- Upate to version 2.0.4:
- bug 388 was fixed upstream
https://github.com/libjpeg-turbo/libjpeg-turbo/issues/388
- removed patches, as it is included in this release.
* Fixed a regression in the Windows packaging system
(introduced by 2.0 beta1[2]) whereby, if both the 64-bit libjpeg-turbo
SDK for GCC and the 64-bit libjpeg-turbo SDK for Visual C++ were installed
on the same system, only one of them could be uninstalled.
* Fixed a signed integer overflow and subsequent segfault that occurred when
attempting to decompress images with more than 715827882 pixels using the 64-bit C version of TJBench.
* Fixed out-of-bounds write in tjDecompressToYUV2() and tjDecompressToYUVPlanes()
(sometimes manifesting as a double free) that occurred when attempting to decompress
grayscale JPEG images that were compressed with a sampling factor other than 1
(for instance, with cjpeg -grayscale -sample 2x2).
* Fixed a regression introduced by 2.0.2[5] that caused the TurboJPEG API to incorrectly
identify some JPEG images with unusual sampling factors as 4:4:4 JPEG images.
This was known to cause a buffer overflow when attempting to decompress some such images using
tjDecompressToYUV2() or tjDecompressToYUVPlanes().
* Fixed an issue, detected by ASan, whereby attempting to losslessly transform a specially-crafted
malformed JPEG image containing an extremely-high-frequency coefficient block
(junk image data that could never be generated by a legitimate JPEG compressor) could cause the
Huffman encoder's local buffer to be overrun. (Refer to 1.4.0[9] and 1.4beta1[15].)
Given that the buffer overrun was fully contained within the stack and did not cause a segfault
or other user-visible errant behavior, and given that the lossless transformer (unlike the decompressor)
is not generally exposed to arbitrary data exploits, this issue did not likely pose a security risk.
The ARM 64-bit (ARMv8) NEON SIMD assembly code now stores constants in a separate read-only data
section rather than in the text section, to support execute-only memory layouts.
- libjpeg-turbo-issue-388.patch upstreamed
- Added If statments for Fedora not having sertain openSUSE macros
OBS-URL: https://build.opensuse.org/request/show/789669
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/libjpeg-turbo?expand=0&rev=51
- Upate to version 2.0.4:
- bug 388 was fixed upstream
https://github.com/libjpeg-turbo/libjpeg-turbo/issues/388
- removed patches, as it is included in this release.
* Fixed a regression in the Windows packaging system
(introduced by 2.0 beta1[2]) whereby, if both the 64-bit libjpeg-turbo
SDK for GCC and the 64-bit libjpeg-turbo SDK for Visual C++ were installed
on the same system, only one of them could be uninstalled.
* Fixed a signed integer overflow and subsequent segfault that occurred when
attempting to decompress images with more than 715827882 pixels using the 64-bit C version of TJBench.
* Fixed out-of-bounds write in tjDecompressToYUV2() and tjDecompressToYUVPlanes()
(sometimes manifesting as a double free) that occurred when attempting to decompress
grayscale JPEG images that were compressed with a sampling factor other than 1
(for instance, with cjpeg -grayscale -sample 2x2).
* Fixed a regression introduced by 2.0.2[5] that caused the TurboJPEG API to incorrectly
identify some JPEG images with unusual sampling factors as 4:4:4 JPEG images.
This was known to cause a buffer overflow when attempting to decompress some such images using
tjDecompressToYUV2() or tjDecompressToYUVPlanes().
* Fixed an issue, detected by ASan, whereby attempting to losslessly transform a specially-crafted
malformed JPEG image containing an extremely-high-frequency coefficient block
(junk image data that could never be generated by a legitimate JPEG compressor) could cause the
Huffman encoder's local buffer to be overrun. (Refer to 1.4.0[9] and 1.4beta1[15].)
Given that the buffer overrun was fully contained within the stack and did not cause a segfault
or other user-visible errant behavior, and given that the lossless transformer (unlike the decompressor)
is not generally exposed to arbitrary data exploits, this issue did not likely pose a security risk.
The ARM 64-bit (ARMv8) NEON SIMD assembly code now stores constants in a separate read-only data
section rather than in the text section, to support execute-only memory layouts.
- Upate to version 2.0.4:
* Fixed a regression in the Windows packaging system
(introduced by 2.0 beta1[2]) whereby, if both the 64-bit libjpeg-turbo
SDK for GCC and the 64-bit libjpeg-turbo SDK for Visual C++ were installed
on the same system, only one of them could be uninstalled.
* Fixed a signed integer overflow and subsequent segfault that occurred when
attempting to decompress images with more than 715827882 pixels using the 64-bit C version of TJBench.
* Fixed out-of-bounds write in tjDecompressToYUV2() and tjDecompressToYUVPlanes()
(sometimes manifesting as a double free) that occurred when attempting to decompress
grayscale JPEG images that were compressed with a sampling factor other than 1
(for instance, with cjpeg -grayscale -sample 2x2).
* Fixed a regression introduced by 2.0.2[5] that caused the TurboJPEG API to incorrectly
identify some JPEG images with unusual sampling factors as 4:4:4 JPEG images.
This was known to cause a buffer overflow when attempting to decompress some such images using
tjDecompressToYUV2() or tjDecompressToYUVPlanes().
* Fixed an issue, detected by ASan, whereby attempting to losslessly transform a specially-crafted
malformed JPEG image containing an extremely-high-frequency coefficient block
(junk image data that could never be generated by a legitimate JPEG compressor) could cause the
Huffman encoder's local buffer to be overrun. (Refer to 1.4.0[9] and 1.4beta1[15].)
Given that the buffer overrun was fully contained within the stack and did not cause a segfault
or other user-visible errant behavior, and given that the lossless transformer (unlike the decompressor)
is not generally exposed to arbitrary data exploits, this issue did not likely pose a security risk.
The ARM 64-bit (ARMv8) NEON SIMD assembly code now stores constants in a separate read-only data
section rather than in the text section, to support execute-only memory layouts.
OBS-URL: https://build.opensuse.org/request/show/789475
OBS-URL: https://build.opensuse.org/package/show/graphics/libjpeg-turbo?expand=0&rev=104
- updated to version 2.0.2:
1. Fixed a regression introduced by 2.0.1[5] that prevented a runtime search
path (rpath) from being embedded in the libjpeg-turbo shared libraries and
executables for macOS and iOS. This caused a fatal error of the form
"dyld: Library not loaded" when attempting to use one of the executables,
unless `DYLD_LIBRARY_PATH` was explicitly set to the location of the
libjpeg-turbo shared libraries.
2. Fixed an integer overflow and subsequent segfault (CVE-2018-20330) that
occurred when attempting to load a BMP file with more than 1 billion pixels
using the `tjLoadImage()` function.
3. Fixed a buffer overrun (CVE-2018-19664) that occurred when attempting to
decompress a specially-crafted malformed JPEG image to a 256-color BMP using
djpeg.
4. Fixed a floating point exception that occurred when attempting to
decompress a specially-crafted malformed JPEG image with a specified image
width or height of 0 using the C version of TJBench.
5. The TurboJPEG API will now decompress 4:4:4 JPEG images with 2x1, 1x2, 3x1,
or 1x3 luminance and chrominance sampling factors. This is a non-standard way
of specifying 1x subsampling (normally 4:4:4 JPEGs have 1x1 luminance and
chrominance sampling factors), but the JPEG format and the libjpeg API both
allow it.
6. Fixed a regression introduced by 2.0 beta1[7] that caused djpeg to generate
incorrect PPM images when used with the `-colors` option.
7. Fixed an issue whereby a static build of libjpeg-turbo (a build in which
`ENABLE_SHARED` is `0`) could not be installed using the Visual Studio IDE.
8. Fixed a severe performance issue in the Loongson MMI SIMD extensions that
occurred when compressing RGB images whose image rows were not 64-bit-aligned.
- modified patches
% ctest-depends.patch (refreshed)
- deleted patches
OBS-URL: https://build.opensuse.org/request/show/684675
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/libjpeg-turbo?expand=0&rev=47
1. Fixed a regression introduced by 2.0.1[5] that prevented a runtime search
path (rpath) from being embedded in the libjpeg-turbo shared libraries and
executables for macOS and iOS. This caused a fatal error of the form
"dyld: Library not loaded" when attempting to use one of the executables,
unless `DYLD_LIBRARY_PATH` was explicitly set to the location of the
libjpeg-turbo shared libraries.
2. Fixed an integer overflow and subsequent segfault (CVE-2018-20330) that
occurred when attempting to load a BMP file with more than 1 billion pixels
using the `tjLoadImage()` function.
3. Fixed a buffer overrun (CVE-2018-19664) that occurred when attempting to
decompress a specially-crafted malformed JPEG image to a 256-color BMP using
djpeg.
4. Fixed a floating point exception that occurred when attempting to
decompress a specially-crafted malformed JPEG image with a specified image
width or height of 0 using the C version of TJBench.
5. The TurboJPEG API will now decompress 4:4:4 JPEG images with 2x1, 1x2, 3x1,
or 1x3 luminance and chrominance sampling factors. This is a non-standard way
of specifying 1x subsampling (normally 4:4:4 JPEGs have 1x1 luminance and
chrominance sampling factors), but the JPEG format and the libjpeg API both
allow it.
6. Fixed a regression introduced by 2.0 beta1[7] that caused djpeg to generate
incorrect PPM images when used with the `-colors` option.
7. Fixed an issue whereby a static build of libjpeg-turbo (a build in which
`ENABLE_SHARED` is `0`) could not be installed using the Visual Studio IDE.
8. Fixed a severe performance issue in the Loongson MMI SIMD extensions that
occurred when compressing RGB images whose image rows were not 64-bit-aligned.
- modified patches
% ctest-depends.patch (refreshed)
- deleted patches
OBS-URL: https://build.opensuse.org/package/show/graphics/libjpeg-turbo?expand=0&rev=94
- update to version 2.0.1:
* jsimd_quantize_float_dspr2() and jsimd_convsamp_float_dspr2()
functions in the MIPS DSPr2 SIMD extensions are now disabled
at compile time if the soft float ABI is enabled
* Fixed a regression in the SIMD feature detection code,
introduced by the AVX2 SIMD extensions
* Fixed out-of-bounds read in cjpeg that occurred when attempting
to compress a specially-crafted malformed color-index
(8-bit-per-sample) Targa file
- update to version 2.0.1:
* jsimd_quantize_float_dspr2() and jsimd_convsamp_float_dspr2()
functions in the MIPS DSPr2 SIMD extensions are now disabled
at compile time if the soft float ABI is enabled
* Fixed a regression in the SIMD feature detection code,
introduced by the AVX2 SIMD extensions
* Fixed out-of-bounds read in cjpeg that occurred when attempting
to compress a specially-crafted malformed color-index
(8-bit-per-sample) Targa file
OBS-URL: https://build.opensuse.org/request/show/648719
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/libjpeg-turbo?expand=0&rev=43
* jsimd_quantize_float_dspr2() and jsimd_convsamp_float_dspr2()
functions in the MIPS DSPr2 SIMD extensions are now disabled
at compile time if the soft float ABI is enabled
* Fixed a regression in the SIMD feature detection code,
introduced by the AVX2 SIMD extensions
* Fixed out-of-bounds read in cjpeg that occurred when attempting
to compress a specially-crafted malformed color-index
(8-bit-per-sample) Targa file
- update to version 2.0.1:
* jsimd_quantize_float_dspr2() and jsimd_convsamp_float_dspr2()
functions in the MIPS DSPr2 SIMD extensions are now disabled
at compile time if the soft float ABI is enabled
* Fixed a regression in the SIMD feature detection code,
introduced by the AVX2 SIMD extensions
* Fixed out-of-bounds read in cjpeg that occurred when attempting
to compress a specially-crafted malformed color-index
(8-bit-per-sample) Targa file
OBS-URL: https://build.opensuse.org/package/show/graphics/libjpeg-turbo?expand=0&rev=85
- Version update to 2.0.0:
* Cmake as a buildsystem
* avx support
* Better error handling
* More use of SSE2
- Drop patch libjpeg-1.4.0-ocloexec.patch; conflicts, would be better
handled by upstream anyway
- Drop patches merged upstream:
* libjpeg-turbo-CVE-2018-11813.patch
* libjpeg-turbo-CVE-2018-1152.patch
- Version update to 2.0.0:
* Cmake as a buildsystem
* avx support
* Better error handling
* More use of SSE2
- Drop patch libjpeg-1.4.0-ocloexec.patch; conflicts, would be better
handled by upstream anyway
- Drop patches merged upstream:
* libjpeg-turbo-CVE-2018-11813.patch
* libjpeg-turbo-CVE-2018-1152.patch (forwarded request 626889 from scarabeus_iv)
OBS-URL: https://build.opensuse.org/request/show/626896
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/libjpeg-turbo?expand=0&rev=40
- Version update to 2.0.0:
* Cmake as a buildsystem
* avx support
* Better error handling
* More use of SSE2
- Drop patch libjpeg-1.4.0-ocloexec.patch; conflicts, would be better
handled by upstream anyway
- Drop patches merged upstream:
* libjpeg-turbo-CVE-2018-11813.patch
* libjpeg-turbo-CVE-2018-1152.patch
- Version update to 2.0.0:
* Cmake as a buildsystem
* avx support
* Better error handling
* More use of SSE2
- Drop patch libjpeg-1.4.0-ocloexec.patch; conflicts, would be better
handled by upstream anyway
- Drop patches merged upstream:
* libjpeg-turbo-CVE-2018-11813.patch
* libjpeg-turbo-CVE-2018-1152.patch
OBS-URL: https://build.opensuse.org/request/show/626889
OBS-URL: https://build.opensuse.org/package/show/graphics/libjpeg-turbo?expand=0&rev=79
- - update to version 1.5.3
1. Fixed a NullPointerException in the TurboJPEG Java wrapper that occurred
when using the YUVImage constructor that creates an instance backed by separate
image planes and allocates memory for the image planes.
2. Fixed an issue whereby the Java version of TJUnitTest would fail when
testing BufferedImage encoding/decoding on big endian systems.
3. Fixed a segfault in djpeg that would occur if an output format other than
PPM/PGM was selected along with the `-crop` option. The `-crop` option now
works with the GIF and Targa formats as well (unfortunately, it cannot be made
to work with the BMP and RLE formats due to the fact that those output engines
write scanlines in bottom-up order.) djpeg will now exit gracefully if an
output format other than PPM/PGM, GIF, or Targa is selected along with the
`-crop` option.
4. Fixed an issue whereby `jpeg_skip_scanlines()` would segfault if color
quantization was enabled.
5. TJBench (both C and Java versions) will now display usage information if any
command-line argument is unrecognized. This prevents the program from silently
ignoring typos.
6. Fixed an access violation in tjbench.exe (Windows) that occurred when the
program was used to decompress an existing JPEG image.
7. Fixed an ArrayIndexOutOfBoundsException in the TJExample Java program that
occurred when attempting to decompress a JPEG image that had been compressed
with 4:1:1 chrominance subsampling.
8. Fixed an issue whereby, when using `jpeg_skip_scanlines()` to skip to the
end of a single-scan (non-progressive) image, subsequent calls to
`jpeg_consume_input()` would return `JPEG_SUSPENDED` rather than
`JPEG_REACHED_EOI`.
9. `jpeg_crop_scanlines()` now works correctly when decompressing grayscale
JPEG images that were compressed with a sampling factor other than 1 (for
instance, with `cjpeg -grayscale -sample 2x2`).
OBS-URL: https://build.opensuse.org/request/show/558098
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/libjpeg-turbo?expand=0&rev=38
1. Fixed a NullPointerException in the TurboJPEG Java wrapper that occurred
when using the YUVImage constructor that creates an instance backed by separate
image planes and allocates memory for the image planes.
2. Fixed an issue whereby the Java version of TJUnitTest would fail when
testing BufferedImage encoding/decoding on big endian systems.
3. Fixed a segfault in djpeg that would occur if an output format other than
PPM/PGM was selected along with the `-crop` option. The `-crop` option now
works with the GIF and Targa formats as well (unfortunately, it cannot be made
to work with the BMP and RLE formats due to the fact that those output engines
write scanlines in bottom-up order.) djpeg will now exit gracefully if an
output format other than PPM/PGM, GIF, or Targa is selected along with the
`-crop` option.
4. Fixed an issue whereby `jpeg_skip_scanlines()` would segfault if color
quantization was enabled.
5. TJBench (both C and Java versions) will now display usage information if any
command-line argument is unrecognized. This prevents the program from silently
ignoring typos.
6. Fixed an access violation in tjbench.exe (Windows) that occurred when the
program was used to decompress an existing JPEG image.
7. Fixed an ArrayIndexOutOfBoundsException in the TJExample Java program that
occurred when attempting to decompress a JPEG image that had been compressed
with 4:1:1 chrominance subsampling.
8. Fixed an issue whereby, when using `jpeg_skip_scanlines()` to skip to the
end of a single-scan (non-progressive) image, subsequent calls to
`jpeg_consume_input()` would return `JPEG_SUSPENDED` rather than
`JPEG_REACHED_EOI`.
9. `jpeg_crop_scanlines()` now works correctly when decompressing grayscale
JPEG images that were compressed with a sampling factor other than 1 (for
instance, with `cjpeg -grayscale -sample 2x2`).
OBS-URL: https://build.opensuse.org/package/show/graphics/libjpeg-turbo?expand=0&rev=73
1. Fixed a NullPointerException in the TurboJPEG Java wrapper that occurred
when using the YUVImage constructor that creates an instance backed by separate
image planes and allocates memory for the image planes.
2. Fixed an issue whereby the Java version of TJUnitTest would fail when
testing BufferedImage encoding/decoding on big endian systems.
3. Fixed a segfault in djpeg that would occur if an output format other than
PPM/PGM was selected along with the `-crop` option. The `-crop` option now
works with the GIF and Targa formats as well (unfortunately, it cannot be made
to work with the BMP and RLE formats due to the fact that those output engines
write scanlines in bottom-up order.) djpeg will now exit gracefully if an
output format other than PPM/PGM, GIF, or Targa is selected along with the
`-crop` option.
4. Fixed an issue whereby `jpeg_skip_scanlines()` would segfault if color
quantization was enabled.
5. TJBench (both C and Java versions) will now display usage information if any
command-line argument is unrecognized. This prevents the program from silently
ignoring typos.
6. Fixed an access violation in tjbench.exe (Windows) that occurred when the
program was used to decompress an existing JPEG image.
7. Fixed an ArrayIndexOutOfBoundsException in the TJExample Java program that
occurred when attempting to decompress a JPEG image that had been compressed
with 4:1:1 chrominance subsampling.
8. Fixed an issue whereby, when using `jpeg_skip_scanlines()` to skip to the
end of a single-scan (non-progressive) image, subsequent calls to
`jpeg_consume_input()` would return `JPEG_SUSPENDED` rather than
`JPEG_REACHED_EOI`.
9. `jpeg_crop_scanlines()` now works correctly when decompressing grayscale
JPEG images that were compressed with a sampling factor other than 1 (for
instance, with `cjpeg -grayscale -sample 2x2`).
OBS-URL: https://build.opensuse.org/package/show/graphics/libjpeg-turbo?expand=0&rev=72
- security update:
* CVE-2017-15232 [bsc#1062937]
+ libjpeg-turbo-CVE-2017-15232.patch
- Update to version 1.5.2
+ Fixed several memory leaks in the TurboJPEG API library that
could occur if the library was built with certain compilers
and optimization levels.
+ The libjpeg-turbo memory manager will now honor the
max_memory_to_use structure member in jpeg_memory_mgr,
which can be set to the maximum amount of memory (in bytes)
that libjpeg-turbo should use during decompression or
multi-pass (including progressive) compression. This limit
can also be set using the JPEGMEM environment variable or
using the -maxmemory switch in cjpeg/djpeg/jpegtran.
+ TJBench will now run each benchmark for 1 second prior to
starting the timer, in order to improve the consistency of
the results. Furthermore, the -warmup option is now used to
specify the amount of warmup time rather than the number of
warmup iterations.
+ Fixed an error (short jump is out of range) that occurred
when assembling the 32-bit x86 SIMD extensions with NASM
versions prior to 2.04.
+ Fixed a regression introduced by 1.5 beta1[11] that prevented
the Java version of TJBench from outputting any reference images
(the -nowrite switch was accidentally enabled by default.)
libjpeg-turbo should now build and run with full AltiVec SIMD
acceleration on PowerPC-based AmigaOS 4 and OpenBSD systems.
- security update:
OBS-URL: https://build.opensuse.org/request/show/533647
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/libjpeg-turbo?expand=0&rev=37
+ Fixed several memory leaks in the TurboJPEG API library that
could occur if the library was built with certain compilers
and optimization levels.
+ The libjpeg-turbo memory manager will now honor the
max_memory_to_use structure member in jpeg_memory_mgr,
which can be set to the maximum amount of memory (in bytes)
that libjpeg-turbo should use during decompression or
multi-pass (including progressive) compression. This limit
can also be set using the JPEGMEM environment variable or
using the -maxmemory switch in cjpeg/djpeg/jpegtran.
+ TJBench will now run each benchmark for 1 second prior to
starting the timer, in order to improve the consistency of
the results. Furthermore, the -warmup option is now used to
specify the amount of warmup time rather than the number of
warmup iterations.
+ Fixed an error (short jump is out of range) that occurred
when assembling the 32-bit x86 SIMD extensions with NASM
versions prior to 2.04.
+ Fixed a regression introduced by 1.5 beta1[11] that prevented
the Java version of TJBench from outputting any reference images
(the -nowrite switch was accidentally enabled by default.)
libjpeg-turbo should now build and run with full AltiVec SIMD
acceleration on PowerPC-based AmigaOS 4 and OpenBSD systems.
- Update to version 1.5.2
+ Fixed several memory leaks in the TurboJPEG API library that
could occur if the library was built with certain compilers
and optimization levels.
+ The libjpeg-turbo memory manager will now honor the
OBS-URL: https://build.opensuse.org/package/show/graphics/libjpeg-turbo?expand=0&rev=69
- Update to version 1.5.1
+ Fix for PowerPC platforms lacking AltiVec instructions
+ Fix ABI problem with clang/llvm on aarch64.
+ Fancy upsampling is now supported when decompressing JPEG
images that use 4:4:0 (h1v2) chroma subsampling.
+ If merged upsampling isn't SIMD-accelerated but YCbCr-to-RGB
conversion is, then libjpeg-turbo will now disable merged
upsampling when decompressing YCbCr JPEG images into RGB
or extended RGB output images. This significantly speeds up
the decompression of 4:2:0 and 4:2:2 JPEGs on ARM platforms
if fancy upsampling is not used
(for example, if the -nosmooth option to djpeg is specified.)
+ The TurboJPEG API will now decompress 4:2:2 and 4:4:0 JPEG
images with 2x2 luminance sampling factors and 2x1 or 1x2
chrominance sampling factors.
+ Fixed an unsigned integer overflow in the libjpeg memory manager.
+ Fixed additional negative left shifts and other issues reported
by the GCC and Clang undefined behavior sanitizers when
attempting to decompress specially-crafted malformed JPEG
images. None of these issues posed a security threat, but
removing the warnings makes it easier to detect actual
security issues, should they arise in the future.
+ Fixed an out-of-bounds array reference, introduced by
1.4.902 and detected by the Clang undefined behavior sanitizer,
that could be triggered by a specially-crafted malformed
JPEG image with more than four components. Because the
out-of-bounds reference was still within the same structure,
it was not known to pose a security threat, but removing
the warning makes it easier to detect actual security issues,
should they arise in the future.
OBS-URL: https://build.opensuse.org/request/show/429280
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/libjpeg-turbo?expand=0&rev=33
+ Fix for PowerPC platforms lacking AltiVec instructions
+ Fix ABI problem with clang/llvm on aarch64.
+ Fancy upsampling is now supported when decompressing JPEG
images that use 4:4:0 (h1v2) chroma subsampling.
+ If merged upsampling isn't SIMD-accelerated but YCbCr-to-RGB
conversion is, then libjpeg-turbo will now disable merged
upsampling when decompressing YCbCr JPEG images into RGB
or extended RGB output images. This significantly speeds up
the decompression of 4:2:0 and 4:2:2 JPEGs on ARM platforms
if fancy upsampling is not used
(for example, if the -nosmooth option to djpeg is specified.)
+ The TurboJPEG API will now decompress 4:2:2 and 4:4:0 JPEG
images with 2x2 luminance sampling factors and 2x1 or 1x2
chrominance sampling factors.
+ Fixed an unsigned integer overflow in the libjpeg memory manager.
+ Fixed additional negative left shifts and other issues reported
by the GCC and Clang undefined behavior sanitizers when
attempting to decompress specially-crafted malformed JPEG
images. None of these issues posed a security threat, but
removing the warnings makes it easier to detect actual
security issues, should they arise in the future.
+ Fixed an out-of-bounds array reference, introduced by
1.4.902 and detected by the Clang undefined behavior sanitizer,
that could be triggered by a specially-crafted malformed
JPEG image with more than four components. Because the
out-of-bounds reference was still within the same structure,
it was not known to pose a security threat, but removing
the warning makes it easier to detect actual security issues,
should they arise in the future.
OBS-URL: https://build.opensuse.org/package/show/graphics/libjpeg-turbo?expand=0&rev=61
- Update to version 1.5.0
+ Fixed an issue whereby a malformed motion-JPEG frame could
cause the "fast path" of libjpeg-turbo's Huffman decoder to
read from uninitialized memory.
+ Added libjpeg-turbo version and build information to the global
string table of the libjpeg and TurboJPEG API libraries.
+ Fixed a couple of issues in the PPM reader that would cause
buffer overruns in cjpeg if one of the values in a binary
PPM/PGM input file exceeded the maximum value defined in the
file's header. libjpeg-turbo 1.4.2 already included a similar
fix for ASCII PPM/PGM files. Note that these issues were not
security bugs, since they were confined to the cjpeg program
and did not affect any of the libjpeg-turbo libraries.
+ Fixed an issue whereby attempting to decompress a JPEG file with
a corrupt header using the tjDecompressToYUV2() function would
cause the function to abort without returning an error and,
under certain circumstances, corrupt the stack. This only
occurred if tjDecompressToYUV2() was called prior to calling
tjDecompressHeader3(), or if the return value from
tjDecompressHeader3() was ignored (both cases represent
incorrect usage of the TurboJPEG API.)
+ The jpeg_stdio_src(), jpeg_mem_src(), jpeg_stdio_dest(),
and jpeg_mem_dest() functions in the libjpeg API will now
throw an error if a source/destination manager has already
been assigned to the compress or decompress object by a
different function or by the calling program.
- Update to version 1.5.0
+ Fixed an issue whereby a malformed motion-JPEG frame could
cause the "fast path" of libjpeg-turbo's Huffman decoder to
OBS-URL: https://build.opensuse.org/request/show/400622
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/libjpeg-turbo?expand=0&rev=32
+ Fixed an issue whereby a malformed motion-JPEG frame could
cause the "fast path" of libjpeg-turbo's Huffman decoder to
read from uninitialized memory.
+ Added libjpeg-turbo version and build information to the global
string table of the libjpeg and TurboJPEG API libraries.
+ Fixed a couple of issues in the PPM reader that would cause
buffer overruns in cjpeg if one of the values in a binary
PPM/PGM input file exceeded the maximum value defined in the
file's header. libjpeg-turbo 1.4.2 already included a similar
fix for ASCII PPM/PGM files. Note that these issues were not
security bugs, since they were confined to the cjpeg program
and did not affect any of the libjpeg-turbo libraries.
+ Fixed an issue whereby attempting to decompress a JPEG file with
a corrupt header using the tjDecompressToYUV2() function would
cause the function to abort without returning an error and,
under certain circumstances, corrupt the stack. This only
occurred if tjDecompressToYUV2() was called prior to calling
tjDecompressHeader3(), or if the return value from
tjDecompressHeader3() was ignored (both cases represent
incorrect usage of the TurboJPEG API.)
+ The jpeg_stdio_src(), jpeg_mem_src(), jpeg_stdio_dest(),
and jpeg_mem_dest() functions in the libjpeg API will now
throw an error if a source/destination manager has already
been assigned to the compress or decompress object by a
different function or by the calling program.
- Update to version 1.5.0
+ Fixed an issue whereby a malformed motion-JPEG frame could
cause the "fast path" of libjpeg-turbo's Huffman decoder to
OBS-URL: https://build.opensuse.org/package/show/graphics/libjpeg-turbo?expand=0&rev=59
- Update to version 1.4.2
+ Crash fixes
+ clang compatibility fixes
+ See the included ChangeLog.txt for the details
- Drop libjpeg-turbo-1.4.0-int32.patch, not needed anymore.
- Drop libjpeg-turbo-remove-test.patch, fixed upstream.
- Update to version 1.4.2
+ Crash fixes
+ clang compatibility fixes
+ See the included ChangeLog.txt for the details
- Drop libjpeg-turbo-1.4.0-int32.patch, not needed anymore.
OBS-URL: https://build.opensuse.org/request/show/369636
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/libjpeg-turbo?expand=0&rev=31
