diff --git a/ctest-depends.patch b/ctest-depends.patch index cae79af..4d2d8af 100644 --- a/ctest-depends.patch +++ b/ctest-depends.patch @@ -1,13 +1,9 @@ -Index: libjpeg-turbo-2.0.0/CMakeLists.txt +Index: libjpeg-turbo-2.0.2/CMakeLists.txt =================================================================== ---- libjpeg-turbo-2.0.0.orig/CMakeLists.txt -+++ libjpeg-turbo-2.0.0/CMakeLists.txt -@@ -997,9 +997,12 @@ foreach(libtype ${TEST_LIBTYPES}) - - add_test(djpeg-${libtype}-rgb-islow-icc-cmp - ${MD5CMP} b06a39d730129122e85c1363ed1bbc9e testout_rgb_islow.icc) -+ set_tests_properties(djpeg-${libtype}-rgb-islow-icc-cmp PROPERTIES -+ DEPENDS djpeg-${libtype}-rgb-islow) +--- libjpeg-turbo-2.0.2.orig/CMakeLists.txt 2019-03-13 12:44:05.376162889 +0100 ++++ libjpeg-turbo-2.0.2/CMakeLists.txt 2019-03-13 12:45:59.156696193 +0100 +@@ -1003,7 +1003,8 @@ foreach(libtype ${TEST_LIBTYPES}) + DEPENDS djpeg-${libtype}-rgb-islow) add_bittest(jpegtran icc "-copy;all;-icc;${TESTIMAGES}/test2.icc" - testout_rgb_islow2.jpg testout_rgb_islow.jpg ${MD5_JPEG_RGB_ISLOW2}) diff --git a/libjpeg-turbo-2.0.1.tar.gz b/libjpeg-turbo-2.0.1.tar.gz deleted file mode 100644 index d1ba1f8..0000000 --- a/libjpeg-turbo-2.0.1.tar.gz +++ /dev/null @@ -1,3 +0,0 @@ -version https://git-lfs.github.com/spec/v1 -oid sha256:e5f86cec31df1d39596e0cca619ab1b01f99025a27dafdfc97a30f3a12f866ff -size 2159130 diff --git a/libjpeg-turbo-2.0.2.tar.gz b/libjpeg-turbo-2.0.2.tar.gz new file mode 100644 index 0000000..0d9e84e --- /dev/null +++ b/libjpeg-turbo-2.0.2.tar.gz @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:acb8599fe5399af114287ee5907aea4456f8f2c1cc96d26c28aebfdf5ee82fed +size 2159562 diff --git a/libjpeg-turbo-2.0.2.tar.gz.sig b/libjpeg-turbo-2.0.2.tar.gz.sig new file mode 100644 index 0000000..a608fc2 Binary files /dev/null and b/libjpeg-turbo-2.0.2.tar.gz.sig differ diff --git a/libjpeg-turbo-CVE-2018-19644.patch b/libjpeg-turbo-CVE-2018-19644.patch deleted file mode 100644 index c63b8b9..0000000 --- a/libjpeg-turbo-CVE-2018-19644.patch +++ /dev/null @@ -1,17 +0,0 @@ -diff --git a/wrbmp.c b/wrbmp.c -index 4bf81426b..239f64eb3 100644 ---- a/wrbmp.c -+++ b/wrbmp.c -@@ -502,8 +502,9 @@ jinit_write_bmp(j_decompress_ptr cinfo, boolean is_os2, - dest->pub.put_pixel_rows = put_gray_rows; - else - dest->pub.put_pixel_rows = put_pixel_rows; -- } else if (cinfo->out_color_space == JCS_RGB565 || -- cinfo->out_color_space == JCS_CMYK) { -+ } else if (!cinfo->quantize_colors && -+ (cinfo->out_color_space == JCS_RGB565 || -+ cinfo->out_color_space == JCS_CMYK)) { - dest->pub.put_pixel_rows = put_pixel_rows; - } else { - ERREXIT(cinfo, JERR_BMP_COLORSPACE); - diff --git a/libjpeg-turbo-CVE-2018-20330.patch b/libjpeg-turbo-CVE-2018-20330.patch deleted file mode 100644 index 6fcdab1..0000000 --- a/libjpeg-turbo-CVE-2018-20330.patch +++ /dev/null @@ -1,33 +0,0 @@ -diff --git a/turbojpeg.c b/turbojpeg.c -index 90a9ce6a0..3f7cd6406 100644 ---- a/turbojpeg.c -+++ b/turbojpeg.c -@@ -1,5 +1,5 @@ - /* -- * Copyright (C)2009-2018 D. R. Commander. All Rights Reserved. -+ * Copyright (C)2009-2019 D. R. Commander. All Rights Reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions are met: -@@ -1960,7 +1960,8 @@ DLLEXPORT unsigned char *tjLoadImage(const char *filename, int *width, - int align, int *height, int *pixelFormat, - int flags) - { -- int retval = 0, tempc, pitch; -+ int retval = 0, tempc; -+ size_t pitch; - tjhandle handle = NULL; - tjinstance *this; - j_compress_ptr cinfo = NULL; -@@ -2013,7 +2014,9 @@ DLLEXPORT unsigned char *tjLoadImage(const char *filename, int *width, - *pixelFormat = cs2pf[cinfo->in_color_space]; - - pitch = PAD((*width) * tjPixelSize[*pixelFormat], align); -- if ((dstBuf = (unsigned char *)malloc(pitch * (*height))) == NULL) -+ if ((unsigned long long)pitch * (unsigned long long)(*height) > -+ (unsigned long long)((size_t)-1) || -+ (dstBuf = (unsigned char *)malloc(pitch * (*height))) == NULL) - _throwg("tjLoadImage(): Memory allocation failure"); - - if (setjmp(this->jerr.setjmp_buffer)) { - diff --git a/libjpeg-turbo.changes b/libjpeg-turbo.changes index 828b999..73cf3c0 100644 --- a/libjpeg-turbo.changes +++ b/libjpeg-turbo.changes @@ -1,3 +1,42 @@ +------------------------------------------------------------------- +Wed Mar 13 12:02:57 UTC 2019 - pgajdos@suse.com + +- updated to version 2.0.2: + 1. Fixed a regression introduced by 2.0.1[5] that prevented a runtime search + path (rpath) from being embedded in the libjpeg-turbo shared libraries and + executables for macOS and iOS. This caused a fatal error of the form + "dyld: Library not loaded" when attempting to use one of the executables, + unless `DYLD_LIBRARY_PATH` was explicitly set to the location of the + libjpeg-turbo shared libraries. + 2. Fixed an integer overflow and subsequent segfault (CVE-2018-20330) that + occurred when attempting to load a BMP file with more than 1 billion pixels + using the `tjLoadImage()` function. + 3. Fixed a buffer overrun (CVE-2018-19664) that occurred when attempting to + decompress a specially-crafted malformed JPEG image to a 256-color BMP using + djpeg. + 4. Fixed a floating point exception that occurred when attempting to + decompress a specially-crafted malformed JPEG image with a specified image + width or height of 0 using the C version of TJBench. + 5. The TurboJPEG API will now decompress 4:4:4 JPEG images with 2x1, 1x2, 3x1, + or 1x3 luminance and chrominance sampling factors. This is a non-standard way + of specifying 1x subsampling (normally 4:4:4 JPEGs have 1x1 luminance and + chrominance sampling factors), but the JPEG format and the libjpeg API both + allow it. + 6. Fixed a regression introduced by 2.0 beta1[7] that caused djpeg to generate + incorrect PPM images when used with the `-colors` option. + 7. Fixed an issue whereby a static build of libjpeg-turbo (a build in which + `ENABLE_SHARED` is `0`) could not be installed using the Visual Studio IDE. + 8. Fixed a severe performance issue in the Loongson MMI SIMD extensions that + occurred when compressing RGB images whose image rows were not 64-bit-aligned. +- modified patches + % ctest-depends.patch (refreshed) +- deleted patches + - libjpeg-turbo-CVE-2018-19644.patch (upstreamed) + - libjpeg-turbo-CVE-2018-20330.patch (upstreamed) +- added sources + + libjpeg-turbo-2.0.2.tar.gz.sig + + libjpeg-turbo.keyring + ------------------------------------------------------------------- Thu Jan 24 08:51:58 UTC 2019 - Jan Engelhardt diff --git a/libjpeg-turbo.keyring b/libjpeg-turbo.keyring new file mode 100644 index 0000000..509d389 --- /dev/null +++ b/libjpeg-turbo.keyring @@ -0,0 +1,30 @@ +-----BEGIN PGP PUBLIC KEY BLOCK----- + +mQGiBFWuQpoRBACKZREWpZug3nddAYrt9AvxrR3dYRlQvf+gU0q7EJXGERPVF0sz +gOofTCo7uMy+xLx47sg0wFapON1HphzwnaCK852pcKajLDoW9oXGV+KvuyAay0Ap +T296NxgFidKYlOFS8TcI1PFbmemT56yIWBUSiEZcvJIKG8vu4CHoCSFx5wCg9N55 +TNEv0XOi9fcxBHJM8P1nSvMD/i4Ounk99EcCcbkNkxJrn2ePWE/H6JZWgy+mBzdX +zPEGb7JrmLnoeClHzOq3PwrVCUerXNICJQnZXLUfYv37cdxSXKSP+xw9x/RzpJiq +EdJQXrFFLPAFl6iWqi9mm9X5hStPpjVG7frqJR5ogA7frzRV0+rlunhQBhnpeSTE +QNznA/oC29xIx6BA7jLVTbqCUqETDf9rA9jpKeJXI5cpE4neevS7EbQez70VEc9f +BmvC4L4MU/oJk5/y1OrVDKuFG9F2nAnshL0Y02lcEvmirTG8dJskBNlAm/JbrDEx +L0/V7wTTMERuTHGP+F7Y1hpSz+oU6rMLop7qJn9or00HcVMd7rRdVGhlIGxpYmpw +ZWctdHVyYm8gUHJvamVjdCAoU2lnbmluZyBrZXkgZm9yIG9mZmljaWFsIGJpbmFy +aWVzKSA8aW5mb3JtYXRpb25AbGlianBlZy10dXJiby5vcmc+iGAEExECACAFAlWu +QpoCGwMGCwkIBwMCBBUCCAMEFgIDAQIeAQIXgAAKCRCFxwROAz/eFv5IAJ9NPfuV +c8mpjSXK+yumPN6TS6okCgCfaltKSnTBHhlvJAEVsWopAPUrj2a5Ag0EVa5CnBAI +AIMtO9yvgD/wV/yEkLLRpVaRoM4R1SaDzVNS+Kc9iL4GzWTcNPCqXlxswqVIRKxx +NkW7y/RO7Pem6Ew3owmrQRa1FUFLU+TLSMuTLhQl/ao+lmpn32KnPdYIyRRyaLrb +DTYBRVGB65sZY4BzueI4m3+w02+53XVuE3tIRk9eHNF8dbYwgUMXb4+8IC5mp0ta +4dwdLIMwwatL+iaAuAS6nCKn2eZOyO9KbF2TdWHZhOKE16I5aLa48Nfp/T7Qx3tU +c5hH/pOg652/zZCSm7yTekUnzmngnFSiecgsN4WRtpfyxIlJYWbBO1qs6Munviu+ +a6yEdEhSSw3JGgGwciYep5MAAwUH/RIDmO6PZOn2PXgAGdLvvdnXR5im5axwW30C +JjYqkubucqQ0Y7gFE3NsxFxRwMbnRab1yJFrWLtcTBHqa5NAaR8UjUl4vdvvDZXM +yOznB5EkjpAhATPpCVAA6N1QnDgh/oceBAcu7KU7WEWGVI2QzOmVQ7CmxDgcehVG +6E2DhEatFavD0LLlqlDorFpJnRoIwVOCXz2lV3lmrnP6H+2j0TZHAWnHETyAUL+P +lOq7HCbOnnVFzAulrYrt8Ap5ZQm3BRjY+EJIMweb1ZUeReKtW2cTBqM1DQnMdqs2 +PvIyk7+A0MdAwOPvmaffBDPlu/jECK3AyQvRPMg9tcp1u6Dz6hGISQQYEQIACQUC +Va5CnAIbDAAKCRCFxwROAz/eFhUXAKCLyoe0xNURwAjj+2q7NW7IgCuQogCgjKXm +udv9ZKnuBluVtm+LueeyV4U= +=B+vg +-----END PGP PUBLIC KEY BLOCK----- diff --git a/libjpeg-turbo.spec b/libjpeg-turbo.spec index 7326d65..e99eec3 100644 --- a/libjpeg-turbo.spec +++ b/libjpeg-turbo.spec @@ -19,7 +19,7 @@ %define asan_build 0 %define debug_build 0 -%define srcver 2.0.1 +%define srcver 2.0.2 %define major 8 %define minor 2 %define micro 2 @@ -39,8 +39,6 @@ Source0: http://downloads.sf.net/libjpeg-turbo/libjpeg-turbo-%{version}.t Source1: baselibs.conf Patch1: libjpeg-turbo-1.3.0-tiff-ojpeg.patch Patch2: ctest-depends.patch -Patch3: libjpeg-turbo-CVE-2018-19644.patch -Patch4: libjpeg-turbo-CVE-2018-20330.patch BuildRequires: cmake BuildRequires: gcc-c++ BuildRequires: pkgconfig @@ -106,8 +104,6 @@ files using the libjpeg library. %setup -q %patch1 %patch2 -p1 -%patch4 -p1 -#%patch3 -p1 %build MYLDFLAGS="-Wl,-z,relro,-z,now" diff --git a/libjpeg62-turbo.spec b/libjpeg62-turbo.spec index 3cc3eec..213f422 100644 --- a/libjpeg62-turbo.spec +++ b/libjpeg62-turbo.spec @@ -19,7 +19,7 @@ %define major 62 %define minor 3 %define micro 0 -%define srcver 2.0.1 +%define srcver 2.0.2 %define libver %{major}.%{minor}.%{micro} Name: libjpeg62-turbo Version: %{srcver} @@ -29,11 +29,11 @@ License: BSD-3-Clause Group: Productivity/Graphics/Convertors URL: http://sourceforge.net/projects/libjpeg-turbo Source0: http://downloads.sf.net/libjpeg-turbo/libjpeg-turbo-%{version}.tar.gz -Source1: baselibs.conf +Source1: http://downloads.sf.net/libjpeg-turbo/libjpeg-turbo-%{version}.tar.gz.sig +Source2: libjpeg-turbo.keyring +Source3: baselibs.conf Patch1: libjpeg-turbo-1.3.0-tiff-ojpeg.patch Patch2: ctest-depends.patch -Patch3: libjpeg-turbo-CVE-2018-19644.patch -Patch4: libjpeg-turbo-CVE-2018-20330.patch BuildRequires: cmake BuildRequires: gcc-c++ # needed for tests as we remove the lib here @@ -78,8 +78,6 @@ files using the libjpeg library. %setup -q -n libjpeg-turbo-%{srcver} %patch1 %patch2 -p1 -%patch4 -p1 -%patch3 -p1 %build export LDFLAGS="-Wl,-z,relro,-z,now"