Commit 43192905 authored by Natanael Copa's avatar Natanael Copa
Browse files

main/libjpeg-turbo: security fix (CVE-2013-6629,CVE-2013-6630)

parent d165558a
......@@ -2,7 +2,7 @@
# Maintainer: Natanael Copa <ncopa@alpinelinux.org>
pkgname=libjpeg-turbo
pkgver=1.3.0
pkgrel=0
pkgrel=1
pkgdesc="accelerated baseline JPEG compression and decompression library"
url="http://libjpeg-turbo.virtualgl.org/"
arch="all"
......@@ -13,7 +13,9 @@ makedepends="$depends_dev nasm"
install=""
replaces="libjpeg"
subpackages="$pkgname-dev $pkgname-doc $pkgname-utils"
source="http://downloads.sourceforge.net/libjpeg-turbo/libjpeg-turbo-$pkgver.tar.gz"
source="http://downloads.sourceforge.net/libjpeg-turbo/libjpeg-turbo-$pkgver.tar.gz
CVE-2013-6629-CVE-2013-6630.patch
"
_builddir="$srcdir"/libjpeg-turbo-$pkgver
prepare() {
......@@ -66,6 +68,9 @@ dev() {
replaces="jpeg-dev"
}
md5sums="e1e65cc711a1ade1322c06ad4a647741 libjpeg-turbo-1.3.0.tar.gz"
sha256sums="2657008cfc08aadbaca065bd9f8964b8a2c0abd03e73da5b5f09c1216be31234 libjpeg-turbo-1.3.0.tar.gz"
sha512sums="4d34c3c5f2cdd70b2a3d1b55eeb4ce59cb3d4b8d22bb6d43c2ec844b7eb5685b55a9b1b46ad2bc5f2756b5f5535ccad032791c3b932af9c1efc502aa5e701053 libjpeg-turbo-1.3.0.tar.gz"
md5sums="e1e65cc711a1ade1322c06ad4a647741 libjpeg-turbo-1.3.0.tar.gz
7205b1ed38d47e8736c34c972b1f0367 CVE-2013-6629-CVE-2013-6630.patch"
sha256sums="2657008cfc08aadbaca065bd9f8964b8a2c0abd03e73da5b5f09c1216be31234 libjpeg-turbo-1.3.0.tar.gz
3fa40eecb3d80c7c5a12e6ba86e95f381dcacf302d2d72f24858472999b72278 CVE-2013-6629-CVE-2013-6630.patch"
sha512sums="4d34c3c5f2cdd70b2a3d1b55eeb4ce59cb3d4b8d22bb6d43c2ec844b7eb5685b55a9b1b46ad2bc5f2756b5f5535ccad032791c3b932af9c1efc502aa5e701053 libjpeg-turbo-1.3.0.tar.gz
4ed52c38b9d3dc27f4665216b9d8ca91dbf8e8c7aefc9016e9dd86b7f18cc763223db517fc8545732e28df766630c126c0c0cbe237a51070b0ba140cce4c8b73 CVE-2013-6629-CVE-2013-6630.patch"
--- a/jdmarker.c
+++ b/jdmarker.c
@@ -304,7 +304,7 @@
/* Process a SOS marker */
{
INT32 length;
- int i, ci, n, c, cc;
+ int i, ci, n, c, cc, pi;
jpeg_component_info * compptr;
INPUT_VARS(cinfo);
@@ -348,6 +348,13 @@
TRACEMS3(cinfo, 1, JTRC_SOS_COMPONENT, cc,
compptr->dc_tbl_no, compptr->ac_tbl_no);
+
+ /* This CSi (cc) should differ from the previous CSi */
+ for (pi = 0; pi < i; pi++) {
+ if (cinfo->cur_comp_info[pi] == compptr) {
+ ERREXIT1(cinfo, JERR_BAD_COMPONENT_ID, cc);
+ }
+ }
}
/* Collect the additional scan parameters Ss, Se, Ah/Al. */
@@ -464,6 +471,8 @@
for (i = 0; i < count; i++)
INPUT_BYTE(cinfo, huffval[i], return FALSE);
+
+ MEMZERO(&huffval[count], (256 - count) * SIZEOF(UINT8));
length -= count;
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment