Changelog for libjpeg62-62.2.0-5.18.1.x86_64.rpm
* Thu Jun 03 2021 pgajdosAATTsuse.com- security update- added patches fix CVE-2020-17541 [bsc#1186764], stack-based buffer overflow in the \"transform\" component + libjpeg-turbo-CVE-2020-17541.patch
* Mon Jun 08 2020 pgajdosAATTsuse.com- security update- added patches fix CVE-2020-13790 [bsc#1172491], heap-based buffer over-read in get_rgb_row() in rdppm.c via a malformed PPM input file + libjpeg-turbo-CVE-2020-13790.patch
* Tue Nov 12 2019 pgajdosAATTsuse.com- security update- added patches CVE-2019-2201 [bsc#1156402] + libjpeg-turbo-CVE-2019-2201.patch
* Tue Jun 19 2018 pgajdosAATTsuse.com- security update:
* CVE-2018-1152 [bsc#1098155] + libjpeg-turbo-CVE-2018-1152.patch
* Tue Jun 12 2018 pgajdosAATTsuse.com- security update:
* CVE-2018-11813 [bsc#1096209] + libjpeg-turbo-CVE-2018-11813.patch
* remove redundant libjpeg-turbo-CVE-2017-15232.patch [bsc#1062937#c17]
* Mon Dec 18 2017 pgajdosAATTsuse.com- update to version 1.5.3 1. Fixed a NullPointerException in the TurboJPEG Java wrapper that occurred when using the YUVImage constructor that creates an instance backed by separate image planes and allocates memory for the image planes. 2. Fixed an issue whereby the Java version of TJUnitTest would fail when testing BufferedImage encoding/decoding on big endian systems. 3. Fixed a segfault in djpeg that would occur if an output format other than PPM/PGM was selected along with the `-crop` option. The `-crop` option now works with the GIF and Targa formats as well (unfortunately, it cannot be made to work with the BMP and RLE formats due to the fact that those output engines write scanlines in bottom-up order.) djpeg will now exit gracefully if an output format other than PPM/PGM, GIF, or Targa is selected along with the `-crop` option. 4. Fixed an issue whereby `jpeg_skip_scanlines()` would segfault if color quantization was enabled. 5. TJBench (both C and Java versions) will now display usage information if any command-line argument is unrecognized. This prevents the program from silently ignoring typos. 6. Fixed an access violation in tjbench.exe (Windows) that occurred when the program was used to decompress an existing JPEG image. 7. Fixed an ArrayIndexOutOfBoundsException in the TJExample Java program that occurred when attempting to decompress a JPEG image that had been compressed with 4:1:1 chrominance subsampling. 8. Fixed an issue whereby, when using `jpeg_skip_scanlines()` to skip to the end of a single-scan (non-progressive) image, subsequent calls to `jpeg_consume_input()` would return `JPEG_SUSPENDED` rather than `JPEG_REACHED_EOI`. 9. `jpeg_crop_scanlines()` now works correctly when decompressing grayscale JPEG images that were compressed with a sampling factor other than 1 (for instance, with `cjpeg -grayscale -sample 2x2`).
* Thu Oct 12 2017 pgajdosAATTsuse.com- security update:
* CVE-2017-15232 [bsc#1062937] + libjpeg-turbo-CVE-2017-15232.patch
* Thu Oct 12 2017 pgajdosAATTsuse.com- Update to version 1.5.2 + Fixed several memory leaks in the TurboJPEG API library that could occur if the library was built with certain compilers and optimization levels. + The libjpeg-turbo memory manager will now honor the max_memory_to_use structure member in jpeg_memory_mgr, which can be set to the maximum amount of memory (in bytes) that libjpeg-turbo should use during decompression or multi-pass (including progressive) compression. This limit can also be set using the JPEGMEM environment variable or using the -maxmemory switch in cjpeg/djpeg/jpegtran. + TJBench will now run each benchmark for 1 second prior to starting the timer, in order to improve the consistency of the results. Furthermore, the -warmup option is now used to specify the amount of warmup time rather than the number of warmup iterations. + Fixed an error (short jump is out of range) that occurred when assembling the 32-bit x86 SIMD extensions with NASM versions prior to 2.04. + Fixed a regression introduced by 1.5 beta1 that prevented the Java version of TJBench from outputting any reference images (the -nowrite switch was accidentally enabled by default.) libjpeg-turbo should now build and run with full AltiVec SIMD acceleration on PowerPC-based AmigaOS 4 and OpenBSD systems.
* Thu Jun 15 2017 jbohacAATTsuse.com- mention the included utilities (djpeg, jpegtran, rdjpgcom, tjbench, and wrjpgcom) in the package description.
* Wed Jan 18 2017 bwiedemannAATTsuse.com- set build date to enable reproducible builds
* Wed Sep 21 2016 idonmezAATTsuse.com- Update to version 1.5.1 fate#324061 + Fix for PowerPC platforms lacking AltiVec instructions + Fix ABI problem with clang/llvm on aarch64. + Fancy upsampling is now supported when decompressing JPEG images that use 4:4:0 (h1v2) chroma subsampling. + If merged upsampling isn\'t SIMD-accelerated but YCbCr-to-RGB conversion is, then libjpeg-turbo will now disable merged upsampling when decompressing YCbCr JPEG images into RGB or extended RGB output images. This significantly speeds up the decompression of 4:2:0 and 4:2:2 JPEGs on ARM platforms if fancy upsampling is not used (for example, if the -nosmooth option to djpeg is specified.) + The TurboJPEG API will now decompress 4:2:2 and 4:4:0 JPEG images with 2x2 luminance sampling factors and 2x1 or 1x2 chrominance sampling factors. + Fixed an unsigned integer overflow in the libjpeg memory manager. + Fixed additional negative left shifts and other issues reported by the GCC and Clang undefined behavior sanitizers when attempting to decompress specially-crafted malformed JPEG images. None of these issues posed a security threat, but removing the warnings makes it easier to detect actual security issues, should they arise in the future. + Fixed an out-of-bounds array reference, introduced by 1.4.902 and detected by the Clang undefined behavior sanitizer, that could be triggered by a specially-crafted malformed JPEG image with more than four components. Because the out-of-bounds reference was still within the same structure, it was not known to pose a security threat, but removing the warning makes it easier to detect actual security issues, should they arise in the future.
* Wed Jun 08 2016 idonmezAATTsuse.com- Update to version 1.5.0 + Fixed an issue whereby a malformed motion-JPEG frame could cause the \"fast path\" of libjpeg-turbo\'s Huffman decoder to read from uninitialized memory. + Added libjpeg-turbo version and build information to the global string table of the libjpeg and TurboJPEG API libraries. + Fixed a couple of issues in the PPM reader that would cause buffer overruns in cjpeg if one of the values in a binary PPM/PGM input file exceeded the maximum value defined in the file\'s header. libjpeg-turbo 1.4.2 already included a similar fix for ASCII PPM/PGM files. Note that these issues were not security bugs, since they were confined to the cjpeg program and did not affect any of the libjpeg-turbo libraries. + Fixed an issue whereby attempting to decompress a JPEG file with a corrupt header using the tjDecompressToYUV2() function would cause the function to abort without returning an error and, under certain circumstances, corrupt the stack. This only occurred if tjDecompressToYUV2() was called prior to calling tjDecompressHeader3(), or if the return value from tjDecompressHeader3() was ignored (both cases represent incorrect usage of the TurboJPEG API.) + The jpeg_stdio_src(), jpeg_mem_src(), jpeg_stdio_dest(), and jpeg_mem_dest() functions in the libjpeg API will now throw an error if a source/destination manager has already been assigned to the compress or decompress object by a different function or by the calling program.
* Thu Oct 08 2015 idonmezAATTsuse.com- Update to version 1.4.2 + Crash fixes + clang compatibility fixes + See the included ChangeLog.txt for the details- Drop libjpeg-turbo-1.4.0-int32.patch, not needed anymore.
* Thu Mar 05 2015 jengelhAATTinai.de- Remove useless same-name provides. Use download URLs not dependent on directory structure.
* Mon Mar 02 2015 normandAATTlinux.vnet.ibm.com- Remove float tests with new libjpeg-turbo-remove-test.patch same as Fedora bug 1161585 related to upstream issue https://sourceforge.net/p/libjpeg-turbo/bugs/83/
* Sat Jan 10 2015 p.drouandAATTgmail.com- Update to version 1.4.0 + Fixed a build issue on OS X PowerPC platforms (md5cmp failed to build because OS X does not provide the le32toh() and htole32() functions.) + The non-SIMD RGB565 color conversion code did not work correctly on big endian machines. This has been fixed. + Fixed an issue in tjPlaneSizeYUV() whereby it would erroneously return 1 instead of -1 if componentID was > 0 and subsamp was TJSAMP_GRAY. + Fixed an issue in tjBufSizeYUV2() wherby it would erroneously return 0 instead of -1 if width was < 1. + The Huffman encoder now uses clz and bsr instructions for bit counting on ARM64 platforms (see 1.4 beta1 .) + The close() method in the TJCompressor and TJDecompressor Java classes is now idempotent. Previously, that method would call the native tjDestroy() function even if the TurboJPEG instance had already been destroyed. This caused an exception to be thrown during finalization, if the close() method had already been called. The exception was caught, but it was still an expensive operation. + The TurboJPEG API previously generated an error (\"Could not determine subsampling type for JPEG image\") when attempting to decompress grayscale JPEG images that were compressed with a sampling factor other than 1 (for instance, with \'cjpeg -grayscale -sample 2x2\'). Subsampling technically has no meaning with grayscale JPEGs, and thus the horizontal and vertical sampling factors for such images are ignored by the decompressor. However, the TurboJPEG API was being too rigid and was expecting the sampling factors to be equal to 1 before it treated the image as a grayscale JPEG. + cjpeg, djpeg, and jpegtran now accept an argument of -version, which will print the library version and exit. + Referring to 1.4 beta1 , another extremely rare circumstance was discovered under which the Huffman encoder\'s local buffer can be overrun when a buffered destination manager is being used and an extremely-high-frequency block (basically junk image data) is being encoded. Even though the Huffman local buffer was increased from 128 bytes to 136 bytes to address the previous issue, the new issue caused even the larger buffer to be overrun. Further analysis reveals that, in the absolute worst case (such as setting alternating AC coefficients to 32767 and -32768 in the JPEG scanning order), the Huffman encoder can produce encoded blocks that approach double the size of the unencoded blocks. Thus, the Huffman local buffer was increased to 256 bytes, which should prevent any such issue from re-occurring in the future. + The new tjPlaneSizeYUV(), tjPlaneWidth(), and tjPlaneHeight() functions were not actually usable on any platform except OS X and Windows, because those functions were not included in the libturbojpeg mapfile. This has been fixed. + Restored the JPP(), JMETHOD(), and FAR macros in the libjpeg-turbo header files. The JPP() and JMETHOD() macros were originally implemented in libjpeg as a way of supporting non-ANSI compilers that lacked support for prototype parameters. libjpeg-turbo has never supported such compilers, but some software packages still use the macros to define their own prototypes. Similarly, libjpeg-turbo has never supported MS-DOS and other platforms that have far symbols, but some software packages still use the FAR macro. A pretty good argument can be made that this is a bad practice on the part of the software in question, but since this affects more than one package, it\'s just easier to fix it here. + Fixed issues that were preventing the ARM 64-bit SIMD code from compiling for iOS, and included an ARMv8 architecture in all of the binaries installed by the \"official\" libjpeg-turbo SDK for OS X.- Adapt patches to upstream changes libjpeg-ocloexec.patch > libjpeg-1.4.0-ocloexec.patch libjpeg-turbo-1.3.0-int32.patch > libjpeg-turbo-1.4.0-int32.patch- Remove libjpeg-turbo-CVE-2014-9092.patch; fixed on upstream release- Bump tminor to 1
* Thu Nov 27 2014 pgajdosAATTsuse.com- security update CVE-2014-9092 [bnc#906761]
* added libjpeg-turbo-CVE-2014-9092.patch