[gentoo-commits] repo/gentoo:master commit in: media-libs/libjpeg-turbo/files/, media-libs/libjpeg-turbo/
commit: 8110962edc520001b3d2059be69702a1ceccee9b
Author: Sam James (sam_c) cmpct info>
AuthorDate: Thu Jun 11 00:37:52 2020 +
Commit: Mike Gilbert gentoo org>
CommitDate: Sat Jun 13 16:30:39 2020 +
URL:https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=8110962e
media-libs/libjpeg-turbo: Patch CVE-2020-13790
Bug: https://bugs.gentoo.org/727010
Package-Manager: Portage-2.3.99, Repoman-2.3.22
Signed-off-by: Sam James (sam_c) cmpct.info>
Signed-off-by: Mike Gilbert gentoo.org>
Closes: https://github.com/gentoo/gentoo/pull/16184
.../files/libjpeg-turbo-1.5.3-CVE-2020-13790.patch | 43
.../files/libjpeg-turbo-2.0.4-CVE-2020-13790.patch | 34 ++
.../libjpeg-turbo/libjpeg-turbo-1.5.3-r3.ebuild| 122 +
.../libjpeg-turbo/libjpeg-turbo-2.0.4-r1.ebuild| 108 ++
4 files changed, 307 insertions(+)
diff --git
a/media-libs/libjpeg-turbo/files/libjpeg-turbo-1.5.3-CVE-2020-13790.patch
b/media-libs/libjpeg-turbo/files/libjpeg-turbo-1.5.3-CVE-2020-13790.patch
new file mode 100644
index 000..8a9fcbd7972
--- /dev/null
+++ b/media-libs/libjpeg-turbo/files/libjpeg-turbo-1.5.3-CVE-2020-13790.patch
@@ -0,0 +1,43 @@
+From 1bfb0b5247f4fc8f6677639781ce468543490216 Mon Sep 17 00:00:00 2001
+From: DRC
+Date: Tue, 2 Jun 2020 14:15:37 -0500
+Subject: [PATCH] rdppm.c: Fix buf overrun caused by bad binary PPM
+
+This extends the fix in 1e81b0c3ea26f4ea8f56de05367469333de64a9f to
+include binary PPM files with maximum values < 255, thus preventing a
+malformed binary PPM input file with those specifications from
+triggering an overrun of the rescale array and potentially crashing
+cjpeg, TJBench, or any program that uses the tjLoadImage() function.
+
+Fixes #433
+diff --git a/rdppm.c b/rdppm.c
+index c0c096218..899436eec 100644
+--- a/rdppm.c
b/rdppm.c
+@@ -5,7 +5,7 @@
+ * Copyright (C) 1991-1997, Thomas G. Lane.
+ * Modified 2009 by Bill Allombert, Guido Vollbeding.
+ * libjpeg-turbo Modifications:
+- * Copyright (C) 2015, 2016, D. R. Commander.
++ * Copyright (C) 2015, 2016, 2020, D. R. Commander.
+ * For conditions of distribution and use, see the accompanying README.ijg
+ * file.
+ *
+@@ -22,6 +22,7 @@
+ * the file is indeed PPM format).
+ */
+
++#define JPEG_INTERNALS
+ #include "cdjpeg.h" /* Common decls for cjpeg/djpeg applications
*/
+
+ #ifdef PPM_SUPPORTED
+@@ -425,7 +426,7 @@ start_input_ppm (j_compress_ptr cinfo, cjpeg_source_ptr
sinfo)
+ /* On 16-bit-int machines we have to be careful of maxval = 65535 */
+ source->rescale = (JSAMPLE *)
+ (*cinfo->mem->alloc_small) ((j_common_ptr) cinfo, JPOOL_IMAGE,
+- (size_t) (((long) maxval + 1L) *
++ (size_t) (((long) MAX(maxval, 255) + 1L) *
+ sizeof(JSAMPLE)));
+ half_maxval = maxval / 2;
+ for (val = 0; val <= (long) maxval; val++) {
+
diff --git
a/media-libs/libjpeg-turbo/files/libjpeg-turbo-2.0.4-CVE-2020-13790.patch
b/media-libs/libjpeg-turbo/files/libjpeg-turbo-2.0.4-CVE-2020-13790.patch
new file mode 100644
index 000..e88ac174684
--- /dev/null
+++ b/media-libs/libjpeg-turbo/files/libjpeg-turbo-2.0.4-CVE-2020-13790.patch
@@ -0,0 +1,34 @@
+From 3de15e0c344d11d4b90f4a47136467053eb2d09a Mon Sep 17 00:00:00 2001
+From: DRC
+Date: Tue, 2 Jun 2020 14:15:37 -0500
+Subject: [PATCH] rdppm.c: Fix buf overrun caused by bad binary PPM
+
+This extends the fix in 1e81b0c3ea26f4ea8f56de05367469333de64a9f to
+include binary PPM files with maximum values < 255, thus preventing a
+malformed binary PPM input file with those specifications from
+triggering an overrun of the rescale array and potentially crashing
+cjpeg, TJBench, or any program that uses the tjLoadImage() function.
+
+Fixes #433
+diff --git a/rdppm.c b/rdppm.c
+index 87bc33090..a8507b902 100644
+--- a/rdppm.c
b/rdppm.c
+@@ -5,7 +5,7 @@
+ * Copyright (C) 1991-1997, Thomas G. Lane.
+ * Modified 2009 by Bill Allombert, Guido Vollbeding.
+ * libjpeg-turbo Modifications:
+- * Copyright (C) 2015-2017, D. R. Commander.
++ * Copyright (C) 2015-2017, 2020, D. R. Commander.
+ * For conditions of distribution and use, see the accompanying README.ijg
+ * file.
+ *
+@@ -720,7 +720,7 @@ start_input_ppm(j_compress_ptr cinfo, cjpeg_source_ptr
sinfo)
+ /* On 16-bit-int machines we have to be careful of maxval = 65535 */
+ source->rescale = (JSAMPLE *)
+ (*cinfo->mem->alloc_small) ((j_common_ptr)cinfo, JPOOL_IMAGE,
+- (size_t)(((long)maxval + 1L) *
++ (size_t)(((long)MAX(maxval, 255) + 1L) *
+sizeof(JSAMPLE)));
+ half_maxval = maxval / 2;
+ for (val = 0; val <= (long)maxval; val++) {
diff --git a/media-libs/libjpeg-turbo/libjpeg-turbo-1.5.3-r3.ebuild
b/media-libs/libjpeg-turbo/libjpeg-turbo-1.5.3-r3.ebuild
new file mode 100644
index
[gentoo-commits] repo/gentoo:master commit in: media-libs/libjpeg-turbo/files/, media-libs/libjpeg-turbo/
commit: 5461f1137c410777343daf6c6f688ab8d5422116
Author: Sam James gentoo org>
AuthorDate: Tue Sep 21 19:25:20 2021 +
Commit: Sam James gentoo org>
CommitDate: Tue Sep 21 19:25:38 2021 +
URL:https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=5461f113
media-libs/libjpeg-turbo: add patch for arm64 writable sections
Bug: https://bugs.gentoo.org/814206
Signed-off-by: Sam James gentoo.org>
.../files/libjpeg-turbo-2.1.1-arm64-relro.patch | 20
...2.1.1-r1.ebuild => libjpeg-turbo-2.1.1-r2.ebuild} | 5 +
2 files changed, 25 insertions(+)
diff --git
a/media-libs/libjpeg-turbo/files/libjpeg-turbo-2.1.1-arm64-relro.patch
b/media-libs/libjpeg-turbo/files/libjpeg-turbo-2.1.1-arm64-relro.patch
new file mode 100644
index 000..7784ae513d1
--- /dev/null
+++ b/media-libs/libjpeg-turbo/files/libjpeg-turbo-2.1.1-arm64-relro.patch
@@ -0,0 +1,20 @@
+https://github.com/libjpeg-turbo/libjpeg-turbo/commit/129f0cb76346ceede8f4d8d87dea8acb0809056c
+
+From: DRC
+Date: Wed, 25 Aug 2021 12:07:58 -0500
+Subject: [PATCH] Neon/AArch64: Don't put GAS functions in .rodata
+
+Regression introduced by 240ba417aa4b3174850d05ea0d22dbe5f80553c1
+
+Closes #546
+--- a/simd/arm/aarch64/jsimd_neon.S
b/simd/arm/aarch64/jsimd_neon.S
+@@ -182,6 +182,8 @@ Ljsimd_huff_encode_one_block_neon_consts:
+ .byte4, 5, 6, 7, 255, 255, 255, 255, \
+255, 255, 255, 255, 255, 255, 255, 255 /* L7 : 1 line OK */
+
++.text
++
+
+
/*/
+
diff --git a/media-libs/libjpeg-turbo/libjpeg-turbo-2.1.1-r1.ebuild
b/media-libs/libjpeg-turbo/libjpeg-turbo-2.1.1-r2.ebuild
similarity index 97%
rename from media-libs/libjpeg-turbo/libjpeg-turbo-2.1.1-r1.ebuild
rename to media-libs/libjpeg-turbo/libjpeg-turbo-2.1.1-r2.ebuild
index 9fa04496082..f8495413e2e 100644
--- a/media-libs/libjpeg-turbo/libjpeg-turbo-2.1.1-r1.ebuild
+++ b/media-libs/libjpeg-turbo/libjpeg-turbo-2.1.1-r2.ebuild
@@ -41,6 +41,11 @@ RDEPEND="${COMMON_DEPEND}
MULTILIB_WRAPPED_HEADERS=( /usr/include/jconfig.h )
+PATCHES=(
+ # Upstream patch
+ "${FILESDIR}"/${P}-arm64-relro.patch
+)
+
src_prepare() {
local FILE
ln -snf ../debian/extra/*.c . || die
[gentoo-commits] repo/gentoo:master commit in: media-libs/libjpeg-turbo/files/, media-libs/libjpeg-turbo/
commit: bcd7c70dc22c55d74cfcfb75b3acc8c68120cca3
Author: Markus Meier gentoo org>
AuthorDate: Thu Feb 25 17:14:01 2016 +
Commit: Markus Meier gentoo org>
CommitDate: Thu Feb 25 17:14:01 2016 +
URL:https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=bcd7c70d
media-libs/libjpeg-turbo: remove old, bug #531418
Package-Manager: portage-2.2.27
media-libs/libjpeg-turbo/Manifest | 4 -
...ibjpeg-turbo-1.3.0-CVE-2013-6629-and-6630.patch | 38 ---
.../files/libjpeg-turbo-1.3.1-jstdhuff.patch | 301 -
.../files/libjpeg-turbo-1.3.1-overrun.patch| 21 --
.../libjpeg-turbo/libjpeg-turbo-1.3.0-r3.ebuild| 122 -
.../libjpeg-turbo/libjpeg-turbo-1.3.1-r1.ebuild| 118
.../libjpeg-turbo/libjpeg-turbo-1.3.1.ebuild | 121 -
.../libjpeg-turbo/libjpeg-turbo-1.4.1.ebuild | 117
8 files changed, 842 deletions(-)
diff --git a/media-libs/libjpeg-turbo/Manifest
b/media-libs/libjpeg-turbo/Manifest
index bd41654..c5ef8cc 100644
--- a/media-libs/libjpeg-turbo/Manifest
+++ b/media-libs/libjpeg-turbo/Manifest
@@ -1,6 +1,2 @@
-DIST libjpeg-turbo-1.3.0.tar.gz 1361603 SHA256
2657008cfc08aadbaca065bd9f8964b8a2c0abd03e73da5b5f09c1216be31234 SHA512
4d34c3c5f2cdd70b2a3d1b55eeb4ce59cb3d4b8d22bb6d43c2ec844b7eb5685b55a9b1b46ad2bc5f2756b5f5535ccad032791c3b932af9c1efc502aa5e701053
WHIRLPOOL
13c1366b9bef87cab42c88f75d1ff7eddb4ea745e0056154f1f3fb27deedee077d662395bada3bd5c18d6f8bf744d0b1f3d465967d33b453ea2acc327a6f166f
-DIST libjpeg-turbo-1.3.1.tar.gz 1390282 SHA256
c132907417ddc40ed552fe53d6b91d5fecbb14a356a60ddc7ea50d6be9666fb9 SHA512
6b02dc617e291b357230ef3e8cfcd27f9acc8c3e9f1c869ab0a08e9e13711b87156c6cd1aaa1a6406a873fc6732f44c8a7d94a5d6688d24b14ac63a96ee52081
WHIRLPOOL
f978b24d0a4e63a421822c2114c0cfc87cbc1dedd648ddc2e97e24ee19dc5584433b1da7d41a64f0ae37b50799a273165aaec6f1377ed35a7971dbe8a0b6a8d5
-DIST libjpeg-turbo-1.4.1.tar.gz 1529614 SHA256
4bf5bad4ce85625bffbbd9912211e06790e00fb982b77724af7211034efafb08 SHA512
81197fdac40c55cb9820b832c55dab9dd5aa19427a22feb6027510a4dc9c45aeea6a37203447600481f5162a0a2ca972324997cc89fc7e51b51808260df0598d
WHIRLPOOL
b1c2a225720216b602dfda04a3ecf52d2251ea775c44d2cd872e9c33f43f4275ca2fbfaccba8d493c12ece4023f0c4e0c3c029837bdaff577bc401ee46a14433
DIST libjpeg-turbo-1.4.2.tar.gz 1569306 SHA256
521bb5d3043e7ac063ce3026d9a59cc2ab2e9636c655a2515af5f4706122233e SHA512
9bd27c917c29125c425469eb0fdf99b802f25095f187fb416bd7c05e4af95a32404bbb0d06b77343d35d3461029500decf3481337b2eade9e57b58dea69719ee
WHIRLPOOL
4a6dfefee5d50b19474a5b0a8b2e3c06a403538985b9cf369a51d3cb2a9e2a0bbb6ac314e1e85d4432a44a8a381472c4e8be1286de909f3f47407692a583a01b
-DIST libjpeg8_8d-1.debian.tar.gz 13676 SHA256
70ec6689b0ad85739802cf3ebbdcc12ea01e21edd8f931c614b25b44cf199057 SHA512
7def4f13524f0af3b9adf35a370027a18f43b9a635f56a17d5bb7883370db8b18b8a12737d0f0cb4b0287ccf8fb474eb5f754de6b398ffe7d522c54e5bf68040
WHIRLPOOL
94526c31d401eb14c9bf0f7115e13a27886ad58863e25d6653eba2b2f5ef260ec272368d2b9d9934bd75b1e5b5f1afc97230e540248efc24d6e85e5680399d27
DIST libjpeg8_8d-2.debian.tar.gz 14764 SHA256
9b36468b2aba24d63d3c87625de89f31834ac429e6dec7d68d86a52b5110219c SHA512
8c5959fb7583a2d61e9442187f67b91b45e72d9dd30db3360d583a3b5d8e1a908db5659f760bdd455b3056e6ae3535b2fd3b847df3d58b140a1816b754003675
WHIRLPOOL
bda41c37f3f57733fcd86969126f6dbede2fbf633b0168265a7fe353fb7f3cd995a94e7987bac472957ec6fb0b2dc34d5dd646f0de79e06bc94e59d7cf440939
diff --git
a/media-libs/libjpeg-turbo/files/libjpeg-turbo-1.3.0-CVE-2013-6629-and-6630.patch
b/media-libs/libjpeg-turbo/files/libjpeg-turbo-1.3.0-CVE-2013-6629-and-6630.patch
deleted file mode 100644
index 46eefad..000
---
a/media-libs/libjpeg-turbo/files/libjpeg-turbo-1.3.0-CVE-2013-6629-and-6630.patch
+++ /dev/null
@@ -1,38 +0,0 @@
-http://bugzilla.redhat.com/show_bug.cgi?id=1031734
-http://bugzilla.redhat.com/show_bug.cgi?id=1031749
-http://sourceforge.net/p/libjpeg-turbo/code/1090/
-
jdmarker.c
-+++ jdmarker.c
-@@ -304,7 +304,7 @@
- /* Process a SOS marker */
- {
- INT32 length;
-- int i, ci, n, c, cc;
-+ int i, ci, n, c, cc, pi;
- jpeg_component_info * compptr;
- INPUT_VARS(cinfo);
-
-@@ -348,6 +348,13 @@
-
- TRACEMS3(cinfo, 1, JTRC_SOS_COMPONENT, cc,
-compptr->dc_tbl_no, compptr->ac_tbl_no);
-+
-+/* This CSi (cc) should differ from the previous CSi */
-+for (pi = 0; pi < i; pi++) {
-+ if (cinfo->cur_comp_info[pi] == compptr) {
-+ERREXIT1(cinfo, JERR_BAD_COMPONENT_ID, cc);
-+ }
-+}
- }
-
- /* Collect the additional scan parameters Ss, Se, Ah/Al. */
-@@ -465,6 +472,8 @@
- for (i = 0; i < count; i++)
- INPUT_BYTE(cinfo, huffval[i], return FALSE);
-
-+MEMZERO(&huffval[count], (256 - count) * SIZEOF(UINT8));
-+
- length -= count;
-
- if (index & 0x10) { /* AC table definition */
diff --git a/media-libs/libjpeg-turbo/files/libjpeg-turbo-1.3.1-jstdhuff.pa
[gentoo-commits] repo/gentoo:master commit in: media-libs/libjpeg-turbo/files/, media-libs/libjpeg-turbo/
commit: 0ba1f0cf1f00c16bd2efcf96fcba79f17dffc0ee
Author: Jason Zaman gentoo org>
AuthorDate: Thu Aug 16 11:01:30 2018 +
Commit: Jason Zaman gentoo org>
CommitDate: Thu Aug 16 11:02:03 2018 +
URL:https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=0ba1f0cf
media-libs/libjpeg-turbo-1.5.3-r2: Fix CVE-2018-11813
libjpeg 9c has a large loop because read_pixel in rdtarga.c mishandles EOF
https://nvd.nist.gov/vuln/detail/CVE-2018-11813
Bug: https://bugs.gentoo.org/658624
Package-Manager: Portage-2.3.40, Repoman-2.3.9
.../files/libjpeg-turbo-1.5.3-cve-2018-11813.patch | 45 ++
...5.3-r1.ebuild => libjpeg-turbo-1.5.3-r2.ebuild} | 1 +
2 files changed, 46 insertions(+)
diff --git
a/media-libs/libjpeg-turbo/files/libjpeg-turbo-1.5.3-cve-2018-11813.patch
b/media-libs/libjpeg-turbo/files/libjpeg-turbo-1.5.3-cve-2018-11813.patch
new file mode 100644
index 000..f99a1ab27f9
--- /dev/null
+++ b/media-libs/libjpeg-turbo/files/libjpeg-turbo-1.5.3-cve-2018-11813.patch
@@ -0,0 +1,45 @@
+From 909a8cfc7bca9b2e6707425bdb74da997e8fa499 Mon Sep 17 00:00:00 2001
+From: DRC
+Date: Tue, 12 Jun 2018 16:08:26 -0500
+Subject: [PATCH] Fix CVE-2018-11813
+
+Refer to change log for details.
+
+Fixes #242
+---
+ ChangeLog.md | 14 ++
+ rdtarga.c| 6 ++
+ 2 files changed, 16 insertions(+), 4 deletions(-)
+
+--- libjpeg-turbo-1.5.3/rdtarga.c
libjpeg-turbo-1.5.3/rdtarga.c
+@@ -125,11 +125,10 @@
+ read_non_rle_pixel (tga_source_ptr sinfo)
+ /* Read one Targa pixel from the input file; no RLE expansion */
+ {
+- register FILE *infile = sinfo->pub.input_file;
+ register int i;
+
+ for (i = 0; i < sinfo->pixel_size; i++) {
+-sinfo->tga_pixel[i] = (U_CHAR) getc(infile);
++sinfo->tga_pixel[i] = (U_CHAR) read_byte(sinfo);
+ }
+ }
+
+@@ -138,7 +137,6 @@
+ read_rle_pixel (tga_source_ptr sinfo)
+ /* Read one Targa pixel from the input file, expanding RLE data as needed */
+ {
+- register FILE *infile = sinfo->pub.input_file;
+ register int i;
+
+ /* Duplicate previously read pixel? */
+@@ -160,7 +158,7 @@
+
+ /* Read next pixel */
+ for (i = 0; i < sinfo->pixel_size; i++) {
+-sinfo->tga_pixel[i] = (U_CHAR) getc(infile);
++sinfo->tga_pixel[i] = (U_CHAR) read_byte(sinfo);
+ }
+ }
+
diff --git a/media-libs/libjpeg-turbo/libjpeg-turbo-1.5.3-r1.ebuild
b/media-libs/libjpeg-turbo/libjpeg-turbo-1.5.3-r2.ebuild
similarity index 98%
rename from media-libs/libjpeg-turbo/libjpeg-turbo-1.5.3-r1.ebuild
rename to media-libs/libjpeg-turbo/libjpeg-turbo-1.5.3-r2.ebuild
index a18bcc5812b..578f104e04f 100644
--- a/media-libs/libjpeg-turbo/libjpeg-turbo-1.5.3-r1.ebuild
+++ b/media-libs/libjpeg-turbo/libjpeg-turbo-1.5.3-r2.ebuild
@@ -36,6 +36,7 @@ MULTILIB_WRAPPED_HEADERS=( /usr/include/jconfig.h )
PATCHES=(
"${FILESDIR}"/${PN}-1.2.0-x32.patch #420239
"${FILESDIR}"/${P}-divzero_fix.patch #658624
+ "${FILESDIR}"/${P}-cve-2018-11813.patch
)
src_prepare() {
[gentoo-commits] repo/gentoo:master commit in: media-libs/libjpeg-turbo/files/, media-libs/libjpeg-turbo/
commit: bcd7c70dc22c55d74cfcfb75b3acc8c68120cca3
Author: Markus Meier gentoo org>
AuthorDate: Thu Feb 25 17:14:01 2016 +
Commit: Markus Meier gentoo org>
CommitDate: Thu Feb 25 17:14:01 2016 +
URL:https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=bcd7c70d
media-libs/libjpeg-turbo: remove old, bug #531418
Package-Manager: portage-2.2.27
media-libs/libjpeg-turbo/Manifest | 4 -
...ibjpeg-turbo-1.3.0-CVE-2013-6629-and-6630.patch | 38 ---
.../files/libjpeg-turbo-1.3.1-jstdhuff.patch | 301 -
.../files/libjpeg-turbo-1.3.1-overrun.patch| 21 --
.../libjpeg-turbo/libjpeg-turbo-1.3.0-r3.ebuild| 122 -
.../libjpeg-turbo/libjpeg-turbo-1.3.1-r1.ebuild| 118
.../libjpeg-turbo/libjpeg-turbo-1.3.1.ebuild | 121 -
.../libjpeg-turbo/libjpeg-turbo-1.4.1.ebuild | 117
8 files changed, 842 deletions(-)
diff --git a/media-libs/libjpeg-turbo/Manifest
b/media-libs/libjpeg-turbo/Manifest
index bd41654..c5ef8cc 100644
--- a/media-libs/libjpeg-turbo/Manifest
+++ b/media-libs/libjpeg-turbo/Manifest
@@ -1,6 +1,2 @@
-DIST libjpeg-turbo-1.3.0.tar.gz 1361603 SHA256
2657008cfc08aadbaca065bd9f8964b8a2c0abd03e73da5b5f09c1216be31234 SHA512
4d34c3c5f2cdd70b2a3d1b55eeb4ce59cb3d4b8d22bb6d43c2ec844b7eb5685b55a9b1b46ad2bc5f2756b5f5535ccad032791c3b932af9c1efc502aa5e701053
WHIRLPOOL
13c1366b9bef87cab42c88f75d1ff7eddb4ea745e0056154f1f3fb27deedee077d662395bada3bd5c18d6f8bf744d0b1f3d465967d33b453ea2acc327a6f166f
-DIST libjpeg-turbo-1.3.1.tar.gz 1390282 SHA256
c132907417ddc40ed552fe53d6b91d5fecbb14a356a60ddc7ea50d6be9666fb9 SHA512
6b02dc617e291b357230ef3e8cfcd27f9acc8c3e9f1c869ab0a08e9e13711b87156c6cd1aaa1a6406a873fc6732f44c8a7d94a5d6688d24b14ac63a96ee52081
WHIRLPOOL
f978b24d0a4e63a421822c2114c0cfc87cbc1dedd648ddc2e97e24ee19dc5584433b1da7d41a64f0ae37b50799a273165aaec6f1377ed35a7971dbe8a0b6a8d5
-DIST libjpeg-turbo-1.4.1.tar.gz 1529614 SHA256
4bf5bad4ce85625bffbbd9912211e06790e00fb982b77724af7211034efafb08 SHA512
81197fdac40c55cb9820b832c55dab9dd5aa19427a22feb6027510a4dc9c45aeea6a37203447600481f5162a0a2ca972324997cc89fc7e51b51808260df0598d
WHIRLPOOL
b1c2a225720216b602dfda04a3ecf52d2251ea775c44d2cd872e9c33f43f4275ca2fbfaccba8d493c12ece4023f0c4e0c3c029837bdaff577bc401ee46a14433
DIST libjpeg-turbo-1.4.2.tar.gz 1569306 SHA256
521bb5d3043e7ac063ce3026d9a59cc2ab2e9636c655a2515af5f4706122233e SHA512
9bd27c917c29125c425469eb0fdf99b802f25095f187fb416bd7c05e4af95a32404bbb0d06b77343d35d3461029500decf3481337b2eade9e57b58dea69719ee
WHIRLPOOL
4a6dfefee5d50b19474a5b0a8b2e3c06a403538985b9cf369a51d3cb2a9e2a0bbb6ac314e1e85d4432a44a8a381472c4e8be1286de909f3f47407692a583a01b
-DIST libjpeg8_8d-1.debian.tar.gz 13676 SHA256
70ec6689b0ad85739802cf3ebbdcc12ea01e21edd8f931c614b25b44cf199057 SHA512
7def4f13524f0af3b9adf35a370027a18f43b9a635f56a17d5bb7883370db8b18b8a12737d0f0cb4b0287ccf8fb474eb5f754de6b398ffe7d522c54e5bf68040
WHIRLPOOL
94526c31d401eb14c9bf0f7115e13a27886ad58863e25d6653eba2b2f5ef260ec272368d2b9d9934bd75b1e5b5f1afc97230e540248efc24d6e85e5680399d27
DIST libjpeg8_8d-2.debian.tar.gz 14764 SHA256
9b36468b2aba24d63d3c87625de89f31834ac429e6dec7d68d86a52b5110219c SHA512
8c5959fb7583a2d61e9442187f67b91b45e72d9dd30db3360d583a3b5d8e1a908db5659f760bdd455b3056e6ae3535b2fd3b847df3d58b140a1816b754003675
WHIRLPOOL
bda41c37f3f57733fcd86969126f6dbede2fbf633b0168265a7fe353fb7f3cd995a94e7987bac472957ec6fb0b2dc34d5dd646f0de79e06bc94e59d7cf440939
diff --git
a/media-libs/libjpeg-turbo/files/libjpeg-turbo-1.3.0-CVE-2013-6629-and-6630.patch
b/media-libs/libjpeg-turbo/files/libjpeg-turbo-1.3.0-CVE-2013-6629-and-6630.patch
deleted file mode 100644
index 46eefad..000
---
a/media-libs/libjpeg-turbo/files/libjpeg-turbo-1.3.0-CVE-2013-6629-and-6630.patch
+++ /dev/null
@@ -1,38 +0,0 @@
-http://bugzilla.redhat.com/show_bug.cgi?id=1031734
-http://bugzilla.redhat.com/show_bug.cgi?id=1031749
-http://sourceforge.net/p/libjpeg-turbo/code/1090/
-
jdmarker.c
-+++ jdmarker.c
-@@ -304,7 +304,7 @@
- /* Process a SOS marker */
- {
- INT32 length;
-- int i, ci, n, c, cc;
-+ int i, ci, n, c, cc, pi;
- jpeg_component_info * compptr;
- INPUT_VARS(cinfo);
-
-@@ -348,6 +348,13 @@
-
- TRACEMS3(cinfo, 1, JTRC_SOS_COMPONENT, cc,
-compptr->dc_tbl_no, compptr->ac_tbl_no);
-+
-+/* This CSi (cc) should differ from the previous CSi */
-+for (pi = 0; pi < i; pi++) {
-+ if (cinfo->cur_comp_info[pi] == compptr) {
-+ERREXIT1(cinfo, JERR_BAD_COMPONENT_ID, cc);
-+ }
-+}
- }
-
- /* Collect the additional scan parameters Ss, Se, Ah/Al. */
-@@ -465,6 +472,8 @@
- for (i = 0; i < count; i++)
- INPUT_BYTE(cinfo, huffval[i], return FALSE);
-
-+MEMZERO(&huffval[count], (256 - count) * SIZEOF(UINT8));
-+
- length -= count;
-
- if (index & 0x10) { /* AC table definition */
diff --git a/media-libs/libjpeg-turbo/files/libjpeg-turbo-1.3.1-jstdhuff.pa
[gentoo-commits] repo/gentoo:master commit in: media-libs/libjpeg-turbo/files/, media-libs/libjpeg-turbo/
commit: 0ba1f0cf1f00c16bd2efcf96fcba79f17dffc0ee
Author: Jason Zaman gentoo org>
AuthorDate: Thu Aug 16 11:01:30 2018 +
Commit: Jason Zaman gentoo org>
CommitDate: Thu Aug 16 11:02:03 2018 +
URL:https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=0ba1f0cf
media-libs/libjpeg-turbo-1.5.3-r2: Fix CVE-2018-11813
libjpeg 9c has a large loop because read_pixel in rdtarga.c mishandles EOF
https://nvd.nist.gov/vuln/detail/CVE-2018-11813
Bug: https://bugs.gentoo.org/658624
Package-Manager: Portage-2.3.40, Repoman-2.3.9
.../files/libjpeg-turbo-1.5.3-cve-2018-11813.patch | 45 ++
...5.3-r1.ebuild => libjpeg-turbo-1.5.3-r2.ebuild} | 1 +
2 files changed, 46 insertions(+)
diff --git
a/media-libs/libjpeg-turbo/files/libjpeg-turbo-1.5.3-cve-2018-11813.patch
b/media-libs/libjpeg-turbo/files/libjpeg-turbo-1.5.3-cve-2018-11813.patch
new file mode 100644
index 000..f99a1ab27f9
--- /dev/null
+++ b/media-libs/libjpeg-turbo/files/libjpeg-turbo-1.5.3-cve-2018-11813.patch
@@ -0,0 +1,45 @@
+From 909a8cfc7bca9b2e6707425bdb74da997e8fa499 Mon Sep 17 00:00:00 2001
+From: DRC
+Date: Tue, 12 Jun 2018 16:08:26 -0500
+Subject: [PATCH] Fix CVE-2018-11813
+
+Refer to change log for details.
+
+Fixes #242
+---
+ ChangeLog.md | 14 ++
+ rdtarga.c| 6 ++
+ 2 files changed, 16 insertions(+), 4 deletions(-)
+
+--- libjpeg-turbo-1.5.3/rdtarga.c
libjpeg-turbo-1.5.3/rdtarga.c
+@@ -125,11 +125,10 @@
+ read_non_rle_pixel (tga_source_ptr sinfo)
+ /* Read one Targa pixel from the input file; no RLE expansion */
+ {
+- register FILE *infile = sinfo->pub.input_file;
+ register int i;
+
+ for (i = 0; i < sinfo->pixel_size; i++) {
+-sinfo->tga_pixel[i] = (U_CHAR) getc(infile);
++sinfo->tga_pixel[i] = (U_CHAR) read_byte(sinfo);
+ }
+ }
+
+@@ -138,7 +137,6 @@
+ read_rle_pixel (tga_source_ptr sinfo)
+ /* Read one Targa pixel from the input file, expanding RLE data as needed */
+ {
+- register FILE *infile = sinfo->pub.input_file;
+ register int i;
+
+ /* Duplicate previously read pixel? */
+@@ -160,7 +158,7 @@
+
+ /* Read next pixel */
+ for (i = 0; i < sinfo->pixel_size; i++) {
+-sinfo->tga_pixel[i] = (U_CHAR) getc(infile);
++sinfo->tga_pixel[i] = (U_CHAR) read_byte(sinfo);
+ }
+ }
+
diff --git a/media-libs/libjpeg-turbo/libjpeg-turbo-1.5.3-r1.ebuild
b/media-libs/libjpeg-turbo/libjpeg-turbo-1.5.3-r2.ebuild
similarity index 98%
rename from media-libs/libjpeg-turbo/libjpeg-turbo-1.5.3-r1.ebuild
rename to media-libs/libjpeg-turbo/libjpeg-turbo-1.5.3-r2.ebuild
index a18bcc5812b..578f104e04f 100644
--- a/media-libs/libjpeg-turbo/libjpeg-turbo-1.5.3-r1.ebuild
+++ b/media-libs/libjpeg-turbo/libjpeg-turbo-1.5.3-r2.ebuild
@@ -36,6 +36,7 @@ MULTILIB_WRAPPED_HEADERS=( /usr/include/jconfig.h )
PATCHES=(
"${FILESDIR}"/${PN}-1.2.0-x32.patch #420239
"${FILESDIR}"/${P}-divzero_fix.patch #658624
+ "${FILESDIR}"/${P}-cve-2018-11813.patch
)
src_prepare() {
[gentoo-commits] repo/gentoo:master commit in: media-libs/libjpeg-turbo/files/, media-libs/libjpeg-turbo/
commit: bcd7c70dc22c55d74cfcfb75b3acc8c68120cca3
Author: Markus Meier gentoo org>
AuthorDate: Thu Feb 25 17:14:01 2016 +
Commit: Markus Meier gentoo org>
CommitDate: Thu Feb 25 17:14:01 2016 +
URL:https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=bcd7c70d
media-libs/libjpeg-turbo: remove old, bug #531418
Package-Manager: portage-2.2.27
media-libs/libjpeg-turbo/Manifest | 4 -
...ibjpeg-turbo-1.3.0-CVE-2013-6629-and-6630.patch | 38 ---
.../files/libjpeg-turbo-1.3.1-jstdhuff.patch | 301 -
.../files/libjpeg-turbo-1.3.1-overrun.patch| 21 --
.../libjpeg-turbo/libjpeg-turbo-1.3.0-r3.ebuild| 122 -
.../libjpeg-turbo/libjpeg-turbo-1.3.1-r1.ebuild| 118
.../libjpeg-turbo/libjpeg-turbo-1.3.1.ebuild | 121 -
.../libjpeg-turbo/libjpeg-turbo-1.4.1.ebuild | 117
8 files changed, 842 deletions(-)
diff --git a/media-libs/libjpeg-turbo/Manifest
b/media-libs/libjpeg-turbo/Manifest
index bd41654..c5ef8cc 100644
--- a/media-libs/libjpeg-turbo/Manifest
+++ b/media-libs/libjpeg-turbo/Manifest
@@ -1,6 +1,2 @@
-DIST libjpeg-turbo-1.3.0.tar.gz 1361603 SHA256
2657008cfc08aadbaca065bd9f8964b8a2c0abd03e73da5b5f09c1216be31234 SHA512
4d34c3c5f2cdd70b2a3d1b55eeb4ce59cb3d4b8d22bb6d43c2ec844b7eb5685b55a9b1b46ad2bc5f2756b5f5535ccad032791c3b932af9c1efc502aa5e701053
WHIRLPOOL
13c1366b9bef87cab42c88f75d1ff7eddb4ea745e0056154f1f3fb27deedee077d662395bada3bd5c18d6f8bf744d0b1f3d465967d33b453ea2acc327a6f166f
-DIST libjpeg-turbo-1.3.1.tar.gz 1390282 SHA256
c132907417ddc40ed552fe53d6b91d5fecbb14a356a60ddc7ea50d6be9666fb9 SHA512
6b02dc617e291b357230ef3e8cfcd27f9acc8c3e9f1c869ab0a08e9e13711b87156c6cd1aaa1a6406a873fc6732f44c8a7d94a5d6688d24b14ac63a96ee52081
WHIRLPOOL
f978b24d0a4e63a421822c2114c0cfc87cbc1dedd648ddc2e97e24ee19dc5584433b1da7d41a64f0ae37b50799a273165aaec6f1377ed35a7971dbe8a0b6a8d5
-DIST libjpeg-turbo-1.4.1.tar.gz 1529614 SHA256
4bf5bad4ce85625bffbbd9912211e06790e00fb982b77724af7211034efafb08 SHA512
81197fdac40c55cb9820b832c55dab9dd5aa19427a22feb6027510a4dc9c45aeea6a37203447600481f5162a0a2ca972324997cc89fc7e51b51808260df0598d
WHIRLPOOL
b1c2a225720216b602dfda04a3ecf52d2251ea775c44d2cd872e9c33f43f4275ca2fbfaccba8d493c12ece4023f0c4e0c3c029837bdaff577bc401ee46a14433
DIST libjpeg-turbo-1.4.2.tar.gz 1569306 SHA256
521bb5d3043e7ac063ce3026d9a59cc2ab2e9636c655a2515af5f4706122233e SHA512
9bd27c917c29125c425469eb0fdf99b802f25095f187fb416bd7c05e4af95a32404bbb0d06b77343d35d3461029500decf3481337b2eade9e57b58dea69719ee
WHIRLPOOL
4a6dfefee5d50b19474a5b0a8b2e3c06a403538985b9cf369a51d3cb2a9e2a0bbb6ac314e1e85d4432a44a8a381472c4e8be1286de909f3f47407692a583a01b
-DIST libjpeg8_8d-1.debian.tar.gz 13676 SHA256
70ec6689b0ad85739802cf3ebbdcc12ea01e21edd8f931c614b25b44cf199057 SHA512
7def4f13524f0af3b9adf35a370027a18f43b9a635f56a17d5bb7883370db8b18b8a12737d0f0cb4b0287ccf8fb474eb5f754de6b398ffe7d522c54e5bf68040
WHIRLPOOL
94526c31d401eb14c9bf0f7115e13a27886ad58863e25d6653eba2b2f5ef260ec272368d2b9d9934bd75b1e5b5f1afc97230e540248efc24d6e85e5680399d27
DIST libjpeg8_8d-2.debian.tar.gz 14764 SHA256
9b36468b2aba24d63d3c87625de89f31834ac429e6dec7d68d86a52b5110219c SHA512
8c5959fb7583a2d61e9442187f67b91b45e72d9dd30db3360d583a3b5d8e1a908db5659f760bdd455b3056e6ae3535b2fd3b847df3d58b140a1816b754003675
WHIRLPOOL
bda41c37f3f57733fcd86969126f6dbede2fbf633b0168265a7fe353fb7f3cd995a94e7987bac472957ec6fb0b2dc34d5dd646f0de79e06bc94e59d7cf440939
diff --git
a/media-libs/libjpeg-turbo/files/libjpeg-turbo-1.3.0-CVE-2013-6629-and-6630.patch
b/media-libs/libjpeg-turbo/files/libjpeg-turbo-1.3.0-CVE-2013-6629-and-6630.patch
deleted file mode 100644
index 46eefad..000
---
a/media-libs/libjpeg-turbo/files/libjpeg-turbo-1.3.0-CVE-2013-6629-and-6630.patch
+++ /dev/null
@@ -1,38 +0,0 @@
-http://bugzilla.redhat.com/show_bug.cgi?id=1031734
-http://bugzilla.redhat.com/show_bug.cgi?id=1031749
-http://sourceforge.net/p/libjpeg-turbo/code/1090/
-
jdmarker.c
-+++ jdmarker.c
-@@ -304,7 +304,7 @@
- /* Process a SOS marker */
- {
- INT32 length;
-- int i, ci, n, c, cc;
-+ int i, ci, n, c, cc, pi;
- jpeg_component_info * compptr;
- INPUT_VARS(cinfo);
-
-@@ -348,6 +348,13 @@
-
- TRACEMS3(cinfo, 1, JTRC_SOS_COMPONENT, cc,
-compptr->dc_tbl_no, compptr->ac_tbl_no);
-+
-+/* This CSi (cc) should differ from the previous CSi */
-+for (pi = 0; pi < i; pi++) {
-+ if (cinfo->cur_comp_info[pi] == compptr) {
-+ERREXIT1(cinfo, JERR_BAD_COMPONENT_ID, cc);
-+ }
-+}
- }
-
- /* Collect the additional scan parameters Ss, Se, Ah/Al. */
-@@ -465,6 +472,8 @@
- for (i = 0; i < count; i++)
- INPUT_BYTE(cinfo, huffval[i], return FALSE);
-
-+MEMZERO(&huffval[count], (256 - count) * SIZEOF(UINT8));
-+
- length -= count;
-
- if (index & 0x10) { /* AC table definition */
diff --git a/media-libs/libjpeg-turbo/files/libjpeg-turbo-1.3.1-jstdhuff.pa
[gentoo-commits] repo/gentoo:master commit in: media-libs/libjpeg-turbo/files/, media-libs/libjpeg-turbo/
commit: 0ba1f0cf1f00c16bd2efcf96fcba79f17dffc0ee
Author: Jason Zaman gentoo org>
AuthorDate: Thu Aug 16 11:01:30 2018 +
Commit: Jason Zaman gentoo org>
CommitDate: Thu Aug 16 11:02:03 2018 +
URL:https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=0ba1f0cf
media-libs/libjpeg-turbo-1.5.3-r2: Fix CVE-2018-11813
libjpeg 9c has a large loop because read_pixel in rdtarga.c mishandles EOF
https://nvd.nist.gov/vuln/detail/CVE-2018-11813
Bug: https://bugs.gentoo.org/658624
Package-Manager: Portage-2.3.40, Repoman-2.3.9
.../files/libjpeg-turbo-1.5.3-cve-2018-11813.patch | 45 ++
...5.3-r1.ebuild => libjpeg-turbo-1.5.3-r2.ebuild} | 1 +
2 files changed, 46 insertions(+)
diff --git
a/media-libs/libjpeg-turbo/files/libjpeg-turbo-1.5.3-cve-2018-11813.patch
b/media-libs/libjpeg-turbo/files/libjpeg-turbo-1.5.3-cve-2018-11813.patch
new file mode 100644
index 000..f99a1ab27f9
--- /dev/null
+++ b/media-libs/libjpeg-turbo/files/libjpeg-turbo-1.5.3-cve-2018-11813.patch
@@ -0,0 +1,45 @@
+From 909a8cfc7bca9b2e6707425bdb74da997e8fa499 Mon Sep 17 00:00:00 2001
+From: DRC
+Date: Tue, 12 Jun 2018 16:08:26 -0500
+Subject: [PATCH] Fix CVE-2018-11813
+
+Refer to change log for details.
+
+Fixes #242
+---
+ ChangeLog.md | 14 ++
+ rdtarga.c| 6 ++
+ 2 files changed, 16 insertions(+), 4 deletions(-)
+
+--- libjpeg-turbo-1.5.3/rdtarga.c
libjpeg-turbo-1.5.3/rdtarga.c
+@@ -125,11 +125,10 @@
+ read_non_rle_pixel (tga_source_ptr sinfo)
+ /* Read one Targa pixel from the input file; no RLE expansion */
+ {
+- register FILE *infile = sinfo->pub.input_file;
+ register int i;
+
+ for (i = 0; i < sinfo->pixel_size; i++) {
+-sinfo->tga_pixel[i] = (U_CHAR) getc(infile);
++sinfo->tga_pixel[i] = (U_CHAR) read_byte(sinfo);
+ }
+ }
+
+@@ -138,7 +137,6 @@
+ read_rle_pixel (tga_source_ptr sinfo)
+ /* Read one Targa pixel from the input file, expanding RLE data as needed */
+ {
+- register FILE *infile = sinfo->pub.input_file;
+ register int i;
+
+ /* Duplicate previously read pixel? */
+@@ -160,7 +158,7 @@
+
+ /* Read next pixel */
+ for (i = 0; i < sinfo->pixel_size; i++) {
+-sinfo->tga_pixel[i] = (U_CHAR) getc(infile);
++sinfo->tga_pixel[i] = (U_CHAR) read_byte(sinfo);
+ }
+ }
+
diff --git a/media-libs/libjpeg-turbo/libjpeg-turbo-1.5.3-r1.ebuild
b/media-libs/libjpeg-turbo/libjpeg-turbo-1.5.3-r2.ebuild
similarity index 98%
rename from media-libs/libjpeg-turbo/libjpeg-turbo-1.5.3-r1.ebuild
rename to media-libs/libjpeg-turbo/libjpeg-turbo-1.5.3-r2.ebuild
index a18bcc5812b..578f104e04f 100644
--- a/media-libs/libjpeg-turbo/libjpeg-turbo-1.5.3-r1.ebuild
+++ b/media-libs/libjpeg-turbo/libjpeg-turbo-1.5.3-r2.ebuild
@@ -36,6 +36,7 @@ MULTILIB_WRAPPED_HEADERS=( /usr/include/jconfig.h )
PATCHES=(
"${FILESDIR}"/${PN}-1.2.0-x32.patch #420239
"${FILESDIR}"/${P}-divzero_fix.patch #658624
+ "${FILESDIR}"/${P}-cve-2018-11813.patch
)
src_prepare() {
[gentoo-commits] repo/gentoo:master commit in: media-libs/libjpeg-turbo/files/, media-libs/libjpeg-turbo/
commit: 5461f1137c410777343daf6c6f688ab8d5422116
Author: Sam James gentoo org>
AuthorDate: Tue Sep 21 19:25:20 2021 +
Commit: Sam James gentoo org>
CommitDate: Tue Sep 21 19:25:38 2021 +
URL:https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=5461f113
media-libs/libjpeg-turbo: add patch for arm64 writable sections
Bug: https://bugs.gentoo.org/814206
Signed-off-by: Sam James gentoo.org>
.../files/libjpeg-turbo-2.1.1-arm64-relro.patch | 20
...2.1.1-r1.ebuild => libjpeg-turbo-2.1.1-r2.ebuild} | 5 +
2 files changed, 25 insertions(+)
diff --git
a/media-libs/libjpeg-turbo/files/libjpeg-turbo-2.1.1-arm64-relro.patch
b/media-libs/libjpeg-turbo/files/libjpeg-turbo-2.1.1-arm64-relro.patch
new file mode 100644
index 000..7784ae513d1
--- /dev/null
+++ b/media-libs/libjpeg-turbo/files/libjpeg-turbo-2.1.1-arm64-relro.patch
@@ -0,0 +1,20 @@
+https://github.com/libjpeg-turbo/libjpeg-turbo/commit/129f0cb76346ceede8f4d8d87dea8acb0809056c
+
+From: DRC
+Date: Wed, 25 Aug 2021 12:07:58 -0500
+Subject: [PATCH] Neon/AArch64: Don't put GAS functions in .rodata
+
+Regression introduced by 240ba417aa4b3174850d05ea0d22dbe5f80553c1
+
+Closes #546
+--- a/simd/arm/aarch64/jsimd_neon.S
b/simd/arm/aarch64/jsimd_neon.S
+@@ -182,6 +182,8 @@ Ljsimd_huff_encode_one_block_neon_consts:
+ .byte4, 5, 6, 7, 255, 255, 255, 255, \
+255, 255, 255, 255, 255, 255, 255, 255 /* L7 : 1 line OK */
+
++.text
++
+
+
/*/
+
diff --git a/media-libs/libjpeg-turbo/libjpeg-turbo-2.1.1-r1.ebuild
b/media-libs/libjpeg-turbo/libjpeg-turbo-2.1.1-r2.ebuild
similarity index 97%
rename from media-libs/libjpeg-turbo/libjpeg-turbo-2.1.1-r1.ebuild
rename to media-libs/libjpeg-turbo/libjpeg-turbo-2.1.1-r2.ebuild
index 9fa04496082..f8495413e2e 100644
--- a/media-libs/libjpeg-turbo/libjpeg-turbo-2.1.1-r1.ebuild
+++ b/media-libs/libjpeg-turbo/libjpeg-turbo-2.1.1-r2.ebuild
@@ -41,6 +41,11 @@ RDEPEND="${COMMON_DEPEND}
MULTILIB_WRAPPED_HEADERS=( /usr/include/jconfig.h )
+PATCHES=(
+ # Upstream patch
+ "${FILESDIR}"/${P}-arm64-relro.patch
+)
+
src_prepare() {
local FILE
ln -snf ../debian/extra/*.c . || die
[gentoo-commits] repo/gentoo:master commit in: media-libs/libjpeg-turbo/files/, media-libs/libjpeg-turbo/
commit: 5461f1137c410777343daf6c6f688ab8d5422116
Author: Sam James gentoo org>
AuthorDate: Tue Sep 21 19:25:20 2021 +
Commit: Sam James gentoo org>
CommitDate: Tue Sep 21 19:25:38 2021 +
URL:https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=5461f113
media-libs/libjpeg-turbo: add patch for arm64 writable sections
Bug: https://bugs.gentoo.org/814206
Signed-off-by: Sam James gentoo.org>
.../files/libjpeg-turbo-2.1.1-arm64-relro.patch | 20
...2.1.1-r1.ebuild => libjpeg-turbo-2.1.1-r2.ebuild} | 5 +
2 files changed, 25 insertions(+)
diff --git
a/media-libs/libjpeg-turbo/files/libjpeg-turbo-2.1.1-arm64-relro.patch
b/media-libs/libjpeg-turbo/files/libjpeg-turbo-2.1.1-arm64-relro.patch
new file mode 100644
index 000..7784ae513d1
--- /dev/null
+++ b/media-libs/libjpeg-turbo/files/libjpeg-turbo-2.1.1-arm64-relro.patch
@@ -0,0 +1,20 @@
+https://github.com/libjpeg-turbo/libjpeg-turbo/commit/129f0cb76346ceede8f4d8d87dea8acb0809056c
+
+From: DRC
+Date: Wed, 25 Aug 2021 12:07:58 -0500
+Subject: [PATCH] Neon/AArch64: Don't put GAS functions in .rodata
+
+Regression introduced by 240ba417aa4b3174850d05ea0d22dbe5f80553c1
+
+Closes #546
+--- a/simd/arm/aarch64/jsimd_neon.S
b/simd/arm/aarch64/jsimd_neon.S
+@@ -182,6 +182,8 @@ Ljsimd_huff_encode_one_block_neon_consts:
+ .byte4, 5, 6, 7, 255, 255, 255, 255, \
+255, 255, 255, 255, 255, 255, 255, 255 /* L7 : 1 line OK */
+
++.text
++
+
+
/*/
+
diff --git a/media-libs/libjpeg-turbo/libjpeg-turbo-2.1.1-r1.ebuild
b/media-libs/libjpeg-turbo/libjpeg-turbo-2.1.1-r2.ebuild
similarity index 97%
rename from media-libs/libjpeg-turbo/libjpeg-turbo-2.1.1-r1.ebuild
rename to media-libs/libjpeg-turbo/libjpeg-turbo-2.1.1-r2.ebuild
index 9fa04496082..f8495413e2e 100644
--- a/media-libs/libjpeg-turbo/libjpeg-turbo-2.1.1-r1.ebuild
+++ b/media-libs/libjpeg-turbo/libjpeg-turbo-2.1.1-r2.ebuild
@@ -41,6 +41,11 @@ RDEPEND="${COMMON_DEPEND}
MULTILIB_WRAPPED_HEADERS=( /usr/include/jconfig.h )
+PATCHES=(
+ # Upstream patch
+ "${FILESDIR}"/${P}-arm64-relro.patch
+)
+
src_prepare() {
local FILE
ln -snf ../debian/extra/*.c . || die
[gentoo-commits] repo/gentoo:master commit in: media-libs/libjpeg-turbo/files/, media-libs/libjpeg-turbo/
commit: 8110962edc520001b3d2059be69702a1ceccee9b
Author: Sam James (sam_c) cmpct info>
AuthorDate: Thu Jun 11 00:37:52 2020 +
Commit: Mike Gilbert gentoo org>
CommitDate: Sat Jun 13 16:30:39 2020 +
URL:https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=8110962e
media-libs/libjpeg-turbo: Patch CVE-2020-13790
Bug: https://bugs.gentoo.org/727010
Package-Manager: Portage-2.3.99, Repoman-2.3.22
Signed-off-by: Sam James (sam_c) cmpct.info>
Signed-off-by: Mike Gilbert gentoo.org>
Closes: https://github.com/gentoo/gentoo/pull/16184
.../files/libjpeg-turbo-1.5.3-CVE-2020-13790.patch | 43
.../files/libjpeg-turbo-2.0.4-CVE-2020-13790.patch | 34 ++
.../libjpeg-turbo/libjpeg-turbo-1.5.3-r3.ebuild| 122 +
.../libjpeg-turbo/libjpeg-turbo-2.0.4-r1.ebuild| 108 ++
4 files changed, 307 insertions(+)
diff --git
a/media-libs/libjpeg-turbo/files/libjpeg-turbo-1.5.3-CVE-2020-13790.patch
b/media-libs/libjpeg-turbo/files/libjpeg-turbo-1.5.3-CVE-2020-13790.patch
new file mode 100644
index 000..8a9fcbd7972
--- /dev/null
+++ b/media-libs/libjpeg-turbo/files/libjpeg-turbo-1.5.3-CVE-2020-13790.patch
@@ -0,0 +1,43 @@
+From 1bfb0b5247f4fc8f6677639781ce468543490216 Mon Sep 17 00:00:00 2001
+From: DRC
+Date: Tue, 2 Jun 2020 14:15:37 -0500
+Subject: [PATCH] rdppm.c: Fix buf overrun caused by bad binary PPM
+
+This extends the fix in 1e81b0c3ea26f4ea8f56de05367469333de64a9f to
+include binary PPM files with maximum values < 255, thus preventing a
+malformed binary PPM input file with those specifications from
+triggering an overrun of the rescale array and potentially crashing
+cjpeg, TJBench, or any program that uses the tjLoadImage() function.
+
+Fixes #433
+diff --git a/rdppm.c b/rdppm.c
+index c0c096218..899436eec 100644
+--- a/rdppm.c
b/rdppm.c
+@@ -5,7 +5,7 @@
+ * Copyright (C) 1991-1997, Thomas G. Lane.
+ * Modified 2009 by Bill Allombert, Guido Vollbeding.
+ * libjpeg-turbo Modifications:
+- * Copyright (C) 2015, 2016, D. R. Commander.
++ * Copyright (C) 2015, 2016, 2020, D. R. Commander.
+ * For conditions of distribution and use, see the accompanying README.ijg
+ * file.
+ *
+@@ -22,6 +22,7 @@
+ * the file is indeed PPM format).
+ */
+
++#define JPEG_INTERNALS
+ #include "cdjpeg.h" /* Common decls for cjpeg/djpeg applications
*/
+
+ #ifdef PPM_SUPPORTED
+@@ -425,7 +426,7 @@ start_input_ppm (j_compress_ptr cinfo, cjpeg_source_ptr
sinfo)
+ /* On 16-bit-int machines we have to be careful of maxval = 65535 */
+ source->rescale = (JSAMPLE *)
+ (*cinfo->mem->alloc_small) ((j_common_ptr) cinfo, JPOOL_IMAGE,
+- (size_t) (((long) maxval + 1L) *
++ (size_t) (((long) MAX(maxval, 255) + 1L) *
+ sizeof(JSAMPLE)));
+ half_maxval = maxval / 2;
+ for (val = 0; val <= (long) maxval; val++) {
+
diff --git
a/media-libs/libjpeg-turbo/files/libjpeg-turbo-2.0.4-CVE-2020-13790.patch
b/media-libs/libjpeg-turbo/files/libjpeg-turbo-2.0.4-CVE-2020-13790.patch
new file mode 100644
index 000..e88ac174684
--- /dev/null
+++ b/media-libs/libjpeg-turbo/files/libjpeg-turbo-2.0.4-CVE-2020-13790.patch
@@ -0,0 +1,34 @@
+From 3de15e0c344d11d4b90f4a47136467053eb2d09a Mon Sep 17 00:00:00 2001
+From: DRC
+Date: Tue, 2 Jun 2020 14:15:37 -0500
+Subject: [PATCH] rdppm.c: Fix buf overrun caused by bad binary PPM
+
+This extends the fix in 1e81b0c3ea26f4ea8f56de05367469333de64a9f to
+include binary PPM files with maximum values < 255, thus preventing a
+malformed binary PPM input file with those specifications from
+triggering an overrun of the rescale array and potentially crashing
+cjpeg, TJBench, or any program that uses the tjLoadImage() function.
+
+Fixes #433
+diff --git a/rdppm.c b/rdppm.c
+index 87bc33090..a8507b902 100644
+--- a/rdppm.c
b/rdppm.c
+@@ -5,7 +5,7 @@
+ * Copyright (C) 1991-1997, Thomas G. Lane.
+ * Modified 2009 by Bill Allombert, Guido Vollbeding.
+ * libjpeg-turbo Modifications:
+- * Copyright (C) 2015-2017, D. R. Commander.
++ * Copyright (C) 2015-2017, 2020, D. R. Commander.
+ * For conditions of distribution and use, see the accompanying README.ijg
+ * file.
+ *
+@@ -720,7 +720,7 @@ start_input_ppm(j_compress_ptr cinfo, cjpeg_source_ptr
sinfo)
+ /* On 16-bit-int machines we have to be careful of maxval = 65535 */
+ source->rescale = (JSAMPLE *)
+ (*cinfo->mem->alloc_small) ((j_common_ptr)cinfo, JPOOL_IMAGE,
+- (size_t)(((long)maxval + 1L) *
++ (size_t)(((long)MAX(maxval, 255) + 1L) *
+sizeof(JSAMPLE)));
+ half_maxval = maxval / 2;
+ for (val = 0; val <= (long)maxval; val++) {
diff --git a/media-libs/libjpeg-turbo/libjpeg-turbo-1.5.3-r3.ebuild
b/media-libs/libjpeg-turbo/libjpeg-turbo-1.5.3-r3.ebuild
new file mode 100644
index
[gentoo-commits] repo/gentoo:master commit in: media-libs/libjpeg-turbo/files/, media-libs/libjpeg-turbo/
commit: 8110962edc520001b3d2059be69702a1ceccee9b
Author: Sam James (sam_c) cmpct info>
AuthorDate: Thu Jun 11 00:37:52 2020 +
Commit: Mike Gilbert gentoo org>
CommitDate: Sat Jun 13 16:30:39 2020 +
URL:https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=8110962e
media-libs/libjpeg-turbo: Patch CVE-2020-13790
Bug: https://bugs.gentoo.org/727010
Package-Manager: Portage-2.3.99, Repoman-2.3.22
Signed-off-by: Sam James (sam_c) cmpct.info>
Signed-off-by: Mike Gilbert gentoo.org>
Closes: https://github.com/gentoo/gentoo/pull/16184
.../files/libjpeg-turbo-1.5.3-CVE-2020-13790.patch | 43
.../files/libjpeg-turbo-2.0.4-CVE-2020-13790.patch | 34 ++
.../libjpeg-turbo/libjpeg-turbo-1.5.3-r3.ebuild| 122 +
.../libjpeg-turbo/libjpeg-turbo-2.0.4-r1.ebuild| 108 ++
4 files changed, 307 insertions(+)
diff --git
a/media-libs/libjpeg-turbo/files/libjpeg-turbo-1.5.3-CVE-2020-13790.patch
b/media-libs/libjpeg-turbo/files/libjpeg-turbo-1.5.3-CVE-2020-13790.patch
new file mode 100644
index 000..8a9fcbd7972
--- /dev/null
+++ b/media-libs/libjpeg-turbo/files/libjpeg-turbo-1.5.3-CVE-2020-13790.patch
@@ -0,0 +1,43 @@
+From 1bfb0b5247f4fc8f6677639781ce468543490216 Mon Sep 17 00:00:00 2001
+From: DRC
+Date: Tue, 2 Jun 2020 14:15:37 -0500
+Subject: [PATCH] rdppm.c: Fix buf overrun caused by bad binary PPM
+
+This extends the fix in 1e81b0c3ea26f4ea8f56de05367469333de64a9f to
+include binary PPM files with maximum values < 255, thus preventing a
+malformed binary PPM input file with those specifications from
+triggering an overrun of the rescale array and potentially crashing
+cjpeg, TJBench, or any program that uses the tjLoadImage() function.
+
+Fixes #433
+diff --git a/rdppm.c b/rdppm.c
+index c0c096218..899436eec 100644
+--- a/rdppm.c
b/rdppm.c
+@@ -5,7 +5,7 @@
+ * Copyright (C) 1991-1997, Thomas G. Lane.
+ * Modified 2009 by Bill Allombert, Guido Vollbeding.
+ * libjpeg-turbo Modifications:
+- * Copyright (C) 2015, 2016, D. R. Commander.
++ * Copyright (C) 2015, 2016, 2020, D. R. Commander.
+ * For conditions of distribution and use, see the accompanying README.ijg
+ * file.
+ *
+@@ -22,6 +22,7 @@
+ * the file is indeed PPM format).
+ */
+
++#define JPEG_INTERNALS
+ #include "cdjpeg.h" /* Common decls for cjpeg/djpeg applications
*/
+
+ #ifdef PPM_SUPPORTED
+@@ -425,7 +426,7 @@ start_input_ppm (j_compress_ptr cinfo, cjpeg_source_ptr
sinfo)
+ /* On 16-bit-int machines we have to be careful of maxval = 65535 */
+ source->rescale = (JSAMPLE *)
+ (*cinfo->mem->alloc_small) ((j_common_ptr) cinfo, JPOOL_IMAGE,
+- (size_t) (((long) maxval + 1L) *
++ (size_t) (((long) MAX(maxval, 255) + 1L) *
+ sizeof(JSAMPLE)));
+ half_maxval = maxval / 2;
+ for (val = 0; val <= (long) maxval; val++) {
+
diff --git
a/media-libs/libjpeg-turbo/files/libjpeg-turbo-2.0.4-CVE-2020-13790.patch
b/media-libs/libjpeg-turbo/files/libjpeg-turbo-2.0.4-CVE-2020-13790.patch
new file mode 100644
index 000..e88ac174684
--- /dev/null
+++ b/media-libs/libjpeg-turbo/files/libjpeg-turbo-2.0.4-CVE-2020-13790.patch
@@ -0,0 +1,34 @@
+From 3de15e0c344d11d4b90f4a47136467053eb2d09a Mon Sep 17 00:00:00 2001
+From: DRC
+Date: Tue, 2 Jun 2020 14:15:37 -0500
+Subject: [PATCH] rdppm.c: Fix buf overrun caused by bad binary PPM
+
+This extends the fix in 1e81b0c3ea26f4ea8f56de05367469333de64a9f to
+include binary PPM files with maximum values < 255, thus preventing a
+malformed binary PPM input file with those specifications from
+triggering an overrun of the rescale array and potentially crashing
+cjpeg, TJBench, or any program that uses the tjLoadImage() function.
+
+Fixes #433
+diff --git a/rdppm.c b/rdppm.c
+index 87bc33090..a8507b902 100644
+--- a/rdppm.c
b/rdppm.c
+@@ -5,7 +5,7 @@
+ * Copyright (C) 1991-1997, Thomas G. Lane.
+ * Modified 2009 by Bill Allombert, Guido Vollbeding.
+ * libjpeg-turbo Modifications:
+- * Copyright (C) 2015-2017, D. R. Commander.
++ * Copyright (C) 2015-2017, 2020, D. R. Commander.
+ * For conditions of distribution and use, see the accompanying README.ijg
+ * file.
+ *
+@@ -720,7 +720,7 @@ start_input_ppm(j_compress_ptr cinfo, cjpeg_source_ptr
sinfo)
+ /* On 16-bit-int machines we have to be careful of maxval = 65535 */
+ source->rescale = (JSAMPLE *)
+ (*cinfo->mem->alloc_small) ((j_common_ptr)cinfo, JPOOL_IMAGE,
+- (size_t)(((long)maxval + 1L) *
++ (size_t)(((long)MAX(maxval, 255) + 1L) *
+sizeof(JSAMPLE)));
+ half_maxval = maxval / 2;
+ for (val = 0; val <= (long)maxval; val++) {
diff --git a/media-libs/libjpeg-turbo/libjpeg-turbo-1.5.3-r3.ebuild
b/media-libs/libjpeg-turbo/libjpeg-turbo-1.5.3-r3.ebuild
new file mode 100644
index
[gentoo-commits] repo/gentoo:master commit in: media-libs/libjpeg-turbo/files/, media-libs/libjpeg-turbo/
commit: 5461f1137c410777343daf6c6f688ab8d5422116
Author: Sam James gentoo org>
AuthorDate: Tue Sep 21 19:25:20 2021 +
Commit: Sam James gentoo org>
CommitDate: Tue Sep 21 19:25:38 2021 +
URL:https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=5461f113
media-libs/libjpeg-turbo: add patch for arm64 writable sections
Bug: https://bugs.gentoo.org/814206
Signed-off-by: Sam James gentoo.org>
.../files/libjpeg-turbo-2.1.1-arm64-relro.patch | 20
...2.1.1-r1.ebuild => libjpeg-turbo-2.1.1-r2.ebuild} | 5 +
2 files changed, 25 insertions(+)
diff --git
a/media-libs/libjpeg-turbo/files/libjpeg-turbo-2.1.1-arm64-relro.patch
b/media-libs/libjpeg-turbo/files/libjpeg-turbo-2.1.1-arm64-relro.patch
new file mode 100644
index 000..7784ae513d1
--- /dev/null
+++ b/media-libs/libjpeg-turbo/files/libjpeg-turbo-2.1.1-arm64-relro.patch
@@ -0,0 +1,20 @@
+https://github.com/libjpeg-turbo/libjpeg-turbo/commit/129f0cb76346ceede8f4d8d87dea8acb0809056c
+
+From: DRC
+Date: Wed, 25 Aug 2021 12:07:58 -0500
+Subject: [PATCH] Neon/AArch64: Don't put GAS functions in .rodata
+
+Regression introduced by 240ba417aa4b3174850d05ea0d22dbe5f80553c1
+
+Closes #546
+--- a/simd/arm/aarch64/jsimd_neon.S
b/simd/arm/aarch64/jsimd_neon.S
+@@ -182,6 +182,8 @@ Ljsimd_huff_encode_one_block_neon_consts:
+ .byte4, 5, 6, 7, 255, 255, 255, 255, \
+255, 255, 255, 255, 255, 255, 255, 255 /* L7 : 1 line OK */
+
++.text
++
+
+
/*/
+
diff --git a/media-libs/libjpeg-turbo/libjpeg-turbo-2.1.1-r1.ebuild
b/media-libs/libjpeg-turbo/libjpeg-turbo-2.1.1-r2.ebuild
similarity index 97%
rename from media-libs/libjpeg-turbo/libjpeg-turbo-2.1.1-r1.ebuild
rename to media-libs/libjpeg-turbo/libjpeg-turbo-2.1.1-r2.ebuild
index 9fa04496082..f8495413e2e 100644
--- a/media-libs/libjpeg-turbo/libjpeg-turbo-2.1.1-r1.ebuild
+++ b/media-libs/libjpeg-turbo/libjpeg-turbo-2.1.1-r2.ebuild
@@ -41,6 +41,11 @@ RDEPEND="${COMMON_DEPEND}
MULTILIB_WRAPPED_HEADERS=( /usr/include/jconfig.h )
+PATCHES=(
+ # Upstream patch
+ "${FILESDIR}"/${P}-arm64-relro.patch
+)
+
src_prepare() {
local FILE
ln -snf ../debian/extra/*.c . || die
[gentoo-commits] repo/gentoo:master commit in: media-libs/libjpeg-turbo/files/, media-libs/libjpeg-turbo/
commit: 8110962edc520001b3d2059be69702a1ceccee9b
Author: Sam James (sam_c) cmpct info>
AuthorDate: Thu Jun 11 00:37:52 2020 +
Commit: Mike Gilbert gentoo org>
CommitDate: Sat Jun 13 16:30:39 2020 +
URL:https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=8110962e
media-libs/libjpeg-turbo: Patch CVE-2020-13790
Bug: https://bugs.gentoo.org/727010
Package-Manager: Portage-2.3.99, Repoman-2.3.22
Signed-off-by: Sam James (sam_c) cmpct.info>
Signed-off-by: Mike Gilbert gentoo.org>
Closes: https://github.com/gentoo/gentoo/pull/16184
.../files/libjpeg-turbo-1.5.3-CVE-2020-13790.patch | 43
.../files/libjpeg-turbo-2.0.4-CVE-2020-13790.patch | 34 ++
.../libjpeg-turbo/libjpeg-turbo-1.5.3-r3.ebuild| 122 +
.../libjpeg-turbo/libjpeg-turbo-2.0.4-r1.ebuild| 108 ++
4 files changed, 307 insertions(+)
diff --git
a/media-libs/libjpeg-turbo/files/libjpeg-turbo-1.5.3-CVE-2020-13790.patch
b/media-libs/libjpeg-turbo/files/libjpeg-turbo-1.5.3-CVE-2020-13790.patch
new file mode 100644
index 000..8a9fcbd7972
--- /dev/null
+++ b/media-libs/libjpeg-turbo/files/libjpeg-turbo-1.5.3-CVE-2020-13790.patch
@@ -0,0 +1,43 @@
+From 1bfb0b5247f4fc8f6677639781ce468543490216 Mon Sep 17 00:00:00 2001
+From: DRC
+Date: Tue, 2 Jun 2020 14:15:37 -0500
+Subject: [PATCH] rdppm.c: Fix buf overrun caused by bad binary PPM
+
+This extends the fix in 1e81b0c3ea26f4ea8f56de05367469333de64a9f to
+include binary PPM files with maximum values < 255, thus preventing a
+malformed binary PPM input file with those specifications from
+triggering an overrun of the rescale array and potentially crashing
+cjpeg, TJBench, or any program that uses the tjLoadImage() function.
+
+Fixes #433
+diff --git a/rdppm.c b/rdppm.c
+index c0c096218..899436eec 100644
+--- a/rdppm.c
b/rdppm.c
+@@ -5,7 +5,7 @@
+ * Copyright (C) 1991-1997, Thomas G. Lane.
+ * Modified 2009 by Bill Allombert, Guido Vollbeding.
+ * libjpeg-turbo Modifications:
+- * Copyright (C) 2015, 2016, D. R. Commander.
++ * Copyright (C) 2015, 2016, 2020, D. R. Commander.
+ * For conditions of distribution and use, see the accompanying README.ijg
+ * file.
+ *
+@@ -22,6 +22,7 @@
+ * the file is indeed PPM format).
+ */
+
++#define JPEG_INTERNALS
+ #include "cdjpeg.h" /* Common decls for cjpeg/djpeg applications
*/
+
+ #ifdef PPM_SUPPORTED
+@@ -425,7 +426,7 @@ start_input_ppm (j_compress_ptr cinfo, cjpeg_source_ptr
sinfo)
+ /* On 16-bit-int machines we have to be careful of maxval = 65535 */
+ source->rescale = (JSAMPLE *)
+ (*cinfo->mem->alloc_small) ((j_common_ptr) cinfo, JPOOL_IMAGE,
+- (size_t) (((long) maxval + 1L) *
++ (size_t) (((long) MAX(maxval, 255) + 1L) *
+ sizeof(JSAMPLE)));
+ half_maxval = maxval / 2;
+ for (val = 0; val <= (long) maxval; val++) {
+
diff --git
a/media-libs/libjpeg-turbo/files/libjpeg-turbo-2.0.4-CVE-2020-13790.patch
b/media-libs/libjpeg-turbo/files/libjpeg-turbo-2.0.4-CVE-2020-13790.patch
new file mode 100644
index 000..e88ac174684
--- /dev/null
+++ b/media-libs/libjpeg-turbo/files/libjpeg-turbo-2.0.4-CVE-2020-13790.patch
@@ -0,0 +1,34 @@
+From 3de15e0c344d11d4b90f4a47136467053eb2d09a Mon Sep 17 00:00:00 2001
+From: DRC
+Date: Tue, 2 Jun 2020 14:15:37 -0500
+Subject: [PATCH] rdppm.c: Fix buf overrun caused by bad binary PPM
+
+This extends the fix in 1e81b0c3ea26f4ea8f56de05367469333de64a9f to
+include binary PPM files with maximum values < 255, thus preventing a
+malformed binary PPM input file with those specifications from
+triggering an overrun of the rescale array and potentially crashing
+cjpeg, TJBench, or any program that uses the tjLoadImage() function.
+
+Fixes #433
+diff --git a/rdppm.c b/rdppm.c
+index 87bc33090..a8507b902 100644
+--- a/rdppm.c
b/rdppm.c
+@@ -5,7 +5,7 @@
+ * Copyright (C) 1991-1997, Thomas G. Lane.
+ * Modified 2009 by Bill Allombert, Guido Vollbeding.
+ * libjpeg-turbo Modifications:
+- * Copyright (C) 2015-2017, D. R. Commander.
++ * Copyright (C) 2015-2017, 2020, D. R. Commander.
+ * For conditions of distribution and use, see the accompanying README.ijg
+ * file.
+ *
+@@ -720,7 +720,7 @@ start_input_ppm(j_compress_ptr cinfo, cjpeg_source_ptr
sinfo)
+ /* On 16-bit-int machines we have to be careful of maxval = 65535 */
+ source->rescale = (JSAMPLE *)
+ (*cinfo->mem->alloc_small) ((j_common_ptr)cinfo, JPOOL_IMAGE,
+- (size_t)(((long)maxval + 1L) *
++ (size_t)(((long)MAX(maxval, 255) + 1L) *
+sizeof(JSAMPLE)));
+ half_maxval = maxval / 2;
+ for (val = 0; val <= (long)maxval; val++) {
diff --git a/media-libs/libjpeg-turbo/libjpeg-turbo-1.5.3-r3.ebuild
b/media-libs/libjpeg-turbo/libjpeg-turbo-1.5.3-r3.ebuild
new file mode 100644
index
[gentoo-commits] repo/gentoo:master commit in: media-libs/libjpeg-turbo/files/, media-libs/libjpeg-turbo/
commit: bcd7c70dc22c55d74cfcfb75b3acc8c68120cca3
Author: Markus Meier gentoo org>
AuthorDate: Thu Feb 25 17:14:01 2016 +
Commit: Markus Meier gentoo org>
CommitDate: Thu Feb 25 17:14:01 2016 +
URL:https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=bcd7c70d
media-libs/libjpeg-turbo: remove old, bug #531418
Package-Manager: portage-2.2.27
media-libs/libjpeg-turbo/Manifest | 4 -
...ibjpeg-turbo-1.3.0-CVE-2013-6629-and-6630.patch | 38 ---
.../files/libjpeg-turbo-1.3.1-jstdhuff.patch | 301 -
.../files/libjpeg-turbo-1.3.1-overrun.patch| 21 --
.../libjpeg-turbo/libjpeg-turbo-1.3.0-r3.ebuild| 122 -
.../libjpeg-turbo/libjpeg-turbo-1.3.1-r1.ebuild| 118
.../libjpeg-turbo/libjpeg-turbo-1.3.1.ebuild | 121 -
.../libjpeg-turbo/libjpeg-turbo-1.4.1.ebuild | 117
8 files changed, 842 deletions(-)
diff --git a/media-libs/libjpeg-turbo/Manifest
b/media-libs/libjpeg-turbo/Manifest
index bd41654..c5ef8cc 100644
--- a/media-libs/libjpeg-turbo/Manifest
+++ b/media-libs/libjpeg-turbo/Manifest
@@ -1,6 +1,2 @@
-DIST libjpeg-turbo-1.3.0.tar.gz 1361603 SHA256
2657008cfc08aadbaca065bd9f8964b8a2c0abd03e73da5b5f09c1216be31234 SHA512
4d34c3c5f2cdd70b2a3d1b55eeb4ce59cb3d4b8d22bb6d43c2ec844b7eb5685b55a9b1b46ad2bc5f2756b5f5535ccad032791c3b932af9c1efc502aa5e701053
WHIRLPOOL
13c1366b9bef87cab42c88f75d1ff7eddb4ea745e0056154f1f3fb27deedee077d662395bada3bd5c18d6f8bf744d0b1f3d465967d33b453ea2acc327a6f166f
-DIST libjpeg-turbo-1.3.1.tar.gz 1390282 SHA256
c132907417ddc40ed552fe53d6b91d5fecbb14a356a60ddc7ea50d6be9666fb9 SHA512
6b02dc617e291b357230ef3e8cfcd27f9acc8c3e9f1c869ab0a08e9e13711b87156c6cd1aaa1a6406a873fc6732f44c8a7d94a5d6688d24b14ac63a96ee52081
WHIRLPOOL
f978b24d0a4e63a421822c2114c0cfc87cbc1dedd648ddc2e97e24ee19dc5584433b1da7d41a64f0ae37b50799a273165aaec6f1377ed35a7971dbe8a0b6a8d5
-DIST libjpeg-turbo-1.4.1.tar.gz 1529614 SHA256
4bf5bad4ce85625bffbbd9912211e06790e00fb982b77724af7211034efafb08 SHA512
81197fdac40c55cb9820b832c55dab9dd5aa19427a22feb6027510a4dc9c45aeea6a37203447600481f5162a0a2ca972324997cc89fc7e51b51808260df0598d
WHIRLPOOL
b1c2a225720216b602dfda04a3ecf52d2251ea775c44d2cd872e9c33f43f4275ca2fbfaccba8d493c12ece4023f0c4e0c3c029837bdaff577bc401ee46a14433
DIST libjpeg-turbo-1.4.2.tar.gz 1569306 SHA256
521bb5d3043e7ac063ce3026d9a59cc2ab2e9636c655a2515af5f4706122233e SHA512
9bd27c917c29125c425469eb0fdf99b802f25095f187fb416bd7c05e4af95a32404bbb0d06b77343d35d3461029500decf3481337b2eade9e57b58dea69719ee
WHIRLPOOL
4a6dfefee5d50b19474a5b0a8b2e3c06a403538985b9cf369a51d3cb2a9e2a0bbb6ac314e1e85d4432a44a8a381472c4e8be1286de909f3f47407692a583a01b
-DIST libjpeg8_8d-1.debian.tar.gz 13676 SHA256
70ec6689b0ad85739802cf3ebbdcc12ea01e21edd8f931c614b25b44cf199057 SHA512
7def4f13524f0af3b9adf35a370027a18f43b9a635f56a17d5bb7883370db8b18b8a12737d0f0cb4b0287ccf8fb474eb5f754de6b398ffe7d522c54e5bf68040
WHIRLPOOL
94526c31d401eb14c9bf0f7115e13a27886ad58863e25d6653eba2b2f5ef260ec272368d2b9d9934bd75b1e5b5f1afc97230e540248efc24d6e85e5680399d27
DIST libjpeg8_8d-2.debian.tar.gz 14764 SHA256
9b36468b2aba24d63d3c87625de89f31834ac429e6dec7d68d86a52b5110219c SHA512
8c5959fb7583a2d61e9442187f67b91b45e72d9dd30db3360d583a3b5d8e1a908db5659f760bdd455b3056e6ae3535b2fd3b847df3d58b140a1816b754003675
WHIRLPOOL
bda41c37f3f57733fcd86969126f6dbede2fbf633b0168265a7fe353fb7f3cd995a94e7987bac472957ec6fb0b2dc34d5dd646f0de79e06bc94e59d7cf440939
diff --git
a/media-libs/libjpeg-turbo/files/libjpeg-turbo-1.3.0-CVE-2013-6629-and-6630.patch
b/media-libs/libjpeg-turbo/files/libjpeg-turbo-1.3.0-CVE-2013-6629-and-6630.patch
deleted file mode 100644
index 46eefad..000
---
a/media-libs/libjpeg-turbo/files/libjpeg-turbo-1.3.0-CVE-2013-6629-and-6630.patch
+++ /dev/null
@@ -1,38 +0,0 @@
-http://bugzilla.redhat.com/show_bug.cgi?id=1031734
-http://bugzilla.redhat.com/show_bug.cgi?id=1031749
-http://sourceforge.net/p/libjpeg-turbo/code/1090/
-
jdmarker.c
-+++ jdmarker.c
-@@ -304,7 +304,7 @@
- /* Process a SOS marker */
- {
- INT32 length;
-- int i, ci, n, c, cc;
-+ int i, ci, n, c, cc, pi;
- jpeg_component_info * compptr;
- INPUT_VARS(cinfo);
-
-@@ -348,6 +348,13 @@
-
- TRACEMS3(cinfo, 1, JTRC_SOS_COMPONENT, cc,
-compptr->dc_tbl_no, compptr->ac_tbl_no);
-+
-+/* This CSi (cc) should differ from the previous CSi */
-+for (pi = 0; pi < i; pi++) {
-+ if (cinfo->cur_comp_info[pi] == compptr) {
-+ERREXIT1(cinfo, JERR_BAD_COMPONENT_ID, cc);
-+ }
-+}
- }
-
- /* Collect the additional scan parameters Ss, Se, Ah/Al. */
-@@ -465,6 +472,8 @@
- for (i = 0; i < count; i++)
- INPUT_BYTE(cinfo, huffval[i], return FALSE);
-
-+MEMZERO(&huffval[count], (256 - count) * SIZEOF(UINT8));
-+
- length -= count;
-
- if (index & 0x10) { /* AC table definition */
diff --git a/media-libs/libjpeg-turbo/files/libjpeg-turbo-1.3.1-jstdhuff.pa
[gentoo-commits] repo/gentoo:master commit in: media-libs/libjpeg-turbo/files/, media-libs/libjpeg-turbo/
commit: 0ba1f0cf1f00c16bd2efcf96fcba79f17dffc0ee
Author: Jason Zaman gentoo org>
AuthorDate: Thu Aug 16 11:01:30 2018 +
Commit: Jason Zaman gentoo org>
CommitDate: Thu Aug 16 11:02:03 2018 +
URL:https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=0ba1f0cf
media-libs/libjpeg-turbo-1.5.3-r2: Fix CVE-2018-11813
libjpeg 9c has a large loop because read_pixel in rdtarga.c mishandles EOF
https://nvd.nist.gov/vuln/detail/CVE-2018-11813
Bug: https://bugs.gentoo.org/658624
Package-Manager: Portage-2.3.40, Repoman-2.3.9
.../files/libjpeg-turbo-1.5.3-cve-2018-11813.patch | 45 ++
...5.3-r1.ebuild => libjpeg-turbo-1.5.3-r2.ebuild} | 1 +
2 files changed, 46 insertions(+)
diff --git
a/media-libs/libjpeg-turbo/files/libjpeg-turbo-1.5.3-cve-2018-11813.patch
b/media-libs/libjpeg-turbo/files/libjpeg-turbo-1.5.3-cve-2018-11813.patch
new file mode 100644
index 000..f99a1ab27f9
--- /dev/null
+++ b/media-libs/libjpeg-turbo/files/libjpeg-turbo-1.5.3-cve-2018-11813.patch
@@ -0,0 +1,45 @@
+From 909a8cfc7bca9b2e6707425bdb74da997e8fa499 Mon Sep 17 00:00:00 2001
+From: DRC
+Date: Tue, 12 Jun 2018 16:08:26 -0500
+Subject: [PATCH] Fix CVE-2018-11813
+
+Refer to change log for details.
+
+Fixes #242
+---
+ ChangeLog.md | 14 ++
+ rdtarga.c| 6 ++
+ 2 files changed, 16 insertions(+), 4 deletions(-)
+
+--- libjpeg-turbo-1.5.3/rdtarga.c
libjpeg-turbo-1.5.3/rdtarga.c
+@@ -125,11 +125,10 @@
+ read_non_rle_pixel (tga_source_ptr sinfo)
+ /* Read one Targa pixel from the input file; no RLE expansion */
+ {
+- register FILE *infile = sinfo->pub.input_file;
+ register int i;
+
+ for (i = 0; i < sinfo->pixel_size; i++) {
+-sinfo->tga_pixel[i] = (U_CHAR) getc(infile);
++sinfo->tga_pixel[i] = (U_CHAR) read_byte(sinfo);
+ }
+ }
+
+@@ -138,7 +137,6 @@
+ read_rle_pixel (tga_source_ptr sinfo)
+ /* Read one Targa pixel from the input file, expanding RLE data as needed */
+ {
+- register FILE *infile = sinfo->pub.input_file;
+ register int i;
+
+ /* Duplicate previously read pixel? */
+@@ -160,7 +158,7 @@
+
+ /* Read next pixel */
+ for (i = 0; i < sinfo->pixel_size; i++) {
+-sinfo->tga_pixel[i] = (U_CHAR) getc(infile);
++sinfo->tga_pixel[i] = (U_CHAR) read_byte(sinfo);
+ }
+ }
+
diff --git a/media-libs/libjpeg-turbo/libjpeg-turbo-1.5.3-r1.ebuild
b/media-libs/libjpeg-turbo/libjpeg-turbo-1.5.3-r2.ebuild
similarity index 98%
rename from media-libs/libjpeg-turbo/libjpeg-turbo-1.5.3-r1.ebuild
rename to media-libs/libjpeg-turbo/libjpeg-turbo-1.5.3-r2.ebuild
index a18bcc5812b..578f104e04f 100644
--- a/media-libs/libjpeg-turbo/libjpeg-turbo-1.5.3-r1.ebuild
+++ b/media-libs/libjpeg-turbo/libjpeg-turbo-1.5.3-r2.ebuild
@@ -36,6 +36,7 @@ MULTILIB_WRAPPED_HEADERS=( /usr/include/jconfig.h )
PATCHES=(
"${FILESDIR}"/${PN}-1.2.0-x32.patch #420239
"${FILESDIR}"/${P}-divzero_fix.patch #658624
+ "${FILESDIR}"/${P}-cve-2018-11813.patch
)
src_prepare() {
[gentoo-commits] repo/gentoo:master commit in: media-libs/libjpeg-turbo/files/, media-libs/libjpeg-turbo/
commit: 0ba1f0cf1f00c16bd2efcf96fcba79f17dffc0ee
Author: Jason Zaman gentoo org>
AuthorDate: Thu Aug 16 11:01:30 2018 +
Commit: Jason Zaman gentoo org>
CommitDate: Thu Aug 16 11:02:03 2018 +
URL:https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=0ba1f0cf
media-libs/libjpeg-turbo-1.5.3-r2: Fix CVE-2018-11813
libjpeg 9c has a large loop because read_pixel in rdtarga.c mishandles EOF
https://nvd.nist.gov/vuln/detail/CVE-2018-11813
Bug: https://bugs.gentoo.org/658624
Package-Manager: Portage-2.3.40, Repoman-2.3.9
.../files/libjpeg-turbo-1.5.3-cve-2018-11813.patch | 45 ++
...5.3-r1.ebuild => libjpeg-turbo-1.5.3-r2.ebuild} | 1 +
2 files changed, 46 insertions(+)
diff --git
a/media-libs/libjpeg-turbo/files/libjpeg-turbo-1.5.3-cve-2018-11813.patch
b/media-libs/libjpeg-turbo/files/libjpeg-turbo-1.5.3-cve-2018-11813.patch
new file mode 100644
index 000..f99a1ab27f9
--- /dev/null
+++ b/media-libs/libjpeg-turbo/files/libjpeg-turbo-1.5.3-cve-2018-11813.patch
@@ -0,0 +1,45 @@
+From 909a8cfc7bca9b2e6707425bdb74da997e8fa499 Mon Sep 17 00:00:00 2001
+From: DRC
+Date: Tue, 12 Jun 2018 16:08:26 -0500
+Subject: [PATCH] Fix CVE-2018-11813
+
+Refer to change log for details.
+
+Fixes #242
+---
+ ChangeLog.md | 14 ++
+ rdtarga.c| 6 ++
+ 2 files changed, 16 insertions(+), 4 deletions(-)
+
+--- libjpeg-turbo-1.5.3/rdtarga.c
libjpeg-turbo-1.5.3/rdtarga.c
+@@ -125,11 +125,10 @@
+ read_non_rle_pixel (tga_source_ptr sinfo)
+ /* Read one Targa pixel from the input file; no RLE expansion */
+ {
+- register FILE *infile = sinfo->pub.input_file;
+ register int i;
+
+ for (i = 0; i < sinfo->pixel_size; i++) {
+-sinfo->tga_pixel[i] = (U_CHAR) getc(infile);
++sinfo->tga_pixel[i] = (U_CHAR) read_byte(sinfo);
+ }
+ }
+
+@@ -138,7 +137,6 @@
+ read_rle_pixel (tga_source_ptr sinfo)
+ /* Read one Targa pixel from the input file, expanding RLE data as needed */
+ {
+- register FILE *infile = sinfo->pub.input_file;
+ register int i;
+
+ /* Duplicate previously read pixel? */
+@@ -160,7 +158,7 @@
+
+ /* Read next pixel */
+ for (i = 0; i < sinfo->pixel_size; i++) {
+-sinfo->tga_pixel[i] = (U_CHAR) getc(infile);
++sinfo->tga_pixel[i] = (U_CHAR) read_byte(sinfo);
+ }
+ }
+
diff --git a/media-libs/libjpeg-turbo/libjpeg-turbo-1.5.3-r1.ebuild
b/media-libs/libjpeg-turbo/libjpeg-turbo-1.5.3-r2.ebuild
similarity index 98%
rename from media-libs/libjpeg-turbo/libjpeg-turbo-1.5.3-r1.ebuild
rename to media-libs/libjpeg-turbo/libjpeg-turbo-1.5.3-r2.ebuild
index a18bcc5812b..578f104e04f 100644
--- a/media-libs/libjpeg-turbo/libjpeg-turbo-1.5.3-r1.ebuild
+++ b/media-libs/libjpeg-turbo/libjpeg-turbo-1.5.3-r2.ebuild
@@ -36,6 +36,7 @@ MULTILIB_WRAPPED_HEADERS=( /usr/include/jconfig.h )
PATCHES=(
"${FILESDIR}"/${PN}-1.2.0-x32.patch #420239
"${FILESDIR}"/${P}-divzero_fix.patch #658624
+ "${FILESDIR}"/${P}-cve-2018-11813.patch
)
src_prepare() {
[gentoo-commits] repo/gentoo:master commit in: media-libs/libjpeg-turbo/files/, media-libs/libjpeg-turbo/
commit: 8110962edc520001b3d2059be69702a1ceccee9b
Author: Sam James (sam_c) cmpct info>
AuthorDate: Thu Jun 11 00:37:52 2020 +
Commit: Mike Gilbert gentoo org>
CommitDate: Sat Jun 13 16:30:39 2020 +
URL:https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=8110962e
media-libs/libjpeg-turbo: Patch CVE-2020-13790
Bug: https://bugs.gentoo.org/727010
Package-Manager: Portage-2.3.99, Repoman-2.3.22
Signed-off-by: Sam James (sam_c) cmpct.info>
Signed-off-by: Mike Gilbert gentoo.org>
Closes: https://github.com/gentoo/gentoo/pull/16184
.../files/libjpeg-turbo-1.5.3-CVE-2020-13790.patch | 43
.../files/libjpeg-turbo-2.0.4-CVE-2020-13790.patch | 34 ++
.../libjpeg-turbo/libjpeg-turbo-1.5.3-r3.ebuild| 122 +
.../libjpeg-turbo/libjpeg-turbo-2.0.4-r1.ebuild| 108 ++
4 files changed, 307 insertions(+)
diff --git
a/media-libs/libjpeg-turbo/files/libjpeg-turbo-1.5.3-CVE-2020-13790.patch
b/media-libs/libjpeg-turbo/files/libjpeg-turbo-1.5.3-CVE-2020-13790.patch
new file mode 100644
index 000..8a9fcbd7972
--- /dev/null
+++ b/media-libs/libjpeg-turbo/files/libjpeg-turbo-1.5.3-CVE-2020-13790.patch
@@ -0,0 +1,43 @@
+From 1bfb0b5247f4fc8f6677639781ce468543490216 Mon Sep 17 00:00:00 2001
+From: DRC
+Date: Tue, 2 Jun 2020 14:15:37 -0500
+Subject: [PATCH] rdppm.c: Fix buf overrun caused by bad binary PPM
+
+This extends the fix in 1e81b0c3ea26f4ea8f56de05367469333de64a9f to
+include binary PPM files with maximum values < 255, thus preventing a
+malformed binary PPM input file with those specifications from
+triggering an overrun of the rescale array and potentially crashing
+cjpeg, TJBench, or any program that uses the tjLoadImage() function.
+
+Fixes #433
+diff --git a/rdppm.c b/rdppm.c
+index c0c096218..899436eec 100644
+--- a/rdppm.c
b/rdppm.c
+@@ -5,7 +5,7 @@
+ * Copyright (C) 1991-1997, Thomas G. Lane.
+ * Modified 2009 by Bill Allombert, Guido Vollbeding.
+ * libjpeg-turbo Modifications:
+- * Copyright (C) 2015, 2016, D. R. Commander.
++ * Copyright (C) 2015, 2016, 2020, D. R. Commander.
+ * For conditions of distribution and use, see the accompanying README.ijg
+ * file.
+ *
+@@ -22,6 +22,7 @@
+ * the file is indeed PPM format).
+ */
+
++#define JPEG_INTERNALS
+ #include "cdjpeg.h" /* Common decls for cjpeg/djpeg applications
*/
+
+ #ifdef PPM_SUPPORTED
+@@ -425,7 +426,7 @@ start_input_ppm (j_compress_ptr cinfo, cjpeg_source_ptr
sinfo)
+ /* On 16-bit-int machines we have to be careful of maxval = 65535 */
+ source->rescale = (JSAMPLE *)
+ (*cinfo->mem->alloc_small) ((j_common_ptr) cinfo, JPOOL_IMAGE,
+- (size_t) (((long) maxval + 1L) *
++ (size_t) (((long) MAX(maxval, 255) + 1L) *
+ sizeof(JSAMPLE)));
+ half_maxval = maxval / 2;
+ for (val = 0; val <= (long) maxval; val++) {
+
diff --git
a/media-libs/libjpeg-turbo/files/libjpeg-turbo-2.0.4-CVE-2020-13790.patch
b/media-libs/libjpeg-turbo/files/libjpeg-turbo-2.0.4-CVE-2020-13790.patch
new file mode 100644
index 000..e88ac174684
--- /dev/null
+++ b/media-libs/libjpeg-turbo/files/libjpeg-turbo-2.0.4-CVE-2020-13790.patch
@@ -0,0 +1,34 @@
+From 3de15e0c344d11d4b90f4a47136467053eb2d09a Mon Sep 17 00:00:00 2001
+From: DRC
+Date: Tue, 2 Jun 2020 14:15:37 -0500
+Subject: [PATCH] rdppm.c: Fix buf overrun caused by bad binary PPM
+
+This extends the fix in 1e81b0c3ea26f4ea8f56de05367469333de64a9f to
+include binary PPM files with maximum values < 255, thus preventing a
+malformed binary PPM input file with those specifications from
+triggering an overrun of the rescale array and potentially crashing
+cjpeg, TJBench, or any program that uses the tjLoadImage() function.
+
+Fixes #433
+diff --git a/rdppm.c b/rdppm.c
+index 87bc33090..a8507b902 100644
+--- a/rdppm.c
b/rdppm.c
+@@ -5,7 +5,7 @@
+ * Copyright (C) 1991-1997, Thomas G. Lane.
+ * Modified 2009 by Bill Allombert, Guido Vollbeding.
+ * libjpeg-turbo Modifications:
+- * Copyright (C) 2015-2017, D. R. Commander.
++ * Copyright (C) 2015-2017, 2020, D. R. Commander.
+ * For conditions of distribution and use, see the accompanying README.ijg
+ * file.
+ *
+@@ -720,7 +720,7 @@ start_input_ppm(j_compress_ptr cinfo, cjpeg_source_ptr
sinfo)
+ /* On 16-bit-int machines we have to be careful of maxval = 65535 */
+ source->rescale = (JSAMPLE *)
+ (*cinfo->mem->alloc_small) ((j_common_ptr)cinfo, JPOOL_IMAGE,
+- (size_t)(((long)maxval + 1L) *
++ (size_t)(((long)MAX(maxval, 255) + 1L) *
+sizeof(JSAMPLE)));
+ half_maxval = maxval / 2;
+ for (val = 0; val <= (long)maxval; val++) {
diff --git a/media-libs/libjpeg-turbo/libjpeg-turbo-1.5.3-r3.ebuild
b/media-libs/libjpeg-turbo/libjpeg-turbo-1.5.3-r3.ebuild
new file mode 100644
index
[gentoo-commits] repo/gentoo:master commit in: media-libs/libjpeg-turbo/files/, media-libs/libjpeg-turbo/
commit: 5461f1137c410777343daf6c6f688ab8d5422116
Author: Sam James gentoo org>
AuthorDate: Tue Sep 21 19:25:20 2021 +
Commit: Sam James gentoo org>
CommitDate: Tue Sep 21 19:25:38 2021 +
URL:https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=5461f113
media-libs/libjpeg-turbo: add patch for arm64 writable sections
Bug: https://bugs.gentoo.org/814206
Signed-off-by: Sam James gentoo.org>
.../files/libjpeg-turbo-2.1.1-arm64-relro.patch | 20
...2.1.1-r1.ebuild => libjpeg-turbo-2.1.1-r2.ebuild} | 5 +
2 files changed, 25 insertions(+)
diff --git
a/media-libs/libjpeg-turbo/files/libjpeg-turbo-2.1.1-arm64-relro.patch
b/media-libs/libjpeg-turbo/files/libjpeg-turbo-2.1.1-arm64-relro.patch
new file mode 100644
index 000..7784ae513d1
--- /dev/null
+++ b/media-libs/libjpeg-turbo/files/libjpeg-turbo-2.1.1-arm64-relro.patch
@@ -0,0 +1,20 @@
+https://github.com/libjpeg-turbo/libjpeg-turbo/commit/129f0cb76346ceede8f4d8d87dea8acb0809056c
+
+From: DRC
+Date: Wed, 25 Aug 2021 12:07:58 -0500
+Subject: [PATCH] Neon/AArch64: Don't put GAS functions in .rodata
+
+Regression introduced by 240ba417aa4b3174850d05ea0d22dbe5f80553c1
+
+Closes #546
+--- a/simd/arm/aarch64/jsimd_neon.S
b/simd/arm/aarch64/jsimd_neon.S
+@@ -182,6 +182,8 @@ Ljsimd_huff_encode_one_block_neon_consts:
+ .byte4, 5, 6, 7, 255, 255, 255, 255, \
+255, 255, 255, 255, 255, 255, 255, 255 /* L7 : 1 line OK */
+
++.text
++
+
+
/*/
+
diff --git a/media-libs/libjpeg-turbo/libjpeg-turbo-2.1.1-r1.ebuild
b/media-libs/libjpeg-turbo/libjpeg-turbo-2.1.1-r2.ebuild
similarity index 97%
rename from media-libs/libjpeg-turbo/libjpeg-turbo-2.1.1-r1.ebuild
rename to media-libs/libjpeg-turbo/libjpeg-turbo-2.1.1-r2.ebuild
index 9fa04496082..f8495413e2e 100644
--- a/media-libs/libjpeg-turbo/libjpeg-turbo-2.1.1-r1.ebuild
+++ b/media-libs/libjpeg-turbo/libjpeg-turbo-2.1.1-r2.ebuild
@@ -41,6 +41,11 @@ RDEPEND="${COMMON_DEPEND}
MULTILIB_WRAPPED_HEADERS=( /usr/include/jconfig.h )
+PATCHES=(
+ # Upstream patch
+ "${FILESDIR}"/${P}-arm64-relro.patch
+)
+
src_prepare() {
local FILE
ln -snf ../debian/extra/*.c . || die
[gentoo-commits] repo/gentoo:master commit in: media-libs/libjpeg-turbo/files/, media-libs/libjpeg-turbo/
commit: bcd7c70dc22c55d74cfcfb75b3acc8c68120cca3
Author: Markus Meier gentoo org>
AuthorDate: Thu Feb 25 17:14:01 2016 +
Commit: Markus Meier gentoo org>
CommitDate: Thu Feb 25 17:14:01 2016 +
URL:https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=bcd7c70d
media-libs/libjpeg-turbo: remove old, bug #531418
Package-Manager: portage-2.2.27
media-libs/libjpeg-turbo/Manifest | 4 -
...ibjpeg-turbo-1.3.0-CVE-2013-6629-and-6630.patch | 38 ---
.../files/libjpeg-turbo-1.3.1-jstdhuff.patch | 301 -
.../files/libjpeg-turbo-1.3.1-overrun.patch| 21 --
.../libjpeg-turbo/libjpeg-turbo-1.3.0-r3.ebuild| 122 -
.../libjpeg-turbo/libjpeg-turbo-1.3.1-r1.ebuild| 118
.../libjpeg-turbo/libjpeg-turbo-1.3.1.ebuild | 121 -
.../libjpeg-turbo/libjpeg-turbo-1.4.1.ebuild | 117
8 files changed, 842 deletions(-)
diff --git a/media-libs/libjpeg-turbo/Manifest
b/media-libs/libjpeg-turbo/Manifest
index bd41654..c5ef8cc 100644
--- a/media-libs/libjpeg-turbo/Manifest
+++ b/media-libs/libjpeg-turbo/Manifest
@@ -1,6 +1,2 @@
-DIST libjpeg-turbo-1.3.0.tar.gz 1361603 SHA256
2657008cfc08aadbaca065bd9f8964b8a2c0abd03e73da5b5f09c1216be31234 SHA512
4d34c3c5f2cdd70b2a3d1b55eeb4ce59cb3d4b8d22bb6d43c2ec844b7eb5685b55a9b1b46ad2bc5f2756b5f5535ccad032791c3b932af9c1efc502aa5e701053
WHIRLPOOL
13c1366b9bef87cab42c88f75d1ff7eddb4ea745e0056154f1f3fb27deedee077d662395bada3bd5c18d6f8bf744d0b1f3d465967d33b453ea2acc327a6f166f
-DIST libjpeg-turbo-1.3.1.tar.gz 1390282 SHA256
c132907417ddc40ed552fe53d6b91d5fecbb14a356a60ddc7ea50d6be9666fb9 SHA512
6b02dc617e291b357230ef3e8cfcd27f9acc8c3e9f1c869ab0a08e9e13711b87156c6cd1aaa1a6406a873fc6732f44c8a7d94a5d6688d24b14ac63a96ee52081
WHIRLPOOL
f978b24d0a4e63a421822c2114c0cfc87cbc1dedd648ddc2e97e24ee19dc5584433b1da7d41a64f0ae37b50799a273165aaec6f1377ed35a7971dbe8a0b6a8d5
-DIST libjpeg-turbo-1.4.1.tar.gz 1529614 SHA256
4bf5bad4ce85625bffbbd9912211e06790e00fb982b77724af7211034efafb08 SHA512
81197fdac40c55cb9820b832c55dab9dd5aa19427a22feb6027510a4dc9c45aeea6a37203447600481f5162a0a2ca972324997cc89fc7e51b51808260df0598d
WHIRLPOOL
b1c2a225720216b602dfda04a3ecf52d2251ea775c44d2cd872e9c33f43f4275ca2fbfaccba8d493c12ece4023f0c4e0c3c029837bdaff577bc401ee46a14433
DIST libjpeg-turbo-1.4.2.tar.gz 1569306 SHA256
521bb5d3043e7ac063ce3026d9a59cc2ab2e9636c655a2515af5f4706122233e SHA512
9bd27c917c29125c425469eb0fdf99b802f25095f187fb416bd7c05e4af95a32404bbb0d06b77343d35d3461029500decf3481337b2eade9e57b58dea69719ee
WHIRLPOOL
4a6dfefee5d50b19474a5b0a8b2e3c06a403538985b9cf369a51d3cb2a9e2a0bbb6ac314e1e85d4432a44a8a381472c4e8be1286de909f3f47407692a583a01b
-DIST libjpeg8_8d-1.debian.tar.gz 13676 SHA256
70ec6689b0ad85739802cf3ebbdcc12ea01e21edd8f931c614b25b44cf199057 SHA512
7def4f13524f0af3b9adf35a370027a18f43b9a635f56a17d5bb7883370db8b18b8a12737d0f0cb4b0287ccf8fb474eb5f754de6b398ffe7d522c54e5bf68040
WHIRLPOOL
94526c31d401eb14c9bf0f7115e13a27886ad58863e25d6653eba2b2f5ef260ec272368d2b9d9934bd75b1e5b5f1afc97230e540248efc24d6e85e5680399d27
DIST libjpeg8_8d-2.debian.tar.gz 14764 SHA256
9b36468b2aba24d63d3c87625de89f31834ac429e6dec7d68d86a52b5110219c SHA512
8c5959fb7583a2d61e9442187f67b91b45e72d9dd30db3360d583a3b5d8e1a908db5659f760bdd455b3056e6ae3535b2fd3b847df3d58b140a1816b754003675
WHIRLPOOL
bda41c37f3f57733fcd86969126f6dbede2fbf633b0168265a7fe353fb7f3cd995a94e7987bac472957ec6fb0b2dc34d5dd646f0de79e06bc94e59d7cf440939
diff --git
a/media-libs/libjpeg-turbo/files/libjpeg-turbo-1.3.0-CVE-2013-6629-and-6630.patch
b/media-libs/libjpeg-turbo/files/libjpeg-turbo-1.3.0-CVE-2013-6629-and-6630.patch
deleted file mode 100644
index 46eefad..000
---
a/media-libs/libjpeg-turbo/files/libjpeg-turbo-1.3.0-CVE-2013-6629-and-6630.patch
+++ /dev/null
@@ -1,38 +0,0 @@
-http://bugzilla.redhat.com/show_bug.cgi?id=1031734
-http://bugzilla.redhat.com/show_bug.cgi?id=1031749
-http://sourceforge.net/p/libjpeg-turbo/code/1090/
-
jdmarker.c
-+++ jdmarker.c
-@@ -304,7 +304,7 @@
- /* Process a SOS marker */
- {
- INT32 length;
-- int i, ci, n, c, cc;
-+ int i, ci, n, c, cc, pi;
- jpeg_component_info * compptr;
- INPUT_VARS(cinfo);
-
-@@ -348,6 +348,13 @@
-
- TRACEMS3(cinfo, 1, JTRC_SOS_COMPONENT, cc,
-compptr->dc_tbl_no, compptr->ac_tbl_no);
-+
-+/* This CSi (cc) should differ from the previous CSi */
-+for (pi = 0; pi < i; pi++) {
-+ if (cinfo->cur_comp_info[pi] == compptr) {
-+ERREXIT1(cinfo, JERR_BAD_COMPONENT_ID, cc);
-+ }
-+}
- }
-
- /* Collect the additional scan parameters Ss, Se, Ah/Al. */
-@@ -465,6 +472,8 @@
- for (i = 0; i < count; i++)
- INPUT_BYTE(cinfo, huffval[i], return FALSE);
-
-+MEMZERO(&huffval[count], (256 - count) * SIZEOF(UINT8));
-+
- length -= count;
-
- if (index & 0x10) { /* AC table definition */
diff --git a/media-libs/libjpeg-turbo/files/libjpeg-turbo-1.3.1-jstdhuff.pa
[gentoo-commits] repo/gentoo:master commit in: media-libs/libjpeg-turbo/files/, media-libs/libjpeg-turbo/
commit: 5461f1137c410777343daf6c6f688ab8d5422116
Author: Sam James gentoo org>
AuthorDate: Tue Sep 21 19:25:20 2021 +
Commit: Sam James gentoo org>
CommitDate: Tue Sep 21 19:25:38 2021 +
URL:https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=5461f113
media-libs/libjpeg-turbo: add patch for arm64 writable sections
Bug: https://bugs.gentoo.org/814206
Signed-off-by: Sam James gentoo.org>
.../files/libjpeg-turbo-2.1.1-arm64-relro.patch | 20
...2.1.1-r1.ebuild => libjpeg-turbo-2.1.1-r2.ebuild} | 5 +
2 files changed, 25 insertions(+)
diff --git
a/media-libs/libjpeg-turbo/files/libjpeg-turbo-2.1.1-arm64-relro.patch
b/media-libs/libjpeg-turbo/files/libjpeg-turbo-2.1.1-arm64-relro.patch
new file mode 100644
index 000..7784ae513d1
--- /dev/null
+++ b/media-libs/libjpeg-turbo/files/libjpeg-turbo-2.1.1-arm64-relro.patch
@@ -0,0 +1,20 @@
+https://github.com/libjpeg-turbo/libjpeg-turbo/commit/129f0cb76346ceede8f4d8d87dea8acb0809056c
+
+From: DRC
+Date: Wed, 25 Aug 2021 12:07:58 -0500
+Subject: [PATCH] Neon/AArch64: Don't put GAS functions in .rodata
+
+Regression introduced by 240ba417aa4b3174850d05ea0d22dbe5f80553c1
+
+Closes #546
+--- a/simd/arm/aarch64/jsimd_neon.S
b/simd/arm/aarch64/jsimd_neon.S
+@@ -182,6 +182,8 @@ Ljsimd_huff_encode_one_block_neon_consts:
+ .byte4, 5, 6, 7, 255, 255, 255, 255, \
+255, 255, 255, 255, 255, 255, 255, 255 /* L7 : 1 line OK */
+
++.text
++
+
+
/*/
+
diff --git a/media-libs/libjpeg-turbo/libjpeg-turbo-2.1.1-r1.ebuild
b/media-libs/libjpeg-turbo/libjpeg-turbo-2.1.1-r2.ebuild
similarity index 97%
rename from media-libs/libjpeg-turbo/libjpeg-turbo-2.1.1-r1.ebuild
rename to media-libs/libjpeg-turbo/libjpeg-turbo-2.1.1-r2.ebuild
index 9fa04496082..f8495413e2e 100644
--- a/media-libs/libjpeg-turbo/libjpeg-turbo-2.1.1-r1.ebuild
+++ b/media-libs/libjpeg-turbo/libjpeg-turbo-2.1.1-r2.ebuild
@@ -41,6 +41,11 @@ RDEPEND="${COMMON_DEPEND}
MULTILIB_WRAPPED_HEADERS=( /usr/include/jconfig.h )
+PATCHES=(
+ # Upstream patch
+ "${FILESDIR}"/${P}-arm64-relro.patch
+)
+
src_prepare() {
local FILE
ln -snf ../debian/extra/*.c . || die
[gentoo-commits] repo/gentoo:master commit in: media-libs/libjpeg-turbo/files/, media-libs/libjpeg-turbo/
commit: 8110962edc520001b3d2059be69702a1ceccee9b
Author: Sam James (sam_c) cmpct info>
AuthorDate: Thu Jun 11 00:37:52 2020 +
Commit: Mike Gilbert gentoo org>
CommitDate: Sat Jun 13 16:30:39 2020 +
URL:https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=8110962e
media-libs/libjpeg-turbo: Patch CVE-2020-13790
Bug: https://bugs.gentoo.org/727010
Package-Manager: Portage-2.3.99, Repoman-2.3.22
Signed-off-by: Sam James (sam_c) cmpct.info>
Signed-off-by: Mike Gilbert gentoo.org>
Closes: https://github.com/gentoo/gentoo/pull/16184
.../files/libjpeg-turbo-1.5.3-CVE-2020-13790.patch | 43
.../files/libjpeg-turbo-2.0.4-CVE-2020-13790.patch | 34 ++
.../libjpeg-turbo/libjpeg-turbo-1.5.3-r3.ebuild| 122 +
.../libjpeg-turbo/libjpeg-turbo-2.0.4-r1.ebuild| 108 ++
4 files changed, 307 insertions(+)
diff --git
a/media-libs/libjpeg-turbo/files/libjpeg-turbo-1.5.3-CVE-2020-13790.patch
b/media-libs/libjpeg-turbo/files/libjpeg-turbo-1.5.3-CVE-2020-13790.patch
new file mode 100644
index 000..8a9fcbd7972
--- /dev/null
+++ b/media-libs/libjpeg-turbo/files/libjpeg-turbo-1.5.3-CVE-2020-13790.patch
@@ -0,0 +1,43 @@
+From 1bfb0b5247f4fc8f6677639781ce468543490216 Mon Sep 17 00:00:00 2001
+From: DRC
+Date: Tue, 2 Jun 2020 14:15:37 -0500
+Subject: [PATCH] rdppm.c: Fix buf overrun caused by bad binary PPM
+
+This extends the fix in 1e81b0c3ea26f4ea8f56de05367469333de64a9f to
+include binary PPM files with maximum values < 255, thus preventing a
+malformed binary PPM input file with those specifications from
+triggering an overrun of the rescale array and potentially crashing
+cjpeg, TJBench, or any program that uses the tjLoadImage() function.
+
+Fixes #433
+diff --git a/rdppm.c b/rdppm.c
+index c0c096218..899436eec 100644
+--- a/rdppm.c
b/rdppm.c
+@@ -5,7 +5,7 @@
+ * Copyright (C) 1991-1997, Thomas G. Lane.
+ * Modified 2009 by Bill Allombert, Guido Vollbeding.
+ * libjpeg-turbo Modifications:
+- * Copyright (C) 2015, 2016, D. R. Commander.
++ * Copyright (C) 2015, 2016, 2020, D. R. Commander.
+ * For conditions of distribution and use, see the accompanying README.ijg
+ * file.
+ *
+@@ -22,6 +22,7 @@
+ * the file is indeed PPM format).
+ */
+
++#define JPEG_INTERNALS
+ #include "cdjpeg.h" /* Common decls for cjpeg/djpeg applications
*/
+
+ #ifdef PPM_SUPPORTED
+@@ -425,7 +426,7 @@ start_input_ppm (j_compress_ptr cinfo, cjpeg_source_ptr
sinfo)
+ /* On 16-bit-int machines we have to be careful of maxval = 65535 */
+ source->rescale = (JSAMPLE *)
+ (*cinfo->mem->alloc_small) ((j_common_ptr) cinfo, JPOOL_IMAGE,
+- (size_t) (((long) maxval + 1L) *
++ (size_t) (((long) MAX(maxval, 255) + 1L) *
+ sizeof(JSAMPLE)));
+ half_maxval = maxval / 2;
+ for (val = 0; val <= (long) maxval; val++) {
+
diff --git
a/media-libs/libjpeg-turbo/files/libjpeg-turbo-2.0.4-CVE-2020-13790.patch
b/media-libs/libjpeg-turbo/files/libjpeg-turbo-2.0.4-CVE-2020-13790.patch
new file mode 100644
index 000..e88ac174684
--- /dev/null
+++ b/media-libs/libjpeg-turbo/files/libjpeg-turbo-2.0.4-CVE-2020-13790.patch
@@ -0,0 +1,34 @@
+From 3de15e0c344d11d4b90f4a47136467053eb2d09a Mon Sep 17 00:00:00 2001
+From: DRC
+Date: Tue, 2 Jun 2020 14:15:37 -0500
+Subject: [PATCH] rdppm.c: Fix buf overrun caused by bad binary PPM
+
+This extends the fix in 1e81b0c3ea26f4ea8f56de05367469333de64a9f to
+include binary PPM files with maximum values < 255, thus preventing a
+malformed binary PPM input file with those specifications from
+triggering an overrun of the rescale array and potentially crashing
+cjpeg, TJBench, or any program that uses the tjLoadImage() function.
+
+Fixes #433
+diff --git a/rdppm.c b/rdppm.c
+index 87bc33090..a8507b902 100644
+--- a/rdppm.c
b/rdppm.c
+@@ -5,7 +5,7 @@
+ * Copyright (C) 1991-1997, Thomas G. Lane.
+ * Modified 2009 by Bill Allombert, Guido Vollbeding.
+ * libjpeg-turbo Modifications:
+- * Copyright (C) 2015-2017, D. R. Commander.
++ * Copyright (C) 2015-2017, 2020, D. R. Commander.
+ * For conditions of distribution and use, see the accompanying README.ijg
+ * file.
+ *
+@@ -720,7 +720,7 @@ start_input_ppm(j_compress_ptr cinfo, cjpeg_source_ptr
sinfo)
+ /* On 16-bit-int machines we have to be careful of maxval = 65535 */
+ source->rescale = (JSAMPLE *)
+ (*cinfo->mem->alloc_small) ((j_common_ptr)cinfo, JPOOL_IMAGE,
+- (size_t)(((long)maxval + 1L) *
++ (size_t)(((long)MAX(maxval, 255) + 1L) *
+sizeof(JSAMPLE)));
+ half_maxval = maxval / 2;
+ for (val = 0; val <= (long)maxval; val++) {
diff --git a/media-libs/libjpeg-turbo/libjpeg-turbo-1.5.3-r3.ebuild
b/media-libs/libjpeg-turbo/libjpeg-turbo-1.5.3-r3.ebuild
new file mode 100644
index
[gentoo-commits] repo/gentoo:master commit in: media-libs/libjpeg-turbo/files/, media-libs/libjpeg-turbo/
commit: 0ba1f0cf1f00c16bd2efcf96fcba79f17dffc0ee
Author: Jason Zaman gentoo org>
AuthorDate: Thu Aug 16 11:01:30 2018 +
Commit: Jason Zaman gentoo org>
CommitDate: Thu Aug 16 11:02:03 2018 +
URL:https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=0ba1f0cf
media-libs/libjpeg-turbo-1.5.3-r2: Fix CVE-2018-11813
libjpeg 9c has a large loop because read_pixel in rdtarga.c mishandles EOF
https://nvd.nist.gov/vuln/detail/CVE-2018-11813
Bug: https://bugs.gentoo.org/658624
Package-Manager: Portage-2.3.40, Repoman-2.3.9
.../files/libjpeg-turbo-1.5.3-cve-2018-11813.patch | 45 ++
...5.3-r1.ebuild => libjpeg-turbo-1.5.3-r2.ebuild} | 1 +
2 files changed, 46 insertions(+)
diff --git
a/media-libs/libjpeg-turbo/files/libjpeg-turbo-1.5.3-cve-2018-11813.patch
b/media-libs/libjpeg-turbo/files/libjpeg-turbo-1.5.3-cve-2018-11813.patch
new file mode 100644
index 000..f99a1ab27f9
--- /dev/null
+++ b/media-libs/libjpeg-turbo/files/libjpeg-turbo-1.5.3-cve-2018-11813.patch
@@ -0,0 +1,45 @@
+From 909a8cfc7bca9b2e6707425bdb74da997e8fa499 Mon Sep 17 00:00:00 2001
+From: DRC
+Date: Tue, 12 Jun 2018 16:08:26 -0500
+Subject: [PATCH] Fix CVE-2018-11813
+
+Refer to change log for details.
+
+Fixes #242
+---
+ ChangeLog.md | 14 ++
+ rdtarga.c| 6 ++
+ 2 files changed, 16 insertions(+), 4 deletions(-)
+
+--- libjpeg-turbo-1.5.3/rdtarga.c
libjpeg-turbo-1.5.3/rdtarga.c
+@@ -125,11 +125,10 @@
+ read_non_rle_pixel (tga_source_ptr sinfo)
+ /* Read one Targa pixel from the input file; no RLE expansion */
+ {
+- register FILE *infile = sinfo->pub.input_file;
+ register int i;
+
+ for (i = 0; i < sinfo->pixel_size; i++) {
+-sinfo->tga_pixel[i] = (U_CHAR) getc(infile);
++sinfo->tga_pixel[i] = (U_CHAR) read_byte(sinfo);
+ }
+ }
+
+@@ -138,7 +137,6 @@
+ read_rle_pixel (tga_source_ptr sinfo)
+ /* Read one Targa pixel from the input file, expanding RLE data as needed */
+ {
+- register FILE *infile = sinfo->pub.input_file;
+ register int i;
+
+ /* Duplicate previously read pixel? */
+@@ -160,7 +158,7 @@
+
+ /* Read next pixel */
+ for (i = 0; i < sinfo->pixel_size; i++) {
+-sinfo->tga_pixel[i] = (U_CHAR) getc(infile);
++sinfo->tga_pixel[i] = (U_CHAR) read_byte(sinfo);
+ }
+ }
+
diff --git a/media-libs/libjpeg-turbo/libjpeg-turbo-1.5.3-r1.ebuild
b/media-libs/libjpeg-turbo/libjpeg-turbo-1.5.3-r2.ebuild
similarity index 98%
rename from media-libs/libjpeg-turbo/libjpeg-turbo-1.5.3-r1.ebuild
rename to media-libs/libjpeg-turbo/libjpeg-turbo-1.5.3-r2.ebuild
index a18bcc5812b..578f104e04f 100644
--- a/media-libs/libjpeg-turbo/libjpeg-turbo-1.5.3-r1.ebuild
+++ b/media-libs/libjpeg-turbo/libjpeg-turbo-1.5.3-r2.ebuild
@@ -36,6 +36,7 @@ MULTILIB_WRAPPED_HEADERS=( /usr/include/jconfig.h )
PATCHES=(
"${FILESDIR}"/${PN}-1.2.0-x32.patch #420239
"${FILESDIR}"/${P}-divzero_fix.patch #658624
+ "${FILESDIR}"/${P}-cve-2018-11813.patch
)
src_prepare() {
[gentoo-commits] repo/gentoo:master commit in: media-libs/libjpeg-turbo/files/, media-libs/libjpeg-turbo/
commit: bcd7c70dc22c55d74cfcfb75b3acc8c68120cca3
Author: Markus Meier gentoo org>
AuthorDate: Thu Feb 25 17:14:01 2016 +
Commit: Markus Meier gentoo org>
CommitDate: Thu Feb 25 17:14:01 2016 +
URL:https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=bcd7c70d
media-libs/libjpeg-turbo: remove old, bug #531418
Package-Manager: portage-2.2.27
media-libs/libjpeg-turbo/Manifest | 4 -
...ibjpeg-turbo-1.3.0-CVE-2013-6629-and-6630.patch | 38 ---
.../files/libjpeg-turbo-1.3.1-jstdhuff.patch | 301 -
.../files/libjpeg-turbo-1.3.1-overrun.patch| 21 --
.../libjpeg-turbo/libjpeg-turbo-1.3.0-r3.ebuild| 122 -
.../libjpeg-turbo/libjpeg-turbo-1.3.1-r1.ebuild| 118
.../libjpeg-turbo/libjpeg-turbo-1.3.1.ebuild | 121 -
.../libjpeg-turbo/libjpeg-turbo-1.4.1.ebuild | 117
8 files changed, 842 deletions(-)
diff --git a/media-libs/libjpeg-turbo/Manifest
b/media-libs/libjpeg-turbo/Manifest
index bd41654..c5ef8cc 100644
--- a/media-libs/libjpeg-turbo/Manifest
+++ b/media-libs/libjpeg-turbo/Manifest
@@ -1,6 +1,2 @@
-DIST libjpeg-turbo-1.3.0.tar.gz 1361603 SHA256
2657008cfc08aadbaca065bd9f8964b8a2c0abd03e73da5b5f09c1216be31234 SHA512
4d34c3c5f2cdd70b2a3d1b55eeb4ce59cb3d4b8d22bb6d43c2ec844b7eb5685b55a9b1b46ad2bc5f2756b5f5535ccad032791c3b932af9c1efc502aa5e701053
WHIRLPOOL
13c1366b9bef87cab42c88f75d1ff7eddb4ea745e0056154f1f3fb27deedee077d662395bada3bd5c18d6f8bf744d0b1f3d465967d33b453ea2acc327a6f166f
-DIST libjpeg-turbo-1.3.1.tar.gz 1390282 SHA256
c132907417ddc40ed552fe53d6b91d5fecbb14a356a60ddc7ea50d6be9666fb9 SHA512
6b02dc617e291b357230ef3e8cfcd27f9acc8c3e9f1c869ab0a08e9e13711b87156c6cd1aaa1a6406a873fc6732f44c8a7d94a5d6688d24b14ac63a96ee52081
WHIRLPOOL
f978b24d0a4e63a421822c2114c0cfc87cbc1dedd648ddc2e97e24ee19dc5584433b1da7d41a64f0ae37b50799a273165aaec6f1377ed35a7971dbe8a0b6a8d5
-DIST libjpeg-turbo-1.4.1.tar.gz 1529614 SHA256
4bf5bad4ce85625bffbbd9912211e06790e00fb982b77724af7211034efafb08 SHA512
81197fdac40c55cb9820b832c55dab9dd5aa19427a22feb6027510a4dc9c45aeea6a37203447600481f5162a0a2ca972324997cc89fc7e51b51808260df0598d
WHIRLPOOL
b1c2a225720216b602dfda04a3ecf52d2251ea775c44d2cd872e9c33f43f4275ca2fbfaccba8d493c12ece4023f0c4e0c3c029837bdaff577bc401ee46a14433
DIST libjpeg-turbo-1.4.2.tar.gz 1569306 SHA256
521bb5d3043e7ac063ce3026d9a59cc2ab2e9636c655a2515af5f4706122233e SHA512
9bd27c917c29125c425469eb0fdf99b802f25095f187fb416bd7c05e4af95a32404bbb0d06b77343d35d3461029500decf3481337b2eade9e57b58dea69719ee
WHIRLPOOL
4a6dfefee5d50b19474a5b0a8b2e3c06a403538985b9cf369a51d3cb2a9e2a0bbb6ac314e1e85d4432a44a8a381472c4e8be1286de909f3f47407692a583a01b
-DIST libjpeg8_8d-1.debian.tar.gz 13676 SHA256
70ec6689b0ad85739802cf3ebbdcc12ea01e21edd8f931c614b25b44cf199057 SHA512
7def4f13524f0af3b9adf35a370027a18f43b9a635f56a17d5bb7883370db8b18b8a12737d0f0cb4b0287ccf8fb474eb5f754de6b398ffe7d522c54e5bf68040
WHIRLPOOL
94526c31d401eb14c9bf0f7115e13a27886ad58863e25d6653eba2b2f5ef260ec272368d2b9d9934bd75b1e5b5f1afc97230e540248efc24d6e85e5680399d27
DIST libjpeg8_8d-2.debian.tar.gz 14764 SHA256
9b36468b2aba24d63d3c87625de89f31834ac429e6dec7d68d86a52b5110219c SHA512
8c5959fb7583a2d61e9442187f67b91b45e72d9dd30db3360d583a3b5d8e1a908db5659f760bdd455b3056e6ae3535b2fd3b847df3d58b140a1816b754003675
WHIRLPOOL
bda41c37f3f57733fcd86969126f6dbede2fbf633b0168265a7fe353fb7f3cd995a94e7987bac472957ec6fb0b2dc34d5dd646f0de79e06bc94e59d7cf440939
diff --git
a/media-libs/libjpeg-turbo/files/libjpeg-turbo-1.3.0-CVE-2013-6629-and-6630.patch
b/media-libs/libjpeg-turbo/files/libjpeg-turbo-1.3.0-CVE-2013-6629-and-6630.patch
deleted file mode 100644
index 46eefad..000
---
a/media-libs/libjpeg-turbo/files/libjpeg-turbo-1.3.0-CVE-2013-6629-and-6630.patch
+++ /dev/null
@@ -1,38 +0,0 @@
-http://bugzilla.redhat.com/show_bug.cgi?id=1031734
-http://bugzilla.redhat.com/show_bug.cgi?id=1031749
-http://sourceforge.net/p/libjpeg-turbo/code/1090/
-
jdmarker.c
-+++ jdmarker.c
-@@ -304,7 +304,7 @@
- /* Process a SOS marker */
- {
- INT32 length;
-- int i, ci, n, c, cc;
-+ int i, ci, n, c, cc, pi;
- jpeg_component_info * compptr;
- INPUT_VARS(cinfo);
-
-@@ -348,6 +348,13 @@
-
- TRACEMS3(cinfo, 1, JTRC_SOS_COMPONENT, cc,
-compptr->dc_tbl_no, compptr->ac_tbl_no);
-+
-+/* This CSi (cc) should differ from the previous CSi */
-+for (pi = 0; pi < i; pi++) {
-+ if (cinfo->cur_comp_info[pi] == compptr) {
-+ERREXIT1(cinfo, JERR_BAD_COMPONENT_ID, cc);
-+ }
-+}
- }
-
- /* Collect the additional scan parameters Ss, Se, Ah/Al. */
-@@ -465,6 +472,8 @@
- for (i = 0; i < count; i++)
- INPUT_BYTE(cinfo, huffval[i], return FALSE);
-
-+MEMZERO(&huffval[count], (256 - count) * SIZEOF(UINT8));
-+
- length -= count;
-
- if (index & 0x10) { /* AC table definition */
diff --git a/media-libs/libjpeg-turbo/files/libjpeg-turbo-1.3.1-jstdhuff.pa
[gentoo-commits] repo/gentoo:master commit in: media-libs/libjpeg-turbo/files/, media-libs/libjpeg-turbo/
commit: 5461f1137c410777343daf6c6f688ab8d5422116
Author: Sam James gentoo org>
AuthorDate: Tue Sep 21 19:25:20 2021 +
Commit: Sam James gentoo org>
CommitDate: Tue Sep 21 19:25:38 2021 +
URL:https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=5461f113
media-libs/libjpeg-turbo: add patch for arm64 writable sections
Bug: https://bugs.gentoo.org/814206
Signed-off-by: Sam James gentoo.org>
.../files/libjpeg-turbo-2.1.1-arm64-relro.patch | 20
...2.1.1-r1.ebuild => libjpeg-turbo-2.1.1-r2.ebuild} | 5 +
2 files changed, 25 insertions(+)
diff --git
a/media-libs/libjpeg-turbo/files/libjpeg-turbo-2.1.1-arm64-relro.patch
b/media-libs/libjpeg-turbo/files/libjpeg-turbo-2.1.1-arm64-relro.patch
new file mode 100644
index 000..7784ae513d1
--- /dev/null
+++ b/media-libs/libjpeg-turbo/files/libjpeg-turbo-2.1.1-arm64-relro.patch
@@ -0,0 +1,20 @@
+https://github.com/libjpeg-turbo/libjpeg-turbo/commit/129f0cb76346ceede8f4d8d87dea8acb0809056c
+
+From: DRC
+Date: Wed, 25 Aug 2021 12:07:58 -0500
+Subject: [PATCH] Neon/AArch64: Don't put GAS functions in .rodata
+
+Regression introduced by 240ba417aa4b3174850d05ea0d22dbe5f80553c1
+
+Closes #546
+--- a/simd/arm/aarch64/jsimd_neon.S
b/simd/arm/aarch64/jsimd_neon.S
+@@ -182,6 +182,8 @@ Ljsimd_huff_encode_one_block_neon_consts:
+ .byte4, 5, 6, 7, 255, 255, 255, 255, \
+255, 255, 255, 255, 255, 255, 255, 255 /* L7 : 1 line OK */
+
++.text
++
+
+
/*/
+
diff --git a/media-libs/libjpeg-turbo/libjpeg-turbo-2.1.1-r1.ebuild
b/media-libs/libjpeg-turbo/libjpeg-turbo-2.1.1-r2.ebuild
similarity index 97%
rename from media-libs/libjpeg-turbo/libjpeg-turbo-2.1.1-r1.ebuild
rename to media-libs/libjpeg-turbo/libjpeg-turbo-2.1.1-r2.ebuild
index 9fa04496082..f8495413e2e 100644
--- a/media-libs/libjpeg-turbo/libjpeg-turbo-2.1.1-r1.ebuild
+++ b/media-libs/libjpeg-turbo/libjpeg-turbo-2.1.1-r2.ebuild
@@ -41,6 +41,11 @@ RDEPEND="${COMMON_DEPEND}
MULTILIB_WRAPPED_HEADERS=( /usr/include/jconfig.h )
+PATCHES=(
+ # Upstream patch
+ "${FILESDIR}"/${P}-arm64-relro.patch
+)
+
src_prepare() {
local FILE
ln -snf ../debian/extra/*.c . || die
[gentoo-commits] repo/gentoo:master commit in: media-libs/libjpeg-turbo/files/, media-libs/libjpeg-turbo/
commit: 5461f1137c410777343daf6c6f688ab8d5422116
Author: Sam James gentoo org>
AuthorDate: Tue Sep 21 19:25:20 2021 +
Commit: Sam James gentoo org>
CommitDate: Tue Sep 21 19:25:38 2021 +
URL:https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=5461f113
media-libs/libjpeg-turbo: add patch for arm64 writable sections
Bug: https://bugs.gentoo.org/814206
Signed-off-by: Sam James gentoo.org>
.../files/libjpeg-turbo-2.1.1-arm64-relro.patch | 20
...2.1.1-r1.ebuild => libjpeg-turbo-2.1.1-r2.ebuild} | 5 +
2 files changed, 25 insertions(+)
diff --git
a/media-libs/libjpeg-turbo/files/libjpeg-turbo-2.1.1-arm64-relro.patch
b/media-libs/libjpeg-turbo/files/libjpeg-turbo-2.1.1-arm64-relro.patch
new file mode 100644
index 000..7784ae513d1
--- /dev/null
+++ b/media-libs/libjpeg-turbo/files/libjpeg-turbo-2.1.1-arm64-relro.patch
@@ -0,0 +1,20 @@
+https://github.com/libjpeg-turbo/libjpeg-turbo/commit/129f0cb76346ceede8f4d8d87dea8acb0809056c
+
+From: DRC
+Date: Wed, 25 Aug 2021 12:07:58 -0500
+Subject: [PATCH] Neon/AArch64: Don't put GAS functions in .rodata
+
+Regression introduced by 240ba417aa4b3174850d05ea0d22dbe5f80553c1
+
+Closes #546
+--- a/simd/arm/aarch64/jsimd_neon.S
b/simd/arm/aarch64/jsimd_neon.S
+@@ -182,6 +182,8 @@ Ljsimd_huff_encode_one_block_neon_consts:
+ .byte4, 5, 6, 7, 255, 255, 255, 255, \
+255, 255, 255, 255, 255, 255, 255, 255 /* L7 : 1 line OK */
+
++.text
++
+
+
/*/
+
diff --git a/media-libs/libjpeg-turbo/libjpeg-turbo-2.1.1-r1.ebuild
b/media-libs/libjpeg-turbo/libjpeg-turbo-2.1.1-r2.ebuild
similarity index 97%
rename from media-libs/libjpeg-turbo/libjpeg-turbo-2.1.1-r1.ebuild
rename to media-libs/libjpeg-turbo/libjpeg-turbo-2.1.1-r2.ebuild
index 9fa04496082..f8495413e2e 100644
--- a/media-libs/libjpeg-turbo/libjpeg-turbo-2.1.1-r1.ebuild
+++ b/media-libs/libjpeg-turbo/libjpeg-turbo-2.1.1-r2.ebuild
@@ -41,6 +41,11 @@ RDEPEND="${COMMON_DEPEND}
MULTILIB_WRAPPED_HEADERS=( /usr/include/jconfig.h )
+PATCHES=(
+ # Upstream patch
+ "${FILESDIR}"/${P}-arm64-relro.patch
+)
+
src_prepare() {
local FILE
ln -snf ../debian/extra/*.c . || die
[gentoo-commits] repo/gentoo:master commit in: media-libs/libjpeg-turbo/files/, media-libs/libjpeg-turbo/
commit: 8110962edc520001b3d2059be69702a1ceccee9b
Author: Sam James (sam_c) cmpct info>
AuthorDate: Thu Jun 11 00:37:52 2020 +
Commit: Mike Gilbert gentoo org>
CommitDate: Sat Jun 13 16:30:39 2020 +
URL:https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=8110962e
media-libs/libjpeg-turbo: Patch CVE-2020-13790
Bug: https://bugs.gentoo.org/727010
Package-Manager: Portage-2.3.99, Repoman-2.3.22
Signed-off-by: Sam James (sam_c) cmpct.info>
Signed-off-by: Mike Gilbert gentoo.org>
Closes: https://github.com/gentoo/gentoo/pull/16184
.../files/libjpeg-turbo-1.5.3-CVE-2020-13790.patch | 43
.../files/libjpeg-turbo-2.0.4-CVE-2020-13790.patch | 34 ++
.../libjpeg-turbo/libjpeg-turbo-1.5.3-r3.ebuild| 122 +
.../libjpeg-turbo/libjpeg-turbo-2.0.4-r1.ebuild| 108 ++
4 files changed, 307 insertions(+)
diff --git
a/media-libs/libjpeg-turbo/files/libjpeg-turbo-1.5.3-CVE-2020-13790.patch
b/media-libs/libjpeg-turbo/files/libjpeg-turbo-1.5.3-CVE-2020-13790.patch
new file mode 100644
index 000..8a9fcbd7972
--- /dev/null
+++ b/media-libs/libjpeg-turbo/files/libjpeg-turbo-1.5.3-CVE-2020-13790.patch
@@ -0,0 +1,43 @@
+From 1bfb0b5247f4fc8f6677639781ce468543490216 Mon Sep 17 00:00:00 2001
+From: DRC
+Date: Tue, 2 Jun 2020 14:15:37 -0500
+Subject: [PATCH] rdppm.c: Fix buf overrun caused by bad binary PPM
+
+This extends the fix in 1e81b0c3ea26f4ea8f56de05367469333de64a9f to
+include binary PPM files with maximum values < 255, thus preventing a
+malformed binary PPM input file with those specifications from
+triggering an overrun of the rescale array and potentially crashing
+cjpeg, TJBench, or any program that uses the tjLoadImage() function.
+
+Fixes #433
+diff --git a/rdppm.c b/rdppm.c
+index c0c096218..899436eec 100644
+--- a/rdppm.c
b/rdppm.c
+@@ -5,7 +5,7 @@
+ * Copyright (C) 1991-1997, Thomas G. Lane.
+ * Modified 2009 by Bill Allombert, Guido Vollbeding.
+ * libjpeg-turbo Modifications:
+- * Copyright (C) 2015, 2016, D. R. Commander.
++ * Copyright (C) 2015, 2016, 2020, D. R. Commander.
+ * For conditions of distribution and use, see the accompanying README.ijg
+ * file.
+ *
+@@ -22,6 +22,7 @@
+ * the file is indeed PPM format).
+ */
+
++#define JPEG_INTERNALS
+ #include "cdjpeg.h" /* Common decls for cjpeg/djpeg applications
*/
+
+ #ifdef PPM_SUPPORTED
+@@ -425,7 +426,7 @@ start_input_ppm (j_compress_ptr cinfo, cjpeg_source_ptr
sinfo)
+ /* On 16-bit-int machines we have to be careful of maxval = 65535 */
+ source->rescale = (JSAMPLE *)
+ (*cinfo->mem->alloc_small) ((j_common_ptr) cinfo, JPOOL_IMAGE,
+- (size_t) (((long) maxval + 1L) *
++ (size_t) (((long) MAX(maxval, 255) + 1L) *
+ sizeof(JSAMPLE)));
+ half_maxval = maxval / 2;
+ for (val = 0; val <= (long) maxval; val++) {
+
diff --git
a/media-libs/libjpeg-turbo/files/libjpeg-turbo-2.0.4-CVE-2020-13790.patch
b/media-libs/libjpeg-turbo/files/libjpeg-turbo-2.0.4-CVE-2020-13790.patch
new file mode 100644
index 000..e88ac174684
--- /dev/null
+++ b/media-libs/libjpeg-turbo/files/libjpeg-turbo-2.0.4-CVE-2020-13790.patch
@@ -0,0 +1,34 @@
+From 3de15e0c344d11d4b90f4a47136467053eb2d09a Mon Sep 17 00:00:00 2001
+From: DRC
+Date: Tue, 2 Jun 2020 14:15:37 -0500
+Subject: [PATCH] rdppm.c: Fix buf overrun caused by bad binary PPM
+
+This extends the fix in 1e81b0c3ea26f4ea8f56de05367469333de64a9f to
+include binary PPM files with maximum values < 255, thus preventing a
+malformed binary PPM input file with those specifications from
+triggering an overrun of the rescale array and potentially crashing
+cjpeg, TJBench, or any program that uses the tjLoadImage() function.
+
+Fixes #433
+diff --git a/rdppm.c b/rdppm.c
+index 87bc33090..a8507b902 100644
+--- a/rdppm.c
b/rdppm.c
+@@ -5,7 +5,7 @@
+ * Copyright (C) 1991-1997, Thomas G. Lane.
+ * Modified 2009 by Bill Allombert, Guido Vollbeding.
+ * libjpeg-turbo Modifications:
+- * Copyright (C) 2015-2017, D. R. Commander.
++ * Copyright (C) 2015-2017, 2020, D. R. Commander.
+ * For conditions of distribution and use, see the accompanying README.ijg
+ * file.
+ *
+@@ -720,7 +720,7 @@ start_input_ppm(j_compress_ptr cinfo, cjpeg_source_ptr
sinfo)
+ /* On 16-bit-int machines we have to be careful of maxval = 65535 */
+ source->rescale = (JSAMPLE *)
+ (*cinfo->mem->alloc_small) ((j_common_ptr)cinfo, JPOOL_IMAGE,
+- (size_t)(((long)maxval + 1L) *
++ (size_t)(((long)MAX(maxval, 255) + 1L) *
+sizeof(JSAMPLE)));
+ half_maxval = maxval / 2;
+ for (val = 0; val <= (long)maxval; val++) {
diff --git a/media-libs/libjpeg-turbo/libjpeg-turbo-1.5.3-r3.ebuild
b/media-libs/libjpeg-turbo/libjpeg-turbo-1.5.3-r3.ebuild
new file mode 100644
index
[gentoo-commits] repo/gentoo:master commit in: media-libs/libjpeg-turbo/files/, media-libs/libjpeg-turbo/
commit: 8110962edc520001b3d2059be69702a1ceccee9b
Author: Sam James (sam_c) cmpct info>
AuthorDate: Thu Jun 11 00:37:52 2020 +
Commit: Mike Gilbert gentoo org>
CommitDate: Sat Jun 13 16:30:39 2020 +
URL:https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=8110962e
media-libs/libjpeg-turbo: Patch CVE-2020-13790
Bug: https://bugs.gentoo.org/727010
Package-Manager: Portage-2.3.99, Repoman-2.3.22
Signed-off-by: Sam James (sam_c) cmpct.info>
Signed-off-by: Mike Gilbert gentoo.org>
Closes: https://github.com/gentoo/gentoo/pull/16184
.../files/libjpeg-turbo-1.5.3-CVE-2020-13790.patch | 43
.../files/libjpeg-turbo-2.0.4-CVE-2020-13790.patch | 34 ++
.../libjpeg-turbo/libjpeg-turbo-1.5.3-r3.ebuild| 122 +
.../libjpeg-turbo/libjpeg-turbo-2.0.4-r1.ebuild| 108 ++
4 files changed, 307 insertions(+)
diff --git
a/media-libs/libjpeg-turbo/files/libjpeg-turbo-1.5.3-CVE-2020-13790.patch
b/media-libs/libjpeg-turbo/files/libjpeg-turbo-1.5.3-CVE-2020-13790.patch
new file mode 100644
index 000..8a9fcbd7972
--- /dev/null
+++ b/media-libs/libjpeg-turbo/files/libjpeg-turbo-1.5.3-CVE-2020-13790.patch
@@ -0,0 +1,43 @@
+From 1bfb0b5247f4fc8f6677639781ce468543490216 Mon Sep 17 00:00:00 2001
+From: DRC
+Date: Tue, 2 Jun 2020 14:15:37 -0500
+Subject: [PATCH] rdppm.c: Fix buf overrun caused by bad binary PPM
+
+This extends the fix in 1e81b0c3ea26f4ea8f56de05367469333de64a9f to
+include binary PPM files with maximum values < 255, thus preventing a
+malformed binary PPM input file with those specifications from
+triggering an overrun of the rescale array and potentially crashing
+cjpeg, TJBench, or any program that uses the tjLoadImage() function.
+
+Fixes #433
+diff --git a/rdppm.c b/rdppm.c
+index c0c096218..899436eec 100644
+--- a/rdppm.c
b/rdppm.c
+@@ -5,7 +5,7 @@
+ * Copyright (C) 1991-1997, Thomas G. Lane.
+ * Modified 2009 by Bill Allombert, Guido Vollbeding.
+ * libjpeg-turbo Modifications:
+- * Copyright (C) 2015, 2016, D. R. Commander.
++ * Copyright (C) 2015, 2016, 2020, D. R. Commander.
+ * For conditions of distribution and use, see the accompanying README.ijg
+ * file.
+ *
+@@ -22,6 +22,7 @@
+ * the file is indeed PPM format).
+ */
+
++#define JPEG_INTERNALS
+ #include "cdjpeg.h" /* Common decls for cjpeg/djpeg applications
*/
+
+ #ifdef PPM_SUPPORTED
+@@ -425,7 +426,7 @@ start_input_ppm (j_compress_ptr cinfo, cjpeg_source_ptr
sinfo)
+ /* On 16-bit-int machines we have to be careful of maxval = 65535 */
+ source->rescale = (JSAMPLE *)
+ (*cinfo->mem->alloc_small) ((j_common_ptr) cinfo, JPOOL_IMAGE,
+- (size_t) (((long) maxval + 1L) *
++ (size_t) (((long) MAX(maxval, 255) + 1L) *
+ sizeof(JSAMPLE)));
+ half_maxval = maxval / 2;
+ for (val = 0; val <= (long) maxval; val++) {
+
diff --git
a/media-libs/libjpeg-turbo/files/libjpeg-turbo-2.0.4-CVE-2020-13790.patch
b/media-libs/libjpeg-turbo/files/libjpeg-turbo-2.0.4-CVE-2020-13790.patch
new file mode 100644
index 000..e88ac174684
--- /dev/null
+++ b/media-libs/libjpeg-turbo/files/libjpeg-turbo-2.0.4-CVE-2020-13790.patch
@@ -0,0 +1,34 @@
+From 3de15e0c344d11d4b90f4a47136467053eb2d09a Mon Sep 17 00:00:00 2001
+From: DRC
+Date: Tue, 2 Jun 2020 14:15:37 -0500
+Subject: [PATCH] rdppm.c: Fix buf overrun caused by bad binary PPM
+
+This extends the fix in 1e81b0c3ea26f4ea8f56de05367469333de64a9f to
+include binary PPM files with maximum values < 255, thus preventing a
+malformed binary PPM input file with those specifications from
+triggering an overrun of the rescale array and potentially crashing
+cjpeg, TJBench, or any program that uses the tjLoadImage() function.
+
+Fixes #433
+diff --git a/rdppm.c b/rdppm.c
+index 87bc33090..a8507b902 100644
+--- a/rdppm.c
b/rdppm.c
+@@ -5,7 +5,7 @@
+ * Copyright (C) 1991-1997, Thomas G. Lane.
+ * Modified 2009 by Bill Allombert, Guido Vollbeding.
+ * libjpeg-turbo Modifications:
+- * Copyright (C) 2015-2017, D. R. Commander.
++ * Copyright (C) 2015-2017, 2020, D. R. Commander.
+ * For conditions of distribution and use, see the accompanying README.ijg
+ * file.
+ *
+@@ -720,7 +720,7 @@ start_input_ppm(j_compress_ptr cinfo, cjpeg_source_ptr
sinfo)
+ /* On 16-bit-int machines we have to be careful of maxval = 65535 */
+ source->rescale = (JSAMPLE *)
+ (*cinfo->mem->alloc_small) ((j_common_ptr)cinfo, JPOOL_IMAGE,
+- (size_t)(((long)maxval + 1L) *
++ (size_t)(((long)MAX(maxval, 255) + 1L) *
+sizeof(JSAMPLE)));
+ half_maxval = maxval / 2;
+ for (val = 0; val <= (long)maxval; val++) {
diff --git a/media-libs/libjpeg-turbo/libjpeg-turbo-1.5.3-r3.ebuild
b/media-libs/libjpeg-turbo/libjpeg-turbo-1.5.3-r3.ebuild
new file mode 100644
index
[gentoo-commits] repo/gentoo:master commit in: media-libs/libjpeg-turbo/files/, media-libs/libjpeg-turbo/
commit: 0ba1f0cf1f00c16bd2efcf96fcba79f17dffc0ee
Author: Jason Zaman gentoo org>
AuthorDate: Thu Aug 16 11:01:30 2018 +
Commit: Jason Zaman gentoo org>
CommitDate: Thu Aug 16 11:02:03 2018 +
URL:https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=0ba1f0cf
media-libs/libjpeg-turbo-1.5.3-r2: Fix CVE-2018-11813
libjpeg 9c has a large loop because read_pixel in rdtarga.c mishandles EOF
https://nvd.nist.gov/vuln/detail/CVE-2018-11813
Bug: https://bugs.gentoo.org/658624
Package-Manager: Portage-2.3.40, Repoman-2.3.9
.../files/libjpeg-turbo-1.5.3-cve-2018-11813.patch | 45 ++
...5.3-r1.ebuild => libjpeg-turbo-1.5.3-r2.ebuild} | 1 +
2 files changed, 46 insertions(+)
diff --git
a/media-libs/libjpeg-turbo/files/libjpeg-turbo-1.5.3-cve-2018-11813.patch
b/media-libs/libjpeg-turbo/files/libjpeg-turbo-1.5.3-cve-2018-11813.patch
new file mode 100644
index 000..f99a1ab27f9
--- /dev/null
+++ b/media-libs/libjpeg-turbo/files/libjpeg-turbo-1.5.3-cve-2018-11813.patch
@@ -0,0 +1,45 @@
+From 909a8cfc7bca9b2e6707425bdb74da997e8fa499 Mon Sep 17 00:00:00 2001
+From: DRC
+Date: Tue, 12 Jun 2018 16:08:26 -0500
+Subject: [PATCH] Fix CVE-2018-11813
+
+Refer to change log for details.
+
+Fixes #242
+---
+ ChangeLog.md | 14 ++
+ rdtarga.c| 6 ++
+ 2 files changed, 16 insertions(+), 4 deletions(-)
+
+--- libjpeg-turbo-1.5.3/rdtarga.c
libjpeg-turbo-1.5.3/rdtarga.c
+@@ -125,11 +125,10 @@
+ read_non_rle_pixel (tga_source_ptr sinfo)
+ /* Read one Targa pixel from the input file; no RLE expansion */
+ {
+- register FILE *infile = sinfo->pub.input_file;
+ register int i;
+
+ for (i = 0; i < sinfo->pixel_size; i++) {
+-sinfo->tga_pixel[i] = (U_CHAR) getc(infile);
++sinfo->tga_pixel[i] = (U_CHAR) read_byte(sinfo);
+ }
+ }
+
+@@ -138,7 +137,6 @@
+ read_rle_pixel (tga_source_ptr sinfo)
+ /* Read one Targa pixel from the input file, expanding RLE data as needed */
+ {
+- register FILE *infile = sinfo->pub.input_file;
+ register int i;
+
+ /* Duplicate previously read pixel? */
+@@ -160,7 +158,7 @@
+
+ /* Read next pixel */
+ for (i = 0; i < sinfo->pixel_size; i++) {
+-sinfo->tga_pixel[i] = (U_CHAR) getc(infile);
++sinfo->tga_pixel[i] = (U_CHAR) read_byte(sinfo);
+ }
+ }
+
diff --git a/media-libs/libjpeg-turbo/libjpeg-turbo-1.5.3-r1.ebuild
b/media-libs/libjpeg-turbo/libjpeg-turbo-1.5.3-r2.ebuild
similarity index 98%
rename from media-libs/libjpeg-turbo/libjpeg-turbo-1.5.3-r1.ebuild
rename to media-libs/libjpeg-turbo/libjpeg-turbo-1.5.3-r2.ebuild
index a18bcc5812b..578f104e04f 100644
--- a/media-libs/libjpeg-turbo/libjpeg-turbo-1.5.3-r1.ebuild
+++ b/media-libs/libjpeg-turbo/libjpeg-turbo-1.5.3-r2.ebuild
@@ -36,6 +36,7 @@ MULTILIB_WRAPPED_HEADERS=( /usr/include/jconfig.h )
PATCHES=(
"${FILESDIR}"/${PN}-1.2.0-x32.patch #420239
"${FILESDIR}"/${P}-divzero_fix.patch #658624
+ "${FILESDIR}"/${P}-cve-2018-11813.patch
)
src_prepare() {
[gentoo-commits] repo/gentoo:master commit in: media-libs/libjpeg-turbo/files/, media-libs/libjpeg-turbo/
commit: bcd7c70dc22c55d74cfcfb75b3acc8c68120cca3
Author: Markus Meier gentoo org>
AuthorDate: Thu Feb 25 17:14:01 2016 +
Commit: Markus Meier gentoo org>
CommitDate: Thu Feb 25 17:14:01 2016 +
URL:https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=bcd7c70d
media-libs/libjpeg-turbo: remove old, bug #531418
Package-Manager: portage-2.2.27
media-libs/libjpeg-turbo/Manifest | 4 -
...ibjpeg-turbo-1.3.0-CVE-2013-6629-and-6630.patch | 38 ---
.../files/libjpeg-turbo-1.3.1-jstdhuff.patch | 301 -
.../files/libjpeg-turbo-1.3.1-overrun.patch| 21 --
.../libjpeg-turbo/libjpeg-turbo-1.3.0-r3.ebuild| 122 -
.../libjpeg-turbo/libjpeg-turbo-1.3.1-r1.ebuild| 118
.../libjpeg-turbo/libjpeg-turbo-1.3.1.ebuild | 121 -
.../libjpeg-turbo/libjpeg-turbo-1.4.1.ebuild | 117
8 files changed, 842 deletions(-)
diff --git a/media-libs/libjpeg-turbo/Manifest
b/media-libs/libjpeg-turbo/Manifest
index bd41654..c5ef8cc 100644
--- a/media-libs/libjpeg-turbo/Manifest
+++ b/media-libs/libjpeg-turbo/Manifest
@@ -1,6 +1,2 @@
-DIST libjpeg-turbo-1.3.0.tar.gz 1361603 SHA256
2657008cfc08aadbaca065bd9f8964b8a2c0abd03e73da5b5f09c1216be31234 SHA512
4d34c3c5f2cdd70b2a3d1b55eeb4ce59cb3d4b8d22bb6d43c2ec844b7eb5685b55a9b1b46ad2bc5f2756b5f5535ccad032791c3b932af9c1efc502aa5e701053
WHIRLPOOL
13c1366b9bef87cab42c88f75d1ff7eddb4ea745e0056154f1f3fb27deedee077d662395bada3bd5c18d6f8bf744d0b1f3d465967d33b453ea2acc327a6f166f
-DIST libjpeg-turbo-1.3.1.tar.gz 1390282 SHA256
c132907417ddc40ed552fe53d6b91d5fecbb14a356a60ddc7ea50d6be9666fb9 SHA512
6b02dc617e291b357230ef3e8cfcd27f9acc8c3e9f1c869ab0a08e9e13711b87156c6cd1aaa1a6406a873fc6732f44c8a7d94a5d6688d24b14ac63a96ee52081
WHIRLPOOL
f978b24d0a4e63a421822c2114c0cfc87cbc1dedd648ddc2e97e24ee19dc5584433b1da7d41a64f0ae37b50799a273165aaec6f1377ed35a7971dbe8a0b6a8d5
-DIST libjpeg-turbo-1.4.1.tar.gz 1529614 SHA256
4bf5bad4ce85625bffbbd9912211e06790e00fb982b77724af7211034efafb08 SHA512
81197fdac40c55cb9820b832c55dab9dd5aa19427a22feb6027510a4dc9c45aeea6a37203447600481f5162a0a2ca972324997cc89fc7e51b51808260df0598d
WHIRLPOOL
b1c2a225720216b602dfda04a3ecf52d2251ea775c44d2cd872e9c33f43f4275ca2fbfaccba8d493c12ece4023f0c4e0c3c029837bdaff577bc401ee46a14433
DIST libjpeg-turbo-1.4.2.tar.gz 1569306 SHA256
521bb5d3043e7ac063ce3026d9a59cc2ab2e9636c655a2515af5f4706122233e SHA512
9bd27c917c29125c425469eb0fdf99b802f25095f187fb416bd7c05e4af95a32404bbb0d06b77343d35d3461029500decf3481337b2eade9e57b58dea69719ee
WHIRLPOOL
4a6dfefee5d50b19474a5b0a8b2e3c06a403538985b9cf369a51d3cb2a9e2a0bbb6ac314e1e85d4432a44a8a381472c4e8be1286de909f3f47407692a583a01b
-DIST libjpeg8_8d-1.debian.tar.gz 13676 SHA256
70ec6689b0ad85739802cf3ebbdcc12ea01e21edd8f931c614b25b44cf199057 SHA512
7def4f13524f0af3b9adf35a370027a18f43b9a635f56a17d5bb7883370db8b18b8a12737d0f0cb4b0287ccf8fb474eb5f754de6b398ffe7d522c54e5bf68040
WHIRLPOOL
94526c31d401eb14c9bf0f7115e13a27886ad58863e25d6653eba2b2f5ef260ec272368d2b9d9934bd75b1e5b5f1afc97230e540248efc24d6e85e5680399d27
DIST libjpeg8_8d-2.debian.tar.gz 14764 SHA256
9b36468b2aba24d63d3c87625de89f31834ac429e6dec7d68d86a52b5110219c SHA512
8c5959fb7583a2d61e9442187f67b91b45e72d9dd30db3360d583a3b5d8e1a908db5659f760bdd455b3056e6ae3535b2fd3b847df3d58b140a1816b754003675
WHIRLPOOL
bda41c37f3f57733fcd86969126f6dbede2fbf633b0168265a7fe353fb7f3cd995a94e7987bac472957ec6fb0b2dc34d5dd646f0de79e06bc94e59d7cf440939
diff --git
a/media-libs/libjpeg-turbo/files/libjpeg-turbo-1.3.0-CVE-2013-6629-and-6630.patch
b/media-libs/libjpeg-turbo/files/libjpeg-turbo-1.3.0-CVE-2013-6629-and-6630.patch
deleted file mode 100644
index 46eefad..000
---
a/media-libs/libjpeg-turbo/files/libjpeg-turbo-1.3.0-CVE-2013-6629-and-6630.patch
+++ /dev/null
@@ -1,38 +0,0 @@
-http://bugzilla.redhat.com/show_bug.cgi?id=1031734
-http://bugzilla.redhat.com/show_bug.cgi?id=1031749
-http://sourceforge.net/p/libjpeg-turbo/code/1090/
-
jdmarker.c
-+++ jdmarker.c
-@@ -304,7 +304,7 @@
- /* Process a SOS marker */
- {
- INT32 length;
-- int i, ci, n, c, cc;
-+ int i, ci, n, c, cc, pi;
- jpeg_component_info * compptr;
- INPUT_VARS(cinfo);
-
-@@ -348,6 +348,13 @@
-
- TRACEMS3(cinfo, 1, JTRC_SOS_COMPONENT, cc,
-compptr->dc_tbl_no, compptr->ac_tbl_no);
-+
-+/* This CSi (cc) should differ from the previous CSi */
-+for (pi = 0; pi < i; pi++) {
-+ if (cinfo->cur_comp_info[pi] == compptr) {
-+ERREXIT1(cinfo, JERR_BAD_COMPONENT_ID, cc);
-+ }
-+}
- }
-
- /* Collect the additional scan parameters Ss, Se, Ah/Al. */
-@@ -465,6 +472,8 @@
- for (i = 0; i < count; i++)
- INPUT_BYTE(cinfo, huffval[i], return FALSE);
-
-+MEMZERO(&huffval[count], (256 - count) * SIZEOF(UINT8));
-+
- length -= count;
-
- if (index & 0x10) { /* AC table definition */
diff --git a/media-libs/libjpeg-turbo/files/libjpeg-turbo-1.3.1-jstdhuff.pa
[gentoo-commits] repo/gentoo:master commit in: media-libs/libjpeg-turbo/files/, media-libs/libjpeg-turbo/
commit: 0ba1f0cf1f00c16bd2efcf96fcba79f17dffc0ee
Author: Jason Zaman gentoo org>
AuthorDate: Thu Aug 16 11:01:30 2018 +
Commit: Jason Zaman gentoo org>
CommitDate: Thu Aug 16 11:02:03 2018 +
URL:https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=0ba1f0cf
media-libs/libjpeg-turbo-1.5.3-r2: Fix CVE-2018-11813
libjpeg 9c has a large loop because read_pixel in rdtarga.c mishandles EOF
https://nvd.nist.gov/vuln/detail/CVE-2018-11813
Bug: https://bugs.gentoo.org/658624
Package-Manager: Portage-2.3.40, Repoman-2.3.9
.../files/libjpeg-turbo-1.5.3-cve-2018-11813.patch | 45 ++
...5.3-r1.ebuild => libjpeg-turbo-1.5.3-r2.ebuild} | 1 +
2 files changed, 46 insertions(+)
diff --git
a/media-libs/libjpeg-turbo/files/libjpeg-turbo-1.5.3-cve-2018-11813.patch
b/media-libs/libjpeg-turbo/files/libjpeg-turbo-1.5.3-cve-2018-11813.patch
new file mode 100644
index 000..f99a1ab27f9
--- /dev/null
+++ b/media-libs/libjpeg-turbo/files/libjpeg-turbo-1.5.3-cve-2018-11813.patch
@@ -0,0 +1,45 @@
+From 909a8cfc7bca9b2e6707425bdb74da997e8fa499 Mon Sep 17 00:00:00 2001
+From: DRC
+Date: Tue, 12 Jun 2018 16:08:26 -0500
+Subject: [PATCH] Fix CVE-2018-11813
+
+Refer to change log for details.
+
+Fixes #242
+---
+ ChangeLog.md | 14 ++
+ rdtarga.c| 6 ++
+ 2 files changed, 16 insertions(+), 4 deletions(-)
+
+--- libjpeg-turbo-1.5.3/rdtarga.c
libjpeg-turbo-1.5.3/rdtarga.c
+@@ -125,11 +125,10 @@
+ read_non_rle_pixel (tga_source_ptr sinfo)
+ /* Read one Targa pixel from the input file; no RLE expansion */
+ {
+- register FILE *infile = sinfo->pub.input_file;
+ register int i;
+
+ for (i = 0; i < sinfo->pixel_size; i++) {
+-sinfo->tga_pixel[i] = (U_CHAR) getc(infile);
++sinfo->tga_pixel[i] = (U_CHAR) read_byte(sinfo);
+ }
+ }
+
+@@ -138,7 +137,6 @@
+ read_rle_pixel (tga_source_ptr sinfo)
+ /* Read one Targa pixel from the input file, expanding RLE data as needed */
+ {
+- register FILE *infile = sinfo->pub.input_file;
+ register int i;
+
+ /* Duplicate previously read pixel? */
+@@ -160,7 +158,7 @@
+
+ /* Read next pixel */
+ for (i = 0; i < sinfo->pixel_size; i++) {
+-sinfo->tga_pixel[i] = (U_CHAR) getc(infile);
++sinfo->tga_pixel[i] = (U_CHAR) read_byte(sinfo);
+ }
+ }
+
diff --git a/media-libs/libjpeg-turbo/libjpeg-turbo-1.5.3-r1.ebuild
b/media-libs/libjpeg-turbo/libjpeg-turbo-1.5.3-r2.ebuild
similarity index 98%
rename from media-libs/libjpeg-turbo/libjpeg-turbo-1.5.3-r1.ebuild
rename to media-libs/libjpeg-turbo/libjpeg-turbo-1.5.3-r2.ebuild
index a18bcc5812b..578f104e04f 100644
--- a/media-libs/libjpeg-turbo/libjpeg-turbo-1.5.3-r1.ebuild
+++ b/media-libs/libjpeg-turbo/libjpeg-turbo-1.5.3-r2.ebuild
@@ -36,6 +36,7 @@ MULTILIB_WRAPPED_HEADERS=( /usr/include/jconfig.h )
PATCHES=(
"${FILESDIR}"/${PN}-1.2.0-x32.patch #420239
"${FILESDIR}"/${P}-divzero_fix.patch #658624
+ "${FILESDIR}"/${P}-cve-2018-11813.patch
)
src_prepare() {
[gentoo-commits] repo/gentoo:master commit in: media-libs/libjpeg-turbo/files/, media-libs/libjpeg-turbo/
commit: bcd7c70dc22c55d74cfcfb75b3acc8c68120cca3
Author: Markus Meier gentoo org>
AuthorDate: Thu Feb 25 17:14:01 2016 +
Commit: Markus Meier gentoo org>
CommitDate: Thu Feb 25 17:14:01 2016 +
URL:https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=bcd7c70d
media-libs/libjpeg-turbo: remove old, bug #531418
Package-Manager: portage-2.2.27
media-libs/libjpeg-turbo/Manifest | 4 -
...ibjpeg-turbo-1.3.0-CVE-2013-6629-and-6630.patch | 38 ---
.../files/libjpeg-turbo-1.3.1-jstdhuff.patch | 301 -
.../files/libjpeg-turbo-1.3.1-overrun.patch| 21 --
.../libjpeg-turbo/libjpeg-turbo-1.3.0-r3.ebuild| 122 -
.../libjpeg-turbo/libjpeg-turbo-1.3.1-r1.ebuild| 118
.../libjpeg-turbo/libjpeg-turbo-1.3.1.ebuild | 121 -
.../libjpeg-turbo/libjpeg-turbo-1.4.1.ebuild | 117
8 files changed, 842 deletions(-)
diff --git a/media-libs/libjpeg-turbo/Manifest
b/media-libs/libjpeg-turbo/Manifest
index bd41654..c5ef8cc 100644
--- a/media-libs/libjpeg-turbo/Manifest
+++ b/media-libs/libjpeg-turbo/Manifest
@@ -1,6 +1,2 @@
-DIST libjpeg-turbo-1.3.0.tar.gz 1361603 SHA256
2657008cfc08aadbaca065bd9f8964b8a2c0abd03e73da5b5f09c1216be31234 SHA512
4d34c3c5f2cdd70b2a3d1b55eeb4ce59cb3d4b8d22bb6d43c2ec844b7eb5685b55a9b1b46ad2bc5f2756b5f5535ccad032791c3b932af9c1efc502aa5e701053
WHIRLPOOL
13c1366b9bef87cab42c88f75d1ff7eddb4ea745e0056154f1f3fb27deedee077d662395bada3bd5c18d6f8bf744d0b1f3d465967d33b453ea2acc327a6f166f
-DIST libjpeg-turbo-1.3.1.tar.gz 1390282 SHA256
c132907417ddc40ed552fe53d6b91d5fecbb14a356a60ddc7ea50d6be9666fb9 SHA512
6b02dc617e291b357230ef3e8cfcd27f9acc8c3e9f1c869ab0a08e9e13711b87156c6cd1aaa1a6406a873fc6732f44c8a7d94a5d6688d24b14ac63a96ee52081
WHIRLPOOL
f978b24d0a4e63a421822c2114c0cfc87cbc1dedd648ddc2e97e24ee19dc5584433b1da7d41a64f0ae37b50799a273165aaec6f1377ed35a7971dbe8a0b6a8d5
-DIST libjpeg-turbo-1.4.1.tar.gz 1529614 SHA256
4bf5bad4ce85625bffbbd9912211e06790e00fb982b77724af7211034efafb08 SHA512
81197fdac40c55cb9820b832c55dab9dd5aa19427a22feb6027510a4dc9c45aeea6a37203447600481f5162a0a2ca972324997cc89fc7e51b51808260df0598d
WHIRLPOOL
b1c2a225720216b602dfda04a3ecf52d2251ea775c44d2cd872e9c33f43f4275ca2fbfaccba8d493c12ece4023f0c4e0c3c029837bdaff577bc401ee46a14433
DIST libjpeg-turbo-1.4.2.tar.gz 1569306 SHA256
521bb5d3043e7ac063ce3026d9a59cc2ab2e9636c655a2515af5f4706122233e SHA512
9bd27c917c29125c425469eb0fdf99b802f25095f187fb416bd7c05e4af95a32404bbb0d06b77343d35d3461029500decf3481337b2eade9e57b58dea69719ee
WHIRLPOOL
4a6dfefee5d50b19474a5b0a8b2e3c06a403538985b9cf369a51d3cb2a9e2a0bbb6ac314e1e85d4432a44a8a381472c4e8be1286de909f3f47407692a583a01b
-DIST libjpeg8_8d-1.debian.tar.gz 13676 SHA256
70ec6689b0ad85739802cf3ebbdcc12ea01e21edd8f931c614b25b44cf199057 SHA512
7def4f13524f0af3b9adf35a370027a18f43b9a635f56a17d5bb7883370db8b18b8a12737d0f0cb4b0287ccf8fb474eb5f754de6b398ffe7d522c54e5bf68040
WHIRLPOOL
94526c31d401eb14c9bf0f7115e13a27886ad58863e25d6653eba2b2f5ef260ec272368d2b9d9934bd75b1e5b5f1afc97230e540248efc24d6e85e5680399d27
DIST libjpeg8_8d-2.debian.tar.gz 14764 SHA256
9b36468b2aba24d63d3c87625de89f31834ac429e6dec7d68d86a52b5110219c SHA512
8c5959fb7583a2d61e9442187f67b91b45e72d9dd30db3360d583a3b5d8e1a908db5659f760bdd455b3056e6ae3535b2fd3b847df3d58b140a1816b754003675
WHIRLPOOL
bda41c37f3f57733fcd86969126f6dbede2fbf633b0168265a7fe353fb7f3cd995a94e7987bac472957ec6fb0b2dc34d5dd646f0de79e06bc94e59d7cf440939
diff --git
a/media-libs/libjpeg-turbo/files/libjpeg-turbo-1.3.0-CVE-2013-6629-and-6630.patch
b/media-libs/libjpeg-turbo/files/libjpeg-turbo-1.3.0-CVE-2013-6629-and-6630.patch
deleted file mode 100644
index 46eefad..000
---
a/media-libs/libjpeg-turbo/files/libjpeg-turbo-1.3.0-CVE-2013-6629-and-6630.patch
+++ /dev/null
@@ -1,38 +0,0 @@
-http://bugzilla.redhat.com/show_bug.cgi?id=1031734
-http://bugzilla.redhat.com/show_bug.cgi?id=1031749
-http://sourceforge.net/p/libjpeg-turbo/code/1090/
-
jdmarker.c
-+++ jdmarker.c
-@@ -304,7 +304,7 @@
- /* Process a SOS marker */
- {
- INT32 length;
-- int i, ci, n, c, cc;
-+ int i, ci, n, c, cc, pi;
- jpeg_component_info * compptr;
- INPUT_VARS(cinfo);
-
-@@ -348,6 +348,13 @@
-
- TRACEMS3(cinfo, 1, JTRC_SOS_COMPONENT, cc,
-compptr->dc_tbl_no, compptr->ac_tbl_no);
-+
-+/* This CSi (cc) should differ from the previous CSi */
-+for (pi = 0; pi < i; pi++) {
-+ if (cinfo->cur_comp_info[pi] == compptr) {
-+ERREXIT1(cinfo, JERR_BAD_COMPONENT_ID, cc);
-+ }
-+}
- }
-
- /* Collect the additional scan parameters Ss, Se, Ah/Al. */
-@@ -465,6 +472,8 @@
- for (i = 0; i < count; i++)
- INPUT_BYTE(cinfo, huffval[i], return FALSE);
-
-+MEMZERO(&huffval[count], (256 - count) * SIZEOF(UINT8));
-+
- length -= count;
-
- if (index & 0x10) { /* AC table definition */
diff --git a/media-libs/libjpeg-turbo/files/libjpeg-turbo-1.3.1-jstdhuff.pa
[gentoo-commits] repo/gentoo:master commit in: media-libs/libjpeg-turbo/files/, media-libs/libjpeg-turbo/
commit: 0d7aaed3e9ca8dfda55d24bdb1c6f8d81251873f
Author: Matt Whitlock mattwhitlock name>
AuthorDate: Wed Feb 8 00:44:18 2023 +
Commit: Sam James gentoo org>
CommitDate: Wed Feb 8 00:50:53 2023 +
URL:https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=0d7aaed3
media-libs/libjpeg-turbo: add patch to avoid SIGILL for 2.1.5
See: https://github.com/libjpeg-turbo/libjpeg-turbo/issues/649
Signed-off-by: Matt Whitlock mattwhitlock.name>
Closes: https://github.com/gentoo/gentoo/pull/29473
Signed-off-by: Sam James gentoo.org>
...-initialize-simd_support-before-every-use.patch | 442 +
...-2.1.5.ebuild => libjpeg-turbo-2.1.5-r1.ebuild} | 4 +
2 files changed, 446 insertions(+)
diff --git
a/media-libs/libjpeg-turbo/files/2.1.5-initialize-simd_support-before-every-use.patch
b/media-libs/libjpeg-turbo/files/2.1.5-initialize-simd_support-before-every-use.patch
new file mode 100644
index ..8ab7ede422b1
--- /dev/null
+++
b/media-libs/libjpeg-turbo/files/2.1.5-initialize-simd_support-before-every-use.patch
@@ -0,0 +1,442 @@
+From d743a2c12e889f7605a56f5144ae2e3899c9dd4f Mon Sep 17 00:00:00 2001
+From: DRC
+Date: Thu, 2 Feb 2023 08:55:37 -0600
+Subject: [PATCH] SIMD/x86: Initialize simd_support before every use
+
+As long as a libjpeg instance is only used by one thread at a time, a
+program is technically within its rights to call jpeg_start_*compress()
+in one thread and jpeg_(read|write)_*(), with the same libjpeg instance,
+in a second thread. However, because the various jsimd_can*() functions
+are called within the body of jpeg_start_*compress() and simd_support is
+now thread-local (due to f579cc11b33e5bfeb9931e37cc74b4a33c95d2e6), that
+led to a situation in which simd_support was initialized in the first
+thread but not the second. The uninitialized value of simd_support is
+0x, which the second thread interpreted to mean that it could
+use any instruction set, and when it attempted to use AVX2 instructions
+on a CPU that didn't support them, an illegal instruction error
+occurred.
+
+This issue was known to affect libvips.
+
+This commit modifies the i386 and x86-64 SIMD dispatchers so that the
+various jsimd_*() functions always call init_simd(), if simd_support is
+uninitialized, prior to dispatching based on the value of simd_support.
+Note that the other SIMD dispatchers don't need this, because only the
+x86 SIMD extensions currently support multiple instruction sets.
+
+This patch has been verified to be performance-neutral to within
++/- 0.4% with 32-bit and 64-bit code running on a 2.8 GHz Intel Xeon
+W3530 and a 3.6 GHz Intel Xeon W2123.
+
+Fixes #649
+---
+ simd/i386/jsimd.c | 71 -
+ simd/x86_64/jsimd.c | 47 +-
+ 2 files changed, 116 insertions(+), 2 deletions(-)
+
+diff --git a/simd/i386/jsimd.c b/simd/i386/jsimd.c
+index 7bd61b62f..b429b0a53 100644
+--- a/simd/i386/jsimd.c
b/simd/i386/jsimd.c
+@@ -2,7 +2,7 @@
+ * jsimd_i386.c
+ *
+ * Copyright 2009 Pierre Ossman for Cendio AB
+- * Copyright (C) 2009-2011, 2013-2014, 2016, 2018, 2022, D. R. Commander.
++ * Copyright (C) 2009-2011, 2013-2014, 2016, 2018, 2022-2023, D. R. Commander.
+ * Copyright (C) 2015-2016, 2018, 2022, Matthieu Darbois.
+ *
+ * Based on the x86 SIMD extension for IJG JPEG library,
+@@ -158,6 +158,9 @@ jsimd_rgb_ycc_convert(j_compress_ptr cinfo, JSAMPARRAY
input_buf,
+ void (*sse2fct) (JDIMENSION, JSAMPARRAY, JSAMPIMAGE, JDIMENSION, int);
+ void (*mmxfct) (JDIMENSION, JSAMPARRAY, JSAMPIMAGE, JDIMENSION, int);
+
++ if (simd_support == ~0U)
++init_simd();
++
+ switch (cinfo->in_color_space) {
+ case JCS_EXT_RGB:
+ avx2fct = jsimd_extrgb_ycc_convert_avx2;
+@@ -217,6 +220,9 @@ jsimd_rgb_gray_convert(j_compress_ptr cinfo, JSAMPARRAY
input_buf,
+ void (*sse2fct) (JDIMENSION, JSAMPARRAY, JSAMPIMAGE, JDIMENSION, int);
+ void (*mmxfct) (JDIMENSION, JSAMPARRAY, JSAMPIMAGE, JDIMENSION, int);
+
++ if (simd_support == ~0U)
++init_simd();
++
+ switch (cinfo->in_color_space) {
+ case JCS_EXT_RGB:
+ avx2fct = jsimd_extrgb_gray_convert_avx2;
+@@ -276,6 +282,9 @@ jsimd_ycc_rgb_convert(j_decompress_ptr cinfo, JSAMPIMAGE
input_buf,
+ void (*sse2fct) (JDIMENSION, JSAMPIMAGE, JDIMENSION, JSAMPARRAY, int);
+ void (*mmxfct) (JDIMENSION, JSAMPIMAGE, JDIMENSION, JSAMPARRAY, int);
+
++ if (simd_support == ~0U)
++init_simd();
++
+ switch (cinfo->out_color_space) {
+ case JCS_EXT_RGB:
+ avx2fct = jsimd_ycc_extrgb_convert_avx2;
+@@ -379,6 +388,9 @@ GLOBAL(void)
+ jsimd_h2v2_downsample(j_compress_ptr cinfo, jpeg_component_info *compptr,
+ JSAMPARRAY input_data, JSAMPARRAY output_data)
+ {
++ if (simd_support == ~0U)
++init_simd();
++
+ if (simd_support & JSIMD_AVX2)
+ jsimd_h2v2_downsample_avx2(cinfo->image_width, cinfo->max_v_samp_factor,
+compptr->v_samp_factor,
+@@ -399
