From e7be4c45525c1ae57caeea4e83e44df02f7b51c1 Mon Sep 17 00:00:00 2001
From: Nathan <ndowens@artixlinux.org>
Date: Mon, 26 Oct 2020 22:06:53 +0000
Subject: user/libjpeg-turbo: Upgrade to 2.0.5

---
 user/libjpeg-turbo/APKBUILD             |  8 +++-----
 user/libjpeg-turbo/CVE-2020-13790.patch | 35 ---------------------------------
 2 files changed, 3 insertions(+), 40 deletions(-)
 delete mode 100644 user/libjpeg-turbo/CVE-2020-13790.patch

(limited to 'user/libjpeg-turbo')

diff --git a/user/libjpeg-turbo/APKBUILD b/user/libjpeg-turbo/APKBUILD
index cbecdd1a4..5910e7011 100644
--- a/user/libjpeg-turbo/APKBUILD
+++ b/user/libjpeg-turbo/APKBUILD
@@ -1,8 +1,8 @@
 # Contributor: Carlo Landmeter <clandmeter@gmail.com>
 # Maintainer: A. Wilcox <awilfox@adelielinux.org>
 pkgname=libjpeg-turbo
-pkgver=2.0.4
-pkgrel=1
+pkgver=2.0.5
+pkgrel=0
 pkgdesc="Accelerated JPEG compression and decompression library"
 url="https://libjpeg-turbo.org/"
 arch="all"
@@ -11,7 +11,6 @@ depends=""
 makedepends="cmake"
 subpackages="$pkgname-doc $pkgname-dev $pkgname-utils"
 source="https://downloads.sourceforge.net/libjpeg-turbo/libjpeg-turbo-$pkgver.tar.gz
-	CVE-2020-13790.patch
 	"
 
 case "$CTARGET_ARCH" in
@@ -63,5 +62,4 @@ utils() {
 	mv "$pkgdir"/usr/bin "$subpkgdir"/usr/
 }
 
-sha512sums="708c2e7418d9ed5abca313e2ff5a08f8176d79cad2127573cda6036583c201973db4cfb0eafc0fc8f57ecc7b000d2b4af95980de54de5a0aed45969e993a5bf9  libjpeg-turbo-2.0.4.tar.gz
-83752558d0cf60508a9ccd55505b91f4faa22277537916629a045b2aaa0cb3649e2f90b0df26d389687dc4aba78bdf76e64fc5e5eb324a65026ec86cd95dbe6a  CVE-2020-13790.patch"
+sha512sums="5bf9ecf069b43783ff24365febf36dda69ccb92d6397efec6069b2b4f359bfd7b87934a6ce4311873220fccc73acabdacef5ce0604b79209eb1912e8ba478555  libjpeg-turbo-2.0.5.tar.gz"
diff --git a/user/libjpeg-turbo/CVE-2020-13790.patch b/user/libjpeg-turbo/CVE-2020-13790.patch
deleted file mode 100644
index aaeec0c9c..000000000
--- a/user/libjpeg-turbo/CVE-2020-13790.patch
+++ /dev/null
@@ -1,35 +0,0 @@
-From 3de15e0c344d11d4b90f4a47136467053eb2d09a Mon Sep 17 00:00:00 2001
-From: DRC <information@libjpeg-turbo.org>
-Date: Tue, 2 Jun 2020 14:15:37 -0500
-Subject: [PATCH] rdppm.c: Fix buf overrun caused by bad binary PPM
-
-This extends the fix in 1e81b0c3ea26f4ea8f56de05367469333de64a9f to
-include binary PPM files with maximum values < 255, thus preventing a
-malformed binary PPM input file with those specifications from
-triggering an overrun of the rescale array and potentially crashing
-cjpeg, TJBench, or any program that uses the tjLoadImage() function.
-
-Fixes #433
-
-diff --git a/rdppm.c b/rdppm.c
-index 87bc33090..a8507b902 100644
---- a/rdppm.c
-+++ b/rdppm.c
-@@ -5,7 +5,7 @@
-  * Copyright (C) 1991-1997, Thomas G. Lane.
-  * Modified 2009 by Bill Allombert, Guido Vollbeding.
-  * libjpeg-turbo Modifications:
-- * Copyright (C) 2015-2017, D. R. Commander.
-+ * Copyright (C) 2015-2017, 2020, D. R. Commander.
-  * For conditions of distribution and use, see the accompanying README.ijg
-  * file.
-  *
-@@ -720,7 +720,7 @@ start_input_ppm(j_compress_ptr cinfo, cjpeg_source_ptr sinfo)
-     /* On 16-bit-int machines we have to be careful of maxval = 65535 */
-     source->rescale = (JSAMPLE *)
-       (*cinfo->mem->alloc_small) ((j_common_ptr)cinfo, JPOOL_IMAGE,
--                                  (size_t)(((long)maxval + 1L) *
-+                                  (size_t)(((long)MAX(maxval, 255) + 1L) *
-                                            sizeof(JSAMPLE)));
-     half_maxval = maxval / 2;
-     for (val = 0; val <= (long)maxval; val++) {
-- 
cgit v1.2.3-70-g09d2