diff --git a/.gitignore b/.gitignore new file mode 100644 index 0000000..1defb6e --- /dev/null +++ b/.gitignore @@ -0,0 +1 @@ +SOURCES/libjpeg-turbo-1.2.90.tar.gz diff --git a/.libjpeg-turbo.metadata b/.libjpeg-turbo.metadata new file mode 100644 index 0000000..52fdca3 --- /dev/null +++ b/.libjpeg-turbo.metadata @@ -0,0 +1 @@ +62dde4af23a5e55200eafd5ca521105e291f1508 SOURCES/libjpeg-turbo-1.2.90.tar.gz diff --git a/SOURCES/libjpeg-turbo12-CVE-2013-6629.patch b/SOURCES/libjpeg-turbo12-CVE-2013-6629.patch new file mode 100644 index 0000000..4a880b0 --- /dev/null +++ b/SOURCES/libjpeg-turbo12-CVE-2013-6629.patch @@ -0,0 +1,17 @@ +diff --git a/jdmarker.c b/jdmarker.c +index 737a17c..381835b 100644 +--- a/jdmarker.c ++++ b/jdmarker.c +@@ -348,6 +348,12 @@ get_sos (j_decompress_ptr cinfo) + + TRACEMS3(cinfo, 1, JTRC_SOS_COMPONENT, cc, + compptr->dc_tbl_no, compptr->ac_tbl_no); ++ ++ /* This CSi (cc) should differ from the previous CSi */ ++ for (ci = 0; ci < i; ci++) { ++ if (cinfo->cur_comp_info[ci] == compptr) ++ ERREXIT1(cinfo, JERR_BAD_COMPONENT_ID, cc); ++ } + } + + /* Collect the additional scan parameters Ss, Se, Ah/Al. */ diff --git a/SOURCES/libjpeg-turbo12-CVE-2013-6630.patch b/SOURCES/libjpeg-turbo12-CVE-2013-6630.patch new file mode 100644 index 0000000..ca304a9 --- /dev/null +++ b/SOURCES/libjpeg-turbo12-CVE-2013-6630.patch @@ -0,0 +1,12 @@ +diff --git a/jdmarker.c b/jdmarker.c +index 77f7274..737a17c 100644 +--- a/jdmarker.c ++++ b/jdmarker.c +@@ -465,6 +465,7 @@ get_dht (j_decompress_ptr cinfo) + for (i = 0; i < count; i++) + INPUT_BYTE(cinfo, huffval[i], return FALSE); + ++ MEMZERO(&huffval[count], (256 - count) * SIZEOF(UINT8)); + length -= count; + + if (index & 0x10) { /* AC table definition */ diff --git a/SOURCES/libjpeg-turbo12-CVE-2016-3616_CVE-2018-11213_CVE-2018-11214.patch b/SOURCES/libjpeg-turbo12-CVE-2016-3616_CVE-2018-11213_CVE-2018-11214.patch new file mode 100644 index 0000000..9dbe592 --- /dev/null +++ b/SOURCES/libjpeg-turbo12-CVE-2016-3616_CVE-2018-11213_CVE-2018-11214.patch @@ -0,0 +1,111 @@ +From 779fbd23c0297aa571a7e0c99e48c58f7c766d56 Mon Sep 17 00:00:00 2001 +From: Frank Bossen +Date: Mon, 29 Dec 2014 19:42:20 +0100 +Subject: [PATCH 2/3] Check range of integer values in PPM text file + +Add checks to ensure values are within the specified range. + +Fixes mozilla/mozjpeg#141, closes #8 +--- + cderror.h | 1 + + rdppm.c | 24 ++++++++++++++++-------- + 2 files changed, 17 insertions(+), 8 deletions(-) + +diff --git a/cderror.h b/cderror.h +index e19c475..d69b501 100644 +--- a/cderror.h ++++ b/cderror.h +@@ -74,6 +74,7 @@ JMESSAGE(JWRN_GIF_NOMOREDATA, "Ran out of GIF bits") + #ifdef PPM_SUPPORTED + JMESSAGE(JERR_PPM_COLORSPACE, "PPM output must be grayscale or RGB") + JMESSAGE(JERR_PPM_NONNUMERIC, "Nonnumeric data in PPM file") ++JMESSAGE(JERR_PPM_TOOLARGE, "Integer value too large in PPM file") + JMESSAGE(JERR_PPM_NOT, "Not a PPM/PGM file") + JMESSAGE(JTRC_PGM, "%ux%u PGM image") + JMESSAGE(JTRC_PGM_TEXT, "%ux%u text PGM image") +diff --git a/rdppm.c b/rdppm.c +index a757022..5da1646 100644 +--- a/rdppm.c ++++ b/rdppm.c +@@ -76,6 +76,7 @@ typedef struct { + JSAMPROW pixrow; /* FAR pointer to same */ + size_t buffer_width; /* width of I/O buffer */ + JSAMPLE *rescale; /* => maxval-remapping array, or NULL */ ++ int maxval; + } ppm_source_struct; + + typedef ppm_source_struct * ppm_source_ptr; +@@ -99,7 +100,7 @@ pbm_getc (FILE * infile) + + + LOCAL(unsigned int) +-read_pbm_integer (j_compress_ptr cinfo, FILE * infile) ++read_pbm_integer (j_compress_ptr cinfo, FILE * infile, int maxval) + /* Read an unsigned decimal integer from the PPM file */ + /* Swallows one trailing character after the integer */ + /* Note that on a 16-bit-int machine, only values up to 64k can be read. */ +@@ -123,6 +124,10 @@ read_pbm_integer (j_compress_ptr cinfo, FILE * infile) + val *= 10; + val += ch - '0'; + } ++ ++ if (val > maxval) ++ ERREXIT(cinfo, JERR_PPM_TOOLARGE); ++ + return val; + } + +@@ -147,10 +152,11 @@ get_text_gray_row (j_compress_ptr cinfo, cjpeg_source_ptr sinfo) + register JSAMPROW ptr; + register JSAMPLE *rescale = source->rescale; + JDIMENSION col; ++ int maxval = source->maxval; + + ptr = source->pub.buffer[0]; + for (col = cinfo->image_width; col > 0; col--) { +- *ptr++ = rescale[read_pbm_integer(cinfo, infile)]; ++ *ptr++ = rescale[read_pbm_integer(cinfo, infile, maxval)]; + } + return 1; + } +@@ -165,12 +171,13 @@ get_text_rgb_row (j_compress_ptr cinfo, cjpeg_source_ptr sinfo) + register JSAMPROW ptr; + register JSAMPLE *rescale = source->rescale; + JDIMENSION col; ++ int maxval = source->maxval; + + ptr = source->pub.buffer[0]; + for (col = cinfo->image_width; col > 0; col--) { +- *ptr++ = rescale[read_pbm_integer(cinfo, infile)]; +- *ptr++ = rescale[read_pbm_integer(cinfo, infile)]; +- *ptr++ = rescale[read_pbm_integer(cinfo, infile)]; ++ *ptr++ = rescale[read_pbm_integer(cinfo, infile, maxval)]; ++ *ptr++ = rescale[read_pbm_integer(cinfo, infile, maxval)]; ++ *ptr++ = rescale[read_pbm_integer(cinfo, infile, maxval)]; + } + return 1; + } +@@ -319,9 +326,9 @@ start_input_ppm (j_compress_ptr cinfo, cjpeg_source_ptr sinfo) + } + + /* fetch the remaining header info */ +- w = read_pbm_integer(cinfo, source->pub.input_file); +- h = read_pbm_integer(cinfo, source->pub.input_file); +- maxval = read_pbm_integer(cinfo, source->pub.input_file); ++ w = read_pbm_integer(cinfo, source->pub.input_file, 65535); ++ h = read_pbm_integer(cinfo, source->pub.input_file, 65535); ++ maxval = read_pbm_integer(cinfo, source->pub.input_file, 65535); + + if (w <= 0 || h <= 0 || maxval <= 0) /* error check */ + ERREXIT(cinfo, JERR_PPM_NOT); +@@ -329,6 +336,7 @@ start_input_ppm (j_compress_ptr cinfo, cjpeg_source_ptr sinfo) + cinfo->data_precision = BITS_IN_JSAMPLE; /* we always rescale data to this */ + cinfo->image_width = (JDIMENSION) w; + cinfo->image_height = (JDIMENSION) h; ++ source->maxval = maxval; + + /* initialize flags to most common settings */ + need_iobuffer = TRUE; /* do we need an I/O buffer? */ +-- +2.17.2 + diff --git a/SOURCES/libjpeg-turbo12-CVE-2018-11212.patch b/SOURCES/libjpeg-turbo12-CVE-2018-11212.patch new file mode 100644 index 0000000..f22ad12 --- /dev/null +++ b/SOURCES/libjpeg-turbo12-CVE-2018-11212.patch @@ -0,0 +1,29 @@ +From 7dab681ec8e28c3174d00729b76f109e91e408f9 Mon Sep 17 00:00:00 2001 +From: Frank Bossen +Date: Mon, 29 Dec 2014 18:38:36 +0100 +Subject: [PATCH 1/3] Check image size when reading targa file + +Throw an error when image width or height is 0. + +Fixes mozilla/mozjpeg#140, closes #7. +--- + rdtarga.c | 3 ++- + 1 file changed, 2 insertions(+), 1 deletion(-) + +diff --git a/rdtarga.c b/rdtarga.c +index 4c2cd26..d305f1f 100644 +--- a/rdtarga.c ++++ b/rdtarga.c +@@ -363,7 +363,8 @@ start_input_tga (j_compress_ptr cinfo, cjpeg_source_ptr sinfo) + if (cmaptype > 1 || /* cmaptype must be 0 or 1 */ + source->pixel_size < 1 || source->pixel_size > 4 || + (UCH(targaheader[16]) & 7) != 0 || /* bits/pixel must be multiple of 8 */ +- interlace_type != 0) /* currently don't allow interlaced image */ ++ interlace_type != 0 || /* currently don't allow interlaced image */ ++ width == 0 || height == 0) /* image width/height must be non-zero */ + ERREXIT(cinfo, JERR_TGA_BADPARMS); + + if (subtype > 8) { +-- +2.17.2 + diff --git a/SOURCES/libjpeg-turbo12-CVE-2018-11813.patch b/SOURCES/libjpeg-turbo12-CVE-2018-11813.patch new file mode 100644 index 0000000..44d23a9 --- /dev/null +++ b/SOURCES/libjpeg-turbo12-CVE-2018-11813.patch @@ -0,0 +1,49 @@ +From fbdaee2d3ef393d67386c1a07a9b71f6b6ef3b25 Mon Sep 17 00:00:00 2001 +From: DRC +Date: Tue, 12 Jun 2018 16:08:26 -0500 +Subject: [PATCH 3/3] Fix CVE-2018-11813 + +Refer to change log for details. + +Fixes #242 +--- + rdtarga.c | 6 ++---- + 1 file changed, 2 insertions(+), 4 deletions(-) + +diff --git a/rdtarga.c b/rdtarga.c +index d305f1f..459e8b3 100644 +--- a/rdtarga.c ++++ b/rdtarga.c +@@ -123,11 +123,10 @@ METHODDEF(void) + read_non_rle_pixel (tga_source_ptr sinfo) + /* Read one Targa pixel from the input file; no RLE expansion */ + { +- register FILE *infile = sinfo->pub.input_file; + register int i; + + for (i = 0; i < sinfo->pixel_size; i++) { +- sinfo->tga_pixel[i] = (U_CHAR) getc(infile); ++ sinfo->tga_pixel[i] = (U_CHAR) read_byte(sinfo); + } + } + +@@ -136,7 +135,6 @@ METHODDEF(void) + read_rle_pixel (tga_source_ptr sinfo) + /* Read one Targa pixel from the input file, expanding RLE data as needed */ + { +- register FILE *infile = sinfo->pub.input_file; + register int i; + + /* Duplicate previously read pixel? */ +@@ -158,7 +156,7 @@ read_rle_pixel (tga_source_ptr sinfo) + + /* Read next pixel */ + for (i = 0; i < sinfo->pixel_size; i++) { +- sinfo->tga_pixel[i] = (U_CHAR) getc(infile); ++ sinfo->tga_pixel[i] = (U_CHAR) read_byte(sinfo); + } + } + +-- +2.17.2 + diff --git a/SOURCES/libjpeg-turbo12-CVE-2018-14498.patch b/SOURCES/libjpeg-turbo12-CVE-2018-14498.patch new file mode 100644 index 0000000..d2bdda3 --- /dev/null +++ b/SOURCES/libjpeg-turbo12-CVE-2018-14498.patch @@ -0,0 +1,121 @@ +From c51b66ebcace2adec0cfbe42d25cb418ed0c02a2 Mon Sep 17 00:00:00 2001 +From: DRC +Date: Fri, 20 Jul 2018 17:21:36 -0500 +Subject: [PATCH] cjpeg: Fix OOB read caused by malformed 8-bit BMP + +... in which one or more of the color indices is out of range for the +number of palette entries. + +Fix partly borrowed from jpeg-9c. This commit also adopts Guido's +JERR_PPM_OUTOFRANGE enum value in lieu of our project-specific +JERR_PPM_TOOLARGE enum value. + +Fixes #258 +--- + cderror.h | 5 +++-- + rdbmp.c | 7 ++++++- + rdppm.c | 4 ++-- + 3 files changed, 11 insertions(+), 5 deletions(-) + +diff --git a/cderror.h b/cderror.h +index d69b501..46b0f49 100644 +--- a/cderror.h ++++ b/cderror.h +@@ -2,7 +2,7 @@ + * cderror.h + * + * Copyright (C) 1994-1997, Thomas G. Lane. +- * Modified 2009 by Guido Vollbeding. ++ * Modified 2009-2017 by Guido Vollbeding. + * This file is part of the Independent JPEG Group's software. + * For conditions of distribution and use, see the accompanying README file. + * +@@ -48,6 +48,7 @@ JMESSAGE(JERR_BMP_COLORSPACE, "BMP output must be grayscale or RGB") + JMESSAGE(JERR_BMP_COMPRESSED, "Sorry, compressed BMPs not yet supported") + JMESSAGE(JERR_BMP_EMPTY, "Empty BMP image") + JMESSAGE(JERR_BMP_NOT, "Not a BMP file - does not start with BM") ++JMESSAGE(JERR_BMP_OUTOFRANGE, "Numeric value out of range in BMP file") + JMESSAGE(JTRC_BMP, "%ux%u 24-bit BMP image") + JMESSAGE(JTRC_BMP_MAPPED, "%ux%u 8-bit colormapped BMP image") + JMESSAGE(JTRC_BMP_OS2, "%ux%u 24-bit OS2 BMP image") +@@ -74,8 +75,8 @@ JMESSAGE(JWRN_GIF_NOMOREDATA, "Ran out of GIF bits") + #ifdef PPM_SUPPORTED + JMESSAGE(JERR_PPM_COLORSPACE, "PPM output must be grayscale or RGB") + JMESSAGE(JERR_PPM_NONNUMERIC, "Nonnumeric data in PPM file") +-JMESSAGE(JERR_PPM_TOOLARGE, "Integer value too large in PPM file") + JMESSAGE(JERR_PPM_NOT, "Not a PPM/PGM file") ++JMESSAGE(JERR_PPM_OUTOFRANGE, "Numeric value out of range in PPM file") + JMESSAGE(JTRC_PGM, "%ux%u PGM image") + JMESSAGE(JTRC_PGM_TEXT, "%ux%u text PGM image") + JMESSAGE(JTRC_PPM, "%ux%u PPM image") +diff --git a/rdbmp.c b/rdbmp.c +index c053074..7a27cab 100644 +--- a/rdbmp.c ++++ b/rdbmp.c +@@ -3,7 +3,7 @@ + * + * This file was part of the Independent JPEG Group's software: + * Copyright (C) 1994-1996, Thomas G. Lane. +- * Modified 2009-2010 by Guido Vollbeding. ++ * Modified 2009-2017 by Guido Vollbeding. + * Modifications: + * Modified 2011 by Siarhei Siamashka. + * For conditions of distribution and use, see the accompanying README file. +@@ -64,6 +64,7 @@ typedef struct _bmp_source_struct { + JDIMENSION row_width; /* Physical width of scanlines in file */ + + int bits_per_pixel; /* remembers 8- or 24-bit format */ ++ int cmap_length; /* colormap length */ + } bmp_source_struct; + + +@@ -124,6 +125,7 @@ get_8bit_row (j_compress_ptr cinfo, cjpeg_source_ptr sinfo) + { + bmp_source_ptr source = (bmp_source_ptr) sinfo; + register JSAMPARRAY colormap = source->colormap; ++ int cmaplen = source->cmap_length; + JSAMPARRAY image_ptr; + register int t; + register JSAMPROW inptr, outptr; +@@ -140,6 +142,8 @@ get_8bit_row (j_compress_ptr cinfo, cjpeg_source_ptr sinfo) + outptr = source->pub.buffer[0]; + for (col = cinfo->image_width; col > 0; col--) { + t = GETJSAMPLE(*inptr++); ++ if (t >= cmaplen) ++ ERREXIT(cinfo, JERR_BMP_OUTOFRANGE); + *outptr++ = colormap[0][t]; /* can omit GETJSAMPLE() safely */ + *outptr++ = colormap[1][t]; + *outptr++ = colormap[2][t]; +@@ -399,6 +403,7 @@ start_input_bmp (j_compress_ptr cinfo, cjpeg_source_ptr sinfo) + source->colormap = (*cinfo->mem->alloc_sarray) + ((j_common_ptr) cinfo, JPOOL_IMAGE, + (JDIMENSION) biClrUsed, (JDIMENSION) 3); ++ source->cmap_length = (int)biClrUsed; + /* and read it from the file */ + read_colormap(source, (int) biClrUsed, mapentrysize); + /* account for size of colormap */ +diff --git a/rdppm.c b/rdppm.c +index 5da1646..59da2bb 100644 +--- a/rdppm.c ++++ b/rdppm.c +@@ -76,7 +76,7 @@ typedef struct { + JSAMPROW pixrow; /* FAR pointer to same */ + size_t buffer_width; /* width of I/O buffer */ + JSAMPLE *rescale; /* => maxval-remapping array, or NULL */ +- int maxval; ++ unsigned int maxval; + } ppm_source_struct; + + typedef ppm_source_struct * ppm_source_ptr; +@@ -126,7 +126,7 @@ read_pbm_integer (j_compress_ptr cinfo, FILE * infile, int maxval) + } + + if (val > maxval) +- ERREXIT(cinfo, JERR_PPM_TOOLARGE); ++ ERREXIT(cinfo, JERR_PPM_OUTOFRANGE); + + return val; + } +-- +2.17.2 + diff --git a/SOURCES/libjpeg-turbo12-noinst.patch b/SOURCES/libjpeg-turbo12-noinst.patch new file mode 100644 index 0000000..210f2a3 --- /dev/null +++ b/SOURCES/libjpeg-turbo12-noinst.patch @@ -0,0 +1,29 @@ +diff -up libjpeg-turbo-1.2.90-20130204svn922/Makefile.am.noinst libjpeg-turbo-1.2.90-20130204svn922/Makefile.am +--- libjpeg-turbo-1.2.90-20130204svn922/Makefile.am.noinst 2013-01-19 02:06:46.000000000 +0100 ++++ libjpeg-turbo-1.2.90-20130204svn922/Makefile.am 2013-02-04 15:55:18.824110574 +0100 +@@ -89,9 +89,7 @@ noinst_PROGRAMS = jcstest + + if WITH_TURBOJPEG + +-bin_PROGRAMS += tjbench +- +-noinst_PROGRAMS += tjunittest ++noinst_PROGRAMS += tjbench tjunittest + + tjbench_SOURCES = tjbench.c bmp.h bmp.c tjutil.h tjutil.c rdbmp.c rdppm.c \ + wrbmp.c wrppm.c +@@ -144,14 +142,6 @@ dist_man1_MANS = cjpeg.1 djpeg.1 jpegtra + DOCS= coderules.txt jconfig.txt change.log rdrle.c wrrle.c BUILDING.txt \ + ChangeLog.txt + +-docdir = $(datadir)/doc +-dist_doc_DATA = README README-turbo.txt libjpeg.txt structure.txt usage.txt \ +- wizard.txt +- +-exampledir = $(datadir)/doc +-dist_example_DATA = example.c +- +- + EXTRA_DIST = win release $(DOCS) testimages md5cmp CMakeLists.txt \ + sharedlib/CMakeLists.txt cmakescripts libjpeg.map.in doc doxygen.config \ + jccolext.c jdcolext.c jdmrgext.c diff --git a/SOURCES/libjpeg-turbo12-pkgconfig.patch b/SOURCES/libjpeg-turbo12-pkgconfig.patch new file mode 100644 index 0000000..2cdb60f --- /dev/null +++ b/SOURCES/libjpeg-turbo12-pkgconfig.patch @@ -0,0 +1,67 @@ +diff --git a/Makefile.am b/Makefile.am +index 728e30f..8717d3c 100644 +--- a/Makefile.am ++++ b/Makefile.am +@@ -10,6 +10,8 @@ endif + + nodist_include_HEADERS = jconfig.h + ++pkgconfigdir = $(libdir)/pkgconfig ++pkgconfig_DATA = pkgscripts/libjpeg.pc pkgscripts/libturbojpeg.pc + + HDRS = jchuff.h jdct.h jdhuff.h jerror.h jinclude.h jmemsys.h jmorecfg.h \ + jpegint.h jpeglib.h jversion.h jsimd.h jsimddct.h jpegcomp.h +diff --git a/configure.ac b/configure.ac +index 8e75dce..534558c 100644 +--- a/configure.ac ++++ b/configure.ac +@@ -21,6 +21,8 @@ AC_PROG_INSTALL + AC_PROG_LIBTOOL + AC_PROG_LN_S + ++PKG_PROG_PKG_CONFIG ++ + # Check whether compiler supports pointers to undefined structures + AC_MSG_CHECKING(whether compiler supports pointers to undefined structures) + AC_TRY_COMPILE([ typedef struct undefined_structure * undef_struct_ptr; ], , +@@ -411,6 +413,8 @@ AC_CONFIG_FILES([pkgscripts/makemacpkg:release/makemacpkg.in]) + AC_CONFIG_FILES([pkgscripts/Description.plist:release/Description.plist.in]) + AC_CONFIG_FILES([pkgscripts/Info.plist:release/Info.plist.in]) + AC_CONFIG_FILES([pkgscripts/uninstall:release/uninstall.in]) ++AC_CONFIG_FILES([pkgscripts/libjpeg.pc:release/libjpeg.pc.in]) ++AC_CONFIG_FILES([pkgscripts/libturbojpeg.pc:release/libturbojpeg.pc.in]) + if test "x$with_turbojpeg" != "xno"; then + AC_CONFIG_FILES([tjbenchtest]) + fi +diff --git a/release/libjpeg.pc.in b/release/libjpeg.pc.in +new file mode 100644 +index 0000000..40795f7 +--- /dev/null ++++ b/release/libjpeg.pc.in +@@ -0,0 +1,10 @@ ++prefix=@prefix@ ++exec_prefix=@exec_prefix@ ++libdir=@libdir@ ++includedir=@includedir@ ++ ++Name: libjpeg ++Description: A SIMD-accelerated JPEG codec that provides the libjpeg API ++Version: @PACKAGE_VERSION@ ++Libs: -L${libdir} -ljpeg ++Cflags: -I${includedir} +diff --git a/release/libturbojpeg.pc.in b/release/libturbojpeg.pc.in +new file mode 100644 +index 0000000..7d4b656 +--- /dev/null ++++ b/release/libturbojpeg.pc.in +@@ -0,0 +1,10 @@ ++prefix=@prefix@ ++exec_prefix=@exec_prefix@ ++libdir=@libdir@ ++includedir=@includedir@ ++ ++Name: libturbojpeg ++Description: A SIMD-accelerated JPEG codec that provides the TurboJPEG API ++Version: @PACKAGE_VERSION@ ++Libs: -L${libdir} -lturbojpeg ++Cflags: -I${includedir} diff --git a/SPECS/libjpeg-turbo.spec b/SPECS/libjpeg-turbo.spec new file mode 100644 index 0000000..92ccfe8 --- /dev/null +++ b/SPECS/libjpeg-turbo.spec @@ -0,0 +1,326 @@ +Name: libjpeg-turbo +Version: 1.2.90 +Release: 8%{?dist} +Summary: A MMX/SSE2 accelerated library for manipulating JPEG image files + +Group: System Environment/Libraries +License: IJG +URL: http://sourceforge.net/projects/libjpeg-turbo +Source0: http://downloads.sourceforge.net/%{name}/%{name}-%{version}.tar.gz +BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n) + +BuildRequires: autoconf, automake, libtool +%ifarch %{ix86} x86_64 +BuildRequires: nasm +%endif + +# moved this from -utils, in an attempt to get it to better override +# libjpeg in rawhide -- Rex +Obsoletes: libjpeg < 6b-47 +# add provides (even if it not needed) to workaround bad packages, like +# java-1.6.0-openjdk (#rh607554) -- atkac +Provides: libjpeg = 6b-47%{?dist} +%if "%{?_isa}" != "" +Provides: libjpeg%{_isa} = 6b-47%{?dist} +%endif + +Patch0: libjpeg-turbo12-noinst.patch +Patch1: libjpeg-turbo12-CVE-2013-6630.patch +Patch2: libjpeg-turbo12-CVE-2013-6629.patch +Patch3: libjpeg-turbo12-pkgconfig.patch +Patch4: libjpeg-turbo12-CVE-2018-11212.patch +Patch5: libjpeg-turbo12-CVE-2016-3616_CVE-2018-11213_CVE-2018-11214.patch +Patch6: libjpeg-turbo12-CVE-2018-11813.patch +Patch7: libjpeg-turbo12-CVE-2018-14498.patch + +%description +The libjpeg-turbo package contains a library of functions for manipulating +JPEG images. + +%package devel +Summary: Headers for the libjpeg-turbo library +Group: Development/Libraries +Obsoletes: libjpeg-devel < 6b-47 +Provides: libjpeg-devel = 6b-47%{?dist} +%if "%{?_isa}" != "" +Provides: libjpeg-devel%{_isa} = 6b-47%{?dist} +%endif +Requires: libjpeg-turbo%{?_isa} = %{version}-%{release} + +%description devel +This package contains header files necessary for developing programs which +will manipulate JPEG files using the libjpeg-turbo library. + +%package utils +Summary: Utilities for manipulating JPEG images +Group: Applications/Multimedia +Requires: libjpeg-turbo%{?_isa} = %{version}-%{release} + +%description utils +The libjpeg-turbo-utils package contains simple client programs for +accessing the libjpeg functions. It contains cjpeg, djpeg, jpegtran, +rdjpgcom and wrjpgcom. Cjpeg compresses an image file into JPEG format. +Djpeg decompresses a JPEG file into a regular image file. Jpegtran +can perform various useful transformations on JPEG files. Rdjpgcom +displays any text comments included in a JPEG file. Wrjpgcom inserts +text comments into a JPEG file. + +%package static +Summary: Static version of the libjpeg-turbo library +Group: Development/Libraries +Obsoletes: libjpeg-static < 6b-47 +Provides: libjpeg-static = 6b-47%{?dist} +%if "%{?_isa}" != "" +Provides: libjpeg-static%{_isa} = 6b-47%{?dist} +%endif +Requires: libjpeg-turbo-devel%{?_isa} = %{version}-%{release} + +%description static +The libjpeg-turbo-static package contains static library for manipulating +JPEG images. + +%package -n turbojpeg +Summary: TurboJPEG library +Group: System Environment/Libraries + +%description -n turbojpeg +The turbojpeg package contains the TurboJPEG shared library. + +%package -n turbojpeg-devel +Summary: Headers for the TurboJPEG library +Group: Development/Libraries +Requires: turbojpeg%{?_isa} = %{version}-%{release} + +%description -n turbojpeg-devel +This package contains header files necessary for developing programs which +will manipulate JPEG files using the TurboJPEG library. + +%prep +%setup -q + +%patch0 -p1 -b .noinst +%patch1 -p1 -b .CVE-2013-6630 +%patch2 -p1 -b .CVE-2013-6629 +%patch3 -p1 -b .pkgconfig +%patch4 -p1 -b .CVE-2018-11212 +%patch5 -p1 -b .CVE-2016-3616_CVE-2018-11213_CVE-2018-11214 +%patch6 -p1 -b .CVE-2018-11813 +%patch7 -p1 -b .CVE-2018-14498 + +%build +autoreconf -fiv + +%configure + +make %{?_smp_mflags} + +%install +rm -rf $RPM_BUILD_ROOT +make install DESTDIR=$RPM_BUILD_ROOT + +# Fix perms +chmod -x README-turbo.txt + +# Remove unwanted files +rm -f $RPM_BUILD_ROOT/%{_libdir}/lib{,turbo}jpeg.la + +# Don't distribute libjpegturbo.a +rm -f $RPM_BUILD_ROOT/%{_libdir}/libturbojpeg.a + +%clean +rm -rf $RPM_BUILD_ROOT + +%check +make test + +%post -p /sbin/ldconfig +%postun -p /sbin/ldconfig + +%post -n turbojpeg -p /sbin/ldconfig +%postun -n turbojpeg -p /sbin/ldconfig + +%files +%defattr(-,root,root,-) +%doc README README-turbo.txt change.log ChangeLog.txt +%{_libdir}/libjpeg.so.62* + +%files devel +%defattr(-,root,root,-) +%doc coderules.txt jconfig.txt libjpeg.txt structure.txt example.c +%{_includedir}/jconfig.h +%{_includedir}/jerror.h +%{_includedir}/jmorecfg.h +%{_includedir}/jpeglib.h +%{_libdir}/libjpeg.so +%{_libdir}/pkgconfig/libjpeg.pc + +%files utils +%defattr(-,root,root,-) +%doc usage.txt wizard.txt +%{_bindir}/cjpeg +%{_bindir}/djpeg +%{_bindir}/jpegtran +%{_bindir}/rdjpgcom +%{_bindir}/wrjpgcom +%{_mandir}/man1/cjpeg.1* +%{_mandir}/man1/djpeg.1* +%{_mandir}/man1/jpegtran.1* +%{_mandir}/man1/rdjpgcom.1* +%{_mandir}/man1/wrjpgcom.1* + +%files static +%defattr(-,root,root,-) +%{_libdir}/libjpeg.a + +%files -n turbojpeg +%{_libdir}/libturbojpeg.so.0* + +%files -n turbojpeg-devel +%{_includedir}/turbojpeg.h +%{_libdir}/libturbojpeg.so +%{_libdir}/pkgconfig/libturbojpeg.pc + +%changelog +* Wed Mar 20 2019 Nikola Forró - 1.2.90-8 +- Fix CVE-2018-14498 (#1687475) + +* Thu Dec 06 2018 Nikola Forró - 1.2.90-7 +- Fix CVE-2018-11212 (#1586062) +- Fix CVE-2016-3616 (#1318509), CVE-2018-11213 (#1589091) + and CVE-2018-11214 (#1589110) +- Fix CVE-2018-11813 (#1591203) + +* Thu May 24 2018 Nikola Forró - 1.2.90-6 +- Add pkgconfig scripts (#1581687) + +* Fri Jan 24 2014 Daniel Mach - 1.2.90-5 +- Mass rebuild 2014-01-24 + +* Fri Dec 27 2013 Daniel Mach - 1.2.90-4 +- Mass rebuild 2013-12-27 + +* Tue Nov 26 2013 Petr Hracek - 1.2.90-3 +- Resolves: #1031739 app patches CVE-2013-6629 and CVE-2013-6630 + +* Tue Mar 26 2013 Adam Tkac - 1.2.90-2 +- rebuild for ARM64 support + +* Fri Feb 08 2013 Adam Tkac 1.2.90-1 +- update to 1.2.90 + +* Mon Feb 04 2013 Adam Tkac 1.2.90-0.1.20130204svn922 +- update to 1.2.80 snapshot (#854695) +- run `make test` during build + +* Fri Jan 18 2013 Adam Tkac 1.2.1-6 +- build with jpeg6 API/ABI (jpeg8-ABI feature was dropped) + +* Tue Dec 04 2012 Adam Tkac 1.2.1-5 +- change license to IJG (#877517) + +* Wed Oct 24 2012 Adam Tkac 1.2.1-4 +- build with jpeg8 API/ABI (#854695) + +* Thu Oct 18 2012 Adam Tkac 1.2.1-3 +- minor provides tuning (#863231) + +* Thu Jul 19 2012 Fedora Release Engineering - 1.2.1-2 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_18_Mass_Rebuild + +* Mon Jul 16 2012 Adam Tkac 1.2.1-1 +- update to 1.2.1 + +* Thu Mar 08 2012 Adam Tkac 1.2.0-1 +- update to 1.2.0 + +* Fri Jan 13 2012 Fedora Release Engineering - 1.1.1-4 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_17_Mass_Rebuild + +* Mon Nov 21 2011 Orion Poplawski 1.1.1-3 +- Make turobojpeg-devel depend on turbojpeg + +* Fri Oct 7 2011 Orion Poplawski 1.1.1-2 +- Ship the turbojpeg library (#744258) + +* Mon Jul 11 2011 Adam Tkac 1.1.1-1 +- update to 1.1.1 + - ljt11-rh688712.patch merged + +* Tue Mar 22 2011 Adam Tkac 1.1.0-2 +- handle broken JPEGs better (#688712) + +* Tue Mar 01 2011 Adam Tkac 1.1.0-1 +- update to 1.1.0 + +* Tue Feb 08 2011 Fedora Release Engineering - 1.0.90-2 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_15_Mass_Rebuild + +* Mon Jan 17 2011 Adam Tkac 1.0.90-1 +- update to 1.0.90 +- libjpeg-turbo10-rh639672.patch merged + +* Fri Oct 29 2010 Adam Tkac 1.0.1-3 +- add support for arithmetic coded files into decoder (#639672) + +* Wed Sep 29 2010 jkeating - 1.0.1-2 +- Rebuilt for gcc bug 634757 + +* Mon Sep 13 2010 Adam Tkac 1.0.1-1 +- update to 1.0.1 + - libjpeg-turbo10-rh617469.patch merged +- add -static subpkg (#632859) + +* Wed Aug 04 2010 Adam Tkac 1.0.0-3 +- fix huffman decoder to handle broken JPEGs well (#617469) + +* Fri Jul 02 2010 Adam Tkac 1.0.0-2 +- add libjpeg-devel%%{_isa} provides to -devel subpkg to satisfy imlib-devel + deps + +* Fri Jul 02 2010 Adam Tkac 1.0.0-1 +- update to 1.0.0 +- patches merged + - libjpeg-turbo-programs.patch + - libjpeg-turbo-nosimd.patch +- add libjpeg provides to the main package to workaround problems with broken + java-1.6.0-openjdk package + +* Fri Jul 02 2010 Adam Tkac 0.0.93-13 +- remove libjpeg provides from -utils subpkg + +* Wed Jun 30 2010 Rex Dieter 0.0.93-12 +- move Obsoletes: libjpeg to main pkg + +* Wed Jun 30 2010 Rex Dieter 0.0.93-11 +- -utils: Requires: %%name ... + +* Wed Jun 30 2010 Adam Tkac 0.0.93-10 +- add Provides = libjpeg to -utils subpackage + +* Mon Jun 28 2010 Adam Tkac 0.0.93-9 +- merge review related fixes (#600243) + +* Wed Jun 16 2010 Adam Tkac 0.0.93-8 +- merge review related fixes (#600243) + +* Mon Jun 14 2010 Adam Tkac 0.0.93-7 +- obsolete -static libjpeg subpackage (#600243) + +* Mon Jun 14 2010 Adam Tkac 0.0.93-6 +- improve package description a little (#600243) +- include example.c as %%doc in the -devel subpackage + +* Fri Jun 11 2010 Adam Tkac 0.0.93-5 +- don't use "fc12" disttag in obsoletes/provides (#600243) + +* Thu Jun 10 2010 Adam Tkac 0.0.93-4 +- fix compilation on platforms without MMX/SSE (#600243) + +* Thu Jun 10 2010 Adam Tkac 0.0.93-3 +- package review related fixes (#600243) + +* Wed Jun 09 2010 Adam Tkac 0.0.93-2 +- package review related fixes (#600243) + +* Fri Jun 04 2010 Adam Tkac 0.0.93-1 +- initial package