[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Bug#771046: marked as done (unblock: libjpeg-turbo/1:1.3.1-11)

Your message dated Wed, 26 Nov 2014 13:40:16 +0000
with message-id <ed3dc45ff9aaa9771064c617e3951131@mail.adsl.funky-badger.org>
and subject line Re: Bug#771046: unblock: libjpeg-turbo/1:1.3.1-11
has caused the Debian Bug report #771046,
regarding unblock: libjpeg-turbo/1:1.3.1-11
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact owner@bugs.debian.org
immediately.)


-- 
771046: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=771046
Debian Bug Tracking System
Contact owner@bugs.debian.org with problems
--- Begin Message --- 
Package: release.debian.org
Severity: normal
User: release.debian.org@packages.debian.org
Usertags: unblock

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Please unblock package libjpeg-turbo

Hi,

a rare case when a Huffman local buffer can be overrun was found in
libjpeg-turbo.  The package pulls an upstream fix for that.

 changelog                   |    7 ++++++
 control                     |    8 +------
 patches/CVE-2014-9092.patch |   49 ++++++++++++++++++++++++++++++++++++++++++++
 patches/series              |    1 
 4 files changed, 59 insertions(+), 6 deletions(-)

The diff is a bigger than it could be since it also includes comments
and relevant upstream changelog entries, but the only code change is
just this:

- -#define BUFSIZE (DCTSIZE2 * 2)
+#define BUFSIZE (DCTSIZE2 * 4)

Cheers,
Ondrej

unblock libjpeg-turbo/1:1.3.1-11

- -- System Information:
Debian Release: jessie/sid
  APT prefers testing
  APT policy: (990, 'testing'), (700, 'unstable')
Architecture: amd64 (x86_64)

Kernel: Linux 3.2.0-4-amd64 (SMP w/4 CPU cores)
Locale: LANG=en_DK.UTF-8, LC_CTYPE=en_DK.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQJ8BAEBCgBmBQJUdacZXxSAAAAAAC4AKGlzc3Vlci1mcHJAbm90YXRpb25zLm9w
ZW5wZ3AuZmlmdGhob3JzZW1hbi5uZXQzMEI5MzNEODBGQ0UzRDk4MUEyRDM4RkIw
Qzk5QjcwRUY0RkNCQjA3AAoJEAyZtw70/LsHPGgP/AzxPjUX82Y9KEHQYrbebhIc
agC0V+nM+1mDZ5Y3l8TdrWCFDBbMxsJ8HiEj0vp0Ngrxlv1/LMV5ikth3bmoL0sJ
LoWeeaH7WW+OscQc2BJLWXvKq/3YUkGitryfQPxkiYdpQ1SpP5nckMPiY16CZ575
PnNiijXIVt31sotScCFVS4sufHEjVIM+II463CXsRDJt+kxm7vMUTJXHMEL+jIRU
lIrzWaXnrKWEx1aNkfVa+yNn4/afcirpXdveJQkrCvYu38DLeBS4o/2EcWAZ9Up8
+nu8RzMpYlML5ekFfe9q4ydHBqaBbyo9ez+946bVmdwZoQ3uxLyBDe5Yqn5nkwat
JdvSFQgAqU+kf5qyQTb8tt3we9Ym6+Lxt7i7jAnlttsiNznt+9WEqpm6diAZKqFw
H4zQUwn0v4mw2OJbSEdcfiLHK6qPHJZDJq7UBGcsYTJIsdonGVrWHfiJfaWrH7Rt
CXgY316ZCztxtWYq24EEpgYRLHNxkzke8affy2AlQjS4Q1z+W2H/dqoS41Yg65F1
MSW2X50V/3vDw1n0vtA4dhjmTFl89eplbAVddpD6wnb1DRVbYEfKc70RfAwmMyFV
CQ6jkm0/lOl0CeQxVEeLoexYmiimESZ9U25PPHFUHtsUSu03OB080asIbhUnMfqQ
+ADxHsb6Iwq02F/fpWLF
=JWWy
-----END PGP SIGNATURE-----

diff -Nru libjpeg-turbo-1.3.1/debian/changelog libjpeg-turbo-1.3.1/debian/changelog
--- libjpeg-turbo-1.3.1/debian/changelog	2014-10-22 15:14:05.000000000 +0200
+++ libjpeg-turbo-1.3.1/debian/changelog	2014-11-26 11:02:13.000000000 +0100
@@ -1,3 +1,10 @@
+libjpeg-turbo (1:1.3.1-11) unstable; urgency=medium
+
+  * Cleanup the list of maintainers and uploaders
+  * [CVE-2014-9092]: Fix a Huffman local buffer overrun
+
+ -- Ondřej Surý <ondrej@debian.org>  Wed, 26 Nov 2014 11:00:17 +0100
+
 libjpeg-turbo (1:1.3.1-10) unstable; urgency=medium
 
   * Drop extra and conflicting Provides (Closes: #766347)
diff -Nru libjpeg-turbo-1.3.1/debian/control libjpeg-turbo-1.3.1/debian/control
--- libjpeg-turbo-1.3.1/debian/control	2014-10-22 15:14:05.000000000 +0200
+++ libjpeg-turbo-1.3.1/debian/control	2014-11-26 11:02:13.000000000 +0100
@@ -1,12 +1,8 @@
 Source: libjpeg-turbo
 Priority: optional
 Section: graphics
-Maintainer: Debian TigerVNC Packaging Team <pkg-tigervnc-devel@lists.alioth.debian.org>
-Uploaders: Fathi Boudra <fabo@debian.org>,
-	   Osamu Aoki <osamu@debian.org>,
-	   Tom Gall <tom.gall@linaro.org>,
-	   Mike Gabriel <sunweaver@debian.org>,
-	   Ondřej Surý <ondrej@debian.org>
+Maintainer: Ondřej Surý <ondrej@debian.org>
+Uploaders: Mike Gabriel <sunweaver@debian.org>
 Build-Depends: debhelper (>= 9),
 	       dh-autoreconf,
 	       nasm [any-amd64 any-i386],
diff -Nru libjpeg-turbo-1.3.1/debian/patches/CVE-2014-9092.patch libjpeg-turbo-1.3.1/debian/patches/CVE-2014-9092.patch
--- libjpeg-turbo-1.3.1/debian/patches/CVE-2014-9092.patch	1970-01-01 01:00:00.000000000 +0100
+++ libjpeg-turbo-1.3.1/debian/patches/CVE-2014-9092.patch	2014-11-26 11:02:13.000000000 +0100
@@ -0,0 +1,49 @@
+--- libjpeg-turbo.orig/ChangeLog.txt
++++ libjpeg-turbo/ChangeLog.txt
+@@ -1,3 +1,26 @@
++1.3.2
++=====
++
++[5] Fixed an extremely rare bug that could cause the Huffman encoder's local
++buffer to overrun when a very high-frequency MCU is compressed using quality
++100 and no subsampling, and when the JPEG output buffer is being dynamically
++resized by the destination manager.  This issue was so rare that, even with a
++test program specifically designed to make the bug occur (by injecting random
++high-frequency YUV data into the compressor), it was reproducible only once in
++about every 25 million iterations.
++
++[9] Referring to [5] above, another extremely rare circumstance was discovered
++under which the Huffman encoder's local buffer can be overrun when a buffered
++destination manager is being used and an extremely-high-frequency block
++(basically junk image data) is being encoded.  Even though the Huffman local
++buffer was increased from 128 bytes to 136 bytes to address the previous
++issue, the new issue caused even the larger buffer to be overrun.  Further
++analysis reveals that, in the absolute worst case (such as setting alternating
++AC coefficients to 32767 and -32768 in the JPEG scanning order), the Huffman
++encoder can produce encoded blocks that approach double the size of the
++unencoded blocks.  Thus, the Huffman local buffer was increased to 256 bytes,
++which should prevent any such issue from re-occurring in the future.
++
+ 1.3.1
+ =====
+ 
+--- libjpeg-turbo.orig/jchuff.c
++++ libjpeg-turbo/jchuff.c
+@@ -391,7 +391,16 @@ dump_buffer (working_state * state)
+ #endif
+ 
+ 
+-#define BUFSIZE (DCTSIZE2 * 2)
++/* Although it is exceedingly rare, it is possible for a Huffman-encoded
++ * coefficient block to be larger than the 128-byte unencoded block.  For each
++ * of the 64 coefficients, PUT_BITS is invoked twice, and each invocation can
++ * theoretically store 16 bits (for a maximum of 2048 bits or 256 bytes per
++ * encoded block.)  If, for instance, one artificially sets the AC
++ * coefficients to alternating values of 32767 and -32768 (using the JPEG
++ * scanning order-- 1, 8, 16, etc.), then this will produce an encoded block
++ * larger than 200 bytes.
++ */
++#define BUFSIZE (DCTSIZE2 * 4)
+ 
+ #define LOAD_BUFFER() { \
+   if (state->free_in_buffer < BUFSIZE) { \
diff -Nru libjpeg-turbo-1.3.1/debian/patches/series libjpeg-turbo-1.3.1/debian/patches/series
--- libjpeg-turbo-1.3.1/debian/patches/series	2014-10-22 15:14:05.000000000 +0200
+++ libjpeg-turbo-1.3.1/debian/patches/series	2014-11-26 11:02:13.000000000 +0100
@@ -1 +1,2 @@
 001_versioned-libjpegturbo.patch
+CVE-2014-9092.patch

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Wed, 26 Nov 2014 11:00:17 +0100
Source: libjpeg-turbo
Binary: libjpeg-dev libjpeg62-turbo-dev libjpeg62-turbo libjpeg62-turbo-dbg libturbojpeg1 libturbojpeg1-dbg libturbojpeg1-dev libjpeg-turbo-progs libjpeg-turbo-progs-dbg
Architecture: source all
Version: 1:1.3.1-11
Distribution: unstable
Urgency: medium
Maintainer: Ondřej Surý <ondrej@debian.org>
Changed-By: Ondřej Surý <ondrej@debian.org>
Description:
 libjpeg-dev - Development files for the JPEG library [dummy package]
 libjpeg-turbo-progs - Programs for manipulating JPEG files
 libjpeg-turbo-progs-dbg - Programs for manipulating JPEG files (debugging symbols)
 libjpeg62-turbo - libjpeg-turbo JPEG runtime library
 libjpeg62-turbo-dbg - Debugging symbols for the libjpeg-turbo JPEG library
 libjpeg62-turbo-dev - Development files for the libjpeg-turbo JPEG library
 libturbojpeg1 - TurboJPEG runtime library - SIMD optimized
 libturbojpeg1-dbg - TurboJPEG runtime library - SIMD optimized (debugging symbols)
 libturbojpeg1-dev - Development files for the TurboJPEG library
Changes:
 libjpeg-turbo (1:1.3.1-11) unstable; urgency=medium
 .
   * Cleanup the list of maintainers and uploaders
   * [CVE-2014-9092]: Fix a Huffman local buffer overrun
Checksums-Sha1:
 011ffbd056a0e14ac562365d99d144ed3748aa8e 2650 libjpeg-turbo_1.3.1-11.dsc
 b917046f02769baaed45898abf592dece88f9bd1 78564 libjpeg-turbo_1.3.1-11.debian.tar.xz
 188fda08e635c02c8342518e2b8b0dc50c2f52ac 49252 libjpeg-dev_1.3.1-11_all.deb
Checksums-Sha256:
 2ecd68541983135312abea57c2bbfc450ab888830073ee2e19a22c548d26111d 2650 libjpeg-turbo_1.3.1-11.dsc
 ec23814a296bbc3a5f2b383f5526c28bfe21ce380c4a93b4205d7088bc021667 78564 libjpeg-turbo_1.3.1-11.debian.tar.xz
 072ba94d3d8c536fff05a03581c184e26bc41c6a8ada917e75e26fca35985bbd 49252 libjpeg-dev_1.3.1-11_all.deb
Files:
 7ece68461462ccca84c59cc84425f034 2650 graphics optional libjpeg-turbo_1.3.1-11.dsc
 3e311d4984d27e0ad126a22300eeeea2 78564 graphics optional libjpeg-turbo_1.3.1-11.debian.tar.xz
 fba750757cea3765da47c2a5ee86f1f3 49252 libdevel optional libjpeg-dev_1.3.1-11_all.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQJ8BAEBCgBmBQJUdaYUXxSAAAAAAC4AKGlzc3Vlci1mcHJAbm90YXRpb25zLm9w
ZW5wZ3AuZmlmdGhob3JzZW1hbi5uZXQzMEI5MzNEODBGQ0UzRDk4MUEyRDM4RkIw
Qzk5QjcwRUY0RkNCQjA3AAoJEAyZtw70/LsHXM0QAICyscKOTKeu/OuwI0RTnknf
AFufLwjfL2LnjgH6+rGN02zedfhWxF40UMVXlCdi2dHOaffNgsumA521O5GMzYyA
QmHwjZKIqbeVWg7UWMo/ZBFjzBd0N1urKmAdE4mT86o6RDE9EOeJa/RDa1AfgD6o
nWFCtgNQvwo29km8T5A0aFIxbs5wSZdBH58ymzzeXnYhsGF8b+erxD/ZVZhcostt
V615Zg1WhsHjAL7IxKL9btLYe59NPnCqMrcA/gRcf/GDIZAoh8BdqunU2Vd7RPoC
Bj7t7jmHM9AR6kcxtWuslcpOHtPUzf0labsRSZ/eZXB9NC8kwESLJ6AOt3Gv0eJB
eIEK1mn+DRbEaVylcnyt1onIVqxe9maNfxggWZ4DyEsyCfftLhVlcdElvAvg1AHQ
MBMsu1lvb/+VjDzY8LSLqKrTUdGM1DS6D4OpJwS6rQqGhAi9JUZ8m5Rq0ZXEos2f
9Ih1r+ki3W0TmSk4dwMShCXMhdi9WkSZFpefJ+Avv4gfYEulSUjvOYRGQ1A+iRUv
cI9oW4Rz4VzDI9qYOD1D8ND+Oh8747g0WmOHqp0hpWx7NHvZxrneYbxCRUMOj+Wo
CDn1TH91NS65RzQ0dnfqh0VuYmoUoQ6yr/1eLSWm7FHGoSJVQY/l7VY3Qnl/PeJ8
rTDPdovfn65/4fldFGas
=EZ7/
-----END PGP SIGNATURE-----

Attachment: libjpeg-turbo_1.3.1-11.debian.tar.xz
Description: application/xz

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 3.0 (quilt)
Source: libjpeg-turbo
Binary: libjpeg-dev, libjpeg62-turbo-dev, libjpeg62-turbo, libjpeg62-turbo-dbg, libturbojpeg1, libturbojpeg1-dbg, libturbojpeg1-dev, libjpeg-turbo-progs, libjpeg-turbo-progs-dbg
Architecture: any all
Version: 1:1.3.1-11
Maintainer: Ondřej Surý <ondrej@debian.org>
Uploaders: Mike Gabriel <sunweaver@debian.org>
Homepage: http://www.libjpeg-turbo.org/
Standards-Version: 3.9.6
Vcs-Browser: http://anonscm.debian.org/gitweb/?p=collab-maint/libjpeg-turbo.git
Vcs-Git: git://anonscm.debian.org/collab-maint/libjpeg-turbo.git
Build-Depends: debhelper (>= 9), dh-autoreconf, nasm [any-amd64 any-i386]
Package-List:
 libjpeg-dev deb libdevel optional arch=all
 libjpeg-turbo-progs deb graphics optional arch=any
 libjpeg-turbo-progs-dbg deb debug extra arch=any
 libjpeg62-turbo deb libs optional arch=any
 libjpeg62-turbo-dbg deb debug extra arch=any
 libjpeg62-turbo-dev deb libdevel optional arch=any
 libturbojpeg1 deb libs optional arch=any
 libturbojpeg1-dbg deb debug extra arch=any
 libturbojpeg1-dev deb libdevel optional arch=any
Checksums-Sha1:
 5fa19252e5ca992cfa40446a0210ceff55fbe468 1390282 libjpeg-turbo_1.3.1.orig.tar.gz
 b917046f02769baaed45898abf592dece88f9bd1 78564 libjpeg-turbo_1.3.1-11.debian.tar.xz
Checksums-Sha256:
 c132907417ddc40ed552fe53d6b91d5fecbb14a356a60ddc7ea50d6be9666fb9 1390282 libjpeg-turbo_1.3.1.orig.tar.gz
 ec23814a296bbc3a5f2b383f5526c28bfe21ce380c4a93b4205d7088bc021667 78564 libjpeg-turbo_1.3.1-11.debian.tar.xz
Files:
 2c3a68129dac443a72815ff5bb374b05 1390282 libjpeg-turbo_1.3.1.orig.tar.gz
 3e311d4984d27e0ad126a22300eeeea2 78564 libjpeg-turbo_1.3.1-11.debian.tar.xz

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQJ8BAEBCgBmBQJUdaYPXxSAAAAAAC4AKGlzc3Vlci1mcHJAbm90YXRpb25zLm9w
ZW5wZ3AuZmlmdGhob3JzZW1hbi5uZXQzMEI5MzNEODBGQ0UzRDk4MUEyRDM4RkIw
Qzk5QjcwRUY0RkNCQjA3AAoJEAyZtw70/LsHpG4QANMdxr7tpNZQUnNG3zsPdWPw
v7e+uonXgB56aisoEVAi0n7d3QeBQrkbuEwF5V35nK/H3HyS7AUtMQNQi8PkA15K
t1SMcnLvBXLG3D2MTJMRwaPza8ZkDsVdlMxrl2mT0Uqo7u9MeJTwEJtRxYkDxvX2
VUIqAl8m+dA/ScRFhxw47casb7rnUvdtLsHuVmZMRNmxJ6zlqcSLUB+zqYtOni3y
cOE70FsgrMSW3LaoaYs69n3qt17J6dvwD2vYDor1fxVMsNmyRcxxjaHe3b3xQnkI
Q4Vr7fG5YncnI8X6h+eAnr2IUFQNfbOzm2O0Sw0wv7ukmGQSmrTB+txaq/2RuzD0
p+US2BdsP4x/dWIVg90Ymzvf1wvNFC4xpHqm2w6QyRt4KKC4OAEgK9sXMDLowOLo
qQ+De6FKfNjEMruuRbrivAIDMrPW1g/nemylMkum/A81TzPmvvnC2VYQalsA7sIX
QjlADWPYwwxgz79IVRkcf7vHHpdZZSW9oYWQDizcKIW2TSloGAklT7YkkqPX8Qge
IzlQZsYcCxTg3EWLjfi5p1I97pGisQH21pm+V+qFFNuoh58eSMzg5yBUiNBSkauE
tLvfd5MYZ6NY6if/jSVEH47YjIFwSUVXSzIS3ka02wbETMFFh1c6DuCoPrEG3B5B
pS57LrX8QBFhi9bMh0zK
=+EqA
-----END PGP SIGNATURE-----

--- End Message ---
--- Begin Message --- 
On 2014-11-26 10:10, Ondřej Surý wrote:

a rare case when a Huffman local buffer can be overrun was found in
libjpeg-turbo.  The package pulls an upstream fix for that.

 changelog                   |    7 ++++++
 control                     |    8 +------
patches/CVE-2014-9092.patch | 49 ++++++++++++++++++++++++++++++++++++++++++++ 
 patches/series              |    1
 4 files changed, 59 insertions(+), 6 deletions(-)


Unblocked, thanks.

Regards,

Adam

--- End Message ---
Reply to: