Ubuntu
libjpeg-turbo package

Bug #1012861
Comment #4

Comment 4 for bug 1012861

Revision history for this message

Tom Gall (tom-gall) wrote on 2012-07-18:

updated libjpeg-turbo_1.2.1+svn853-1ubuntu6
ppa:tom-gall/packages

* fixes LP:1012861 - update to stable 1.2.1
  * fixes LP:1025537 addressing CVE-2012-2806
    A Heap-based buffer overflow was found in the way libjpeg-turbo
    decompressed certain corrupt JPEG images in which the component count
    was erroneously set to a large value. An attacker could create a
    specially-crafted JPEG image that, when opened, could cause an
    application using libpng to crash or, possibly, execute arbitrary code
    with the privileges of the user running the application.
  * fixes LP:1012861 - update to stable 1.2.1 r853
   * Cosmetic fixes to argument lists
   * Added flags to the TurboJPEG API that allow the caller to force
     the use of either the fast or the accurate DCT/IDCT algorithms
     in the underlying codec.
   * More recent versions of autoconf add -traditional-cpp to the CPP
     flags, which causes jsimdcfg.inc.h to not preprocess correctly
     unless we expand all of the instances of the #definev macro.
   * Fixed regression caused by a bug in the 32-bit strict memory access
     code in jdmrgss2.asm (contributed by Chromium to stop valgrind from
     whining whenever the output buffer size was not evenly divisible by
     16 bytes.) On Linux/x86, this regression generated incorrect
     pixels on the right-hand side of images whose rows were not 16-byte
     aligned, whenever fancy upsampling was used. This patch also
     enables the strict memory access code on all platforms, not just
     Linux (it does no harm on other platforms) and removes a couple of
     pcmpeqb instructions that were rendered unnecessary by r835.
   * Accelerated 4:2:2 upsampling routine for ARM (improves
     performance ~20-30% when decompressing 4:2:2 JPEGs using
     fancy upsampling)
   * Eliminate the use of the MASKMOVDQU instruction, to speed
     up decompression performance by 10x on AMD Bobcat embedded
     processors (and ~5% on AMD desktop processors.)
   * add tjbench to libjpeg-turbo-test packages
   * Guard against num_components being a ridiculous
     value due to a corrupt header
   * Preserve all 128 bits of xmm6 and xmm7

updated libjpeg-turbo_1.2.1+svn853-1ubuntu6
ppa:tom-gall/packages

* fixes LP:1012861 - update to stable 1.2.1
  * fixes LP:1025537 addressing CVE-2012-2806 
    A Heap-based buffer overflow was found in the way libjpeg-turbo
    decompressed certain corrupt JPEG images in which the component count
    was erroneously set to a large value. An attacker could create a
    specially-crafted JPEG image that, when opened, could cause an
    application using libpng to crash or, possibly, execute arbitrary code
    with the privileges of the user running the application.
  * fixes LP:1012861 - update to stable 1.2.1 r853
   * Cosmetic fixes to argument lists
   * Added flags to the TurboJPEG API that allow the caller to force 
     the use of either the fast or the accurate DCT/IDCT algorithms 
     in the underlying codec.
   * More recent versions of autoconf add -traditional-cpp to the CPP 
     flags, which causes jsimdcfg.inc.h to not preprocess correctly 
     unless we expand all of the instances of the #definev macro.
   * Fixed regression caused by a bug in the 32-bit strict memory access 
     code in jdmrgss2.asm (contributed by Chromium to stop valgrind from 
     whining whenever the output buffer size was not evenly divisible by  
     16 bytes.)  On Linux/x86, this regression generated incorrect 
     pixels on the right-hand side of images whose rows were not 16-byte 
     aligned, whenever fancy upsampling was used.  This patch also 
     enables the strict memory access code on all platforms, not just 
     Linux (it does no harm on other platforms) and removes a couple of  
     pcmpeqb instructions that were rendered unnecessary by r835.
   * Accelerated 4:2:2 upsampling routine for ARM (improves 
     performance ~20-30% when decompressing 4:2:2 JPEGs using 
     fancy upsampling)
   * Eliminate the use of the MASKMOVDQU instruction, to speed 
     up decompression performance by 10x on AMD Bobcat embedded 
     processors (and ~5% on AMD desktop processors.)
   * add tjbench to libjpeg-turbo-test packages
   * Guard against num_components being a ridiculous 
     value due to a corrupt header
   * Preserve all 128 bits of xmm6 and xmm7

Ubuntulibjpeg-turbo package

Comment 4 for bug 1012861

Ubuntu
libjpeg-turbo package