CVS commit: pkgsrc/graphics/libjpeg-turbo

To: pkgsrc-changes%NetBSD.org@localhost
Subject: CVS commit: pkgsrc/graphics/libjpeg-turbo
From: "Adam Ciarcinski" <adam%netbsd.org@localhost>
Date: Wed, 5 Jul 2023 15:37:35 +0000

Module Name:    pkgsrc
Committed By:   adam
Date:           Wed Jul  5 15:37:35 UTC 2023

Modified Files:
        pkgsrc/graphics/libjpeg-turbo: Makefile PLIST distinfo

Log Message:
libjpeg-turbo: updated to 3.0.0

3.0.0
Significant changes relative to 3.0 beta2:

The TurboJPEG API now supports 4:4:1 (transposed 4:1:1) chrominance subsampling, which allows losslessly transposed or rotated 4:1:1 JPEG images to be losslessly cropped, partially decompressed, or 
decompressed to planar YUV images.

Fixed various segfaults and buffer overruns (CVE-2023-2804) that occurred when attempting to decompress various specially-crafted malformed 12-bit-per-component and 16-bit-per-component lossless JPEG 
images using color quantization or merged chroma upsampling/color conversion. The underlying cause of these issues was that the color quantization and merged chroma upsampling/color conversion 
algorithms were not designed with lossless decompression in mind. Since libjpeg-turbo explicitly does not support color conversion when compressing or decompressing lossless JPEG images, merged 
chroma upsampling/color conversion never should have been enabled for such images. Color quantization is a legacy feature that serves little or no purpose with lossless JPEG images, so it is also now 
disabled when decompressing such images. (As a result, djpeg can no longer decompress a lossless JPEG image into a GIF image.)

Fixed an oversight in 1.4 beta1[8] that caused various segfaults and buffer overruns when attempting to decompress various specially-crafted malformed 12-bit-per-component JPEG images using djpeg 
with both color quantization and RGB565 color conversion enabled.

Fixed an issue whereby jpeg_crop_scanline() sometimes miscalculated the downsampled width for components with 4x2 or 2x4 subsampling factors if decompression scaling was enabled. This caused the 
components to be upsampled incompletely, which caused the color converter to read from uninitialized memory. With 12-bit data precision, this caused a buffer overrun or underrun and subsequent 
segfault if the sample value read from uninitialized memory was outside of the valid sample range.

Fixed a long-standing issue whereby the tj3Transform() function, when used with the TJXOP_TRANSPOSE, TJXOP_TRANSVERSE, TJXOP_ROT90, or TJXOP_ROT270 transform operation and without automatic JPEG 
destination buffer (re)allocation or lossless cropping, computed the worst-case transformed JPEG image size based on the source image dimensions rather than the transformed image dimensions. If a 
calling program allocated the JPEG destination buffer based on the transformed image dimensions, as the API documentation instructs, and attempted to transform a specially-crafted 4:2:2, 4:4:0, 
4:1:1, or 4:4:1 JPEG source image containing a large amount of metadata, the issue caused tj3Transform() to overflow the JPEG destination buffer rather than fail gracefully. The issue could be worked 
around by setting TJXOPT_COPYNONE. Note that, irrespective of this issue, tj3Transform() cannot reliably transform JPEG source images that contain a large amount of metadata unless automatic JPEG 
destinati
on buffer (re)allocation is used or TJXOPT_COPYNONE is set.

Fixed a regression introduced by 3.0 beta2[6] that prevented the djpeg -map option from working when decompressing 12-bit-per-component lossy JPEG images.

Fixed an issue that caused the C Huffman encoder (which is not used by default on x86 and Arm CPUs) to read from uninitialized memory when attempting to transform a specially-crafted malformed 
arithmetic-coded JPEG source image into a baseline Huffman-coded JPEG destination image.


To generate a diff of this commit:
cvs rdiff -u -r1.31 -r1.32 pkgsrc/graphics/libjpeg-turbo/Makefile
cvs rdiff -u -r1.7 -r1.8 pkgsrc/graphics/libjpeg-turbo/PLIST
cvs rdiff -u -r1.25 -r1.26 pkgsrc/graphics/libjpeg-turbo/distinfo

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.

Modified files:

Index: pkgsrc/graphics/libjpeg-turbo/Makefile
diff -u pkgsrc/graphics/libjpeg-turbo/Makefile:1.31 pkgsrc/graphics/libjpeg-turbo/Makefile:1.32
--- pkgsrc/graphics/libjpeg-turbo/Makefile:1.31 Tue Jun  6 12:41:34 2023
+++ pkgsrc/graphics/libjpeg-turbo/Makefile      Wed Jul  5 15:37:35 2023
@@ -1,6 +1,6 @@
-# $NetBSD: Makefile,v 1.31 2023/06/06 12:41:34 riastradh Exp $
+# $NetBSD: Makefile,v 1.32 2023/07/05 15:37:35 adam Exp $
 
-DISTNAME=      libjpeg-turbo-2.1.5.1
+DISTNAME=      libjpeg-turbo-3.0.0
 CATEGORIES=    graphics
 MASTER_SITES=  ${MASTER_SITE_SOURCEFORGE:=libjpeg-turbo/}
 

Index: pkgsrc/graphics/libjpeg-turbo/PLIST
diff -u pkgsrc/graphics/libjpeg-turbo/PLIST:1.7 pkgsrc/graphics/libjpeg-turbo/PLIST:1.8
--- pkgsrc/graphics/libjpeg-turbo/PLIST:1.7     Mon Apr 26 08:18:48 2021
+++ pkgsrc/graphics/libjpeg-turbo/PLIST Wed Jul  5 15:37:35 2023
@@ -1,4 +1,4 @@
-@comment $NetBSD: PLIST,v 1.7 2021/04/26 08:18:48 adam Exp $
+@comment $NetBSD: PLIST,v 1.8 2023/07/05 15:37:35 adam Exp $
 bin/cjpeg
 bin/djpeg
 bin/jpegtran
@@ -17,11 +17,11 @@ lib/cmake/libjpeg-turbo/libjpeg-turboTar
 lib/libjpeg.a
 lib/libjpeg.so
 lib/libjpeg.so.8
-lib/libjpeg.so.8.2.2
+lib/libjpeg.so.8.3.2
 lib/libturbojpeg.a
 lib/libturbojpeg.so
 lib/libturbojpeg.so.0
-lib/libturbojpeg.so.0.2.0
+lib/libturbojpeg.so.0.3.0
 lib/pkgconfig/libjpeg.pc
 lib/pkgconfig/libturbojpeg.pc
 man/man1/cjpeg.1
@@ -32,7 +32,7 @@ man/man1/wrjpgcom.1
 share/doc/libjpeg-turbo/LICENSE.md
 share/doc/libjpeg-turbo/README.ijg
 share/doc/libjpeg-turbo/README.md
-share/doc/libjpeg-turbo/example.txt
+share/doc/libjpeg-turbo/example.c
 share/doc/libjpeg-turbo/libjpeg.txt
 share/doc/libjpeg-turbo/structure.txt
 share/doc/libjpeg-turbo/tjexample.c

Index: pkgsrc/graphics/libjpeg-turbo/distinfo
diff -u pkgsrc/graphics/libjpeg-turbo/distinfo:1.25 pkgsrc/graphics/libjpeg-turbo/distinfo:1.26
--- pkgsrc/graphics/libjpeg-turbo/distinfo:1.25 Thu Feb  9 09:57:01 2023
+++ pkgsrc/graphics/libjpeg-turbo/distinfo      Wed Jul  5 15:37:35 2023
@@ -1,8 +1,8 @@
-$NetBSD: distinfo,v 1.25 2023/02/09 09:57:01 adam Exp $
+$NetBSD: distinfo,v 1.26 2023/07/05 15:37:35 adam Exp $
 
-BLAKE2s (libjpeg-turbo-2.1.5.1.tar.gz) = aa707c4b83aa0a2a6b07e7f0363d828cc3d969aabba639fac203423f47064616
-SHA512 (libjpeg-turbo-2.1.5.1.tar.gz) = 86a7248d064043b26b09755633ef4872a2a6133c9e677a9fe4be6645b2e0fde102cf01e09119967b3b6b85f4cb93f3f7c49ec4973944d5eff99b5b90ce8b0be6
-Size (libjpeg-turbo-2.1.5.1.tar.gz) = 2264936 bytes
+BLAKE2s (libjpeg-turbo-3.0.0.tar.gz) = 8e801fb2e2f314c4e0864c8246e3e1943b274b054108001240f928ce66287010
+SHA512 (libjpeg-turbo-3.0.0.tar.gz) = 2307a2e240faf5b3119cdc5cf6a0255813d74591d4a4201fd2374940683cb9de90cb5926367e633f3624b27edd292209c7cd3c38d64522716e83fc81361289b4
+Size (libjpeg-turbo-3.0.0.tar.gz) = 2799663 bytes
 SHA1 (patch-jpeglib.h) = 22f69b5fed1882c33f4a8a6e42b8aca5ed195de3
 SHA1 (patch-simd_arm__aarch32_jsimd.c) = 0d35d6f0727709d4e894202a3a297fc66383c377
 SHA1 (patch-simd_arm__aarch64_jsimd.c) = 76c5e81403f70a8ea8bca8ae2266066fff5ec6f9

Prev by Date: CVS commit: pkgsrc/meta-pkgs/bulk-test-essential
Next by Date: CVS commit: pkgsrc/devel/py-immutabledict
Previous by Thread: CVS commit: pkgsrc/meta-pkgs/bulk-test-essential
Next by Thread: CVS commit: pkgsrc/devel/py-immutabledict
Indexes:

Home | Main Index | Thread Index | Old Index