[ubuntu/quantal] libjpeg-turbo 1.2.1-0ubuntu1 (Accepted)
Matthias Klose
doko at ubuntu.com
Wed Sep 19 22:30:21 UTC 2012
libjpeg-turbo (1.2.1-0ubuntu1) quantal; urgency=low
[ Tom Gall ]
* Update to stable 1.2.1. LP: #1012861.
* Addresses CVE-2012-2806. LP: #1025537.
A Heap-based buffer overflow was found in the way libjpeg-turbo
decompressed certain corrupt JPEG images in which the component count
was erroneously set to a large value. An attacker could create a
specially-crafted JPEG image that, when opened, could cause an
application using libpng to crash or, possibly, execute arbitrary code
with the privileges of the user running the application.
* Cosmetic fixes to argument lists
* Added flags to the TurboJPEG API that allow the caller to force
the use of either the fast or the accurate DCT/IDCT algorithms
in the underlying codec.
* More recent versions of autoconf add -traditional-cpp to the CPP
flags, which causes jsimdcfg.inc.h to not preprocess correctly
unless we expand all of the instances of the #definev macro.
* Fixed regression caused by a bug in the 32-bit strict memory access
code in jdmrgss2.asm (contributed by Chromium to stop valgrind from
whining whenever the output buffer size was not evenly divisible by
16 bytes.) On Linux/x86, this regression generated incorrect
pixels on the right-hand side of images whose rows were not 16-byte
aligned, whenever fancy upsampling was used. This patch also
enables the strict memory access code on all platforms, not just
Linux (it does no harm on other platforms) and removes a couple of
pcmpeqb instructions that were rendered unnecessary by r835.
* Accelerated 4:2:2 upsampling routine for ARM (improves
performance ~20-30% when decompressing 4:2:2 JPEGs using
fancy upsampling)
* Eliminate the use of the MASKMOVDQU instruction, to speed
up decompression performance by 10x on AMD Bobcat embedded
processors (and ~5% on AMD desktop processors.)
* add tjbench to libjpeg-turbo-test packages
* Guard against num_components being a ridiculous
value due to a corrupt header
* Preserve all 128 bits of xmm6 and xmm7
[ Matthias Klose ]
* Prepare the package for quantal, basing on the 1.2.1 release tarball.
* d/patches/branch-updates.diff: Update to 20120919 of the 1.2.x branch,
but don't bump the version to 1.2.2.
* d/patches/guard-inline-define: Remove, integrated upstream.
Date: Thu, 20 Sep 2012 00:18:15 +0200
Changed-By: Matthias Klose <doko at ubuntu.com>
Maintainer: Ubuntu Developers <ubuntu-devel-discuss at lists.ubuntu.com>
https://launchpad.net/ubuntu/quantal/+source/libjpeg-turbo/1.2.1-0ubuntu1
-------------- next part --------------
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Format: 1.8
Date: Thu, 20 Sep 2012 00:18:15 +0200
Source: libjpeg-turbo
Binary: libjpeg-turbo8-dev libjpeg-turbo8 libturbojpeg libjpeg-turbo-progs libjpeg-turbo8-dbg libjpeg-turbo-test
Architecture: source
Version: 1.2.1-0ubuntu1
Distribution: quantal
Urgency: low
Maintainer: Ubuntu Developers <ubuntu-devel-discuss at lists.ubuntu.com>
Changed-By: Matthias Klose <doko at ubuntu.com>
Description:
libjpeg-turbo-progs - Programs for manipulating JPEG files
libjpeg-turbo-test - Program for testing libjpeg-turbo
libjpeg-turbo8 - IJG JPEG compliant runtime library.
libjpeg-turbo8-dbg - Debugging symbols for the libjpeg-turbo library
libjpeg-turbo8-dev - Development files for the IJG JPEG library
libturbojpeg - IJG JPEG compliant runtime library.
Launchpad-Bugs-Fixed: 1012861 1025537
Changes:
libjpeg-turbo (1.2.1-0ubuntu1) quantal; urgency=low
.
[ Tom Gall ]
* Update to stable 1.2.1. LP: #1012861.
* Addresses CVE-2012-2806. LP: #1025537.
A Heap-based buffer overflow was found in the way libjpeg-turbo
decompressed certain corrupt JPEG images in which the component count
was erroneously set to a large value. An attacker could create a
specially-crafted JPEG image that, when opened, could cause an
application using libpng to crash or, possibly, execute arbitrary code
with the privileges of the user running the application.
* Cosmetic fixes to argument lists
* Added flags to the TurboJPEG API that allow the caller to force
the use of either the fast or the accurate DCT/IDCT algorithms
in the underlying codec.
* More recent versions of autoconf add -traditional-cpp to the CPP
flags, which causes jsimdcfg.inc.h to not preprocess correctly
unless we expand all of the instances of the #definev macro.
* Fixed regression caused by a bug in the 32-bit strict memory access
code in jdmrgss2.asm (contributed by Chromium to stop valgrind from
whining whenever the output buffer size was not evenly divisible by
16 bytes.) On Linux/x86, this regression generated incorrect
pixels on the right-hand side of images whose rows were not 16-byte
aligned, whenever fancy upsampling was used. This patch also
enables the strict memory access code on all platforms, not just
Linux (it does no harm on other platforms) and removes a couple of
pcmpeqb instructions that were rendered unnecessary by r835.
* Accelerated 4:2:2 upsampling routine for ARM (improves
performance ~20-30% when decompressing 4:2:2 JPEGs using
fancy upsampling)
* Eliminate the use of the MASKMOVDQU instruction, to speed
up decompression performance by 10x on AMD Bobcat embedded
processors (and ~5% on AMD desktop processors.)
* add tjbench to libjpeg-turbo-test packages
* Guard against num_components being a ridiculous
value due to a corrupt header
* Preserve all 128 bits of xmm6 and xmm7
.
[ Matthias Klose ]
* Prepare the package for quantal, basing on the 1.2.1 release tarball.
* d/patches/branch-updates.diff: Update to 20120919 of the 1.2.x branch,
but don't bump the version to 1.2.2.
* d/patches/guard-inline-define: Remove, integrated upstream.
Checksums-Sha1:
81c5509344af48c4733fd81e78776e0a74985d54 1567 libjpeg-turbo_1.2.1-0ubuntu1.dsc
a4992e102c6d88146709e8e6ce5896d5d0b5a361 1755264 libjpeg-turbo_1.2.1.orig.tar.gz
b186f9c4539d8c7b0cd816ea2aed4dcc53d8937e 26515 libjpeg-turbo_1.2.1-0ubuntu1.debian.tar.gz
Checksums-Sha256:
aebf255c5179a9ef013984afea25c446494ae0e2e6e90a3080d3cf35101ac0bb 1567 libjpeg-turbo_1.2.1-0ubuntu1.dsc
cb3323f054a02cedad193bd0ca418d46934447f995d19e678ea64f78e4903770 1755264 libjpeg-turbo_1.2.1.orig.tar.gz
3ccc584bf860c48b76ac2f4abe082196bc9700aa2b43a5f8ac4fc75c85524514 26515 libjpeg-turbo_1.2.1-0ubuntu1.debian.tar.gz
Files:
21da86795ece017cde7188e18f3f81e8 1567 graphics optional libjpeg-turbo_1.2.1-0ubuntu1.dsc
f61e60ff01381ece4d2fe65eeb52669e 1755264 graphics optional libjpeg-turbo_1.2.1.orig.tar.gz
ca6c543719a89e65448a9870e039ab5c 26515 graphics optional libjpeg-turbo_1.2.1-0ubuntu1.debian.tar.gz
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)
iEYEARECAAYFAlBaRmsACgkQStlRaw+TLJw6xwCfb7Bvmj+FbDfFKxENaIBJA/TV
M58An2EH9rlAJf2ebk7SZw4LX1pKPN0v
=ZemU
-----END PGP SIGNATURE-----
More information about the Quantal-changes
mailing list