New upstream release 2.1.0 (#1953074)

libjpeg-turbo-CVE-2021-20205.patch

@@ -1,73 +0,0 @@
-From 6bb9d7ea3fdc22a8a03b989e430d0f4953e59f03 Mon Sep 17 00:00:00 2001
-From: DRC <information@libjpeg-turbo.org>
-Date: Thu, 14 Jan 2021 18:35:15 -0600
-Subject: [PATCH] cjpeg: Fix FPE when compressing 0-width GIF
-
----
- cderror.h | 5 ++++-
- rdgif.c   | 8 +++++++-
- 2 files changed, 11 insertions(+), 2 deletions(-)
-
-diff --git a/cderror.h b/cderror.h
-index a386b69..2844346 100644
---- a/cderror.h
-+++ b/cderror.h
-@@ -1,9 +1,11 @@
- /*
-  * cderror.h
-  *
-+ * This file was part of the Independent JPEG Group's software:
-  * Copyright (C) 1994-1997, Thomas G. Lane.
-  * Modified 2009-2017 by Guido Vollbeding.
-- * This file is part of the Independent JPEG Group's software.
-+ * libjpeg-turbo Modifications:
-+ * Copyright (C) 2021, D. R. Commander.
-  * For conditions of distribution and use, see the accompanying README.ijg
-  * file.
-  *
-@@ -60,6 +62,7 @@ JMESSAGE(JTRC_BMP_OS2_MAPPED, "%ux%u 8-bit colormapped OS2 BMP image")
- JMESSAGE(JERR_GIF_BUG, "GIF output got confused")
- JMESSAGE(JERR_GIF_CODESIZE, "Bogus GIF codesize %d")
- JMESSAGE(JERR_GIF_COLORSPACE, "GIF output must be grayscale or RGB")
-+JMESSAGE(JERR_GIF_EMPTY, "Empty GIF image")
- JMESSAGE(JERR_GIF_IMAGENOTFOUND, "Too few images in GIF file")
- JMESSAGE(JERR_GIF_NOT, "Not a GIF file")
- JMESSAGE(JTRC_GIF, "%ux%ux%d GIF image")
-diff --git a/rdgif.c b/rdgif.c
-index e1ea56c..8a379fe 100644
---- a/rdgif.c
-+++ b/rdgif.c
-@@ -1,9 +1,11 @@
- /*
-  * rdgif.c
-  *
-+ * This file was part of the Independent JPEG Group's software:
-  * Copyright (C) 1991-1997, Thomas G. Lane.
-  * Modified 2019 by Guido Vollbeding.
-- * This file is part of the Independent JPEG Group's software.
-+ * libjpeg-turbo Modifications:
-+ * Copyright (C) 2021, D. R. Commander.
-  * For conditions of distribution and use, see the accompanying README.ijg
-  * file.
-  *
-@@ -404,6 +406,8 @@ start_input_gif(j_compress_ptr cinfo, cjpeg_source_ptr sinfo)
-     ERREXIT(cinfo, JERR_INPUT_EOF);
-   width = LM_to_uint(hdrbuf, 0);
-   height = LM_to_uint(hdrbuf, 2);
-+  if (width == 0 || height == 0)
-+    ERREXIT(cinfo, JERR_GIF_EMPTY);
-   /* we ignore the color resolution, sort flag, and background color index */
-   aspectRatio = UCH(hdrbuf[6]);
-   if (aspectRatio != 0 && aspectRatio != 49)
-@@ -446,6 +450,8 @@ start_input_gif(j_compress_ptr cinfo, cjpeg_source_ptr sinfo)
-     /* we ignore top/left position info, also sort flag */
-     width = LM_to_uint(hdrbuf, 4);
-     height = LM_to_uint(hdrbuf, 6);
-+    if (width == 0 || height == 0)
-+      ERREXIT(cinfo, JERR_GIF_EMPTY);
-     source->is_interlaced = (BitSet(hdrbuf[8], INTERLACE) != 0);
- 
-     /* Read local colormap if header indicates it is present */
--- 
-2.26.3
-

libjpeg-turbo-cmake.patch

@@ -1,8 +1,8 @@
 diff --git a/CMakeLists.txt b/CMakeLists.txt
-index 73ebb10..a52a45e 100644
+index 10a198f..b77a0d0 100644
 --- a/CMakeLists.txt
 +++ b/CMakeLists.txt
-@@ -1410,8 +1410,6 @@ if(WITH_TURBOJPEG)
+@@ -1434,8 +1434,6 @@ if(WITH_TURBOJPEG)
        ARCHIVE DESTINATION ${CMAKE_INSTALL_LIBDIR}
        LIBRARY DESTINATION ${CMAKE_INSTALL_LIBDIR}
        RUNTIME DESTINATION ${CMAKE_INSTALL_BINDIR})
@@ -11,7 +11,7 @@ index 73ebb10..a52a45e 100644
      if(NOT CMAKE_VERSION VERSION_LESS "3.1" AND MSVC AND
        CMAKE_C_LINKER_SUPPORTS_PDB)
        install(FILES "$<TARGET_PDB_FILE:turbojpeg>"
-@@ -1422,15 +1420,6 @@ if(WITH_TURBOJPEG)
+@@ -1446,15 +1444,6 @@ if(WITH_TURBOJPEG)
      install(TARGETS turbojpeg-static EXPORT ${CMAKE_PROJECT_NAME}Targets
        INCLUDES DESTINATION ${CMAKE_INSTALL_INCLUDEDIR}
        ARCHIVE DESTINATION ${CMAKE_INSTALL_LIBDIR})
@@ -27,7 +27,7 @@ index 73ebb10..a52a45e 100644
    endif()
    install(FILES ${CMAKE_CURRENT_SOURCE_DIR}/turbojpeg.h
      DESTINATION ${CMAKE_INSTALL_INCLUDEDIR})
-@@ -1457,18 +1446,6 @@ endif()
+@@ -1481,18 +1470,6 @@ endif()
  
  install(TARGETS rdjpgcom wrjpgcom RUNTIME DESTINATION ${CMAKE_INSTALL_BINDIR})
  
@@ -46,7 +46,7 @@ index 73ebb10..a52a45e 100644
  if(UNIX OR MINGW)
    install(FILES ${CMAKE_CURRENT_SOURCE_DIR}/cjpeg.1
      ${CMAKE_CURRENT_SOURCE_DIR}/djpeg.1 ${CMAKE_CURRENT_SOURCE_DIR}/jpegtran.1
-@@ -1489,7 +1466,7 @@ install(EXPORT ${CMAKE_PROJECT_NAME}Targets
+@@ -1513,7 +1490,7 @@ install(EXPORT ${CMAKE_PROJECT_NAME}Targets
  
  install(FILES ${CMAKE_CURRENT_BINARY_DIR}/jconfig.h
    ${CMAKE_CURRENT_SOURCE_DIR}/jerror.h ${CMAKE_CURRENT_SOURCE_DIR}/jmorecfg.h

libjpeg-turbo.spec

@@ -1,6 +1,6 @@
 Name:           libjpeg-turbo
-Version:        2.0.90
-Release:        2%{?dist}
+Version:        2.1.0
+Release:        1%{?dist}
 Summary:        A MMX/SSE2/SIMD accelerated library for manipulating JPEG image files
 License:        IJG
 URL:            http://sourceforge.net/projects/libjpeg-turbo
@@ -8,7 +8,6 @@ URL:            http://sourceforge.net/projects/libjpeg-turbo
 Source0:        http://downloads.sourceforge.net/%{name}/%{name}-%{version}.tar.gz
 Patch0:         libjpeg-turbo-cmake.patch
 Patch1:         libjpeg-turbo-CET.patch
-Patch3:         libjpeg-turbo-CVE-2021-20205.patch
 
 BuildRequires:  gcc
 BuildRequires:  cmake
@@ -180,6 +179,9 @@ export LD_LIBRARY_PATH=%{buildroot}%{_libdir}
 %{_libdir}/pkgconfig/libturbojpeg.pc
 
 %changelog
+* Mon Apr 26 2021 Nikola Forró <nforro@redhat.com> - 2.1.0-1
+- New upstream release 2.1.0 (#1953074)
+
 * Thu Mar 25 2021 Nikola Forró <nforro@redhat.com> - 2.0.90-2
 - Fix CVE-2021-20205 (#1937387)
 

sources

@@ -1 +1 @@
-SHA512 (libjpeg-turbo-2.0.90.tar.gz) = e00cab142c81e90d0eaf891d44ce3dccfdfe7d61e4efe8e81c5983dc6444ca1775f555316cce17b6551afc4b9e285202f53f6d0a8561433840fda311f630bc6d
+SHA512 (libjpeg-turbo-2.1.0.tar.gz) = 6632a2a71cb3a350fe4f850fe84e51e361755c373babf2b47fb164c3a9fc3fd66705639bebedd8c1b40cf6c15fd702e814425b0be5919048987bbec357828605