main/libjpeg-turbo: upgrade to 2.0.2

As of v2.0.0 the project transitioned to CMake on all platforms
and removed the autotools-based build system.

3 files changed, 17 insertions, 142 deletions

diff --git a/main/libjpeg-turbo/0001-tjLoadImage-Fix-FPE-triggered-by-malformed-BMP.patch b/main/libjpeg-turbo/0001-tjLoadImage-Fix-FPE-triggered-by-malformed-BMP.patch
deleted file mode 100644
index f700d67cb1..0000000000
--- a/main/libjpeg-turbo/0001-tjLoadImage-Fix-FPE-triggered-by-malformed-BMP.patch
+++ /dev/null
@@ -1,49 +0,0 @@
-From f1322acf6cdc8c25db0075d7d32dc2f25ed9d477 Mon Sep 17 00:00:00 2001
-From: DRC <information@libjpeg-turbo.org>
-Date: Tue, 12 Jun 2018 20:27:00 -0500
-Subject: [PATCH] rdbmp.c: Fix FPE triggered by malformed BMP
-
-In rdbmp.c, it is necessary to guard against 32-bit overflow/wraparound
-when allocating the row buffer, because since BMP files have 32-bit
-width and height fields, the value of biWidth can be up to 4294967295.
-Specifically, high values of biWidth could cause the samplesperrow
-argument in alloc_sarray() to wrap around to 0, triggering a division by
-zero error at line 460 in jmemmgr.c, or to wrap around to a small
-number, likely triggering a buffer overflow.
-
-This fix is not documented in the change log for this branch, because
-the bug was exposed using the tjLoadImage() function in the 2.0.x
-branch.  However, it is posited that the issue could be triggered using
-TJBench in this branch.
----
- rdbmp.c | 7 ++++++-
- 1 file changed, 6 insertions(+), 1 deletion(-)
-
-diff --git a/rdbmp.c b/rdbmp.c
-index eaa7086..6b73f7c 100644
---- a/rdbmp.c
-+++ b/rdbmp.c
-@@ -6,7 +6,7 @@
-  * Modified 2009-2010 by Guido Vollbeding.
-  * libjpeg-turbo Modifications:
-  * Modified 2011 by Siarhei Siamashka.
-- * Copyright (C) 2015, D. R. Commander.
-+ * Copyright (C) 2015, 2018, D. R. Commander.
-  * For conditions of distribution and use, see the accompanying README.ijg
-  * file.
-  *
-@@ -434,6 +434,11 @@ start_input_bmp (j_compress_ptr cinfo, cjpeg_source_ptr sinfo)
-     progress->total_extra_passes++; /* count file input as separate pass */
-   }
- 
-+  /* Ensure that biWidth * 3 doesn't exceed the maximum value of the
-+     JDIMENSION type.  This is only a danger with BMP files, since their width
-+     and height fields are 32-bit integers. */
-+  if ((unsigned long long)biWidth * 3ULL > 0xFFFFFFFFULL)
-+    ERREXIT(cinfo, JERR_WIDTH_OVERFLOW);
-   /* Allocate one-row buffer for returned data */
-   source->pub.buffer = (*cinfo->mem->alloc_sarray)
-     ((j_common_ptr) cinfo, JPOOL_IMAGE,
--- 
-2.17.1
-
diff --git a/main/libjpeg-turbo/APKBUILD b/main/libjpeg-turbo/APKBUILD
index c1436da699..1ec516417b 100644
--- a/main/libjpeg-turbo/APKBUILD
+++ b/main/libjpeg-turbo/APKBUILD
@@ -1,20 +1,17 @@
 # Contributor: Carlo Landmeter <clandmeter@gmail.com>
 # Maintainer: Natanael Copa <ncopa@alpinelinux.org>
 pkgname=libjpeg-turbo
-pkgver=1.5.3
-pkgrel=4
+pkgver=2.0.2
+pkgrel=0
 pkgdesc="accelerated baseline JPEG compression and decompression library"
 url="https://libjpeg-turbo.org/"
 arch="all"
 license="IJG"
 depends=""
-makedepends="nasm"
+makedepends="cmake nasm"
 replaces="libjpeg"
 subpackages="$pkgname-doc $pkgname-dev $pkgname-utils"
-source="https://downloads.sourceforge.net/libjpeg-turbo/libjpeg-turbo-$pkgver.tar.gz
-	0001-tjLoadImage-Fix-FPE-triggered-by-malformed-BMP.patch
-	CVE-2018-11813.patch
-	"
+source="https://downloads.sourceforge.net/libjpeg-turbo/libjpeg-turbo-$pkgver.tar.gz"
 
 # secfixes:
 #   1.5.3-r3:
@@ -26,15 +23,17 @@ builddir="$srcdir"/libjpeg-turbo-$pkgver
 
 build() {
 	cd "$builddir"
-	./configure \
-		--build=$CBUILD \
-		--host=$CHOST \
-		--prefix=/usr \
-		--sysconfdir=/etc \
-		--mandir=/usr/share/man \
-		--infodir=/usr/share/info \
-		--localstatedir=/var \
-		--with-jpeg8
+	if [ "$CBUILD" != "$CHOST" ]; then
+		CMAKE_CROSSOPTS="-DCMAKE_SYSTEM_NAME=Linux -DCMAKE_HOST_SYSTEM_NAME=Linux"
+	fi
+	cmake \
+		-DCMAKE_INSTALL_PREFIX=/usr \
+		-DCMAKE_INSTALL_LIBDIR=/usr/lib \
+		-DBUILD_SHARED_LIBS=True \
+		-DCMAKE_BUILD_TYPE=Release \
+		-DCMAKE_C_FLAGS="$CFLAGS" \
+		-DWITH_JPEG8=1 \
+		${CMAKE_CROSSOPTS}
 	make
 }
 
@@ -45,8 +44,7 @@ check() {
 
 package() {
 	cd "$builddir"
-	make -j1 DESTDIR="$pkgdir" docdir=/usr/share/doc/$pkgname \
-		install
+	make -j1 DESTDIR="$pkgdir" install
 	install -d "$pkgdir"/usr/share/licenses/$pkgname
 	ln -s ../../doc/libjpeg-turbo/LICENSE.md "$pkgdir/usr/share/licenses/$pkgname"
 }
@@ -68,6 +66,4 @@ dev() {
 	replaces="jpeg-dev"
 }
 
-sha512sums="b611b1cc3d1ddedddad871854b42449d053a5f910ed1bdfa45c98e0270f4ecc110fde3a10111d2b876d847a826fa634f09c0bb8c357056c9c3a91c9065eb5202  libjpeg-turbo-1.5.3.tar.gz
-d6465d96427289d90c342e94316018565eb1711ea0028121ea0a962900b7c7599a7457e42201bcfd288da30019ae3b841ce319cfbe02705d49749d660ef04b74  0001-tjLoadImage-Fix-FPE-triggered-by-malformed-BMP.patch
-d32234df784ebe1cad6af114f74d14995637e494a502c171e154e1abc5aa335930d3a256fda234a85842d5c1658d2fac6474e0bc959fdf04413f69a35e3bf39a  CVE-2018-11813.patch"
+sha512sums="204b6d083e99488c975c75efb08699e4dc1c409556e4dee4f21e3ee67e9c6682eb342f2e5712816b0342c00399fbe6e43fbce30c3d22f30f7ef91db006b3be08  libjpeg-turbo-2.0.2.tar.gz"
diff --git a/main/libjpeg-turbo/CVE-2018-11813.patch b/main/libjpeg-turbo/CVE-2018-11813.patch
deleted file mode 100644
index 194a4f8e13..0000000000
--- a/main/libjpeg-turbo/CVE-2018-11813.patch
+++ /dev/null
@@ -1,72 +0,0 @@
-From 19074854d9d8bc32dff3ed252eed17ed6cc2ecfc Mon Sep 17 00:00:00 2001
-From: DRC <information@libjpeg-turbo.org>
-Date: Tue, 12 Jun 2018 16:08:26 -0500
-Subject: [PATCH] Fix CVE-2018-11813
-
-Refer to change log for details.
-
-Fixes #242
----
- ChangeLog.md | 14 ++++++++++++++
- rdtarga.c    |  6 ++----
- 2 files changed, 16 insertions(+), 4 deletions(-)
-
-diff --git a/ChangeLog.md b/ChangeLog.md
-index bf63eb2dc..3aa41d173 100644
---- a/ChangeLog.md
-+++ b/ChangeLog.md
-@@ -24,6 +24,20 @@ an image was passed to `tjDecompressHeader3()`, `tjTransform()`,
- `tjDecompressToYUVPlanes()`, `tjDecompressToYUV2()`, or the equivalent Java
- methods.
- 
-+5. Fixed an issue (CVE-2018-11813) whereby a specially-crafted malformed input
-+file (specifically, a file with a valid Targa header but incomplete pixel data)
-+would cause cjpeg to generate a JPEG file that was potentially thousands of
-+times larger than the input file.  The Targa reader in cjpeg was not properly
-+detecting that the end of the input file had been reached prematurely, so after
-+all valid pixels had been read from the input, the reader injected dummy pixels
-+with values of 255 into the JPEG compressor until the number of pixels
-+specified in the Targa header had been compressed.  The Targa reader in cjpeg
-+now behaves like the PPM reader and aborts compression if the end of the input
-+file is reached prematurely.  Because this issue only affected cjpeg and not
-+the underlying library, and because it did not involve any out-of-bounds reads
-+or other exploitable behaviors, it was not believed to represent a security
-+threat.
-+
- 
- 1.5.3
- =====
-diff --git a/rdtarga.c b/rdtarga.c
-index b9bbd07cb..f874ece67 100644
---- a/rdtarga.c
-+++ b/rdtarga.c
-@@ -125,11 +125,10 @@ METHODDEF(void)
- read_non_rle_pixel (tga_source_ptr sinfo)
- /* Read one Targa pixel from the input file; no RLE expansion */
- {
--  register FILE *infile = sinfo->pub.input_file;
-   register int i;
- 
-   for (i = 0; i < sinfo->pixel_size; i++) {
--    sinfo->tga_pixel[i] = (U_CHAR) getc(infile);
-+    sinfo->tga_pixel[i] = (U_CHAR) read_byte(sinfo);
-   }
- }
- 
-@@ -138,7 +137,6 @@ METHODDEF(void)
- read_rle_pixel (tga_source_ptr sinfo)
- /* Read one Targa pixel from the input file, expanding RLE data as needed */
- {
--  register FILE *infile = sinfo->pub.input_file;
-   register int i;
- 
-   /* Duplicate previously read pixel? */
-@@ -160,7 +158,7 @@ read_rle_pixel (tga_source_ptr sinfo)
- 
-   /* Read next pixel */
-   for (i = 0; i < sinfo->pixel_size; i++) {
--    sinfo->tga_pixel[i] = (U_CHAR) getc(infile);
-+    sinfo->tga_pixel[i] = (U_CHAR) read_byte(sinfo);
-   }
- }
-