From 17d9d2771e476176da5b19030b31ad74a7915468d95bb64999a07649b22b8dbb Mon Sep 17 00:00:00 2001
From: Petr Gajdos <pgajdos@suse.com>
Date: Mon, 12 Feb 2024 08:45:14 +0000
Subject: [PATCH] Accepting request 1144368 from
 home:mnhauke:branches:openSUSE:Factory

- Update to version 3.0.2
  * Fixed a signed integer overflow in the tj3CompressFromYUV8(),
    tj3DecodeYUV8(), tj3DecompressToYUV8(), and tj3EncodeYUV8()
    functions, detected by the Clang and GCC undefined behavior
    sanitizers, that could be triggered by setting the align
    parameter to an unreasonably large value. This issue did not
    pose a security threat, but removing the warning made it
    easier to detect actual security issues, should they arise in
    the future.
  * Introduced a new parameter (TJPARAM_MAXMEMORY in the
    TurboJPEG C API and TJ.PARAM_MAXMEMORY in the TurboJPEG Java
    API) and a corresponding TJBench option (-maxmemory) for
    specifying the maximum amount of memory (in megabytes) that
    will be allocated for intermediate buffers, which are used
    with progressive JPEG compression and decompression, optimized
    baseline entropy coding, lossless JPEG compression, and
    lossless transformation. The new parameter and option serve
    the same purpose as the max_memory_to_use field in the
    jpeg_memory_mgr struct in the libjpeg API, the JPEGMEM
    environment variable, and the cjpeg/djpeg/jpegtran -maxmemory
    option.
  * Introduced a new parameter (TJPARAM_MAXPIXELS in the TurboJPEG
    C API and TJ.PARAM_MAXPIXELS in the TurboJPEG Java API) and a
    corresponding TJBench option (-maxpixels) for specifying the
    maximum number of pixels that the decompression, lossless
    transformation, and packed-pixel image loading
    functions/methods will process.
  * Fixed an error ("Unsupported color conversion request") that
    occurred when attempting to decompress a 3-component lossless
    JPEG image without an Adobe APP14 marker. The decompressor

OBS-URL: https://build.opensuse.org/request/show/1144368
OBS-URL: https://build.opensuse.org/package/show/graphics/libjpeg-turbo?expand=0&rev=153
---
 libjpeg-turbo-3.0.1.tar.gz     |   3 ---
 libjpeg-turbo-3.0.1.tar.gz.sig | Bin 543 -> 0 bytes
 libjpeg-turbo-3.0.2.tar.gz     |   3 +++
 libjpeg-turbo-3.0.2.tar.gz.sig | Bin 0 -> 543 bytes
 libjpeg-turbo.changes          |  37 +++++++++++++++++++++++++++++++++
 libjpeg-turbo.spec             |   4 ++--
 6 files changed, 42 insertions(+), 5 deletions(-)
 delete mode 100644 libjpeg-turbo-3.0.1.tar.gz
 delete mode 100644 libjpeg-turbo-3.0.1.tar.gz.sig
 create mode 100644 libjpeg-turbo-3.0.2.tar.gz
 create mode 100644 libjpeg-turbo-3.0.2.tar.gz.sig

diff --git a/libjpeg-turbo-3.0.1.tar.gz b/libjpeg-turbo-3.0.1.tar.gz
deleted file mode 100644
index 169e873..0000000
--- a/libjpeg-turbo-3.0.1.tar.gz
+++ /dev/null
@@ -1,3 +0,0 @@
-version https://git-lfs.github.com/spec/v1
-oid sha256:22429507714ae147b3acacd299e82099fce5d9f456882fc28e252e4579ba2a75
-size 2800900
diff --git a/libjpeg-turbo-3.0.1.tar.gz.sig b/libjpeg-turbo-3.0.1.tar.gz.sig
deleted file mode 100644
index 2fa127ce4cf3d9bda8f2e1119ba9e352a6bd299b928315f1361d00e5206b56fa..0000000000000000000000000000000000000000000000000000000000000000
GIT binary patch
literal 0
HcmV?d00001

literal 543
zcmV+)0^t3L0vrSY0RjL91p;L)bs_)?2@rn5+qU%E^fbUF5B(JL4r<j<ASXo?sjdm|
z+EwQYBV2NP{>2+wLFQ_U@$kJ)?RokC0+Cbbsq?!2#{T>Lrsob#mhBAF>vuY?2tzf5
z-k+{WeT8|VZO-fK1|qNAUhbmR4;t|AvmQ?gltABqq27XFBfi1-BQ<9{7KWU{DKcZp
z(;R$3LDZwjbbKUm??a{kLUXHZgUYlA+sv5-=R;%GFyQo!ruO<$YvpY}yKrafx=ng=
z7_Ulrr+^SOw3HRQUSo0pHgB7m8M}-|O_!H|n~jEZ-%}tzUG+NRg@Q}dq-u}6w5SGV
zR5iszP$<_=ZsRc8kWI>jx$9UtAiVO#hm~j(xXM6m0b!RQo_-g|ETw6S41)9oyYRSH
zFhQg^hnj?f<=oh~*!AhI7E~Z_8*MD)z>{<C$6h%HfQiVMsr<>za(kU1tW1n;sdQ^U
zKG!5k582k+Z``gn<b(C);fd780jH<|&O&R2y}e-6Ij;5(HZC$26du_f+Kk^;R>P52
zH?8sha7rL3jii}BI5wd*UDi#Qp}E*twbTvEgaAA7LbSs`2`)<fK5)o!`=2Jct6P8T
zBI;4)iY1X%xYbjdCI#~aSa6X!fFeHg-~}QIx|yE+sBUlBM6{hjR}Af*kXg>XNkPJ7
hVse|eA!b-Sxv;<1mPB5!!OezNff45l!#9F#t$Ha`5pn<k

diff --git a/libjpeg-turbo-3.0.2.tar.gz b/libjpeg-turbo-3.0.2.tar.gz
new file mode 100644
index 0000000..ae14280
--- /dev/null
+++ b/libjpeg-turbo-3.0.2.tar.gz
@@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:c2ce515a78d91b09023773ef2770d6b0df77d674e144de80d63e0389b3a15ca6
+size 2831164
diff --git a/libjpeg-turbo-3.0.2.tar.gz.sig b/libjpeg-turbo-3.0.2.tar.gz.sig
new file mode 100644
index 0000000000000000000000000000000000000000000000000000000000000000..9885788fc9df9fda344f5100b04f73ee78e417bdc17544c832f707d30471950e
GIT binary patch
literal 543
zcmV+)0^t3L0vrSY0RjL91p;NUNZkMm2@rn5+qU%E^fY*_5CFsP{k>_;r#04dq7Ww_
zCpKD&^N@E<dN_{2-^H|sN&f?F`%m+Ka#KIRCcZ<b_B5gNoUM`(JF06=5D*lF?7cBK
zs7&>GE^OpgN&>ycG4Rw$>74;Ak(^rW+l?h2PbgBvSM#r4VP|+>g?0#n0fehQ-XKA5
z3VR@#cnRKXXLOKPU-$VB;yS9eiLS0|W#Pfio-1$}J?3COgTRHaCphp*;8Cs=%dYr;
zP{5HYAoy18u`EB2^VaZ4?=AYW&gs<E=`NoqJyOH+TwiRosVb2C=Q^;;?f+78KtkbG
z`;g(J%pH%%@R=KX#Zm?EI4H&9D6G)P4qnlB8oCJnN3{SViGB?5_~Qq%-Tg-MOVh*)
zFva2%CX|!OiwfSCN-O8vt@O)Ga9|nE*R5Ks_}|;KTu5=fg-Jo98-0(2XokLB2AVRK
zWmV+m8>&)h%YD-?Nz6}Spb<&kiX>Y)yV^yJ?GJ;C+x~0^Oo!~<A=)74W@+4J!jdHQ
z(Fiw^_)(ad`iy1TAJbVVz=jzt=Q;7weZr_#ibJKLG!QN9NjZ%DJy`oz32gr(^%+pI
zWaxoB4ZSD$4<^8>6PH>STK)K4@BSz`7go$yqH-h-iiWLsbfZ$O*<#vghC-eqmMzIr
h`P}L%{!>Az_ws^cvCg_>gCG4JR(b%r#*8kTomhMB63PGo

literal 0
HcmV?d00001

diff --git a/libjpeg-turbo.changes b/libjpeg-turbo.changes
index 407b82d..254267d 100644
--- a/libjpeg-turbo.changes
+++ b/libjpeg-turbo.changes
@@ -1,3 +1,40 @@
+-------------------------------------------------------------------
+Mon Feb  5 19:40:36 UTC 2024 - Martin Hauke <mardnh@gmx.de>
+
+- Update to version 3.0.2
+  * Fixed a signed integer overflow in the tj3CompressFromYUV8(),
+    tj3DecodeYUV8(), tj3DecompressToYUV8(), and tj3EncodeYUV8()
+    functions, detected by the Clang and GCC undefined behavior
+    sanitizers, that could be triggered by setting the align
+    parameter to an unreasonably large value. This issue did not
+    pose a security threat, but removing the warning made it
+    easier to detect actual security issues, should they arise in
+    the future.
+  * Introduced a new parameter (TJPARAM_MAXMEMORY in the
+    TurboJPEG C API and TJ.PARAM_MAXMEMORY in the TurboJPEG Java
+    API) and a corresponding TJBench option (-maxmemory) for
+    specifying the maximum amount of memory (in megabytes) that
+    will be allocated for intermediate buffers, which are used
+    with progressive JPEG compression and decompression, optimized
+    baseline entropy coding, lossless JPEG compression, and
+    lossless transformation. The new parameter and option serve
+    the same purpose as the max_memory_to_use field in the
+    jpeg_memory_mgr struct in the libjpeg API, the JPEGMEM
+    environment variable, and the cjpeg/djpeg/jpegtran -maxmemory
+    option.
+  * Introduced a new parameter (TJPARAM_MAXPIXELS in the TurboJPEG
+    C API and TJ.PARAM_MAXPIXELS in the TurboJPEG Java API) and a
+    corresponding TJBench option (-maxpixels) for specifying the
+    maximum number of pixels that the decompression, lossless
+    transformation, and packed-pixel image loading
+    functions/methods will process.
+  * Fixed an error ("Unsupported color conversion request") that
+    occurred when attempting to decompress a 3-component lossless
+    JPEG image without an Adobe APP14 marker. The decompressor
+    now assumes that a 3-component lossless JPEG image without an
+    Adobe APP14 marker uses the RGB colorspace if its component
+    IDs are 1, 2, and 3.
+
 -------------------------------------------------------------------
 Mon Jan 15 15:56:37 UTC 2024 - Andreas Schwab <schwab@suse.de>
 
diff --git a/libjpeg-turbo.spec b/libjpeg-turbo.spec
index 617cea8..ffe0d92 100644
--- a/libjpeg-turbo.spec
+++ b/libjpeg-turbo.spec
@@ -1,5 +1,5 @@
 #
-# spec file
+# spec file for package libjpeg-turbo
 #
 # Copyright (c) 2024 SUSE LLC
 #
@@ -23,7 +23,7 @@
 
 %define asan_build 0
 %define debug_build 0
-%define srcver 3.0.1
+%define srcver 3.0.2
 %if "%{flavor}" == "libjpeg-turbo"
 %define major    8
 %define minor    3