Fix CVE-2021-37972 (#2007307)
This commit is contained in:
parent
f68197f2d1
commit
29438f1b13
|
@ -0,0 +1,41 @@
|
|||
From 4004cfb5822d2c986b5a2c7c14122a1b429be649 Mon Sep 17 00:00:00 2001
|
||||
From: DRC <information@libjpeg-turbo.org>
|
||||
Date: Fri, 6 Aug 2021 13:41:15 -0500
|
||||
Subject: [PATCH] SSE2/64-bit: Fix trans. segfault w/ malformed JPEG
|
||||
|
||||
Attempting to losslessly transform certain malformed JPEG images can
|
||||
cause the nbits table index in the Huffman encoder to exceed 32768, so
|
||||
we need to pad the SSE2 implementation of that table to 65536 entries as
|
||||
we do with the C implementation.
|
||||
|
||||
Regression introduced by 087c29e07f7533ec82fd7eb1dafc84c29e7870ec
|
||||
|
||||
Fixes #543
|
||||
---
|
||||
simd/x86_64/jchuff-sse2.asm | 3 ++-
|
||||
1 file changed, 2 insertions(+), 1 deletion(-)
|
||||
|
||||
diff --git a/simd/x86_64/jchuff-sse2.asm b/simd/x86_64/jchuff-sse2.asm
|
||||
index 1770a84..7e5ca30 100644
|
||||
--- a/simd/x86_64/jchuff-sse2.asm
|
||||
+++ b/simd/x86_64/jchuff-sse2.asm
|
||||
@@ -1,7 +1,7 @@
|
||||
;
|
||||
; jchuff-sse2.asm - Huffman entropy encoding (64-bit SSE2)
|
||||
;
|
||||
-; Copyright (C) 2009-2011, 2014-2016, 2019, D. R. Commander.
|
||||
+; Copyright (C) 2009-2011, 2014-2016, 2019, 2021, D. R. Commander.
|
||||
; Copyright (C) 2015, Matthieu Darbois.
|
||||
; Copyright (C) 2018, Matthias Räncker.
|
||||
;
|
||||
@@ -83,6 +83,7 @@ times 1 << 11 db 12
|
||||
times 1 << 12 db 13
|
||||
times 1 << 13 db 14
|
||||
times 1 << 14 db 15
|
||||
+times 1 << 15 db 16
|
||||
|
||||
alignz 32
|
||||
|
||||
--
|
||||
2.32.0
|
||||
|
|
@ -1,6 +1,6 @@
|
|||
Name: libjpeg-turbo
|
||||
Version: 2.1.0
|
||||
Release: 2%{?dist}
|
||||
Release: 3%{?dist}
|
||||
Summary: A MMX/SSE2/SIMD accelerated library for manipulating JPEG image files
|
||||
License: IJG
|
||||
URL: http://sourceforge.net/projects/libjpeg-turbo
|
||||
|
@ -8,6 +8,7 @@ URL: http://sourceforge.net/projects/libjpeg-turbo
|
|||
Source0: http://downloads.sourceforge.net/%{name}/%{name}-%{version}.tar.gz
|
||||
Patch0: libjpeg-turbo-cmake.patch
|
||||
Patch1: libjpeg-turbo-CET.patch
|
||||
Patch2: libjpeg-turbo-CVE-2021-37972.patch
|
||||
|
||||
BuildRequires: gcc
|
||||
BuildRequires: cmake
|
||||
|
@ -179,6 +180,9 @@ export LD_LIBRARY_PATH=%{buildroot}%{_libdir}
|
|||
%{_libdir}/pkgconfig/libturbojpeg.pc
|
||||
|
||||
%changelog
|
||||
* Sat Sep 25 2021 Nikola Forró <nforro@redhat.com> - 2.1.0-3
|
||||
- Fix CVE-2021-37972 (#2007307)
|
||||
|
||||
* Thu Jul 22 2021 Fedora Release Engineering <releng@fedoraproject.org> - 2.1.0-2
|
||||
- Rebuilt for https://fedoraproject.org/wiki/Fedora_35_Mass_Rebuild
|
||||
|
||||
|
|
Loading…
Reference in New Issue