From 462bd6c14d7fffb74fe6069fd7abd8e42f2d135c Mon Sep 17 00:00:00 2001
From: CentOS Sources <bugs@centos.org>
Date: Nov 09 2021 09:48:04 +0000
Subject: import libjpeg-turbo-1.5.3-12.el8


---

diff --git a/SOURCES/libjpeg-turbo-CVE-2020-17541.patch b/SOURCES/libjpeg-turbo-CVE-2020-17541.patch
new file mode 100644
index 0000000..fe91ef8
--- /dev/null
+++ b/SOURCES/libjpeg-turbo-CVE-2020-17541.patch
@@ -0,0 +1,13 @@
+diff --git a/jchuff.c b/jchuff.c
+index fffaace..3bf0194 100644
+--- a/jchuff.c
++++ b/jchuff.c
+@@ -428,7 +428,7 @@ dump_buffer (working_state *state)
+  * scanning order-- 1, 8, 16, etc.), then this will produce an encoded block
+  * larger than 200 bytes.
+  */
+-#define BUFSIZE (DCTSIZE2 * 4)
++#define BUFSIZE (DCTSIZE2 * 8)
+ 
+ #define LOAD_BUFFER() { \
+   if (state->free_in_buffer < BUFSIZE) { \
diff --git a/SPECS/libjpeg-turbo.spec b/SPECS/libjpeg-turbo.spec
index d0273ad..09283d8 100644
--- a/SPECS/libjpeg-turbo.spec
+++ b/SPECS/libjpeg-turbo.spec
@@ -1,6 +1,6 @@
 Name:           libjpeg-turbo
 Version:        1.5.3
-Release:        10%{?dist}
+Release:        12%{?dist}
 Summary:        A MMX/SSE2/SIMD accelerated library for manipulating JPEG image files
 License:        IJG
 URL:            http://sourceforge.net/projects/libjpeg-turbo
@@ -14,6 +14,7 @@ Patch4:         libjpeg-turbo-honor-naflags.patch
 Patch5:         libjpeg-turbo-coverity.patch
 Patch6:         libjpeg-turbo-CET.patch
 Patch7:         libjpeg-turbo-CVE-2018-14498.patch
+Patch8:         libjpeg-turbo-CVE-2020-17541.patch
 
 BuildRequires:  autoconf
 BuildRequires:  automake
@@ -83,6 +84,7 @@ manipulate JPEG files using the TurboJPEG library.
 %patch5 -p1 -b .coverity
 %patch6 -p1 -b .CET
 %patch7 -p1 -b .CVE-2018-14498
+%patch8 -p1 -b .CVE-2020-17541
 
 %build
 autoreconf -vif
@@ -149,6 +151,7 @@ make test %{?_smp_mflags}
 %ldconfig_scriptlets -n turbojpeg
 
 %files
+%license LICENSE.md
 %doc README.md README.ijg ChangeLog.md
 %{_libdir}/libjpeg.so.62*
 
@@ -176,6 +179,7 @@ make test %{?_smp_mflags}
 %{_mandir}/man1/wrjpgcom.1*
 
 %files -n turbojpeg
+%license LICENSE.md
 %{_libdir}/libturbojpeg.so.0*
 
 %files -n turbojpeg-devel
@@ -184,6 +188,12 @@ make test %{?_smp_mflags}
 %{_libdir}/pkgconfig/libturbojpeg.pc
 
 %changelog
+* Thu Jul 15 2021 Nikola Forró <nforro@redhat.com> - 1.5.3-12
+- Add missing license file (#1982572)
+
+* Wed Jun 30 2021 Nikola Forró <nforro@redhat.com> - 1.5.3-11
+- Fix CVE-2020-17541 (#1972289)
+
 * Thu Jun 06 2019 Nikola Forró <nforro@redhat.com> - 1.5.3-10
 - Fix CVE-2018-14498 (#1687477)