From: Landry Breuil Subject: Re: UPDATE: openjp2 2.5.2 To: Brad Smith Cc: ports@openbsd.org Date: Mon, 4 Mar 2024 08:56:13 +0100 Le Sun, Mar 03, 2024 at 03:35:12PM -0500, Brad Smith a écrit : > On 2024-03-03 7:22 a.m., Landry Breuil wrote: > > Le Sat, Mar 02, 2024 at 08:41:02PM -0500, Brad Smith a écrit : > > > On Sat, Mar 02, 2024 at 06:04:23PM -0500, Brad Smith wrote: > > > > Here is an update to openjp2 2.5.2. > > > > > > > > CVE-2021-3575 > > > > > > > > > > > > ## OpenJPEG 2.5.2 (Feb 2024) > > > > > > > > * Make sure openjpeg.h includes opj_config.h [\#1514](https://github.com/uclouvain/openjpeg/issues/1514) > > > > > > > > ## OpenJPEG 2.5.1 (Feb 2024) > > > > > > > > * CMake: drop support for cmake < 3.5 > > > > * Several bugfixes, including [\#1509](https://github.com/uclouvain/openjpeg/pull/1509) for CVE-2021-3575 > > > > * Significant speed-up rate allocation by rate/distoratio ratio [\#1440](https://github.com/uclouvain/openjpeg/pull/1440) > > > An updated diff fixing the big endian patch the way upstream recommended. > > thanks, i had a similar diff for 2.5.2 which is in a bulk, i'll > > integrate the updated BE patch. do you have a link for 'the way upstream > > recommended' ? > > https://github.com/uclouvain/openjpeg/pull/1520 thanks - fwiw in my diff (attached) ive been able to drop patch-CMakeLists.txt, i dont remember what it was for but it seems now unneeded. ? openjp2-2.3.1-libopenjp2.so.3.1 ? openjp2-2.4.0-libopenjp2.so.3.1 ? openjp2-2.4.0-libopenjp2.so.4.0 ? openjp2-2.5.0-libopenjp2.so.4.0 ? openjp2-2.5.0-libopenjp2.so.5.0 ? openjp2-2.5.2-libopenjp2.so.6.0 ? patch-CMakeLists_txt ? patch-thirdparty_CMakeLists_txt Index: Makefile =================================================================== RCS file: /cvs/ports/graphics/openjp2/Makefile,v retrieving revision 1.19 diff -u -r1.19 Makefile --- Makefile 28 Jun 2022 08:54:11 -0000 1.19 +++ Makefile 4 Mar 2024 07:55:56 -0000 @@ -2,14 +2,14 @@ GH_ACCOUNT= uclouvain GH_PROJECT= openjpeg -GH_TAGNAME= v2.5.0 +GH_TAGNAME= v2.5.2 DISTNAME= openjp2-${GH_TAGNAME:S/v//} -SHARED_LIBS += openjp2 5.0 +SHARED_LIBS += openjp2 6.0 CATEGORIES= graphics -HOMEPAGE= http://www.openjpeg.org/ +HOMEPAGE= https://www.openjpeg.org/ # BSD PERMIT_PACKAGE= Yes @@ -17,8 +17,7 @@ WANTLIB += c lcms2 m png pthread tiff z MODULES= devel/cmake -CONFIGURE_ARGS= -DOPENJPEG_INSTALL_MAN_DIR=man \ - -DOPJ_DATA_ROOT=${WRKDIR}/data \ +CONFIGURE_ARGS= -DOPJ_DATA_ROOT=${WRKDIR}/data \ -DBUILD_TESTING=True LIB_DEPENDS= graphics/lcms2 \ Index: distinfo =================================================================== RCS file: /cvs/ports/graphics/openjp2/distinfo,v retrieving revision 1.9 diff -u -r1.9 distinfo --- distinfo 28 Jun 2022 08:54:11 -0000 1.9 +++ distinfo 4 Mar 2024 07:55:56 -0000 @@ -1,2 +1,2 @@ -SHA256 (openjp2-2.5.0.tar.gz) = AzOAbWrezG96kSQ7K4Of9NIFOCNjTU9u16WbyHQJEio= -SIZE (openjp2-2.5.0.tar.gz) = 1867111 +SHA256 (openjp2-2.5.2.tar.gz) = kOOJb+2RDDdqr3nN2Yvf2vmMZHLv2OHevwqFSTjL2mo= +SIZE (openjp2-2.5.2.tar.gz) = 1871948 Index: patches/patch-CMakeLists_txt =================================================================== RCS file: patches/patch-CMakeLists_txt diff -N patches/patch-CMakeLists_txt --- patches/patch-CMakeLists_txt 28 Jun 2022 08:54:11 -0000 1.10 +++ /dev/null 1 Jan 1970 00:00:00 -0000 @@ -1,15 +0,0 @@ -Index: CMakeLists.txt ---- CMakeLists.txt.orig -+++ CMakeLists.txt -@@ -109,7 +109,10 @@ endif() - option(BUILD_DOC "Build the HTML documentation (with doxygen if available)." OFF) - - string(TOLOWER ${PROJECT_NAME} projectname) --set(OPENJPEG_INSTALL_SUBDIR "${projectname}-${OPENJPEG_VERSION_MAJOR}.${OPENJPEG_VERSION_MINOR}") -+ -+if(NOT OPENJPEG_INSTALL_SUBDIR) -+ set(OPENJPEG_INSTALL_SUBDIR "${projectname}-${OPENJPEG_VERSION_MAJOR}.${OPENJPEG_VERSION_MINOR}") -+endif() - - if(NOT OPENJPEG_INSTALL_BIN_DIR) - set(OPENJPEG_INSTALL_BIN_DIR "bin") Index: patches/patch-src_bin_jp2_convert_c =================================================================== RCS file: /cvs/ports/graphics/openjp2/patches/patch-src_bin_jp2_convert_c,v retrieving revision 1.6 diff -u -r1.6 patch-src_bin_jp2_convert_c --- patches/patch-src_bin_jp2_convert_c 28 Jun 2022 08:54:11 -0000 1.6 +++ patches/patch-src_bin_jp2_convert_c 4 Mar 2024 07:55:56 -0000 @@ -1,12 +1,27 @@ +fix build on big endian + +https://github.com/uclouvain/openjpeg/pull/1520 + Index: src/bin/jp2/convert.c --- src/bin/jp2/convert.c.orig +++ src/bin/jp2/convert.c -@@ -662,7 +662,7 @@ static int tga_readheader(FILE *fp, unsigned int *bits - return 1; - } +@@ -664,7 +664,7 @@ static int tga_readheader(FILE *fp, unsigned int *bits --#ifdef OPJ_BIG_ENDIAN -+#if defined(OPJ_BIG_ENDIAN) && !defined(swap16) + #ifdef OPJ_BIG_ENDIAN - static INLINE OPJ_UINT16 swap16(OPJ_UINT16 x) +-static INLINE OPJ_UINT16 swap16(OPJ_UINT16 x) ++static INLINE OPJ_UINT16 opj_swap16(OPJ_UINT16 x) { + return (OPJ_UINT16)(((x & 0x00ffU) << 8) | ((x & 0xff00U) >> 8)); + } +@@ -733,8 +733,8 @@ static int tga_writeheader(FILE *fp, int bits_per_pixe + goto fails; + } + #else +- image_w = swap16(image_w); +- image_h = swap16(image_h); ++ image_w = opj_swap16(image_w); ++ image_h = opj_swap16(image_h); + if (fwrite(&image_w, 2, 1, fp) != 1) { + goto fails; + } Index: patches/patch-thirdparty_CMakeLists_txt =================================================================== RCS file: patches/patch-thirdparty_CMakeLists_txt diff -N patches/patch-thirdparty_CMakeLists_txt --- patches/patch-thirdparty_CMakeLists_txt 28 Jun 2022 08:54:11 -0000 1.1 +++ /dev/null 1 Jan 1970 00:00:00 -0000 @@ -1,40 +0,0 @@ -https://github.com/uclouvain/openjpeg/pull/1431 -Index: thirdparty/CMakeLists.txt ---- thirdparty/CMakeLists.txt.orig -+++ thirdparty/CMakeLists.txt -@@ -89,8 +89,15 @@ else(BUILD_THIRDPARTY) - message(STATUS "Your system seems to have a TIFF lib available, we will use it") - set(OPJ_HAVE_TIFF_H 1 PARENT_SCOPE) - set(OPJ_HAVE_LIBTIFF 1 PARENT_SCOPE) -- set(TIFF_LIBNAME ${TIFF_LIBRARIES} ${PC_TIFF_STATIC_LIBRARIES} PARENT_SCOPE) -- set(TIFF_INCLUDE_DIRNAME ${TIFF_INCLUDE_DIR} ${PC_TIFF_STATIC_INCLUDE_DIRS} PARENT_SCOPE) -+ if(BUILD_STATIC_LIBS AND NOT BUILD_SHARED_LIBS) -+ # Probably incorrect as PC_TIFF_STATIC_LIBRARIES will lack the path to the libraries -+ # and will only work if they are in system directories -+ set(TIFF_LIBNAME ${PC_TIFF_STATIC_LIBRARIES} PARENT_SCOPE) -+ set(TIFF_INCLUDE_DIRNAME ${PC_TIFF_STATIC_INCLUDE_DIRS} PARENT_SCOPE) -+ else() -+ set(TIFF_LIBNAME ${TIFF_LIBRARIES} PARENT_SCOPE) -+ set(TIFF_INCLUDE_DIRNAME ${TIFF_INCLUDE_DIR} PARENT_SCOPE) -+ endif() - else(TIFF_FOUND) # not found - set(OPJ_HAVE_TIFF_H 0 PARENT_SCOPE) - set(OPJ_HAVE_LIBTIFF 0 PARENT_SCOPE) -@@ -124,8 +131,15 @@ else(BUILD_THIRDPARTY) - message(STATUS "Your system seems to have a LCMS2 lib available, we will use it") - set(OPJ_HAVE_LCMS2_H 1 PARENT_SCOPE) - set(OPJ_HAVE_LIBLCMS2 1 PARENT_SCOPE) -- set(LCMS_LIBNAME ${LCMS2_LIBRARIES} ${PC_LCMS2_STATIC_LIBRARIES} PARENT_SCOPE) -- set(LCMS_INCLUDE_DIRNAME ${LCMS2_INCLUDE_DIRS} ${PC_LCMS2_STATIC_INCLUDE_DIRS} PARENT_SCOPE) -+ if(BUILD_STATIC_LIBS AND NOT BUILD_SHARED_LIBS) -+ # Probably incorrect as PC_LCMS2_STATIC_LIBRARIES will lack the path to the libraries -+ # and will only work if they are in system directories -+ set(LCMS_LIBNAME ${PC_LCMS2_STATIC_LIBRARIES} PARENT_SCOPE) -+ set(LCMS_INCLUDE_DIRNAME ${PC_LCMS2_STATIC_INCLUDE_DIRS} PARENT_SCOPE) -+ else() -+ set(LCMS_LIBNAME ${LCMS2_LIBRARIES} PARENT_SCOPE) -+ set(LCMS_INCLUDE_DIRNAME ${LCMS2_INCLUDE_DIRS} PARENT_SCOPE) -+ endif() - else(LCMS2_FOUND) # not found lcms2 - # try to find LCMS - find_package(LCMS) Index: pkg/PLIST =================================================================== RCS file: /cvs/ports/graphics/openjp2/pkg/PLIST,v retrieving revision 1.10 diff -u -r1.10 PLIST --- pkg/PLIST 28 Jun 2022 08:54:12 -0000 1.10 +++ pkg/PLIST 4 Mar 2024 07:55:56 -0000 @@ -5,13 +5,13 @@ include/openjpeg-2.5/ include/openjpeg-2.5/openjpeg.h include/openjpeg-2.5/opj_config.h -include/openjpeg-2.5/opj_stdint.h +lib/cmake/openjpeg-2.5/ +lib/cmake/openjpeg-2.5/OpenJPEGConfig.cmake +lib/cmake/openjpeg-2.5/OpenJPEGConfigVersion.cmake +lib/cmake/openjpeg-2.5/OpenJPEGTargets${MODCMAKE_BUILD_SUFFIX} +lib/cmake/openjpeg-2.5/OpenJPEGTargets.cmake @static-lib lib/libopenjp2.a @lib lib/libopenjp2.so.${LIBopenjp2_VERSION} -lib/openjpeg-2.5/ -lib/openjpeg-2.5/OpenJPEGConfig.cmake -lib/openjpeg-2.5/OpenJPEGTargets${MODCMAKE_BUILD_SUFFIX} -lib/openjpeg-2.5/OpenJPEGTargets.cmake lib/pkgconfig/libopenjp2.pc @man man/man1/opj_compress.1 @man man/man1/opj_decompress.1