1 |
commit: 0ba1f0cf1f00c16bd2efcf96fcba79f17dffc0ee |
2 |
Author: Jason Zaman <perfinion <AT> gentoo <DOT> org> |
3 |
AuthorDate: Thu Aug 16 11:01:30 2018 +0000 |
4 |
Commit: Jason Zaman <perfinion <AT> gentoo <DOT> org> |
5 |
CommitDate: Thu Aug 16 11:02:03 2018 +0000 |
6 |
URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=0ba1f0cf |
7 |
|
8 |
media-libs/libjpeg-turbo-1.5.3-r2: Fix CVE-2018-11813 |
9 |
|
10 |
libjpeg 9c has a large loop because read_pixel in rdtarga.c mishandles EOF |
11 |
|
12 |
https://nvd.nist.gov/vuln/detail/CVE-2018-11813 |
13 |
|
14 |
Bug: https://bugs.gentoo.org/658624 |
15 |
Package-Manager: Portage-2.3.40, Repoman-2.3.9 |
16 |
|
17 |
.../files/libjpeg-turbo-1.5.3-cve-2018-11813.patch | 45 ++++++++++++++++++++++ |
18 |
...5.3-r1.ebuild => libjpeg-turbo-1.5.3-r2.ebuild} | 1 + |
19 |
2 files changed, 46 insertions(+) |
20 |
|
21 |
diff --git a/media-libs/libjpeg-turbo/files/libjpeg-turbo-1.5.3-cve-2018-11813.patch b/media-libs/libjpeg-turbo/files/libjpeg-turbo-1.5.3-cve-2018-11813.patch |
22 |
new file mode 100644 |
23 |
index 00000000000..f99a1ab27f9 |
24 |
--- /dev/null |
25 |
+++ b/media-libs/libjpeg-turbo/files/libjpeg-turbo-1.5.3-cve-2018-11813.patch |
26 |
@@ -0,0 +1,45 @@ |
27 |
+From 909a8cfc7bca9b2e6707425bdb74da997e8fa499 Mon Sep 17 00:00:00 2001 |
28 |
+From: DRC <information@×××××××××××××.org> |
29 |
+Date: Tue, 12 Jun 2018 16:08:26 -0500 |
30 |
+Subject: [PATCH] Fix CVE-2018-11813 |
31 |
+ |
32 |
+Refer to change log for details. |
33 |
+ |
34 |
+Fixes #242 |
35 |
+--- |
36 |
+ ChangeLog.md | 14 ++++++++++++++ |
37 |
+ rdtarga.c | 6 ++---- |
38 |
+ 2 files changed, 16 insertions(+), 4 deletions(-) |
39 |
+ |
40 |
+--- libjpeg-turbo-1.5.3/rdtarga.c |
41 |
++++ libjpeg-turbo-1.5.3/rdtarga.c |
42 |
+@@ -125,11 +125,10 @@ |
43 |
+ read_non_rle_pixel (tga_source_ptr sinfo) |
44 |
+ /* Read one Targa pixel from the input file; no RLE expansion */ |
45 |
+ { |
46 |
+- register FILE *infile = sinfo->pub.input_file; |
47 |
+ register int i; |
48 |
+ |
49 |
+ for (i = 0; i < sinfo->pixel_size; i++) { |
50 |
+- sinfo->tga_pixel[i] = (U_CHAR) getc(infile); |
51 |
++ sinfo->tga_pixel[i] = (U_CHAR) read_byte(sinfo); |
52 |
+ } |
53 |
+ } |
54 |
+ |
55 |
+@@ -138,7 +137,6 @@ |
56 |
+ read_rle_pixel (tga_source_ptr sinfo) |
57 |
+ /* Read one Targa pixel from the input file, expanding RLE data as needed */ |
58 |
+ { |
59 |
+- register FILE *infile = sinfo->pub.input_file; |
60 |
+ register int i; |
61 |
+ |
62 |
+ /* Duplicate previously read pixel? */ |
63 |
+@@ -160,7 +158,7 @@ |
64 |
+ |
65 |
+ /* Read next pixel */ |
66 |
+ for (i = 0; i < sinfo->pixel_size; i++) { |
67 |
+- sinfo->tga_pixel[i] = (U_CHAR) getc(infile); |
68 |
++ sinfo->tga_pixel[i] = (U_CHAR) read_byte(sinfo); |
69 |
+ } |
70 |
+ } |
71 |
+ |
72 |
|
73 |
diff --git a/media-libs/libjpeg-turbo/libjpeg-turbo-1.5.3-r1.ebuild b/media-libs/libjpeg-turbo/libjpeg-turbo-1.5.3-r2.ebuild |
74 |
similarity index 98% |
75 |
rename from media-libs/libjpeg-turbo/libjpeg-turbo-1.5.3-r1.ebuild |
76 |
rename to media-libs/libjpeg-turbo/libjpeg-turbo-1.5.3-r2.ebuild |
77 |
index a18bcc5812b..578f104e04f 100644 |
78 |
--- a/media-libs/libjpeg-turbo/libjpeg-turbo-1.5.3-r1.ebuild |
79 |
+++ b/media-libs/libjpeg-turbo/libjpeg-turbo-1.5.3-r2.ebuild |
80 |
@@ -36,6 +36,7 @@ MULTILIB_WRAPPED_HEADERS=( /usr/include/jconfig.h ) |
81 |
PATCHES=( |
82 |
"${FILESDIR}"/${PN}-1.2.0-x32.patch #420239 |
83 |
"${FILESDIR}"/${P}-divzero_fix.patch #658624 |
84 |
+ "${FILESDIR}"/${P}-cve-2018-11813.patch |
85 |
) |
86 |
|
87 |
src_prepare() { |