Download raw body.
UPDATE: openjp2 2.5.2
On Sat, Mar 02, 2024 at 06:04:23PM -0500, Brad Smith wrote:
> Here is an update to openjp2 2.5.2.
>
> CVE-2021-3575
>
>
> ## OpenJPEG 2.5.2 (Feb 2024)
>
> * Make sure openjpeg.h includes opj_config.h [\#1514](https://github.com/uclouvain/openjpeg/issues/1514)
>
> ## OpenJPEG 2.5.1 (Feb 2024)
>
> * CMake: drop support for cmake < 3.5
> * Several bugfixes, including [\#1509](https://github.com/uclouvain/openjpeg/pull/1509) for CVE-2021-3575
> * Significant speed-up rate allocation by rate/distoratio ratio [\#1440](https://github.com/uclouvain/openjpeg/pull/1440)
An updated diff fixing the big endian patch the way upstream recommended.
Index: Makefile
===================================================================
RCS file: /cvs/ports/graphics/openjp2/Makefile,v
retrieving revision 1.19
diff -u -p -u -p -r1.19 Makefile
--- Makefile 28 Jun 2022 08:54:11 -0000 1.19
+++ Makefile 3 Mar 2024 00:27:45 -0000
@@ -2,14 +2,14 @@ COMMENT= open-source JPEG 2000 codec lib
GH_ACCOUNT= uclouvain
GH_PROJECT= openjpeg
-GH_TAGNAME= v2.5.0
+GH_TAGNAME= v2.5.2
DISTNAME= openjp2-${GH_TAGNAME:S/v//}
-SHARED_LIBS += openjp2 5.0
+SHARED_LIBS += openjp2 6.0
CATEGORIES= graphics
-HOMEPAGE= http://www.openjpeg.org/
+HOMEPAGE= https://www.openjpeg.org/
# BSD
PERMIT_PACKAGE= Yes
Index: distinfo
===================================================================
RCS file: /cvs/ports/graphics/openjp2/distinfo,v
retrieving revision 1.9
diff -u -p -u -p -r1.9 distinfo
--- distinfo 28 Jun 2022 08:54:11 -0000 1.9
+++ distinfo 3 Mar 2024 00:27:45 -0000
@@ -1,2 +1,2 @@
-SHA256 (openjp2-2.5.0.tar.gz) = AzOAbWrezG96kSQ7K4Of9NIFOCNjTU9u16WbyHQJEio=
-SIZE (openjp2-2.5.0.tar.gz) = 1867111
+SHA256 (openjp2-2.5.2.tar.gz) = kOOJb+2RDDdqr3nN2Yvf2vmMZHLv2OHevwqFSTjL2mo=
+SIZE (openjp2-2.5.2.tar.gz) = 1871948
Index: patches/patch-CMakeLists_txt
===================================================================
RCS file: /cvs/ports/graphics/openjp2/patches/patch-CMakeLists_txt,v
retrieving revision 1.10
diff -u -p -u -p -r1.10 patch-CMakeLists_txt
--- patches/patch-CMakeLists_txt 28 Jun 2022 08:54:11 -0000 1.10
+++ patches/patch-CMakeLists_txt 3 Mar 2024 00:27:45 -0000
@@ -1,15 +1,14 @@
Index: CMakeLists.txt
--- CMakeLists.txt.orig
+++ CMakeLists.txt
-@@ -109,7 +109,10 @@ endif()
+@@ -106,7 +106,9 @@ include(GNUInstallDirs)
+ # Build DOCUMENTATION (not in ALL target and only if Doxygen is found)
option(BUILD_DOC "Build the HTML documentation (with doxygen if available)." OFF)
- string(TOLOWER ${PROJECT_NAME} projectname)
--set(OPENJPEG_INSTALL_SUBDIR "${projectname}-${OPENJPEG_VERSION_MAJOR}.${OPENJPEG_VERSION_MINOR}")
-+
+-set(OPENJPEG_INSTALL_SUBDIR "${PROJECT_NAME}-${OPENJPEG_VERSION_MAJOR}.${OPENJPEG_VERSION_MINOR}")
+if(NOT OPENJPEG_INSTALL_SUBDIR)
-+ set(OPENJPEG_INSTALL_SUBDIR "${projectname}-${OPENJPEG_VERSION_MAJOR}.${OPENJPEG_VERSION_MINOR}")
++ set(OPENJPEG_INSTALL_SUBDIR "${PROJECT_NAME}-${OPENJPEG_VERSION_MAJOR}.${OPENJPEG_VERSION_MINOR}")
+endif()
- if(NOT OPENJPEG_INSTALL_BIN_DIR)
- set(OPENJPEG_INSTALL_BIN_DIR "bin")
+ if(NOT OPENJPEG_INSTALL_JNI_DIR)
+ if(WIN32)
Index: patches/patch-src_bin_jp2_convert_c
===================================================================
RCS file: /cvs/ports/graphics/openjp2/patches/patch-src_bin_jp2_convert_c,v
retrieving revision 1.6
diff -u -p -u -p -r1.6 patch-src_bin_jp2_convert_c
--- patches/patch-src_bin_jp2_convert_c 28 Jun 2022 08:54:11 -0000 1.6
+++ patches/patch-src_bin_jp2_convert_c 3 Mar 2024 00:27:45 -0000
@@ -1,12 +1,25 @@
+Fix building on OpenBSD big endian hosts.
+
Index: src/bin/jp2/convert.c
--- src/bin/jp2/convert.c.orig
+++ src/bin/jp2/convert.c
-@@ -662,7 +662,7 @@ static int tga_readheader(FILE *fp, unsigned int *bits
- return 1;
- }
+@@ -664,7 +664,7 @@ static int tga_readheader(FILE *fp, unsigned int *bits
--#ifdef OPJ_BIG_ENDIAN
-+#if defined(OPJ_BIG_ENDIAN) && !defined(swap16)
+ #ifdef OPJ_BIG_ENDIAN
- static INLINE OPJ_UINT16 swap16(OPJ_UINT16 x)
+-static INLINE OPJ_UINT16 swap16(OPJ_UINT16 x)
++static INLINE OPJ_UINT16 opj_swap16(OPJ_UINT16 x)
{
+ return (OPJ_UINT16)(((x & 0x00ffU) << 8) | ((x & 0xff00U) >> 8));
+ }
+@@ -733,8 +733,8 @@ static int tga_writeheader(FILE *fp, int bits_per_pixe
+ goto fails;
+ }
+ #else
+- image_w = swap16(image_w);
+- image_h = swap16(image_h);
++ image_w = opj_swap16(image_w);
++ image_h = opj_swap16(image_h);
+ if (fwrite(&image_w, 2, 1, fp) != 1) {
+ goto fails;
+ }
Index: patches/patch-thirdparty_CMakeLists_txt
===================================================================
RCS file: patches/patch-thirdparty_CMakeLists_txt
diff -N patches/patch-thirdparty_CMakeLists_txt
--- patches/patch-thirdparty_CMakeLists_txt 28 Jun 2022 08:54:11 -0000 1.1
+++ /dev/null 1 Jan 1970 00:00:00 -0000
@@ -1,40 +0,0 @@
-https://github.com/uclouvain/openjpeg/pull/1431
-Index: thirdparty/CMakeLists.txt
---- thirdparty/CMakeLists.txt.orig
-+++ thirdparty/CMakeLists.txt
-@@ -89,8 +89,15 @@ else(BUILD_THIRDPARTY)
- message(STATUS "Your system seems to have a TIFF lib available, we will use it")
- set(OPJ_HAVE_TIFF_H 1 PARENT_SCOPE)
- set(OPJ_HAVE_LIBTIFF 1 PARENT_SCOPE)
-- set(TIFF_LIBNAME ${TIFF_LIBRARIES} ${PC_TIFF_STATIC_LIBRARIES} PARENT_SCOPE)
-- set(TIFF_INCLUDE_DIRNAME ${TIFF_INCLUDE_DIR} ${PC_TIFF_STATIC_INCLUDE_DIRS} PARENT_SCOPE)
-+ if(BUILD_STATIC_LIBS AND NOT BUILD_SHARED_LIBS)
-+ # Probably incorrect as PC_TIFF_STATIC_LIBRARIES will lack the path to the libraries
-+ # and will only work if they are in system directories
-+ set(TIFF_LIBNAME ${PC_TIFF_STATIC_LIBRARIES} PARENT_SCOPE)
-+ set(TIFF_INCLUDE_DIRNAME ${PC_TIFF_STATIC_INCLUDE_DIRS} PARENT_SCOPE)
-+ else()
-+ set(TIFF_LIBNAME ${TIFF_LIBRARIES} PARENT_SCOPE)
-+ set(TIFF_INCLUDE_DIRNAME ${TIFF_INCLUDE_DIR} PARENT_SCOPE)
-+ endif()
- else(TIFF_FOUND) # not found
- set(OPJ_HAVE_TIFF_H 0 PARENT_SCOPE)
- set(OPJ_HAVE_LIBTIFF 0 PARENT_SCOPE)
-@@ -124,8 +131,15 @@ else(BUILD_THIRDPARTY)
- message(STATUS "Your system seems to have a LCMS2 lib available, we will use it")
- set(OPJ_HAVE_LCMS2_H 1 PARENT_SCOPE)
- set(OPJ_HAVE_LIBLCMS2 1 PARENT_SCOPE)
-- set(LCMS_LIBNAME ${LCMS2_LIBRARIES} ${PC_LCMS2_STATIC_LIBRARIES} PARENT_SCOPE)
-- set(LCMS_INCLUDE_DIRNAME ${LCMS2_INCLUDE_DIRS} ${PC_LCMS2_STATIC_INCLUDE_DIRS} PARENT_SCOPE)
-+ if(BUILD_STATIC_LIBS AND NOT BUILD_SHARED_LIBS)
-+ # Probably incorrect as PC_LCMS2_STATIC_LIBRARIES will lack the path to the libraries
-+ # and will only work if they are in system directories
-+ set(LCMS_LIBNAME ${PC_LCMS2_STATIC_LIBRARIES} PARENT_SCOPE)
-+ set(LCMS_INCLUDE_DIRNAME ${PC_LCMS2_STATIC_INCLUDE_DIRS} PARENT_SCOPE)
-+ else()
-+ set(LCMS_LIBNAME ${LCMS2_LIBRARIES} PARENT_SCOPE)
-+ set(LCMS_INCLUDE_DIRNAME ${LCMS2_INCLUDE_DIRS} PARENT_SCOPE)
-+ endif()
- else(LCMS2_FOUND) # not found lcms2
- # try to find LCMS
- find_package(LCMS)
Index: pkg/PLIST
===================================================================
RCS file: /cvs/ports/graphics/openjp2/pkg/PLIST,v
retrieving revision 1.10
diff -u -p -u -p -r1.10 PLIST
--- pkg/PLIST 28 Jun 2022 08:54:12 -0000 1.10
+++ pkg/PLIST 3 Mar 2024 00:27:45 -0000
@@ -5,13 +5,13 @@
include/openjpeg-2.5/
include/openjpeg-2.5/openjpeg.h
include/openjpeg-2.5/opj_config.h
-include/openjpeg-2.5/opj_stdint.h
+lib/cmake/openjpeg-2.5/
+lib/cmake/openjpeg-2.5/OpenJPEGConfig.cmake
+lib/cmake/openjpeg-2.5/OpenJPEGConfigVersion.cmake
+lib/cmake/openjpeg-2.5/OpenJPEGTargets${MODCMAKE_BUILD_SUFFIX}
+lib/cmake/openjpeg-2.5/OpenJPEGTargets.cmake
@static-lib lib/libopenjp2.a
@lib lib/libopenjp2.so.${LIBopenjp2_VERSION}
-lib/openjpeg-2.5/
-lib/openjpeg-2.5/OpenJPEGConfig.cmake
-lib/openjpeg-2.5/OpenJPEGTargets${MODCMAKE_BUILD_SUFFIX}
-lib/openjpeg-2.5/OpenJPEGTargets.cmake
lib/pkgconfig/libopenjp2.pc
@man man/man1/opj_compress.1
@man man/man1/opj_decompress.1
UPDATE: openjp2 2.5.2