Re: UPDATE: jpeg 3.0.1

On Fri, Nov 03, 2023 at 02:19:58PM -0400, Brad Smith wrote:
> Here is an update to jpeg 3.0.1.
>
> https://raw.githubusercontent.com/libjpeg-turbo/libjpeg-turbo/main/ChangeLog.md
>
> 2. Fixed various segfaults and buffer overruns (CVE-2023-2804) that occurred
> when attempting to decompress various specially-crafted malformed
> 12-bit-per-component and 16-bit-per-component lossless JPEG images using color
> quantization or merged chroma upsampling/color conversion. The underlying
> cause of these issues was that the color quantization and merged chroma
> upsampling/color conversion algorithms were not designed with lossless
> decompression in mind. Since libjpeg-turbo explicitly does not support color
> conversion when compressing or decompressing lossless JPEG images, merged
> chroma upsampling/color conversion never should have been enabled for such
> images. Color quantization is a legacy feature that serves little or no
> purpose with lossless JPEG images, so it is also now disabled when
> decompressing such images. (As a result, djpeg can no longer decompress a
> lossless JPEG image into a GIF image.)

This should probably go through a bulk.
Just looked at this update today, amd64 tests pass here:

100% tests passed, 0 tests failed out of 590

Total Test time (real) = 205.38 sec


>
>
> Index: Makefile
> ===================================================================
> RCS file: /home/cvs/ports/graphics/jpeg/Makefile,v
> diff -u -p -u -p -r1.78 Makefile
> --- Makefile 26 Sep 2023 11:39:06 -0000 1.78
> +++ Makefile 3 Nov 2023 18:15:59 -0000
> @@ -1,12 +1,12 @@
> COMMENT= SIMD-accelerated JPEG codec replacement of libjpeg
>
> -V= 2.1.5.1
> +V= 3.0.1
> DISTNAME= libjpeg-turbo-${V}
> PKGNAME= jpeg-${V}
> EPOCH= 0
>
> -SHARED_LIBS+= jpeg 70.1
> -SHARED_LIBS+= turbojpeg 0.1
> +SHARED_LIBS+= jpeg 71.0
> +SHARED_LIBS+= turbojpeg 1.0
>
> CATEGORIES= graphics
> DPB_PROPERTIES= parallel
> @@ -31,9 +31,9 @@ DEBUG_PACKAGES= ${BUILD_PACKAGES}
>
> post-install:
> ${INSTALL_DATA_DIR} ${PREFIX}/share/doc/jpeg
> - ${INSTALL_DATA} ${WRKSRC}/libjpeg.txt ${WRKSRC}/wizard.txt \
> - ${PREFIX}/share/doc/jpeg
> ${INSTALL_DATA_DIR} ${PREFIX}/share/examples/jpeg
> - ${INSTALL_DATA} ${WRKSRC}/example.txt ${PREFIX}/share/examples/jpeg
> + mv -f ${PREFIX}/share/doc/libjpeg-turbo/*.c ${PREFIX}/share/examples/jpeg
> + mv -f ${PREFIX}/share/doc/libjpeg-turbo/* ${PREFIX}/share/doc/jpeg
> + rmdir ${PREFIX}/share/doc/libjpeg-turbo
>
> .include <bsd.port.mk>
> Index: distinfo
> ===================================================================
> RCS file: /home/cvs/ports/graphics/jpeg/distinfo,v
> diff -u -p -u -p -r1.27 distinfo
> --- distinfo 11 May 2023 08:54:01 -0000 1.27
> +++ distinfo 3 Nov 2023 17:58:37 -0000
> @@ -1,2 +1,2 @@
> -SHA256 (libjpeg-turbo-2.1.5.1.tar.gz) = L9w/626d6xet7JuvozIUGaoZ+PTl3qe/hIaETKIiB78=
> -SIZE (libjpeg-turbo-2.1.5.1.tar.gz) = 2264936
> +SHA256 (libjpeg-turbo-3.0.1.tar.gz) = IkKVB3FK4UezrKzSmeggmfzl2fRWiC/CjiUuRXm6KnU=
> +SIZE (libjpeg-turbo-3.0.1.tar.gz) = 2800900
> Index: patches/patch-CMakeLists_txt
> ===================================================================
> RCS file: /home/cvs/ports/graphics/jpeg/patches/patch-CMakeLists_txt,v
> diff -u -p -u -p -r1.11 patch-CMakeLists_txt
> --- patches/patch-CMakeLists_txt 11 May 2023 08:54:01 -0000 1.11
> +++ patches/patch-CMakeLists_txt 12 Jul 2023 21:51:34 -0000
> @@ -3,7 +3,7 @@ Symbol versioning triggers weird linking
> Index: CMakeLists.txt
> --- CMakeLists.txt.orig
> +++ CMakeLists.txt
> -@@ -509,10 +509,6 @@ endif()
> +@@ -511,10 +511,6 @@ endif()
>
> if(UNIX AND NOT APPLE)
> file(WRITE ${CMAKE_CURRENT_BINARY_DIR}/conftest.map "VERS_1 { global: *; };")
> Index: pkg/PLIST
> ===================================================================
> RCS file: /home/cvs/ports/graphics/jpeg/pkg/PLIST,v
> diff -u -p -u -p -r1.20 PLIST
> --- pkg/PLIST 11 Mar 2022 19:22:36 -0000 1.20
> +++ pkg/PLIST 12 Jul 2023 22:14:18 -0000
> @@ -27,17 +27,13 @@ lib/pkgconfig/libturbojpeg.pc
> @man man/man1/rdjpgcom.1
> @man man/man1/wrjpgcom.1
> share/doc/jpeg/
> +share/doc/jpeg/LICENSE.md
> +share/doc/jpeg/README.ijg
> +share/doc/jpeg/README.md
> share/doc/jpeg/libjpeg.txt
> +share/doc/jpeg/structure.txt
> +share/doc/jpeg/usage.txt
> share/doc/jpeg/wizard.txt
> -share/doc/libjpeg-turbo/
> -share/doc/libjpeg-turbo/LICENSE.md
> -share/doc/libjpeg-turbo/README.ijg
> -share/doc/libjpeg-turbo/README.md
> -share/doc/libjpeg-turbo/example.txt
> -share/doc/libjpeg-turbo/libjpeg.txt
> -share/doc/libjpeg-turbo/structure.txt
> -share/doc/libjpeg-turbo/tjexample.c
> -share/doc/libjpeg-turbo/usage.txt
> -share/doc/libjpeg-turbo/wizard.txt
> share/examples/jpeg/
> -share/examples/jpeg/example.txt
> +share/examples/jpeg/example.c
> +share/examples/jpeg/tjexample.c
>