summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorSam James <sam@gentoo.org>2020-07-19 18:28:15 +0000
committerSam James <sam@gentoo.org>2020-07-19 18:28:16 +0000
commit3c8aa035785724e5c7dad46b35c25500d4c7135a (patch)
tree9175639615a250309f993749ecb3b67cd6967aeb /media-libs/jbig2dec
parentdev-python/jedi: Bump to 0.17.2 (diff)
downloadgentoo-3c8aa035785724e5c7dad46b35c25500d4c7135a.tar.gz
gentoo-3c8aa035785724e5c7dad46b35c25500d4c7135a.tar.bz2
gentoo-3c8aa035785724e5c7dad46b35c25500d4c7135a.zip
media-libs/jbig2dec: security bump to 0.18
Bump to 0.18, but while we're here, add support for newer Pythons at build time. We include two additional upstream patches post-release which look security-relevant. Bug: https://bugs.gentoo.org/719730 Package-Manager: Portage-2.3.103, Repoman-2.3.23 Signed-off-by: Sam James <sam@gentoo.org>
Diffstat (limited to 'media-libs/jbig2dec')
-rw-r--r--media-libs/jbig2dec/Manifest1
-rw-r--r--media-libs/jbig2dec/files/jbig2dec-0.18-extra-overflow-checks.patch51
-rw-r--r--media-libs/jbig2dec/files/jbig2dec-0.18-overflow-IAID.patch36
-rw-r--r--media-libs/jbig2dec/jbig2dec-0.18.ebuild73
4 files changed, 161 insertions, 0 deletions
diff --git a/media-libs/jbig2dec/Manifest b/media-libs/jbig2dec/Manifest
index 51b053cc0e1..41d92fa06b2 100644
--- a/media-libs/jbig2dec/Manifest
+++ b/media-libs/jbig2dec/Manifest
@@ -1,3 +1,4 @@
DIST jb2streams.zip 1285838 BLAKE2B 9a2b6047a7b970439693d6f5fdefb9488019a562e7f831288b27df09bb19dec2f84854cf7fea50b5b041d331e925145f37f2f89848058ecdc074e7d6c238033f SHA512 382890b36345b8aaebb3554e776a53f3276c6d835335ce41f3f41829ff62bba7ae646602544103ba8541a7a824dca92d682b682c254ab2918c7fe45b3e358b45
DIST jbig2dec-0.14.tar.gz 463572 BLAKE2B 91351a3879bd1906fabe2620cf5379fbbc32eaae808a8c2754c661d6dc592d3c9da13c558c8f7ced30c48b73fbd9ed4631f2817298f959b59ad4dff5fce9ac1a SHA512 066bd880ac0665fc1e42b0ae0e481008b125aab6e173b7f82d61a2a30e72c90085cbded9b2a68c6836f92dea3d8d8d5c2228dba76e0d99c79c922197d215705b
DIST jbig2dec-0.17.tar.gz 141195 BLAKE2B 858befb59c0b943cddbc4ae2e9ffc6cdb7e1dd2185cedbffb577f0152f27a548f565548b4b0a4867e3973692b8b019a565eabe2cf672334a6b2994fd7988dcaf SHA512 79b3957186a30fc304ecd571d31c5cc421364921eb4eba242c3ea941ea111f461773f86c975657fa2ce91f2f79ff9abf760ef9bed404c7a4f35c036e5642ba0f
+DIST jbig2dec-0.18.tar.gz 148563 BLAKE2B a864fd5b00abca3ae0f847c1d8fd537d92d68a3c042c851b6bebd51bb674f5bc4a36811f2b4fd7753db4d3641e544e03ec184cb90d43da0247d8affd7cf62c11 SHA512 5931530ee3b811f9009c95d08ad65701564ef8ebf6511145acb969cc7c99dab5028daaee580dd83358b6bdc477cffe347712b9c9768c9b1a63395e366046267d
diff --git a/media-libs/jbig2dec/files/jbig2dec-0.18-extra-overflow-checks.patch b/media-libs/jbig2dec/files/jbig2dec-0.18-extra-overflow-checks.patch
new file mode 100644
index 00000000000..52a7f448e6f
--- /dev/null
+++ b/media-libs/jbig2dec/files/jbig2dec-0.18-extra-overflow-checks.patch
@@ -0,0 +1,51 @@
+https://github.com/ArtifexSoftware/jbig2dec/commit/873694419b3498708b90c5c36ee0a73795a90c84
+----
+From 873694419b3498708b90c5c36ee0a73795a90c84 Mon Sep 17 00:00:00 2001
+From: Sebastian Rasmussen <sebras@gmail.com>
+Date: Sun, 15 Sep 2019 17:31:48 +0200
+Subject: [PATCH] jbig2dec: Handle under-/overflow detection and messaging
+ better.
+
+Previously SYMWIDTH was capped too early in order to prevent underflow
+Moreover TOTWIDTH was allowed to overflow.
+
+Now the value DW is checked compared to SYMWIDTH, preventing over
+underflow and overflow at the correct limits, and an overflow
+check has been added for TOTWIDTH.
+---
+ jbig2_symbol_dict.c | 18 ++++++++++++++----
+ 1 file changed, 14 insertions(+), 4 deletions(-)
+
+diff --git a/jbig2_symbol_dict.c b/jbig2_symbol_dict.c
+index e606529..bc6e98c 100644
+--- a/jbig2_symbol_dict.c
++++ b/jbig2_symbol_dict.c
+@@ -428,14 +428,24 @@ jbig2_decode_symbol_dict(Jbig2Ctx *ctx,
+ break;
+ }
+
++ if (DW < 0 && SYMWIDTH < (uint32_t) -DW) {
++ code = jbig2_error(ctx, JBIG2_SEVERITY_FATAL, segment->number, "DW value (%d) would make SYMWIDTH (%u) negative at symbol %u", DW, SYMWIDTH, NSYMSDECODED + 1);
++ goto cleanup;
++ }
++ if (DW > 0 && DW > UINT32_MAX - SYMWIDTH) {
++ code = jbig2_error(ctx, JBIG2_SEVERITY_FATAL, segment->number, "DW value (%d) would make SYMWIDTH (%u) too large at symbol %u", DW, SYMWIDTH, NSYMSDECODED + 1);
++ goto cleanup;
++ }
++
+ SYMWIDTH = SYMWIDTH + DW;
+- TOTWIDTH = TOTWIDTH + SYMWIDTH;
+- if ((int32_t) SYMWIDTH < 0) {
+- code = jbig2_error(ctx, JBIG2_SEVERITY_FATAL, segment->number, "invalid SYMWIDTH value (%d) at symbol %d", SYMWIDTH, NSYMSDECODED + 1);
++ if (SYMWIDTH > UINT32_MAX - TOTWIDTH) {
++ code = jbig2_error(ctx, JBIG2_SEVERITY_FATAL, segment->number, "SYMWIDTH value (%u) would make TOTWIDTH (%u) too large at symbol %u", SYMWIDTH, TOTWIDTH, NSYMSDECODED + 1);
+ goto cleanup;
+ }
++
++ TOTWIDTH = TOTWIDTH + SYMWIDTH;
+ #ifdef JBIG2_DEBUG
+- jbig2_error(ctx, JBIG2_SEVERITY_DEBUG, segment->number, "SYMWIDTH = %d TOTWIDTH = %d", SYMWIDTH, TOTWIDTH);
++ jbig2_error(ctx, JBIG2_SEVERITY_DEBUG, segment->number, "SYMWIDTH = %u TOTWIDTH = %u", SYMWIDTH, TOTWIDTH);
+ #endif
+ /* 6.5.5 (4c.ii) */
+ if (!params->SDHUFF || params->SDREFAGG) {
diff --git a/media-libs/jbig2dec/files/jbig2dec-0.18-overflow-IAID.patch b/media-libs/jbig2dec/files/jbig2dec-0.18-overflow-IAID.patch
new file mode 100644
index 00000000000..7205c980fc2
--- /dev/null
+++ b/media-libs/jbig2dec/files/jbig2dec-0.18-overflow-IAID.patch
@@ -0,0 +1,36 @@
+https://github.com/ArtifexSoftware/jbig2dec/commit/f6d326878893dc92b45cbd18e25ab4d2b3a8db73
+----
+From f6d326878893dc92b45cbd18e25ab4d2b3a8db73 Mon Sep 17 00:00:00 2001
+From: Sebastian Rasmussen <sebras@gmail.com>
+Date: Sun, 15 Sep 2019 18:12:31 +0200
+Subject: [PATCH] jbig2dec: Add overflow detection for IAID context size.
+
+---
+ jbig2_arith_iaid.c | 13 +++++++++++--
+ 1 file changed, 11 insertions(+), 2 deletions(-)
+
+diff --git a/jbig2_arith_iaid.c b/jbig2_arith_iaid.c
+index 78dc830..bbc38a0 100644
+--- a/jbig2_arith_iaid.c
++++ b/jbig2_arith_iaid.c
+@@ -44,9 +44,18 @@ struct _Jbig2ArithIaidCtx {
+ Jbig2ArithIaidCtx *
+ jbig2_arith_iaid_ctx_new(Jbig2Ctx *ctx, int SBSYMCODELEN)
+ {
+- Jbig2ArithIaidCtx *result = jbig2_new(ctx, Jbig2ArithIaidCtx, 1);
+- int ctx_size = 1 << SBSYMCODELEN;
++ Jbig2ArithIaidCtx *result;
++ size_t ctx_size;
+
++ if (sizeof(ctx_size) * 8 <= SBSYMCODELEN)
++ {
++ jbig2_error(ctx, JBIG2_SEVERITY_FATAL, -1, "requested IAID arithmetic coding state size too large");
++ return NULL;
++ }
++
++ ctx_size = 1 << SBSYMCODELEN;
++
++ result = jbig2_new(ctx, Jbig2ArithIaidCtx, 1);
+ if (result == NULL) {
+ jbig2_error(ctx, JBIG2_SEVERITY_FATAL, -1, "failed to allocate IAID arithmetic coding state");
+ return NULL;
diff --git a/media-libs/jbig2dec/jbig2dec-0.18.ebuild b/media-libs/jbig2dec/jbig2dec-0.18.ebuild
new file mode 100644
index 00000000000..7586ed8797c
--- /dev/null
+++ b/media-libs/jbig2dec/jbig2dec-0.18.ebuild
@@ -0,0 +1,73 @@
+# Copyright 1999-2020 Gentoo Authors
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI=7
+
+PYTHON_COMPAT=( python3_{7,8,9} )
+
+inherit autotools python-any-r1
+
+DESCRIPTION="A decoder implementation of the JBIG2 image compression format"
+HOMEPAGE="https://jbig2dec.com/"
+SRC_URI="https://github.com/ArtifexSoftware/${PN}/archive/${PV}.tar.gz -> ${P}.tar.gz
+ test? ( http://jbig2dec.sourceforge.net/ubc/jb2streams.zip )"
+
+LICENSE="AGPL-3"
+SLOT="0/$(ver_cut 1-2)" #698428
+KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~s390 ~sparc ~x86 ~x64-cygwin ~amd64-linux ~x86-linux ~ppc-macos ~x64-macos ~x86-macos ~m68k-mint ~sparc-solaris ~sparc64-solaris ~x64-solaris ~x86-solaris"
+IUSE="png static-libs test"
+RESTRICT="!test? ( test )"
+
+BDEPEND="
+ test? (
+ app-arch/unzip
+ ${PYTHON_DEPS}
+ )
+"
+
+RDEPEND="png? ( media-libs/libpng:0= )"
+DEPEND="${RDEPEND}"
+
+DOCS=( CHANGES README )
+
+PATCHES=(
+ "${FILESDIR}/${P}-extra-overflow-checks.patch"
+ "${FILESDIR}/${P}-overflow-IAID.patch"
+)
+
+pkg_setup() {
+ use test && python-any-r1_pkg_setup
+}
+
+src_prepare() {
+ default
+
+ if use test; then
+ mkdir "${WORKDIR}/ubc" || die
+ mv -v "${WORKDIR}"/*.jb2 "${WORKDIR}/ubc/" || die
+ mv -v "${WORKDIR}"/*.bmp "${WORKDIR}/ubc/" || die
+ fi
+
+ # We only need configure.ac and config_types.h.in
+ sed -i \
+ -e '/^# do we need automake?/,/^autoheader/d' \
+ -e '/echo " $AUTOM.*/,$d' \
+ autogen.sh \
+ || die "failed to modify autogen.sh"
+
+ ./autogen.sh || die
+
+ eautoreconf
+}
+
+src_configure() {
+ econf \
+ $(use_enable static-libs static) \
+ $(use_with png libpng)
+}
+
+src_install() {
+ default
+
+ find "${ED}" -name '*.la' -exec rm {} + || die
+}