diff --git a/SOURCES/libjpeg-turbo12-CVE-2013-6629.patch b/SOURCES/libjpeg-turbo12-CVE-2013-6629.patch new file mode 100644 index 00000000..4a880b00 --- /dev/null +++ b/SOURCES/libjpeg-turbo12-CVE-2013-6629.patch @@ -0,0 +1,17 @@ +diff --git a/jdmarker.c b/jdmarker.c +index 737a17c..381835b 100644 +--- a/jdmarker.c ++++ b/jdmarker.c +@@ -348,6 +348,12 @@ get_sos (j_decompress_ptr cinfo) + + TRACEMS3(cinfo, 1, JTRC_SOS_COMPONENT, cc, + compptr->dc_tbl_no, compptr->ac_tbl_no); ++ ++ /* This CSi (cc) should differ from the previous CSi */ ++ for (ci = 0; ci < i; ci++) { ++ if (cinfo->cur_comp_info[ci] == compptr) ++ ERREXIT1(cinfo, JERR_BAD_COMPONENT_ID, cc); ++ } + } + + /* Collect the additional scan parameters Ss, Se, Ah/Al. */ diff --git a/SOURCES/libjpeg-turbo12-CVE-2013-6630.patch b/SOURCES/libjpeg-turbo12-CVE-2013-6630.patch new file mode 100644 index 00000000..ca304a9b --- /dev/null +++ b/SOURCES/libjpeg-turbo12-CVE-2013-6630.patch @@ -0,0 +1,12 @@ +diff --git a/jdmarker.c b/jdmarker.c +index 77f7274..737a17c 100644 +--- a/jdmarker.c ++++ b/jdmarker.c +@@ -465,6 +465,7 @@ get_dht (j_decompress_ptr cinfo) + for (i = 0; i < count; i++) + INPUT_BYTE(cinfo, huffval[i], return FALSE); + ++ MEMZERO(&huffval[count], (256 - count) * SIZEOF(UINT8)); + length -= count; + + if (index & 0x10) { /* AC table definition */ diff --git a/SOURCES/libjpeg-turbo12-noinst.patch b/SOURCES/libjpeg-turbo12-noinst.patch new file mode 100644 index 00000000..210f2a3b --- /dev/null +++ b/SOURCES/libjpeg-turbo12-noinst.patch @@ -0,0 +1,29 @@ +diff -up libjpeg-turbo-1.2.90-20130204svn922/Makefile.am.noinst libjpeg-turbo-1.2.90-20130204svn922/Makefile.am +--- libjpeg-turbo-1.2.90-20130204svn922/Makefile.am.noinst 2013-01-19 02:06:46.000000000 +0100 ++++ libjpeg-turbo-1.2.90-20130204svn922/Makefile.am 2013-02-04 15:55:18.824110574 +0100 +@@ -89,9 +89,7 @@ noinst_PROGRAMS = jcstest + + if WITH_TURBOJPEG + +-bin_PROGRAMS += tjbench +- +-noinst_PROGRAMS += tjunittest ++noinst_PROGRAMS += tjbench tjunittest + + tjbench_SOURCES = tjbench.c bmp.h bmp.c tjutil.h tjutil.c rdbmp.c rdppm.c \ + wrbmp.c wrppm.c +@@ -144,14 +142,6 @@ dist_man1_MANS = cjpeg.1 djpeg.1 jpegtra + DOCS= coderules.txt jconfig.txt change.log rdrle.c wrrle.c BUILDING.txt \ + ChangeLog.txt + +-docdir = $(datadir)/doc +-dist_doc_DATA = README README-turbo.txt libjpeg.txt structure.txt usage.txt \ +- wizard.txt +- +-exampledir = $(datadir)/doc +-dist_example_DATA = example.c +- +- + EXTRA_DIST = win release $(DOCS) testimages md5cmp CMakeLists.txt \ + sharedlib/CMakeLists.txt cmakescripts libjpeg.map.in doc doxygen.config \ + jccolext.c jdcolext.c jdmrgext.c diff --git a/SOURCES/libjpeg-turbo12-pkgconfig.patch b/SOURCES/libjpeg-turbo12-pkgconfig.patch new file mode 100644 index 00000000..2cdb60fb --- /dev/null +++ b/SOURCES/libjpeg-turbo12-pkgconfig.patch @@ -0,0 +1,67 @@ +diff --git a/Makefile.am b/Makefile.am +index 728e30f..8717d3c 100644 +--- a/Makefile.am ++++ b/Makefile.am +@@ -10,6 +10,8 @@ endif + + nodist_include_HEADERS = jconfig.h + ++pkgconfigdir = $(libdir)/pkgconfig ++pkgconfig_DATA = pkgscripts/libjpeg.pc pkgscripts/libturbojpeg.pc + + HDRS = jchuff.h jdct.h jdhuff.h jerror.h jinclude.h jmemsys.h jmorecfg.h \ + jpegint.h jpeglib.h jversion.h jsimd.h jsimddct.h jpegcomp.h +diff --git a/configure.ac b/configure.ac +index 8e75dce..534558c 100644 +--- a/configure.ac ++++ b/configure.ac +@@ -21,6 +21,8 @@ AC_PROG_INSTALL + AC_PROG_LIBTOOL + AC_PROG_LN_S + ++PKG_PROG_PKG_CONFIG ++ + # Check whether compiler supports pointers to undefined structures + AC_MSG_CHECKING(whether compiler supports pointers to undefined structures) + AC_TRY_COMPILE([ typedef struct undefined_structure * undef_struct_ptr; ], , +@@ -411,6 +413,8 @@ AC_CONFIG_FILES([pkgscripts/makemacpkg:release/makemacpkg.in]) + AC_CONFIG_FILES([pkgscripts/Description.plist:release/Description.plist.in]) + AC_CONFIG_FILES([pkgscripts/Info.plist:release/Info.plist.in]) + AC_CONFIG_FILES([pkgscripts/uninstall:release/uninstall.in]) ++AC_CONFIG_FILES([pkgscripts/libjpeg.pc:release/libjpeg.pc.in]) ++AC_CONFIG_FILES([pkgscripts/libturbojpeg.pc:release/libturbojpeg.pc.in]) + if test "x$with_turbojpeg" != "xno"; then + AC_CONFIG_FILES([tjbenchtest]) + fi +diff --git a/release/libjpeg.pc.in b/release/libjpeg.pc.in +new file mode 100644 +index 0000000..40795f7 +--- /dev/null ++++ b/release/libjpeg.pc.in +@@ -0,0 +1,10 @@ ++prefix=@prefix@ ++exec_prefix=@exec_prefix@ ++libdir=@libdir@ ++includedir=@includedir@ ++ ++Name: libjpeg ++Description: A SIMD-accelerated JPEG codec that provides the libjpeg API ++Version: @PACKAGE_VERSION@ ++Libs: -L${libdir} -ljpeg ++Cflags: -I${includedir} +diff --git a/release/libturbojpeg.pc.in b/release/libturbojpeg.pc.in +new file mode 100644 +index 0000000..7d4b656 +--- /dev/null ++++ b/release/libturbojpeg.pc.in +@@ -0,0 +1,10 @@ ++prefix=@prefix@ ++exec_prefix=@exec_prefix@ ++libdir=@libdir@ ++includedir=@includedir@ ++ ++Name: libturbojpeg ++Description: A SIMD-accelerated JPEG codec that provides the TurboJPEG API ++Version: @PACKAGE_VERSION@ ++Libs: -L${libdir} -lturbojpeg ++Cflags: -I${includedir} diff --git a/SPECS/libjpeg-turbo.spec b/SPECS/libjpeg-turbo.spec new file mode 100644 index 00000000..3473f194 --- /dev/null +++ b/SPECS/libjpeg-turbo.spec @@ -0,0 +1,309 @@ +Name: libjpeg-turbo +Version: 1.2.90 +Release: 6%{?dist} +Summary: A MMX/SSE2 accelerated library for manipulating JPEG image files + +Group: System Environment/Libraries +License: IJG +URL: http://sourceforge.net/projects/libjpeg-turbo +Source0: http://downloads.sourceforge.net/%{name}/%{name}-%{version}.tar.gz +BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n) + +BuildRequires: autoconf, automake, libtool +%ifarch %{ix86} x86_64 +BuildRequires: nasm +%endif + +# moved this from -utils, in an attempt to get it to better override +# libjpeg in rawhide -- Rex +Obsoletes: libjpeg < 6b-47 +# add provides (even if it not needed) to workaround bad packages, like +# java-1.6.0-openjdk (#rh607554) -- atkac +Provides: libjpeg = 6b-47%{?dist} +%if "%{?_isa}" != "" +Provides: libjpeg%{_isa} = 6b-47%{?dist} +%endif + +Patch0: libjpeg-turbo12-noinst.patch +Patch1: libjpeg-turbo12-CVE-2013-6630.patch +Patch2: libjpeg-turbo12-CVE-2013-6629.patch +Patch3: libjpeg-turbo12-pkgconfig.patch + +%description +The libjpeg-turbo package contains a library of functions for manipulating +JPEG images. + +%package devel +Summary: Headers for the libjpeg-turbo library +Group: Development/Libraries +Obsoletes: libjpeg-devel < 6b-47 +Provides: libjpeg-devel = 6b-47%{?dist} +%if "%{?_isa}" != "" +Provides: libjpeg-devel%{_isa} = 6b-47%{?dist} +%endif +Requires: libjpeg-turbo%{?_isa} = %{version}-%{release} + +%description devel +This package contains header files necessary for developing programs which +will manipulate JPEG files using the libjpeg-turbo library. + +%package utils +Summary: Utilities for manipulating JPEG images +Group: Applications/Multimedia +Requires: libjpeg-turbo%{?_isa} = %{version}-%{release} + +%description utils +The libjpeg-turbo-utils package contains simple client programs for +accessing the libjpeg functions. It contains cjpeg, djpeg, jpegtran, +rdjpgcom and wrjpgcom. Cjpeg compresses an image file into JPEG format. +Djpeg decompresses a JPEG file into a regular image file. Jpegtran +can perform various useful transformations on JPEG files. Rdjpgcom +displays any text comments included in a JPEG file. Wrjpgcom inserts +text comments into a JPEG file. + +%package static +Summary: Static version of the libjpeg-turbo library +Group: Development/Libraries +Obsoletes: libjpeg-static < 6b-47 +Provides: libjpeg-static = 6b-47%{?dist} +%if "%{?_isa}" != "" +Provides: libjpeg-static%{_isa} = 6b-47%{?dist} +%endif +Requires: libjpeg-turbo-devel%{?_isa} = %{version}-%{release} + +%description static +The libjpeg-turbo-static package contains static library for manipulating +JPEG images. + +%package -n turbojpeg +Summary: TurboJPEG library +Group: System Environment/Libraries + +%description -n turbojpeg +The turbojpeg package contains the TurboJPEG shared library. + +%package -n turbojpeg-devel +Summary: Headers for the TurboJPEG library +Group: Development/Libraries +Requires: turbojpeg%{?_isa} = %{version}-%{release} + +%description -n turbojpeg-devel +This package contains header files necessary for developing programs which +will manipulate JPEG files using the TurboJPEG library. + +%prep +%setup -q + +%patch0 -p1 -b .noinst +%patch1 -p1 -b .CVE-2013-6630 +%patch2 -p1 -b .CVE-2013-6629 +%patch3 -p1 -b .pkgconfig + +%build +autoreconf -fiv + +%configure + +make %{?_smp_mflags} + +%install +rm -rf $RPM_BUILD_ROOT +make install DESTDIR=$RPM_BUILD_ROOT + +# Fix perms +chmod -x README-turbo.txt + +# Remove unwanted files +rm -f $RPM_BUILD_ROOT/%{_libdir}/lib{,turbo}jpeg.la + +# Don't distribute libjpegturbo.a +rm -f $RPM_BUILD_ROOT/%{_libdir}/libturbojpeg.a + +%clean +rm -rf $RPM_BUILD_ROOT + +%check +make test + +%post -p /sbin/ldconfig +%postun -p /sbin/ldconfig + +%post -n turbojpeg -p /sbin/ldconfig +%postun -n turbojpeg -p /sbin/ldconfig + +%files +%defattr(-,root,root,-) +%doc README README-turbo.txt change.log ChangeLog.txt +%{_libdir}/libjpeg.so.62* + +%files devel +%defattr(-,root,root,-) +%doc coderules.txt jconfig.txt libjpeg.txt structure.txt example.c +%{_includedir}/jconfig.h +%{_includedir}/jerror.h +%{_includedir}/jmorecfg.h +%{_includedir}/jpeglib.h +%{_libdir}/libjpeg.so +%{_libdir}/pkgconfig/libjpeg.pc + +%files utils +%defattr(-,root,root,-) +%doc usage.txt wizard.txt +%{_bindir}/cjpeg +%{_bindir}/djpeg +%{_bindir}/jpegtran +%{_bindir}/rdjpgcom +%{_bindir}/wrjpgcom +%{_mandir}/man1/cjpeg.1* +%{_mandir}/man1/djpeg.1* +%{_mandir}/man1/jpegtran.1* +%{_mandir}/man1/rdjpgcom.1* +%{_mandir}/man1/wrjpgcom.1* + +%files static +%defattr(-,root,root,-) +%{_libdir}/libjpeg.a + +%files -n turbojpeg +%{_libdir}/libturbojpeg.so.0* + +%files -n turbojpeg-devel +%{_includedir}/turbojpeg.h +%{_libdir}/libturbojpeg.so +%{_libdir}/pkgconfig/libturbojpeg.pc + +%changelog +* Thu May 24 2018 Nikola Forró - 1.2.90-6 +- Add pkgconfig scripts (#1581687) + +* Fri Jan 24 2014 Daniel Mach - 1.2.90-5 +- Mass rebuild 2014-01-24 + +* Fri Dec 27 2013 Daniel Mach - 1.2.90-4 +- Mass rebuild 2013-12-27 + +* Tue Nov 26 2013 Petr Hracek - 1.2.90-3 +- Resolves: #1031739 app patches CVE-2013-6629 and CVE-2013-6630 + +* Tue Mar 26 2013 Adam Tkac - 1.2.90-2 +- rebuild for ARM64 support + +* Fri Feb 08 2013 Adam Tkac 1.2.90-1 +- update to 1.2.90 + +* Mon Feb 04 2013 Adam Tkac 1.2.90-0.1.20130204svn922 +- update to 1.2.80 snapshot (#854695) +- run `make test` during build + +* Fri Jan 18 2013 Adam Tkac 1.2.1-6 +- build with jpeg6 API/ABI (jpeg8-ABI feature was dropped) + +* Tue Dec 04 2012 Adam Tkac 1.2.1-5 +- change license to IJG (#877517) + +* Wed Oct 24 2012 Adam Tkac 1.2.1-4 +- build with jpeg8 API/ABI (#854695) + +* Thu Oct 18 2012 Adam Tkac 1.2.1-3 +- minor provides tuning (#863231) + +* Thu Jul 19 2012 Fedora Release Engineering - 1.2.1-2 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_18_Mass_Rebuild + +* Mon Jul 16 2012 Adam Tkac 1.2.1-1 +- update to 1.2.1 + +* Thu Mar 08 2012 Adam Tkac 1.2.0-1 +- update to 1.2.0 + +* Fri Jan 13 2012 Fedora Release Engineering - 1.1.1-4 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_17_Mass_Rebuild + +* Mon Nov 21 2011 Orion Poplawski 1.1.1-3 +- Make turobojpeg-devel depend on turbojpeg + +* Fri Oct 7 2011 Orion Poplawski 1.1.1-2 +- Ship the turbojpeg library (#744258) + +* Mon Jul 11 2011 Adam Tkac 1.1.1-1 +- update to 1.1.1 + - ljt11-rh688712.patch merged + +* Tue Mar 22 2011 Adam Tkac 1.1.0-2 +- handle broken JPEGs better (#688712) + +* Tue Mar 01 2011 Adam Tkac 1.1.0-1 +- update to 1.1.0 + +* Tue Feb 08 2011 Fedora Release Engineering - 1.0.90-2 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_15_Mass_Rebuild + +* Mon Jan 17 2011 Adam Tkac 1.0.90-1 +- update to 1.0.90 +- libjpeg-turbo10-rh639672.patch merged + +* Fri Oct 29 2010 Adam Tkac 1.0.1-3 +- add support for arithmetic coded files into decoder (#639672) + +* Wed Sep 29 2010 jkeating - 1.0.1-2 +- Rebuilt for gcc bug 634757 + +* Mon Sep 13 2010 Adam Tkac 1.0.1-1 +- update to 1.0.1 + - libjpeg-turbo10-rh617469.patch merged +- add -static subpkg (#632859) + +* Wed Aug 04 2010 Adam Tkac 1.0.0-3 +- fix huffman decoder to handle broken JPEGs well (#617469) + +* Fri Jul 02 2010 Adam Tkac 1.0.0-2 +- add libjpeg-devel%%{_isa} provides to -devel subpkg to satisfy imlib-devel + deps + +* Fri Jul 02 2010 Adam Tkac 1.0.0-1 +- update to 1.0.0 +- patches merged + - libjpeg-turbo-programs.patch + - libjpeg-turbo-nosimd.patch +- add libjpeg provides to the main package to workaround problems with broken + java-1.6.0-openjdk package + +* Fri Jul 02 2010 Adam Tkac 0.0.93-13 +- remove libjpeg provides from -utils subpkg + +* Wed Jun 30 2010 Rex Dieter 0.0.93-12 +- move Obsoletes: libjpeg to main pkg + +* Wed Jun 30 2010 Rex Dieter 0.0.93-11 +- -utils: Requires: %%name ... + +* Wed Jun 30 2010 Adam Tkac 0.0.93-10 +- add Provides = libjpeg to -utils subpackage + +* Mon Jun 28 2010 Adam Tkac 0.0.93-9 +- merge review related fixes (#600243) + +* Wed Jun 16 2010 Adam Tkac 0.0.93-8 +- merge review related fixes (#600243) + +* Mon Jun 14 2010 Adam Tkac 0.0.93-7 +- obsolete -static libjpeg subpackage (#600243) + +* Mon Jun 14 2010 Adam Tkac 0.0.93-6 +- improve package description a little (#600243) +- include example.c as %%doc in the -devel subpackage + +* Fri Jun 11 2010 Adam Tkac 0.0.93-5 +- don't use "fc12" disttag in obsoletes/provides (#600243) + +* Thu Jun 10 2010 Adam Tkac 0.0.93-4 +- fix compilation on platforms without MMX/SSE (#600243) + +* Thu Jun 10 2010 Adam Tkac 0.0.93-3 +- package review related fixes (#600243) + +* Wed Jun 09 2010 Adam Tkac 0.0.93-2 +- package review related fixes (#600243) + +* Fri Jun 04 2010 Adam Tkac 0.0.93-1 +- initial package