Petr Gajdos
6a32bbef39
* CVE-2018-11813 [bsc#1096209] + libjpeg-turbo-CVE-2018-11813.patch * remove redundant libjpeg-turbo-CVE-2017-15232.patch [bsc#1062937#c17] - security update: * CVE-2018-11813 [bsc#1096209] + libjpeg-turbo-CVE-2018-11813.patch * remove redundant libjpeg-turbo-CVE-2017-15232.patch [bsc#1062937#c17] OBS-URL: https://build.opensuse.org/package/show/graphics/libjpeg-turbo?expand=0&rev=75
414 lines
20 KiB
Plaintext
414 lines
20 KiB
Plaintext
-------------------------------------------------------------------
|
|
Tue Jun 12 13:34:11 UTC 2018 - pgajdos@suse.com
|
|
|
|
- security update:
|
|
* CVE-2018-11813 [bsc#1096209]
|
|
+ libjpeg-turbo-CVE-2018-11813.patch
|
|
* remove redundant libjpeg-turbo-CVE-2017-15232.patch
|
|
[bsc#1062937#c17]
|
|
|
|
-------------------------------------------------------------------
|
|
Mon Dec 18 13:07:03 UTC 2017 - pgajdos@suse.com
|
|
|
|
- update to version 1.5.3
|
|
1. Fixed a NullPointerException in the TurboJPEG Java wrapper that occurred
|
|
when using the YUVImage constructor that creates an instance backed by separate
|
|
image planes and allocates memory for the image planes.
|
|
2. Fixed an issue whereby the Java version of TJUnitTest would fail when
|
|
testing BufferedImage encoding/decoding on big endian systems.
|
|
3. Fixed a segfault in djpeg that would occur if an output format other than
|
|
PPM/PGM was selected along with the `-crop` option. The `-crop` option now
|
|
works with the GIF and Targa formats as well (unfortunately, it cannot be made
|
|
to work with the BMP and RLE formats due to the fact that those output engines
|
|
write scanlines in bottom-up order.) djpeg will now exit gracefully if an
|
|
output format other than PPM/PGM, GIF, or Targa is selected along with the
|
|
`-crop` option.
|
|
4. Fixed an issue whereby `jpeg_skip_scanlines()` would segfault if color
|
|
quantization was enabled.
|
|
5. TJBench (both C and Java versions) will now display usage information if any
|
|
command-line argument is unrecognized. This prevents the program from silently
|
|
ignoring typos.
|
|
6. Fixed an access violation in tjbench.exe (Windows) that occurred when the
|
|
program was used to decompress an existing JPEG image.
|
|
7. Fixed an ArrayIndexOutOfBoundsException in the TJExample Java program that
|
|
occurred when attempting to decompress a JPEG image that had been compressed
|
|
with 4:1:1 chrominance subsampling.
|
|
8. Fixed an issue whereby, when using `jpeg_skip_scanlines()` to skip to the
|
|
end of a single-scan (non-progressive) image, subsequent calls to
|
|
`jpeg_consume_input()` would return `JPEG_SUSPENDED` rather than
|
|
`JPEG_REACHED_EOI`.
|
|
9. `jpeg_crop_scanlines()` now works correctly when decompressing grayscale
|
|
JPEG images that were compressed with a sampling factor other than 1 (for
|
|
instance, with `cjpeg -grayscale -sample 2x2`).
|
|
|
|
|
|
-------------------------------------------------------------------
|
|
Thu Oct 12 10:59:03 UTC 2017 - pgajdos@suse.com
|
|
|
|
- security update:
|
|
* CVE-2017-15232 [bsc#1062937]
|
|
+ libjpeg-turbo-CVE-2017-15232.patch
|
|
|
|
-------------------------------------------------------------------
|
|
Thu Oct 12 10:22:05 UTC 2017 - pgajdos@suse.com
|
|
|
|
- Update to version 1.5.2
|
|
+ Fixed several memory leaks in the TurboJPEG API library that
|
|
could occur if the library was built with certain compilers
|
|
and optimization levels.
|
|
+ The libjpeg-turbo memory manager will now honor the
|
|
max_memory_to_use structure member in jpeg_memory_mgr,
|
|
which can be set to the maximum amount of memory (in bytes)
|
|
that libjpeg-turbo should use during decompression or
|
|
multi-pass (including progressive) compression. This limit
|
|
can also be set using the JPEGMEM environment variable or
|
|
using the -maxmemory switch in cjpeg/djpeg/jpegtran.
|
|
+ TJBench will now run each benchmark for 1 second prior to
|
|
starting the timer, in order to improve the consistency of
|
|
the results. Furthermore, the -warmup option is now used to
|
|
specify the amount of warmup time rather than the number of
|
|
warmup iterations.
|
|
+ Fixed an error (short jump is out of range) that occurred
|
|
when assembling the 32-bit x86 SIMD extensions with NASM
|
|
versions prior to 2.04.
|
|
+ Fixed a regression introduced by 1.5 beta1[11] that prevented
|
|
the Java version of TJBench from outputting any reference images
|
|
(the -nowrite switch was accidentally enabled by default.)
|
|
libjpeg-turbo should now build and run with full AltiVec SIMD
|
|
acceleration on PowerPC-based AmigaOS 4 and OpenBSD systems.
|
|
|
|
-------------------------------------------------------------------
|
|
Thu Jun 15 10:50:53 UTC 2017 - jbohac@suse.com
|
|
|
|
- mention the included utilities (djpeg, jpegtran, rdjpgcom,
|
|
tjbench, and wrjpgcom) in the package description.
|
|
|
|
-------------------------------------------------------------------
|
|
Wed Jan 18 10:07:29 UTC 2017 - bwiedemann@suse.com
|
|
|
|
- set build date to enable reproducible builds
|
|
|
|
-------------------------------------------------------------------
|
|
Wed Sep 21 10:50:36 UTC 2016 - idonmez@suse.com
|
|
|
|
- Update to version 1.5.1 fate#324061
|
|
+ Fix for PowerPC platforms lacking AltiVec instructions
|
|
+ Fix ABI problem with clang/llvm on aarch64.
|
|
+ Fancy upsampling is now supported when decompressing JPEG
|
|
images that use 4:4:0 (h1v2) chroma subsampling.
|
|
+ If merged upsampling isn't SIMD-accelerated but YCbCr-to-RGB
|
|
conversion is, then libjpeg-turbo will now disable merged
|
|
upsampling when decompressing YCbCr JPEG images into RGB
|
|
or extended RGB output images. This significantly speeds up
|
|
the decompression of 4:2:0 and 4:2:2 JPEGs on ARM platforms
|
|
if fancy upsampling is not used
|
|
(for example, if the -nosmooth option to djpeg is specified.)
|
|
+ The TurboJPEG API will now decompress 4:2:2 and 4:4:0 JPEG
|
|
images with 2x2 luminance sampling factors and 2x1 or 1x2
|
|
chrominance sampling factors.
|
|
+ Fixed an unsigned integer overflow in the libjpeg memory manager.
|
|
+ Fixed additional negative left shifts and other issues reported
|
|
by the GCC and Clang undefined behavior sanitizers when
|
|
attempting to decompress specially-crafted malformed JPEG
|
|
images. None of these issues posed a security threat, but
|
|
removing the warnings makes it easier to detect actual
|
|
security issues, should they arise in the future.
|
|
+ Fixed an out-of-bounds array reference, introduced by
|
|
1.4.902 and detected by the Clang undefined behavior sanitizer,
|
|
that could be triggered by a specially-crafted malformed
|
|
JPEG image with more than four components. Because the
|
|
out-of-bounds reference was still within the same structure,
|
|
it was not known to pose a security threat, but removing
|
|
the warning makes it easier to detect actual security issues,
|
|
should they arise in the future.
|
|
|
|
-------------------------------------------------------------------
|
|
Wed Jun 8 07:53:26 UTC 2016 - idonmez@suse.com
|
|
|
|
- Update to version 1.5.0
|
|
+ Fixed an issue whereby a malformed motion-JPEG frame could
|
|
cause the "fast path" of libjpeg-turbo's Huffman decoder to
|
|
read from uninitialized memory.
|
|
+ Added libjpeg-turbo version and build information to the global
|
|
string table of the libjpeg and TurboJPEG API libraries.
|
|
+ Fixed a couple of issues in the PPM reader that would cause
|
|
buffer overruns in cjpeg if one of the values in a binary
|
|
PPM/PGM input file exceeded the maximum value defined in the
|
|
file's header. libjpeg-turbo 1.4.2 already included a similar
|
|
fix for ASCII PPM/PGM files. Note that these issues were not
|
|
security bugs, since they were confined to the cjpeg program
|
|
and did not affect any of the libjpeg-turbo libraries.
|
|
+ Fixed an issue whereby attempting to decompress a JPEG file with
|
|
a corrupt header using the tjDecompressToYUV2() function would
|
|
cause the function to abort without returning an error and,
|
|
under certain circumstances, corrupt the stack. This only
|
|
occurred if tjDecompressToYUV2() was called prior to calling
|
|
tjDecompressHeader3(), or if the return value from
|
|
tjDecompressHeader3() was ignored (both cases represent
|
|
incorrect usage of the TurboJPEG API.)
|
|
+ The jpeg_stdio_src(), jpeg_mem_src(), jpeg_stdio_dest(),
|
|
and jpeg_mem_dest() functions in the libjpeg API will now
|
|
throw an error if a source/destination manager has already
|
|
been assigned to the compress or decompress object by a
|
|
different function or by the calling program.
|
|
|
|
-------------------------------------------------------------------
|
|
Thu Oct 8 07:56:34 UTC 2015 - idonmez@suse.com
|
|
|
|
- Update to version 1.4.2
|
|
+ Crash fixes
|
|
+ clang compatibility fixes
|
|
+ See the included ChangeLog.txt for the details
|
|
- Drop libjpeg-turbo-1.4.0-int32.patch, not needed anymore.
|
|
|
|
-------------------------------------------------------------------
|
|
Thu Mar 5 11:43:27 UTC 2015 - jengelh@inai.de
|
|
|
|
- Remove useless same-name provides. Use download URLs not
|
|
dependent on directory structure.
|
|
|
|
-------------------------------------------------------------------
|
|
Mon Mar 2 16:24:05 UTC 2015 - normand@linux.vnet.ibm.com
|
|
|
|
- Remove float tests with new libjpeg-turbo-remove-test.patch
|
|
same as Fedora bug 1161585 related to upstream issue
|
|
https://sourceforge.net/p/libjpeg-turbo/bugs/83/
|
|
|
|
-------------------------------------------------------------------
|
|
Sat Jan 10 00:39:57 UTC 2015 - p.drouand@gmail.com
|
|
|
|
- Update to version 1.4.0
|
|
+ Fixed a build issue on OS X PowerPC platforms (md5cmp failed to build
|
|
because OS X does not provide the le32toh() and htole32() functions.)
|
|
+ The non-SIMD RGB565 color conversion code did not work correctly on big
|
|
endian machines. This has been fixed.
|
|
+ Fixed an issue in tjPlaneSizeYUV() whereby it would erroneously return 1
|
|
instead of -1 if componentID was > 0 and subsamp was TJSAMP_GRAY.
|
|
+ Fixed an issue in tjBufSizeYUV2() wherby it would erroneously return 0
|
|
instead of -1 if width was < 1.
|
|
+ The Huffman encoder now uses clz and bsr instructions for bit counting on
|
|
ARM64 platforms (see 1.4 beta1 [5].)
|
|
+ The close() method in the TJCompressor and TJDecompressor Java classes is
|
|
now idempotent. Previously, that method would call the native tjDestroy()
|
|
function even if the TurboJPEG instance had already been destroyed. This
|
|
caused an exception to be thrown during finalization, if the close() method had
|
|
already been called. The exception was caught, but it was still an expensive
|
|
operation.
|
|
+ The TurboJPEG API previously generated an error ("Could not determine
|
|
subsampling type for JPEG image") when attempting to decompress grayscale JPEG
|
|
images that were compressed with a sampling factor other than 1 (for instance,
|
|
with 'cjpeg -grayscale -sample 2x2'). Subsampling technically has no meaning
|
|
with grayscale JPEGs, and thus the horizontal and vertical sampling factors
|
|
for such images are ignored by the decompressor. However, the TurboJPEG API
|
|
was being too rigid and was expecting the sampling factors to be equal to 1
|
|
before it treated the image as a grayscale JPEG.
|
|
+ cjpeg, djpeg, and jpegtran now accept an argument of -version, which will
|
|
print the library version and exit.
|
|
+ Referring to 1.4 beta1 [15], another extremely rare circumstance was
|
|
discovered under which the Huffman encoder's local buffer can be overrun
|
|
when a buffered destination manager is being used and an
|
|
extremely-high-frequency block (basically junk image data) is being encoded.
|
|
Even though the Huffman local buffer was increased from 128 bytes to 136 bytes
|
|
to address the previous issue, the new issue caused even the larger buffer to
|
|
be overrun. Further analysis reveals that, in the absolute worst case (such as
|
|
setting alternating AC coefficients to 32767 and -32768 in the JPEG scanning
|
|
order), the Huffman encoder can produce encoded blocks that approach double the
|
|
size of the unencoded blocks. Thus, the Huffman local buffer was increased to
|
|
256 bytes, which should prevent any such issue from re-occurring in the future.
|
|
+ The new tjPlaneSizeYUV(), tjPlaneWidth(), and tjPlaneHeight() functions
|
|
were not actually usable on any platform except OS X and Windows, because
|
|
those functions were not included in the libturbojpeg mapfile. This has been
|
|
fixed.
|
|
+ Restored the JPP(), JMETHOD(), and FAR macros in the libjpeg-turbo header
|
|
files. The JPP() and JMETHOD() macros were originally implemented in libjpeg
|
|
as a way of supporting non-ANSI compilers that lacked support for prototype
|
|
parameters. libjpeg-turbo has never supported such compilers, but some
|
|
software packages still use the macros to define their own prototypes.
|
|
Similarly, libjpeg-turbo has never supported MS-DOS and other platforms that
|
|
have far symbols, but some software packages still use the FAR macro. A pretty
|
|
good argument can be made that this is a bad practice on the part of the
|
|
software in question, but since this affects more than one package, it's just
|
|
easier to fix it here.
|
|
+ Fixed issues that were preventing the ARM 64-bit SIMD code from compiling
|
|
for iOS, and included an ARMv8 architecture in all of the binaries installed by
|
|
the "official" libjpeg-turbo SDK for OS X.
|
|
- Adapt patches to upstream changes
|
|
libjpeg-ocloexec.patch > libjpeg-1.4.0-ocloexec.patch
|
|
libjpeg-turbo-1.3.0-int32.patch > libjpeg-turbo-1.4.0-int32.patch
|
|
- Remove libjpeg-turbo-CVE-2014-9092.patch; fixed on upstream release
|
|
- Bump tminor to 1
|
|
|
|
-------------------------------------------------------------------
|
|
Thu Nov 27 09:49:28 UTC 2014 - pgajdos@suse.com
|
|
|
|
- security update CVE-2014-9092 [bnc#906761]
|
|
* added libjpeg-turbo-CVE-2014-9092.patch
|
|
|
|
-------------------------------------------------------------------
|
|
Tue Oct 7 07:31:55 UTC 2014 - coolo@suse.com
|
|
|
|
- to obsolete old versions better use obsoletes
|
|
|
|
-------------------------------------------------------------------
|
|
Sat Oct 4 14:57:19 UTC 2014 - olaf@aepfle.de
|
|
|
|
- add Conflicts: libjpeg-6.2.0 to libjpeg62 to obsolete old version
|
|
and to avoid file conflicts
|
|
|
|
-------------------------------------------------------------------
|
|
Mon Mar 31 09:32:32 UTC 2014 - pgajdos@suse.com
|
|
|
|
- update to 1.3.1:
|
|
* Fixed a bug whereby attempting to encode a progressive JPEG
|
|
with arithmetic entropy coding (by passing arguments of
|
|
-progressive -arithmetic to cjpeg or jpegtran, for instance)
|
|
would result in an error, "Requested feature was omitted at
|
|
compile time".
|
|
* Fixed a couple of issues whereby malformed JPEG images would
|
|
cause libjpeg-turbo to use uninitialized memory during
|
|
decompression.
|
|
* Fixed an error ("Buffer passed to JPEG library is too small")
|
|
that occurred when calling the TurboJPEG YUV encoding function
|
|
with a very small (< 5x5) source image, and added a unit test
|
|
to check for this error.
|
|
* etc. see ChangeLog.txt
|
|
|
|
-------------------------------------------------------------------
|
|
Tue Sep 10 12:51:24 UTC 2013 - pgajdos@suse.com
|
|
|
|
- update do 1.3.0:
|
|
* Fixed a Huffman encoder bug that prevented I/O suspension from
|
|
working properly.
|
|
* Added support for additional scaling factors (3/8, 5/8, 3/4,
|
|
7/8, 9/8, 5/4, 11/8, 3/2, 13/8, 7/4, 15/8, and 2) when
|
|
decompressing. Note that the IDCT will not be SIMD-accelerated
|
|
when using any of these new scaling factors.
|
|
* The tjDecompressToYUV() function now supports the TJFLAG_FASTDCT
|
|
flag.
|
|
* cjpeg can now be used to generate JPEG files with the RGB
|
|
colorspace (feature ported from jpeg-8d.)
|
|
* etc. see ChangeLog.txt
|
|
|
|
-------------------------------------------------------------------
|
|
Fri Jun 14 09:24:19 UTC 2013 - pgajdos@suse.com
|
|
|
|
- by change from Wed Mar 6 11:19:02 UTC 2013, libjpeg62-turbo
|
|
do not provide any binaries, so it should not provide jpeg
|
|
|
|
-------------------------------------------------------------------
|
|
Mon May 27 18:22:46 UTC 2013 - crrodriguez@opensuse.org
|
|
|
|
- Build with full RELRO as this library is exposed to·
|
|
possible malicious images.
|
|
|
|
-------------------------------------------------------------------
|
|
Wed Mar 6 11:19:02 UTC 2013 - pgajdos@suse.com
|
|
|
|
- remove
|
|
%{_bindir}/*
|
|
%doc %{_mandir}/man1/*
|
|
https://bugzilla.novell.com/show_bug.cgi?id=807183#c14
|
|
|
|
-------------------------------------------------------------------
|
|
Wed Mar 6 07:58:46 UTC 2013 - pgajdos@suse.com
|
|
|
|
- libjpeg62-turbo package created [bnc#807183]
|
|
|
|
-------------------------------------------------------------------
|
|
Mon Aug 13 17:05:35 UTC 2012 - dmueller@suse.com
|
|
|
|
- selfconflicts are not possible, remove it
|
|
|
|
-------------------------------------------------------------------
|
|
Mon Jul 23 11:33:56 UTC 2012 - pgajdos@suse.com
|
|
|
|
- Update to version 1.2.1:
|
|
* fixed heap overflow [bnc#771791]
|
|
|
|
-------------------------------------------------------------------
|
|
Thu Mar 22 13:25:09 UTC 2012 - idonmez@suse.com
|
|
|
|
- Update to version 1.2.0
|
|
* Fixed out-of-bounds read in SSE2 SIMD code
|
|
* Added a compile-time macro (LIBJPEG_TURBO_VERSION) that can
|
|
be used to check the version of libjpeg-turbo against which
|
|
an application was compiled.
|
|
* Added new RGBA/BGRA/ABGR/ARGB colorspace extension constants
|
|
* libjpeg-turbo will now correctly decompress erroneous
|
|
CMYK/YCCK JPEGs whose K component is assigned a component ID
|
|
of 1 instead of 4.
|
|
* Added SIMD routines for RGB-to-grayscale color conversion
|
|
* Improved the performance of the C color conversion routines
|
|
* Added a function to the TurboJPEG API that performs lossless
|
|
transforms.
|
|
* Added support for 4:4:0 (transposed 4:2:2) subsampling
|
|
|
|
-------------------------------------------------------------------
|
|
Sat Nov 19 20:38:03 UTC 2011 - coolo@suse.com
|
|
|
|
- add libtool as buildrequire to avoid implicit dependency
|
|
|
|
-------------------------------------------------------------------
|
|
Sat Nov 12 22:54:58 UTC 2011 - crrodriguez@opensuse.org
|
|
|
|
- Open all file descriptors with O_CLOEXEC, extended description
|
|
in the patch file.
|
|
|
|
-------------------------------------------------------------------
|
|
Thu May 19 14:44:56 CEST 2011 - pgajdos@suse.cz
|
|
|
|
- updated to 1.1.1:
|
|
* Fixed a 1-pixel error in row 0, column 21 of the luminance
|
|
plane generated by tjEncodeYUV().
|
|
* libjpeg-turbo's accelerated Huffman decoder previously
|
|
ignored unexpected markers found in the middle of the
|
|
JPEG data stream during decompression. It will now
|
|
hand off decoding of a particular block to the unaccelerated
|
|
Huffman decoder if an unexpected marker is found, so that
|
|
the unaccelerated Huffman decoder can generate an appropriate
|
|
warning.
|
|
* Fixed a bug in jpeg_read_coefficients() whereby it would
|
|
not initialize cinfo->image_width and cinfo->image_height
|
|
if libjpeg v7 or v8 emulation was enabled. This specifically
|
|
caused the jpegoptim program to fail if it was linked against
|
|
a version of libjpeg-turbo that was built with libjpeg v7 or
|
|
v8 emulation.
|
|
* Eliminated excessive I/O overhead that occurred when reading
|
|
BMP files in cjpeg.
|
|
*
|
|
|
|
-------------------------------------------------------------------
|
|
Thu Mar 3 13:53:18 CET 2011 - pgajdos@suse.cz
|
|
|
|
- updated to 1.1.0:
|
|
* Added further protections against invalid Huffman codes.
|
|
* Added an extended version of tjDecompressHeader().
|
|
* Added arithmetic encoding and decoding support.
|
|
* TurboJPEG/OSS can now compress from/decompress to
|
|
grayscale bitmaps.
|
|
* Added emulation of the libjpeg v7 and v8 APIs and ABIs.
|
|
* Added two new TurboJPEG API functions, tjEncodeYUV() and
|
|
tjDecompressToYUV().
|
|
* The TurboJPEG dynamic library now uses versioned symbols.
|
|
* Fixed visual artifacts in grayscale JPEG compression
|
|
caused by a typo in the RGB-to-chrominance lookup tables.
|
|
- see ChangeLog.txt for details.
|
|
- removed upstreamed jpegtran.patch and rh639672.patch
|
|
|
|
-------------------------------------------------------------------
|
|
Tue Dec 14 14:32:56 CET 2010 - pgajdos@suse.cz
|
|
|
|
- spec file cleanup
|
|
|
|
-------------------------------------------------------------------
|
|
Fri Dec 10 13:02:58 UTC 2010 - pgajdos@novell.com
|
|
|
|
- this jpeg version will be the default to the prejudice of jpeg8
|
|
from now on
|
|
|
|
-------------------------------------------------------------------
|
|
Sun Nov 7 12:53:26 UTC 2010 - prusnak@opensuse.org
|
|
|
|
- created package based on Fedora one (v 1.0.1)
|
|
|