commit: a6fd7dd5d9d605685ff7f62bebf6f56fd4dbb8b9 Author: Lars Wendler <polynomial-c <AT> gentoo <DOT> org> AuthorDate: Thu Jun 21 13:40:08 2018 +0000 Commit: Lars Wendler <polynomial-c <AT> gentoo <DOT> org> CommitDate: Thu Jun 21 13:45:31 2018 +0000 URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=a6fd7dd5
media-libs/libjpeg-turbo: Revbump to fix division by zero. Bug: https://bugs.gentoo.org/658624 Package-Manager: Portage-2.3.40, Repoman-2.3.9 .../files/libjpeg-turbo-1.5.3-divzero_fix.patch | 18 ++++++ .../files/libjpeg-turbo-1.5.90-divzero_fix.patch | 41 ++++++++++++ ...1.5.90.ebuild => libjpeg-turbo-1.5.3-r1.ebuild} | 73 ++++++++++++++-------- ....5.90.ebuild => libjpeg-turbo-1.5.90-r1.ebuild} | 8 ++- 4 files changed, 113 insertions(+), 27 deletions(-) diff --git a/media-libs/libjpeg-turbo/files/libjpeg-turbo-1.5.3-divzero_fix.patch b/media-libs/libjpeg-turbo/files/libjpeg-turbo-1.5.3-divzero_fix.patch new file mode 100644 index 00000000000..c7e6d105676 --- /dev/null +++ b/media-libs/libjpeg-turbo/files/libjpeg-turbo-1.5.3-divzero_fix.patch @@ -0,0 +1,18 @@ +Backported from +https://github.com/libjpeg-turbo/libjpeg-turbo/commit/43e84cff1bb2bd8293066f6ac4eb0df61ddddbc6 + +--- libjpeg-turbo-1.5.3/rdbmp.c ++++ libjpeg-turbo-1.5.3/rdbmp.c +@@ -434,6 +434,12 @@ + progress->total_extra_passes++; /* count file input as separate pass */ + } + ++ /* Ensure that biWidth * cinfo->input_components doesn't exceed the maximum ++ value of the JDIMENSION type. This is only a danger with BMP files, since ++ their width and height fields are 32-bit integers. */ ++ if ((unsigned long long)biWidth * ++ (unsigned long long)cinfo->input_components > 0xFFFFFFFFULL) ++ ERREXIT(cinfo, JERR_WIDTH_OVERFLOW); + /* Allocate one-row buffer for returned data */ + source->pub.buffer = (*cinfo->mem->alloc_sarray) + ((j_common_ptr) cinfo, JPOOL_IMAGE, diff --git a/media-libs/libjpeg-turbo/files/libjpeg-turbo-1.5.90-divzero_fix.patch b/media-libs/libjpeg-turbo/files/libjpeg-turbo-1.5.90-divzero_fix.patch new file mode 100644 index 00000000000..d505499a082 --- /dev/null +++ b/media-libs/libjpeg-turbo/files/libjpeg-turbo-1.5.90-divzero_fix.patch @@ -0,0 +1,41 @@ +From 43e84cff1bb2bd8293066f6ac4eb0df61ddddbc6 Mon Sep 17 00:00:00 2001 +From: DRC <informat...@libjpeg-turbo.org> +Date: Tue, 12 Jun 2018 20:27:00 -0500 +Subject: [PATCH] tjLoadImage(): Fix FPE triggered by malformed BMP + +In rdbmp.c, it is necessary to guard against 32-bit overflow/wraparound +when allocating the row buffer, because since BMP files have 32-bit +width and height fields, the value of biWidth can be up to 4294967295. +Specifically, if biWidth is 1073741824 and cinfo->input_components = 4, +then the samplesperrow argument in alloc_sarray() would wrap around to +0, and a division by zero error would occur at line 458 in jmemmgr.c. + +If biWidth is set to a higher value, then samplesperrow would wrap +around to a small number, which would likely cause a buffer overflow +(this has not been tested or verified.) +diff --git a/rdbmp.c b/rdbmp.c +index fcabbb13e..a02cfd909 100644 +--- a/rdbmp.c ++++ b/rdbmp.c +@@ -6,7 +6,7 @@ + * Modified 2009-2010 by Guido Vollbeding. + * libjpeg-turbo Modifications: + * Modified 2011 by Siarhei Siamashka. +- * Copyright (C) 2015, 2017, D. R. Commander. ++ * Copyright (C) 2015, 2017-2018, D. R. Commander. + * For conditions of distribution and use, see the accompanying README.ijg + * file. + * +@@ -623,6 +623,12 @@ start_input_bmp(j_compress_ptr cinfo, cjpeg_source_ptr sinfo) + } + } + ++ /* Ensure that biWidth * cinfo->input_components doesn't exceed the maximum ++ value of the JDIMENSION type. This is only a danger with BMP files, since ++ their width and height fields are 32-bit integers. */ ++ if ((unsigned long long)biWidth * ++ (unsigned long long)cinfo->input_components > 0xFFFFFFFFULL) ++ ERREXIT(cinfo, JERR_WIDTH_OVERFLOW); + /* Allocate one-row buffer for returned data */ + source->pub.buffer = (*cinfo->mem->alloc_sarray) + ((j_common_ptr)cinfo, JPOOL_IMAGE, diff --git a/media-libs/libjpeg-turbo/libjpeg-turbo-1.5.90.ebuild b/media-libs/libjpeg-turbo/libjpeg-turbo-1.5.3-r1.ebuild similarity index 59% copy from media-libs/libjpeg-turbo/libjpeg-turbo-1.5.90.ebuild copy to media-libs/libjpeg-turbo/libjpeg-turbo-1.5.3-r1.ebuild index f015b6b0116..a18bcc5812b 100644 --- a/media-libs/libjpeg-turbo/libjpeg-turbo-1.5.90.ebuild +++ b/media-libs/libjpeg-turbo/libjpeg-turbo-1.5.3-r1.ebuild @@ -3,7 +3,7 @@ EAPI=6 -inherit cmake-multilib java-pkg-opt-2 libtool toolchain-funcs versionator +inherit autotools libtool ltprune java-pkg-opt-2 libtool toolchain-funcs multilib-minimal DESCRIPTION="MMX, SSE, and SSE2 SIMD accelerated JPEG library" HOMEPAGE="https://libjpeg-turbo.org/ https://sourceforge.net/projects/libjpeg-turbo/"; @@ -12,7 +12,6 @@ SRC_URI="mirror://sourceforge/${PN}/${P}.tar.gz LICENSE="BSD IJG" SLOT="0" -[[ "$(get_version_component_range 3)" -ge 90 ]] || \ KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~s390 ~sh ~sparc ~x86 ~x64-cygwin ~amd64-fbsd ~x86-fbsd ~amd64-linux ~arm-linux ~x86-linux ~x64-macos ~x86-macos" IUSE="java static-libs" @@ -34,57 +33,81 @@ DEPEND="${COMMON_DEPEND} MULTILIB_WRAPPED_HEADERS=( /usr/include/jconfig.h ) +PATCHES=( + "${FILESDIR}"/${PN}-1.2.0-x32.patch #420239 + "${FILESDIR}"/${P}-divzero_fix.patch #658624 +) + src_prepare() { default + eautoreconf + java-pkg-opt-2_src_prepare } multilib_src_configure() { - if multilib_is_native_abi && use java ; then - export JAVACFLAGS="$(java-pkg_javac-args)" - export JNI_CFLAGS="$(java-pkg_get-jni-cflags)" + local myconf=() + if multilib_is_native_abi; then + myconf+=( $(use_with java) ) + if use java; then + export JAVACFLAGS="$(java-pkg_javac-args)" + export JNI_CFLAGS="$(java-pkg_get-jni-cflags)" + fi + else + myconf+=( --without-java ) fi - - local mycmakeargs=( - -DCMAKE_INSTALL_DEFAULT_DOCDIR="/usr/share/doc/${PF}" - -DENABLE_STATIC="$(usex static-libs)" - -DWITH_JAVA="$(multilib_native_usex java)" - -DWITH_MEM_SRCDST=ON - ) - [[ ${ABI} == "x32" ]] && mycmakeargs+=( -DREQUIRE_SIMD=OFF ) #420239 - cmake-utils_src_configure + [[ ${ABI} == "x32" ]] && myconf+=( --without-simd ) #420239 + + # Force /bin/bash until upstream generates a new version. #533902 + CONFIG_SHELL="${EPREFIX}"/bin/bash \ + ECONF_SOURCE=${S} \ + econf \ + $(use_enable static-libs static) \ + --with-mem-srcdst \ + "${myconf[@]}" } multilib_src_compile() { - cmake-utils_src_compile + local _java_makeopts + use java && _java_makeopts="-j1" + emake ${_java_makeopts} - if multilib_is_native_abi ; then - pushd "${WORKDIR}/debian/extra" &>/dev/null || die + if multilib_is_native_abi; then + pushd ../debian/extra >/dev/null emake CC="$(tc-getCC)" CFLAGS="${LDFLAGS} ${CFLAGS}" - popd &>/dev/null || die + popd >/dev/null fi } -multilib_src_install() { - cmake-utils_src_install +multilib_src_test() { + emake test +} - if multilib_is_native_abi ; then - pushd "${WORKDIR}/debian/extra" &>/dev/null || die +multilib_src_install() { + emake \ + DESTDIR="${D}" \ + docdir="${EPREFIX}"/usr/share/doc/${PF} \ + exampledir="${EPREFIX}"/usr/share/doc/${PF} \ + install + + if multilib_is_native_abi; then + pushd "${WORKDIR}"/debian/extra >/dev/null emake \ DESTDIR="${D}" prefix="${EPREFIX}"/usr \ INSTALL="install -m755" INSTALLDIR="install -d -m755" \ install + popd >/dev/null - if use java ; then - rm -rf "${ED%/}"/usr/classes + if use java; then + rm -rf "${ED}"/usr/classes java-pkg_dojar java/turbojpeg.jar fi fi } multilib_src_install_all() { - find "${ED}" -name '*.la' -delete || die + prune_libtool_files insinto /usr/share/doc/${PF}/html doins -r "${S}"/doc/html/* diff --git a/media-libs/libjpeg-turbo/libjpeg-turbo-1.5.90.ebuild b/media-libs/libjpeg-turbo/libjpeg-turbo-1.5.90-r1.ebuild similarity index 93% rename from media-libs/libjpeg-turbo/libjpeg-turbo-1.5.90.ebuild rename to media-libs/libjpeg-turbo/libjpeg-turbo-1.5.90-r1.ebuild index f015b6b0116..0cc09fb72cb 100644 --- a/media-libs/libjpeg-turbo/libjpeg-turbo-1.5.90.ebuild +++ b/media-libs/libjpeg-turbo/libjpeg-turbo-1.5.90-r1.ebuild @@ -3,7 +3,7 @@ EAPI=6 -inherit cmake-multilib java-pkg-opt-2 libtool toolchain-funcs versionator +inherit cmake-multilib eapi7-ver java-pkg-opt-2 libtool toolchain-funcs DESCRIPTION="MMX, SSE, and SSE2 SIMD accelerated JPEG library" HOMEPAGE="https://libjpeg-turbo.org/ https://sourceforge.net/projects/libjpeg-turbo/"; @@ -12,7 +12,7 @@ SRC_URI="mirror://sourceforge/${PN}/${P}.tar.gz LICENSE="BSD IJG" SLOT="0" -[[ "$(get_version_component_range 3)" -ge 90 ]] || \ +[[ "$(ver_cut 3)" -ge 90 ]] || \ KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~s390 ~sh ~sparc ~x86 ~x64-cygwin ~amd64-fbsd ~x86-fbsd ~amd64-linux ~arm-linux ~x86-linux ~x64-macos ~x86-macos" IUSE="java static-libs" @@ -34,6 +34,10 @@ DEPEND="${COMMON_DEPEND} MULTILIB_WRAPPED_HEADERS=( /usr/include/jconfig.h ) +PATCHES=( + "${FILESDIR}"/${P}-divzero_fix.patch #658624 +) + src_prepare() { default
