libjpeg-turbo (1.3.0-0ubuntu2.1) trusty-security; urgency=medium

  * SECURITY UPDATE: denial of service via JPEG file
    - debian/patches/CVE-2014-9092.patch: adjust size in jchuff.c.
    - CVE-2014-9092
  * SECURITY UPDATE: denial of service via crafted file
    - debian/patches/CVE-2016-3616.patch: check range of integer values in
      PPM text file in cderror.h, rdppm.c.
    - CVE-2016-3616
    - CVE-2018-11213
    - CVE-2018-11214
  * SECURITY UPDATE: divide-by-zero via crafted file
    - debian/patches/CVE-2018-11212.patch: check image size in rdtarga.c.
    - CVE-2018-11212
  * SECURITY UPDATE: division by zero via BMP image
    - debian/patches/CVE-2018-1152.patch: add size check in rdbmp.c.
    - CVE-2018-1152

 -- Marc Deslauriers <marc.deslauriers@ubuntu.com>  Thu, 05 Jul 2018 15:55:15 -0400

libjpeg-turbo (1.3.0-0ubuntu2) trusty; urgency=low

  * SECURITY UPDATE: information disclosure via uninitialized memory in
    the get_sos function (LP: #1252912)
    - debian/patches/CVE-2013-6629.patch: check for duplications in
      jdmarker.c.
    - CVE-2013-6629
  * SECURITY UPDATE: information disclosure via uninitialized memory in
    the get_dht function (LP: #1252912)
    - debian/patches/CVE-2013-6630.patch: properly clear out memory in
      jdmarker.c.
    - CVE-2013-6630

 -- Marc Deslauriers <marc.deslauriers@ubuntu.com>  Thu, 19 Dec 2013 15:07:26 -0500

libjpeg-turbo (1.3.0-0ubuntu1) saucy; urgency=low

  * New upstream release.
    - drop debian/patches/branch-updates.diff
    - refresh tjunittest.patch (now renamed to install-tjunittest.patch)
  * Update debian/control:
    - add myself to Uploaders.
  * Update debian/copyright:
    - add RSA Data Security copyright (md5).
  * Update debian/libturbojpeg.install:
    - install libturbojpeg.so.0* (needed by tjunittest and tjbench).

 -- Fathi Boudra <fathi.boudra@linaro.org>  Sun, 28 Jul 2013 16:52:51 +0300

libjpeg-turbo (1.2.1-0ubuntu2) quantal; urgency=low

  * libjpeg-turbo-test: Depend on libjpegturbo. LP: #1053273.

 -- Matthias Klose <doko@ubuntu.com>  Thu, 20 Sep 2012 14:53:18 +0200

libjpeg-turbo (1.2.1-0ubuntu1) quantal; urgency=low

  [ Tom Gall ]
  * Update to stable 1.2.1. LP: #1012861.
    * Addresses CVE-2012-2806. LP: #1025537.
      A Heap-based buffer overflow was found in the way libjpeg-turbo
      decompressed certain corrupt JPEG images in which the component count
      was erroneously set to a large value. An attacker could create a
      specially-crafted JPEG image that, when opened, could cause an
      application using libpng to crash or, possibly, execute arbitrary code
      with the privileges of the user running the application.
    * Cosmetic fixes to argument lists
    * Added flags to the TurboJPEG API that allow the caller to force
      the use of either the fast or the accurate DCT/IDCT algorithms
      in the underlying codec.
    * More recent versions of autoconf add -traditional-cpp to the CPP
      flags, which causes jsimdcfg.inc.h to not preprocess correctly
      unless we expand all of the instances of the #definev macro.
    * Fixed regression caused by a bug in the 32-bit strict memory access
      code in jdmrgss2.asm (contributed by Chromium to stop valgrind from
      whining whenever the output buffer size was not evenly divisible by
      16 bytes.)  On Linux/x86, this regression generated incorrect
      pixels on the right-hand side of images whose rows were not 16-byte
      aligned, whenever fancy upsampling was used.  This patch also
      enables the strict memory access code on all platforms, not just
      Linux (it does no harm on other platforms) and removes a couple of
      pcmpeqb instructions that were rendered unnecessary by r835.
    * Accelerated 4:2:2 upsampling routine for ARM (improves
      performance ~20-30% when decompressing 4:2:2 JPEGs using
      fancy upsampling)
    * Eliminate the use of the MASKMOVDQU instruction, to speed
      up decompression performance by 10x on AMD Bobcat embedded
      processors (and ~5% on AMD desktop processors.)
    * add tjbench to libjpeg-turbo-test packages
    * Guard against num_components being a ridiculous
      value due to a corrupt header
    * Preserve all 128 bits of xmm6 and xmm7

  [ Matthias Klose ]
  * Prepare the package for quantal, basing on the 1.2.1 release tarball.
  * d/patches/branch-updates.diff: Update to 20120919 of the 1.2.x branch,
    but don't bump the version to 1.2.2.
  * d/patches/guard-inline-define: Remove, integrated upstream.

 -- Matthias Klose <doko@ubuntu.com>  Thu, 20 Sep 2012 00:18:15 +0200

libjpeg-turbo (1.1.90+svn733-0ubuntu6) quantal; urgency=low

  * Strip -Wl,-Bsymbolic-functions out of LDFLAGS, so that hpcups and
    pxljr can override jinit_color_converter.  LP: #777670.

 -- Steve Langasek <steve.langasek@ubuntu.com>  Tue, 10 Jul 2012 17:03:31 +0000

libjpeg-turbo (1.1.90+svn733-0ubuntu5) quantal; urgency=low

  * Guard the definition of INLINE in an ifndef block, so that
    third parties including our headers don't get it redefined
    unexpectedly from under them (which cause the spice FTBFS)

 -- Adam Conrad <adconrad@ubuntu.com>  Wed, 20 Jun 2012 14:26:21 -0600

libjpeg-turbo (1.1.90+svn733-0ubuntu4.1) precise-proposed; urgency=low

  * debian/rules: Remove "-Bsymbolic-functions" from LDFLAGS, as this flag
    breaks the libjpeg use by HPLIP and pxljr, in both cases for printing
    on the HP Color LaserJet 3500/3550/3600 (LP: #777670).

 -- Till Kamppeter <till.kamppeter@gmail.com>  Tue, 10 Jul 2012 18:44:23 +0200

libjpeg-turbo (1.1.90+svn733-0ubuntu4.1) precise-proposed; urgency=low

  * debian/rules: Remove "-Bsymbolic-functions" from LDFLAGS, as this flag
    breaks the libjpeg use by HPLIP and pxljr, in both cases for printing
    on the HP Color LaserJet 3500/3550/3600 (LP: #777670).

 -- Till Kamppeter <till.kamppeter@gmail.com>  Tue, 10 Jul 2012 18:44:23 +0200

libjpeg-turbo (1.1.90+svn733-0ubuntu4) precise; urgency=low

  * Install jpegint.h in the -dev package.
  * Install jconfig.h in the multiarch include directory.

 -- Matthias Klose <doko@ubuntu.com>  Fri, 13 Jan 2012 12:02:38 +0100

libjpeg-turbo (1.1.90+svn733-0ubuntu3) precise; urgency=low

  * libjpeg-turbo-progs: Remove dependency on libturbojpeg.

 -- Matthias Klose <doko@ubuntu.com>  Wed, 21 Dec 2011 20:10:28 +0100

libjpeg-turbo (1.1.90+svn733-0ubuntu2) precise; urgency=low

  * Sync with upstream to svn733.

  * Rename libjpeg-test to libjpeg-turbo-test.
  * Rename libjpeg-turbo-dbg to libjpeg-turbo8-dbg.
  * Rename libjpeg8-dev to libjpeg-turbo8-dev.
  * Move the docs into the -dev package, install the upstream changelog
    in the -dev only.
  * Split out libturbojpeg.so into it's own package, don't let
    libjpeg-turbo8-dev depend on it.
  * Fix libjpeg-turbo8-dbg package description.
  * Install jconfig.h into multiarch include path.
  * Remove HAVE_STD{LIB,DEF}_H from jconfig.h since they are not used and
    conflict with autoconf.
  * libjpeg-turbo8:
    - Add a symbols file, with a different version for symbols only found
      in the libjpeg-turbo implementation.
    - Remove the shlibs file.
    - Breaks/Replaces libjpeg8 (<< 8c-2ubuntu5).
  * Copy the exifautotran and jpegexiforient tools from the libjpeg8
    sources, install into libjpeg-turbo-progs.
  * Don't install tjbench in libjpeg-turbo-progs to avoid dependency
    on libturbojpeg.

 -- Matthias Klose <doko@ubuntu.com>  Tue, 20 Dec 2011 23:12:52 +0100

libjpeg-turbo (1.1.90+svn722-1ubuntu5) precise; urgency=low

  * Remove all useage of diverts in preparation to replace
    libjpeg8 in precise
  * small clean up in debian/control

 -- Tom Gall <tom.gall@linaro.org>  Thu, 01 Dec 2011 09:50:26 -0600

libjpeg-turbo (1.1.90+svn722-1ubuntu4) precise; urgency=low

  * Switch package to include libjpeg8 compatibility
  * Supply -dev -dbg and -test debs

 -- Tom Gall <tom.gall@linaro.org>  Wed, 16 Nov 2011 22:14:00 +0000

libjpeg-turbo (1.1.90+svn722-1ubuntu2) oneiric; urgency=low

  * 11.11 Release
  * Sync with upstream to svn722

 -- Tom Gall <tom.gall@linaro.org>  Wed, 16 Nov 2011 14:32:12 +0000

libjpeg-turbo (1.1.90+svn702-0ubuntu1) oneiric; urgency=low

  * Initial Release based on svn 702
  * Initial Release and packaging based on svn 702 (LP: #852207)

 -- Tom Gall <tom.gall@linaro.org>  Tue, 13 Sep 2011 03:53:56 +0000
