From 462bd6c14d7fffb74fe6069fd7abd8e42f2d135c Mon Sep 17 00:00:00 2001 From: CentOS Sources Date: Nov 09 2021 09:48:04 +0000 Subject: import libjpeg-turbo-1.5.3-12.el8 --- diff --git a/SOURCES/libjpeg-turbo-CVE-2020-17541.patch b/SOURCES/libjpeg-turbo-CVE-2020-17541.patch new file mode 100644 index 0000000..fe91ef8 --- /dev/null +++ b/SOURCES/libjpeg-turbo-CVE-2020-17541.patch @@ -0,0 +1,13 @@ +diff --git a/jchuff.c b/jchuff.c +index fffaace..3bf0194 100644 +--- a/jchuff.c ++++ b/jchuff.c +@@ -428,7 +428,7 @@ dump_buffer (working_state *state) + * scanning order-- 1, 8, 16, etc.), then this will produce an encoded block + * larger than 200 bytes. + */ +-#define BUFSIZE (DCTSIZE2 * 4) ++#define BUFSIZE (DCTSIZE2 * 8) + + #define LOAD_BUFFER() { \ + if (state->free_in_buffer < BUFSIZE) { \ diff --git a/SPECS/libjpeg-turbo.spec b/SPECS/libjpeg-turbo.spec index d0273ad..09283d8 100644 --- a/SPECS/libjpeg-turbo.spec +++ b/SPECS/libjpeg-turbo.spec @@ -1,6 +1,6 @@ Name: libjpeg-turbo Version: 1.5.3 -Release: 10%{?dist} +Release: 12%{?dist} Summary: A MMX/SSE2/SIMD accelerated library for manipulating JPEG image files License: IJG URL: http://sourceforge.net/projects/libjpeg-turbo @@ -14,6 +14,7 @@ Patch4: libjpeg-turbo-honor-naflags.patch Patch5: libjpeg-turbo-coverity.patch Patch6: libjpeg-turbo-CET.patch Patch7: libjpeg-turbo-CVE-2018-14498.patch +Patch8: libjpeg-turbo-CVE-2020-17541.patch BuildRequires: autoconf BuildRequires: automake @@ -83,6 +84,7 @@ manipulate JPEG files using the TurboJPEG library. %patch5 -p1 -b .coverity %patch6 -p1 -b .CET %patch7 -p1 -b .CVE-2018-14498 +%patch8 -p1 -b .CVE-2020-17541 %build autoreconf -vif @@ -149,6 +151,7 @@ make test %{?_smp_mflags} %ldconfig_scriptlets -n turbojpeg %files +%license LICENSE.md %doc README.md README.ijg ChangeLog.md %{_libdir}/libjpeg.so.62* @@ -176,6 +179,7 @@ make test %{?_smp_mflags} %{_mandir}/man1/wrjpgcom.1* %files -n turbojpeg +%license LICENSE.md %{_libdir}/libturbojpeg.so.0* %files -n turbojpeg-devel @@ -184,6 +188,12 @@ make test %{?_smp_mflags} %{_libdir}/pkgconfig/libturbojpeg.pc %changelog +* Thu Jul 15 2021 Nikola Forró - 1.5.3-12 +- Add missing license file (#1982572) + +* Wed Jun 30 2021 Nikola Forró - 1.5.3-11 +- Fix CVE-2020-17541 (#1972289) + * Thu Jun 06 2019 Nikola Forró - 1.5.3-10 - Fix CVE-2018-14498 (#1687477)