CVS commit: pkgsrc/graphics/libjxl

To: pkgsrc-changes%NetBSD.org@localhost
Subject: CVS commit: pkgsrc/graphics/libjxl
From: "Thomas Klausner" <wiz%netbsd.org@localhost>
Date: Mon, 1 Jun 2026 14:14:21 +0000

Module Name:    pkgsrc
Committed By:   wiz
Date:           Mon Jun  1 14:14:21 UTC 2026

Modified Files:
        pkgsrc/graphics/libjxl: Makefile distinfo
Added Files:
        pkgsrc/graphics/libjxl/patches: patch-lib_extras_dec_pnm.cc

Log Message:
libjxl: fix CVE-2025-70103 using upstream patch.

Bump PKGREVISION.


To generate a diff of this commit:
cvs rdiff -u -r1.12 -r1.13 pkgsrc/graphics/libjxl/Makefile
cvs rdiff -u -r1.6 -r1.7 pkgsrc/graphics/libjxl/distinfo
cvs rdiff -u -r0 -r1.1 \
    pkgsrc/graphics/libjxl/patches/patch-lib_extras_dec_pnm.cc

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.

Modified files:

Index: pkgsrc/graphics/libjxl/Makefile
diff -u pkgsrc/graphics/libjxl/Makefile:1.12 pkgsrc/graphics/libjxl/Makefile:1.13
--- pkgsrc/graphics/libjxl/Makefile:1.12        Tue Feb 10 18:54:46 2026
+++ pkgsrc/graphics/libjxl/Makefile     Mon Jun  1 14:14:20 2026
@@ -1,7 +1,9 @@
-# $NetBSD: Makefile,v 1.12 2026/02/10 18:54:46 adam Exp $
+# $NetBSD: Makefile,v 1.13 2026/06/01 14:14:20 wiz Exp $
 
 .include "Makefile.common"
 
+PKGREVISION=   1
+
 COMMENT=       JpegXL reference codec
 
 TOOL_DEPENDS+= asciidoc-[0-9]*:../../textproc/asciidoc

Index: pkgsrc/graphics/libjxl/distinfo
diff -u pkgsrc/graphics/libjxl/distinfo:1.6 pkgsrc/graphics/libjxl/distinfo:1.7
--- pkgsrc/graphics/libjxl/distinfo:1.6 Tue Feb 10 18:53:11 2026
+++ pkgsrc/graphics/libjxl/distinfo     Mon Jun  1 14:14:20 2026
@@ -1,9 +1,10 @@
-$NetBSD: distinfo,v 1.6 2026/02/10 18:53:11 adam Exp $
+$NetBSD: distinfo,v 1.7 2026/06/01 14:14:20 wiz Exp $
 
 BLAKE2s (libjxl-0.11.2.tar.gz) = 8ff719e98e85811e64a66f12755180436baeaab1bc99d2cc9acfd8e49d5dda55
 SHA512 (libjxl-0.11.2.tar.gz) = a7e1f7d060b358f4382e84367d66aa2850aef3b4524a0fdfe3f22dd258fb9e35dda7540f859d8bf4c32f31c61a7a03db677f4490a9f472cd25869a9d00797336
 Size (libjxl-0.11.2.tar.gz) = 1882762 bytes
 SHA1 (patch-CMakeLists.txt) = 9c23c2d137fe4f554abe8dc11ef50b6526444bcb
+SHA1 (patch-lib_extras_dec_pnm.cc) = f1d95b16477702942968bf18c318cf6f2423cc82
 SHA1 (patch-lib_jxl.cmake) = 80edf776f9abc31f972daf081bddd313643ddf19
 SHA1 (patch-lib_jxl__cms.cmake) = 071732162728c9a426dcfd207dc088b42463455b
 SHA1 (patch-lib_jxl__threads.cmake) = a18c85c6ab0111bad03eaa52b005d8f3204fcf58

Added files:

Index: pkgsrc/graphics/libjxl/patches/patch-lib_extras_dec_pnm.cc
diff -u /dev/null pkgsrc/graphics/libjxl/patches/patch-lib_extras_dec_pnm.cc:1.1
--- /dev/null   Mon Jun  1 14:14:21 2026
+++ pkgsrc/graphics/libjxl/patches/patch-lib_extras_dec_pnm.cc  Mon Jun  1 14:14:20 2026
@@ -0,0 +1,106 @@
+$NetBSD: patch-lib_extras_dec_pnm.cc,v 1.1 2026/06/01 14:14:20 wiz Exp $
+
+Fix CVE-2025-70103
+https://github.com/libjxl/libjxl/commit/49fb89f23473e57fa1dac416adce7c7679e5d051
+
+--- lib/extras/dec/pnm.cc.orig 2026-02-10 13:53:22.000000000 +0000
++++ lib/extras/dec/pnm.cc
+@@ -497,13 +497,26 @@ Status DecodeImagePNM(const Span<const uint8_t> bytes,
+     }
+   }
+ 
++  // No align - pixels are tightly packed.
++  constexpr size_t kAlign = 0;
++  size_t twidth = PackedImage::BitsPerChannel(data_type) / 8;
+   const JxlPixelFormat format{
+       /*num_channels=*/num_interleaved_channels,
+       /*data_type=*/data_type,
+       /*endianness=*/header.big_endian ? JXL_BIG_ENDIAN : JXL_LITTLE_ENDIAN,
+-      /*align=*/0,
++      kAlign,
+   };
+-  const JxlPixelFormat ec_format{1, format.data_type, format.endianness, 0};
++  // EC format is same as color, but 1-channel.
++  JxlPixelFormat ec_format = format;
++  ec_format.num_channels = 1;
++  size_t required_pnm_size =
++      header.ysize * header.xsize *
++      (num_interleaved_channels + header.ec_types.size()) * twidth;
++  size_t pnm_remaining_size = bytes.data() + bytes.size() - pos;
++  if (pnm_remaining_size < required_pnm_size) {
++    return JXL_FAILURE("PNM file too small");
++  }
++
+   ppf->frames.clear();
+   {
+     JXL_ASSIGN_OR_RETURN(
+@@ -512,42 +525,47 @@ Status DecodeImagePNM(const Span<const uint8_t> bytes,
+     ppf->frames.emplace_back(std::move(frame));
+   }
+   auto* frame = &ppf->frames.back();
++  uint8_t* out = reinterpret_cast<uint8_t*>(frame->color.pixels());
++  std::vector<uint8_t*> ec_out;
+   for (size_t i = 0; i < header.ec_types.size(); ++i) {
+     JXL_ASSIGN_OR_RETURN(
+         PackedImage ec,
+         PackedImage::Create(header.xsize, header.ysize, ec_format));
+     frame->extra_channels.emplace_back(std::move(ec));
++    ec_out.emplace_back(
++        reinterpret_cast<uint8_t*>(frame->extra_channels.back().pixels()));
++    JXL_DASSERT(frame->extra_channels.back().stride == header.xsize * twidth);
+   }
+-  size_t pnm_remaining_size = bytes.data() + bytes.size() - pos;
+-  if (pnm_remaining_size < frame->color.pixels_size) {
+-    return JXL_FAILURE("PNM file too small");
+-  }
+-
+-  uint8_t* out = reinterpret_cast<uint8_t*>(frame->color.pixels());
+-  std::vector<uint8_t*> ec_out(header.ec_types.size());
+-  for (size_t i = 0; i < ec_out.size(); ++i) {
+-    ec_out[i] = reinterpret_cast<uint8_t*>(frame->extra_channels[i].pixels());
+-  }
++  JXL_DASSERT(frame->color.stride ==
++              header.xsize * num_interleaved_channels * twidth);
+   if (ec_out.empty()) {
+-    const bool flipped_y = header.bits_per_sample == 32;  // PFMs are flipped
+-    for (size_t y = 0; y < header.ysize; ++y) {
+-      size_t y_in = flipped_y ? header.ysize - 1 - y : y;
+-      const uint8_t* row_in = &pos[y_in * frame->color.stride];
+-      uint8_t* row_out = &out[y * frame->color.stride];
+-      memcpy(row_out, row_in, frame->color.stride);
++    const bool flipped_y = (header.bits_per_sample == 32);  // PFMs are flipped
++    if (!flipped_y) {
++    // When there are no EC and input is not flipped we can copy the whole
++    // image at once.
++      memcpy(out, pos, header.ysize * frame->color.stride);
++    } else {
++      // Otherwise copy row-by-row.
++      for (size_t y = 0; y < header.ysize; ++y) {
++        size_t y_out = header.ysize - 1 - y;
++        const uint8_t* row_in = pos + y * frame->color.stride;
++        uint8_t* row_out = out + y_out * frame->color.stride;
++        memcpy(row_out, row_in, frame->color.stride);
++      }
+     }
+   } else {
++    // In case there are EC, we have to deinterleave data pixel-wise.
+     JXL_RETURN_IF_ERROR(PackedImage::ValidateDataType(data_type));
+-    size_t pwidth = PackedImage::BitsPerChannel(data_type) / 8;
++    size_t color_stride = twidth * num_interleaved_channels;
+     for (size_t y = 0; y < header.ysize; ++y) {
+       for (size_t x = 0; x < header.xsize; ++x) {
+         memcpy(out, pos, frame->color.pixel_stride());
+-        out += frame->color.pixel_stride();
+-        pos += frame->color.pixel_stride();
++        out += color_stride;
++        pos += color_stride;
+         for (auto& p : ec_out) {
+-          memcpy(p, pos, pwidth);
+-          pos += pwidth;
+-          p += pwidth;
++          memcpy(p, pos, twidth);
++          pos += twidth;
++          p += twidth;
+         }
+       }
+     }

Prev by Date: CVS commit: pkgsrc/doc
Next by Date: CVS commit: pkgsrc/doc
Previous by Thread: CVS commit: pkgsrc/doc
Next by Thread: CVS commit: pkgsrc/doc
Indexes:

Home | Main Index | Thread Index | Old Index