Accepting request 429280 from graphics

- Update to version 1.5.1 + Fix for PowerPC platforms lacking AltiVec instructions + Fix ABI problem with clang/llvm on aarch64. + Fancy upsampling is now supported when decompressing JPEG images that use 4:4:0 (h1v2) chroma subsampling. + If merged upsampling isn't SIMD-accelerated but YCbCr-to-RGB conversion is, then libjpeg-turbo will now disable merged upsampling when decompressing YCbCr JPEG images into RGB or extended RGB output images. This significantly speeds up the decompression of 4:2:0 and 4:2:2 JPEGs on ARM platforms if fancy upsampling is not used (for example, if the -nosmooth option to djpeg is specified.) + The TurboJPEG API will now decompress 4:2:2 and 4:4:0 JPEG images with 2x2 luminance sampling factors and 2x1 or 1x2 chrominance sampling factors. + Fixed an unsigned integer overflow in the libjpeg memory manager. + Fixed additional negative left shifts and other issues reported by the GCC and Clang undefined behavior sanitizers when attempting to decompress specially-crafted malformed JPEG images. None of these issues posed a security threat, but removing the warnings makes it easier to detect actual security issues, should they arise in the future. + Fixed an out-of-bounds array reference, introduced by 1.4.902 and detected by the Clang undefined behavior sanitizer, that could be triggered by a specially-crafted malformed JPEG image with more than four components. Because the out-of-bounds reference was still within the same structure, it was not known to pose a security threat, but removing the warning makes it easier to detect actual security issues, should they arise in the future. OBS-URL: https://build.opensuse.org/request/show/429280 OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/libjpeg-turbo?expand=0&rev=33
2016-09-25 12:28:07 +00:00 · 2016-09-25 12:28:07 +00:00 · 23051f448b
commit 23051f448b
parent 6475f7f6bf 6b08fa38b1
6 changed files with 73 additions and 5 deletions
--- a/libjpeg-turbo-1.5.0.tar.gz
+++ b/libjpeg-turbo-1.5.0.tar.gz
@ -1,3 +0,0 @@
-version https://git-lfs.github.com/spec/v1
-oid sha256:9f397c31a67d2b00ee37597da25898b03eb282ccd87b135a50a69993b6a2035f
-size 1654276
--- a/libjpeg-turbo-1.5.1.tar.gz
+++ b/libjpeg-turbo-1.5.1.tar.gz
@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:41429d3d253017433f66e3d472b8c7d998491d2f41caa7306b8d9a6f2a2c666c
+size 1650647
--- a/libjpeg-turbo.changes
+++ b/libjpeg-turbo.changes
@ -1,3 +1,37 @@
+-------------------------------------------------------------------
+Wed Sep 21 10:50:36 UTC 2016 - idonmez@suse.com
+
+- Update to version 1.5.1
+  + Fix for PowerPC platforms lacking AltiVec instructions
+  + Fix ABI problem with clang/llvm on aarch64.
+  + Fancy upsampling is now supported when decompressing JPEG
+    images that use 4:4:0 (h1v2) chroma subsampling.
+  + If merged upsampling isn't SIMD-accelerated but YCbCr-to-RGB
+    conversion is, then libjpeg-turbo will now disable merged
+    upsampling when decompressing YCbCr JPEG images into RGB
+    or extended RGB output images. This significantly speeds up
+    the decompression of 4:2:0 and 4:2:2 JPEGs on ARM platforms
+    if fancy upsampling is not used 
+    (for example, if the -nosmooth option to djpeg is specified.)
+  + The TurboJPEG API will now decompress 4:2:2 and 4:4:0 JPEG
+    images with 2x2 luminance sampling factors and 2x1 or 1x2
+    chrominance sampling factors.
+  + Fixed an unsigned integer overflow in the libjpeg memory manager.
+  + Fixed additional negative left shifts and other issues reported
+    by the GCC and Clang undefined behavior sanitizers when
+    attempting to decompress specially-crafted malformed JPEG
+    images. None of these issues posed a security threat, but
+    removing the warnings makes it easier to detect actual
+    security issues, should they arise in the future.
+  + Fixed an out-of-bounds array reference, introduced by
+    1.4.902 and detected by the Clang undefined behavior sanitizer,
+    that could be triggered by a specially-crafted malformed
+    JPEG image with more than four components. Because the
+    out-of-bounds reference was still within the same structure,
+    it was not known to pose a security threat, but removing
+    the warning makes it easier to detect actual security issues,
+    should they arise in the future.
+
 -------------------------------------------------------------------
 Wed Jun  8 07:53:26 UTC 2016 - idonmez@suse.com

--- a/libjpeg-turbo.spec
+++ b/libjpeg-turbo.spec
@ -16,7 +16,7 @@
 #


-%define srcver   1.5.0
+%define srcver   1.5.1
 %define major    8
 %define minor    1
 %define micro    2
--- a/libjpeg62-turbo.changes
+++ b/libjpeg62-turbo.changes
@ -1,3 +1,37 @@
+-------------------------------------------------------------------
+Wed Sep 21 10:50:36 UTC 2016 - idonmez@suse.com
+
+- Update to version 1.5.1
+  + Fix for PowerPC platforms lacking AltiVec instructions
+  + Fix ABI problem with clang/llvm on aarch64.
+  + Fancy upsampling is now supported when decompressing JPEG
+    images that use 4:4:0 (h1v2) chroma subsampling.
+  + If merged upsampling isn't SIMD-accelerated but YCbCr-to-RGB
+    conversion is, then libjpeg-turbo will now disable merged
+    upsampling when decompressing YCbCr JPEG images into RGB
+    or extended RGB output images. This significantly speeds up
+    the decompression of 4:2:0 and 4:2:2 JPEGs on ARM platforms
+    if fancy upsampling is not used 
+    (for example, if the -nosmooth option to djpeg is specified.)
+  + The TurboJPEG API will now decompress 4:2:2 and 4:4:0 JPEG
+    images with 2x2 luminance sampling factors and 2x1 or 1x2
+    chrominance sampling factors.
+  + Fixed an unsigned integer overflow in the libjpeg memory manager.
+  + Fixed additional negative left shifts and other issues reported
+    by the GCC and Clang undefined behavior sanitizers when
+    attempting to decompress specially-crafted malformed JPEG
+    images. None of these issues posed a security threat, but
+    removing the warnings makes it easier to detect actual
+    security issues, should they arise in the future.
+  + Fixed an out-of-bounds array reference, introduced by
+    1.4.902 and detected by the Clang undefined behavior sanitizer,
+    that could be triggered by a specially-crafted malformed
+    JPEG image with more than four components. Because the
+    out-of-bounds reference was still within the same structure,
+    it was not known to pose a security threat, but removing
+    the warning makes it easier to detect actual security issues,
+    should they arise in the future.
+
 -------------------------------------------------------------------
 Wed Jun  8 07:53:26 UTC 2016 - idonmez@suse.com

--- a/libjpeg62-turbo.spec
+++ b/libjpeg62-turbo.spec
@ -19,7 +19,7 @@
 %define major   62
 %define minor   2
 %define micro   0
-%define srcver  1.5.0
+%define srcver  1.5.1
 %define libver  %{major}.%{minor}.%{micro}

 Name:           libjpeg62-turbo