diff options
| author |   Lars Wendler <polynomial-c@gentoo.org> | 2018-06-21 15:40:08 +0200 |
|---|---|---|
| committer | Lars Wendler <polynomial-c@gentoo.org> | 2018-06-21 15:45:31 +0200 |
| commit | a6fd7dd5d9d605685ff7f62bebf6f56fd4dbb8b9 (patch) | |
| tree | 3ffddaade7fd8e9d3a0755b4147cd20d88b43522 /media-libs/libjpeg-turbo | |
| parent | sci-electronics/gazebo: bump to 9.1.1 (diff) | |
| download | gentoo-a6fd7dd5d9d605685ff7f62bebf6f56fd4dbb8b9.tar.gz gentoo-a6fd7dd5d9d605685ff7f62bebf6f56fd4dbb8b9.tar.bz2 gentoo-a6fd7dd5d9d605685ff7f62bebf6f56fd4dbb8b9.zip | |
media-libs/libjpeg-turbo: Revbump to fix division by zero.
Bug: https://bugs.gentoo.org/658624
Package-Manager: Portage-2.3.40, Repoman-2.3.9
Diffstat (limited to 'media-libs/libjpeg-turbo')
| -rw-r--r-- | media-libs/libjpeg-turbo/files/libjpeg-turbo-1.5.3-divzero_fix.patch | 18 | ||||
| -rw-r--r-- | media-libs/libjpeg-turbo/files/libjpeg-turbo-1.5.90-divzero_fix.patch | 41 | ||||
| -rw-r--r-- | media-libs/libjpeg-turbo/libjpeg-turbo-1.5.3-r1.ebuild | 120 | ||||
| -rw-r--r-- | media-libs/libjpeg-turbo/libjpeg-turbo-1.5.90-r1.ebuild (renamed from media-libs/libjpeg-turbo/libjpeg-turbo-1.5.90.ebuild) | 8 |
4 files changed, 185 insertions, 2 deletions
diff --git a/media-libs/libjpeg-turbo/files/libjpeg-turbo-1.5.3-divzero_fix.patch b/media-libs/libjpeg-turbo/files/libjpeg-turbo-1.5.3-divzero_fix.patch new file mode 100644 index 000000000000..c7e6d1056769 --- /dev/null +++ b/media-libs/libjpeg-turbo/files/libjpeg-turbo-1.5.3-divzero_fix.patch @@ -0,0 +1,18 @@ +Backported from +https://github.com/libjpeg-turbo/libjpeg-turbo/commit/43e84cff1bb2bd8293066f6ac4eb0df61ddddbc6 + +--- libjpeg-turbo-1.5.3/rdbmp.c ++++ libjpeg-turbo-1.5.3/rdbmp.c +@@ -434,6 +434,12 @@ + progress->total_extra_passes++; /* count file input as separate pass */ + } + ++ /* Ensure that biWidth * cinfo->input_components doesn't exceed the maximum ++ value of the JDIMENSION type. This is only a danger with BMP files, since ++ their width and height fields are 32-bit integers. */ ++ if ((unsigned long long)biWidth * ++ (unsigned long long)cinfo->input_components > 0xFFFFFFFFULL) ++ ERREXIT(cinfo, JERR_WIDTH_OVERFLOW); + /* Allocate one-row buffer for returned data */ + source->pub.buffer = (*cinfo->mem->alloc_sarray) + ((j_common_ptr) cinfo, JPOOL_IMAGE, diff --git a/media-libs/libjpeg-turbo/files/libjpeg-turbo-1.5.90-divzero_fix.patch b/media-libs/libjpeg-turbo/files/libjpeg-turbo-1.5.90-divzero_fix.patch new file mode 100644 index 000000000000..d505499a082d --- /dev/null +++ b/media-libs/libjpeg-turbo/files/libjpeg-turbo-1.5.90-divzero_fix.patch @@ -0,0 +1,41 @@ +From 43e84cff1bb2bd8293066f6ac4eb0df61ddddbc6 Mon Sep 17 00:00:00 2001 +From: DRC <information@libjpeg-turbo.org> +Date: Tue, 12 Jun 2018 20:27:00 -0500 +Subject: [PATCH] tjLoadImage(): Fix FPE triggered by malformed BMP + +In rdbmp.c, it is necessary to guard against 32-bit overflow/wraparound +when allocating the row buffer, because since BMP files have 32-bit +width and height fields, the value of biWidth can be up to 4294967295. +Specifically, if biWidth is 1073741824 and cinfo->input_components = 4, +then the samplesperrow argument in alloc_sarray() would wrap around to +0, and a division by zero error would occur at line 458 in jmemmgr.c. + +If biWidth is set to a higher value, then samplesperrow would wrap +around to a small number, which would likely cause a buffer overflow +(this has not been tested or verified.) +diff --git a/rdbmp.c b/rdbmp.c +index fcabbb13e..a02cfd909 100644 +--- a/rdbmp.c ++++ b/rdbmp.c +@@ -6,7 +6,7 @@ + * Modified 2009-2010 by Guido Vollbeding. + * libjpeg-turbo Modifications: + * Modified 2011 by Siarhei Siamashka. +- * Copyright (C) 2015, 2017, D. R. Commander. ++ * Copyright (C) 2015, 2017-2018, D. R. Commander. + * For conditions of distribution and use, see the accompanying README.ijg + * file. + * +@@ -623,6 +623,12 @@ start_input_bmp(j_compress_ptr cinfo, cjpeg_source_ptr sinfo) + } + } + ++ /* Ensure that biWidth * cinfo->input_components doesn't exceed the maximum ++ value of the JDIMENSION type. This is only a danger with BMP files, since ++ their width and height fields are 32-bit integers. */ ++ if ((unsigned long long)biWidth * ++ (unsigned long long)cinfo->input_components > 0xFFFFFFFFULL) ++ ERREXIT(cinfo, JERR_WIDTH_OVERFLOW); + /* Allocate one-row buffer for returned data */ + source->pub.buffer = (*cinfo->mem->alloc_sarray) + ((j_common_ptr)cinfo, JPOOL_IMAGE, diff --git a/media-libs/libjpeg-turbo/libjpeg-turbo-1.5.3-r1.ebuild b/media-libs/libjpeg-turbo/libjpeg-turbo-1.5.3-r1.ebuild new file mode 100644 index 000000000000..a18bcc5812bc --- /dev/null +++ b/media-libs/libjpeg-turbo/libjpeg-turbo-1.5.3-r1.ebuild @@ -0,0 +1,120 @@ +# Copyright 1999-2018 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 + +EAPI=6 + +inherit autotools libtool ltprune java-pkg-opt-2 libtool toolchain-funcs multilib-minimal + +DESCRIPTION="MMX, SSE, and SSE2 SIMD accelerated JPEG library" +HOMEPAGE="https://libjpeg-turbo.org/ https://sourceforge.net/projects/libjpeg-turbo/" +SRC_URI="mirror://sourceforge/${PN}/${P}.tar.gz + mirror://gentoo/libjpeg8_8d-2.debian.tar.gz" + +LICENSE="BSD IJG" +SLOT="0" +KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~s390 ~sh ~sparc ~x86 ~x64-cygwin ~amd64-fbsd ~x86-fbsd ~amd64-linux ~arm-linux ~x86-linux ~x64-macos ~x86-macos" +IUSE="java static-libs" + +ASM_DEPEND="|| ( dev-lang/nasm dev-lang/yasm )" +COMMON_DEPEND="!media-libs/jpeg:0 + !media-libs/jpeg:62" +RDEPEND="${COMMON_DEPEND} + java? ( >=virtual/jre-1.5 )" +DEPEND="${COMMON_DEPEND} + amd64? ( ${ASM_DEPEND} ) + x86? ( ${ASM_DEPEND} ) + amd64-fbsd? ( ${ASM_DEPEND} ) + x86-fbsd? ( ${ASM_DEPEND} ) + amd64-linux? ( ${ASM_DEPEND} ) + x86-linux? ( ${ASM_DEPEND} ) + x64-macos? ( ${ASM_DEPEND} ) + x64-cygwin? ( ${ASM_DEPEND} ) + java? ( >=virtual/jdk-1.5 )" + +MULTILIB_WRAPPED_HEADERS=( /usr/include/jconfig.h ) + +PATCHES=( + "${FILESDIR}"/${PN}-1.2.0-x32.patch #420239 + "${FILESDIR}"/${P}-divzero_fix.patch #658624 +) + +src_prepare() { + default + + eautoreconf + + java-pkg-opt-2_src_prepare +} + +multilib_src_configure() { + local myconf=() + if multilib_is_native_abi; then + myconf+=( $(use_with java) ) + if use java; then + export JAVACFLAGS="$(java-pkg_javac-args)" + export JNI_CFLAGS="$(java-pkg_get-jni-cflags)" + fi + else + myconf+=( --without-java ) + fi + [[ ${ABI} == "x32" ]] && myconf+=( --without-simd ) #420239 + + # Force /bin/bash until upstream generates a new version. #533902 + CONFIG_SHELL="${EPREFIX}"/bin/bash \ + ECONF_SOURCE=${S} \ + econf \ + $(use_enable static-libs static) \ + --with-mem-srcdst \ + "${myconf[@]}" +} + +multilib_src_compile() { + local _java_makeopts + use java && _java_makeopts="-j1" + emake ${_java_makeopts} + + if multilib_is_native_abi; then + pushd ../debian/extra >/dev/null + emake CC="$(tc-getCC)" CFLAGS="${LDFLAGS} ${CFLAGS}" + popd >/dev/null + fi +} + +multilib_src_test() { + emake test +} + +multilib_src_install() { + emake \ + DESTDIR="${D}" \ + docdir="${EPREFIX}"/usr/share/doc/${PF} \ + exampledir="${EPREFIX}"/usr/share/doc/${PF} \ + install + + if multilib_is_native_abi; then + pushd "${WORKDIR}"/debian/extra >/dev/null + emake \ + DESTDIR="${D}" prefix="${EPREFIX}"/usr \ + INSTALL="install -m755" INSTALLDIR="install -d -m755" \ + install + popd >/dev/null + + if use java; then + rm -rf "${ED}"/usr/classes + java-pkg_dojar java/turbojpeg.jar + fi + fi +} + +multilib_src_install_all() { + prune_libtool_files + + insinto /usr/share/doc/${PF}/html + doins -r "${S}"/doc/html/* + newdoc "${WORKDIR}"/debian/changelog changelog.debian + if use java; then + insinto /usr/share/doc/${PF}/html/java + doins -r "${S}"/java/doc/* + newdoc "${S}"/java/README README.java + fi +} diff --git a/media-libs/libjpeg-turbo/libjpeg-turbo-1.5.90.ebuild b/media-libs/libjpeg-turbo/libjpeg-turbo-1.5.90-r1.ebuild index f015b6b01161..0cc09fb72cba 100644 --- a/media-libs/libjpeg-turbo/libjpeg-turbo-1.5.90.ebuild +++ b/media-libs/libjpeg-turbo/libjpeg-turbo-1.5.90-r1.ebuild @@ -3,7 +3,7 @@ EAPI=6 -inherit cmake-multilib java-pkg-opt-2 libtool toolchain-funcs versionator +inherit cmake-multilib eapi7-ver java-pkg-opt-2 libtool toolchain-funcs DESCRIPTION="MMX, SSE, and SSE2 SIMD accelerated JPEG library" HOMEPAGE="https://libjpeg-turbo.org/ https://sourceforge.net/projects/libjpeg-turbo/" @@ -12,7 +12,7 @@ SRC_URI="mirror://sourceforge/${PN}/${P}.tar.gz LICENSE="BSD IJG" SLOT="0" -[[ "$(get_version_component_range 3)" -ge 90 ]] || \ +[[ "$(ver_cut 3)" -ge 90 ]] || \ KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~s390 ~sh ~sparc ~x86 ~x64-cygwin ~amd64-fbsd ~x86-fbsd ~amd64-linux ~arm-linux ~x86-linux ~x64-macos ~x86-macos" IUSE="java static-libs" @@ -34,6 +34,10 @@ DEPEND="${COMMON_DEPEND} MULTILIB_WRAPPED_HEADERS=( /usr/include/jconfig.h ) +PATCHES=( + "${FILESDIR}"/${P}-divzero_fix.patch #658624 +) + src_prepare() { default |