diff options
Diffstat (limited to 'src')
| -rw-r--r-- | src/3rdparty/libjpeg/COPYRIGHT.txt | 2 | ||||
| -rw-r--r-- | src/3rdparty/libjpeg/ChangeLog.md | 43 | ||||
| -rw-r--r-- | src/3rdparty/libjpeg/qt_attribution.json | 4 | ||||
| -rw-r--r-- | src/3rdparty/libjpeg/src/jconfig.h | 4 | ||||
| -rw-r--r-- | src/3rdparty/libjpeg/src/jconfigint.h | 2 |
5 files changed, 43 insertions, 12 deletions
diff --git a/src/3rdparty/libjpeg/COPYRIGHT.txt b/src/3rdparty/libjpeg/COPYRIGHT.txt index f5eae868466..ce9d95bfebc 100644 --- a/src/3rdparty/libjpeg/COPYRIGHT.txt +++ b/src/3rdparty/libjpeg/COPYRIGHT.txt @@ -1,4 +1,4 @@ -Copyright (C) 2009-2025 D. R. Commander +Copyright (C) 2009-2024 D. R. Commander Copyright (C) 2015, 2020 Google, Inc. Copyright (C) 2019-2020 Arm Limited Copyright (C) 2015-2016, 2018 Matthieu Darbois diff --git a/src/3rdparty/libjpeg/ChangeLog.md b/src/3rdparty/libjpeg/ChangeLog.md index 4bdbf53dd34..17390d80bd0 100644 --- a/src/3rdparty/libjpeg/ChangeLog.md +++ b/src/3rdparty/libjpeg/ChangeLog.md @@ -1,3 +1,34 @@ +3.1.3 +===== + +### Significant changes relative to 3.1.2: + +1. Hardened the TurboJPEG API against hypothetical applications that may +erroneously call `tj*Compress*()` or `tj*Transform()` with a reused JPEG +destination buffer pointer while specifying a destination buffer size of 0. + +2. Hardened the TurboJPEG API against hypothetical applications that may +erroneously set `TJPARAM_LOSSLESS` or `TJPARAM_COLORSPACE` prior to calling +`tj3EncodeYUV*8()` or `tj3CompressFromYUV*8()`. `tj3EncodeYUV*8()` and +`tj3CompressFromYUV*8()` now ignore `TJPARAM_LOSSLESS` and +`TJPARAM_COLORSPACE`. + +3. Hardened the TurboJPEG Java API against hypothetical applications that may +erroneously pass huge X or Y offsets to one of the compression, YUV encoding, +decompression, or YUV decoding methods, leading to signed integer overflow in +the JNI wrapper's buffer size checks that rendered those checks ineffective. + +4. Fixed an issue in the TurboJPEG Java API whereby +`TJCompressor.getSourceBuf()` sometimes returned the buffer from a previous +invocation of `TJCompressor.loadSourceImage()` if the target data precision was +changed before the most recent invocation. + +5. Fixed an issue in the PPM reader that caused incorrect pixels to be +generated when using `tj3LoadImage*()` or `TJCompressor.loadSourceImage()` to +load a PBMPLUS (PPM/PGM) file into a CMYK buffer with a different data +precision than that of the file. + + 3.1.2 ===== @@ -962,9 +993,9 @@ storage. 64-bit libjpeg-turbo SDK for Visual C++ were installed on the same system, only one of them could be uninstalled. -2. Fixed a signed integer overflow and subsequent segfault that occurred when -attempting to decompress images with more than 715827882 pixels using the -64-bit C version of TJBench. +2. Fixed a signed integer overflow and subsequent segfault (CVE-2019-2201) that +occurred when attempting to decompress images with more than 715827882 pixels +using the 64-bit C version of TJBench. 3. Fixed out-of-bounds write in `tjDecompressToYUV2()` and `tjDecompressToYUVPlanes()` (sometimes manifesting as a double free) that @@ -1016,9 +1047,9 @@ regardless of whether a 4:2:2 JPEG image is rotated or transposed prior to decompression (in the frequency domain) or after decompression (in the spatial domain), the final image will be similar. -4. Fixed an integer overflow and subsequent segfault that occurred when -attempting to compress or decompress images with more than 1 billion pixels -using the TurboJPEG API. +4. Fixed an integer overflow and subsequent segfault (CVE-2019-2201) that +occurred when attempting to compress or decompress images with more than 1 +billion pixels using the TurboJPEG API. 5. Fixed a regression introduced by 2.0 beta1[15] whereby attempting to generate a progressive JPEG image on an SSE2-capable CPU using a scan script diff --git a/src/3rdparty/libjpeg/qt_attribution.json b/src/3rdparty/libjpeg/qt_attribution.json index fe38aec1f68..5ac811a12b4 100644 --- a/src/3rdparty/libjpeg/qt_attribution.json +++ b/src/3rdparty/libjpeg/qt_attribution.json @@ -7,8 +7,8 @@ "Description": "The Independent JPEG Group's JPEG software", "Homepage": "http://libjpeg-turbo.virtualgl.org/", - "Version": "3.1.2", - "DownloadLocation": "https://github.com/libjpeg-turbo/libjpeg-turbo/releases/download/3.1.2/libjpeg-turbo-3.1.2.tar.gz", + "Version": "3.1.3", + "DownloadLocation": "https://github.com/libjpeg-turbo/libjpeg-turbo/releases/download/3.1.3/libjpeg-turbo-3.1.3.tar.gz", "PURL": "pkg:github/libjpeg-turbo/libjpeg-turbo@$<VERSION>", "CPE": "cpe:2.3:a:libjpeg-turbo:libjpeg-turbo:$<VERSION>:*:*:*:*:*:*:*", diff --git a/src/3rdparty/libjpeg/src/jconfig.h b/src/3rdparty/libjpeg/src/jconfig.h index e81574b9a48..85a1509fb68 100644 --- a/src/3rdparty/libjpeg/src/jconfig.h +++ b/src/3rdparty/libjpeg/src/jconfig.h @@ -2,9 +2,9 @@ #define JPEG_LIB_VERSION 80 -#define LIBJPEG_TURBO_VERSION 3.0.3 +#define LIBJPEG_TURBO_VERSION 3.1.3 -#define LIBJPEG_TURBO_VERSION_NUMBER 3000003 +#define LIBJPEG_TURBO_VERSION_NUMBER 3001003 #define C_ARITH_CODING_SUPPORTED 1 diff --git a/src/3rdparty/libjpeg/src/jconfigint.h b/src/3rdparty/libjpeg/src/jconfigint.h index 6e7dbd75a1e..6d5f9633928 100644 --- a/src/3rdparty/libjpeg/src/jconfigint.h +++ b/src/3rdparty/libjpeg/src/jconfigint.h @@ -10,7 +10,7 @@ #define PACKAGE_NAME "libjpeg-turbo" -#define VERSION "3.0.3" +#define VERSION "3.1.3" #if SIZE_MAX == 0xffffffff #define SIZEOF_SIZE_T 4 |