From abf5e160de0462d86a6dce450ef781fce7675e19 Mon Sep 17 00:00:00 2001 From: obache Date: Thu, 10 Apr 2014 12:04:16 +0000 Subject: Update jbigkit to 2.1. Changes in version 2.1 (2014-04-08) This is a security-critical bug-fix release that remains API and ABI backwards compatible to version 2.0. Users who process BIE data from untrusted sources should upgrade. - fixed a buffer-overflow vulnerability in the jbig.c decoder, reported by Florian Weimer (Red Hat): CVE-2013-6369 - fixed ability of corrupted input data to force jbig85.c decoder into an end-less loop - fixed a bug in the processing of private deterministic-prediction tables (DPPRIV=1) in jbig.c decoder - fixed integer-type mismatches in printf arguments on 64-bit systems - fuzz-testing script added --- graphics/jbigkit/Makefile | 8 +-- graphics/jbigkit/distinfo | 14 ++--- graphics/jbigkit/patches/patch-Makefile | 14 +++-- graphics/jbigkit/patches/patch-aa | 38 +++++++------ graphics/jbigkit/patches/patch-ab | 97 +++++++++++++++++++++++++-------- 5 files changed, 114 insertions(+), 57 deletions(-) (limited to 'graphics/jbigkit') diff --git a/graphics/jbigkit/Makefile b/graphics/jbigkit/Makefile index 6bb16cab645..703641398dd 100644 --- a/graphics/jbigkit/Makefile +++ b/graphics/jbigkit/Makefile @@ -1,8 +1,8 @@ -# $NetBSD: Makefile,v 1.5 2014/03/01 06:58:41 obache Exp $ +# $NetBSD: Makefile,v 1.6 2014/04/10 12:04:16 obache Exp $ -DISTNAME= jbigkit-2.0 +DISTNAME= jbigkit-2.1 CATEGORIES= graphics -MASTER_SITES= http://www.cl.cam.ac.uk/~mgk25/download/ +MASTER_SITES= http://www.cl.cam.ac.uk/~mgk25/jbigkit/download/ MAINTAINER= obache@NetBSD.org HOMEPAGE= http://www.cl.cam.ac.uk/~mgk25/jbigkit/ @@ -12,8 +12,6 @@ LICENSE= gnu-gpl-v2 USE_LIBTOOL= yes USE_TOOLS+= gmake -WRKSRC= ${WRKDIR}/jbigkit - TEST_TARGET= test INSTALLATION_DIRS= bin include lib ${PKGMANDIR}/man1 share/doc/jbig diff --git a/graphics/jbigkit/distinfo b/graphics/jbigkit/distinfo index 7ba7970634b..ed3115c3219 100644 --- a/graphics/jbigkit/distinfo +++ b/graphics/jbigkit/distinfo @@ -1,8 +1,8 @@ -$NetBSD: distinfo,v 1.4 2014/03/01 06:58:41 obache Exp $ +$NetBSD: distinfo,v 1.5 2014/04/10 12:04:16 obache Exp $ -SHA1 (jbigkit-2.0.tar.gz) = cfb7d3121f02a74bfb229217858a0d149b6589ef -RMD160 (jbigkit-2.0.tar.gz) = 4b1b8358203c2bd86e034703d666c1453c60e572 -Size (jbigkit-2.0.tar.gz) = 435027 bytes -SHA1 (patch-Makefile) = c786633a8a9b2606d5b2a855a7b9af2739cfaba8 -SHA1 (patch-aa) = d98faa5ac5effcfacd9b246c908ee86bdc4d70b2 -SHA1 (patch-ab) = b487e371aac38aa89d4427e80f5cc9070d913a3d +SHA1 (jbigkit-2.1.tar.gz) = 4864646df004e8331d19f2fa103ed731fdb6c099 +RMD160 (jbigkit-2.1.tar.gz) = 71cc51fce3f65d8d9abf9ff52c29edf5469eb52f +Size (jbigkit-2.1.tar.gz) = 438710 bytes +SHA1 (patch-Makefile) = 3b5e5814be3f361b1ce5ffdd483e4078b94c4bf6 +SHA1 (patch-aa) = 2f9d98f7cfd2ab9065edc2c36905b4416b3970cd +SHA1 (patch-ab) = 97550e42fdc1a358f5d3fb5b33e92ea2520b0f09 diff --git a/graphics/jbigkit/patches/patch-Makefile b/graphics/jbigkit/patches/patch-Makefile index 95d054ceb74..5b8a1d445a2 100644 --- a/graphics/jbigkit/patches/patch-Makefile +++ b/graphics/jbigkit/patches/patch-Makefile @@ -1,17 +1,19 @@ -$NetBSD: patch-Makefile,v 1.1 2014/03/01 06:58:41 obache Exp $ +$NetBSD: patch-Makefile,v 1.2 2014/04/10 12:04:16 obache Exp $ * prevent to overwrite our CC/CFLAGS settings ---- Makefile.orig 2008-08-30 20:40:22.000000000 +0000 +--- Makefile.orig 2014-03-27 18:47:15.000000000 +0000 +++ Makefile -@@ -3,8 +3,8 @@ +@@ -1,10 +1,10 @@ + # Unix makefile for JBIG-KIT # Select an ANSI/ISO C compiler here, GNU gcc is recommended -CC = gcc +CC ?= gcc # Options for the compiler: A high optimization level is suggested --CCFLAGS = -O2 -W -+CCFLAGS = -W - #CCFLAGS = -O -g -W -Wall -ansi -pedantic #-DDEBUG # developer only +-CFLAGS = -O2 -W -Wno-unused-result ++CFLAGS ?= -O2 -W -Wno-unused-result + # CFLAGS = -O -g -W -Wall -Wno-unused-result -ansi -pedantic # -DDEBUG + export CC CFLAGS diff --git a/graphics/jbigkit/patches/patch-aa b/graphics/jbigkit/patches/patch-aa index c939b69ef50..5de7b0d1d4d 100644 --- a/graphics/jbigkit/patches/patch-aa +++ b/graphics/jbigkit/patches/patch-aa @@ -1,31 +1,32 @@ -$NetBSD: patch-aa,v 1.3 2014/03/01 06:58:41 obache Exp $ +$NetBSD: patch-aa,v 1.4 2014/04/10 12:04:16 obache Exp $ * prevent to overwrite our CC/CFLAGS settings * libtoolize ---- libjbig/Makefile.orig 2008-08-30 17:20:52.000000000 +0000 +--- libjbig/Makefile.orig 2014-03-27 18:47:15.000000000 +0000 +++ libjbig/Makefile -@@ -3,32 +3,32 @@ +@@ -1,34 +1,34 @@ + # Unix makefile for the JBIG-KIT library # Select an ANSI/ISO C compiler here, GNU gcc is recommended -CC = gcc +CC ?= gcc # Options for the compiler: A high optimization level is suggested --CFLAGS = -g -O -Wall -ansi -pedantic # --coverage -+CFLAGS += -Wall -ansi -pedantic # --coverage +-CFLAGS = -g -O -W -Wall -ansi -pedantic # --coverage ++CFLAGS += -W -Wall -ansi -pedantic # --coverage --all: libjbig.a tstcodec tstcodec85 +-all: libjbig.a libjbig85.a tstcodec tstcodec85 +.SUFFIXES: .lo +.c.lo: + ${LIBTOOL} --mode=compile $(CC) $(CFLAGS) -o $@ -c $< -tstcodec: tstcodec.o jbig.o jbig_ar.o -- $(CC) $(CFLAGS) -o tstcodec $+ +- $(CC) $(CFLAGS) -o tstcodec tstcodec.o jbig.o jbig_ar.o +all: libjbig.la libjbig85.la tstcodec tstcodec85 -tstcodec85: tstcodec85.o jbig85.o jbig_ar.o -- $(CC) $(CFLAGS) -o tstcodec85 $+ +- $(CC) $(CFLAGS) -o tstcodec85 tstcodec85.o jbig85.o jbig_ar.o - -libjbig.a: jbig.o jbig_ar.o - rm -f libjbig.a @@ -43,16 +44,16 @@ $NetBSD: patch-aa,v 1.3 2014/03/01 06:58:41 obache Exp $ -tstcodec.o: tstcodec.c jbig.h -tstcodec85.o: tstcodec85.c jbig85.h +tstcodec: tstcodec.lo jbig.lo jbig_ar.lo -+ ${LIBTOOL} --mode=link --tag=CC $(CC) $(CFLAGS) -o tstcodec $+ ++ $(LIBTOOL) --mode=link $(CC) $(CFLAGS) -o tstcodec tstcodec.lo jbig.lo jbig_ar.lo + +tstcodec85: tstcodec85.lo jbig85.lo jbig_ar.lo -+ ${LIBTOOL} --mode=link $(CC) $(CFLAGS) -o tstcodec85 $+ ++ $(LIBTOOL) --mode=link $(CC) $(CFLAGS) -o tstcodec85 tstcodec85.lo jbig85.lo jbig_ar.lo + +libjbig.la: jbig.lo jbig_ar.lo -+ ${LIBTOOL} --mode=link $(CC) -o libjbig.la jbig.lo jbig_ar.lo -rpath ${PREFIX}/lib -version-info 2:0 ++ $(LIBTOOL) --mode=link $(CC) -o libjbig.la jbig.lo jbig_ar.lo -rpath ${PREFIX}/lib -version-info 2:1 + +libjbig85.la: jbig85.lo jbig_ar.lo -+ ${LIBTOOL} --mode=link --tag=CC $(CC) -o libjbig85.la jbig85.lo jbig_ar.lo -rpath ${PREFIX}/lib -version-info 2:0 ++ $(LIBTOOL) --mode=link $(CC) -o libjbig85.la jbig85.lo jbig_ar.lo -rpath ${PREFIX}/lib -version-info 2:1 + +jbig.lo: jbig.c jbig.h jbig_ar.h +jbig85.lo: jbig85.c jbig85.h jbig_ar.h @@ -60,17 +61,20 @@ $NetBSD: patch-aa,v 1.3 2014/03/01 06:58:41 obache Exp $ +tstcodec.lo: tstcodec.c jbig.h +tstcodec85.lo: tstcodec85.c jbig85.h - jbig.pot: jbig.c -@@ -38,9 +38,9 @@ jbig.pot: jbig.c + update-po: jbig.c jbig85.c Makefile + xgettext -ojbig.pot -k_ \ +@@ -43,11 +43,11 @@ analyze: + clang --analyze *.c test: tstcodec tstcodec85 - ./tstcodec - ./tstcodec85 -+ ${LIBTOO} --mode=execute ./tstcodec -+ ${LIBTOO} --mode=execute ./tstcodec85 ++ ${LIBTOOL} --mode=execute ./tstcodec ++ ${LIBTOOL} --mode=execute ./tstcodec85 t82test.pbm: tstcodec - ./tstcodec $@ -+ ${LIBTOO} --mode=execute ./tstcodec $@ ++ ${LIBTOOL} --mode=execute ./tstcodec $@ clean: + rm -f *.o *.gcda *.gcno *.gcov *.plist *~ core gmon.out dbg_d\=??.pbm diff --git a/graphics/jbigkit/patches/patch-ab b/graphics/jbigkit/patches/patch-ab index 84f6db45cfb..540895756d1 100644 --- a/graphics/jbigkit/patches/patch-ab +++ b/graphics/jbigkit/patches/patch-ab @@ -1,61 +1,78 @@ -$NetBSD: patch-ab,v 1.4 2014/03/01 06:58:41 obache Exp $ +$NetBSD: patch-ab,v 1.5 2014/04/10 12:04:16 obache Exp $ * prevent to overwrite our CC/CFLAGS settings * libtoolize ---- pbmtools/Makefile.orig 2008-08-25 22:26:39.000000000 +0000 +--- pbmtools/Makefile.orig 2014-03-27 18:47:15.000000000 +0000 +++ pbmtools/Makefile -@@ -3,30 +3,33 @@ +@@ -1,43 +1,46 @@ + # Unix makefile for the JBIG-KIT PBM tools # Select an ANSI/ISO C compiler here, e.g. GNU gcc is recommended -CC = gcc +CC ?= gcc # Options for the compiler --CFLAGS = -g -Wall -ansi -pedantic -I../libjbig # --coverage -+CFLAGS += -Wall -ansi -pedantic -I../libjbig # --coverage +-CFLAGS = -g -O -W -Wall -Wno-unused-result -ansi -pedantic # --coverage ++CFLAGS += -W -Wall -Wno-unused-result -ansi -pedantic # --coverage + CPPFLAGS = -I../libjbig -.SUFFIXES: .1 .5 .txt $(SUFFIXES) +.SUFFIXES: .1 .5 .txt .lo $(SUFFIXES) -+ + .PHONY: txt test test82 test85 clean + +.c.lo: -+ ${LIBTOOL} --mode=compile --tag=CC $(CC) $(CFLAGS) -o $@ -c $< ++ ${LIBTOOL} --mode=compile $(CC) $(CFLAGS) -I../libjbig -o $@ -c $< ++ + all: pbmtojbg jbgtopbm pbmtojbg85 jbgtopbm85 txt - all: pbmtojbg jbgtopbm pbmtojbg85 jbgtopbm85 \ - pbmtojbg.txt jbgtopbm.txt pbm.txt pgm.txt + txt: pbmtojbg.txt jbgtopbm.txt pbm.txt pgm.txt -pbmtojbg: pbmtojbg.o ../libjbig/libjbig.a - $(CC) $(CFLAGS) -o pbmtojbg pbmtojbg.o -L../libjbig -ljbig -+pbmtojbg: pbmtojbg.lo -+ ${LIBTOOL} --mode=link --tag=CC $(CC) $(CFLAGS) -o pbmtojbg pbmtojbg.lo ../libjbig/libjbig.la -R ${PREFIX}/lib ++pbmtojbg: pbmtojbg.lo ../libjbig/libjbig.la ++ ${LIBTOOL} --mode=link $(CC) $(CFLAGS) -o pbmtojbg pbmtojbg.lo ../libjbig/libjbig.la -R ${PREFIX}/lib -jbgtopbm: jbgtopbm.o ../libjbig/libjbig.a - $(CC) $(CFLAGS) -o jbgtopbm jbgtopbm.o -L../libjbig -ljbig -+jbgtopbm: jbgtopbm.lo -+ ${LIBTOOL} --mode=link --tag=CC $(CC) $(CFLAGS) -o jbgtopbm jbgtopbm.lo ../libjbig/libjbig.la -R ${PREFIX}/lib ++jbgtopbm: jbgtopbm.lo ../libjbig/libjbig.la ++ ${LIBTOOL} --mode=link $(CC) $(CFLAGS) -o jbgtopbm jbgtopbm.lo ../libjbig/libjbig.la -R ${PREFIX}/lib -pbmtojbg85: pbmtojbg85.o ../libjbig/libjbig85.a - $(CC) $(CFLAGS) -o pbmtojbg85 pbmtojbg85.o -L../libjbig -ljbig85 -+pbmtojbg85: pbmtojbg85.lo -+ ${LIBTOOL} --mode=link --tag=CC $(CC) $(CFLAGS) -o pbmtojbg85 pbmtojbg85.lo ../libjbig/libjbig85.la -R ${PREFIX}/lib ++pbmtojbg85: pbmtojbg85.lo ../libjbig/libjbig85.la ++ ${LIBTOOL} --mode=link $(CC) $(CFLAGS) -o pbmtojbg85 pbmtojbg85.lo ../libjbig/libjbig85.la -R ${PREFIX}/lib -jbgtopbm85: jbgtopbm85.o ../libjbig/libjbig85.a - $(CC) $(CFLAGS) -o jbgtopbm85 jbgtopbm85.o -L../libjbig -ljbig85 -- ++jbgtopbm85: jbgtopbm85.lo ../libjbig/libjbig85.la ++ ${LIBTOOL} --mode=link $(CC) $(CFLAGS) -o jbgtopbm85 jbgtopbm85.lo ../libjbig/libjbig85.la -R ${PREFIX}/lib + -jbgtopbm.o: jbgtopbm.c ../libjbig/jbig.h -pbmtojbg.o: pbmtojbg.c ../libjbig/jbig.h -jbgtopbm85.o: jbgtopbm85.c ../libjbig/jbig85.h -pbmtojbg85.o: pbmtojbg85.c ../libjbig/jbig85.h -+jbgtopbm85: jbgtopbm85.lo -+ ${LIBTOOL} --mode=link --tag=CC $(CC) $(CFLAGS) -o jbgtopbm85 jbgtopbm85.lo ../libjbig/libjbig85.la -R ${PREFIX}/lib -+ +jbgtopbm.lo: jbgtopbm.c ../libjbig/jbig.h +pbmtojbg.lo: pbmtojbg.c ../libjbig/jbig.h +jbgtopbm85.lo: jbgtopbm85.c ../libjbig/jbig85.h +pbmtojbg85.lo: pbmtojbg85.c ../libjbig/jbig85.h - ../libjbig/libjbig.a: ../libjbig/jbig.c ../libjbig/jbig.h \ -@@ -58,16 +61,16 @@ test82: pbmtojbg jbgtopbm +-../libjbig/libjbig.a: ../libjbig/jbig.c ../libjbig/jbig.h \ ++../libjbig/libjbig.la: ../libjbig/jbig.c ../libjbig/jbig.h \ + ../libjbig/jbig_ar.c ../libjbig/jbig_ar.h +- make -C ../libjbig libjbig.a ++ make -C ../libjbig libjbig.la + +-../libjbig/libjbig85.a: ../libjbig/jbig85.c ../libjbig/jbig85.h \ ++../libjbig/libjbig85.la: ../libjbig/jbig85.c ../libjbig/jbig85.h \ + ../libjbig/jbig_ar.c ../libjbig/jbig_ar.h +- make -C ../libjbig libjbig85.a ++ make -C ../libjbig libjbig85.la + + analyze: + clang $(CPPFLAGS) --analyze *.c +@@ -62,18 +65,18 @@ test82: pbmtojbg jbgtopbm + make IMG=mx "OPTIONSP=-q -Y -1" dotest2b make IMG=mx "OPTIONSP=-Y -1" dotest2b rm -f test-*.jbg test-*.pbm test-*.pgm - ./jbgtopbm ../examples/ccitt1.jbg | ./pbmtojbg > test-ccitt1.jbg @@ -78,7 +95,34 @@ $NetBSD: patch-ab,v 1.4 2014/03/01 06:58:41 obache Exp $ + ${LIBTOOL} --mode=execute ./pbmtojbg test-ccitt1.pbm >test-ccitt1.jbg cmp ../examples/ccitt1.jbg test-ccitt1.jbg rm -f test-*.jbg test-*.pbm test-*.pgm -@@ -116,33 +119,33 @@ test85: pbmtojbg jbgtopbm pbmtojbg85 jbg + @echo +@@ -81,18 +84,18 @@ test82: pbmtojbg jbgtopbm + @echo + + dotest1: +- ./jbgtopbm ../examples/$(IMG).jbg test-$(IMG).pbm +- ./pbmtojbg $(OPTIONSP) test-$(IMG).pbm test-$(IMG).jbg ++ ${LIBTOOL} --mode=execute ./jbgtopbm ../examples/$(IMG).jbg test-$(IMG).pbm ++ ${LIBTOOL} --mode=execute ./pbmtojbg $(OPTIONSP) test-$(IMG).pbm test-$(IMG).jbg + cmp test-$(IMG).jbg ../examples/$(IMG).jbg + + dotest2b: +- ./pbmtojbg $(OPTIONSP) test-$(IMG).pbm test-$(IMG).jbg +- ./jbgtopbm $(OPTIONSJ) test-$(IMG).jbg test-$(IMG)-2.pbm ++ ${LIBTOOL} --mode=execute ./pbmtojbg $(OPTIONSP) test-$(IMG).pbm test-$(IMG).jbg ++ ${LIBTOOL} --mode=execute ./jbgtopbm $(OPTIONSJ) test-$(IMG).jbg test-$(IMG)-2.pbm + cmp test-$(IMG).pbm test-$(IMG)-2.pbm + + dotest2g: +- ./pbmtojbg $(OPTIONSP) ../examples/$(IMG).pgm test-$(IMG).jbg +- ./jbgtopbm $(OPTIONSJ) test-$(IMG).jbg test-$(IMG).pgm ++ ${LIBTOOL} --mode=execute ./pbmtojbg $(OPTIONSP) ../examples/$(IMG).pgm test-$(IMG).jbg ++ ${LIBTOOL} --mode=execute ./jbgtopbm $(OPTIONSJ) test-$(IMG).jbg test-$(IMG).pgm + cmp test-$(IMG).pgm ../examples/$(IMG).pgm + + test85: pbmtojbg jbgtopbm pbmtojbg85 jbgtopbm85 test-t82.pbm +@@ -120,41 +123,41 @@ test85: pbmtojbg jbgtopbm pbmtojbg85 jbg + @echo dotest85: test-$(IMG).pbm - ./pbmtojbg85 $(OPTIONSP) test-$(IMG).pbm test-$(IMG).jbg85 @@ -121,4 +165,13 @@ $NetBSD: patch-ab,v 1.4 2014/03/01 06:58:41 obache Exp $ - ../libjbig/tstcodec $@ + ${LIBTOOL} --mode=execute ../libjbig/tstcodec $@ + FOPT=-c 1000 -p 300000 -m 3 + fuzz: test-t82.pbm + while \ +- ./pbmtojbg -f test-t82.pbm | ./jbgfuzz.pl $(FOPT) && \ +- ./pbmtojbg test-t82.pbm | ./jbgfuzz.pl $(FOPT) -d jbgtopbm ; \ ++ ${LIBTOOL} --mode=execute ./pbmtojbg -f test-t82.pbm | ${LIBTOOL} --mode=execute ./jbgfuzz.pl $(FOPT) && \ ++ ${LIBTOOL} --mode=execute ./pbmtojbg test-t82.pbm | ${LIBTOOL} --mode=execute ./jbgfuzz.pl $(FOPT) -d jbgtopbm ; \ + do true; done + .1.txt .5.txt: -- cgit v1.2.3