summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorJason Zaman <perfinion@gentoo.org>2018-08-16 19:01:30 +0800
committerJason Zaman <perfinion@gentoo.org>2018-08-16 19:02:03 +0800
commit0ba1f0cf1f00c16bd2efcf96fcba79f17dffc0ee (patch)
treef1e4dc4c3c9c1aa94b37dab5b5eba08534db5953
parentprofiles/packages.mask: mask dev-python/pyfire (diff)
downloadgentoo-0ba1f0cf1f00c16bd2efcf96fcba79f17dffc0ee.tar.gz
gentoo-0ba1f0cf1f00c16bd2efcf96fcba79f17dffc0ee.tar.bz2
gentoo-0ba1f0cf1f00c16bd2efcf96fcba79f17dffc0ee.zip
media-libs/libjpeg-turbo-1.5.3-r2: Fix CVE-2018-11813
libjpeg 9c has a large loop because read_pixel in rdtarga.c mishandles EOF https://nvd.nist.gov/vuln/detail/CVE-2018-11813 Bug: https://bugs.gentoo.org/658624 Package-Manager: Portage-2.3.40, Repoman-2.3.9
-rw-r--r--media-libs/libjpeg-turbo/files/libjpeg-turbo-1.5.3-cve-2018-11813.patch45
-rw-r--r--media-libs/libjpeg-turbo/libjpeg-turbo-1.5.3-r2.ebuild (renamed from media-libs/libjpeg-turbo/libjpeg-turbo-1.5.3-r1.ebuild)1
2 files changed, 46 insertions, 0 deletions
diff --git a/media-libs/libjpeg-turbo/files/libjpeg-turbo-1.5.3-cve-2018-11813.patch b/media-libs/libjpeg-turbo/files/libjpeg-turbo-1.5.3-cve-2018-11813.patch
new file mode 100644
index 00000000000..f99a1ab27f9
--- /dev/null
+++ b/media-libs/libjpeg-turbo/files/libjpeg-turbo-1.5.3-cve-2018-11813.patch
@@ -0,0 +1,45 @@
+From 909a8cfc7bca9b2e6707425bdb74da997e8fa499 Mon Sep 17 00:00:00 2001
+From: DRC <information@libjpeg-turbo.org>
+Date: Tue, 12 Jun 2018 16:08:26 -0500
+Subject: [PATCH] Fix CVE-2018-11813
+
+Refer to change log for details.
+
+Fixes #242
+---
+ ChangeLog.md | 14 ++++++++++++++
+ rdtarga.c | 6 ++----
+ 2 files changed, 16 insertions(+), 4 deletions(-)
+
+--- libjpeg-turbo-1.5.3/rdtarga.c
++++ libjpeg-turbo-1.5.3/rdtarga.c
+@@ -125,11 +125,10 @@
+ read_non_rle_pixel (tga_source_ptr sinfo)
+ /* Read one Targa pixel from the input file; no RLE expansion */
+ {
+- register FILE *infile = sinfo->pub.input_file;
+ register int i;
+
+ for (i = 0; i < sinfo->pixel_size; i++) {
+- sinfo->tga_pixel[i] = (U_CHAR) getc(infile);
++ sinfo->tga_pixel[i] = (U_CHAR) read_byte(sinfo);
+ }
+ }
+
+@@ -138,7 +137,6 @@
+ read_rle_pixel (tga_source_ptr sinfo)
+ /* Read one Targa pixel from the input file, expanding RLE data as needed */
+ {
+- register FILE *infile = sinfo->pub.input_file;
+ register int i;
+
+ /* Duplicate previously read pixel? */
+@@ -160,7 +158,7 @@
+
+ /* Read next pixel */
+ for (i = 0; i < sinfo->pixel_size; i++) {
+- sinfo->tga_pixel[i] = (U_CHAR) getc(infile);
++ sinfo->tga_pixel[i] = (U_CHAR) read_byte(sinfo);
+ }
+ }
+
diff --git a/media-libs/libjpeg-turbo/libjpeg-turbo-1.5.3-r1.ebuild b/media-libs/libjpeg-turbo/libjpeg-turbo-1.5.3-r2.ebuild
index a18bcc5812b..578f104e04f 100644
--- a/media-libs/libjpeg-turbo/libjpeg-turbo-1.5.3-r1.ebuild
+++ b/media-libs/libjpeg-turbo/libjpeg-turbo-1.5.3-r2.ebuild
@@ -36,6 +36,7 @@ MULTILIB_WRAPPED_HEADERS=( /usr/include/jconfig.h )
PATCHES=(
"${FILESDIR}"/${PN}-1.2.0-x32.patch #420239
"${FILESDIR}"/${P}-divzero_fix.patch #658624
+ "${FILESDIR}"/${P}-cve-2018-11813.patch
)
src_prepare() {