LinuxQuestions.org
Help answer threads with 0 replies.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Distributions > Slackware
User Name
Password
Slackware This Forum is for the discussion of Slackware Linux.

Notices


Reply
  Search this Thread
Old 11-25-2013, 07:43 AM   #16
GazL
LQ Veteran
 
Registered: May 2008
Posts: 7,100

Rep: Reputation: 5264Reputation: 5264Reputation: 5264Reputation: 5264Reputation: 5264Reputation: 5264Reputation: 5264Reputation: 5264Reputation: 5264Reputation: 5264Reputation: 5264

Code:
sed -i -e "/^docdir/ s_\$_/${PRGNAM}-${VERSION}_" \
       -e "/^exampledir/ s_\$_/${PRGNAM}-${VERSION}_" Makefile
In combination with --datadir=/usr sorted it out for me. (thanks to the BLFS book for the hint on that)

Note: I'm not using mancha's slackbuild so the variable names may need adjusting.


Also, be aware that aaa_elflibs contains both a libjpeg.so.8 and a libjpeg.so.62 (which doesn't appear to be included in any other packages on the system).


edit: ahh, sorry, nevermind, I see mancha has already fixed it.

libjpeg-turbo up and running here. Seems snappy, though I can't say I ever noticed the old one feeling slow.

Last edited by GazL; 11-25-2013 at 07:47 AM.
 
Old 11-25-2013, 12:09 PM   #17
number22
Member
 
Registered: Sep 2006
Location: Earth
Distribution: Slackware 14.1 Slackware64-current multilib
Posts: 278
Blog Entries: 7

Rep: Reputation: Disabled
speed: I was using original libjpeg.Slackbuild script to build libjpeg-turbo, it has same problem. fixed with your suggestion.
 
Old 12-08-2013, 11:50 AM   #18
mancha
Member
 
Registered: Aug 2012
Posts: 484

Original Poster
Rep: Reputation: Disabled
I finally got around to benchmarking libjpeg-turbo on an x86 system by measuring compression and decompression megapixels/second rates for grayscale and chroma subsampling 4:2:0, 4:2:2, and 4:4:4.
  • Compression
    libjpeg-turbo outperforms libjpeg-8a by 300%; ranging from 280% (grayscale) to 330% (chroma subsampling 4:2:0).

  • Decompression
    results are slightly less striking but impressive all the same. On average libjpeg-turbo outperforms libjpeg-8a by 225%; ranging from 160% (grayscale) to 280% (chroma subsampling 4:2:0).
Aside from performance, another reason to consider libjpeg-turbo for the next development cycle is its adoption by Google, Mozilla, and numerous Linux distributions. With more eyeballs scrutinizing code it is reasonable to expect bugs and vulnerabilities will get more quickly identified/resolved.

Can I take the lack of negative reports on this thread as a good sign?

--mancha

PS This thread morphed from my initial vulnerability/patch announcement into a discussion about libjpeg-turbo which I agree is far more interesting. However, if I can turn to post #1 for a second, I've not seen any security releases for libjpeg on Slackware 12.1 through 14.1. Is Pat not really tracking LQ these days?

Last edited by mancha; 12-08-2013 at 12:59 PM.
 
Old 12-08-2013, 02:04 PM   #19
cwizardone
LQ Veteran
 
Registered: Feb 2007
Distribution: Slackware64-current with KDE4Town.
Posts: 9,548

Rep: Reputation: 7841Reputation: 7841Reputation: 7841Reputation: 7841Reputation: 7841Reputation: 7841Reputation: 7841Reputation: 7841Reputation: 7841Reputation: 7841Reputation: 7841
Quote:
Originally Posted by mancha View Post
..PS This thread morphed from my initial vulnerability/patch announcement into a discussion about libjpeg-turbo which I agree is far more interesting. However, if I can turn to post #1 for a second, I've not seen any security releases for libjpeg on Slackware 12.1 through 14.1. Is Pat not really tracking LQ these days?
Thanks for bringing this up.
Mr. Volkerding may be on a well deserved vacation (I don't really know), but I was surprised when libjpeg wasn't included in the last batch of security upgrades.

Last edited by cwizardone; 12-08-2013 at 02:08 PM.
 
Old 12-08-2013, 02:31 PM   #20
GazL
LQ Veteran
 
Registered: May 2008
Posts: 7,100

Rep: Reputation: 5264Reputation: 5264Reputation: 5264Reputation: 5264Reputation: 5264Reputation: 5264Reputation: 5264Reputation: 5264Reputation: 5264Reputation: 5264Reputation: 5264
6629 is described as a "information exposure/read from uninitialised memory" issue. I've seen much worse than this left unpatched in the past as Pat tends to only patch things that are at real risk of exploitation and which could result in a compromise.

It's really no different than all the bugs that remain unpatched in the kernel due to Slackware's policy of not providing all the stable kernel updates in /patches. If one were being kind, one might describe Slackware's attitude to security weaknesses like this as "pragmatic". This is of course a little unsettling for those of us of the paranoid persuasion who like to dot all their i's, but given Slackware's limited resource pool I think it's understandable.

I expect this will remain unpatched unless someone can demonstrate a way to use this for arbitrary code execution or worse.


As for libjpeg-turbo. It's been behaving just fine here.
 
Old 12-11-2013, 03:02 PM   #21
GazL
LQ Veteran
 
Registered: May 2008
Posts: 7,100

Rep: Reputation: 5264Reputation: 5264Reputation: 5264Reputation: 5264Reputation: 5264Reputation: 5264Reputation: 5264Reputation: 5264Reputation: 5264Reputation: 5264Reputation: 5264
Looks like RHEL and clones just got around to patching 6629.
 
Old 12-11-2013, 03:45 PM   #22
mancha
Member
 
Registered: Aug 2012
Posts: 484

Original Poster
Rep: Reputation: Disabled
Quote:
Originally Posted by GazL View Post
Looks like RHEL and clones just got around to patching 6629.
Both Red Hat and Debian ended up taking the same approach I did (using Google/libjpeg-turbo's solution over Ghostscript/IJG's) for their IJG libjpeg-6b and libjpeg-8 fixes (CVE-2013-6629).

Also, the recent set of Mozilla releases (Firefox 26, Firefox ESR 24.2, Thunderbird 24.2, Seamonkey 2.23) includes a fix for the embedded libjpeg-turbo (CVE-2013-6629 & CVE-2013-6630).

--mancha
 
Old 12-11-2013, 06:13 PM   #23
irgunII
Member
 
Registered: Jan 2012
Location: Directly above the center of the earth
Distribution: Slackware. There's something else?
Posts: 383

Rep: Reputation: 72
So, how do we get our system to use libjpeg-turbo? Is it as simple as just uninstalling the regular libjpeg?
 
Old 12-12-2013, 03:54 AM   #24
franzen
Member
 
Registered: Nov 2012
Distribution: slackware
Posts: 544

Rep: Reputation: 386Reputation: 386Reputation: 386Reputation: 386
Quote:
Can I take the lack of negative reports on this thread as a good sign?
I'm using libjepg-turbo for some years now on x86 and x86_64 without problems. Nothing had to be recompiled, what i compiled against libjepg-turbo did work.

Franzen
 
  


Reply

Tags
jpeg, security, slackware


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
libjpeg.so.62 tesseract4d Linux - Newbie 1 09-13-2010 09:47 AM
libjpeg not found lord_cedrich Linux - General 3 10-31-2006 07:32 PM
libJpeg programming Shioni Programming 3 07-06-2006 01:55 PM
Linking libjpeg Shioni Programming 2 07-06-2006 12:05 AM
libjpeg nightmare!!!!!!!!!! Beauford-2 Slackware 3 06-20-2006 08:12 PM

LinuxQuestions.org > Forums > Linux Forums > Linux - Distributions > Slackware

All times are GMT -5. The time now is 02:53 PM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration