media-libs/libjpeg-turbo: Revbump to fix division by zero.

Bug: https://bugs.gentoo.org/658624
Package-Manager: Portage-2.3.40, Repoman-2.3.9

4 files changed, 185 insertions, 2 deletions

diff --git a/media-libs/libjpeg-turbo/files/libjpeg-turbo-1.5.3-divzero_fix.patch b/media-libs/libjpeg-turbo/files/libjpeg-turbo-1.5.3-divzero_fix.patch
new file mode 100644
index 000000000000..c7e6d1056769
--- /dev/null
+++ b/media-libs/libjpeg-turbo/files/libjpeg-turbo-1.5.3-divzero_fix.patch
@@ -0,0 +1,18 @@
+Backported from
+https://github.com/libjpeg-turbo/libjpeg-turbo/commit/43e84cff1bb2bd8293066f6ac4eb0df61ddddbc6
+
+--- libjpeg-turbo-1.5.3/rdbmp.c
++++ libjpeg-turbo-1.5.3/rdbmp.c
+@@ -434,6 +434,12 @@
+     progress->total_extra_passes++; /* count file input as separate pass */
+   }
+ 
++  /* Ensure that biWidth * cinfo->input_components doesn't exceed the maximum
++     value of the JDIMENSION type.  This is only a danger with BMP files, since
++     their width and height fields are 32-bit integers. */
++  if ((unsigned long long)biWidth *
++      (unsigned long long)cinfo->input_components > 0xFFFFFFFFULL)
++    ERREXIT(cinfo, JERR_WIDTH_OVERFLOW);
+   /* Allocate one-row buffer for returned data */
+   source->pub.buffer = (*cinfo->mem->alloc_sarray)
+     ((j_common_ptr) cinfo, JPOOL_IMAGE,
diff --git a/media-libs/libjpeg-turbo/files/libjpeg-turbo-1.5.90-divzero_fix.patch b/media-libs/libjpeg-turbo/files/libjpeg-turbo-1.5.90-divzero_fix.patch
new file mode 100644
index 000000000000..d505499a082d
--- /dev/null
+++ b/media-libs/libjpeg-turbo/files/libjpeg-turbo-1.5.90-divzero_fix.patch
@@ -0,0 +1,41 @@
+From 43e84cff1bb2bd8293066f6ac4eb0df61ddddbc6 Mon Sep 17 00:00:00 2001
+From: DRC <information@libjpeg-turbo.org>
+Date: Tue, 12 Jun 2018 20:27:00 -0500
+Subject: [PATCH] tjLoadImage(): Fix FPE triggered by malformed BMP
+
+In rdbmp.c, it is necessary to guard against 32-bit overflow/wraparound
+when allocating the row buffer, because since BMP files have 32-bit
+width and height fields, the value of biWidth can be up to 4294967295.
+Specifically, if biWidth is 1073741824 and cinfo->input_components = 4,
+then the samplesperrow argument in alloc_sarray() would wrap around to
+0, and a division by zero error would occur at line 458 in jmemmgr.c.
+
+If biWidth is set to a higher value, then samplesperrow would wrap
+around to a small number, which would likely cause a buffer overflow
+(this has not been tested or verified.)
+diff --git a/rdbmp.c b/rdbmp.c
+index fcabbb13e..a02cfd909 100644
+--- a/rdbmp.c
++++ b/rdbmp.c
+@@ -6,7 +6,7 @@
+  * Modified 2009-2010 by Guido Vollbeding.
+  * libjpeg-turbo Modifications:
+  * Modified 2011 by Siarhei Siamashka.
+- * Copyright (C) 2015, 2017, D. R. Commander.
++ * Copyright (C) 2015, 2017-2018, D. R. Commander.
+  * For conditions of distribution and use, see the accompanying README.ijg
+  * file.
+  *
+@@ -623,6 +623,12 @@ start_input_bmp(j_compress_ptr cinfo, cjpeg_source_ptr sinfo)
+     }
+   }
+ 
++  /* Ensure that biWidth * cinfo->input_components doesn't exceed the maximum
++     value of the JDIMENSION type.  This is only a danger with BMP files, since
++     their width and height fields are 32-bit integers. */
++  if ((unsigned long long)biWidth *
++      (unsigned long long)cinfo->input_components > 0xFFFFFFFFULL)
++    ERREXIT(cinfo, JERR_WIDTH_OVERFLOW);
+   /* Allocate one-row buffer for returned data */
+   source->pub.buffer = (*cinfo->mem->alloc_sarray)
+     ((j_common_ptr)cinfo, JPOOL_IMAGE,
diff --git a/media-libs/libjpeg-turbo/libjpeg-turbo-1.5.3-r1.ebuild b/media-libs/libjpeg-turbo/libjpeg-turbo-1.5.3-r1.ebuild
new file mode 100644
index 000000000000..a18bcc5812bc
--- /dev/null
+++ b/media-libs/libjpeg-turbo/libjpeg-turbo-1.5.3-r1.ebuild
@@ -0,0 +1,120 @@
+# Copyright 1999-2018 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI=6
+
+inherit autotools libtool ltprune java-pkg-opt-2 libtool toolchain-funcs multilib-minimal
+
+DESCRIPTION="MMX, SSE, and SSE2 SIMD accelerated JPEG library"
+HOMEPAGE="https://libjpeg-turbo.org/ https://sourceforge.net/projects/libjpeg-turbo/"
+SRC_URI="mirror://sourceforge/${PN}/${P}.tar.gz
+	mirror://gentoo/libjpeg8_8d-2.debian.tar.gz"
+
+LICENSE="BSD IJG"
+SLOT="0"
+KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~s390 ~sh ~sparc ~x86 ~x64-cygwin ~amd64-fbsd ~x86-fbsd ~amd64-linux ~arm-linux ~x86-linux ~x64-macos ~x86-macos"
+IUSE="java static-libs"
+
+ASM_DEPEND="|| ( dev-lang/nasm dev-lang/yasm )"
+COMMON_DEPEND="!media-libs/jpeg:0
+	!media-libs/jpeg:62"
+RDEPEND="${COMMON_DEPEND}
+	java? ( >=virtual/jre-1.5 )"
+DEPEND="${COMMON_DEPEND}
+	amd64? ( ${ASM_DEPEND} )
+	x86? ( ${ASM_DEPEND} )
+	amd64-fbsd? ( ${ASM_DEPEND} )
+	x86-fbsd? ( ${ASM_DEPEND} )
+	amd64-linux? ( ${ASM_DEPEND} )
+	x86-linux? ( ${ASM_DEPEND} )
+	x64-macos? ( ${ASM_DEPEND} )
+	x64-cygwin? ( ${ASM_DEPEND} )
+	java? ( >=virtual/jdk-1.5 )"
+
+MULTILIB_WRAPPED_HEADERS=( /usr/include/jconfig.h )
+
+PATCHES=(
+	"${FILESDIR}"/${PN}-1.2.0-x32.patch #420239
+	"${FILESDIR}"/${P}-divzero_fix.patch #658624
+)
+
+src_prepare() {
+	default
+
+	eautoreconf
+
+	java-pkg-opt-2_src_prepare
+}
+
+multilib_src_configure() {
+	local myconf=()
+	if multilib_is_native_abi; then
+		myconf+=( $(use_with java) )
+		if use java; then
+			export JAVACFLAGS="$(java-pkg_javac-args)"
+			export JNI_CFLAGS="$(java-pkg_get-jni-cflags)"
+		fi
+	else
+		myconf+=( --without-java )
+	fi
+	[[ ${ABI} == "x32" ]] && myconf+=( --without-simd ) #420239
+
+	# Force /bin/bash until upstream generates a new version. #533902
+	CONFIG_SHELL="${EPREFIX}"/bin/bash \
+	ECONF_SOURCE=${S} \
+	econf \
+		$(use_enable static-libs static) \
+		--with-mem-srcdst \
+		"${myconf[@]}"
+}
+
+multilib_src_compile() {
+	local _java_makeopts
+	use java && _java_makeopts="-j1"
+	emake ${_java_makeopts}
+
+	if multilib_is_native_abi; then
+		pushd ../debian/extra >/dev/null
+		emake CC="$(tc-getCC)" CFLAGS="${LDFLAGS} ${CFLAGS}"
+		popd >/dev/null
+	fi
+}
+
+multilib_src_test() {
+	emake test
+}
+
+multilib_src_install() {
+	emake \
+		DESTDIR="${D}" \
+		docdir="${EPREFIX}"/usr/share/doc/${PF} \
+		exampledir="${EPREFIX}"/usr/share/doc/${PF} \
+		install
+
+	if multilib_is_native_abi; then
+		pushd "${WORKDIR}"/debian/extra >/dev/null
+		emake \
+			DESTDIR="${D}" prefix="${EPREFIX}"/usr \
+			INSTALL="install -m755" INSTALLDIR="install -d -m755" \
+			install
+		popd >/dev/null
+
+		if use java; then
+			rm -rf "${ED}"/usr/classes
+			java-pkg_dojar java/turbojpeg.jar
+		fi
+	fi
+}
+
+multilib_src_install_all() {
+	prune_libtool_files
+
+	insinto /usr/share/doc/${PF}/html
+	doins -r "${S}"/doc/html/*
+	newdoc "${WORKDIR}"/debian/changelog changelog.debian
+	if use java; then
+		insinto /usr/share/doc/${PF}/html/java
+		doins -r "${S}"/java/doc/*
+		newdoc "${S}"/java/README README.java
+	fi
+}
diff --git a/media-libs/libjpeg-turbo/libjpeg-turbo-1.5.90.ebuild b/media-libs/libjpeg-turbo/libjpeg-turbo-1.5.90-r1.ebuild
index f015b6b01161..0cc09fb72cba 100644
--- a/media-libs/libjpeg-turbo/libjpeg-turbo-1.5.90.ebuild
+++ b/media-libs/libjpeg-turbo/libjpeg-turbo-1.5.90-r1.ebuild
@@ -3,7 +3,7 @@
 
 EAPI=6
 
-inherit cmake-multilib java-pkg-opt-2 libtool toolchain-funcs versionator
+inherit cmake-multilib eapi7-ver java-pkg-opt-2 libtool toolchain-funcs
 
 DESCRIPTION="MMX, SSE, and SSE2 SIMD accelerated JPEG library"
 HOMEPAGE="https://libjpeg-turbo.org/ https://sourceforge.net/projects/libjpeg-turbo/"
@@ -12,7 +12,7 @@ SRC_URI="mirror://sourceforge/${PN}/${P}.tar.gz
 
 LICENSE="BSD IJG"
 SLOT="0"
-[[ "$(get_version_component_range 3)" -ge 90 ]] || \
+[[ "$(ver_cut 3)" -ge 90 ]] || \
 KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~s390 ~sh ~sparc ~x86 ~x64-cygwin ~amd64-fbsd ~x86-fbsd ~amd64-linux ~arm-linux ~x86-linux ~x64-macos ~x86-macos"
 IUSE="java static-libs"
 
@@ -34,6 +34,10 @@ DEPEND="${COMMON_DEPEND}
 
 MULTILIB_WRAPPED_HEADERS=( /usr/include/jconfig.h )
 
+PATCHES=(
+	"${FILESDIR}"/${P}-divzero_fix.patch #658624
+)
+
 src_prepare() {
 	default