- updated to version 2.0.2:
1. Fixed a regression introduced by 2.0.1[5] that prevented a runtime search path (rpath) from being embedded in the libjpeg-turbo shared libraries and executables for macOS and iOS. This caused a fatal error of the form "dyld: Library not loaded" when attempting to use one of the executables, unless `DYLD_LIBRARY_PATH` was explicitly set to the location of the libjpeg-turbo shared libraries. 2. Fixed an integer overflow and subsequent segfault (CVE-2018-20330) that occurred when attempting to load a BMP file with more than 1 billion pixels using the `tjLoadImage()` function. 3. Fixed a buffer overrun (CVE-2018-19664) that occurred when attempting to decompress a specially-crafted malformed JPEG image to a 256-color BMP using djpeg. 4. Fixed a floating point exception that occurred when attempting to decompress a specially-crafted malformed JPEG image with a specified image width or height of 0 using the C version of TJBench. 5. The TurboJPEG API will now decompress 4:4:4 JPEG images with 2x1, 1x2, 3x1, or 1x3 luminance and chrominance sampling factors. This is a non-standard way of specifying 1x subsampling (normally 4:4:4 JPEGs have 1x1 luminance and chrominance sampling factors), but the JPEG format and the libjpeg API both allow it. 6. Fixed a regression introduced by 2.0 beta1[7] that caused djpeg to generate incorrect PPM images when used with the `-colors` option. 7. Fixed an issue whereby a static build of libjpeg-turbo (a build in which `ENABLE_SHARED` is `0`) could not be installed using the Visual Studio IDE. 8. Fixed a severe performance issue in the Loongson MMI SIMD extensions that occurred when compressing RGB images whose image rows were not 64-bit-aligned. - modified patches % ctest-depends.patch (refreshed) - deleted patches OBS-URL: https://build.opensuse.org/package/show/graphics/libjpeg-turbo?expand=0&rev=94
This commit is contained in:
parent
c4626aa891
commit
b61c1b9bd4
@ -1,13 +1,9 @@
|
||||
Index: libjpeg-turbo-2.0.0/CMakeLists.txt
|
||||
Index: libjpeg-turbo-2.0.2/CMakeLists.txt
|
||||
===================================================================
|
||||
--- libjpeg-turbo-2.0.0.orig/CMakeLists.txt
|
||||
+++ libjpeg-turbo-2.0.0/CMakeLists.txt
|
||||
@@ -997,9 +997,12 @@ foreach(libtype ${TEST_LIBTYPES})
|
||||
|
||||
add_test(djpeg-${libtype}-rgb-islow-icc-cmp
|
||||
${MD5CMP} b06a39d730129122e85c1363ed1bbc9e testout_rgb_islow.icc)
|
||||
+ set_tests_properties(djpeg-${libtype}-rgb-islow-icc-cmp PROPERTIES
|
||||
+ DEPENDS djpeg-${libtype}-rgb-islow)
|
||||
--- libjpeg-turbo-2.0.2.orig/CMakeLists.txt 2019-03-13 12:44:05.376162889 +0100
|
||||
+++ libjpeg-turbo-2.0.2/CMakeLists.txt 2019-03-13 12:45:59.156696193 +0100
|
||||
@@ -1003,7 +1003,8 @@ foreach(libtype ${TEST_LIBTYPES})
|
||||
DEPENDS djpeg-${libtype}-rgb-islow)
|
||||
|
||||
add_bittest(jpegtran icc "-copy;all;-icc;${TESTIMAGES}/test2.icc"
|
||||
- testout_rgb_islow2.jpg testout_rgb_islow.jpg ${MD5_JPEG_RGB_ISLOW2})
|
||||
|
@ -1,3 +0,0 @@
|
||||
version https://git-lfs.github.com/spec/v1
|
||||
oid sha256:e5f86cec31df1d39596e0cca619ab1b01f99025a27dafdfc97a30f3a12f866ff
|
||||
size 2159130
|
3
libjpeg-turbo-2.0.2.tar.gz
Normal file
3
libjpeg-turbo-2.0.2.tar.gz
Normal file
@ -0,0 +1,3 @@
|
||||
version https://git-lfs.github.com/spec/v1
|
||||
oid sha256:acb8599fe5399af114287ee5907aea4456f8f2c1cc96d26c28aebfdf5ee82fed
|
||||
size 2159562
|
BIN
libjpeg-turbo-2.0.2.tar.gz.sig
Normal file
BIN
libjpeg-turbo-2.0.2.tar.gz.sig
Normal file
Binary file not shown.
@ -1,17 +0,0 @@
|
||||
diff --git a/wrbmp.c b/wrbmp.c
|
||||
index 4bf81426b..239f64eb3 100644
|
||||
--- a/wrbmp.c
|
||||
+++ b/wrbmp.c
|
||||
@@ -502,8 +502,9 @@ jinit_write_bmp(j_decompress_ptr cinfo, boolean is_os2,
|
||||
dest->pub.put_pixel_rows = put_gray_rows;
|
||||
else
|
||||
dest->pub.put_pixel_rows = put_pixel_rows;
|
||||
- } else if (cinfo->out_color_space == JCS_RGB565 ||
|
||||
- cinfo->out_color_space == JCS_CMYK) {
|
||||
+ } else if (!cinfo->quantize_colors &&
|
||||
+ (cinfo->out_color_space == JCS_RGB565 ||
|
||||
+ cinfo->out_color_space == JCS_CMYK)) {
|
||||
dest->pub.put_pixel_rows = put_pixel_rows;
|
||||
} else {
|
||||
ERREXIT(cinfo, JERR_BMP_COLORSPACE);
|
||||
|
@ -1,33 +0,0 @@
|
||||
diff --git a/turbojpeg.c b/turbojpeg.c
|
||||
index 90a9ce6a0..3f7cd6406 100644
|
||||
--- a/turbojpeg.c
|
||||
+++ b/turbojpeg.c
|
||||
@@ -1,5 +1,5 @@
|
||||
/*
|
||||
- * Copyright (C)2009-2018 D. R. Commander. All Rights Reserved.
|
||||
+ * Copyright (C)2009-2019 D. R. Commander. All Rights Reserved.
|
||||
*
|
||||
* Redistribution and use in source and binary forms, with or without
|
||||
* modification, are permitted provided that the following conditions are met:
|
||||
@@ -1960,7 +1960,8 @@ DLLEXPORT unsigned char *tjLoadImage(const char *filename, int *width,
|
||||
int align, int *height, int *pixelFormat,
|
||||
int flags)
|
||||
{
|
||||
- int retval = 0, tempc, pitch;
|
||||
+ int retval = 0, tempc;
|
||||
+ size_t pitch;
|
||||
tjhandle handle = NULL;
|
||||
tjinstance *this;
|
||||
j_compress_ptr cinfo = NULL;
|
||||
@@ -2013,7 +2014,9 @@ DLLEXPORT unsigned char *tjLoadImage(const char *filename, int *width,
|
||||
*pixelFormat = cs2pf[cinfo->in_color_space];
|
||||
|
||||
pitch = PAD((*width) * tjPixelSize[*pixelFormat], align);
|
||||
- if ((dstBuf = (unsigned char *)malloc(pitch * (*height))) == NULL)
|
||||
+ if ((unsigned long long)pitch * (unsigned long long)(*height) >
|
||||
+ (unsigned long long)((size_t)-1) ||
|
||||
+ (dstBuf = (unsigned char *)malloc(pitch * (*height))) == NULL)
|
||||
_throwg("tjLoadImage(): Memory allocation failure");
|
||||
|
||||
if (setjmp(this->jerr.setjmp_buffer)) {
|
||||
|
@ -1,3 +1,42 @@
|
||||
-------------------------------------------------------------------
|
||||
Wed Mar 13 12:02:57 UTC 2019 - pgajdos@suse.com
|
||||
|
||||
- updated to version 2.0.2:
|
||||
1. Fixed a regression introduced by 2.0.1[5] that prevented a runtime search
|
||||
path (rpath) from being embedded in the libjpeg-turbo shared libraries and
|
||||
executables for macOS and iOS. This caused a fatal error of the form
|
||||
"dyld: Library not loaded" when attempting to use one of the executables,
|
||||
unless `DYLD_LIBRARY_PATH` was explicitly set to the location of the
|
||||
libjpeg-turbo shared libraries.
|
||||
2. Fixed an integer overflow and subsequent segfault (CVE-2018-20330) that
|
||||
occurred when attempting to load a BMP file with more than 1 billion pixels
|
||||
using the `tjLoadImage()` function.
|
||||
3. Fixed a buffer overrun (CVE-2018-19664) that occurred when attempting to
|
||||
decompress a specially-crafted malformed JPEG image to a 256-color BMP using
|
||||
djpeg.
|
||||
4. Fixed a floating point exception that occurred when attempting to
|
||||
decompress a specially-crafted malformed JPEG image with a specified image
|
||||
width or height of 0 using the C version of TJBench.
|
||||
5. The TurboJPEG API will now decompress 4:4:4 JPEG images with 2x1, 1x2, 3x1,
|
||||
or 1x3 luminance and chrominance sampling factors. This is a non-standard way
|
||||
of specifying 1x subsampling (normally 4:4:4 JPEGs have 1x1 luminance and
|
||||
chrominance sampling factors), but the JPEG format and the libjpeg API both
|
||||
allow it.
|
||||
6. Fixed a regression introduced by 2.0 beta1[7] that caused djpeg to generate
|
||||
incorrect PPM images when used with the `-colors` option.
|
||||
7. Fixed an issue whereby a static build of libjpeg-turbo (a build in which
|
||||
`ENABLE_SHARED` is `0`) could not be installed using the Visual Studio IDE.
|
||||
8. Fixed a severe performance issue in the Loongson MMI SIMD extensions that
|
||||
occurred when compressing RGB images whose image rows were not 64-bit-aligned.
|
||||
- modified patches
|
||||
% ctest-depends.patch (refreshed)
|
||||
- deleted patches
|
||||
- libjpeg-turbo-CVE-2018-19644.patch (upstreamed)
|
||||
- libjpeg-turbo-CVE-2018-20330.patch (upstreamed)
|
||||
- added sources
|
||||
+ libjpeg-turbo-2.0.2.tar.gz.sig
|
||||
+ libjpeg-turbo.keyring
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Thu Jan 24 08:51:58 UTC 2019 - Jan Engelhardt <jengelh@inai.de>
|
||||
|
||||
|
30
libjpeg-turbo.keyring
Normal file
30
libjpeg-turbo.keyring
Normal file
@ -0,0 +1,30 @@
|
||||
-----BEGIN PGP PUBLIC KEY BLOCK-----
|
||||
|
||||
mQGiBFWuQpoRBACKZREWpZug3nddAYrt9AvxrR3dYRlQvf+gU0q7EJXGERPVF0sz
|
||||
gOofTCo7uMy+xLx47sg0wFapON1HphzwnaCK852pcKajLDoW9oXGV+KvuyAay0Ap
|
||||
T296NxgFidKYlOFS8TcI1PFbmemT56yIWBUSiEZcvJIKG8vu4CHoCSFx5wCg9N55
|
||||
TNEv0XOi9fcxBHJM8P1nSvMD/i4Ounk99EcCcbkNkxJrn2ePWE/H6JZWgy+mBzdX
|
||||
zPEGb7JrmLnoeClHzOq3PwrVCUerXNICJQnZXLUfYv37cdxSXKSP+xw9x/RzpJiq
|
||||
EdJQXrFFLPAFl6iWqi9mm9X5hStPpjVG7frqJR5ogA7frzRV0+rlunhQBhnpeSTE
|
||||
QNznA/oC29xIx6BA7jLVTbqCUqETDf9rA9jpKeJXI5cpE4neevS7EbQez70VEc9f
|
||||
BmvC4L4MU/oJk5/y1OrVDKuFG9F2nAnshL0Y02lcEvmirTG8dJskBNlAm/JbrDEx
|
||||
L0/V7wTTMERuTHGP+F7Y1hpSz+oU6rMLop7qJn9or00HcVMd7rRdVGhlIGxpYmpw
|
||||
ZWctdHVyYm8gUHJvamVjdCAoU2lnbmluZyBrZXkgZm9yIG9mZmljaWFsIGJpbmFy
|
||||
aWVzKSA8aW5mb3JtYXRpb25AbGlianBlZy10dXJiby5vcmc+iGAEExECACAFAlWu
|
||||
QpoCGwMGCwkIBwMCBBUCCAMEFgIDAQIeAQIXgAAKCRCFxwROAz/eFv5IAJ9NPfuV
|
||||
c8mpjSXK+yumPN6TS6okCgCfaltKSnTBHhlvJAEVsWopAPUrj2a5Ag0EVa5CnBAI
|
||||
AIMtO9yvgD/wV/yEkLLRpVaRoM4R1SaDzVNS+Kc9iL4GzWTcNPCqXlxswqVIRKxx
|
||||
NkW7y/RO7Pem6Ew3owmrQRa1FUFLU+TLSMuTLhQl/ao+lmpn32KnPdYIyRRyaLrb
|
||||
DTYBRVGB65sZY4BzueI4m3+w02+53XVuE3tIRk9eHNF8dbYwgUMXb4+8IC5mp0ta
|
||||
4dwdLIMwwatL+iaAuAS6nCKn2eZOyO9KbF2TdWHZhOKE16I5aLa48Nfp/T7Qx3tU
|
||||
c5hH/pOg652/zZCSm7yTekUnzmngnFSiecgsN4WRtpfyxIlJYWbBO1qs6Munviu+
|
||||
a6yEdEhSSw3JGgGwciYep5MAAwUH/RIDmO6PZOn2PXgAGdLvvdnXR5im5axwW30C
|
||||
JjYqkubucqQ0Y7gFE3NsxFxRwMbnRab1yJFrWLtcTBHqa5NAaR8UjUl4vdvvDZXM
|
||||
yOznB5EkjpAhATPpCVAA6N1QnDgh/oceBAcu7KU7WEWGVI2QzOmVQ7CmxDgcehVG
|
||||
6E2DhEatFavD0LLlqlDorFpJnRoIwVOCXz2lV3lmrnP6H+2j0TZHAWnHETyAUL+P
|
||||
lOq7HCbOnnVFzAulrYrt8Ap5ZQm3BRjY+EJIMweb1ZUeReKtW2cTBqM1DQnMdqs2
|
||||
PvIyk7+A0MdAwOPvmaffBDPlu/jECK3AyQvRPMg9tcp1u6Dz6hGISQQYEQIACQUC
|
||||
Va5CnAIbDAAKCRCFxwROAz/eFhUXAKCLyoe0xNURwAjj+2q7NW7IgCuQogCgjKXm
|
||||
udv9ZKnuBluVtm+LueeyV4U=
|
||||
=B+vg
|
||||
-----END PGP PUBLIC KEY BLOCK-----
|
@ -19,7 +19,7 @@
|
||||
%define asan_build 0
|
||||
%define debug_build 0
|
||||
|
||||
%define srcver 2.0.1
|
||||
%define srcver 2.0.2
|
||||
%define major 8
|
||||
%define minor 2
|
||||
%define micro 2
|
||||
@ -39,8 +39,6 @@ Source0: http://downloads.sf.net/libjpeg-turbo/libjpeg-turbo-%{version}.t
|
||||
Source1: baselibs.conf
|
||||
Patch1: libjpeg-turbo-1.3.0-tiff-ojpeg.patch
|
||||
Patch2: ctest-depends.patch
|
||||
Patch3: libjpeg-turbo-CVE-2018-19644.patch
|
||||
Patch4: libjpeg-turbo-CVE-2018-20330.patch
|
||||
BuildRequires: cmake
|
||||
BuildRequires: gcc-c++
|
||||
BuildRequires: pkgconfig
|
||||
@ -106,8 +104,6 @@ files using the libjpeg library.
|
||||
%setup -q
|
||||
%patch1
|
||||
%patch2 -p1
|
||||
%patch4 -p1
|
||||
#%patch3 -p1
|
||||
|
||||
%build
|
||||
MYLDFLAGS="-Wl,-z,relro,-z,now"
|
||||
|
@ -19,7 +19,7 @@
|
||||
%define major 62
|
||||
%define minor 3
|
||||
%define micro 0
|
||||
%define srcver 2.0.1
|
||||
%define srcver 2.0.2
|
||||
%define libver %{major}.%{minor}.%{micro}
|
||||
Name: libjpeg62-turbo
|
||||
Version: %{srcver}
|
||||
@ -29,11 +29,11 @@ License: BSD-3-Clause
|
||||
Group: Productivity/Graphics/Convertors
|
||||
URL: http://sourceforge.net/projects/libjpeg-turbo
|
||||
Source0: http://downloads.sf.net/libjpeg-turbo/libjpeg-turbo-%{version}.tar.gz
|
||||
Source1: baselibs.conf
|
||||
Source1: http://downloads.sf.net/libjpeg-turbo/libjpeg-turbo-%{version}.tar.gz.sig
|
||||
Source2: libjpeg-turbo.keyring
|
||||
Source3: baselibs.conf
|
||||
Patch1: libjpeg-turbo-1.3.0-tiff-ojpeg.patch
|
||||
Patch2: ctest-depends.patch
|
||||
Patch3: libjpeg-turbo-CVE-2018-19644.patch
|
||||
Patch4: libjpeg-turbo-CVE-2018-20330.patch
|
||||
BuildRequires: cmake
|
||||
BuildRequires: gcc-c++
|
||||
# needed for tests as we remove the lib here
|
||||
@ -78,8 +78,6 @@ files using the libjpeg library.
|
||||
%setup -q -n libjpeg-turbo-%{srcver}
|
||||
%patch1
|
||||
%patch2 -p1
|
||||
%patch4 -p1
|
||||
%patch3 -p1
|
||||
|
||||
%build
|
||||
export LDFLAGS="-Wl,-z,relro,-z,now"
|
||||
|
Loading…
Reference in New Issue
Block a user