rescale array and potentially crashing -cjpeg, TJBench, or any program that uses the tjLoadImage() function. - -Fixes #433 - -diff --git a/rdppm.c b/rdppm.c -index 87bc33090..a8507b902 100644 ---- a/rdppm.c -+++ b/rdppm.c -@@ -5,7 +5,7 @@ - * Copyright (C) 1991-1997, Thomas G. Lane. - * Modified 2009 by Bill Allombert, Guido Vollbeding. - * libjpeg-turbo Modifications: -- * Copyright (C) 2015-2017, D. R. Commander. -+ * Copyright (C) 2015-2017, 2020, D. R. Commander. - * For conditions of distribution and use, see the accompanying README.ijg - * file. - * -@@ -720,7 +720,7 @@ start_input_ppm(j_compress_ptr cinfo, cjpeg_source_ptr sinfo) - /* On 16-bit-int machines we have to be careful of maxval = 65535 */ - source->rescale = (JSAMPLE *) - (*cinfo->mem->alloc_small) ((j_common_ptr)cinfo, JPOOL_IMAGE, -- (size_t)(((long)maxval + 1L) * -+ (size_t)(((long)MAX(maxval, 255) + 1L) * - sizeof(JSAMPLE))); - half_maxval = maxval / 2; - for (val = 0; val <= (long)maxval; val++) { |