From fa9db14d563526827ef9fef13d19aaa406a5fc67 Mon Sep 17 00:00:00 2001
From: Yong Tang <yong.tang.github@outlook.com>
Date: Thu, 9 Apr 2020 18:35:32 +0000
Subject: [PATCH] Update libjpeg-turbo 2.0.0 => 2.0.4

This PR updates libjpeg-turbo from 2.0.0 (July 2018) to the latest 2.0.4 (Dec 2019),
as there are quite a few CVE related vulnerabilities
(https://cve.mitre.org/cgi-bin/cvekey.cgi?keyword=libjpeg) since then.

Signed-off-by: Yong Tang <yong.tang.github@outlook.com>
---
 third_party/jpeg/workspace.bzl | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/third_party/jpeg/workspace.bzl b/third_party/jpeg/workspace.bzl
index e2137ba949f..c458ff12ba8 100644
--- a/third_party/jpeg/workspace.bzl
+++ b/third_party/jpeg/workspace.bzl
@@ -6,11 +6,11 @@ def repo():
     third_party_http_archive(
         name = "libjpeg_turbo",
         urls = [
-            "https://storage.googleapis.com/mirror.tensorflow.org/github.com/libjpeg-turbo/libjpeg-turbo/archive/2.0.0.tar.gz",
-            "https://github.com/libjpeg-turbo/libjpeg-turbo/archive/2.0.0.tar.gz",
+            "https://storage.googleapis.com/mirror.tensorflow.org/github.com/libjpeg-turbo/libjpeg-turbo/archive/2.0.4.tar.gz",
+            "https://github.com/libjpeg-turbo/libjpeg-turbo/archive/2.0.4.tar.gz",
         ],
-        sha256 = "f892fff427ab3adffc289363eac26d197ce3ccacefe5f5822377348a8166069b",
-        strip_prefix = "libjpeg-turbo-2.0.0",
+        sha256 = "7777c3c19762940cff42b3ba4d7cd5c52d1671b39a79532050c85efb99079064",
+        strip_prefix = "libjpeg-turbo-2.0.4",
         build_file = "//third_party/jpeg:BUILD.bazel",
         system_build_file = "//third_party/jpeg:BUILD.system",
     )