aboutsummaryrefslogtreecommitdiffstats
path: root/main/libjpeg-turbo
diff options
context:
space:
mode:
authorNatanael Copa <ncopa@alpinelinux.org>2013-11-25 14:59:09 +0000
committerNatanael Copa <ncopa@alpinelinux.org>2013-11-25 14:59:09 +0000
commit43192905007c117b9aeafd47dad3eaf9dc68205c (patch)
tree919db0af9eecc95e7b27c7cf65724d828224fb85 /main/libjpeg-turbo
parentd165558afab0b1b4f298c78e673853393c3891ab (diff)
downloadaports-43192905007c117b9aeafd47dad3eaf9dc68205c.tar.bz2
aports-43192905007c117b9aeafd47dad3eaf9dc68205c.tar.xz
main/libjpeg-turbo: security fix (CVE-2013-6629,CVE-2013-6630)
Diffstat (limited to 'main/libjpeg-turbo')
-rw-r--r--main/libjpeg-turbo/APKBUILD15
-rw-r--r--main/libjpeg-turbo/CVE-2013-6629-CVE-2013-6630.patch34
2 files changed, 44 insertions, 5 deletions
diff --git a/main/libjpeg-turbo/APKBUILD b/main/libjpeg-turbo/APKBUILD
index bcca311bda..d41b68e6b4 100644
--- a/main/libjpeg-turbo/APKBUILD
+++ b/main/libjpeg-turbo/APKBUILD
@@ -2,7 +2,7 @@
# Maintainer: Natanael Copa <ncopa@alpinelinux.org>
pkgname=libjpeg-turbo
pkgver=1.3.0
-pkgrel=0
+pkgrel=1
pkgdesc="accelerated baseline JPEG compression and decompression library"
url="http://libjpeg-turbo.virtualgl.org/"
arch="all"
@@ -13,7 +13,9 @@ makedepends="$depends_dev nasm"
install=""
replaces="libjpeg"
subpackages="$pkgname-dev $pkgname-doc $pkgname-utils"
-source="http://downloads.sourceforge.net/libjpeg-turbo/libjpeg-turbo-$pkgver.tar.gz"
+source="http://downloads.sourceforge.net/libjpeg-turbo/libjpeg-turbo-$pkgver.tar.gz
+ CVE-2013-6629-CVE-2013-6630.patch
+ "
_builddir="$srcdir"/libjpeg-turbo-$pkgver
prepare() {
@@ -66,6 +68,9 @@ dev() {
replaces="jpeg-dev"
}
-md5sums="e1e65cc711a1ade1322c06ad4a647741 libjpeg-turbo-1.3.0.tar.gz"
-sha256sums="2657008cfc08aadbaca065bd9f8964b8a2c0abd03e73da5b5f09c1216be31234 libjpeg-turbo-1.3.0.tar.gz"
-sha512sums="4d34c3c5f2cdd70b2a3d1b55eeb4ce59cb3d4b8d22bb6d43c2ec844b7eb5685b55a9b1b46ad2bc5f2756b5f5535ccad032791c3b932af9c1efc502aa5e701053 libjpeg-turbo-1.3.0.tar.gz"
+md5sums="e1e65cc711a1ade1322c06ad4a647741 libjpeg-turbo-1.3.0.tar.gz
+7205b1ed38d47e8736c34c972b1f0367 CVE-2013-6629-CVE-2013-6630.patch"
+sha256sums="2657008cfc08aadbaca065bd9f8964b8a2c0abd03e73da5b5f09c1216be31234 libjpeg-turbo-1.3.0.tar.gz
+3fa40eecb3d80c7c5a12e6ba86e95f381dcacf302d2d72f24858472999b72278 CVE-2013-6629-CVE-2013-6630.patch"
+sha512sums="4d34c3c5f2cdd70b2a3d1b55eeb4ce59cb3d4b8d22bb6d43c2ec844b7eb5685b55a9b1b46ad2bc5f2756b5f5535ccad032791c3b932af9c1efc502aa5e701053 libjpeg-turbo-1.3.0.tar.gz
+4ed52c38b9d3dc27f4665216b9d8ca91dbf8e8c7aefc9016e9dd86b7f18cc763223db517fc8545732e28df766630c126c0c0cbe237a51070b0ba140cce4c8b73 CVE-2013-6629-CVE-2013-6630.patch"
diff --git a/main/libjpeg-turbo/CVE-2013-6629-CVE-2013-6630.patch b/main/libjpeg-turbo/CVE-2013-6629-CVE-2013-6630.patch
new file mode 100644
index 0000000000..7a93d4be23
--- /dev/null
+++ b/main/libjpeg-turbo/CVE-2013-6629-CVE-2013-6630.patch
@@ -0,0 +1,34 @@
+--- a/jdmarker.c
++++ b/jdmarker.c
+@@ -304,7 +304,7 @@
+ /* Process a SOS marker */
+ {
+ INT32 length;
+- int i, ci, n, c, cc;
++ int i, ci, n, c, cc, pi;
+ jpeg_component_info * compptr;
+ INPUT_VARS(cinfo);
+
+@@ -348,6 +348,13 @@
+
+ TRACEMS3(cinfo, 1, JTRC_SOS_COMPONENT, cc,
+ compptr->dc_tbl_no, compptr->ac_tbl_no);
++
++ /* This CSi (cc) should differ from the previous CSi */
++ for (pi = 0; pi < i; pi++) {
++ if (cinfo->cur_comp_info[pi] == compptr) {
++ ERREXIT1(cinfo, JERR_BAD_COMPONENT_ID, cc);
++ }
++ }
+ }
+
+ /* Collect the additional scan parameters Ss, Se, Ah/Al. */
+@@ -464,6 +471,8 @@
+
+ for (i = 0; i < count; i++)
+ INPUT_BYTE(cinfo, huffval[i], return FALSE);
++
++ MEMZERO(&huffval[count], (256 - count) * SIZEOF(UINT8));
+
+ length -= count;
+