1. photon
  2. Commit 34594c0534d3d2419dde59b7ccee39e2e6182722
Browse code

Fix for CVE-2018-19664 in libjpeg-turbo, Corrected the libs location from /usr/lib64 to /usr/lib

Change-Id: I23e7f5fd50e489eaae6c0db1b2bf10dee5d51819
Reviewed-on: http://photon-jenkins.eng.vmware.com:8082/6661
Reviewed-by: Anish Swaminathan <anishs@vmware.com>
Tested-by: Anish Swaminathan <anishs@vmware.com>

gsujayvmw authored on 2019/02/08 15:38:09
Showing 2 changed files
SPECS/libjpeg-turbo/CVE-2018-19664.patch
History View file @ 34594c0
1 1 
new file mode 100644
... ... 
@@ -0,0 +1,17 @@
0 
+diff --git a/wrbmp.c b/wrbmp.c
1 
+index 4bf81426b..239f64eb3 100644
2 
+--- a/wrbmp.c
3 
+@@ -502,8 +502,9 @@ jinit_write_bmp(j_decompress_ptr cinfo, boolean is_os2,
4 
+       dest->pub.put_pixel_rows = put_gray_rows;
5 
+     else
6 
+       dest->pub.put_pixel_rows = put_pixel_rows;
7 
+-  } else if (cinfo->out_color_space == JCS_RGB565 ||
8 
+-             cinfo->out_color_space == JCS_CMYK) {
9 
++  } else if (!cinfo->quantize_colors &&
10 
++             (cinfo->out_color_space == JCS_RGB565 ||
11 
++              cinfo->out_color_space == JCS_CMYK)) {
12 
+     dest->pub.put_pixel_rows = put_pixel_rows;
13 
+   } else {
14 
+     ERREXIT(cinfo, JERR_BMP_COLORSPACE);
15 
+
SPECS/libjpeg-turbo/libjpeg-turbo.spec
History View file @ 34594c0
... ... 
@@ -1,7 +1,7 @@
1 1 
 Summary:        fork of the original IJG libjpeg which uses SIMD.
2 2 
 Name:           libjpeg-turbo
3 3 
 Version:        2.0.0
4 
-Release:        1%{?dist}
4 
+Release:        2%{?dist}
5 5 
 License:        IJG
6 6 
 URL:            http://sourceforge.net/projects/libjpeg-turbo
7 7 
 Group:          System Environment/Libraries
... ... 
@@ -10,6 +10,7 @@ Distribution:   Photon
10 10 
 Source0:        http://downloads.sourceforge.net/libjpeg-turbo/%{name}-%{version}.tar.gz
11 11 
 %define sha1    libjpeg-turbo=6d74b609294b6bae5a7cde035f7d6b80d60ebb77
12 12 
 Patch0:         libjpeg-turbo-CVE-2018-20330.patch
13 
+Patch1:         CVE-2018-19664.patch
13 14 
 BuildRequires:  nasm
14 15 
 BuildRequires:  cmake
15 16 
 Requires:       nasm
... ... 
@@ -25,12 +26,14 @@ It contains the libraries and header files to create applications
25 25 
 %prep
26 26 
 %setup -q
27 27 
 %patch0 -p1
28 
+%patch1 -p1
28 29
29 30 
 %build
30 31 
 mkdir -p build
31 32 
 cd build
32 33 
 cmake \
33 34 
       -DCMAKE_INSTALL_PREFIX=%{_prefix} \
35 
+      -DCMAKE_INSTALL_LIBDIR=%{_libdir} \
34 36 
       -DCMAKE_SKIP_RPATH:BOOL=YES \
35 37 
       -DCMAKE_SKIP_INSTALL_RPATH:BOOL=YES \
36 38 
       -DENABLE_STATIC:BOOL=NO ..
... ... 
@@ -50,17 +53,19 @@ find %{buildroot} -name '*.la' -delete
50 50 
 %files
51 51 
 %defattr(-,root,root)
52 52 
 %{_bindir}/*
53 
-/usr/lib64/*.so*
53 
+%{_libdir}/*.so*
54 54 
 %{_datadir}/*
55 55
56 56 
 %files devel
57 57 
 %defattr(-,root,root)
58 58 
 %{_includedir}/*
59 
-#%{_libdir}/*.so
60 
-#%{_libdir}/pkgconfig/*.pc
61 
-/usr/lib64/pkgconfig/*.pc
59 
+%{_libdir}/*.so
60 
+%{_libdir}/pkgconfig/*.pc
62 61
63 62 
 %changelog
63 
+*   Fri Feb 02 2019 Sujay G <gsujay@vmware.com> 2.0.0-2
64 
+-   Corrected the libs location from /usr/lib64 to /usr/lib
65 
+-   Fix CVE-2018-19664
64 66 
 *   Tue Jan 22 2019 Sujay G <gsujay@vmware.com> 2.0.0-1
65 67 
 -   Bump version to 2.0.0 and Fix CVE-2018-20330
66 68 
 *   Mon Dec 11 2017 Xiaolin Li <xiaolinl@vmware.com> 1.5.2-2