|
|
|
|
Changelog for libjpeg-turbo-3.0.4-lp155.83.1.x86_64.rpm :
* Sat Sep 28 2024 Dirk Müller - update to 3.0.4: * Fixed an issue whereby the CPU usage of the default marker processor in the decompressor grew exponentially with the number of markers. This caused an unreasonable slow-down in `jpeg_read_header()` if an application called `jpeg_save_markers()` to save markers of a particular type and then attempted to decompress a JPEG image containing an excessive number of markers of that type. * Hardened the default marker processor in the decompressor to guard against an issue (exposed by 3.0 beta2[6]) whereby attempting to decompress a specially-crafted malformed JPEG image (specifically an image with a complete 12-bit-per-sample Start Of Frame segment followed by an incomplete 8-bit-per-sample Start Of Frame segment) using buffered-image mode and input prefetching caused a segfault if the `fill_input_buffer()` method in the calling application\'s custom source manager incorrectly returned `FALSE` in response to a prematurely-terminated JPEG data stream. * Fixed an issue in cjpeg whereby, when generating a 12-bit-per-sample or 16-bit-per-sample lossless JPEG image, specifying a point transform value greater than 7 resulted in an error (\"Invalid progressive/lossless parameters\") unless the `-precision` option was specified before the `-lossless` option. * Fixed a regression introduced by 3.0.3[3] that made it impossible for calling applications to generate 12-bit-per-sample arithmetic-coded lossy JPEG images using the TurboJPEG API. * Fixed an error (\"Destination buffer is not large enough\") that occurred when attempting to generate a full-color lossless JPEG image using the TurboJPEG Java API\'s `byte[] TJCompressor.compress()` method if the value of `TJ.PARAM_SUBSAMP` was not `TJ.SAMP_444`. * Fixed a segfault in djpeg that occurred if a negative width was specified with the `-crop` option. Since the cropping region width was read into an unsigned 32-bit integer, a negative width was interpreted as a very large value. With certain negative width and positive left boundary values, the bounds checks in djpeg and `jpeg_crop_scanline()` overflowed and did not detect the out-of-bounds width, which caused a buffer overrun in the upsampling or color conversion routine. Both bounds checks now use 64-bit integers to guard against overflow, and djpeg now checks for negative numbers when it parses the crop specification from the command line. * Fixed an issue whereby the TurboJPEG lossless transformation function and methods checked the specified cropping region against the source image dimensions and level of chrominance subsampling rather than the destination image dimensions and level of chrominance subsampling, which caused some cropping regions to be unduly rejected when performing 90-degree rotation, 270-degree rotation, transposition, transverse transposition, or grayscale conversion. * Fixed an issue whereby the TurboJPEG lossless transformation function and methods did not honor `TJXOPT_COPYNONE`/`TJTransform.OPT_COPYNONE` unless it was specified for all lossless transforms. * Sat Aug 31 2024 Dirk Müller - update to 3.0.3: * The x86-64 SIMD extensions now include support for Intel Control-flow Enforcement Technology (CET), which is enabled automatically if CET is enabled in the C compiler. * Fixed a regression introduced by 3.0 beta2[6] that made it impossible for calling applications to supply custom Huffman tables when generating 12-bit-per-component lossy JPEG images using the libjpeg API. * Fixed a segfault that occurred when attempting to use the jpegtran `-drop` option with a specially-crafted malformed input image or drop image (specifically an image in which all of the scans contain fewer components than the number of components specified in the Start Of Frame segment.) * Mon Feb 05 2024 Martin Hauke - Update to version 3.0.2 * Fixed a signed integer overflow in the tj3CompressFromYUV8(), tj3DecodeYUV8(), tj3DecompressToYUV8(), and tj3EncodeYUV8() functions, detected by the Clang and GCC undefined behavior sanitizers, that could be triggered by setting the align parameter to an unreasonably large value. This issue did not pose a security threat, but removing the warning made it easier to detect actual security issues, should they arise in the future. * Introduced a new parameter (TJPARAM_MAXMEMORY in the TurboJPEG C API and TJ.PARAM_MAXMEMORY in the TurboJPEG Java API) and a corresponding TJBench option (-maxmemory) for specifying the maximum amount of memory (in megabytes) that will be allocated for intermediate buffers, which are used with progressive JPEG compression and decompression, optimized baseline entropy coding, lossless JPEG compression, and lossless transformation. The new parameter and option serve the same purpose as the max_memory_to_use field in the jpeg_memory_mgr struct in the libjpeg API, the JPEGMEM environment variable, and the cjpeg/djpeg/jpegtran -maxmemory option. * Introduced a new parameter (TJPARAM_MAXPIXELS in the TurboJPEG C API and TJ.PARAM_MAXPIXELS in the TurboJPEG Java API) and a corresponding TJBench option (-maxpixels) for specifying the maximum number of pixels that the decompression, lossless transformation, and packed-pixel image loading functions/methods will process. * Fixed an error (\"Unsupported color conversion request\") that occurred when attempting to decompress a 3-component lossless JPEG image without an Adobe APP14 marker. The decompressor now assumes that a 3-component lossless JPEG image without an Adobe APP14 marker uses the RGB colorspace if its component IDs are 1, 2, and 3. * Mon Jan 15 2024 Andreas Schwab - Do not require SIMD support when it does not exist * Mon Jan 01 2024 Dirk Müller - update to 3.0.1 (bsc#1211542, CVE-2023-2804): * The x86-64 SIMD functions now use a standard stack frame, prologue, and epilogue so that debuggers and profilers can reliably capture backtraces from within the functions. * Fixed two minor issues in the interblock smoothing algorithm that caused mathematical (but not necessarily perceptible) edge block errors when decompressing progressive JPEG images exactly two MCU blocks in width or that use vertical chrominance subsampling. * The TurboJPEG API now supports 4:4:1 (transposed 4:1:1) chrominance subsampling, which allows losslessly transposed or rotated 4:1:1 JPEG images to be losslessly cropped, partially decompressed, or decompressed to planar YUV images. * Fixed various segfaults and buffer overruns (CVE-2023-2804) * that occurred when attempting to decompress various specially-crafted malformed 12-bit-per-component and 16-bit-per-component lossless JPEG images using color quantization or merged chroma upsampling/color conversion. The underlying cause of these issues was that the color quantization and merged chroma upsampling/color conversion algorithms were not designed with lossless decompression in mind. Since libjpeg-turbo explicitly does not support color conversion when compressing or decompressing lossless JPEG images, merged chroma upsampling/color conversion never should have been enabled for such images. Color quantization is a legacy feature that serves little or no purpose with lossless JPEG images, so it is also now disabled when decompressing such images. (As a result, djpeg can no longer decompress a lossless JPEG image into a GIF image.) * Fixed an oversight in 1.4 beta1[8] that caused various segfaults and buffer overruns when attempting to decompress various specially-crafted malformed 12-bit-per-component JPEG images using djpeg with both color quantization and RGB565 color conversion enabled. * Fixed an issue whereby `jpeg_crop_scanline()` sometimes miscalculated the downsampled width for components with 4x2 or 2x4 subsampling factors if decompression scaling was enabled. This caused the components to be upsampled incompletely, which caused the color converter to read from uninitialized memory. With 12-bit data precision, this caused a buffer overrun or underrun and subsequent segfault if the sample value read from uninitialized memory was outside of the valid sample range. * Fixed a long-standing issue whereby the `tj3Transform()` function, when used with the `TJXOP_TRANSPOSE`, `TJXOP_TRANSVERSE`, `TJXOP_ROT90`, or `TJXOP_ROT270` transform operation and without automatic JPEG destination buffer (re)allocation or lossless cropping, computed the worst-case transformed JPEG image size based on the source image dimensions rather than the transformed image dimensions. If a calling program allocated the JPEG destination buffer based on the transformed image dimensions, as the API documentation instructs, and attempted to transform a specially-crafted 4:2:2, 4:4:0, 4:1:1, or 4:4:1 JPEG source image containing a large amount of metadata, the issue caused `tj3Transform()` to overflow the JPEG destination buffer rather than fail gracefully. The issue could be worked around by setting `TJXOPT_COPYNONE`. Note that, irrespective of this issue, `tj3Transform()` cannot reliably transform JPEG source images that contain a large amount of metadata unless automatic JPEG destination buffer (re)allocation is used or `TJXOPT_COPYNONE` is set. * Significantly sped up the computation of optimal Huffman tables. This speeds up the compression of tiny images by as much as 2x and provides a noticeable speedup for images as large as 256x256 when using optimal Huffman tables. * All deprecated fields, constructors, and methods in the TurboJPEG Java API have been removed. * Arithmetic entropy coding is now supported with 12-bit-per-component JPEG images. * Overhauled the TurboJPEG API to address long-standing limitations and to make the API more extensible and intuitive. * Fri Jun 23 2023 pgajdosAATTsuse.com- merge two spec files into one * Thu May 04 2023 Dominique Leuenberger - Add _multibuild to define 2nd spec file as additional flavor. Eliminates the need for source package links in OBS. * Wed Mar 08 2023 Martin Pluskal - Build AVX2 enabled hwcaps library for x86_64-v3 * Tue Feb 21 2023 Paolo Stivanin - update to 2.1.5.1: * Fixed a regression introduced by 2.0 beta1[15] that caused a buffer overrun in the progressive Huffman encoder when attempting to transform a specially-crafted malformed 12-bit-per-component JPEG image into a progressive 12-bit-per-component JPEG image using a 12-bit-per-component build of libjpeg-turbo. * Fixed an issue whereby, when using a 12-bit-per-component build of libjpeg-turbo (-DWITH_12BIT=1), passing samples with values greater than 4095 or less than 0 to jpeg_write_scanlines() caused a buffer overrun or underrun in the RGB-to-YCbCr color converter. * Fixed a floating point exception that occurred when attempting to use the jpegtran -drop and -trim options to losslessly transform a specially-crafted malformed JPEG image. * Fixed an issue in tjBufSizeYUV2() whereby it returned a bogus result, rather than throwing an error, if the align parameter was not a power of 2. * Fixed a similar issue in tjCompressFromYUV() whereby it generated a corrupt JPEG image in certain cases, rather than throwing an error, if the align parameter was not a power of 2. * Fixed an issue whereby tjDecompressToYUV2(), which is a wrapper for tjDecompressToYUVPlanes(), used the desired YUV image dimensions rather than the actual scaled image dimensions when computing the plane pointers and strides to pass to tjDecompressToYUVPlanes(). This caused a buffer overrun and subsequent segfault if the desired image dimensions exceeded the scaled image dimensions. * Fixed an issue whereby, when decompressing a 12-bit-per-component JPEG image (-DWITH_12BIT=1) using an alpha-enabled output color space such as JCS_EXT_RGBA, the alpha channel was set to 255 rather than 4095. * Fixed an issue whereby the Java version of TJBench did not accept a range of quality values. * Fixed an issue whereby, when -progressive was passed to TJBench, the JPEG input image was not transformed into a progressive JPEG image prior to decompression. * Sat Dec 24 2022 Dirk Stoecker - Add explicit provides for jpegtran, so it can be installed easier * Wed Aug 17 2022 Dirk Müller - update to 2.1.4: * The `tjDecompressHeader3()` function in the TurboJPEG C API and the `TJDecompressor.setSourceImage()` method in the TurboJPEG Java API now accept \"abbreviated table specification\" (AKA \"tables-only\") datastreams, which can be used to prime the decompressor with quantization and Huffman tables that can be used when decompressing subsequent \"abbreviated image\" datastreams. * libjpeg-turbo now performs run-time detection of AltiVec instructions on OS X/PowerPC systems if AltiVec instructions are not enabled at compile time. This allows both AltiVec-equipped (PowerPC G4 and G5) and non-AltiVec-equipped (PowerPC G3) CPUs to be supported using the same build of libjpeg-turbo. * Fixed an error (\"Bogus virtual array access\") that occurred when attempting to decompress a progressive JPEG image with a height less than or equal to one iMCU (8 * the vertical sampling factor) using buffered-image mode with interblock smoothing enabled. * Fixed two issues that prevented partial image decompression from working properly with buffered-image mode: - Attempting to call `jpeg_crop_scanline()` after `jpeg_start_decompress()` but before `jpeg_start_output()` resulted in an error (\"Improper call to JPEG library in state 207\".) - Attempting to use `jpeg_skip_scanlines()` resulted in an error (\"Bogus virtual array access\") under certain circumstances. * Mon Aug 15 2022 Tom Mbrt - update to 2.1.4: * Fixed a regression introduced in 2.1.3 that caused build failures with Visual Studio 2010. * The tjDecompressHeader3() function in the TurboJPEG C API and the TJDecompressor.setSourceImage() method in the TurboJPEG Java API now accept \"abbreviated table specification\" (AKA \"tables-only\") datastreams, which can be used to prime the decompressor with quantization and Huffman tables that can be used when decompressing subsequent \"abbreviated image\" datastreams. * libjpeg-turbo now performs run-time detection of AltiVec instructions on OS X/PowerPC systems if AltiVec instructions are not enabled at compile time. This allows both AltiVec-equipped (PowerPC G4 and G5) and non-AltiVec-equipped (PowerPC G3) CPUs to be supported using the same build of libjpeg-turbo. * Fixed an error (\"Bogus virtual array access\") that occurred when attempting to decompress a progressive JPEG image with a height less than or equal to one iMCU (8 * the vertical sampling factor) using buffered-image mode with interblock smoothing enabled. This was a regression introduced by 2.1 beta1[6(b)]. * Fixed two issues that prevented partial image decompression from working properly with buffered-image mode: * Attempting to call jpeg_crop_scanline() after jpeg_start_decompress() but before jpeg_start_output() resulted in an error (\"Improper call to JPEG library in state 207\".) * Attempting to use jpeg_skip_scanlines() resulted in an error (\"Bogus virtual array access\") under certain circumstances. * Tue Jul 05 2022 Jan Engelhardt - Add requires between baselibs * Mon Apr 18 2022 Cristian Rodríguez - Use nasm instead of yasm, the latter has not released any update in 7 years. * Sun Mar 20 2022 Dirk Müller - update to 2.1.3: * Fixed a regression introduced by 2.0 beta1[7] whereby cjpeg compressed PGM input files into full-color JPEG images unless the `-grayscale` option was used. * cjpeg now automatically compresses GIF and 8-bit BMP input files into grayscale JPEG images if the input files contain only shades of gray. * The build system now enables the intrinsics implementation of the AArch64 (Arm 64-bit) Neon SIMD extensions by default when using GCC 12 or later. * Fixed a segfault that occurred while decompressing a 4:2:0 JPEG image using the merged (non-fancy) upsampling algorithms (that is, with `cinfo.do_fancy_upsampling` set to `FALSE`) along with `jpeg_crop_scanline()`. Specifically, the segfault occurred if the number of bytes remaining in the output buffer was less than the number of bytes required to represent one uncropped scanline of the output image. For that reason, the issue could only be reproduced using the libjpeg API, not using djpeg. * Wed Nov 24 2021 Dirk Müller - update to 2.1.2: * Fixed a regression introduced by 2.1 beta1[13] that caused the remaining GAS implementations of AArch64 (Arm 64-bit) Neon SIMD functions (which are used by default with GCC for performance reasons) to be placed in the `.rodata` section rather than in the `.text` section. This caused the GNU linker to automatically place the `.rodata` section in an executable segment, which prevented libjpeg-turbo from working properly with other linkers and also represented a potential security risk. * Fixed an issue whereby the `tjTransform()` function incorrectly computed the MCU block size for 4:4:4 JPEG images with non-unary sampling factors and thus unduly rejected some cropping regions, even though those regions aligned with 8x8 MCU block boundaries. * Fixed a regression introduced by 2.1 beta1[13] that caused the build system to enable the Arm Neon SIMD extensions when targetting Armv6 and other legacy architectures that do not support Neon instructions. * libjpeg-turbo now performs run-time detection of AltiVec instructions on FreeBSD/PowerPC systems if AltiVec instructions are not enabled at compile time. This allows both AltiVec-equipped and non-AltiVec-equipped CPUs to be supported using the same build of libjpeg-turbo. * cjpeg now accepts a `-strict` argument similar to that of djpeg and jpegtran, which causes the compressor to abort if an LZW-compressed GIF input image contains incomplete or corrupt image data. * Wed Sep 29 2021 pgajdosAATTsuse.com- previous version updates fixes following bugs: CVE-2014-9092, CVE-2018-14498, CVE-2019-2201, CVE-2020-17541 (bsc#1128712, bsc#1186764, bsc#807183, bsc#906761) * Fri Aug 20 2021 pgajdosAATTsuse.com- version update to 2.1.1 1. Fixed a regression introduced in 2.1.0 that caused build failures with non-GCC-compatible compilers for Un *x/Arm platforms. 2. Fixed a regression introduced by 2.1 beta1[13] that prevented the Arm 32-bit (AArch32) Neon SIMD extensions from building unless the C compiler flags included -mfloat-abi=softfp or -mfloat-abi=hard. 3. Fixed an issue in the AArch32 Neon SIMD Huffman encoder whereby reliance on undefined C compiler behavior led to crashes (\"SIGBUS: illegal alignment\") on Android systems when running AArch32/Thumb builds of libjpeg-turbo built with recent versions of Clang. 4. Added a command-line argument (-copy icc) to jpegtran that causes it to copy only the ICC profile markers from the source file and discard any other metadata. 5. libjpeg-turbo should now build and run on CHERI-enabled architectures, which use capability pointers that are larger than the size of size_t. 6. Fixed a regression introduced by 2.1 beta1[5] that caused a segfault in the 64-bit SSE2 Huffman encoder when attempting to losslessly transform a specially-crafted malformed JPEG image. * Tue May 04 2021 Dirk Müller - disable SIMD for armv6hl, not available * Mon Apr 26 2021 Guillaume GARDET - version update to 2.1.0 lot of changes, see * https://github.com/libjpeg-turbo/libjpeg-turbo/releases/tag/2.0.90 * https://github.com/libjpeg-turbo/libjpeg-turbo/releases/tag/2.1.0 * Mon Jan 11 2021 Andreas Schwab - Fix setting of FLOATTEST * Mon Dec 28 2020 pgajdosAATTsuse.com- version update to 2.0.6 1. Fixed \"using JNI after critical get\" errors that occurred on Android platforms when using any of the YUV encoding/compression/decompression/decoding methods in the TurboJPEG Java API. 2. Fixed or worked around multiple issues with `jpeg_skip_scanlines()`: - Fixed segfaults or \"Corrupt JPEG data: premature end of data segment\" errors in `jpeg_skip_scanlines()` that occurred when decompressing 4:2:2 or 4:2:0 JPEG images using merged (non-fancy) upsampling/color conversion (that is, when setting `cinfo.do_fancy_upsampling` to `FALSE`.) 2.0.0[6] was a similar fix, but it did not cover all cases. - `jpeg_skip_scanlines()` now throws an error if two-pass color quantization is enabled. Two-pass color quantization never worked properly with `jpeg_skip_scanlines()`, and the issues could not readily be fixed. - Fixed an issue whereby `jpeg_skip_scanlines()` always returned 0 when skipping past the end of an image. 3. The Arm 64-bit (Armv8) Neon SIMD extensions can now be built using MinGW toolchains targetting Arm64 (AArch64) Windows binaries. 4. Fixed unexpected visual artifacts that occurred when using `jpeg_crop_scanline()` and interblock smoothing while decompressing only the DC scan of a progressive JPEG image. 5. Fixed an issue whereby libjpeg-turbo would not build if 12-bit-per-component JPEG support (`WITH_12BIT`) was enabled along with libjpeg v7 or libjpeg v8 API/ABI emulation (`WITH_JPEG7` or `WITH_JPEG8`.)- modified sources % libjpeg-turbo.keyring * Wed Aug 12 2020 Matthias Eliasson - Update to version 2.0.5 * Worked around issues in the MIPS DSPr2 SIMD extensions that caused failures in the libjpeg-turbo regression tests. Specifically, the jsimd_h2v1_downsample_dspr2() and jsimd_h2v2_downsample_dspr2() functions in the MIPS DSPr2 SIMD extensions are now disabled until/unless they can be fixed, and other functions that are incompatible with big endian MIPS CPUs are disabled when building libjpeg-turbo for such CPUs. * Fixed an oversight in the TJCompressor.compress(int) method in the TurboJPEG Java API that caused an error (\"java.lang.IllegalStateException: No source image is associated with this instance\") when attempting to use that method to compress a YUV image. * Fixed an issue (CVE-2020-13790) in the PPM reader that caused a buffer overrun in cjpeg, TJBench, or the tjLoadImage() function if one of the values in a binary PPM/PGM input file exceeded the maximum value defined in the file\'s header and that maximum value was less than 255. libjpeg-turbo 1.5.0 already included a similar fix for binary PPM/PGM files with maximum values greater than 255. * The TurboJPEG API library\'s global error handler, which is used in functions such as tjBufSize() and tjLoadImage() that do not require a TurboJPEG instance handle, is now thread-safe on platforms that support thread-local storage.- Fix source verification- Drop patches fixed upstream: * ctest-depends.patch * libjpeg-turbo-CVE-2020-13790.patch- Run spec-cleaner * Remove package groups * Use make macros * Mon Jun 08 2020 pgajdosAATTsuse.com- security update- added patches fix CVE-2020-13790 [bsc#1172491], heap-based buffer over-read in get_rgb_row() in rdppm.c via a malformed PPM input file + libjpeg-turbo-CVE-2020-13790.patch * Sun Mar 29 2020 Aaron Stern - Upate to version 2.0.4:- bug 388 was fixed upstream https://github.com/libjpeg-turbo/libjpeg-turbo/issues/388- removed patches, as it is included in this release. * Fixed a regression in the Windows packaging system (introduced by 2.0 beta1[2]) whereby, if both the 64-bit libjpeg-turbo SDK for GCC and the 64-bit libjpeg-turbo SDK for Visual C++ were installed on the same system, only one of them could be uninstalled. * Fixed a signed integer overflow and subsequent segfault that occurred when attempting to decompress images with more than 715827882 pixels using the 64-bit C version of TJBench. * Fixed out-of-bounds write in tjDecompressToYUV2() and tjDecompressToYUVPlanes() (sometimes manifesting as a double free) that occurred when attempting to decompress grayscale JPEG images that were compressed with a sampling factor other than 1 (for instance, with cjpeg -grayscale -sample 2x2). * Fixed a regression introduced by 2.0.2[5] that caused the TurboJPEG API to incorrectly identify some JPEG images with unusual sampling factors as 4:4:4 JPEG images. This was known to cause a buffer overflow when attempting to decompress some such images using tjDecompressToYUV2() or tjDecompressToYUVPlanes(). * Fixed an issue, detected by ASan, whereby attempting to losslessly transform a specially-crafted malformed JPEG image containing an extremely-high-frequency coefficient block (junk image data that could never be generated by a legitimate JPEG compressor) could cause the Huffman encoder\'s local buffer to be overrun. (Refer to 1.4.0[9] and 1.4beta1[15].) Given that the buffer overrun was fully contained within the stack and did not cause a segfault or other user-visible errant behavior, and given that the lossless transformer (unlike the decompressor) is not generally exposed to arbitrary data exploits, this issue did not likely pose a security risk. The ARM 64-bit (ARMv8) NEON SIMD assembly code now stores constants in a separate read-only data section rather than in the text section, to support execute-only memory layouts.- libjpeg-turbo-issue-388.patch upstreamed * Tue Mar 17 2020 John Whately - Added If statments for Fedora not having sertain openSUSE macros * Tue Nov 12 2019 pgajdosAATTsuse.com- fix upstream bug 388 [bsc#1156402]- added patches https://github.com/libjpeg-turbo/libjpeg-turbo/issues/388 + libjpeg-turbo-issue-388.patch * Sat Oct 05 2019 Bjørn Lie - Update to version 2.0.3: * Fixed \"using JNI after critical get\" errors that occurred on Android platforms when passing invalid arguments to certain methods in the TurboJPEG Java API. * Fixed a regression in the SIMD feature detection code, introduced by the AVX2 SIMD extensions (2.0 beta1), that was known to cause an illegal instruction exception, in rare cases, on CPUs that lack support for CPUID leaf (or on which the maximum CPUID leaf has been limited by way of a BIOS setting.) * The 4:4:0 (h1v2) fancy (smooth) chroma upsampling algorithm in the decompressor now uses a similar bias pattern to that of the 4:2:2 (h2v1) fancy chroma upsampling algorithm, rounding up or down the upsampled result for alternate pixels rather than always rounding down. This ensures that, regardless of whether a 4:2:2 JPEG image is rotated or transposed prior to decompression (in the frequency domain) or after decompression (in the spatial domain), the final image will be similar. * Fixed an integer overflow and subsequent segfault that occurred when attempting to compress or decompress images with more than 1 billion pixels using the TurboJPEG API. * Fixed a regression introduced by 2.0 beta1[15] whereby attempting to generate a progressive JPEG image on an SSE2-capable CPU using a scan script containing one or more scans with lengths divisible by 16 would result in an error (\"Missing Huffman code table entry\") and an invalid JPEG image. * Fixed an issue whereby `tjDecodeYUV()` and `tjDecodeYUVPlanes()` would throw an error (\"Invalid progressive parameters\") or a warning (\"Inconsistent progression sequence\") if passed a TurboJPEG instance that was previously used to decompress a progressive JPEG image. * Wed Mar 27 2019 pgajdosAATTsuse.com- use -O0 for debugging like everywhere (better experience) * Wed Mar 13 2019 pgajdosAATTsuse.com- updated to version 2.0.2: 1. Fixed a regression introduced by 2.0.1[5] that prevented a runtime search path (rpath) from being embedded in the libjpeg-turbo shared libraries and executables for macOS and iOS. This caused a fatal error of the form \"dyld: Library not loaded\" when attempting to use one of the executables, unless `DYLD_LIBRARY_PATH` was explicitly set to the location of the libjpeg-turbo shared libraries. 2. Fixed an integer overflow and subsequent segfault (CVE-2018-20330) that occurred when attempting to load a BMP file with more than 1 billion pixels using the `tjLoadImage()` function. 3. Fixed a buffer overrun (CVE-2018-19664) that occurred when attempting to decompress a specially-crafted malformed JPEG image to a 256-color BMP using djpeg. 4. Fixed a floating point exception that occurred when attempting to decompress a specially-crafted malformed JPEG image with a specified image width or height of 0 using the C version of TJBench. 5. The TurboJPEG API will now decompress 4:4:4 JPEG images with 2x1, 1x2, 3x1, or 1x3 luminance and chrominance sampling factors. This is a non-standard way of specifying 1x subsampling (normally 4:4:4 JPEGs have 1x1 luminance and chrominance sampling factors), but the JPEG format and the libjpeg API both allow it. 6. Fixed a regression introduced by 2.0 beta1[7] that caused djpeg to generate incorrect PPM images when used with the `-colors` option. 7. Fixed an issue whereby a static build of libjpeg-turbo (a build in which `ENABLE_SHARED` is `0`) could not be installed using the Visual Studio IDE. 8. Fixed a severe performance issue in the Loongson MMI SIMD extensions that occurred when compressing RGB images whose image rows were not 64-bit-aligned.- modified patches % ctest-depends.patch (refreshed)- deleted patches - libjpeg-turbo-CVE-2018-19644.patch (upstreamed) - libjpeg-turbo-CVE-2018-20330.patch (upstreamed)- added sources + libjpeg-turbo-2.0.2.tar.gz.sig + libjpeg-turbo.keyring * Thu Jan 24 2019 Jan Engelhardt - Use -Og for debug_build * Thu Jan 03 2019 Petr Gajdos - security update * CVE-2018-20330 [bsc#1120646] + libjpeg-turbo-CVE-2018-20330.patch * Wed Jan 02 2019 Petr Gajdos - security update * CVE-2018-19644 [bsc#1117890] + libjpeg-turbo-CVE-2018-19644.patch * Mon Dec 03 2018 Petr Gajdos - asan_build: build ASAN included- debug_build: build more suitable for debugging * Tue Nov 13 2018 Petr Gajdos - update to version 2.0.1: * jsimd_quantize_float_dspr2() and jsimd_convsamp_float_dspr2() functions in the MIPS DSPr2 SIMD extensions are now disabled at compile time if the soft float ABI is enabled * Fixed a regression in the SIMD feature detection code, introduced by the AVX2 SIMD extensions * Fixed out-of-bounds read in cjpeg that occurred when attempting to compress a specially-crafted malformed color-index (8-bit-per-sample) Targa file * Mon Sep 24 2018 schwabAATTsuse.de- Define FLOATTEST=64bit on ppc- ctest-depends.patch: Add missing testsuite depedencies * Wed Aug 08 2018 jengelhAATTinai.de- Update description and switch out MMX/SSE by the more generic term SIMD. * Wed Aug 01 2018 tchvatalAATTsuse.com- Version update to 2.0.0: * Cmake as a buildsystem * avx support * Better error handling * More use of SSE2- Drop patch libjpeg-1.4.0-ocloexec.patch; conflicts, would be better handled by upstream anyway- Drop patches merged upstream: * libjpeg-turbo-CVE-2018-11813.patch * libjpeg-turbo-CVE-2018-1152.patch * Tue Jun 19 2018 pgajdosAATTsuse.com- security update: * CVE-2018-1152 [bsc#1098155] + libjpeg-turbo-CVE-2018-1152.patch * Tue Jun 12 2018 pgajdosAATTsuse.com- security update: * CVE-2018-11813 [bsc#1096209] + libjpeg-turbo-CVE-2018-11813.patch * remove redundant libjpeg-turbo-CVE-2017-15232.patch [bsc#1062937#c17] * Mon Dec 18 2017 pgajdosAATTsuse.com- - update to version 1.5.3 1. Fixed a NullPointerException in the TurboJPEG Java wrapper that occurred when using the YUVImage constructor that creates an instance backed by separate image planes and allocates memory for the image planes. 2. Fixed an issue whereby the Java version of TJUnitTest would fail when testing BufferedImage encoding/decoding on big endian systems. 3. Fixed a segfault in djpeg that would occur if an output format other than PPM/PGM was selected along with the `-crop` option. The `-crop` option now works with the GIF and Targa formats as well (unfortunately, it cannot be made to work with the BMP and RLE formats due to the fact that those output engines write scanlines in bottom-up order.) djpeg will now exit gracefully if an output format other than PPM/PGM, GIF, or Targa is selected along with the `-crop` option. 4. Fixed an issue whereby `jpeg_skip_scanlines()` would segfault if color quantization was enabled. 5. TJBench (both C and Java versions) will now display usage information if any command-line argument is unrecognized. This prevents the program from silently ignoring typos. 6. Fixed an access violation in tjbench.exe (Windows) that occurred when the program was used to decompress an existing JPEG image. 7. Fixed an ArrayIndexOutOfBoundsException in the TJExample Java program that occurred when attempting to decompress a JPEG image that had been compressed with 4:1:1 chrominance subsampling. 8. Fixed an issue whereby, when using `jpeg_skip_scanlines()` to skip to the end of a single-scan (non-progressive) image, subsequent calls to `jpeg_consume_input()` would return `JPEG_SUSPENDED` rather than `JPEG_REACHED_EOI`. 9. `jpeg_crop_scanlines()` now works correctly when decompressing grayscale JPEG images that were compressed with a sampling factor other than 1 (for instance, with `cjpeg -grayscale -sample 2x2`). * Thu Oct 12 2017 pgajdosAATTsuse.com- security update: * CVE-2017-15232 [bsc#1062937] + libjpeg-turbo-CVE-2017-15232.patch * Thu Oct 12 2017 pgajdosAATTsuse.com- Update to version 1.5.2 + Fixed several memory leaks in the TurboJPEG API library that could occur if the library was built with certain compilers and optimization levels. + The libjpeg-turbo memory manager will now honor the max_memory_to_use structure member in jpeg_memory_mgr, which can be set to the maximum amount of memory (in bytes) that libjpeg-turbo should use during decompression or multi-pass (including progressive) compression. This limit can also be set using the JPEGMEM environment variable or using the -maxmemory switch in cjpeg/djpeg/jpegtran. + TJBench will now run each benchmark for 1 second prior to starting the timer, in order to improve the consistency of the results. Furthermore, the -warmup option is now used to specify the amount of warmup time rather than the number of warmup iterations. + Fixed an error (short jump is out of range) that occurred when assembling the 32-bit x86 SIMD extensions with NASM versions prior to 2.04. + Fixed a regression introduced by 1.5 beta1[11] that prevented the Java version of TJBench from outputting any reference images (the -nowrite switch was accidentally enabled by default.) libjpeg-turbo should now build and run with full AltiVec SIMD acceleration on PowerPC-based AmigaOS 4 and OpenBSD systems. * Wed Jan 18 2017 bwiedemannAATTsuse.com- set build date to enable reproducible builds * Wed Sep 21 2016 idonmezAATTsuse.com- Update to version 1.5.1 fate#324061 + Fix for PowerPC platforms lacking AltiVec instructions + Fix ABI problem with clang/llvm on aarch64. + Fancy upsampling is now supported when decompressing JPEG images that use 4:4:0 (h1v2) chroma subsampling. + If merged upsampling isn\'t SIMD-accelerated but YCbCr-to-RGB conversion is, then libjpeg-turbo will now disable merged upsampling when decompressing YCbCr JPEG images into RGB or extended RGB output images. This significantly speeds up the decompression of 4:2:0 and 4:2:2 JPEGs on ARM platforms if fancy upsampling is not used (for example, if the -nosmooth option to djpeg is specified.) + The TurboJPEG API will now decompress 4:2:2 and 4:4:0 JPEG images with 2x2 luminance sampling factors and 2x1 or 1x2 chrominance sampling factors. + Fixed an unsigned integer overflow in the libjpeg memory manager. + Fixed additional negative left shifts and other issues reported by the GCC and Clang undefined behavior sanitizers when attempting to decompress specially-crafted malformed JPEG images. None of these issues posed a security threat, but removing the warnings makes it easier to detect actual security issues, should they arise in the future. + Fixed an out-of-bounds array reference, introduced by 1.4.902 and detected by the Clang undefined behavior sanitizer, that could be triggered by a specially-crafted malformed JPEG image with more than four components. Because the out-of-bounds reference was still within the same structure, it was not known to pose a security threat, but removing the warning makes it easier to detect actual security issues, should they arise in the future. * Wed Jun 08 2016 idonmezAATTsuse.com- Update to version 1.5.0 + Fixed an issue whereby a malformed motion-JPEG frame could cause the \"fast path\" of libjpeg-turbo\'s Huffman decoder to read from uninitialized memory. + Added libjpeg-turbo version and build information to the global string table of the libjpeg and TurboJPEG API libraries. + Fixed a couple of issues in the PPM reader that would cause buffer overruns in cjpeg if one of the values in a binary PPM/PGM input file exceeded the maximum value defined in the file\'s header. libjpeg-turbo 1.4.2 already included a similar fix for ASCII PPM/PGM files. Note that these issues were not security bugs, since they were confined to the cjpeg program and did not affect any of the libjpeg-turbo libraries. + Fixed an issue whereby attempting to decompress a JPEG file with a corrupt header using the tjDecompressToYUV2() function would cause the function to abort without returning an error and, under certain circumstances, corrupt the stack. This only occurred if tjDecompressToYUV2() was called prior to calling tjDecompressHeader3(), or if the return value from tjDecompressHeader3() was ignored (both cases represent incorrect usage of the TurboJPEG API.) + The jpeg_stdio_src(), jpeg_mem_src(), jpeg_stdio_dest(), and jpeg_mem_dest() functions in the libjpeg API will now throw an error if a source/destination manager has already been assigned to the compress or decompress object by a different function or by the calling program. * Thu Oct 08 2015 idonmezAATTsuse.com- Update to version 1.4.2 + Crash fixes + clang compatibility fixes + See the included ChangeLog.txt for the details- Drop libjpeg-turbo-1.4.0-int32.patch, not needed anymore.- Drop libjpeg-turbo-remove-test.patch, fixed upstream. * Thu Mar 05 2015 jengelhAATTinai.de- Remove useless same-name provides. Use download URLs not dependent on directory structure. * Mon Mar 02 2015 normandAATTlinux.vnet.ibm.com- Remove float tests with new libjpeg-turbo-remove-test.patch same as Fedora bug 1161585 related to upstream issue https://sourceforge.net/p/libjpeg-turbo/bugs/83/ * Sat Jan 10 2015 p.drouandAATTgmail.com- Update to version 1.4.0 + Fixed a build issue on OS X PowerPC platforms (md5cmp failed to build because OS X does not provide the le32toh() and htole32() functions.) + The non-SIMD RGB565 color conversion code did not work correctly on big endian machines. This has been fixed. + Fixed an issue in tjPlaneSizeYUV() whereby it would erroneously return 1 instead of -1 if componentID was > 0 and subsamp was TJSAMP_GRAY. + Fixed an issue in tjBufSizeYUV2() wherby it would erroneously return 0 instead of -1 if width was < 1. + The Huffman encoder now uses clz and bsr instructions for bit counting on ARM64 platforms (see 1.4 beta1 [5].) + The close() method in the TJCompressor and TJDecompressor Java classes is now idempotent. Previously, that method would call the native tjDestroy() function even if the TurboJPEG instance had already been destroyed. This caused an exception to be thrown during finalization, if the close() method had already been called. The exception was caught, but it was still an expensive operation. + The TurboJPEG API previously generated an error (\"Could not determine subsampling type for JPEG image\") when attempting to decompress grayscale JPEG images that were compressed with a sampling factor other than 1 (for instance, with \'cjpeg -grayscale -sample 2x2\'). Subsampling technically has no meaning with grayscale JPEGs, and thus the horizontal and vertical sampling factors for such images are ignored by the decompressor. However, the TurboJPEG API was being too rigid and was expecting the sampling factors to be equal to 1 before it treated the image as a grayscale JPEG. + cjpeg, djpeg, and jpegtran now accept an argument of -version, which will print the library version and exit. + Referring to 1.4 beta1 [15], another extremely rare circumstance was discovered under which the Huffman encoder\'s local buffer can be overrun when a buffered destination manager is being used and an extremely-high-frequency block (basically junk image data) is being encoded. Even though the Huffman local buffer was increased from 128 bytes to 136 bytes to address the previous issue, the new issue caused even the larger buffer to be overrun. Further analysis reveals that, in the absolute worst case (such as setting alternating AC coefficients to 32767 and -32768 in the JPEG scanning order), the Huffman encoder can produce encoded blocks that approach double the size of the unencoded blocks. Thus, the Huffman local buffer was increased to 256 bytes, which should prevent any such issue from re-occurring in the future. + The new tjPlaneSizeYUV(), tjPlaneWidth(), and tjPlaneHeight() functions were not actually usable on any platform except OS X and Windows, because those functions were not included in the libturbojpeg mapfile. This has been fixed. + Restored the JPP(), JMETHOD(), and FAR macros in the libjpeg-turbo header files. The JPP() and JMETHOD() macros were originally implemented in libjpeg as a way of supporting non-ANSI compilers that lacked support for prototype parameters. libjpeg-turbo has never supported such compilers, but some software packages still use the macros to define their own prototypes. Similarly, libjpeg-turbo has never supported MS-DOS and other platforms that have far symbols, but some software packages still use the FAR macro. A pretty good argument can be made that this is a bad practice on the part of the software in question, but since this affects more than one package, it\'s just easier to fix it here. + Fixed issues that were preventing the ARM 64-bit SIMD code from compiling for iOS, and included an ARMv8 architecture in all of the binaries installed by the \"official\" libjpeg-turbo SDK for OS X.- Adapt patches to upstream changes libjpeg-ocloexec.patch > libjpeg-1.4.0-ocloexec.patch libjpeg-turbo-1.3.0-int32.patch > libjpeg-turbo-1.4.0-int32.patch- Remove libjpeg-turbo-CVE-2014-9092.patch; fixed on upstream release- Bump tminor to 1 * Thu Nov 27 2014 pgajdosAATTsuse.com- security update CVE-2014-9092 [bnc#906761] * added libjpeg-turbo-CVE-2014-9092.patch * Wed Oct 15 2014 olafAATTaepfle.de- Obsolete jpeg version 6b, 8.0.1 and 8.0.2 to avoid conflicts during zypper dup
|
|
|