From 43192905007c117b9aeafd47dad3eaf9dc68205c Mon Sep 17 00:00:00 2001
From: Natanael Copa <ncopa@alpinelinux.org>
Date: Mon, 25 Nov 2013 14:59:09 +0000
Subject: main/libjpeg-turbo: security fix (CVE-2013-6629,CVE-2013-6630)

---
 main/libjpeg-turbo/APKBUILD                        | 15 ++++++----
 .../CVE-2013-6629-CVE-2013-6630.patch              | 34 ++++++++++++++++++++++
 2 files changed, 44 insertions(+), 5 deletions(-)
 create mode 100644 main/libjpeg-turbo/CVE-2013-6629-CVE-2013-6630.patch

(limited to 'main/libjpeg-turbo')

diff --git a/main/libjpeg-turbo/APKBUILD b/main/libjpeg-turbo/APKBUILD
index bcca311bd..d41b68e6b 100644
--- a/main/libjpeg-turbo/APKBUILD
+++ b/main/libjpeg-turbo/APKBUILD
@@ -2,7 +2,7 @@
 # Maintainer: Natanael Copa <ncopa@alpinelinux.org>
 pkgname=libjpeg-turbo
 pkgver=1.3.0
-pkgrel=0
+pkgrel=1
 pkgdesc="accelerated baseline JPEG compression and decompression library"
 url="http://libjpeg-turbo.virtualgl.org/"
 arch="all"
@@ -13,7 +13,9 @@ makedepends="$depends_dev nasm"
 install=""
 replaces="libjpeg"
 subpackages="$pkgname-dev $pkgname-doc $pkgname-utils"
-source="http://downloads.sourceforge.net/libjpeg-turbo/libjpeg-turbo-$pkgver.tar.gz"
+source="http://downloads.sourceforge.net/libjpeg-turbo/libjpeg-turbo-$pkgver.tar.gz
+	CVE-2013-6629-CVE-2013-6630.patch
+	"
 
 _builddir="$srcdir"/libjpeg-turbo-$pkgver
 prepare() {
@@ -66,6 +68,9 @@ dev() {
 	replaces="jpeg-dev"
 }
 
-md5sums="e1e65cc711a1ade1322c06ad4a647741  libjpeg-turbo-1.3.0.tar.gz"
-sha256sums="2657008cfc08aadbaca065bd9f8964b8a2c0abd03e73da5b5f09c1216be31234  libjpeg-turbo-1.3.0.tar.gz"
-sha512sums="4d34c3c5f2cdd70b2a3d1b55eeb4ce59cb3d4b8d22bb6d43c2ec844b7eb5685b55a9b1b46ad2bc5f2756b5f5535ccad032791c3b932af9c1efc502aa5e701053  libjpeg-turbo-1.3.0.tar.gz"
+md5sums="e1e65cc711a1ade1322c06ad4a647741  libjpeg-turbo-1.3.0.tar.gz
+7205b1ed38d47e8736c34c972b1f0367  CVE-2013-6629-CVE-2013-6630.patch"
+sha256sums="2657008cfc08aadbaca065bd9f8964b8a2c0abd03e73da5b5f09c1216be31234  libjpeg-turbo-1.3.0.tar.gz
+3fa40eecb3d80c7c5a12e6ba86e95f381dcacf302d2d72f24858472999b72278  CVE-2013-6629-CVE-2013-6630.patch"
+sha512sums="4d34c3c5f2cdd70b2a3d1b55eeb4ce59cb3d4b8d22bb6d43c2ec844b7eb5685b55a9b1b46ad2bc5f2756b5f5535ccad032791c3b932af9c1efc502aa5e701053  libjpeg-turbo-1.3.0.tar.gz
+4ed52c38b9d3dc27f4665216b9d8ca91dbf8e8c7aefc9016e9dd86b7f18cc763223db517fc8545732e28df766630c126c0c0cbe237a51070b0ba140cce4c8b73  CVE-2013-6629-CVE-2013-6630.patch"
diff --git a/main/libjpeg-turbo/CVE-2013-6629-CVE-2013-6630.patch b/main/libjpeg-turbo/CVE-2013-6629-CVE-2013-6630.patch
new file mode 100644
index 000000000..7a93d4be2
--- /dev/null
+++ b/main/libjpeg-turbo/CVE-2013-6629-CVE-2013-6630.patch
@@ -0,0 +1,34 @@
+--- a/jdmarker.c
++++ b/jdmarker.c
+@@ -304,7 +304,7 @@
+ /* Process a SOS marker */
+ {
+   INT32 length;
+-  int i, ci, n, c, cc;
++  int i, ci, n, c, cc, pi;
+   jpeg_component_info * compptr;
+   INPUT_VARS(cinfo);
+ 
+@@ -348,6 +348,13 @@
+     
+     TRACEMS3(cinfo, 1, JTRC_SOS_COMPONENT, cc,
+ 	     compptr->dc_tbl_no, compptr->ac_tbl_no);
++
++    /* This CSi (cc) should differ from the previous CSi */
++    for (pi = 0; pi < i; pi++) {
++      if (cinfo->cur_comp_info[pi] == compptr) {
++        ERREXIT1(cinfo, JERR_BAD_COMPONENT_ID, cc);
++      }
++    }
+   }
+ 
+   /* Collect the additional scan parameters Ss, Se, Ah/Al. */
+@@ -464,6 +471,8 @@
+ 
+     for (i = 0; i < count; i++)
+       INPUT_BYTE(cinfo, huffval[i], return FALSE);
++
++    MEMZERO(&huffval[count], (256 - count) * SIZEOF(UINT8));
+ 
+     length -= count;
+ 
-- 
cgit v1.2.3