Accepting request 789669 from graphics
- Upate to version 2.0.4: - bug 388 was fixed upstream https://github.com/libjpeg-turbo/libjpeg-turbo/issues/388 - removed patches, as it is included in this release. * Fixed a regression in the Windows packaging system (introduced by 2.0 beta1[2]) whereby, if both the 64-bit libjpeg-turbo SDK for GCC and the 64-bit libjpeg-turbo SDK for Visual C++ were installed on the same system, only one of them could be uninstalled. * Fixed a signed integer overflow and subsequent segfault that occurred when attempting to decompress images with more than 715827882 pixels using the 64-bit C version of TJBench. * Fixed out-of-bounds write in tjDecompressToYUV2() and tjDecompressToYUVPlanes() (sometimes manifesting as a double free) that occurred when attempting to decompress grayscale JPEG images that were compressed with a sampling factor other than 1 (for instance, with cjpeg -grayscale -sample 2x2). * Fixed a regression introduced by 2.0.2[5] that caused the TurboJPEG API to incorrectly identify some JPEG images with unusual sampling factors as 4:4:4 JPEG images. This was known to cause a buffer overflow when attempting to decompress some such images using tjDecompressToYUV2() or tjDecompressToYUVPlanes(). * Fixed an issue, detected by ASan, whereby attempting to losslessly transform a specially-crafted malformed JPEG image containing an extremely-high-frequency coefficient block (junk image data that could never be generated by a legitimate JPEG compressor) could cause the Huffman encoder's local buffer to be overrun. (Refer to 1.4.0[9] and 1.4beta1[15].) Given that the buffer overrun was fully contained within the stack and did not cause a segfault or other user-visible errant behavior, and given that the lossless transformer (unlike the decompressor) is not generally exposed to arbitrary data exploits, this issue did not likely pose a security risk. The ARM 64-bit (ARMv8) NEON SIMD assembly code now stores constants in a separate read-only data section rather than in the text section, to support execute-only memory layouts. - libjpeg-turbo-issue-388.patch upstreamed - Added If statments for Fedora not having sertain openSUSE macros OBS-URL: https://build.opensuse.org/request/show/789669 OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/libjpeg-turbo?expand=0&rev=51
This commit is contained in:
Dominique Leuenberger
Git OBS Bridge
commit
ca6e17a150
@ -1,3 +0,0 @@
|
||||
version https://git-lfs.github.com/spec/v1
|
||||
oid sha256:4246de500544d4ee408ee57048aa4aadc6f165fc17f141da87669f20ed3241b7
|
||||
size 2161279
|
||||
Binary file not shown.
3
libjpeg-turbo-2.0.4.tar.gz
Normal file
3
libjpeg-turbo-2.0.4.tar.gz
Normal file
@ -0,0 +1,3 @@
|
||||
version https://git-lfs.github.com/spec/v1
|
||||
oid sha256:33dd8547efd5543639e890efbf2ef52d5a21df81faf41bb940657af916a23406
|
||||
size 2161812
|
||||
BIN
libjpeg-turbo-2.0.4.tar.gz.sig
Normal file
BIN
libjpeg-turbo-2.0.4.tar.gz.sig
Normal file
Binary file not shown.
@ -1,21 +0,0 @@
|
||||
--- a/tjbench.c
|
||||
+++ b/tjbench.c
|
||||
@@ -171,7 +171,7 @@ static int decomp(unsigned char *srcBuf, unsigned char **jpegBuf,
|
||||
}
|
||||
/* Set the destination buffer to gray so we know whether the decompressor
|
||||
attempted to write to it */
|
||||
- memset(dstBuf, 127, pitch * scaledh);
|
||||
+ memset(dstBuf, 127, (size_t)pitch * scaledh);
|
||||
|
||||
if (doYUV) {
|
||||
int width = doTile ? tilew : scaledw;
|
||||
@@ -193,7 +193,7 @@ static int decomp(unsigned char *srcBuf, unsigned char **jpegBuf,
|
||||
double start = getTime();
|
||||
|
||||
for (row = 0, dstPtr = dstBuf; row < ntilesh;
|
||||
- row++, dstPtr += pitch * tileh) {
|
||||
+ row++, dstPtr += (size_t)pitch * tileh) {
|
||||
for (col = 0, dstPtr2 = dstPtr; col < ntilesw;
|
||||
col++, tile++, dstPtr2 += ps * tilew) {
|
||||
int width = doTile ? min(tilew, w - col * tilew) : scaledw;
|
||||
|
||||
@ -1,3 +1,40 @@
|
||||
-------------------------------------------------------------------
|
||||
Sun Mar 29 10:02:02 UTC 2020 - Aaron Stern <ukbeast89@protonmail.com>
|
||||
|
||||
- Upate to version 2.0.4:
|
||||
- bug 388 was fixed upstream
|
||||
https://github.com/libjpeg-turbo/libjpeg-turbo/issues/388
|
||||
- removed patches, as it is included in this release.
|
||||
* Fixed a regression in the Windows packaging system
|
||||
(introduced by 2.0 beta1[2]) whereby, if both the 64-bit libjpeg-turbo
|
||||
SDK for GCC and the 64-bit libjpeg-turbo SDK for Visual C++ were installed
|
||||
on the same system, only one of them could be uninstalled.
|
||||
* Fixed a signed integer overflow and subsequent segfault that occurred when
|
||||
attempting to decompress images with more than 715827882 pixels using the 64-bit C version of TJBench.
|
||||
* Fixed out-of-bounds write in tjDecompressToYUV2() and tjDecompressToYUVPlanes()
|
||||
(sometimes manifesting as a double free) that occurred when attempting to decompress
|
||||
grayscale JPEG images that were compressed with a sampling factor other than 1
|
||||
(for instance, with cjpeg -grayscale -sample 2x2).
|
||||
* Fixed a regression introduced by 2.0.2[5] that caused the TurboJPEG API to incorrectly
|
||||
identify some JPEG images with unusual sampling factors as 4:4:4 JPEG images.
|
||||
This was known to cause a buffer overflow when attempting to decompress some such images using
|
||||
tjDecompressToYUV2() or tjDecompressToYUVPlanes().
|
||||
* Fixed an issue, detected by ASan, whereby attempting to losslessly transform a specially-crafted
|
||||
malformed JPEG image containing an extremely-high-frequency coefficient block
|
||||
(junk image data that could never be generated by a legitimate JPEG compressor) could cause the
|
||||
Huffman encoder's local buffer to be overrun. (Refer to 1.4.0[9] and 1.4beta1[15].)
|
||||
Given that the buffer overrun was fully contained within the stack and did not cause a segfault
|
||||
or other user-visible errant behavior, and given that the lossless transformer (unlike the decompressor)
|
||||
is not generally exposed to arbitrary data exploits, this issue did not likely pose a security risk.
|
||||
The ARM 64-bit (ARMv8) NEON SIMD assembly code now stores constants in a separate read-only data
|
||||
section rather than in the text section, to support execute-only memory layouts.
|
||||
- libjpeg-turbo-issue-388.patch upstreamed
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Tue Mar 17 05:52:14 UTC 2020 - John Whately <john+OpenSuse@whately.me>
|
||||
|
||||
- Added If statments for Fedora not having sertain openSUSE macros
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Tue Nov 12 14:09:12 UTC 2019 - pgajdos@suse.com
|
||||
|
||||
|
||||
@ -1,7 +1,7 @@
|
||||
#
|
||||
# spec file for package libjpeg-turbo
|
||||
#
|
||||
# Copyright (c) 2019 SUSE LINUX GmbH, Nuernberg, Germany.
|
||||
# Copyright (c) 2020 SUSE LLC
|
||||
#
|
||||
# All modifications and additions to the file contributed by third parties
|
||||
# remain the property of their copyright owners, unless otherwise agreed
|
||||
@ -19,7 +19,7 @@
|
||||
%define asan_build 0
|
||||
%define debug_build 0
|
||||
|
||||
%define srcver 2.0.3
|
||||
%define srcver 2.0.4
|
||||
%define major 8
|
||||
%define minor 2
|
||||
%define micro 2
|
||||
@ -39,8 +39,6 @@ Source0: http://downloads.sf.net/libjpeg-turbo/libjpeg-turbo-%{version}.t
|
||||
Source1: baselibs.conf
|
||||
Patch1: libjpeg-turbo-1.3.0-tiff-ojpeg.patch
|
||||
Patch2: ctest-depends.patch
|
||||
# https://github.com/libjpeg-turbo/libjpeg-turbo/issues/388
|
||||
Patch3: libjpeg-turbo-issue-388.patch
|
||||
BuildRequires: cmake
|
||||
BuildRequires: gcc-c++
|
||||
BuildRequires: pkgconfig
|
||||
@ -106,7 +104,6 @@ files using the libjpeg library.
|
||||
%setup -q
|
||||
%patch1
|
||||
%patch2 -p1
|
||||
%patch3 -p1
|
||||
|
||||
%build
|
||||
MYLDFLAGS="-Wl,-z,relro,-z,now"
|
||||
@ -138,10 +135,18 @@ make %{?_smp_mflags}
|
||||
exit 0
|
||||
%endif
|
||||
export LD_LIBRARY_PATH=%{buildroot}%{_libdir}${LD_LIBRARY_PATH:+:${LD_LIBRARY_PATH}}
|
||||
%ctest
|
||||
%if 0%{?fedora_version}
|
||||
ctest --output-on-failure --force-new-ctest-process
|
||||
%else
|
||||
%ctest
|
||||
%endif
|
||||
|
||||
%install
|
||||
%cmake_install
|
||||
%if 0%{?fedora_version}
|
||||
make DESTDIR=%{buildroot} install/fast
|
||||
%else
|
||||
%cmake_install
|
||||
%endif
|
||||
# Remove docs, we'll select docs manually
|
||||
rm -rf %{buildroot}%{_datadir}/doc/
|
||||
|
||||
|
||||
@ -1,3 +1,36 @@
|
||||
-------------------------------------------------------------------
|
||||
Sun Mar 29 10:17:03 UTC 2020 - Aaron Stern <ukbeast89@protonmail.com>
|
||||
|
||||
- Upate to version 2.0.4:
|
||||
* Fixed a regression in the Windows packaging system
|
||||
(introduced by 2.0 beta1[2]) whereby, if both the 64-bit libjpeg-turbo
|
||||
SDK for GCC and the 64-bit libjpeg-turbo SDK for Visual C++ were installed
|
||||
on the same system, only one of them could be uninstalled.
|
||||
* Fixed a signed integer overflow and subsequent segfault that occurred when
|
||||
attempting to decompress images with more than 715827882 pixels using the 64-bit C version of TJBench.
|
||||
* Fixed out-of-bounds write in tjDecompressToYUV2() and tjDecompressToYUVPlanes()
|
||||
(sometimes manifesting as a double free) that occurred when attempting to decompress
|
||||
grayscale JPEG images that were compressed with a sampling factor other than 1
|
||||
(for instance, with cjpeg -grayscale -sample 2x2).
|
||||
* Fixed a regression introduced by 2.0.2[5] that caused the TurboJPEG API to incorrectly
|
||||
identify some JPEG images with unusual sampling factors as 4:4:4 JPEG images.
|
||||
This was known to cause a buffer overflow when attempting to decompress some such images using
|
||||
tjDecompressToYUV2() or tjDecompressToYUVPlanes().
|
||||
* Fixed an issue, detected by ASan, whereby attempting to losslessly transform a specially-crafted
|
||||
malformed JPEG image containing an extremely-high-frequency coefficient block
|
||||
(junk image data that could never be generated by a legitimate JPEG compressor) could cause the
|
||||
Huffman encoder's local buffer to be overrun. (Refer to 1.4.0[9] and 1.4beta1[15].)
|
||||
Given that the buffer overrun was fully contained within the stack and did not cause a segfault
|
||||
or other user-visible errant behavior, and given that the lossless transformer (unlike the decompressor)
|
||||
is not generally exposed to arbitrary data exploits, this issue did not likely pose a security risk.
|
||||
The ARM 64-bit (ARMv8) NEON SIMD assembly code now stores constants in a separate read-only data
|
||||
section rather than in the text section, to support execute-only memory layouts.
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Tue Mar 17 05:52:14 UTC 2020 - John Whately <john+OpenSuse@whately.me>
|
||||
|
||||
- Added If statments for Fedora not having sertain openSUSE macros
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Sat Oct 5 09:08:29 UTC 2019 - Bjørn Lie <bjorn.lie@gmail.com>
|
||||
|
||||
|
||||
@ -1,7 +1,7 @@
|
||||
#
|
||||
# spec file for package libjpeg62-turbo
|
||||
#
|
||||
# Copyright (c) 2019 SUSE LINUX GmbH, Nuernberg, Germany.
|
||||
# Copyright (c) 2020 SUSE LLC
|
||||
#
|
||||
# All modifications and additions to the file contributed by third parties
|
||||
# remain the property of their copyright owners, unless otherwise agreed
|
||||
@ -19,7 +19,7 @@
|
||||
%define major 62
|
||||
%define minor 3
|
||||
%define micro 0
|
||||
%define srcver 2.0.3
|
||||
%define srcver 2.0.4
|
||||
%define libver %{major}.%{minor}.%{micro}
|
||||
Name: libjpeg62-turbo
|
||||
Version: %{srcver}
|
||||
|
||||
Loading…
Reference in New Issue
Block a user