SECURITY update to jpeg-2.0.0v0.

- CVE-2018-11813
- lots of bugfixes

Survived a bulk build and heavy Desktop usage.
from Brad

graphics/jpeg/Makefile

@@ -1,13 +1,13 @@
-# $OpenBSD: Makefile,v 1.58 2018/01/09 21:05:48 rsadowski Exp $
+# $OpenBSD: Makefile,v 1.59 2018/10/01 07:08:22 ajacoutot Exp $
 
 COMMENT=	SIMD-accelerated JPEG codec replacement of libjpeg
 
-V=		1.5.3
+V=		2.0.0
 DISTNAME=	jpeg-turbo-${V}
 PKGNAME=	jpeg-${V}
 EPOCH=		0
 
-SHARED_LIBS+=	jpeg		68.1	# 64.0
+SHARED_LIBS+=	jpeg		69.0	# 64.0
 
 CATEGORIES=	graphics
 DPB_PROPERTIES=	parallel
@@ -22,16 +22,15 @@ DISTFILES=	libjpeg-turbo-${V}.tar.gz
 
 WANTLIB=	c
 
+MODULES=	devel/cmake
+
 .if ${MACHINE_ARCH} == "amd64" || ${MACHINE_ARCH} == "i386"
 BUILD_DEPENDS=	devel/yasm
 .endif
 
 SEPARATE_BUILD=	Yes
-CONFIGURE_STYLE=gnu
-
-# Symbol versioning triggers weird linking problems in dependent ports.
-CONFIGURE_ARGS+=--disable-ld-version-script \
-		--without-turbojpeg
+CONFIGURE_ARGS+=-DCMAKE_INSTALL_PREFIX="${PREFIX}" \
+		-DWITH_TURBOJPEG=False
 
 WRKDIST=	${WRKDIR}/lib${DISTNAME}
 
@@ -40,6 +39,8 @@ post-install:
 	${INSTALL_DATA} ${WRKSRC}/libjpeg.txt ${WRKSRC}/wizard.txt \
 	    ${PREFIX}/share/doc/jpeg
 	${INSTALL_DATA_DIR} ${PREFIX}/share/examples/jpeg
-	${INSTALL_DATA} ${WRKSRC}/example.c ${PREFIX}/share/examples/jpeg
+	${INSTALL_DATA} ${WRKSRC}/example.txt ${PREFIX}/share/examples/jpeg
+	# the turbojpeg wrapper library is disabled
+	rm ${PREFIX}/lib/pkgconfig/libturbojpeg.pc
 
 .include <bsd.port.mk>

graphics/jpeg/distinfo

@@ -1,2 +1,2 @@
-SHA256 (libjpeg-turbo-1.5.3.tar.gz) = skiQ4rtG4S5yp59+ll9An04WRm0A4d0V2T1z7mtZJSM=
-SIZE (libjpeg-turbo-1.5.3.tar.gz) = 1658672
+SHA256 (libjpeg-turbo-2.0.0.tar.gz) = d4h2EF0NMWIDySj9KgN0yMAfdV0KALEqHIk0rsz/iGg=
+SIZE (libjpeg-turbo-2.0.0.tar.gz) = 2158457

graphics/jpeg/patches/patch-CMakeLists_txt

@@ -0,0 +1,18 @@
+$OpenBSD: patch-CMakeLists_txt,v 1.1 2018/10/01 07:08:22 ajacoutot Exp $
+
+Symbol versioning triggers weird linking problems in dependent ports.
+
+Index: CMakeLists.txt
+--- CMakeLists.txt.orig
++++ CMakeLists.txt
+@@ -451,10 +451,6 @@ message(STATUS "INLINE = ${INLINE} (FORCE_INLINE = ${F
+ 
+ if(UNIX AND NOT APPLE)
+   file(WRITE ${CMAKE_CURRENT_BINARY_DIR}/conftest.map "VERS_1 { global: *; };")
+-  set(CMAKE_REQUIRED_FLAGS
+-    "-Wl,--version-script,${CMAKE_CURRENT_BINARY_DIR}/conftest.map")
+-  check_c_source_compiles("int main(void) { return 0; }" HAVE_VERSION_SCRIPT)
+-  set(CMAKE_REQUIRED_FLAGS)
+   file(REMOVE ${CMAKE_CURRENT_BINARY_DIR}/conftest.map)
+   if(HAVE_VERSION_SCRIPT)
+     message(STATUS "Linker supports GNU-style version scripts")

graphics/jpeg/patches/patch-jerror_c

@@ -1,12 +1,13 @@
-$OpenBSD: patch-jerror_c,v 1.5 2016/06/25 12:34:30 sthen Exp $
+$OpenBSD: patch-jerror_c,v 1.6 2018/10/01 07:08:22 ajacoutot Exp $
 
 This one is slightly problematic.  If an application allocates less
 room for its error buffer than the recommended JMSG_LENGTH_MAX, the
 error message buffer will still overflow.
 
---- jerror.c.orig	Tue Jun  7 18:33:40 2016
-+++ jerror.c	Wed Jun  8 14:19:53 2016
-@@ -189,9 +189,9 @@ format_message (j_common_ptr cinfo, char *buffer)
+Index: jerror.c
+--- jerror.c.orig
++++ jerror.c
+@@ -189,9 +189,9 @@ format_message(j_common_ptr cinfo, char *buffer)
  
    /* Format the message into the passed buffer */
    if (isstring)

graphics/jpeg/patches/patch-wrjpgcom_c

@@ -1,18 +1,19 @@
-$OpenBSD: patch-wrjpgcom_c,v 1.4 2018/01/09 21:05:48 rsadowski Exp $
+$OpenBSD: patch-wrjpgcom_c,v 1.5 2018/10/01 07:08:22 ajacoutot Exp $
+
 Index: wrjpgcom.c
 --- wrjpgcom.c.orig
 +++ wrjpgcom.c
-@@ -452,7 +452,7 @@ main (int argc, char **argv)
-                   (unsigned int) MAX_COM_LENGTH);
+@@ -452,7 +452,7 @@ main(int argc, char **argv)
+                   (unsigned int)MAX_COM_LENGTH);
            exit(EXIT_FAILURE);
          }
--        strcpy(comment_arg, argv[argn]+1);
-+        strlcpy(comment_arg, argv[argn]+1, MAX_COM_LENGTH);
+-        strcpy(comment_arg, argv[argn] + 1);
++        strlcpy(comment_arg, argv[argn] + 1, MAX_COM_LENGTH);
          for (;;) {
-           comment_length = (unsigned int) strlen(comment_arg);
-           if (comment_length > 0 && comment_arg[comment_length-1] == '"') {
-@@ -467,8 +467,8 @@ main (int argc, char **argv)
-                     (unsigned int) MAX_COM_LENGTH);
+           comment_length = (unsigned int)strlen(comment_arg);
+           if (comment_length > 0 && comment_arg[comment_length - 1] == '"') {
+@@ -467,8 +467,8 @@ main(int argc, char **argv)
+                     (unsigned int)MAX_COM_LENGTH);
              exit(EXIT_FAILURE);
            }
 -          strcat(comment_arg, " ");
@@ -20,5 +21,5 @@ Index: wrjpgcom.c
 +          strlcat(comment_arg, " ", MAX_COM_LENGTH);
 +          strlcat(comment_arg, argv[argn], MAX_COM_LENGTH);
          }
-       } else if (strlen(argv[argn]) >= (size_t) MAX_COM_LENGTH) {
+       } else if (strlen(argv[argn]) >= (size_t)MAX_COM_LENGTH) {
          fprintf(stderr, "Comment text may not exceed %u bytes\n",

graphics/jpeg/pkg/PLIST

@@ -1,4 +1,4 @@
-@comment $OpenBSD: PLIST,v 1.15 2016/07/13 09:43:39 ajacoutot Exp $
+@comment $OpenBSD: PLIST,v 1.16 2018/10/01 07:08:22 ajacoutot Exp $
 @bin bin/cjpeg
 @bin bin/djpeg
 @bin bin/jpegtran
@@ -9,7 +9,6 @@ include/jerror.h
 include/jmorecfg.h
 include/jpeglib.h
 lib/libjpeg.a
-lib/libjpeg.la
 @lib lib/libjpeg.so.${LIBjpeg_VERSION}
 lib/pkgconfig/libjpeg.pc
 @man man/man1/cjpeg.1
@@ -24,10 +23,11 @@ share/doc/libjpeg-turbo/
 share/doc/libjpeg-turbo/LICENSE.md
 share/doc/libjpeg-turbo/README.ijg
 share/doc/libjpeg-turbo/README.md
-share/doc/libjpeg-turbo/example.c
+share/doc/libjpeg-turbo/example.txt
 share/doc/libjpeg-turbo/libjpeg.txt
 share/doc/libjpeg-turbo/structure.txt
+share/doc/libjpeg-turbo/tjexample.c
 share/doc/libjpeg-turbo/usage.txt
 share/doc/libjpeg-turbo/wizard.txt
 share/examples/jpeg/
-share/examples/jpeg/example.c
+share/examples/jpeg/example.txt