Hello community, here is the log from the commit of package libjpeg-turbo for openSUSE:Factory checked in at 2020-03-31 17:32:36 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/libjpeg-turbo (Old) and /work/SRC/openSUSE:Factory/.libjpeg-turbo.new.3160 (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "libjpeg-turbo" Tue Mar 31 17:32:36 2020 rev:51 rq:789669 version:unknown Changes: -------- --- /work/SRC/openSUSE:Factory/libjpeg-turbo/libjpeg-turbo.changes 2019-11-15 22:33:23.744043847 +0100 +++ /work/SRC/openSUSE:Factory/.libjpeg-turbo.new.3160/libjpeg-turbo.changes 2020-03-31 17:32:47.296279565 +0200 @@ -1,0 +2,37 @@ +Sun Mar 29 10:02:02 UTC 2020 - Aaron Stern <ukbeas...@protonmail.com> + +- Upate to version 2.0.4: +- bug 388 was fixed upstream + https://github.com/libjpeg-turbo/libjpeg-turbo/issues/388 +- removed patches, as it is included in this release. + * Fixed a regression in the Windows packaging system + (introduced by 2.0 beta1[2]) whereby, if both the 64-bit libjpeg-turbo + SDK for GCC and the 64-bit libjpeg-turbo SDK for Visual C++ were installed + on the same system, only one of them could be uninstalled. + * Fixed a signed integer overflow and subsequent segfault that occurred when + attempting to decompress images with more than 715827882 pixels using the 64-bit C version of TJBench. + * Fixed out-of-bounds write in tjDecompressToYUV2() and tjDecompressToYUVPlanes() + (sometimes manifesting as a double free) that occurred when attempting to decompress + grayscale JPEG images that were compressed with a sampling factor other than 1 + (for instance, with cjpeg -grayscale -sample 2x2). + * Fixed a regression introduced by 2.0.2[5] that caused the TurboJPEG API to incorrectly + identify some JPEG images with unusual sampling factors as 4:4:4 JPEG images. + This was known to cause a buffer overflow when attempting to decompress some such images using + tjDecompressToYUV2() or tjDecompressToYUVPlanes(). + * Fixed an issue, detected by ASan, whereby attempting to losslessly transform a specially-crafted + malformed JPEG image containing an extremely-high-frequency coefficient block + (junk image data that could never be generated by a legitimate JPEG compressor) could cause the + Huffman encoder's local buffer to be overrun. (Refer to 1.4.0[9] and 1.4beta1[15].) + Given that the buffer overrun was fully contained within the stack and did not cause a segfault + or other user-visible errant behavior, and given that the lossless transformer (unlike the decompressor) + is not generally exposed to arbitrary data exploits, this issue did not likely pose a security risk. + The ARM 64-bit (ARMv8) NEON SIMD assembly code now stores constants in a separate read-only data + section rather than in the text section, to support execute-only memory layouts. +- libjpeg-turbo-issue-388.patch upstreamed + +------------------------------------------------------------------- +Tue Mar 17 05:52:14 UTC 2020 - John Whately <john+opens...@whately.me> + +- Added If statments for Fedora not having sertain openSUSE macros + +------------------------------------------------------------------- --- /work/SRC/openSUSE:Factory/libjpeg-turbo/libjpeg62-turbo.changes 2019-10-14 12:30:58.172352050 +0200 +++ /work/SRC/openSUSE:Factory/.libjpeg-turbo.new.3160/libjpeg62-turbo.changes 2020-03-31 17:32:47.508279689 +0200 @@ -1,0 +2,33 @@ +Sun Mar 29 10:17:03 UTC 2020 - Aaron Stern <ukbeas...@protonmail.com> + +- Upate to version 2.0.4: + * Fixed a regression in the Windows packaging system + (introduced by 2.0 beta1[2]) whereby, if both the 64-bit libjpeg-turbo + SDK for GCC and the 64-bit libjpeg-turbo SDK for Visual C++ were installed + on the same system, only one of them could be uninstalled. + * Fixed a signed integer overflow and subsequent segfault that occurred when + attempting to decompress images with more than 715827882 pixels using the 64-bit C version of TJBench. + * Fixed out-of-bounds write in tjDecompressToYUV2() and tjDecompressToYUVPlanes() + (sometimes manifesting as a double free) that occurred when attempting to decompress + grayscale JPEG images that were compressed with a sampling factor other than 1 + (for instance, with cjpeg -grayscale -sample 2x2). + * Fixed a regression introduced by 2.0.2[5] that caused the TurboJPEG API to incorrectly + identify some JPEG images with unusual sampling factors as 4:4:4 JPEG images. + This was known to cause a buffer overflow when attempting to decompress some such images using + tjDecompressToYUV2() or tjDecompressToYUVPlanes(). + * Fixed an issue, detected by ASan, whereby attempting to losslessly transform a specially-crafted + malformed JPEG image containing an extremely-high-frequency coefficient block + (junk image data that could never be generated by a legitimate JPEG compressor) could cause the + Huffman encoder's local buffer to be overrun. (Refer to 1.4.0[9] and 1.4beta1[15].) + Given that the buffer overrun was fully contained within the stack and did not cause a segfault + or other user-visible errant behavior, and given that the lossless transformer (unlike the decompressor) + is not generally exposed to arbitrary data exploits, this issue did not likely pose a security risk. + The ARM 64-bit (ARMv8) NEON SIMD assembly code now stores constants in a separate read-only data + section rather than in the text section, to support execute-only memory layouts. + +------------------------------------------------------------------- +Tue Mar 17 05:52:14 UTC 2020 - John Whately <john+opens...@whately.me> + +- Added If statments for Fedora not having sertain openSUSE macros + +------------------------------------------------------------------- Old: ---- libjpeg-turbo-2.0.3.tar.gz libjpeg-turbo-2.0.3.tar.gz.sig libjpeg-turbo-issue-388.patch New: ---- libjpeg-turbo-2.0.4.tar.gz libjpeg-turbo-2.0.4.tar.gz.sig ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ libjpeg-turbo.spec ++++++ --- /var/tmp/diff_new_pack.Z3MLPJ/_old 2020-03-31 17:32:48.276280139 +0200 +++ /var/tmp/diff_new_pack.Z3MLPJ/_new 2020-03-31 17:32:48.276280139 +0200 @@ -1,7 +1,7 @@ # # spec file for package libjpeg-turbo # -# Copyright (c) 2019 SUSE LINUX GmbH, Nuernberg, Germany. +# Copyright (c) 2020 SUSE LLC # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed @@ -19,7 +19,7 @@ %define asan_build 0 %define debug_build 0 -%define srcver 2.0.3 +%define srcver 2.0.4 %define major 8 %define minor 2 %define micro 2 @@ -39,8 +39,6 @@ Source1: baselibs.conf Patch1: libjpeg-turbo-1.3.0-tiff-ojpeg.patch Patch2: ctest-depends.patch -# https://github.com/libjpeg-turbo/libjpeg-turbo/issues/388 -Patch3: libjpeg-turbo-issue-388.patch BuildRequires: cmake BuildRequires: gcc-c++ BuildRequires: pkgconfig @@ -106,7 +104,6 @@ %setup -q %patch1 %patch2 -p1 -%patch3 -p1 %build MYLDFLAGS="-Wl,-z,relro,-z,now" @@ -138,10 +135,18 @@ exit 0 %endif export LD_LIBRARY_PATH=%{buildroot}%{_libdir}${LD_LIBRARY_PATH:+:${LD_LIBRARY_PATH}} -%ctest +%if 0%{?fedora_version} + ctest --output-on-failure --force-new-ctest-process +%else + %ctest +%endif %install -%cmake_install +%if 0%{?fedora_version} + make DESTDIR=%{buildroot} install/fast +%else + %cmake_install +%endif # Remove docs, we'll select docs manually rm -rf %{buildroot}%{_datadir}/doc/ ++++++ libjpeg62-turbo.spec ++++++ --- /var/tmp/diff_new_pack.Z3MLPJ/_old 2020-03-31 17:32:48.292280148 +0200 +++ /var/tmp/diff_new_pack.Z3MLPJ/_new 2020-03-31 17:32:48.296280150 +0200 @@ -1,7 +1,7 @@ # # spec file for package libjpeg62-turbo # -# Copyright (c) 2019 SUSE LINUX GmbH, Nuernberg, Germany. +# Copyright (c) 2020 SUSE LLC # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed @@ -19,7 +19,7 @@ %define major 62 %define minor 3 %define micro 0 -%define srcver 2.0.3 +%define srcver 2.0.4 %define libver %{major}.%{minor}.%{micro} Name: libjpeg62-turbo Version: %{srcver} ++++++ libjpeg-turbo-2.0.3.tar.gz -> libjpeg-turbo-2.0.4.tar.gz ++++++ ++++ 3379 lines of diff (skipped)