new file mode 100644

@@ -0,0 +1,33 @@

+diff --git a/turbojpeg.c b/turbojpeg.c

+index 90a9ce6a0..3f7cd6406 100644

+--- a/turbojpeg.c

+@@ -1,5 +1,5 @@

+ /*

+- * Copyright (C)2009-2018 D. R. Commander.  All Rights Reserved.

++ * Copyright (C)2009-2019 D. R. Commander.  All Rights Reserved.

+  *

+  * Redistribution and use in source and binary forms, with or without

+  * modification, are permitted provided that the following conditions are met:

+@@ -1960,7 +1960,8 @@ DLLEXPORT unsigned char *tjLoadImage(const char *filename, int *width,

+                                      int align, int *height, int *pixelFormat,

+                                      int flags)

+ {

+-  int retval = 0, tempc, pitch;

++  int retval = 0, tempc;

++  size_t pitch;

+   tjhandle handle = NULL;

+   tjinstance *this;

+   j_compress_ptr cinfo = NULL;

+@@ -2013,7 +2014,9 @@ DLLEXPORT unsigned char *tjLoadImage(const char *filename, int *width,

+   *pixelFormat = cs2pf[cinfo->in_color_space];

+ 

+   pitch = PAD((*width) * tjPixelSize[*pixelFormat], align);

+-  if ((dstBuf = (unsigned char *)malloc(pitch * (*height))) == NULL)

++  if ((unsigned long long)pitch * (unsigned long long)(*height) >

++      (unsigned long long)((size_t)-1) ||

++      (dstBuf = (unsigned char *)malloc(pitch * (*height))) == NULL)

+     _throwg("tjLoadImage(): Memory allocation failure");

+ 

+   if (setjmp(this->jerr.setjmp_buffer)) {

+

@@ -1,17 +1,17 @@

 Summary:        fork of the original IJG libjpeg which uses SIMD.

 Name:           libjpeg-turbo

-Version:        1.5.2

-Release:        2%{?dist}

+Version:        2.0.0

+Release:        1%{?dist}

 License:        IJG

 URL:            http://sourceforge.net/projects/libjpeg-turbo

 Group:          System Environment/Libraries

 Vendor:         VMware, Inc.

 Distribution:   Photon

 Source0:        http://downloads.sourceforge.net/libjpeg-turbo/%{name}-%{version}.tar.gz

-%define sha1    libjpeg-turbo=e788f6defa58b4393a5e1685c018f3b962971457

-Patch0:         libjpeg-turbo-CVE-2017-15232-1.patch

-Patch1:         libjpeg-turbo-CVE-2017-15232-2.patch

+%define sha1    libjpeg-turbo=6d74b609294b6bae5a7cde035f7d6b80d60ebb77

+Patch0:         libjpeg-turbo-CVE-2018-20330.patch

 BuildRequires:  nasm

+BuildRequires:  cmake

 Requires:       nasm

 %description

 libjpeg-turbo is a fork of the original IJG libjpeg which uses SIMD to accelerate baseline JPEG compression and decompression. libjpeg is a library that implements JPEG image encoding, decoding and transcoding.

@@ -20,21 +20,24 @@ libjpeg-turbo is a fork of the original IJG libjpeg which uses SIMD to accelerat

 Summary:        Header and development files

 Requires:       %{name} = %{version}-%{release}

 %description    devel

-It contains the libraries and header files to create applications 

+It contains the libraries and header files to create applications

 %prep

 %setup -q

 %patch0 -p1

-%patch1 -p1

+

 %build

-./configure \

-    --prefix=%{_prefix} \

-    --disable-static \

-    --mandir=/usr/share/man \

-    --with-jpeg8

+mkdir -p build

+cd build

+cmake \

+      -DCMAKE_INSTALL_PREFIX=%{_prefix} \

+      -DCMAKE_SKIP_RPATH:BOOL=YES \

+      -DCMAKE_SKIP_INSTALL_RPATH:BOOL=YES \

+      -DENABLE_STATIC:BOOL=NO ..

 make %{?_smp_mflags}

 %install

+cd build

 make DESTDIR=%{buildroot} install

 find %{buildroot} -name '*.la' -delete

@@ -47,16 +50,19 @@ find %{buildroot} -name '*.la' -delete

 %files

 %defattr(-,root,root)

 %{_bindir}/*

-%{_libdir}/*.so.*

+/usr/lib64/*.so*

 %{_datadir}/*

 %files devel

 %defattr(-,root,root)

 %{_includedir}/*

-%{_libdir}/*.so

-%{_libdir}/pkgconfig/*.pc

+#%{_libdir}/*.so

+#%{_libdir}/pkgconfig/*.pc

+/usr/lib64/pkgconfig/*.pc

 %changelog

+*   Tue Jan 22 2019 Sujay G <gsujay@vmware.com> 2.0.0-1

+-   Bump version to 2.0.0 and Fix CVE-2018-20330

 *   Mon Dec 11 2017 Xiaolin Li <xiaolinl@vmware.com> 1.5.2-2

 -   Fix CVE-2017-15232

 *   Wed Aug 09 2017 Dheeraj Shetty <dheerajs@vmware.com> 1.5.2-1