diff --git a/libjpeg-turbo-CVE-2021-20205.patch b/libjpeg-turbo-CVE-2021-20205.patch deleted file mode 100644 index 19a06e2..0000000 --- a/libjpeg-turbo-CVE-2021-20205.patch +++ /dev/null @@ -1,73 +0,0 @@ -From 6bb9d7ea3fdc22a8a03b989e430d0f4953e59f03 Mon Sep 17 00:00:00 2001 -From: DRC -Date: Thu, 14 Jan 2021 18:35:15 -0600 -Subject: [PATCH] cjpeg: Fix FPE when compressing 0-width GIF - ---- - cderror.h | 5 ++++- - rdgif.c | 8 +++++++- - 2 files changed, 11 insertions(+), 2 deletions(-) - -diff --git a/cderror.h b/cderror.h -index a386b69..2844346 100644 ---- a/cderror.h -+++ b/cderror.h -@@ -1,9 +1,11 @@ - /* - * cderror.h - * -+ * This file was part of the Independent JPEG Group's software: - * Copyright (C) 1994-1997, Thomas G. Lane. - * Modified 2009-2017 by Guido Vollbeding. -- * This file is part of the Independent JPEG Group's software. -+ * libjpeg-turbo Modifications: -+ * Copyright (C) 2021, D. R. Commander. - * For conditions of distribution and use, see the accompanying README.ijg - * file. - * -@@ -60,6 +62,7 @@ JMESSAGE(JTRC_BMP_OS2_MAPPED, "%ux%u 8-bit colormapped OS2 BMP image") - JMESSAGE(JERR_GIF_BUG, "GIF output got confused") - JMESSAGE(JERR_GIF_CODESIZE, "Bogus GIF codesize %d") - JMESSAGE(JERR_GIF_COLORSPACE, "GIF output must be grayscale or RGB") -+JMESSAGE(JERR_GIF_EMPTY, "Empty GIF image") - JMESSAGE(JERR_GIF_IMAGENOTFOUND, "Too few images in GIF file") - JMESSAGE(JERR_GIF_NOT, "Not a GIF file") - JMESSAGE(JTRC_GIF, "%ux%ux%d GIF image") -diff --git a/rdgif.c b/rdgif.c -index e1ea56c..8a379fe 100644 ---- a/rdgif.c -+++ b/rdgif.c -@@ -1,9 +1,11 @@ - /* - * rdgif.c - * -+ * This file was part of the Independent JPEG Group's software: - * Copyright (C) 1991-1997, Thomas G. Lane. - * Modified 2019 by Guido Vollbeding. -- * This file is part of the Independent JPEG Group's software. -+ * libjpeg-turbo Modifications: -+ * Copyright (C) 2021, D. R. Commander. - * For conditions of distribution and use, see the accompanying README.ijg - * file. - * -@@ -404,6 +406,8 @@ start_input_gif(j_compress_ptr cinfo, cjpeg_source_ptr sinfo) - ERREXIT(cinfo, JERR_INPUT_EOF); - width = LM_to_uint(hdrbuf, 0); - height = LM_to_uint(hdrbuf, 2); -+ if (width == 0 || height == 0) -+ ERREXIT(cinfo, JERR_GIF_EMPTY); - /* we ignore the color resolution, sort flag, and background color index */ - aspectRatio = UCH(hdrbuf[6]); - if (aspectRatio != 0 && aspectRatio != 49) -@@ -446,6 +450,8 @@ start_input_gif(j_compress_ptr cinfo, cjpeg_source_ptr sinfo) - /* we ignore top/left position info, also sort flag */ - width = LM_to_uint(hdrbuf, 4); - height = LM_to_uint(hdrbuf, 6); -+ if (width == 0 || height == 0) -+ ERREXIT(cinfo, JERR_GIF_EMPTY); - source->is_interlaced = (BitSet(hdrbuf[8], INTERLACE) != 0); - - /* Read local colormap if header indicates it is present */ --- -2.26.3 - diff --git a/libjpeg-turbo-cmake.patch b/libjpeg-turbo-cmake.patch index 18fa660..822cd55 100644 --- a/libjpeg-turbo-cmake.patch +++ b/libjpeg-turbo-cmake.patch @@ -1,8 +1,8 @@ diff --git a/CMakeLists.txt b/CMakeLists.txt -index 73ebb10..a52a45e 100644 +index 10a198f..b77a0d0 100644 --- a/CMakeLists.txt +++ b/CMakeLists.txt -@@ -1410,8 +1410,6 @@ if(WITH_TURBOJPEG) +@@ -1434,8 +1434,6 @@ if(WITH_TURBOJPEG) ARCHIVE DESTINATION ${CMAKE_INSTALL_LIBDIR} LIBRARY DESTINATION ${CMAKE_INSTALL_LIBDIR} RUNTIME DESTINATION ${CMAKE_INSTALL_BINDIR}) @@ -11,7 +11,7 @@ index 73ebb10..a52a45e 100644 if(NOT CMAKE_VERSION VERSION_LESS "3.1" AND MSVC AND CMAKE_C_LINKER_SUPPORTS_PDB) install(FILES "$" -@@ -1422,15 +1420,6 @@ if(WITH_TURBOJPEG) +@@ -1446,15 +1444,6 @@ if(WITH_TURBOJPEG) install(TARGETS turbojpeg-static EXPORT ${CMAKE_PROJECT_NAME}Targets INCLUDES DESTINATION ${CMAKE_INSTALL_INCLUDEDIR} ARCHIVE DESTINATION ${CMAKE_INSTALL_LIBDIR}) @@ -27,7 +27,7 @@ index 73ebb10..a52a45e 100644 endif() install(FILES ${CMAKE_CURRENT_SOURCE_DIR}/turbojpeg.h DESTINATION ${CMAKE_INSTALL_INCLUDEDIR}) -@@ -1457,18 +1446,6 @@ endif() +@@ -1481,18 +1470,6 @@ endif() install(TARGETS rdjpgcom wrjpgcom RUNTIME DESTINATION ${CMAKE_INSTALL_BINDIR}) @@ -46,7 +46,7 @@ index 73ebb10..a52a45e 100644 if(UNIX OR MINGW) install(FILES ${CMAKE_CURRENT_SOURCE_DIR}/cjpeg.1 ${CMAKE_CURRENT_SOURCE_DIR}/djpeg.1 ${CMAKE_CURRENT_SOURCE_DIR}/jpegtran.1 -@@ -1489,7 +1466,7 @@ install(EXPORT ${CMAKE_PROJECT_NAME}Targets +@@ -1513,7 +1490,7 @@ install(EXPORT ${CMAKE_PROJECT_NAME}Targets install(FILES ${CMAKE_CURRENT_BINARY_DIR}/jconfig.h ${CMAKE_CURRENT_SOURCE_DIR}/jerror.h ${CMAKE_CURRENT_SOURCE_DIR}/jmorecfg.h diff --git a/libjpeg-turbo.spec b/libjpeg-turbo.spec index 78b7a14..3fa1edc 100644 --- a/libjpeg-turbo.spec +++ b/libjpeg-turbo.spec @@ -1,6 +1,6 @@ Name: libjpeg-turbo -Version: 2.0.90 -Release: 2%{?dist} +Version: 2.1.0 +Release: 1%{?dist} Summary: A MMX/SSE2/SIMD accelerated library for manipulating JPEG image files License: IJG URL: http://sourceforge.net/projects/libjpeg-turbo @@ -8,7 +8,6 @@ URL: http://sourceforge.net/projects/libjpeg-turbo Source0: http://downloads.sourceforge.net/%{name}/%{name}-%{version}.tar.gz Patch0: libjpeg-turbo-cmake.patch Patch1: libjpeg-turbo-CET.patch -Patch3: libjpeg-turbo-CVE-2021-20205.patch BuildRequires: gcc BuildRequires: cmake @@ -180,6 +179,9 @@ export LD_LIBRARY_PATH=%{buildroot}%{_libdir} %{_libdir}/pkgconfig/libturbojpeg.pc %changelog +* Mon Apr 26 2021 Nikola Forró - 2.1.0-1 +- New upstream release 2.1.0 (#1953074) + * Thu Mar 25 2021 Nikola Forró - 2.0.90-2 - Fix CVE-2021-20205 (#1937387) diff --git a/sources b/sources index 2d86f33..786548a 100644 --- a/sources +++ b/sources @@ -1 +1 @@ -SHA512 (libjpeg-turbo-2.0.90.tar.gz) = e00cab142c81e90d0eaf891d44ce3dccfdfe7d61e4efe8e81c5983dc6444ca1775f555316cce17b6551afc4b9e285202f53f6d0a8561433840fda311f630bc6d +SHA512 (libjpeg-turbo-2.1.0.tar.gz) = 6632a2a71cb3a350fe4f850fe84e51e361755c373babf2b47fb164c3a9fc3fd66705639bebedd8c1b40cf6c15fd702e814425b0be5919048987bbec357828605