SECURITY update to jbigkit 2.1 (no ABI change)

- fixed a buffer-overflow vulnerability in the jbig.c decoder,
    reported by Florian Weimer (Red Hat): CVE-2013-6369

  - fixed ability of corrupted input data to force jbig85.c decoder
    into an end-less loop

  - fixed a bug in the processing of private deterministic-prediction
    tables (DPPRIV=1) in jbig.c decoder

  - fixed integer-type mismatches in printf arguments on 64-bit systems

  - fuzz-testing script added

graphics/jbigkit/Makefile

@@ -1,28 +1,26 @@
-# $OpenBSD: Makefile,v 1.42 2013/09/21 23:15:12 naddy Exp $
+# $OpenBSD: Makefile,v 1.43 2014/04/08 13:59:32 sthen Exp $
 
-COMMENT =		lossless image compression library, with lightweight version
-REVISION =		0
+COMMENT =	lossless image compression library, with lightweight version
 
-DISTNAME =		jbigkit-2.0
+DISTNAME =	jbigkit-2.1
 
-SHARED_LIBS +=		jbig   3.0 # 2.0
-SHARED_LIBS +=		jbig85 3.0 # 2.0
+SHARED_LIBS +=	jbig   3.0 # 2.0
+SHARED_LIBS +=	jbig85 3.0 # 2.0
 
-CATEGORIES =		graphics
+CATEGORIES =	graphics
 
-HOMEPAGE =		http://www.cl.cam.ac.uk/~mgk25/jbigkit/
+HOMEPAGE =	http://www.cl.cam.ac.uk/~mgk25/jbigkit/
 
-# GPLv2
+# GPLv2+
 PERMIT_PACKAGE_CDROM =	Yes
 
 WANTLIB += c
 
-MASTER_SITES =		http://www.cl.cam.ac.uk/~mgk25/download/
+MASTER_SITES =	http://www.cl.cam.ac.uk/~mgk25/download/
 
-MAKE_FLAGS =		CC="${CC}" CCFLAGS="${CFLAGS} -Wall" VERSION="${LIBjbig_VERSION}"
-MAKE_ENV =		LD_LIBRARY_PATH="${WRKSRC}/libjbig"
-
-WRKDIST =		${WRKDIR}/jbigkit
+MAKE_FLAGS =	CC="${CC}" CFLAGS="${CFLAGS} -Wall" \
+		VERSION="${LIBjbig_VERSION}"
+MAKE_ENV =	LD_LIBRARY_PATH="${WRKSRC}/libjbig"
 
 do-install:
 	${INSTALL_MAN_DIR} ${PREFIX}/man/man1

graphics/jbigkit/distinfo

@@ -1,2 +1,2 @@
-SHA256 (jbigkit-2.0.tar.gz) = 9r5haV0Y1jFZYeRz7akiUv3s+WNpA7+/R2ai7v8fF+4=
-SIZE (jbigkit-2.0.tar.gz) = 435027
+SHA256 (jbigkit-2.1.tar.gz) = 3nEGtr+vSV1oZcfdesbKE4G9EuDYFAXqgefyFnJj2TI=
+SIZE (jbigkit-2.1.tar.gz) = 438710

graphics/jbigkit/patches/patch-Makefile

@@ -1,34 +1,12 @@
-$OpenBSD: patch-Makefile,v 1.4 2013/04/13 08:53:10 ajacoutot Exp $
---- Makefile.orig	Sat Aug 30 21:40:22 2008
-+++ Makefile	Fri Apr 12 15:07:03 2013
-@@ -13,22 +13,22 @@ CFLAGS = $(CCFLAGS) -I../libjbig
- VERSION=2.0
+$OpenBSD: patch-Makefile,v 1.5 2014/04/08 13:59:32 sthen Exp $
+--- Makefile.orig	Tue Apr  8 14:41:53 2014
++++ Makefile	Tue Apr  8 14:42:35 2014
+@@ -7,8 +7,6 @@ CC = gcc
+ CFLAGS = -O2 -W -Wno-unused-result
+ # CFLAGS = -O -g -W -Wall -Wno-unused-result -ansi -pedantic # -DDEBUG
+ 
+-export CC CFLAGS
+-
+ VERSION=2.1
  
  all: lib pbm
--	@echo "Enter 'make test' in order to start some automatic tests."
-+#	@echo "Enter '$(MAKE) test' in order to start some automatic tests."
- 
- lib:
--	(cd libjbig;  make "CC=$(CC)" "CFLAGS=$(CFLAGS)")
-+	(cd libjbig;  $(MAKE) "CC=$(CC)" "CFLAGS=$(CFLAGS)" "VERSION=$(VERSION)")
- 
- pbm: lib
--	(cd pbmtools; make "CC=$(CC)" "CFLAGS=$(CFLAGS)")
-+	(cd pbmtools; $(MAKE) "CC=$(CC)" "CFLAGS=$(CFLAGS)")
- 
--test: lib pbm
--	(cd libjbig;  make "CC=$(CC)" "CFLAGS=$(CFLAGS)" test)
--	(cd pbmtools; make "CC=$(CC)" "CFLAGS=$(CFLAGS)" test)
-+test regress: lib pbm
-+	(cd libjbig;  $(MAKE) "CC=$(CC)" "CFLAGS=$(CFLAGS)" test)
-+	(cd pbmtools; $(MAKE) "CC=$(CC)" "CFLAGS=$(CFLAGS)" test)
- 
- clean:
- 	rm -f *~ core
--	(cd libjbig; make clean)
--	(cd pbmtools; make clean)
-+	(cd libjbig; $(MAKE) clean)
-+	(cd pbmtools; $(MAKE) clean)
- 
- distribution: clean
- 	rm -f libjbig/libjbig*.a

graphics/jbigkit/patches/patch-libjbig_Makefile

@@ -1,24 +1,22 @@
-$OpenBSD: patch-libjbig_Makefile,v 1.7 2013/08/06 17:03:51 miod Exp $
---- libjbig/Makefile.orig	Sat Aug 30 17:20:52 2008
-+++ libjbig/Makefile	Mon Aug  5 04:47:03 2013
-@@ -7,8 +7,14 @@ CC = gcc
+$OpenBSD: patch-libjbig_Makefile,v 1.8 2014/04/08 13:59:32 sthen Exp $
+--- libjbig/Makefile.orig	Thu Mar 27 18:47:15 2014
++++ libjbig/Makefile	Tue Apr  8 14:36:15 2014
+@@ -6,7 +6,13 @@ CC = gcc
  # Options for the compiler: A high optimization level is suggested
- CFLAGS = -g -O -Wall -ansi -pedantic # --coverage
+ CFLAGS = -g -O -W -Wall -ansi -pedantic # --coverage
  
--all: libjbig.a tstcodec tstcodec85
 +PICFLAG= -fpic
- 
-+.if defined(NO_SHARED_LIBS) && ${NO_SHARED_LIBS:L} == "yes"
-+all: libjbig.a libjbig85.a
-+.else
-+all: libjbig.a libjbig.so.$(VERSION) libjbig85.a libjbig85.so.$(VERSION)
-+.endif
 +
- tstcodec: tstcodec.o jbig.o jbig_ar.o
- 	$(CC) $(CFLAGS) -o tstcodec $+
++.if defined(NO_SHARED_LIBS) && ${NO_SHARED_LIBS:L} == "yes"
+ all: libjbig.a libjbig85.a tstcodec tstcodec85
++.else
++all: libjbig.a libjbig.so.$(VERSION) libjbig85.a libjbig85.so.$(VERSION) tstcodec tstcodec85
++.endif
  
-@@ -16,15 +22,28 @@ tstcodec85: tstcodec85.o jbig85.o jbig_ar.o
- 	$(CC) $(CFLAGS) -o tstcodec85 $+
+ tstcodec: tstcodec.o jbig.o jbig_ar.o
+ 	$(CC) $(CFLAGS) -o tstcodec tstcodec.o jbig.o jbig_ar.o
+@@ -15,15 +21,28 @@ tstcodec85: tstcodec85.o jbig85.o jbig_ar.o
+ 	$(CC) $(CFLAGS) -o tstcodec85 tstcodec85.o jbig85.o jbig_ar.o
  
  libjbig.a: jbig.o jbig_ar.o
 -	rm -f libjbig.a
@@ -52,10 +50,11 @@ $OpenBSD: patch-libjbig_Makefile,v 1.7 2013/08/06 17:03:51 miod Exp $
  jbig.o: jbig.c jbig.h jbig_ar.h
  jbig85.o: jbig85.c jbig85.h jbig_ar.h
  jbig_ar.o: jbig_ar.c jbig_ar.h
-@@ -44,5 +63,4 @@ t82test.pbm: tstcodec
+@@ -50,6 +69,5 @@ t82test.pbm: tstcodec
  	./tstcodec $@
  
  clean:
--	rm -f *.{o,gcda,gcno,gcov} *~ core gmon.out dbg_d\=??.pbm t82test.pbm
--	rm -f tstcodec tstcodec85
+-	rm -f *.o *.gcda *.gcno *.gcov *.plist *~ core gmon.out dbg_d\=??.pbm
+-	rm -f t82test.pbm
 +	rm -f *.{o,gcda,gcno,gcov} *~ core gmon.out dbg_d\=??.pbm libjbig.so.$(VERSION) libjbig85.so.$(VERSION)
+ 	rm -f tstcodec tstcodec85

graphics/jbigkit/patches/patch-pbmtools_Makefile

@@ -1,13 +1,47 @@
-$OpenBSD: patch-pbmtools_Makefile,v 1.3 2013/04/13 08:53:10 ajacoutot Exp $
---- pbmtools/Makefile.orig	Mon Aug 25 23:26:39 2008
-+++ pbmtools/Makefile	Fri Apr 12 15:05:35 2013
-@@ -9,8 +9,7 @@ CFLAGS = -g -Wall -ansi -pedantic -I../libjbig # --cov
- 
+$OpenBSD: patch-pbmtools_Makefile,v 1.4 2014/04/08 13:59:32 sthen Exp $
+--- pbmtools/Makefile.orig	Thu Mar 27 18:47:15 2014
++++ pbmtools/Makefile	Tue Apr  8 14:54:55 2014
+@@ -10,7 +10,7 @@ CPPFLAGS = -I../libjbig 
  .SUFFIXES: .1 .5 .txt $(SUFFIXES)
+ .PHONY: txt test test82 test85 clean
  
--all: pbmtojbg jbgtopbm pbmtojbg85 jbgtopbm85 \
--	pbmtojbg.txt jbgtopbm.txt pbm.txt pgm.txt
+-all: pbmtojbg jbgtopbm pbmtojbg85 jbgtopbm85 txt
 +all: pbmtojbg jbgtopbm pbmtojbg85 jbgtopbm85
  
- pbmtojbg: pbmtojbg.o ../libjbig/libjbig.a
- 	$(CC) $(CFLAGS) -o pbmtojbg pbmtojbg.o -L../libjbig -ljbig
+ txt: pbmtojbg.txt jbgtopbm.txt pbm.txt pgm.txt
+ 
+@@ -33,11 +33,11 @@ pbmtojbg85.o: pbmtojbg85.c ../libjbig/jbig85.h
+ 
+ ../libjbig/libjbig.a: ../libjbig/jbig.c ../libjbig/jbig.h \
+ 	../libjbig/jbig_ar.c ../libjbig/jbig_ar.h
+-	make -C ../libjbig libjbig.a
++	cd ../libjbig; $(MAKE) libjbig.a
+ 
+ ../libjbig/libjbig85.a: ../libjbig/jbig85.c ../libjbig/jbig85.h \
+ 	../libjbig/jbig_ar.c ../libjbig/jbig_ar.h
+-	make -C ../libjbig libjbig85.a
++	cd ../libjbig; $(MAKE) libjbig85.a
+ 
+ analyze:
+ 	clang $(CPPFLAGS) --analyze *.c
+@@ -111,8 +111,11 @@ test85: pbmtojbg jbgtopbm pbmtojbg85 jbgtopbm85 test-t
+ 	make IMG=t82 "OPTIONSP=-Y -1 1920" dotest85
+ 	make IMG=t82 "OPTIONSP=-Y -1 1949" dotest85
+ 	make IMG=t82 "OPTIONSP=-Y -1 1950" dotest85
++	make IMG=ccitt1 dotest1
+ 	make IMG=ccitt1 dotest85
++	make IMG=ccitt2 dotest1
+ 	make IMG=ccitt2 dotest85
++	make IMG=ccitt3 dotest1
+ 	make IMG=ccitt3 dotest85
+ 	rm -f test-*.jbg test-*.jbg85 test-*.pbm
+ 	@echo
+@@ -147,7 +150,7 @@ test-%.pbm: ../examples/%.jbg
+ 	./jbgtopbm $< $@
+ 
+ test-t82.pbm:
+-	make -C ../libjbig tstcodec
++	cd ../libjbig; $(MAKE) tstcodec
+ 	../libjbig/tstcodec $@
+ 
+ FOPT=-c 1000 -p 300000 -m 3

graphics/jbigkit/patches/patch-pbmtools_jbgtopbm_c

@@ -1,101 +0,0 @@
-$OpenBSD: patch-pbmtools_jbgtopbm_c,v 1.2 2013/04/13 08:53:10 ajacoutot Exp $
---- pbmtools/jbgtopbm.c.orig	Wed Aug 27 22:37:45 2008
-+++ pbmtools/jbgtopbm.c	Fri Apr 12 15:05:35 2013
-@@ -110,7 +110,7 @@ void fprint_bytes(FILE *f, unsigned char *p, size_t le
-   for (i = 0; i < len && i < max; i++)
-     fprintf(f, "%02x ", p[i]);
-   if (len > i)
--    fprintf(f, "... %d bytes total", len);
-+    fprintf(f, "... %zd bytes total", len);
-   fprintf(f, "\n");
- }
- 
-@@ -134,7 +134,7 @@ void diagnose_bie(FILE *fin)
-   /* read BIH */
-   read_file(&bie, &buflen, &len, fin);
-   if (len < 20) {
--    fprintf(f, "Error: Input file is %d < 20 bytes long and therefore "
-+    fprintf(f, "Error: Input file is %zd < 20 bytes long and therefore "
- 	    "does not contain an intact BIE header!\n", len);
-     return;
-   }
-@@ -188,18 +188,18 @@ void diagnose_bie(FILE *fin)
-       == (JBG_DPON | JBG_DPPRIV))
-     p += 1728;  /* skip DPTABLE */
-   if (p > bie + len) {
--    fprintf(f, "Error: Input file is %d < 20+1728 bytes long and therefore "
-+    fprintf(f, "Error: Input file is %zd < 20+1728 bytes long and therefore "
- 	    "does not contain an intact BIE header with DPTABLE!\n", len);
-     return;
-   }
-   while (p != bie + len) {
-     if (p > bie + len - 2) {
--      fprintf(f, "%06x: Error: single byte 0x%02x left\n", p - bie, *p);
-+      fprintf(f, "%06tx: Error: single byte 0x%02x left\n", p - bie, *p);
-       return;
-     }
-     pnext = jbg_next_pscdms(p, len - (p - bie));
-     if (p[0] != MARKER_ESC || p[1] == MARKER_STUFF) {
--      fprintf(f, "%06x: PSCD: ", p - bie);
-+      fprintf(f, "%06tx: PSCD: ", p - bie);
-       fprint_bytes(f, p, pnext ? (size_t) (pnext - p) : len - (p - bie), 60);
-       if (!pnext) {
- 	fprintf(f, "Error: PSCD not terminated by SDNORM or SDRST marker\n");
-@@ -209,7 +209,7 @@ void diagnose_bie(FILE *fin)
-       switch (p[1]) {
-       case MARKER_SDNORM:
-       case MARKER_SDRST:
--	fprintf(f, "%06x: ESC %s, ending SDE #%lu", p - bie,
-+	fprintf(f, "%06tx: ESC %s, ending SDE #%lu", p - bie,
- 		(p[1] == MARKER_SDNORM) ? "SDNORM" : "SDRST", ++sde);
- 	if (sde == sdes)
- 	  fprintf(f, " (final SDE)");
-@@ -219,10 +219,10 @@ void diagnose_bie(FILE *fin)
- 	fprintf(f, "\n");
- 	break;
-       case MARKER_ABORT:
--	fprintf(f, "%06x: ESC ABORT\n", p - bie);
-+	fprintf(f, "%06tx: ESC ABORT\n", p - bie);
- 	break;
-       case MARKER_NEWLEN:
--	fprintf(f, "%06x: ESC NEWLEN ", p - bie);
-+	fprintf(f, "%06tx: ESC NEWLEN ", p - bie);
- 	if (p + 5 < bie + len) {
- 	  fprintf(f, "YD = %lu\n",
- 		  yd = (((long) p[2] << 24) | ((long) p[3] << 16) |
-@@ -242,7 +242,7 @@ void diagnose_bie(FILE *fin)
- 	  fprintf(f, "unexpected EOF\n");
- 	break;
-       case MARKER_ATMOVE:
--	fprintf(f, "%06x: ESC ATMOVE ", p - bie);
-+	fprintf(f, "%06tx: ESC ATMOVE ", p - bie);
- 	if (p + 7 < bie + len)
- 	  fprintf(f, "YAT = %lu, tX = %d, tY = %d\n",
- 		  (((long) p[2] << 24) | ((long) p[3] << 16) |
-@@ -251,7 +251,7 @@ void diagnose_bie(FILE *fin)
- 	  fprintf(f, "unexpected EOF\n");
- 	break;
-       case MARKER_COMMENT:
--	fprintf(f, "%06x: ESC COMMENT ", p - bie);
-+	fprintf(f, "%06tx: ESC COMMENT ", p - bie);
- 	if (p + 5 < bie + len)
- 	  fprintf(f, "LC = %lu\n",
- 		  (((long) p[2] << 24) | ((long) p[3] << 16) |
-@@ -260,7 +260,7 @@ void diagnose_bie(FILE *fin)
- 	  fprintf(f, "unexpected EOF\n");
- 	break;
-       default:
--	fprintf(f, "%06x: ESC 0x%02x\n", p - bie, p[1]);
-+	fprintf(f, "%06tx: ESC 0x%02x\n", p - bie, p[1]);
-       }
-     if (!pnext) {
-       fprintf(f, "Error encountered!\n");
-@@ -372,7 +372,7 @@ int main (int argc, char **argv)
-   /* read BIH first to check VLENGTH */
-   len = fread(buffer, 1, 20, fin);
-   if (len < 20) {
--    fprintf(stderr, "Input file '%s' (%d bytes) must be at least "
-+    fprintf(stderr, "Input file '%s' (%zd bytes) must be at least "
- 	    "20 bytes long\n", fnin, len);
-     if (fout != stdout) {
-       fclose(fout);