18 changed files with 1574 additions and 1108 deletions
--- a/.gitignore
+++ b/.gitignore
@ -1,2 +1 @@
-SOURCES/libjpeg-turbo-1.5.3.tar.gz
+/libjpeg-turbo-*.tar.gz
 /libjpeg-turbo-1.5.3.tar.gz
--- a/gating.yaml
+++ b/gating.yaml
@ -1,6 +1,6 @@
 --- !Policy
 product_versions:
-  - rhel-8
+  - rhel-9
 decision_context: osci_compose_gate
 rules:
  - !PassingTestCaseRule {test_case_name: baseos-ci.brew-build.tier1.functional}
--- a/libjpeg-turbo-2.0.90-cve-2021-29390.patch
+++ b/libjpeg-turbo-2.0.90-cve-2021-29390.patch
@ -0,0 +1,56 @@
 From caf7c8978025eb0cc307bfeffdad46a16d47dad9 Mon Sep 17 00:00:00 2001
 From: DRC <information@libjpeg-turbo.org>
 Date: Wed, 25 Nov 2020 14:55:55 -0600
 Subject: [PATCH] Fix buffer overrun with certain narrow prog JPEGs
 Regression introduced by 6d91e950c871103a11bac2f10c63bf998796c719
 last_block_column in decompress_smooth_data() can be 0 if, for instance,
 decompressing a 4:4:4 image of width 8 or less or a 4:2:2 or 4:2:0 image
 of width 16 or less.  Since last_block_column is an unsigned int,
 subtracting 1 from it produced 0xFFFFFFFF, the test in line 590 passed,
 and we attempted to access blocks from a second block column that didn't
 actually exist.
 Closes #476
 (cherry picked from commit ccaba5d7894ecfb5a8f11e48d3f86e1f14d5a469)
 ---
 ChangeLog.md | 10 ++++++++++
 jdcoefct.c   |  2 +-
 2 files changed, 11 insertions(+), 1 deletion(-)
 diff --git a/ChangeLog.md b/ChangeLog.md
 index 6eb06f0e..9084bee0 100644
 --- a/ChangeLog.md
 +++ b/ChangeLog.md
@@ -1,3 +1,13 @@
 +2.1 post-beta
 +=============
 +
 +### Significant changes relative to 2.1 beta1
 +
 +1. Fixed a regression introduced by 2.1 beta1[6(b)] whereby attempting to
 +decompress certain progressive JPEG images with one or more component planes of
 +width 8 or less caused a buffer overrun.
 +
 +
 2.0.90 (2.1 beta1)
 ==================
 diff --git a/jdcoefct.c b/jdcoefct.c
 index 699a4809..a3c6d4e8 100644
 --- a/jdcoefct.c
 +++ b/jdcoefct.c
@@ -587,7 +587,7 @@ decompress_smooth_data(j_decompress_ptr cinfo, JSAMPIMAGE output_buf)
           DC19 = (int)next_block_row[1][0];
           DC24 = (int)next_next_block_row[1][0];
         }
 -        if (block_num < last_block_column - 1) {
 +        if (block_num + 1 < last_block_column) {
           DC05 = (int)prev_prev_block_row[2][0];
           DC10 = (int)prev_block_row[2][0];
           DC15 = (int)buffer_ptr[2][0];
 -- 
 2.41.0
--- a/libjpeg-turbo-CET.patch
+++ b/libjpeg-turbo-CET.patch
--- a/libjpeg-turbo-CVE-2018-1152.patch
+++ b/libjpeg-turbo-CVE-2018-1152.patch
@ -1,39 +0,0 @@
 From 399719595f413158b3510128eb85f944654f960c Mon Sep 17 00:00:00 2001
 From: DRC <information@libjpeg-turbo.org>
 Date: Tue, 12 Jun 2018 20:27:00 -0500
 Subject: [PATCH] tjLoadImage(): Fix FPE triggered by malformed BMP
 In rdbmp.c, it is necessary to guard against 32-bit overflow/wraparound
 when allocating the row buffer, because since BMP files have 32-bit
 width and height fields, the value of biWidth can be up to 4294967295.
 Specifically, if biWidth is 1073741824 and cinfo->input_components = 4,
 then the samplesperrow argument in alloc_sarray() would wrap around to
 0, and a division by zero error would occur at line 458 in jmemmgr.c.
 If biWidth is set to a higher value, then samplesperrow would wrap
 around to a small number, which would likely cause a buffer overflow
 (this has not been tested or verified.)
 ---
 rdbmp.c | 6 ++++++
 1 file changed, 6 insertions(+)
 diff --git a/rdbmp.c b/rdbmp.c
 index eaa7086..4104b68 100644
 --- a/rdbmp.c
 +++ b/rdbmp.c
@@ -434,6 +434,12 @@ start_input_bmp (j_compress_ptr cinfo, cjpeg_source_ptr sinfo)
     progress->total_extra_passes++; /* count file input as separate pass */
   }
 +  /* Ensure that biWidth * cinfo->input_components doesn't exceed the maximum
 +     value of the JDIMENSION type.  This is only a danger with BMP files, since
 +     their width and height fields are 32-bit integers. */
 +  if ((unsigned long long)biWidth *
 +      (unsigned long long)cinfo->input_components > 0xFFFFFFFFULL)
 +    ERREXIT(cinfo, JERR_WIDTH_OVERFLOW);
   /* Allocate one-row buffer for returned data */
   source->pub.buffer = (*cinfo->mem->alloc_sarray)
     ((j_common_ptr) cinfo, JPOOL_IMAGE,
 -- 
 2.17.1
--- a/libjpeg-turbo-CVE-2018-11813.patch
+++ b/libjpeg-turbo-CVE-2018-11813.patch
@ -1,59 +0,0 @@
 From ac483bbac827694aef13a179c1bffcb2a3dc32b8 Mon Sep 17 00:00:00 2001
 From: DRC <information@libjpeg-turbo.org>
 Date: Tue, 12 Jun 2018 16:08:26 -0500
 Subject: [PATCH] Fix CVE-2018-11813
 Fixed an issue (CVE-2018-11813) whereby a specially-crafted malformed input
 file (specifically, a file with a valid Targa header but incomplete pixel data)
 would cause cjpeg to generate a JPEG file that was potentially thousands of
 times larger than the input file.  The Targa reader in cjpeg was not properly
 detecting that the end of the input file had been reached prematurely, so after
 all valid pixels had been read from the input, the reader injected dummy pixels
 with values of 255 into the JPEG compressor until the number of pixels
 specified in the Targa header had been compressed.  The Targa reader in cjpeg
 now behaves like the PPM reader and aborts compression if the end of the input
 file is reached prematurely.  Because this issue only affected cjpeg and not
 the underlying library, and because it did not involve any out-of-bounds reads
 or other exploitable behaviors, it was not believed to represent a security
 threat.
 ---
 rdtarga.c | 6 ++----
 1 file changed, 2 insertions(+), 4 deletions(-)
 diff --git a/rdtarga.c b/rdtarga.c
 index b9bbd07..f874ece 100644
 --- a/rdtarga.c
 +++ b/rdtarga.c
@@ -125,11 +125,10 @@ METHODDEF(void)
 read_non_rle_pixel (tga_source_ptr sinfo)
 /* Read one Targa pixel from the input file; no RLE expansion */
 {
 -  register FILE *infile = sinfo->pub.input_file;
   register int i;
   for (i = 0; i < sinfo->pixel_size; i++) {
 -    sinfo->tga_pixel[i] = (U_CHAR) getc(infile);
 +    sinfo->tga_pixel[i] = (U_CHAR) read_byte(sinfo);
   }
 }
@@ -138,7 +137,6 @@ METHODDEF(void)
 read_rle_pixel (tga_source_ptr sinfo)
 /* Read one Targa pixel from the input file, expanding RLE data as needed */
 {
 -  register FILE *infile = sinfo->pub.input_file;
   register int i;
   /* Duplicate previously read pixel? */
@@ -160,7 +158,7 @@ read_rle_pixel (tga_source_ptr sinfo)
   /* Read next pixel */
   for (i = 0; i < sinfo->pixel_size; i++) {
 -    sinfo->tga_pixel[i] = (U_CHAR) getc(infile);
 +    sinfo->tga_pixel[i] = (U_CHAR) read_byte(sinfo);
   }
 }
 -- 
 2.17.1
--- a/libjpeg-turbo-CVE-2018-14498.patch
+++ b/libjpeg-turbo-CVE-2018-14498.patch
@ -1,151 +0,0 @@
 From c7dd3cd0fec2d6785f2bd79e3e2f0adb62ee8bc1 Mon Sep 17 00:00:00 2001
 From: DRC <information@libjpeg-turbo.org>
 Date: Fri, 20 Jul 2018 17:21:36 -0500
 Subject: [PATCH] cjpeg: Fix OOB read caused by malformed 8-bit BMP
 ... in which one or more of the color indices is out of range for the
 number of palette entries.
 Fix partly borrowed from jpeg-9c.  This commit also adopts Guido's
 JERR_PPM_OUTOFRANGE enum value in lieu of our project-specific
 JERR_PPM_TOOLARGE enum value.
 Fixes #258
 ---
 cderror.h |  5 +++--
 rdbmp.c   |  7 ++++++-
 rdppm.c   | 12 ++++++------
 3 files changed, 15 insertions(+), 9 deletions(-)
 diff --git a/cderror.h b/cderror.h
 index 63de498..e57a8c8 100644
 --- a/cderror.h
 +++ b/cderror.h
@@ -2,7 +2,7 @@
  * cderror.h
  *
  * Copyright (C) 1994-1997, Thomas G. Lane.
 - * Modified 2009 by Guido Vollbeding.
 + * Modified 2009-2017 by Guido Vollbeding.
  * This file is part of the Independent JPEG Group's software.
  * For conditions of distribution and use, see the accompanying README.ijg
  * file.
@@ -49,6 +49,7 @@ JMESSAGE(JERR_BMP_COLORSPACE, "BMP output must be grayscale or RGB")
 JMESSAGE(JERR_BMP_COMPRESSED, "Sorry, compressed BMPs not yet supported")
 JMESSAGE(JERR_BMP_EMPTY, "Empty BMP image")
 JMESSAGE(JERR_BMP_NOT, "Not a BMP file - does not start with BM")
 +JMESSAGE(JERR_BMP_OUTOFRANGE, "Numeric value out of range in BMP file")
 JMESSAGE(JTRC_BMP, "%ux%u 24-bit BMP image")
 JMESSAGE(JTRC_BMP_MAPPED, "%ux%u 8-bit colormapped BMP image")
 JMESSAGE(JTRC_BMP_OS2, "%ux%u 24-bit OS2 BMP image")
@@ -75,8 +76,8 @@ JMESSAGE(JWRN_GIF_NOMOREDATA, "Ran out of GIF bits")
 #ifdef PPM_SUPPORTED
 JMESSAGE(JERR_PPM_COLORSPACE, "PPM output must be grayscale or RGB")
 JMESSAGE(JERR_PPM_NONNUMERIC, "Nonnumeric data in PPM file")
 -JMESSAGE(JERR_PPM_TOOLARGE, "Integer value too large in PPM file")
 JMESSAGE(JERR_PPM_NOT, "Not a PPM/PGM file")
 +JMESSAGE(JERR_PPM_OUTOFRANGE, "Numeric value out of range in PPM file")
 JMESSAGE(JTRC_PGM, "%ux%u PGM image")
 JMESSAGE(JTRC_PGM_TEXT, "%ux%u text PGM image")
 JMESSAGE(JTRC_PPM, "%ux%u PPM image")
 diff --git a/rdbmp.c b/rdbmp.c
 index 4104b68..a7dbe9f 100644
 --- a/rdbmp.c
 +++ b/rdbmp.c
@@ -3,7 +3,7 @@
  *
  * This file was part of the Independent JPEG Group's software:
  * Copyright (C) 1994-1996, Thomas G. Lane.
 - * Modified 2009-2010 by Guido Vollbeding.
 + * Modified 2009-2017 by Guido Vollbeding.
  * libjpeg-turbo Modifications:
  * Modified 2011 by Siarhei Siamashka.
  * Copyright (C) 2015, D. R. Commander.
@@ -66,6 +66,7 @@ typedef struct _bmp_source_struct {
   JDIMENSION row_width;         /* Physical width of scanlines in file */
   int bits_per_pixel;           /* remembers 8- or 24-bit format */
 +  int cmap_length;              /* colormap length */
 } bmp_source_struct;
@@ -126,6 +127,7 @@ get_8bit_row (j_compress_ptr cinfo, cjpeg_source_ptr sinfo)
 {
   bmp_source_ptr source = (bmp_source_ptr) sinfo;
   register JSAMPARRAY colormap = source->colormap;
 +  int cmaplen = source->cmap_length;
   JSAMPARRAY image_ptr;
   register int t;
   register JSAMPROW inptr, outptr;
@@ -142,6 +144,8 @@ get_8bit_row (j_compress_ptr cinfo, cjpeg_source_ptr sinfo)
   outptr = source->pub.buffer[0];
   for (col = cinfo->image_width; col > 0; col--) {
     t = GETJSAMPLE(*inptr++);
 +    if (t >= cmaplen)
 +      ERREXIT(cinfo, JERR_BMP_OUTOFRANGE);
     *outptr++ = colormap[0][t]; /* can omit GETJSAMPLE() safely */
     *outptr++ = colormap[1][t];
     *outptr++ = colormap[2][t];
@@ -401,6 +405,7 @@ start_input_bmp (j_compress_ptr cinfo, cjpeg_source_ptr sinfo)
     source->colormap = (*cinfo->mem->alloc_sarray)
       ((j_common_ptr) cinfo, JPOOL_IMAGE,
        (JDIMENSION) biClrUsed, (JDIMENSION) 3);
 +    source->cmap_length = (int)biClrUsed;
     /* and read it from the file */
     read_colormap(source, (int) biClrUsed, mapentrysize);
     /* account for size of colormap */
 diff --git a/rdppm.c b/rdppm.c
 index 33ff749..c0c0962 100644
 --- a/rdppm.c
 +++ b/rdppm.c
@@ -69,7 +69,7 @@ typedef struct {
   JSAMPROW pixrow;              /* compressor input buffer */
   size_t buffer_width;          /* width of I/O buffer */
   JSAMPLE *rescale;             /* => maxval-remapping array, or NULL */
 -  int maxval;
 +  unsigned int maxval;
 } ppm_source_struct;
 typedef ppm_source_struct *ppm_source_ptr;
@@ -119,7 +119,7 @@ read_pbm_integer (j_compress_ptr cinfo, FILE *infile, unsigned int maxval)
   }
   if (val > maxval)
 -    ERREXIT(cinfo, JERR_PPM_TOOLARGE);
 +    ERREXIT(cinfo, JERR_PPM_OUTOFRANGE);
   return val;
 }
@@ -255,7 +255,7 @@ get_word_gray_row (j_compress_ptr cinfo, cjpeg_source_ptr sinfo)
     temp  = UCH(*bufferptr++) << 8;
     temp |= UCH(*bufferptr++);
     if (temp > maxval)
 -      ERREXIT(cinfo, JERR_PPM_TOOLARGE);
 +      ERREXIT(cinfo, JERR_PPM_OUTOFRANGE);
     *ptr++ = rescale[temp];
   }
   return 1;
@@ -282,17 +282,17 @@ get_word_rgb_row (j_compress_ptr cinfo, cjpeg_source_ptr sinfo)
     temp  = UCH(*bufferptr++) << 8;
     temp |= UCH(*bufferptr++);
     if (temp > maxval)
 -      ERREXIT(cinfo, JERR_PPM_TOOLARGE);
 +      ERREXIT(cinfo, JERR_PPM_OUTOFRANGE);
     *ptr++ = rescale[temp];
     temp  = UCH(*bufferptr++) << 8;
     temp |= UCH(*bufferptr++);
     if (temp > maxval)
 -      ERREXIT(cinfo, JERR_PPM_TOOLARGE);
 +      ERREXIT(cinfo, JERR_PPM_OUTOFRANGE);
     *ptr++ = rescale[temp];
     temp  = UCH(*bufferptr++) << 8;
     temp |= UCH(*bufferptr++);
     if (temp > maxval)
 -      ERREXIT(cinfo, JERR_PPM_TOOLARGE);
 +      ERREXIT(cinfo, JERR_PPM_OUTOFRANGE);
     *ptr++ = rescale[temp];
   }
   return 1;
 -- 
 2.21.0
--- a/libjpeg-turbo-CVE-2020-17541.patch
+++ b/libjpeg-turbo-CVE-2020-17541.patch
@ -1,13 +0,0 @@
 diff --git a/jchuff.c b/jchuff.c
 index fffaace..3bf0194 100644
 --- a/jchuff.c
 +++ b/jchuff.c
@@ -428,7 +428,7 @@ dump_buffer (working_state *state)
  * scanning order-- 1, 8, 16, etc.), then this will produce an encoded block
  * larger than 200 bytes.
  */
 -#define BUFSIZE (DCTSIZE2 * 4)
 +#define BUFSIZE (DCTSIZE2 * 8)
 #define LOAD_BUFFER() { \
   if (state->free_in_buffer < BUFSIZE) { \
--- a/libjpeg-turbo-CVE-2021-20205.patch
+++ b/libjpeg-turbo-CVE-2021-20205.patch
@ -0,0 +1,73 @@
 From 6bb9d7ea3fdc22a8a03b989e430d0f4953e59f03 Mon Sep 17 00:00:00 2001
 From: DRC <information@libjpeg-turbo.org>
 Date: Thu, 14 Jan 2021 18:35:15 -0600
 Subject: [PATCH] cjpeg: Fix FPE when compressing 0-width GIF
 ---
 cderror.h | 5 ++++-
 rdgif.c   | 8 +++++++-
 2 files changed, 11 insertions(+), 2 deletions(-)
 diff --git a/cderror.h b/cderror.h
 index a386b69..2844346 100644
 --- a/cderror.h
 +++ b/cderror.h
@@ -1,9 +1,11 @@
 /*
  * cderror.h
  *
 + * This file was part of the Independent JPEG Group's software:
  * Copyright (C) 1994-1997, Thomas G. Lane.
  * Modified 2009-2017 by Guido Vollbeding.
 - * This file is part of the Independent JPEG Group's software.
 + * libjpeg-turbo Modifications:
 + * Copyright (C) 2021, D. R. Commander.
  * For conditions of distribution and use, see the accompanying README.ijg
  * file.
  *
@@ -60,6 +62,7 @@ JMESSAGE(JTRC_BMP_OS2_MAPPED, "%ux%u 8-bit colormapped OS2 BMP image")
 JMESSAGE(JERR_GIF_BUG, "GIF output got confused")
 JMESSAGE(JERR_GIF_CODESIZE, "Bogus GIF codesize %d")
 JMESSAGE(JERR_GIF_COLORSPACE, "GIF output must be grayscale or RGB")
 +JMESSAGE(JERR_GIF_EMPTY, "Empty GIF image")
 JMESSAGE(JERR_GIF_IMAGENOTFOUND, "Too few images in GIF file")
 JMESSAGE(JERR_GIF_NOT, "Not a GIF file")
 JMESSAGE(JTRC_GIF, "%ux%ux%d GIF image")
 diff --git a/rdgif.c b/rdgif.c
 index e1ea56c..8a379fe 100644
 --- a/rdgif.c
 +++ b/rdgif.c
@@ -1,9 +1,11 @@
 /*
  * rdgif.c
  *
 + * This file was part of the Independent JPEG Group's software:
  * Copyright (C) 1991-1997, Thomas G. Lane.
  * Modified 2019 by Guido Vollbeding.
 - * This file is part of the Independent JPEG Group's software.
 + * libjpeg-turbo Modifications:
 + * Copyright (C) 2021, D. R. Commander.
  * For conditions of distribution and use, see the accompanying README.ijg
  * file.
  *
@@ -404,6 +406,8 @@ start_input_gif(j_compress_ptr cinfo, cjpeg_source_ptr sinfo)
     ERREXIT(cinfo, JERR_INPUT_EOF);
   width = LM_to_uint(hdrbuf, 0);
   height = LM_to_uint(hdrbuf, 2);
 +  if (width == 0 || height == 0)
 +    ERREXIT(cinfo, JERR_GIF_EMPTY);
   /* we ignore the color resolution, sort flag, and background color index */
   aspectRatio = UCH(hdrbuf[6]);
   if (aspectRatio != 0 && aspectRatio != 49)
@@ -446,6 +450,8 @@ start_input_gif(j_compress_ptr cinfo, cjpeg_source_ptr sinfo)
     /* we ignore top/left position info, also sort flag */
     width = LM_to_uint(hdrbuf, 4);
     height = LM_to_uint(hdrbuf, 6);
 +    if (width == 0 || height == 0)
 +      ERREXIT(cinfo, JERR_GIF_EMPTY);
     source->is_interlaced = (BitSet(hdrbuf[8], INTERLACE) != 0);
     /* Read local colormap if header indicates it is present */
 -- 
 2.26.3
--- a/libjpeg-turbo-CVE-2021-37972.patch
+++ b/libjpeg-turbo-CVE-2021-37972.patch
@ -0,0 +1,41 @@
 From 1057a4a2d00b7d30cd7e827f577ee2ee640f508a Mon Sep 17 00:00:00 2001
 From: DRC <information@libjpeg-turbo.org>
 Date: Fri, 6 Aug 2021 13:41:15 -0500
 Subject: [PATCH] SSE2/64-bit: Fix trans. segfault w/ malformed JPEG
 Attempting to losslessly transform certain malformed JPEG images can
 cause the nbits table index in the Huffman encoder to exceed 32768, so
 we need to pad the SSE2 implementation of that table to 65536 entries as
 we do with the C implementation.
 Regression introduced by 087c29e07f7533ec82fd7eb1dafc84c29e7870ec
 Fixes #543
 ---
 simd/x86_64/jchuff-sse2.asm | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)
 diff --git a/simd/x86_64/jchuff-sse2.asm b/simd/x86_64/jchuff-sse2.asm
 index 1770a84..7e5ca30 100644
 --- a/simd/x86_64/jchuff-sse2.asm
 +++ b/simd/x86_64/jchuff-sse2.asm
@@ -1,7 +1,7 @@
 ;
 ; jchuff-sse2.asm - Huffman entropy encoding (64-bit SSE2)
 ;
 -; Copyright (C) 2009-2011, 2014-2016, 2019, D. R. Commander.
 +; Copyright (C) 2009-2011, 2014-2016, 2019, 2021, D. R. Commander.
 ; Copyright (C) 2015, Matthieu Darbois.
 ; Copyright (C) 2018, Matthias Räncker.
 ;
@@ -83,6 +83,7 @@ times 1 << 11 db 12
 times 1 << 12 db 13
 times 1 << 13 db 14
 times 1 << 14 db 15
 +times 1 << 15 db 16
     alignz      32
 -- 
 2.32.0
--- a/libjpeg-turbo-CVE-2021-46822.patch
+++ b/libjpeg-turbo-CVE-2021-46822.patch
@ -0,0 +1,108 @@
 From f35fd27ec641c42d6b115bfa595e483ec58188d2 Mon Sep 17 00:00:00 2001
 From: DRC <information@libjpeg-turbo.org>
 Date: Tue, 6 Apr 2021 12:51:03 -0500
 Subject: [PATCH] tjLoadImage: Fix issues w/loading 16-bit PPMs/PGMs
 - The PPM reader now throws an error rather than segfaulting (due to a
  buffer overrun) if an application attempts to load a 16-bit PPM file
  into a grayscale uncompressed image buffer.  No known applications
  allowed that (not even the test applications in libjpeg-turbo),
  because that mode of operation was never expected to work and did not
  work under any circumstances.  (In fact, it was necessary to modify
  TJBench in order to reproduce the issue outside of a fuzzing
  environment.)  This was purely a matter of making the library bow out
  gracefully rather than crash if an application tries to do something
  really stupid.
 - The PPM reader now throws an error rather than generating incorrect
  pixels if an application attempts to load a 16-bit PGM file into an
  RGB uncompressed image buffer.
 - The PPM reader now correctly loads 16-bit PPM files into extended
  RGB uncompressed image buffers.  (Previously it generated incorrect
  pixels unless the input colorspace was JCS_RGB or JCS_EXT_RGB.)
 The only way that users could have potentially encountered these issues
 was through the tjLoadImage() function.  cjpeg and TJBench were
 unaffected.
 ---
 ChangeLog.md | 10 ++++++++++
 rdppm.c      | 26 ++++++++++++++++++++------
 2 files changed, 30 insertions(+), 6 deletions(-)
 diff --git a/rdppm.c b/rdppm.c
 index c4c937e8..6ac8fdbf 100644
 --- a/rdppm.c
 +++ b/rdppm.c
@@ -5,7 +5,7 @@
  * Copyright (C) 1991-1997, Thomas G. Lane.
  * Modified 2009 by Bill Allombert, Guido Vollbeding.
  * libjpeg-turbo Modifications:
 - * Copyright (C) 2015-2017, 2020, D. R. Commander.
 + * Copyright (C) 2015-2017, 2020-2021, D. R. Commander.
  * For conditions of distribution and use, see the accompanying README.ijg
  * file.
  *
@@ -516,6 +516,11 @@ get_word_rgb_row(j_compress_ptr cinfo, cjpeg_source_ptr sinfo)
   register JSAMPLE *rescale = source->rescale;
   JDIMENSION col;
   unsigned int maxval = source->maxval;
 +  register int rindex = rgb_red[cinfo->in_color_space];
 +  register int gindex = rgb_green[cinfo->in_color_space];
 +  register int bindex = rgb_blue[cinfo->in_color_space];
 +  register int aindex = alpha_index[cinfo->in_color_space];
 +  register int ps = rgb_pixelsize[cinfo->in_color_space];
   if (!ReadOK(source->pub.input_file, source->iobuffer, source->buffer_width))
     ERREXIT(cinfo, JERR_INPUT_EOF);
@@ -527,17 +532,20 @@ get_word_rgb_row(j_compress_ptr cinfo, cjpeg_source_ptr sinfo)
     temp |= UCH(*bufferptr++);
     if (temp > maxval)
       ERREXIT(cinfo, JERR_PPM_OUTOFRANGE);
 -    *ptr++ = rescale[temp];
 +    ptr[rindex] = rescale[temp];
     temp  = UCH(*bufferptr++) << 8;
     temp |= UCH(*bufferptr++);
     if (temp > maxval)
       ERREXIT(cinfo, JERR_PPM_OUTOFRANGE);
 -    *ptr++ = rescale[temp];
 +    ptr[gindex] = rescale[temp];
     temp  = UCH(*bufferptr++) << 8;
     temp |= UCH(*bufferptr++);
     if (temp > maxval)
       ERREXIT(cinfo, JERR_PPM_OUTOFRANGE);
 -    *ptr++ = rescale[temp];
 +    ptr[bindex] = rescale[temp];
 +    if (aindex >= 0)
 +      ptr[aindex] = 0xFF;
 +    ptr += ps;
   }
   return 1;
 }
@@ -624,7 +632,10 @@ start_input_ppm(j_compress_ptr cinfo, cjpeg_source_ptr sinfo)
       cinfo->in_color_space = JCS_GRAYSCALE;
     TRACEMS2(cinfo, 1, JTRC_PGM, w, h);
     if (maxval > 255) {
 -      source->pub.get_pixel_rows = get_word_gray_row;
 +      if (cinfo->in_color_space == JCS_GRAYSCALE)
 +        source->pub.get_pixel_rows = get_word_gray_row;
 +      else
 +        ERREXIT(cinfo, JERR_BAD_IN_COLORSPACE);
     } else if (maxval == MAXJSAMPLE && sizeof(JSAMPLE) == sizeof(U_CHAR) &&
                cinfo->in_color_space == JCS_GRAYSCALE) {
       source->pub.get_pixel_rows = get_raw_row;
@@ -647,7 +658,10 @@ start_input_ppm(j_compress_ptr cinfo, cjpeg_source_ptr sinfo)
       cinfo->in_color_space = JCS_EXT_RGB;
     TRACEMS2(cinfo, 1, JTRC_PPM, w, h);
     if (maxval > 255) {
 -      source->pub.get_pixel_rows = get_word_rgb_row;
 +      if (IsExtRGB(cinfo->in_color_space))
 +        source->pub.get_pixel_rows = get_word_rgb_row;
 +      else
 +        ERREXIT(cinfo, JERR_BAD_IN_COLORSPACE);
     } else if (maxval == MAXJSAMPLE && sizeof(JSAMPLE) == sizeof(U_CHAR) &&
 #if RGB_RED == 0 && RGB_GREEN == 1 && RGB_BLUE == 2 && RGB_PIXELSIZE == 3
                (cinfo->in_color_space == JCS_EXT_RGB ||
 -- 
 2.34.1
--- a/libjpeg-turbo-cmake.patch
+++ b/libjpeg-turbo-cmake.patch
@ -0,0 +1,57 @@
 diff --git a/CMakeLists.txt b/CMakeLists.txt
 index 73ebb10..a52a45e 100644
 --- a/CMakeLists.txt
 +++ b/CMakeLists.txt
@@ -1410,8 +1410,6 @@ if(WITH_TURBOJPEG)
       ARCHIVE DESTINATION ${CMAKE_INSTALL_LIBDIR}
       LIBRARY DESTINATION ${CMAKE_INSTALL_LIBDIR}
       RUNTIME DESTINATION ${CMAKE_INSTALL_BINDIR})
 -    install(TARGETS tjbench
 -      RUNTIME DESTINATION ${CMAKE_INSTALL_BINDIR})
     if(NOT CMAKE_VERSION VERSION_LESS "3.1" AND MSVC AND
       CMAKE_C_LINKER_SUPPORTS_PDB)
       install(FILES "$<TARGET_PDB_FILE:turbojpeg>"
@@ -1422,15 +1420,6 @@ if(WITH_TURBOJPEG)
     install(TARGETS turbojpeg-static EXPORT ${CMAKE_PROJECT_NAME}Targets
       INCLUDES DESTINATION ${CMAKE_INSTALL_INCLUDEDIR}
       ARCHIVE DESTINATION ${CMAKE_INSTALL_LIBDIR})
 -    if(NOT ENABLE_SHARED)
 -      if(MSVC_IDE OR XCODE)
 -        set(DIR "${CMAKE_CURRENT_BINARY_DIR}/\${CMAKE_INSTALL_CONFIG_NAME}")
 -      else()
 -        set(DIR ${CMAKE_CURRENT_BINARY_DIR})
 -      endif()
 -      install(PROGRAMS ${DIR}/tjbench-static${EXE}
 -        DESTINATION ${CMAKE_INSTALL_BINDIR} RENAME tjbench${EXE})
 -    endif()
   endif()
   install(FILES ${CMAKE_CURRENT_SOURCE_DIR}/turbojpeg.h
     DESTINATION ${CMAKE_INSTALL_INCLUDEDIR})
@@ -1457,18 +1446,6 @@ endif()
 install(TARGETS rdjpgcom wrjpgcom RUNTIME DESTINATION ${CMAKE_INSTALL_BINDIR})
 -install(FILES ${CMAKE_CURRENT_SOURCE_DIR}/README.ijg
 -  ${CMAKE_CURRENT_SOURCE_DIR}/README.md ${CMAKE_CURRENT_SOURCE_DIR}/example.txt
 -  ${CMAKE_CURRENT_SOURCE_DIR}/tjexample.c
 -  ${CMAKE_CURRENT_SOURCE_DIR}/libjpeg.txt
 -  ${CMAKE_CURRENT_SOURCE_DIR}/structure.txt
 -  ${CMAKE_CURRENT_SOURCE_DIR}/usage.txt ${CMAKE_CURRENT_SOURCE_DIR}/wizard.txt
 -  ${CMAKE_CURRENT_SOURCE_DIR}/LICENSE.md DESTINATION ${CMAKE_INSTALL_DOCDIR})
 -if(WITH_JAVA)
 -  install(FILES ${CMAKE_CURRENT_SOURCE_DIR}/java/TJExample.java
 -    DESTINATION ${CMAKE_INSTALL_DOCDIR})
 -endif()
 -
 if(UNIX OR MINGW)
   install(FILES ${CMAKE_CURRENT_SOURCE_DIR}/cjpeg.1
     ${CMAKE_CURRENT_SOURCE_DIR}/djpeg.1 ${CMAKE_CURRENT_SOURCE_DIR}/jpegtran.1
@@ -1489,7 +1466,7 @@ install(EXPORT ${CMAKE_PROJECT_NAME}Targets
 install(FILES ${CMAKE_CURRENT_BINARY_DIR}/jconfig.h
   ${CMAKE_CURRENT_SOURCE_DIR}/jerror.h ${CMAKE_CURRENT_SOURCE_DIR}/jmorecfg.h
 -  ${CMAKE_CURRENT_SOURCE_DIR}/jpeglib.h
 +  ${CMAKE_CURRENT_SOURCE_DIR}/jpeglib.h ${CMAKE_CURRENT_SOURCE_DIR}/jpegint.h
   DESTINATION ${CMAKE_INSTALL_INCLUDEDIR})
 include(cmakescripts/BuildPackages.cmake)
--- a/libjpeg-turbo-coverity.patch
+++ b/libjpeg-turbo-coverity.patch
@ -1,25 +0,0 @@
 diff --git a/md5/md5hl.c b/md5/md5hl.c
 index 983ea76..1b5ced2 100644
 --- a/md5/md5hl.c
 +++ b/md5/md5hl.c
@@ -75,14 +75,18 @@ MD5FileChunk(const char *filename, char *buf, off_t ofs, off_t len)
 #endif
 	if (f < 0)
 		return 0;
 -	if (fstat(f, &stbuf) < 0)
 +	if (fstat(f, &stbuf) < 0) {
 +		close(f);
 		return 0;
 +	}
 	if (ofs > stbuf.st_size)
 		ofs = stbuf.st_size;
 	if ((len == 0) || (len > stbuf.st_size - ofs))
 		len = stbuf.st_size - ofs;
 -	if (lseek(f, ofs, SEEK_SET) < 0)
 +	if (lseek(f, ofs, SEEK_SET) < 0) {
 +		close(f);
 		return 0;
 +	}
 	n = len;
 	i = 0;
 	while (n > 0) {
--- a/libjpeg-turbo-header-files.patch
+++ b/libjpeg-turbo-header-files.patch
@ -1,12 +0,0 @@
 diff --git a/Makefile.am b/Makefile.am
 index d767e4f..584d0c0 100644
 --- a/Makefile.am
 +++ b/Makefile.am
@@ -1,6 +1,6 @@
 lib_LTLIBRARIES = libjpeg.la
 libjpeg_la_LDFLAGS = -version-info ${LIBTOOL_CURRENT}:${SO_MINOR_VERSION}:${SO_AGE} -no-undefined
 -include_HEADERS = jerror.h jmorecfg.h jpeglib.h
 +include_HEADERS = jerror.h jmorecfg.h jpegint.h jconfig.h jpeglib.h
 if WITH_TURBOJPEG
 lib_LTLIBRARIES += libturbojpeg.la
--- a/libjpeg-turbo-honor-naflags.patch
+++ b/libjpeg-turbo-honor-naflags.patch
@ -1,33 +0,0 @@
 diff --git a/acinclude.m4 b/acinclude.m4
 index 113169f..0417819 100644
 --- a/acinclude.m4
 +++ b/acinclude.m4
@@ -90,17 +90,17 @@ fi
 AC_MSG_CHECKING([for object file format specifier (NAFLAGS) ])
 case "$objfmt" in
 -  MSOMF)      NAFLAGS='-fobj -DOBJ32';;
 -  Win32-COFF) NAFLAGS='-fwin32 -DWIN32';;
 -  Win64-COFF) NAFLAGS='-fwin64 -DWIN64 -D__x86_64__';;
 -  COFF)       NAFLAGS='-fcoff -DCOFF';;
 -  a.out)      NAFLAGS='-faout -DAOUT';;
 -  BSD-a.out)  NAFLAGS='-faoutb -DAOUT';;
 -  ELF)        NAFLAGS='-felf -DELF';;
 -  ELF64)      NAFLAGS='-felf64 -DELF -D__x86_64__';;
 -  RDF)        NAFLAGS='-frdf -DRDF';;
 -  Mach-O)     NAFLAGS='-fmacho -DMACHO';;
 -  Mach-O64)   NAFLAGS='-fmacho64 -DMACHO -D__x86_64__';;
 +  MSOMF)      NAFLAGS="$NAFLAGS -fobj -DOBJ32";;
 +  Win32-COFF) NAFLAGS="$NAFLAGS -fwin32 -DWIN32";;
 +  Win64-COFF) NAFLAGS="$NAFLAGS -fwin64 -DWIN64 -D__x86_64__";;
 +  COFF)       NAFLAGS="$NAFLAGS -fcoff -DCOFF";;
 +  a.out)      NAFLAGS="$NAFLAGS -faout -DAOUT";;
 +  BSD-a.out)  NAFLAGS="$NAFLAGS -faoutb -DAOUT";;
 +  ELF)        NAFLAGS="$NAFLAGS -felf -DELF";;
 +  ELF64)      NAFLAGS="$NAFLAGS -felf64 -DELF -D__x86_64__";;
 +  RDF)        NAFLAGS="$NAFLAGS -frdf -DRDF";;
 +  Mach-O)     NAFLAGS="$NAFLAGS -fmacho -DMACHO";;
 +  Mach-O64)   NAFLAGS="$NAFLAGS -fmacho64 -DMACHO -D__x86_64__";;
 esac
 AC_MSG_RESULT([$NAFLAGS])
 AC_SUBST([NAFLAGS])
--- a/libjpeg-turbo.spec
+++ b/libjpeg-turbo.spec
@ -1,23 +1,20 @@
 Name:           libjpeg-turbo
-Version:        1.5.3
+Version:        2.0.90
-Release:        12%{?dist}
+Release:        7%{?dist}
 Summary:        A MMX/SSE2/SIMD accelerated library for manipulating JPEG image files
 License:        IJG
 URL:            http://sourceforge.net/projects/libjpeg-turbo
 Source0:        http://downloads.sourceforge.net/%{name}/%{name}-%{version}.tar.gz
-Patch0:         libjpeg-turbo14-noinst.patch
+Patch0:         libjpeg-turbo-cmake.patch
-Patch1:         libjpeg-turbo-header-files.patch
+Patch1:         libjpeg-turbo-CET.patch
-Patch2:         libjpeg-turbo-CVE-2018-11813.patch
+Patch3:         libjpeg-turbo-CVE-2021-20205.patch
-Patch3:         libjpeg-turbo-CVE-2018-1152.patch
+Patch4:         libjpeg-turbo-CVE-2021-37972.patch
-Patch4:         libjpeg-turbo-honor-naflags.patch
+Patch5:         libjpeg-turbo-CVE-2021-46822.patch
-Patch5:         libjpeg-turbo-coverity.patch
+Patch6:         libjpeg-turbo-2.0.90-cve-2021-29390.patch
 Patch6:         libjpeg-turbo-CET.patch
 Patch7:         libjpeg-turbo-CVE-2018-14498.patch
 Patch8:         libjpeg-turbo-CVE-2020-17541.patch
-BuildRequires:  autoconf
+BuildRequires:  gcc
-BuildRequires:  automake
+BuildRequires:  cmake
 BuildRequires:  libtool
 BuildRequires:  nasm
@ -75,32 +72,25 @@ This package contains header files necessary for developing programs which will
 manipulate JPEG files using the TurboJPEG library.
 %prep
-%setup -q
+%autosetup -p1
 %patch0 -p1 -b .noinst
 %patch1 -p1 -b .header-files
 %patch2 -p1 -b .CVE-2018-11813
 %patch3 -p1 -b .CVE-2018-1152
 %patch4 -p1 -b .honor-naflags
 %patch5 -p1 -b .coverity
 %patch6 -p1 -b .CET
 %patch7 -p1 -b .CVE-2018-14498
 %patch8 -p1 -b .CVE-2020-17541
 %build
 autoreconf -vif
 export NAFLAGS="-g -Fdwarf"
 export CCASFLAGS="-Wa,--generate-missing-build-notes=yes"
 # NASM object files are missing GNU Property note for Intel CET,
 # force it on the resulting library
 %ifarch %{ix86} x86_64
 export LDFLAGS="$RPM_LD_FLAGS -Wl,-z,ibt -Wl,-z,shstk"
 %endif
 %configure --disable-static
-make %{?_smp_mflags} V=1
+%{cmake} -DCMAKE_SKIP_RPATH:BOOL=YES \
         -DCMAKE_SKIP_INSTALL_RPATH:BOOL=YES \
 %ifarch s390x
         -DFLOATTEST:STRING="fp-contract" \
 %endif
         -DENABLE_STATIC:BOOL=NO
 %cmake_build
 %install
-make install DESTDIR=%{buildroot}
+%cmake_install
 find %{buildroot} -name "*.la" -delete
 # Fix perms
@ -145,7 +135,8 @@ EOF
 fi
 %check
-make test %{?_smp_mflags}
+export LD_LIBRARY_PATH=%{buildroot}%{_libdir}
 %ctest
 %ldconfig_scriptlets
 %ldconfig_scriptlets -n turbojpeg
@ -156,7 +147,7 @@ make test %{?_smp_mflags}
 %{_libdir}/libjpeg.so.62*
 %files devel
-%doc coderules.txt jconfig.txt libjpeg.txt structure.txt example.c
+%doc coderules.txt jconfig.txt libjpeg.txt structure.txt example.txt
 %{_includedir}/jconfig*.h
 %{_includedir}/jerror.h
 %{_includedir}/jmorecfg.h
@ -164,6 +155,7 @@ make test %{?_smp_mflags}
 %{_includedir}/jpeglib.h
 %{_libdir}/libjpeg.so
 %{_libdir}/pkgconfig/libjpeg.pc
 %{_libdir}/cmake/%{name}/%{name}*.cmake
 %files utils
 %doc usage.txt wizard.txt
@ -180,40 +172,110 @@ make test %{?_smp_mflags}
 %files -n turbojpeg
 %license LICENSE.md
 %doc README.md README.ijg ChangeLog.md
 %{_libdir}/libturbojpeg.so.0*
 %files -n turbojpeg-devel
 %doc tjexample.c
 %{_includedir}/turbojpeg.h
 %{_libdir}/libturbojpeg.so
 %{_libdir}/pkgconfig/libturbojpeg.pc
 %changelog
-* Thu Jul 15 2021 Nikola Forró <nforro@redhat.com> - 1.5.3-12
+* Tue Jan 09 2024 Matej Mužila <mmuzila@redhat.com> - 2.0.90.7
- Add missing license file (#1982572)
+- Fix CVE-2021-29390
 - Resolves: RHEL-5413
-* Wed Jun 30 2021 Nikola Forró <nforro@redhat.com> - 1.5.3-11
+* Thu Jul 21 2022 Matej Mužila <mmuzila@redhat.com> - 2.0.90-6
- Fix CVE-2020-17541 (#1972289)
+- Fix CVE-2021-46822
 - Resolves: CVE-2021-46822
-* Thu Jun 06 2019 Nikola Forró <nforro@redhat.com> - 1.5.3-10
+* Sat Sep 25 2021 Nikola Forró <nforro@redhat.com> - 2.0.90-5
- Fix CVE-2018-14498 (#1687477)
+- Fix CVE-2021-37972 (#2007679)
-* Tue Jun 04 2019 Nikola Forró <nforro@redhat.com> - 1.5.3-9
+* Mon Aug 09 2021 Mohan Boddu <mboddu@redhat.com> - 2.0.90-4
- Fix LDFLAGS (#1688397)
+- Rebuilt for IMA sigs, glibc 2.34, aarch64 flags
  Related: rhbz#1991688
-* Thu Mar 21 2019 Nikola Forró <nforro@redhat.com> - 1.5.3-8
+* Fri Apr 16 2021 Mohan Boddu <mboddu@redhat.com> - 2.0.90-3
- Support running with Intel CET (#1688397)
+- Rebuilt for RHEL 9 BETA on Apr 15th 2021. Related: rhbz#1947937
-* Mon Oct 15 2018 Nikola Forró <nforro@redhat.com> - 1.5.3-7
+* Thu Mar 25 2021 Nikola Forró <nforro@redhat.com> - 2.0.90-2
- Fix important Covscan defects (#1606984)
+- Fix CVE-2021-20205 (#1937387)
-* Mon Oct 01 2018 Nikola Forró <nforro@redhat.com> - 1.5.3-6
+* Thu Jan 28 2021 Nikola Forró <nforro@redhat.com> - 2.0.90-1
- Compile NASM sources with debug info, annotate GAS object files (#1630583)
+- New upstream release 2.0.90 (#1898427)
-* Fri Jun 29 2018 Nikola Forró <nforro@redhat.com> - 1.5.3-5
+* Tue Jan 26 2021 Fedora Release Engineering <releng@fedoraproject.org> - 2.0.5-6
- Fix CVE-2018-1152 (#1593557)
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_34_Mass_Rebuild
-* Fri Jun 15 2018 Nikola Forró <nforro@redhat.com> - 1.5.3-4
+* Tue Aug 04 2020 Nikola Forró <nforro@redhat.com> - 2.0.5-5
- Fix CVE-2018-11813 (#1588807)
+- Fix FTBFS (#1864007)
 * Sat Aug 01 2020 Fedora Release Engineering <releng@fedoraproject.org> - 2.0.5-4
 - Second attempt - Rebuilt for
  https://fedoraproject.org/wiki/Fedora_33_Mass_Rebuild
 * Tue Jul 28 2020 Fedora Release Engineering <releng@fedoraproject.org> - 2.0.5-3
 - Rebuilt for https://fedoraproject.org/wiki/Fedora_33_Mass_Rebuild
 * Mon Jul 13 2020 Tom Stellard <tstellar@redhat.com> - 2.0.5-2
 - Use make macros
 - https://fedoraproject.org/wiki/Changes/UseMakeBuildInstallMacro
 * Fri Jul 03 2020 Nikola Forró <nforro@redhat.com> - 2.0.5-1
 - New upstream release 2.0.5 (#1850293)
 * Tue Jun 16 2020 Nikola Forró <nforro@redhat.com> - 2.0.4-3
 - Fix CVE-2020-13790 (#1847159)
 * Wed Jan 29 2020 Fedora Release Engineering <releng@fedoraproject.org> - 2.0.4-2
 - Rebuilt for https://fedoraproject.org/wiki/Fedora_32_Mass_Rebuild
 * Wed Jan 08 2020 Nikola Forró <nforro@redhat.com> - 2.0.4-1
 - New upstream release 2.0.4 (#1787793)
 * Thu Sep 05 2019 Nikola Forró <nforro@redhat.com> - 2.0.3-1
 - New upstream release 2.0.3 (#1749130)
 * Thu Jul 25 2019 Fedora Release Engineering <releng@fedoraproject.org> - 2.0.2-4
 - Rebuilt for https://fedoraproject.org/wiki/Fedora_31_Mass_Rebuild
 * Tue Jun 04 2019 Nikola Forró <nforro@redhat.com> - 2.0.2-3
 - Fix LDFLAGS
 * Mon Apr 29 2019 Nikola Forró <nforro@redhat.com> - 2.0.2-2
 - Support running with Intel CET
 * Wed Feb 27 2019 Nikola Forró <nforro@redhat.com> - 2.0.2-1
 - New upstream release 2.0.2
 * Fri Feb 01 2019 Fedora Release Engineering <releng@fedoraproject.org> - 2.0.0-4
 - Rebuilt for https://fedoraproject.org/wiki/Fedora_30_Mass_Rebuild
 * Fri Jan 11 2019 Nikola Forró <nforro@redhat.com> - 2.0.0-3
 - Fix CVE-2018-19664 (#1656219)
 * Fri Jan 11 2019 Nikola Forró <nforro@redhat.com> - 2.0.0-2
 - Fix CVE-2018-20330 (#1665224)
 * Mon Jul 30 2018 Nikola Forró <nforro@redhat.com> - 2.0.0-1
 - New upstream release 2.0.0 (#1609439)
 * Fri Jul 13 2018 Fedora Release Engineering <releng@fedoraproject.org> - 1.5.90-4
 - Rebuilt for https://fedoraproject.org/wiki/Fedora_29_Mass_Rebuild
 * Fri Jun 29 2018 Nikola Forró <nforro@redhat.com> - 1.5.90-3
 - Fix CVE-2018-1152 (#1593555)
 * Fri Jun 15 2018 Nikola Forró <nforro@redhat.com> - 1.5.90-2
 - Fix CVE-2018-11813 (#1588804)
 * Wed Mar 28 2018 Nikola Forró <nforro@redhat.com> - 1.5.90-1
 - New upstream release 1.5.90 (#1560219)
 * Tue Feb 20 2018 Nikola Forró <nforro@redhat.com> - 1.5.3-4
 - Add missing gcc build dependency
 * Wed Feb 07 2018 Fedora Release Engineering <releng@fedoraproject.org> - 1.5.3-3
 - Rebuilt for https://fedoraproject.org/wiki/Fedora_28_Mass_Rebuild
--- a/libjpeg-turbo14-noinst.patch
+++ b/libjpeg-turbo14-noinst.patch
@ -1,29 +0,0 @@
 diff --git a/Makefile.am b/Makefile.am
 index 80f0059..eea9a32 100644
 --- a/Makefile.am
 +++ b/Makefile.am
@@ -92,9 +92,7 @@ noinst_PROGRAMS = jcstest
 if WITH_TURBOJPEG
 -bin_PROGRAMS += tjbench
 -
 -noinst_PROGRAMS += tjunittest
 +noinst_PROGRAMS += tjbench tjunittest
 tjbench_SOURCES = tjbench.c bmp.h bmp.c tjutil.h tjutil.c rdbmp.c rdppm.c \
 	wrbmp.c wrppm.c
@@ -160,13 +158,6 @@ dist_man1_MANS = cjpeg.1 djpeg.1 jpegtran.1 rdjpgcom.1 wrjpgcom.1
 DOCS= coderules.txt jconfig.txt change.log rdrle.c wrrle.c BUILDING.md \
 	ChangeLog.md
 -dist_doc_DATA = README.ijg README.md libjpeg.txt structure.txt usage.txt \
 -	wizard.txt LICENSE.md
 -
 -exampledir = $(docdir)
 -dist_example_DATA = example.c
 -
 -
 EXTRA_DIST = win release $(DOCS) testimages CMakeLists.txt \
 	sharedlib/CMakeLists.txt cmakescripts libjpeg.map.in doc doxygen.config \
 	doxygen-extra.css jccolext.c jdcolext.c jdcol565.c jdmrgext.c jdmrg565.c \
--- a/2
+++ b/2
@ -1 +1 @@
-SHA512 (libjpeg-turbo-1.5.3.tar.gz) = b611b1cc3d1ddedddad871854b42449d053a5f910ed1bdfa45c98e0270f4ecc110fde3a10111d2b876d847a826fa634f09c0bb8c357056c9c3a91c9065eb5202
+SHA512 (libjpeg-turbo-2.0.90.tar.gz) = e00cab142c81e90d0eaf891d44ce3dccfdfe7d61e4efe8e81c5983dc6444ca1775f555316cce17b6551afc4b9e285202f53f6d0a8561433840fda311f630bc6d
`@ -1,2 +1 @@`
	`SOURCES/libjpeg-turbo-1.5.3.tar.gz`	`/libjpeg-turbo-*.tar.gz`
	`/libjpeg-turbo-1.5.3.tar.gz`
`@ -1 +1 @@`
	`SHA512 (libjpeg-turbo-1.5.3.tar.gz) = b611b1cc3d1ddedddad871854b42449d053a5f910ed1bdfa45c98e0270f4ecc110fde3a10111d2b876d847a826fa634f09c0bb8c357056c9c3a91c9065eb5202`	`SHA512 (libjpeg-turbo-2.0.90.tar.gz) = e00cab142c81e90d0eaf891d44ce3dccfdfe7d61e4efe8e81c5983dc6444ca1775f555316cce17b6551afc4b9e285202f53f6d0a8561433840fda311f630bc6d`