Unsubscribing ubuntu-sponsors as there's nothing to do at the moment. > I think now that debian has switched to libjpeg-turbo too there is no > reason anymore for an ubuntu delta.
You can't say that without actually checking the delta. -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to libjpeg-turbo in Ubuntu. https://bugs.launchpad.net/bugs/1374583 Title: Sync libjpeg-turbo 1:1.3.1-3 (main) from Debian unstable (main) Status in “libjpeg-turbo” package in Ubuntu: New Bug description: Please sync libjpeg-turbo 1:1.3.1-3 (main) from Debian unstable (main) I think now that debian has switched to libjpeg-turbo too there is no reason anymore for an ubuntu delta. However I think the sync should be done when V will open for development. Explanation of the Ubuntu delta and why it can be dropped: * SECURITY UPDATE: information disclosure via uninitialized memory in the get_sos function (LP: #1252912) - debian/patches/CVE-2013-6629.patch: check for duplications in jdmarker.c. - CVE-2013-6629 * SECURITY UPDATE: information disclosure via uninitialized memory in the get_dht function (LP: #1252912) - debian/patches/CVE-2013-6630.patch: properly clear out memory in jdmarker.c. - CVE-2013-6630 * SECURITY UPDATE: information disclosure via uninitialized memory in the get_sos function (LP: #1252912) - debian/patches/CVE-2013-6629.patch: check for duplications in jdmarker.c. - CVE-2013-6629 * SECURITY UPDATE: information disclosure via uninitialized memory in the get_dht function (LP: #1252912) - debian/patches/CVE-2013-6630.patch: properly clear out memory in jdmarker.c. - CVE-2013-6630 * New upstream release. - drop debian/patches/branch-updates.diff - refresh tjunittest.patch (now renamed to install-tjunittest.patch) * Update debian/control: - add myself to Uploaders. * Update debian/copyright: - add RSA Data Security copyright (md5). * Update debian/libturbojpeg.install: - install libturbojpeg.so.0* (needed by tjunittest and tjbench). * New upstream release. - drop debian/patches/branch-updates.diff - refresh tjunittest.patch (now renamed to install-tjunittest.patch) * Update debian/control: - add myself to Uploaders. * Update debian/copyright: - add RSA Data Security copyright (md5). * Update debian/libturbojpeg.install: - install libturbojpeg.so.0* (needed by tjunittest and tjbench). * libjpeg-turbo-test: Depend on libjpegturbo. LP: #1053273. * libjpeg-turbo-test: Depend on libjpegturbo. LP: #1053273. * libjpeg-turbo-test: Depend on libjpegturbo. LP: #1053273. [ Tom Gall ] * Update to stable 1.2.1. LP: #1012861. * Addresses CVE-2012-2806. LP: #1025537. A Heap-based buffer overflow was found in the way libjpeg-turbo decompressed certain corrupt JPEG images in which the component count was erroneously set to a large value. An attacker could create a specially-crafted JPEG image that, when opened, could cause an application using libpng to crash or, possibly, execute arbitrary code with the privileges of the user running the application. * Cosmetic fixes to argument lists * Added flags to the TurboJPEG API that allow the caller to force the use of either the fast or the accurate DCT/IDCT algorithms in the underlying codec. * More recent versions of autoconf add -traditional-cpp to the CPP flags, which causes jsimdcfg.inc.h to not preprocess correctly unless we expand all of the instances of the #definev macro. * Fixed regression caused by a bug in the 32-bit strict memory access code in jdmrgss2.asm (contributed by Chromium to stop valgrind from whining whenever the output buffer size was not evenly divisible by 16 bytes.) On Linux/x86, this regression generated incorrect pixels on the right-hand side of images whose rows were not 16-byte aligned, whenever fancy upsampling was used. This patch also enables the strict memory access code on all platforms, not just Linux (it does no harm on other platforms) and removes a couple of pcmpeqb instructions that were rendered unnecessary by r835. * Accelerated 4:2:2 upsampling routine for ARM (improves performance ~20-30% when decompressing 4:2:2 JPEGs using fancy upsampling) * Eliminate the use of the MASKMOVDQU instruction, to speed up decompression performance by 10x on AMD Bobcat embedded processors (and ~5% on AMD desktop processors.) * add tjbench to libjpeg-turbo-test packages * Guard against num_components being a ridiculous value due to a corrupt header * Preserve all 128 bits of xmm6 and xmm7 [ Matthias Klose ] * Prepare the package for quantal, basing on the 1.2.1 release tarball. * d/patches/branch-updates.diff: Update to 20120919 of the 1.2.x branch, but don't bump the version to 1.2.2. * d/patches/guard-inline-define: Remove, integrated upstream. * Strip -Wl,-Bsymbolic-functions out of LDFLAGS, so that hpcups and pxljr can override jinit_color_converter. LP: #777670. * Guard the definition of INLINE in an ifndef block, so that third parties including our headers don't get it redefined unexpectedly from under them (which cause the spice FTBFS) * Install jpegint.h in the -dev package. * Install jconfig.h in the multiarch include directory. * Install jpegint.h in the -dev package. * Install jconfig.h in the multiarch include directory. * libjpeg-turbo-progs: Remove dependency on libturbojpeg. * libjpeg-turbo-progs: Remove dependency on libturbojpeg. * Sync with upstream to svn733. * Rename libjpeg-test to libjpeg-turbo-test. * Rename libjpeg-turbo-dbg to libjpeg-turbo8-dbg. * Rename libjpeg8-dev to libjpeg-turbo8-dev. * Move the docs into the -dev package, install the upstream changelog in the -dev only. * Split out libturbojpeg.so into it's own package, don't let libjpeg-turbo8-dev depend on it. * Fix libjpeg-turbo8-dbg package description. * Install jconfig.h into multiarch include path. * Remove HAVE_STD{LIB,DEF}_H from jconfig.h since they are not used and conflict with autoconf. * libjpeg-turbo8: - Add a symbols file, with a different version for symbols only found in the libjpeg-turbo implementation. - Remove the shlibs file. - Breaks/Replaces libjpeg8 (<< 8c-2ubuntu5). * Copy the exifautotran and jpegexiforient tools from the libjpeg8 sources, install into libjpeg-turbo-progs. * Don't install tjbench in libjpeg-turbo-progs to avoid dependency on libturbojpeg. * Remove all useage of diverts in preparation to replace libjpeg8 in precise * small clean up in debian/control * Switch package to include libjpeg8 compatibility * Supply -dev -dbg and -test debs * 11.11 Release * Sync with upstream to svn722 * Initial Release based on svn 702 * Initial Release and packaging based on svn 702 (LP: #852207) * Initial Release based on svn 702 * Initial Release and packaging based on svn 702 (LP: #852207) Changelog entries since current utopic version 1.3.0-0ubuntu2: libjpeg-turbo (1:1.3.1-3) unstable; urgency=medium * Upload to unstable to proceed with transition (Ref: #754988) -- Ondřej Surý <ond...@debian.org> Fri, 26 Sep 2014 14:34:39 +0200 libjpeg-turbo (1:1.3.1-2) experimental; urgency=high * Add correct Breaks/Replaces: libjpeg-progs (<< 1.3.1-1~) to libjpeg-turbo-progs (Closes: #757860) * Build with -ffloat-store to fix FTBFS (Closes: #755073) * Disable silent building -- Ondřej Surý <ond...@debian.org> Tue, 26 Aug 2014 12:39:52 +0200 libjpeg-turbo (1:1.3.1-1) experimental; urgency=medium * Upload to experimental in preparation for libjpeg-turbo default JPEG library switch * Bump epoch to 1: to smoothly replace libjpeg62 binaries * New upstream version 1.3.1 * Add myself to uploaders * Enable --fail-missing and --parallel in dh invocation * debian/patches/003_ftbfs-kfreebsd-x64.patch: Remove, merged upstream * debian/patches/004_CVE-2013-6629.patch: Remove; merged upstream * debian/patches/005_CVE-2013-6630.patch: Remove; merged upstream * Add libjpeg62* packages, add libjpeg-turbo-progs package (Closes: #728983, #632869, #632949) * Add exifautotran and jpegexiforient.c from Ubuntu to complete jpeg-progs compatibility * Add tjbench to libjpeg-turbo-progs * Remove libjpeg-turbo-test* package that is useful only at compile time * Remove CC and CFLAGS from debian/extra/Makefile and also pass CPPFLAGS and LFLAGS to enable Hardening in jpegexiforient * Don't install turbojpeg.h into libjpeg62-dev * Remove the word 'transitional' from libjpeg-progs description * Fix debhelper-but-no-misc-depends libjpeg-dev * Install help2man+manual fixes tjbench.1 manual page * Add missing source for jquery 1.7.1 * d/copyright: Add jquery.js license and cleanup cruft * Add symbols file for libjpeg62 -- Ondřej Surý <ond...@debian.org> Tue, 22 Jul 2014 01:05:35 +0200 libjpeg-turbo (1.3.0-4) unstable; urgency=low * debian/rules: + Override dh_strip and build individual dbg bin:packages for the shared library and the test program. * debian/control: + Add dbg bin:packages. + Alioth-canonicalize Vcs-*: fields. + Drop dependency from bin:package libturbojpeg1: libc-dev. + EOL clean-up (whitespaces, commas). + Modify section of bin:package libjpeg-turbo-test: utils. -- Mike Gabriel <sunwea...@debian.org> Sat, 15 Mar 2014 00:19:42 +0100 libjpeg-turbo (1.3.0-3) unstable; urgency=low * debian/patches: (Closes: #729873) + Add patch 004_CVE-2013-6629.patch. Check for duplications in jdmarker.c (CVE-2013-6629). + Add patch 005_CVE-2013-6630.patch: Properly clear out memory in jdmarker.c. (CVE-2013-6630). -- Mike Gabriel <sunwea...@debian.org> Fri, 14 Mar 2014 18:56:25 +0100 libjpeg-turbo (1.3.0-2) unstable; urgency=low * Add patch: 003_ftbfs-kfreebsd-x64.patch. Fix FTBFS on kfreebsd-amd64 systems by using ELF64 as object format. (Closes: #710749). -- Mike Gabriel <sunwea...@debian.org> Tue, 04 Jun 2013 21:38:42 +0200 libjpeg-turbo (1.3.0-1) unstable; urgency=low * New upstream release. * /debian/control: + B-D: nasm [any-amd64 any-i386]. Fix FTBFS on hurd and kFreeBSD. (Closes: #710566). * Lintian issues: + Adapt shlib-calls-exit lintian override to new upstream version. -- Mike Gabriel <sunwea...@debian.org> Sat, 01 Jun 2013 01:25:00 +0200 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/libjpeg-turbo/+bug/1374583/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
