Package: libjpeg62-turbo-dev
Version: 1:2.0.6-4

We should not be distributing jpegint.h header, it gives a false sense of API.

Here is the full verbatim quote from upstream about this:

```
jpegint.h is only included by jpeglib.h if JPEG_INTERNALS is defined.
jpegint.h is a project-private header that exposes internal interfaces
and structures in the libjpeg API library. Unlike the public libjpeg
API/ABI, those internal interfaces and structures are not guaranteed
to be backward or forward compatible in any way. Thus, downstream
projects that include jpegint.h must ensure that they are using a
libjpeg-turbo code base that is compatible with the version of
jpegint.h they are including. Because the libjpeg API has exposed API
structures, the internal structures in jpegint.h are used to store
additional API state that may be necessary in order to implement
certain features or fixes in libjpeg-turbo. Thus, those structures are
not guaranteed to be backward or forward compatible even within a
particular libjpeg-turbo branch/release series. That means that
downstream projects that use jpegint.h cannot rely on a central
(system-wide) installation of the libjpeg-turbo SDK, because there is
no guarantee that the SDK's internal interfaces and structures will
match the ones that the downstream project expects. The real danger is
that a downstream application or library may trigger a buffer overflow
if its expectation regarding the layout of the internal structures
does not match reality. Generally speaking, best practices are for
downstream projects that use jpegint.h to include an in-tree build of
libjpeg-turbo. (For instance, libjpeg-turbo could be included as a Git
submodule that pulls from a specific libjpeg-turbo commit.) The fact
that jpegint.h is not distributed in the libjpeg-turbo SDK encourages
those best practices, whereas distributing jpegint.h would create a
false sense that the interfaces and structures defined therein are
backward/forward compatible. They aren't and never have been, and that
is why jpegint.h has never been distributed in the 30-year history of
libjpeg and libjpeg-turbo. Downstream packages should ABSOLUTELY NEVER
distribute jpegint.h, and any issues caused by the failure to adhere
to those best practices are issues that downstream packagers must
address without the help of The libjpeg-turbo Project.
```

* 
https://github.com/libjpeg-turbo/libjpeg-turbo/pull/695#issuecomment-1591383190

Reply via email to