.gitignore

@@ -1,2 +1 @@
 SOURCES/libjpeg-turbo-1.5.3.tar.gz
-/libjpeg-turbo-1.5.3.tar.gz

.libjpeg-turbo.metadata

@@ -0,0 +1 @@
+87ebf4cab2bb27fcb8e7ccb18ec4eb680e1f2c2d SOURCES/libjpeg-turbo-1.5.3.tar.gz

SPECS/libjpeg-turbo.spec

@@ -1,6 +1,6 @@
 Name:           libjpeg-turbo
 Version:        1.5.3
-Release:        13%{?dist}
+Release:        12%{?dist}
 Summary:        A MMX/SSE2/SIMD accelerated library for manipulating JPEG image files
 License:        IJG
 URL:            http://sourceforge.net/projects/libjpeg-turbo
@@ -15,9 +15,6 @@ Patch5:         libjpeg-turbo-coverity.patch
 Patch6:         libjpeg-turbo-CET.patch
 Patch7:         libjpeg-turbo-CVE-2018-14498.patch
 Patch8:         libjpeg-turbo-CVE-2020-17541.patch
-# from upstream, for < 2.0.5, RHEL-87364
-# https://github.com/libjpeg-turbo/libjpeg-turbo/commit/3de15e0c344d11d4b90f4a47136467053eb2d09a
-Patch9:         libjpeg-turbo-CVE-2020-13790.patch
 
 BuildRequires:  autoconf
 BuildRequires:  automake
@@ -79,16 +76,15 @@ manipulate JPEG files using the TurboJPEG library.
 
 %prep
 %setup -q
-%patch -P 0 -p1 -b .noinst
+%patch0 -p1 -b .noinst
-%patch -P 1 -p1 -b .header-files
+%patch1 -p1 -b .header-files
-%patch -P 2 -p1 -b .CVE-2018-11813
+%patch2 -p1 -b .CVE-2018-11813
-%patch -P 3 -p1 -b .CVE-2018-1152
+%patch3 -p1 -b .CVE-2018-1152
-%patch -P 4 -p1 -b .honor-naflags
+%patch4 -p1 -b .honor-naflags
-%patch -P 5 -p1 -b .coverity
+%patch5 -p1 -b .coverity
-%patch -P 6 -p1 -b .CET
+%patch6 -p1 -b .CET
-%patch -P 7 -p1 -b .CVE-2018-14498
+%patch7 -p1 -b .CVE-2018-14498
-%patch -P 8 -p1 -b .CVE-2020-17541
+%patch8 -p1 -b .CVE-2020-17541
-%patch -P 9 -p1 -b .CVE-2020-13790
 
 %build
 autoreconf -vif
@@ -192,9 +188,6 @@ make test %{?_smp_mflags}
 %{_libdir}/pkgconfig/libturbojpeg.pc
 
 %changelog
-* Tue Apr 22 2025 Michal Hlavinka <mhlavink@redhat.com> - 1.5.3-13
-- fix CVE-2020-13790: heap-based buffer over-read in get_rgb_row (RHEL-87364)
-
 * Thu Jul 15 2021 Nikola Forró <nforro@redhat.com> - 1.5.3-12
 - Add missing license file (#1982572)
 

gating.yaml

@@ -1,6 +0,0 @@
---- !Policy
-product_versions:
-  - rhel-8
-decision_context: osci_compose_gate
-rules:
-  - !PassingTestCaseRule {test_case_name: baseos-ci.brew-build.tier1.functional}

libjpeg-turbo-CVE-2020-13790.patch

@@ -1,29 +0,0 @@
-From 3de15e0c344d11d4b90f4a47136467053eb2d09a Mon Sep 17 00:00:00 2001
-From: DRC <information@libjpeg-turbo.org>
-Date: Tue, 2 Jun 2020 14:15:37 -0500
-Subject: [PATCH] rdppm.c: Fix buf overrun caused by bad binary PPM
-
-This extends the fix in 1e81b0c3ea26f4ea8f56de05367469333de64a9f to
-include binary PPM files with maximum values < 255, thus preventing a
-malformed binary PPM input file with those specifications from
-triggering an overrun of the rescale array and potentially crashing
-cjpeg, TJBench, or any program that uses the tjLoadImage() function.
-
-Fixes #433
----
- rdppm.c      |  4 ++--
- 2 files changed, 12 insertions(+), 6 deletions(-)
-
-diff --git a/rdppm.c b/rdppm.c
-index 87bc33090..a8507b902 100644
---- a/rdppm.c
-+++ b/rdppm.c
-@ -425,7 +425,7 @@ start_input_ppm (j_compress_ptr cinfo, c
-     /* On 16-bit-int machines we have to be careful of maxval = 65535 */
-     source->rescale = (JSAMPLE *)
-       (*cinfo->mem->alloc_small) ((j_common_ptr) cinfo, JPOOL_IMAGE,
--                                  (size_t) (((long) maxval + 1L) *
-+                                  (size_t)(((long)MAX(maxval, 255) + 1L) *
-                                             sizeof(JSAMPLE)));
-     half_maxval = maxval / 2;
-     for (val = 0; val <= (long) maxval; val++) {

sources

@@ -1 +0,0 @@
-SHA512 (libjpeg-turbo-1.5.3.tar.gz) = b611b1cc3d1ddedddad871854b42449d053a5f910ed1bdfa45c98e0270f4ecc110fde3a10111d2b876d847a826fa634f09c0bb8c357056c9c3a91c9065eb5202