New upstream release 2.0.5 (#1850293)

2020-07-03 21:09:55 +02:00 · 2020-07-03 21:09:55 +02:00 · 249de0adcc
commit 249de0adcc
parent be3d271239
4 changed files with 11 additions and 42 deletions
--- a/libjpeg-turbo-CVE-2020-13790.patch
+++ b/libjpeg-turbo-CVE-2020-13790.patch
@ -1,32 +0,0 @@
-From a224e4dfd34823a4d993dcb97819bdcee8471676 Mon Sep 17 00:00:00 2001
-From: DRC <information@libjpeg-turbo.org>
-Date: Tue, 2 Jun 2020 14:15:37 -0500
-Subject: [PATCH] rdppm.c: Fix buf overrun caused by bad binary PPM
-
-This extends the fix in 1e81b0c3ea26f4ea8f56de05367469333de64a9f to
-include binary PPM files with maximum values < 255, thus preventing a
-malformed binary PPM input file with those specifications from
-triggering an overrun of the rescale array and potentially crashing
-cjpeg, TJBench, or any program that uses the tjLoadImage() function.
-
-Fixes #433
---
- rdppm.c | 2 +-
- 1 file changed, 1 insertion(+), 1 deletion(-)
-
-diff --git a/rdppm.c b/rdppm.c
-index 87bc330..71dd146 100644
--- a/rdppm.c
-+++ b/rdppm.c
-@@ -720,7 +720,7 @@ start_input_ppm(j_compress_ptr cinfo, cjpeg_source_ptr sinfo)
-     /* On 16-bit-int machines we have to be careful of maxval = 65535 */
-     source->rescale = (JSAMPLE *)
-       (*cinfo->mem->alloc_small) ((j_common_ptr)cinfo, JPOOL_IMAGE,
-                                  (size_t)(((long)maxval + 1L) *
-+                                  (size_t)(((long)MAX(maxval, 255) + 1L) *
-                                            sizeof(JSAMPLE)));
-     half_maxval = maxval / 2;
-     for (val = 0; val <= (long)maxval; val++) {
-- 
-2.26.2
-
--- a/libjpeg-turbo-cmake.patch
+++ b/libjpeg-turbo-cmake.patch
@ -1,8 +1,8 @@
 diff --git a/CMakeLists.txt b/CMakeLists.txt
-index 28fd443..52f9a8c 100644
+index 8656d7a..7b2932f 100644
 --- a/CMakeLists.txt
 +++ b/CMakeLists.txt
-@@ -1337,7 +1337,7 @@ set(EXE ${CMAKE_EXECUTABLE_SUFFIX})
+@@ -1366,7 +1366,7 @@ set(EXE ${CMAKE_EXECUTABLE_SUFFIX})
 
 if(WITH_TURBOJPEG)
   if(ENABLE_SHARED)
@ -11,7 +11,7 @@ index 28fd443..52f9a8c 100644
       ARCHIVE DESTINATION ${CMAKE_INSTALL_LIBDIR}
       LIBRARY DESTINATION ${CMAKE_INSTALL_LIBDIR}
       RUNTIME DESTINATION ${CMAKE_INSTALL_BINDIR})
-@@ -1350,15 +1350,6 @@ if(WITH_TURBOJPEG)
+@@ -1379,15 +1379,6 @@ if(WITH_TURBOJPEG)
   if(ENABLE_STATIC)
     install(TARGETS turbojpeg-static ARCHIVE
       DESTINATION ${CMAKE_INSTALL_LIBDIR})
@ -27,7 +27,7 @@ index 28fd443..52f9a8c 100644
   endif()
   install(FILES ${CMAKE_CURRENT_SOURCE_DIR}/turbojpeg.h
     DESTINATION ${CMAKE_INSTALL_INCLUDEDIR})
-@@ -1383,18 +1374,6 @@ endif()
+@@ -1412,18 +1403,6 @@ endif()
 
 install(TARGETS rdjpgcom wrjpgcom RUNTIME DESTINATION ${CMAKE_INSTALL_BINDIR})
 
@ -46,7 +46,7 @@ index 28fd443..52f9a8c 100644
 if(UNIX OR MINGW)
   install(FILES ${CMAKE_CURRENT_SOURCE_DIR}/cjpeg.1
     ${CMAKE_CURRENT_SOURCE_DIR}/djpeg.1 ${CMAKE_CURRENT_SOURCE_DIR}/jpegtran.1
-@@ -1408,7 +1387,7 @@ install(FILES ${CMAKE_CURRENT_BINARY_DIR}/pkgscripts/libjpeg.pc
+@@ -1437,7 +1416,7 @@ install(FILES ${CMAKE_CURRENT_BINARY_DIR}/pkgscripts/libjpeg.pc
 
 install(FILES ${CMAKE_CURRENT_BINARY_DIR}/jconfig.h
   ${CMAKE_CURRENT_SOURCE_DIR}/jerror.h ${CMAKE_CURRENT_SOURCE_DIR}/jmorecfg.h
--- a/libjpeg-turbo.spec
+++ b/libjpeg-turbo.spec
@ -1,6 +1,6 @@
 Name:           libjpeg-turbo
-Version:        2.0.4
-Release:        3%{?dist}
+Version:        2.0.5
+Release:        1%{?dist}
 Summary:        A MMX/SSE2/SIMD accelerated library for manipulating JPEG image files
 License:        IJG
 URL:            http://sourceforge.net/projects/libjpeg-turbo
@ -8,7 +8,6 @@ URL:            http://sourceforge.net/projects/libjpeg-turbo
 Source0:        http://downloads.sourceforge.net/%{name}/%{name}-%{version}.tar.gz
 Patch0:         libjpeg-turbo-cmake.patch
 Patch1:         libjpeg-turbo-CET.patch
-Patch2:         libjpeg-turbo-CVE-2020-13790.patch

 BuildRequires:  gcc
 BuildRequires:  cmake
@ -72,7 +71,6 @@ manipulate JPEG files using the TurboJPEG library.
 %setup -q
 %patch0 -p1
 %patch1 -p1
-%patch2 -p1

 %build
 # NASM object files are missing GNU Property note for Intel CET,
@ -178,6 +176,9 @@ LD_LIBRARY_PATH=%{buildroot}%{_libdir} make test %{?_smp_mflags}
 %{_libdir}/pkgconfig/libturbojpeg.pc

 %changelog
+* Fri Jul 03 2020 Nikola Forró <nforro@redhat.com> - 2.0.5-1
+- New upstream release 2.0.5 (#1850293)
+
 * Tue Jun 16 2020 Nikola Forró <nforro@redhat.com> - 2.0.4-3
 - Fix CVE-2020-13790 (#1847159)

--- a/2
+++ b/2
@ -1 +1 @@
-SHA512 (libjpeg-turbo-2.0.4.tar.gz) = 708c2e7418d9ed5abca313e2ff5a08f8176d79cad2127573cda6036583c201973db4cfb0eafc0fc8f57ecc7b000d2b4af95980de54de5a0aed45969e993a5bf9
+SHA512 (libjpeg-turbo-2.0.5.tar.gz) = 5bf9ecf069b43783ff24365febf36dda69ccb92d6397efec6069b2b4f359bfd7b87934a6ce4311873220fccc73acabdacef5ce0604b79209eb1912e8ba478555