Bug 250190 - graphics/jpeg-turbo: Update to 2.0.5
Summary: graphics/jpeg-turbo: Update to 2.0.5
Status: Closed FIXED
Alias: None
Product: Ports & Packages
Classification: Unclassified
Component: Individual Port(s) (show other bugs)
Version: Latest
Hardware: Any Any
: --- Affects Only Me
Assignee: Ports Security Team
URL: https://github.com/libjpeg-turbo/libj...
Keywords: security
Depends on:
Blocks:
 
Reported: 2020-10-07 22:16 UTC by Daniel Engberg
Modified: 2020-11-16 11:41 UTC (History)
4 users (show)

See Also:
bugzilla: maintainer-feedback? (portmgr)


Attachments
Patch for jpeg-turbo (1.44 KB, patch)
2020-10-07 22:16 UTC, Daniel Engberg
no flags Details | Diff
VuXML entry, turbo-jpeg and mozjpeg (2.31 KB, patch)
2020-10-10 19:03 UTC, Daniel Engberg
no flags Details | Diff

Note You need to log in before you can comment on or make changes to this bug.
Description Daniel Engberg freebsd_committer freebsd_triage 2020-10-07 22:16:11 UTC
Created attachment 218602 [details]
Patch for jpeg-turbo

Update (lib)jpeg-turbo to version 2.0.5 (fixes CVE-2020-13790)
Update CPE vendor

Compile tested on FreeBSD 13.0-CURRENT #0 r364979 (amd64) (make + make test)
Poudriere testport OK 12.1-RELEASE (amd64) including libjpeg-turbo port
Comment 1 Daniel Engberg freebsd_committer freebsd_triage 2020-10-07 22:16:43 UTC
Unless someone beats me to it I'll add a vuxml entry/patch during the weekend.
Comment 2 Daniel Engberg freebsd_committer freebsd_triage 2020-10-10 19:03:51 UTC
Created attachment 218650 [details]
VuXML entry, turbo-jpeg and mozjpeg

My first attempt, please fix if I did something wrong.
Comment 3 commit-hook freebsd_committer freebsd_triage 2020-10-11 06:45:43 UTC
A commit references this bug:

Author: antoine
Date: Sun Oct 11 06:44:47 UTC 2020
New revision: 552029
URL: https://svnweb.freebsd.org/changeset/ports/552029

Log:
  Update to 2.0.5

  PR:		250190
  MFH:		2020Q4

Changes:
  head/graphics/jpeg-turbo/Makefile
  head/graphics/jpeg-turbo/distinfo
Comment 4 commit-hook freebsd_committer freebsd_triage 2020-10-11 06:46:44 UTC
A commit references this bug:

Author: antoine
Date: Sun Oct 11 06:46:16 UTC 2020
New revision: 552030
URL: https://svnweb.freebsd.org/changeset/ports/552030

Log:
  MFH: r552029

  Update to 2.0.5

  PR:		250190

Changes:
_U  branches/2020Q4/
  branches/2020Q4/graphics/jpeg-turbo/Makefile
  branches/2020Q4/graphics/jpeg-turbo/distinfo
Comment 5 Antoine Brodin freebsd_committer freebsd_triage 2020-10-11 06:47:55 UTC
Over to ports-secteam for the vuxml stuff
Comment 6 Daniel Engberg freebsd_committer freebsd_triage 2020-11-16 08:33:36 UTC
Friendly ping
Comment 7 commit-hook freebsd_committer freebsd_triage 2020-11-16 11:13:53 UTC
A commit references this bug:

Author: fluffy
Date: Mon Nov 16 11:13:15 UTC 2020
New revision: 555466
URL: https://svnweb.freebsd.org/changeset/ports/555466

Log:
  VuXML: document mozjpeg and libjpeg-turbo recent vulnerabilities

  PR:		250190
  Submitted by:	daniel.engberg.lists@pyret.net

Changes:
  head/security/vuxml/vuln.xml
Comment 8 Dima Panov freebsd_committer freebsd_triage 2020-11-16 11:16:02 UTC
(In reply to daniel.engberg.lists from comment #6)
(with hat: ports-secteam) Done!
Comment 9 Daniel Engberg freebsd_committer freebsd_triage 2020-11-16 11:41:02 UTC
Thanks!