desktop-packages team mailing list archive
-
desktop-packages team
-
Mailing list archive
-
Message #72900
[Bug 1374583] Re: Sync libjpeg-turbo 1:1.3.1-3 (main) from Debian unstable (main)
Yes Felix, however since this isn't going into utopic I would like to
maybe look at it as soon as the new V opens for development :)
** Changed in: libjpeg-turbo (Ubuntu)
Status: New => Invalid
--
You received this bug notification because you are a member of Desktop
Packages, which is subscribed to libjpeg-turbo in Ubuntu.
https://bugs.launchpad.net/bugs/1374583
Title:
Sync libjpeg-turbo 1:1.3.1-3 (main) from Debian unstable (main)
Status in “libjpeg-turbo” package in Ubuntu:
Invalid
Bug description:
Please sync libjpeg-turbo 1:1.3.1-3 (main) from Debian unstable (main)
I think now that debian has switched to libjpeg-turbo too there is no
reason anymore for an ubuntu delta.
However I think the sync should be done when V will open for
development.
Explanation of the Ubuntu delta and why it can be dropped:
* SECURITY UPDATE: information disclosure via uninitialized memory in
the get_sos function (LP: #1252912)
- debian/patches/CVE-2013-6629.patch: check for duplications in
jdmarker.c.
- CVE-2013-6629
* SECURITY UPDATE: information disclosure via uninitialized memory in
the get_dht function (LP: #1252912)
- debian/patches/CVE-2013-6630.patch: properly clear out memory in
jdmarker.c.
- CVE-2013-6630
* SECURITY UPDATE: information disclosure via uninitialized memory in
the get_sos function (LP: #1252912)
- debian/patches/CVE-2013-6629.patch: check for duplications in
jdmarker.c.
- CVE-2013-6629
* SECURITY UPDATE: information disclosure via uninitialized memory in
the get_dht function (LP: #1252912)
- debian/patches/CVE-2013-6630.patch: properly clear out memory in
jdmarker.c.
- CVE-2013-6630
* New upstream release.
- drop debian/patches/branch-updates.diff
- refresh tjunittest.patch (now renamed to install-tjunittest.patch)
* Update debian/control:
- add myself to Uploaders.
* Update debian/copyright:
- add RSA Data Security copyright (md5).
* Update debian/libturbojpeg.install:
- install libturbojpeg.so.0* (needed by tjunittest and tjbench).
* New upstream release.
- drop debian/patches/branch-updates.diff
- refresh tjunittest.patch (now renamed to install-tjunittest.patch)
* Update debian/control:
- add myself to Uploaders.
* Update debian/copyright:
- add RSA Data Security copyright (md5).
* Update debian/libturbojpeg.install:
- install libturbojpeg.so.0* (needed by tjunittest and tjbench).
* libjpeg-turbo-test: Depend on libjpegturbo. LP: #1053273.
* libjpeg-turbo-test: Depend on libjpegturbo. LP: #1053273.
* libjpeg-turbo-test: Depend on libjpegturbo. LP: #1053273.
[ Tom Gall ]
* Update to stable 1.2.1. LP: #1012861.
* Addresses CVE-2012-2806. LP: #1025537.
A Heap-based buffer overflow was found in the way libjpeg-turbo
decompressed certain corrupt JPEG images in which the component count
was erroneously set to a large value. An attacker could create a
specially-crafted JPEG image that, when opened, could cause an
application using libpng to crash or, possibly, execute arbitrary code
with the privileges of the user running the application.
* Cosmetic fixes to argument lists
* Added flags to the TurboJPEG API that allow the caller to force
the use of either the fast or the accurate DCT/IDCT algorithms
in the underlying codec.
* More recent versions of autoconf add -traditional-cpp to the CPP
flags, which causes jsimdcfg.inc.h to not preprocess correctly
unless we expand all of the instances of the #definev macro.
* Fixed regression caused by a bug in the 32-bit strict memory access
code in jdmrgss2.asm (contributed by Chromium to stop valgrind from
whining whenever the output buffer size was not evenly divisible by
16 bytes.) On Linux/x86, this regression generated incorrect
pixels on the right-hand side of images whose rows were not 16-byte
aligned, whenever fancy upsampling was used. This patch also
enables the strict memory access code on all platforms, not just
Linux (it does no harm on other platforms) and removes a couple of
pcmpeqb instructions that were rendered unnecessary by r835.
* Accelerated 4:2:2 upsampling routine for ARM (improves
performance ~20-30% when decompressing 4:2:2 JPEGs using
fancy upsampling)
* Eliminate the use of the MASKMOVDQU instruction, to speed
up decompression performance by 10x on AMD Bobcat embedded
processors (and ~5% on AMD desktop processors.)
* add tjbench to libjpeg-turbo-test packages
* Guard against num_components being a ridiculous
value due to a corrupt header
* Preserve all 128 bits of xmm6 and xmm7
[ Matthias Klose ]
* Prepare the package for quantal, basing on the 1.2.1 release tarball.
* d/patches/branch-updates.diff: Update to 20120919 of the 1.2.x branch,
but don't bump the version to 1.2.2.
* d/patches/guard-inline-define: Remove, integrated upstream.
* Strip -Wl,-Bsymbolic-functions out of LDFLAGS, so that hpcups and
pxljr can override jinit_color_converter. LP: #777670.
* Guard the definition of INLINE in an ifndef block, so that
third parties including our headers don't get it redefined
unexpectedly from under them (which cause the spice FTBFS)
* Install jpegint.h in the -dev package.
* Install jconfig.h in the multiarch include directory.
* Install jpegint.h in the -dev package.
* Install jconfig.h in the multiarch include directory.
* libjpeg-turbo-progs: Remove dependency on libturbojpeg.
* libjpeg-turbo-progs: Remove dependency on libturbojpeg.
* Sync with upstream to svn733.
* Rename libjpeg-test to libjpeg-turbo-test.
* Rename libjpeg-turbo-dbg to libjpeg-turbo8-dbg.
* Rename libjpeg8-dev to libjpeg-turbo8-dev.
* Move the docs into the -dev package, install the upstream changelog
in the -dev only.
* Split out libturbojpeg.so into it's own package, don't let
libjpeg-turbo8-dev depend on it.
* Fix libjpeg-turbo8-dbg package description.
* Install jconfig.h into multiarch include path.
* Remove HAVE_STD{LIB,DEF}_H from jconfig.h since they are not used and
conflict with autoconf.
* libjpeg-turbo8:
- Add a symbols file, with a different version for symbols only found
in the libjpeg-turbo implementation.
- Remove the shlibs file.
- Breaks/Replaces libjpeg8 (<< 8c-2ubuntu5).
* Copy the exifautotran and jpegexiforient tools from the libjpeg8
sources, install into libjpeg-turbo-progs.
* Don't install tjbench in libjpeg-turbo-progs to avoid dependency
on libturbojpeg.
* Remove all useage of diverts in preparation to replace
libjpeg8 in precise
* small clean up in debian/control
* Switch package to include libjpeg8 compatibility
* Supply -dev -dbg and -test debs
* 11.11 Release
* Sync with upstream to svn722
* Initial Release based on svn 702
* Initial Release and packaging based on svn 702 (LP: #852207)
* Initial Release based on svn 702
* Initial Release and packaging based on svn 702 (LP: #852207)
Changelog entries since current utopic version 1.3.0-0ubuntu2:
libjpeg-turbo (1:1.3.1-3) unstable; urgency=medium
* Upload to unstable to proceed with transition (Ref: #754988)
-- Ondřej Surý <ondrej@xxxxxxxxxx> Fri, 26 Sep 2014 14:34:39 +0200
libjpeg-turbo (1:1.3.1-2) experimental; urgency=high
* Add correct Breaks/Replaces: libjpeg-progs (<< 1.3.1-1~) to
libjpeg-turbo-progs (Closes: #757860)
* Build with -ffloat-store to fix FTBFS (Closes: #755073)
* Disable silent building
-- Ondřej Surý <ondrej@xxxxxxxxxx> Tue, 26 Aug 2014 12:39:52 +0200
libjpeg-turbo (1:1.3.1-1) experimental; urgency=medium
* Upload to experimental in preparation for libjpeg-turbo default JPEG
library switch
* Bump epoch to 1: to smoothly replace libjpeg62 binaries
* New upstream version 1.3.1
* Add myself to uploaders
* Enable --fail-missing and --parallel in dh invocation
* debian/patches/003_ftbfs-kfreebsd-x64.patch: Remove, merged upstream
* debian/patches/004_CVE-2013-6629.patch: Remove; merged upstream
* debian/patches/005_CVE-2013-6630.patch: Remove; merged upstream
* Add libjpeg62* packages, add libjpeg-turbo-progs package
(Closes: #728983, #632869, #632949)
* Add exifautotran and jpegexiforient.c from Ubuntu to complete
jpeg-progs compatibility
* Add tjbench to libjpeg-turbo-progs
* Remove libjpeg-turbo-test* package that is useful only at compile time
* Remove CC and CFLAGS from debian/extra/Makefile and also pass CPPFLAGS
and LFLAGS to enable Hardening in jpegexiforient
* Don't install turbojpeg.h into libjpeg62-dev
* Remove the word 'transitional' from libjpeg-progs description
* Fix debhelper-but-no-misc-depends libjpeg-dev
* Install help2man+manual fixes tjbench.1 manual page
* Add missing source for jquery 1.7.1
* d/copyright: Add jquery.js license and cleanup cruft
* Add symbols file for libjpeg62
-- Ondřej Surý <ondrej@xxxxxxxxxx> Tue, 22 Jul 2014 01:05:35 +0200
libjpeg-turbo (1.3.0-4) unstable; urgency=low
* debian/rules:
+ Override dh_strip and build individual dbg bin:packages
for the shared library and the test program.
* debian/control:
+ Add dbg bin:packages.
+ Alioth-canonicalize Vcs-*: fields.
+ Drop dependency from bin:package libturbojpeg1: libc-dev.
+ EOL clean-up (whitespaces, commas).
+ Modify section of bin:package libjpeg-turbo-test: utils.
-- Mike Gabriel <sunweaver@xxxxxxxxxx> Sat, 15 Mar 2014 00:19:42
+0100
libjpeg-turbo (1.3.0-3) unstable; urgency=low
* debian/patches: (Closes: #729873)
+ Add patch 004_CVE-2013-6629.patch. Check for duplications in
jdmarker.c (CVE-2013-6629).
+ Add patch 005_CVE-2013-6630.patch: Properly clear out memory in
jdmarker.c. (CVE-2013-6630).
-- Mike Gabriel <sunweaver@xxxxxxxxxx> Fri, 14 Mar 2014 18:56:25
+0100
libjpeg-turbo (1.3.0-2) unstable; urgency=low
* Add patch: 003_ftbfs-kfreebsd-x64.patch. Fix FTBFS on kfreebsd-amd64
systems by using ELF64 as object format. (Closes: #710749).
-- Mike Gabriel <sunweaver@xxxxxxxxxx> Tue, 04 Jun 2013 21:38:42
+0200
libjpeg-turbo (1.3.0-1) unstable; urgency=low
* New upstream release.
* /debian/control:
+ B-D: nasm [any-amd64 any-i386]. Fix FTBFS on hurd and kFreeBSD. (Closes:
#710566).
* Lintian issues:
+ Adapt shlib-calls-exit lintian override to new upstream version.
-- Mike Gabriel <sunweaver@xxxxxxxxxx> Sat, 01 Jun 2013 01:25:00
+0200
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/libjpeg-turbo/+bug/1374583/+subscriptions
References