gnu: freeimage: Update to 3.18.0.

* gnu/packages/image.scm (freeimage): Update to 3.18.0.
[source]: Modify snippet to remove the bundled libjxr. Remove obsolete
patches.
[arguments]: Add libjxr include directory to #:make-flags.
[inputs]: Add libjxr.
* gnu/packages/patches/freeimage-CVE-2015-0852.patch,
gnu/packages/patches/freeimage-CVE-2016-5684.patch,
gnu/packages/patches/freeimage-fix-build-with-gcc-5.patch: Delete files.
* gnu/local.mk (dist_patch_DATA): Unregister patches.
* gnu/packages/patches/freeimage-unbundle.patch: Update patch.

Signed-off-by: Marius Bakke <mbakke@fastmail.com>
This commit is contained in:
Kei Kebrau 2019-01-07 19:36:49 -05:00 committed by Marius Bakke
parent 8b9570adc1
commit 8dc3c2a7d5
No known key found for this signature in database
GPG key ID: A2A06DF2A33A54FA
6 changed files with 138 additions and 1664 deletions

View file

@ -828,9 +828,6 @@ dist_patch_DATA = \
%D%/packages/patches/flint-ldconfig.patch \
%D%/packages/patches/foomatic-filters-CVE-2015-8327.patch \
%D%/packages/patches/foomatic-filters-CVE-2015-8560.patch \
%D%/packages/patches/freeimage-CVE-2015-0852.patch \
%D%/packages/patches/freeimage-CVE-2016-5684.patch \
%D%/packages/patches/freeimage-fix-build-with-gcc-5.patch \
%D%/packages/patches/freeimage-unbundle.patch \
%D%/packages/patches/fuse-overlapping-headers.patch \
%D%/packages/patches/gawk-shell.patch \

View file

@ -957,7 +957,7 @@ (define-public giblib
(define-public freeimage
(package
(name "freeimage")
(version "3.17.0")
(version "3.18.0")
(source (origin
(method url-fetch)
(uri (string-append
@ -967,7 +967,7 @@ (define-public freeimage
".zip"))
(sha256
(base32
"12bz57asdcfsz3zr9i9nska0fb6h3z2aizy412qjqkixkginbz7v"))
"1z9qwi9mlq69d5jipr3v2jika2g0kszqdzilggm99nls5xl7j4zl"))
(modules '((guix build utils)))
(snippet
'(begin
@ -975,12 +975,8 @@ (define-public freeimage
(lambda (dir)
(delete-file-recursively (string-append "Source/" dir)))
'("LibJPEG" "LibOpenJPEG" "LibPNG" "LibRawLite"
;; "LibJXR"
"LibWebP" "OpenEXR" "ZLib"))))
(patches (search-patches "freeimage-unbundle.patch"
"freeimage-CVE-2015-0852.patch"
"freeimage-CVE-2016-5684.patch"
"freeimage-fix-build-with-gcc-5.patch"))))
"LibJXR" "LibWebP" "OpenEXR" "ZLib"))))
(patches (search-patches "freeimage-unbundle.patch"))))
(build-system gnu-build-system)
(arguments
'(#:phases
@ -1011,7 +1007,7 @@ (define-public freeimage
;; We need '-fpermissive' for Source/FreeImage.h.
;; libjxr doesn't have a pkg-config file.
(string-append "CFLAGS+=-O2 -fPIC -fvisibility=hidden -fpermissive "
;;"-I" (assoc-ref %build-inputs "libjxr") "/include/jxrlib"
"-I" (assoc-ref %build-inputs "libjxr") "/include/jxrlib "
;; FIXME: OpenEXR 2.4.0 requires C++11 or later.
;; Remove when the default compiler is > GCC 5.
@ -1022,7 +1018,7 @@ (define-public freeimage
("unzip" ,unzip)))
(inputs
`(("libjpeg" ,libjpeg)
;("libjxr" ,libjxr)
("libjxr" ,libjxr)
("libpng" ,libpng)
("libraw" ,libraw)
("libtiff" ,libtiff)

View file

@ -1,129 +0,0 @@
Copied from Debian.
Description: fix integer overflow
Origin: upstream
http://freeimage.cvs.sourceforge.net/viewvc/freeimage/FreeImage/Source/FreeImage/PluginPCX.cpp?view=patch&r1=1.17&r2=1.18&pathrev=MAIN
http://freeimage.cvs.sourceforge.net/viewvc/freeimage/FreeImage/Source/FreeImage/PluginPCX.cpp?view=patch&r1=1.18&r2=1.19&pathrev=MAIN
Bug-Debian: https://bugs.debian.org/797165
Last-Update: 2015-09-14
---
This patch header follows DEP-3: http://dep.debian.net/deps/dep3/
Index: freeimage/Source/FreeImage/PluginPCX.cpp
===================================================================
--- freeimage.orig/Source/FreeImage/PluginPCX.cpp
+++ freeimage/Source/FreeImage/PluginPCX.cpp
@@ -347,12 +347,14 @@ Load(FreeImageIO *io, fi_handle handle,
try {
// check PCX identifier
-
- long start_pos = io->tell_proc(handle);
- BOOL validated = pcx_validate(io, handle);
- io->seek_proc(handle, start_pos, SEEK_SET);
- if(!validated) {
- throw FI_MSG_ERROR_MAGIC_NUMBER;
+ // (note: should have been already validated using FreeImage_GetFileType but check again)
+ {
+ long start_pos = io->tell_proc(handle);
+ BOOL validated = pcx_validate(io, handle);
+ io->seek_proc(handle, start_pos, SEEK_SET);
+ if(!validated) {
+ throw FI_MSG_ERROR_MAGIC_NUMBER;
+ }
}
// process the header
@@ -366,20 +368,38 @@ Load(FreeImageIO *io, fi_handle handle,
SwapHeader(&header);
#endif
- // allocate a new DIB
+ // process the window
+ const WORD *window = header.window; // left, upper, right,lower pixel coord.
+ const int left = window[0];
+ const int top = window[1];
+ const int right = window[2];
+ const int bottom = window[3];
- unsigned width = header.window[2] - header.window[0] + 1;
- unsigned height = header.window[3] - header.window[1] + 1;
- unsigned bitcount = header.bpp * header.planes;
-
- if (bitcount == 24) {
- dib = FreeImage_AllocateHeader(header_only, width, height, bitcount, FI_RGBA_RED_MASK, FI_RGBA_GREEN_MASK, FI_RGBA_BLUE_MASK);
- } else {
- dib = FreeImage_AllocateHeader(header_only, width, height, bitcount);
+ // check image size
+ if((left >= right) || (top >= bottom)) {
+ throw FI_MSG_ERROR_PARSING;
}
- // if the dib couldn't be allocated, throw an error
+ const unsigned width = right - left + 1;
+ const unsigned height = bottom - top + 1;
+ const unsigned bitcount = header.bpp * header.planes;
+
+ // allocate a new DIB
+ switch(bitcount) {
+ case 1:
+ case 4:
+ case 8:
+ dib = FreeImage_AllocateHeader(header_only, width, height, bitcount);
+ break;
+ case 24:
+ dib = FreeImage_AllocateHeader(header_only, width, height, bitcount, FI_RGBA_RED_MASK, FI_RGBA_GREEN_MASK, FI_RGBA_BLUE_MASK);
+ break;
+ default:
+ throw FI_MSG_ERROR_DIB_MEMORY;
+ break;
+ }
+ // if the dib couldn't be allocated, throw an error
if (!dib) {
throw FI_MSG_ERROR_DIB_MEMORY;
}
@@ -426,19 +446,23 @@ Load(FreeImageIO *io, fi_handle handle,
if (palette_id == 0x0C) {
BYTE *cmap = (BYTE*)malloc(768 * sizeof(BYTE));
- io->read_proc(cmap, 768, 1, handle);
- pal = FreeImage_GetPalette(dib);
- BYTE *pColormap = &cmap[0];
+ if(cmap) {
+ io->read_proc(cmap, 768, 1, handle);
- for(int i = 0; i < 256; i++) {
- pal[i].rgbRed = pColormap[0];
- pal[i].rgbGreen = pColormap[1];
- pal[i].rgbBlue = pColormap[2];
- pColormap += 3;
+ pal = FreeImage_GetPalette(dib);
+ BYTE *pColormap = &cmap[0];
+
+ for(int i = 0; i < 256; i++) {
+ pal[i].rgbRed = pColormap[0];
+ pal[i].rgbGreen = pColormap[1];
+ pal[i].rgbBlue = pColormap[2];
+ pColormap += 3;
+ }
+
+ free(cmap);
}
- free(cmap);
}
// wrong palette ID, perhaps a gray scale is needed ?
@@ -466,9 +490,9 @@ Load(FreeImageIO *io, fi_handle handle,
// calculate the line length for the PCX and the DIB
// length of raster line in bytes
- unsigned linelength = header.bytes_per_line * header.planes;
+ const unsigned linelength = header.bytes_per_line * header.planes;
// length of DIB line (rounded to DWORD) in bytes
- unsigned pitch = FreeImage_GetPitch(dib);
+ const unsigned pitch = FreeImage_GetPitch(dib);
// run-length encoding ?

View file

@ -1,34 +0,0 @@
From: Debian Science Maintainers
<debian-science-maintainers@lists.alioth.debian.org>
Date: Mon, 10 Oct 2016 08:22:44 +0100
Subject: CVE-2016-5684
---
Source/FreeImage/PluginXPM.cpp | 7 ++++++-
1 file changed, 6 insertions(+), 1 deletion(-)
diff --git a/Source/FreeImage/PluginXPM.cpp b/Source/FreeImage/PluginXPM.cpp
index a698321..cc7bd07 100644
--- a/Source/FreeImage/PluginXPM.cpp
+++ b/Source/FreeImage/PluginXPM.cpp
@@ -181,6 +181,11 @@ Load(FreeImageIO *io, fi_handle handle, int page, int flags, void *data) {
}
free(str);
+ // check info string
+ if((width <= 0) || (height <= 0) || (colors <= 0) || (cpp <= 0)) {
+ throw "Improperly formed info string";
+ }
+
if (colors > 256) {
dib = FreeImage_AllocateHeader(header_only, width, height, 24, FI_RGBA_RED_MASK, FI_RGBA_GREEN_MASK, FI_RGBA_BLUE_MASK);
} else {
@@ -193,7 +198,7 @@ Load(FreeImageIO *io, fi_handle handle, int page, int flags, void *data) {
FILE_RGBA rgba;
str = ReadString(io, handle);
- if(!str)
+ if(!str || (strlen(str) < (size_t)cpp))
throw "Error reading color strings";
std::string chrs(str,cpp); //create a string for the color chars using the first cpp chars

File diff suppressed because it is too large Load diff

View file

@ -1,4 +1,4 @@
https://src.fedoraproject.org/cgit/rpms/freeimage.git/tree/FreeImage-3.17.0_unbundle.patch
https://src.fedoraproject.org/cgit/rpms/freeimage.git/tree/FreeImage_unbundle.patch
diff -rupN FreeImage/genfipsrclist.sh FreeImage-new/genfipsrclist.sh
--- FreeImage/genfipsrclist.sh 2015-02-20 10:52:16.000000000 +0100
@ -25,10 +25,10 @@ diff -rupN FreeImage/gensrclist.sh FreeImage-new/gensrclist.sh
#!/bin/sh
-DIRLIST=". Source Source/Metadata Source/FreeImageToolkit Source/LibJPEG Source/LibPNG Source/LibTIFF4 Source/ZLib Source/LibOpenJPEG Source/OpenEXR Source/OpenEXR/Half Source/OpenEXR/Iex Source/OpenEXR/IlmImf Source/OpenEXR/IlmThread Source/OpenEXR/Imath Source/OpenEXR/IexMath Source/LibRawLite Source/LibRawLite/dcraw Source/LibRawLite/internal Source/LibRawLite/libraw Source/LibRawLite/src Source/LibWebP Source/LibJXR Source/LibJXR/common/include Source/LibJXR/image/sys Source/LibJXR/jxrgluelib"
+DIRLIST=". Source Source/Metadata Source/FreeImageToolkit Source/LibJXR Source/LibJXR/common/include Source/LibJXR/image/sys Source/LibJXR/jxrgluelib"
+DIRLIST=". Source Source/Metadata Source/FreeImageToolkit"
echo "VER_MAJOR = 3" > Makefile.srcs
echo "VER_MINOR = 17.0" >> Makefile.srcs
echo "VER_MINOR = 18.0" >> Makefile.srcs
diff -rupN FreeImage/Makefile.fip FreeImage-new/Makefile.fip
--- FreeImage/Makefile.fip 2015-03-08 18:03:56.000000000 +0100
+++ FreeImage-new/Makefile.fip 2015-09-05 02:14:09.212684028 +0200
@ -90,8 +90,8 @@ diff -rupN FreeImage/Makefile.gnu FreeImage-new/Makefile.gnu
-# LibJXR
-CXXFLAGS += -D__ANSI__
-CXXFLAGS += $(INCLUDE)
+override CFLAGS += $(INCLUDE) -D__ANSI__ $(shell pkg-config --cflags OpenEXR libopenjp2 libraw libpng libtiff-4 libwebp libwebpmux zlib)
+override LDFLAGS += -ljpeg $(shell pkg-config --libs OpenEXR libopenjp2 libraw libpng libtiff-4 libwebp libwebpmux zlib)
+override CFLAGS += $(INCLUDE) -D__ANSI__ -I/usr/include/jxrlib $(shell pkg-config --cflags OpenEXR libopenjp2 libraw libpng libtiff-4 libwebp libwebpmux zlib)
+override LDFLAGS += -ljpeg -ljpegxr -ljxrglue $(shell pkg-config --libs OpenEXR libopenjp2 libraw libpng libtiff-4 libwebp libwebpmux zlib)
ifeq ($(shell sh -c 'uname -m 2>/dev/null || echo not'),x86_64)
- CFLAGS += -fPIC
@ -215,6 +215,18 @@ diff -rupN FreeImage/Source/FreeImage/PluginJPEG.cpp FreeImage-new/Source/FreeIm
}
#include "FreeImage.h"
diff -rupN FreeImage/Source/FreeImage/PluginJXR.cpp FreeImage-new/Source/FreeImage/PluginJXR.cpp
--- FreeImage/Source/FreeImage/PluginJXR.cpp 2015-03-03 23:07:08.000000000 +0100
+++ FreeImage-new/Source/FreeImage/PluginJXR.cpp 2018-07-31 23:37:58.561953201 +0200
@@ -23,7 +23,7 @@
#include "Utilities.h"
#include "../Metadata/FreeImageTag.h"
-#include "../LibJXR/jxrgluelib/JXRGlue.h"
+#include <JXRGlue.h>
// ==========================================================
// Plugin Interface
diff -rupN FreeImage/Source/FreeImage/PluginPNG.cpp FreeImage-new/Source/FreeImage/PluginPNG.cpp
--- FreeImage/Source/FreeImage/PluginPNG.cpp 2015-03-10 20:16:12.000000000 +0100
+++ FreeImage-new/Source/FreeImage/PluginPNG.cpp 2015-09-05 02:13:52.044353363 +0200
@ -241,38 +253,39 @@ diff -rupN FreeImage/Source/FreeImage/PluginRAW.cpp FreeImage-new/Source/FreeIma
#include "FreeImage.h"
#include "Utilities.h"
diff -rupN FreeImage/Source/FreeImage/PluginTIFF.cpp FreeImage-new/Source/FreeImage/PluginTIFF.cpp
--- FreeImage/Source/FreeImage/PluginTIFF.cpp 2015-03-02 02:07:08.000000000 +0100
+++ FreeImage-new/Source/FreeImage/PluginTIFF.cpp 2015-09-05 02:13:52.044353363 +0200
@@ -37,9 +37,9 @@
#include "FreeImage.h"
#include "Utilities.h"
-#include "../LibTIFF4/tiffiop.h"
+#include <tiffio.h>
#include "../Metadata/FreeImageTag.h"
-#include "../OpenEXR/Half/half.h"
+#include <OpenEXR/half.h>
#include "FreeImageIO.h"
#include "PSDParser.h"
@@ -194,16 +194,6 @@ TIFFFdOpen(thandle_t handle, const char
return tif;
}
-/**
-Open a TIFF file for reading or writing
-@param name
-@param mode
-*/
-TIFF*
-TIFFOpen(const char* name, const char* mode) {
- return 0;
-}
-
// ----------------------------------------------------------
// TIFF library FreeImage-specific routines.
// ----------------------------------------------------------
#include "FreeImage.h"
#include "Utilities.h"
-#include "../LibTIFF4/tiffiop.h"
+#include <tiffio.h>
#include "../Metadata/FreeImageTag.h"
-#include "../OpenEXR/Half/half.h"
+#include <OpenEXR/half.h>
#include "FreeImageIO.h"
#include "PSDParser.h"
@@ -194,16 +194,6 @@ TIFFFdOpen(thandle_t handle, const char *name, const char *mode) {
return tif;
}
-/**
-Open a TIFF file for reading or writing
-@param name
-@param mode
-*/
-TIFF*
-TIFFOpen(const char* name, const char* mode) {
- return 0;
-}
-
// ----------------------------------------------------------
// TIFF library FreeImage-specific routines.
// ----------------------------------------------------------
diff -rupN FreeImage/Source/FreeImage/PluginWebP.cpp FreeImage-new/Source/FreeImage/PluginWebP.cpp
--- FreeImage/Source/FreeImage/PluginWebP.cpp 2015-03-02 02:07:08.000000000 +0100
+++ FreeImage-new/Source/FreeImage/PluginWebP.cpp 2015-09-05 02:13:52.044353363 +0200
@ -282,15 +295,81 @@ diff -rupN FreeImage/Source/FreeImage/PluginWebP.cpp FreeImage-new/Source/FreeIm
-#include "../LibWebP/src/webp/decode.h"
-#include "../LibWebP/src/webp/encode.h"
-#include "../LibWebP/src/enc/vp8enci.h"
-#include "../LibWebP/src/webp/mux.h"
+#include <webp/decode.h>
+#include <webp/encode.h>
+// #include "../LibWebP/src/enc/vp8enci.h"
+#include <webp/mux.h>
// ==========================================================
// Plugin Interface
diff -rupN FreeImage/Source/FreeImage/PSDParser.cpp FreeImage-new/Source/FreeImage/PSDParser.cpp
--- FreeImage/Source/FreeImage/PSDParser.cpp 2016-02-11 03:18:02.000000000 +0100
+++ FreeImage-new/Source/FreeImage/PSDParser.cpp 2018-08-01 00:17:18.323822675 +0200
@@ -133,8 +133,8 @@ public:
template <>
class PSDGetValue<8> {
public:
- static inline UINT64 get(const BYTE * iprBuffer) {
- UINT64 v = ((const UINT64*)iprBuffer)[0];
+ static inline uint64_t get(const BYTE * iprBuffer) {
+ uint64_t v = ((const uint64_t*)iprBuffer)[0];
#ifndef FREEIMAGE_BIGENDIAN
SwapInt64(&v);
#endif
@@ -147,7 +147,7 @@ public:
// --------------------------------------------------------------------------
-static UINT64
+static uint64_t
psdReadSize(FreeImageIO *io, fi_handle handle, const psdHeaderInfo& header) {
if(header._Version == 1) {
BYTE Length[4];
@@ -199,11 +199,11 @@ public:
template <>
class PSDSetValue<8> {
public:
- static inline void set(const BYTE * iprBuffer, UINT64 v) {
+ static inline void set(const BYTE * iprBuffer, uint64_t v) {
#ifndef FREEIMAGE_BIGENDIAN
SwapInt64(&v);
#endif
- ((UINT64*)iprBuffer)[0] = v;
+ ((uint64_t*)iprBuffer)[0] = v;
}
};
@@ -213,7 +213,7 @@ public:
// --------------------------------------------------------------------------
static inline bool
-psdWriteSize(FreeImageIO *io, fi_handle handle, const psdHeaderInfo& header, UINT64 v) {
+psdWriteSize(FreeImageIO *io, fi_handle handle, const psdHeaderInfo& header, uint64_t v) {
if(header._Version == 1) {
BYTE Length[4];
psdSetLongValue(Length, sizeof(Length), (DWORD)v);
@@ -1063,10 +1063,10 @@ unsigned psdParser::GetChannelOffset(FIB
bool psdParser::ReadLayerAndMaskInfoSection(FreeImageIO *io, fi_handle handle) {
bool bSuccess = true;
- UINT64 nTotalBytes = psdReadSize(io, handle, _headerInfo);
+ uint64_t nTotalBytes = psdReadSize(io, handle, _headerInfo);
// Hack to handle large PSB files without using fseeko().
- if (sizeof(long) < sizeof(UINT64)) {
+ if (sizeof(long) < sizeof(uint64_t)) {
const long offset = 0x10000000;
while (nTotalBytes > offset) {
if (io->seek_proc(handle, offset, SEEK_CUR) != 0) {
@@ -1672,7 +1672,7 @@ bool psdParser::WriteLayerAndMaskInfoSec
// Short section with no layers.
BYTE IntValue[4];
- UINT64 size;
+ uint64_t size;
if(_headerInfo._Version == 1) {
size = 8;
} else {
diff -rupN FreeImage/Source/FreeImage/ZLibInterface.cpp FreeImage-new/Source/FreeImage/ZLibInterface.cpp
--- FreeImage/Source/FreeImage/ZLibInterface.cpp 2015-03-02 02:07:10.000000000 +0100
+++ FreeImage-new/Source/FreeImage/ZLibInterface.cpp 2015-09-05 02:13:52.044353363 +0200
@ -536,3 +615,21 @@ diff -rupN FreeImage/Source/Metadata/XTIFF.cpp FreeImage-new/Source/Metadata/XTI
if(skip_write_field(tif, tag_id)) {
// skip tags that are already handled by the LibTIFF writing process
diff -rupN FreeImage/Source/Utilities.h FreeImage-new/Source/Utilities.h
--- FreeImage/Source/Utilities.h 2016-04-11 15:15:32.000000000 +0200
+++ FreeImage-new/Source/Utilities.h 2018-08-01 00:16:29.826825358 +0200
@@ -446,12 +446,12 @@ SwapLong(DWORD *lp) {
}
inline void
-SwapInt64(UINT64 *arg) {
+SwapInt64(uint64_t *arg) {
#if defined(_MSC_VER) && _MSC_VER >= 1310
*arg = _byteswap_uint64(*arg);
#else
union Swap {
- UINT64 sv;
+ uint64_t sv;
DWORD ul[2];
} tmp, result;
tmp.sv = *arg;