Friday, November 03, 2023

UPDATE: jpeg 3.0.1

Here is an update to jpeg 3.0.1.

https://raw.githubusercontent.com/libjpeg-turbo/libjpeg-turbo/main/ChangeLog.md

2. Fixed various segfaults and buffer overruns (CVE-2023-2804) that occurred
when attempting to decompress various specially-crafted malformed
12-bit-per-component and 16-bit-per-component lossless JPEG images using color
quantization or merged chroma upsampling/color conversion. The underlying
cause of these issues was that the color quantization and merged chroma
upsampling/color conversion algorithms were not designed with lossless
decompression in mind. Since libjpeg-turbo explicitly does not support color
conversion when compressing or decompressing lossless JPEG images, merged
chroma upsampling/color conversion never should have been enabled for such
images. Color quantization is a legacy feature that serves little or no
purpose with lossless JPEG images, so it is also now disabled when
decompressing such images. (As a result, djpeg can no longer decompress a
lossless JPEG image into a GIF image.)


Index: Makefile
===================================================================
RCS file: /home/cvs/ports/graphics/jpeg/Makefile,v
diff -u -p -u -p -r1.78 Makefile
--- Makefile 26 Sep 2023 11:39:06 -0000 1.78
+++ Makefile 3 Nov 2023 18:15:59 -0000
@@ -1,12 +1,12 @@
COMMENT= SIMD-accelerated JPEG codec replacement of libjpeg

-V= 2.1.5.1
+V= 3.0.1
DISTNAME= libjpeg-turbo-${V}
PKGNAME= jpeg-${V}
EPOCH= 0

-SHARED_LIBS+= jpeg 70.1
-SHARED_LIBS+= turbojpeg 0.1
+SHARED_LIBS+= jpeg 71.0
+SHARED_LIBS+= turbojpeg 1.0

CATEGORIES= graphics
DPB_PROPERTIES= parallel
@@ -31,9 +31,9 @@ DEBUG_PACKAGES= ${BUILD_PACKAGES}

post-install:
${INSTALL_DATA_DIR} ${PREFIX}/share/doc/jpeg
- ${INSTALL_DATA} ${WRKSRC}/libjpeg.txt ${WRKSRC}/wizard.txt \
- ${PREFIX}/share/doc/jpeg
${INSTALL_DATA_DIR} ${PREFIX}/share/examples/jpeg
- ${INSTALL_DATA} ${WRKSRC}/example.txt ${PREFIX}/share/examples/jpeg
+ mv -f ${PREFIX}/share/doc/libjpeg-turbo/*.c ${PREFIX}/share/examples/jpeg
+ mv -f ${PREFIX}/share/doc/libjpeg-turbo/* ${PREFIX}/share/doc/jpeg
+ rmdir ${PREFIX}/share/doc/libjpeg-turbo

.include <bsd.port.mk>
Index: distinfo
===================================================================
RCS file: /home/cvs/ports/graphics/jpeg/distinfo,v
diff -u -p -u -p -r1.27 distinfo
--- distinfo 11 May 2023 08:54:01 -0000 1.27
+++ distinfo 3 Nov 2023 17:58:37 -0000
@@ -1,2 +1,2 @@
-SHA256 (libjpeg-turbo-2.1.5.1.tar.gz) = L9w/626d6xet7JuvozIUGaoZ+PTl3qe/hIaETKIiB78=
-SIZE (libjpeg-turbo-2.1.5.1.tar.gz) = 2264936
+SHA256 (libjpeg-turbo-3.0.1.tar.gz) = IkKVB3FK4UezrKzSmeggmfzl2fRWiC/CjiUuRXm6KnU=
+SIZE (libjpeg-turbo-3.0.1.tar.gz) = 2800900
Index: patches/patch-CMakeLists_txt
===================================================================
RCS file: /home/cvs/ports/graphics/jpeg/patches/patch-CMakeLists_txt,v
diff -u -p -u -p -r1.11 patch-CMakeLists_txt
--- patches/patch-CMakeLists_txt 11 May 2023 08:54:01 -0000 1.11
+++ patches/patch-CMakeLists_txt 12 Jul 2023 21:51:34 -0000
@@ -3,7 +3,7 @@ Symbol versioning triggers weird linking
Index: CMakeLists.txt
--- CMakeLists.txt.orig
+++ CMakeLists.txt
-@@ -509,10 +509,6 @@ endif()
+@@ -511,10 +511,6 @@ endif()

if(UNIX AND NOT APPLE)
file(WRITE ${CMAKE_CURRENT_BINARY_DIR}/conftest.map "VERS_1 { global: *; };")
Index: pkg/PLIST
===================================================================
RCS file: /home/cvs/ports/graphics/jpeg/pkg/PLIST,v
diff -u -p -u -p -r1.20 PLIST
--- pkg/PLIST 11 Mar 2022 19:22:36 -0000 1.20
+++ pkg/PLIST 12 Jul 2023 22:14:18 -0000
@@ -27,17 +27,13 @@ lib/pkgconfig/libturbojpeg.pc
@man man/man1/rdjpgcom.1
@man man/man1/wrjpgcom.1
share/doc/jpeg/
+share/doc/jpeg/LICENSE.md
+share/doc/jpeg/README.ijg
+share/doc/jpeg/README.md
share/doc/jpeg/libjpeg.txt
+share/doc/jpeg/structure.txt
+share/doc/jpeg/usage.txt
share/doc/jpeg/wizard.txt
-share/doc/libjpeg-turbo/
-share/doc/libjpeg-turbo/LICENSE.md
-share/doc/libjpeg-turbo/README.ijg
-share/doc/libjpeg-turbo/README.md
-share/doc/libjpeg-turbo/example.txt
-share/doc/libjpeg-turbo/libjpeg.txt
-share/doc/libjpeg-turbo/structure.txt
-share/doc/libjpeg-turbo/tjexample.c
-share/doc/libjpeg-turbo/usage.txt
-share/doc/libjpeg-turbo/wizard.txt
share/examples/jpeg/
-share/examples/jpeg/example.txt
+share/examples/jpeg/example.c
+share/examples/jpeg/tjexample.c

No comments:

Post a Comment