Log message:
libjpeg-turbo: updated to 3.0.2

3.0.2
=====

Significant changes relative to 3.0.1:

1. Fixed a signed integer overflow in the `tj3CompressFromYUV8()`,
`tj3DecodeYUV8()`, `tj3DecompressToYUV8()`, and `tj3EncodeYUV8()` functions,
detected by the Clang and GCC undefined behavior sanitizers, that could be
triggered by setting the `align` parameter to an unreasonably large value.
This issue did not pose a security threat, but removing the warning made it
easier to detect actual security issues, should they arise in the future.

2. Introduced a new parameter (`TJPARAM_MAXMEMORY` in the TurboJPEG C API and
`TJ.PARAM_MAXMEMORY` in the TurboJPEG Java API) and a corresponding TJBench
option (`-maxmemory`) for specifying the maximum amount of memory (in
megabytes) that will be allocated for intermediate buffers, which are used with
progressive JPEG compression and decompression, optimized baseline entropy
coding, lossless JPEG compression, and lossless transformation.  The new
parameter and option serve the same purpose as the `max_memory_to_use` field in
the `jpeg_memory_mgr` struct in the libjpeg API, the `JPEGMEM` environment
variable, and the cjpeg/djpeg/jpegtran `-maxmemory` option.

3. Introduced a new parameter (`TJPARAM_MAXPIXELS` in the TurboJPEG C API and
`TJ.PARAM_MAXPIXELS` in the TurboJPEG Java API) and a corresponding TJBench
option (`-maxpixels`) for specifying the maximum number of pixels that the
decompression, lossless transformation, and packed-pixel image loading
functions/methods will process.

4. Fixed an error ("Unsupported color conversion request") that \ 
occurred when
attempting to decompress a 3-component lossless JPEG image without an Adobe
APP14 marker.  The decompressor now assumes that a 3-component lossless JPEG
image without an Adobe APP14 marker uses the RGB colorspace if its component
IDs are 1, 2, and 3.

Log message:
libjpeg-turbo: updated to 3.0.1

3.0.1

The x86-64 SIMD functions now use a standard stack frame, prologue, and epilogue \ 
so that debuggers and profilers can reliably capture backtraces from within the \ 
functions.

Fixed two minor issues in the interblock smoothing algorithm that caused \ 
mathematical (but not necessarily perceptible) edge block errors when \ 
decompressing progressive JPEG images exactly two MCU blocks in width or that \ 
use vertical chrominance subsampling.

Fixed a regression introduced by 3.0 beta2[6] that, in rare cases, caused the C \ 
Huffman encoder (which is not used by default on x86 and Arm CPUs) to generate \ 
incorrect results if the Neon SIMD extensions were explicitly disabled at build \ 
time (by setting the WITH_SIMD CMake variable to 0) in an AArch64 build of \ 
libjpeg-turbo.

Log message:
libjpeg-turbo: updated to 3.0.0

3.0.0
Significant changes relative to 3.0 beta2:

The TurboJPEG API now supports 4:4:1 (transposed 4:1:1) chrominance subsampling, \ 
which allows losslessly transposed or rotated 4:1:1 JPEG images to be losslessly \ 
cropped, partially decompressed, or decompressed to planar YUV images.

Fixed various segfaults and buffer overruns (CVE-2023-2804) that occurred when \ 
attempting to decompress various specially-crafted malformed \ 
12-bit-per-component and 16-bit-per-component lossless JPEG images using color \ 
quantization or merged chroma upsampling/color conversion. The underlying cause \ 
of these issues was that the color quantization and merged chroma \ 
upsampling/color conversion algorithms were not designed with lossless \ 
decompression in mind. Since libjpeg-turbo explicitly does not support color \ 
conversion when compressing or decompressing lossless JPEG images, merged chroma \ 
upsampling/color conversion never should have been enabled for such images. \ 
Color quantization is a legacy feature that serves little or no purpose with \ 
lossless JPEG images, so it is also now disabled when decompressing such images. \ 
(As a result, djpeg can no longer decompress a lossless JPEG image into a GIF \ 
image.)

Fixed an oversight in 1.4 beta1[8] that caused various segfaults and buffer \ 
overruns when attempting to decompress various specially-crafted malformed \ 
12-bit-per-component JPEG images using djpeg with both color quantization and \ 
RGB565 color conversion enabled.

Fixed an issue whereby jpeg_crop_scanline() sometimes miscalculated the \ 
downsampled width for components with 4x2 or 2x4 subsampling factors if \ 
decompression scaling was enabled. This caused the components to be upsampled \ 
incompletely, which caused the color converter to read from uninitialized \ 
memory. With 12-bit data precision, this caused a buffer overrun or underrun and \ 
subsequent segfault if the sample value read from uninitialized memory was \ 
outside of the valid sample range.

Fixed a long-standing issue whereby the tj3Transform() function, when used with \ 
the TJXOP_TRANSPOSE, TJXOP_TRANSVERSE, TJXOP_ROT90, or TJXOP_ROT270 transform \ 
operation and without automatic JPEG destination buffer (re)allocation or \ 
lossless cropping, computed the worst-case transformed JPEG image size based on \ 
the source image dimensions rather than the transformed image dimensions. If a \ 
calling program allocated the JPEG destination buffer based on the transformed \ 
image dimensions, as the API documentation instructs, and attempted to transform \ 
a specially-crafted 4:2:2, 4:4:0, 4:1:1, or 4:4:1 JPEG source image containing a \ 
large amount of metadata, the issue caused tj3Transform() to overflow the JPEG \ 
destination buffer rather than fail gracefully. The issue could be worked around \ 
by setting TJXOPT_COPYNONE. Note that, irrespective of this issue, \ 
tj3Transform() cannot reliably transform JPEG source images that contain a large \ 
amount of metadata unless automatic JPEG destinati
on buffer (re)allocation is used or TJXOPT_COPYNONE is set.

Fixed a regression introduced by 3.0 beta2[6] that prevented the djpeg -map \ 
option from working when decompressing 12-bit-per-component lossy JPEG images.

Fixed an issue that caused the C Huffman encoder (which is not used by default \ 
on x86 and Arm CPUs) to read from uninitialized memory when attempting to \ 
transform a specially-crafted malformed arithmetic-coded JPEG source image into \ 
a baseline Huffman-coded JPEG destination image.

Log message:
Mass-change BUILD_DEPENDS to TOOL_DEPENDS outside mk/.

Almost all uses, if not all of them, are wrong, according to the
semantics of BUILD_DEPENDS (packages built for target available for
use _by_ tools at build-time) and TOOL_DEPEPNDS (packages built for
host available for use _as_ tools at build-time).

No change to BUILD_DEPENDS as used correctly inside buildlink3.

As proposed on tech-pkg:
https://mail-index.netbsd.org/tech-pkg/2023/06/03/msg027632.html

Log message:
*: convert to cmake/build.mk

Log message:
libjpeg-turbo: updated to 2.1.4

2.1.4

Significant changes relative to 2.1.3

Fixed a regression introduced in 2.1.3 that caused build failures with Visual \ 
Studio 2010.

The tjDecompressHeader3() function in the TurboJPEG C API and the \ 
TJDecompressor.setSourceImage() method in the TurboJPEG Java API now accept \ 
"abbreviated table specification" (AKA "tables-only") \ 
datastreams, which can be used to prime the decompressor with quantization and \ 
Huffman tables that can be used when decompressing subsequent "abbreviated \ 
image" datastreams.

libjpeg-turbo now performs run-time detection of AltiVec instructions on OS \ 
X/PowerPC systems if AltiVec instructions are not enabled at compile time. This \ 
allows both AltiVec-equipped (PowerPC G4 and G5) and non-AltiVec-equipped \ 
(PowerPC G3) CPUs to be supported using the same build of libjpeg-turbo.

Fixed an error ("Bogus virtual array access") that occurred when \ 
attempting to decompress a progressive JPEG image with a height less than or \ 
equal to one iMCU (8 * the vertical sampling factor) using buffered-image mode \ 
with interblock smoothing enabled. This was a regression introduced by 2.1 \ 
beta1[6(b)].

Fixed two issues that prevented partial image decompression from working \ 
properly with buffered-image mode:

Attempting to call jpeg_crop_scanline() after jpeg_start_decompress() but before \ 
jpeg_start_output() resulted in an error ("Improper call to JPEG library in \ 
state 207".)
Attempting to use jpeg_skip_scanlines() resulted in an error ("Bogus \ 
virtual array access") under certain circumstances.

Log message:
libjpeg-turbo: contains portions of IJG's code, so list that license

Log message:
libjpeg-turbo: updated to 2.1.3

Significant changes relative to 2.1.2

Fixed a regression introduced by 2.0 beta1[7] whereby cjpeg compressed PGM input \ 
files into full-color JPEG images unless the -grayscale option was used.

cjpeg now automatically compresses GIF and 8-bit BMP input files into grayscale \ 
JPEG images if the input files contain only shades of gray.

The build system now enables the intrinsics implementation of the AArch64 (Arm \ 
64-bit) Neon SIMD extensions by default when using GCC 12 or later.

Fixed a segfault that occurred while decompressing a 4:2:0 JPEG image using the \ 
merged (non-fancy) upsampling algorithms (that is, with \ 
cinfo.do_fancy_upsampling set to FALSE) along with jpeg_crop_scanline(). \ 
Specifically, the segfault occurred if the number of bytes remaining in the \ 
output buffer was less than the number of bytes required to represent one \ 
uncropped scanline of the output image. For that reason, the issue could only be \ 
reproduced using the libjpeg API, not using djpeg.