libjpeg-turbo: Fix CVE-2020-13790

libjpeg-turbo 2.0.4 has a heap-based buffer over-read in get_rgb_row() in rdppm.c via a malformed PPM input file. Upstream-Status: Backport [https://github.com/libjpeg-turbo/libjpeg-turbo/commit/3de15e0c344d11d4b90f4a47136467053eb2d09a] CVE:CVE-2020-13790 (From OE-Core rev: 90f4e2f299d8cd6c839b73307dc7b0ec3d389294) Signed-off-by: Liu Haitao <haitao.liu@windriver.com> Signed-off-by: Anuj Mittal <anuj.mittal@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
author: jason.lau <Haitao.Liu@windriver.com> 2020-06-18 16:31:36 +0800
committer: Richard Purdie <richard.purdie@linuxfoundation.org> 2020-07-08 10:47:50 +0100
commit: 09d29eb36a335cadb1249f6849e090d22bbf5a2e (patch)
tree: 5689a6eb1a67da081206dff08d20b83f118e0de0 /meta/recipes-graphics/jpeg/libjpeg-turbo_2.0.3.bb
parent: e1d89748ec66ede80b08576b3f350ac5f84faaff (diff)
download: poky-09d29eb36a335cadb1249f6849e090d22bbf5a2e.tar.gz
1 files changed, 1 insertions, 0 deletions
diff --git a/meta/recipes-graphics/jpeg/libjpeg-turbo_2.0.3.bb b/meta/recipes-graphics/jpeg/libjpeg-turbo_2.0.3.bb
index 1cf854de62..8ea81f386f 100644
--- a/meta/recipes-graphics/jpeg/libjpeg-turbo_2.0.3.bb
+++ b/meta/recipes-graphics/jpeg/libjpeg-turbo_2.0.3.bb
@@ -12,6 +12,7 @@ DEPENDS_append_x86_class-target    = " nasm-native"
 SRC_URI = "${SOURCEFORGE_MIRROR}/${BPN}/${BPN}-${PV}.tar.gz \
           file://0001-libjpeg-turbo-fix-package_qa-error.patch \
+           file://0001-rdppm.c-Fix-buf-overrun-caused-by-bad-binary-PPM.patch \
           "
 SRC_URI[md5sum] = "bd07fddf26f9def7bab02739eb655116"
author	jason.lau <Haitao.Liu@windriver.com>	2020-06-18 16:31:36 +0800
committer	Richard Purdie <richard.purdie@linuxfoundation.org>	2020-07-08 10:47:50 +0100
commit	09d29eb36a335cadb1249f6849e090d22bbf5a2e (patch)
tree	5689a6eb1a67da081206dff08d20b83f118e0de0 /meta/recipes-graphics/jpeg/libjpeg-turbo_2.0.3.bb
parent	e1d89748ec66ede80b08576b3f350ac5f84faaff (diff)
download	poky-09d29eb36a335cadb1249f6849e090d22bbf5a2e.tar.gz

diff --git a/meta/recipes-graphics/jpeg/libjpeg-turbo_2.0.3.bb b/meta/recipes-graphics/jpeg/libjpeg-turbo_2.0.3.bb index 1cf854de62..8ea81f386f 100644 --- a/meta/recipes-graphics/jpeg/libjpeg-turbo_2.0.3.bb +++ b/meta/recipes-graphics/jpeg/libjpeg-turbo_2.0.3.bb
@@ -12,6 +12,7 @@ DEPENDS_append_x86_class-target = " nasm-native"
12		12
13	SRC_URI = "${SOURCEFORGE_MIRROR}/${BPN}/${BPN}-${PV}.tar.gz \	13	SRC_URI = "${SOURCEFORGE_MIRROR}/${BPN}/${BPN}-${PV}.tar.gz \
14	file://0001-libjpeg-turbo-fix-package_qa-error.patch \	14	file://0001-libjpeg-turbo-fix-package_qa-error.patch \
		15	file://0001-rdppm.c-Fix-buf-overrun-caused-by-bad-binary-PPM.patch \
15	"	16	"
16		17
17	SRC_URI[md5sum] = "bd07fddf26f9def7bab02739eb655116"	18	SRC_URI[md5sum] = "bd07fddf26f9def7bab02739eb655116"