From ff7c37e57419aeb2fb63ebc21bad9696aaaba2b4 Mon Sep 17 00:00:00 2001
From: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Date: Sun, 19 Feb 2023 17:48:22 +0100
Subject: [PATCH] package/libjxl: security bump to version 0.8.1

Security: Fix OOB read in exif.h

https://github.com/libjxl/libjxl/releases/tag/v0.8.1
https://github.com/libjxl/libjxl/releases/tag/v0.8.0

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Tested-by: Julien Olivain <ju.o@free.fr>
Reviewed-by: Julien Olivain <ju.o@free.fr>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
---
 ...entation-fault-when-JPEG-is-disabled.patch | 44 +++++++++++++++++++
 package/libjxl/libjxl.hash                    |  2 +-
 package/libjxl/libjxl.mk                      |  2 +-
 3 files changed, 46 insertions(+), 2 deletions(-)
 create mode 100644 package/libjxl/0001-djxl-fix-segmentation-fault-when-JPEG-is-disabled.patch

diff --git a/package/libjxl/0001-djxl-fix-segmentation-fault-when-JPEG-is-disabled.patch b/package/libjxl/0001-djxl-fix-segmentation-fault-when-JPEG-is-disabled.patch
new file mode 100644
index 0000000000..3d709c956b
--- /dev/null
+++ b/package/libjxl/0001-djxl-fix-segmentation-fault-when-JPEG-is-disabled.patch
@@ -0,0 +1,44 @@
+From 504f35c8204248ae6f97278e8b7c6cc5853a1b94 Mon Sep 17 00:00:00 2001
+From: Julien Olivain <ju.o@free.fr>
+Date: Fri, 10 Feb 2023 21:31:30 +0100
+Subject: [PATCH] djxl: fix segmentation fault when JPEG is disabled
+
+When libjxl is compiled without JPEG support, by configuring for example
+with:
+
+    cmake -DCMAKE_DISABLE_FIND_PACKAGE_JPEG=TRUE ...
+
+djxl crashes with a segmentation fault at:
+https://github.com/libjxl/libjxl/blob/v0.8.1/tools/djxl_main.cc#L367
+
+The crash can be reproduced with the sequence:
+
+    gm convert IMAGE:LOGO ref.ppm
+    cjxl ref.ppm enc.jxl
+    djxl enc.jxl dec.ppm
+
+The crash happen because opt_jpeg_quality_id does not get
+initialized at:
+https://github.com/libjxl/libjxl/blob/v0.8.1/tools/djxl_main.cc#L107
+
+This commit fixes the crash by adding a test on opt_jpeg_quality_id.
+
+Signed-off-by: Julien Olivain <ju.o@free.fr>
+[Retrieved from:
+https://github.com/libjxl/libjxl/pull/2178/commits/504f35c8204248ae6f97278e8b7c6cc5853a1b94]
+---
+ tools/djxl_main.cc | 1 +
+ 1 file changed, 1 insertion(+)
+
+diff --git a/tools/djxl_main.cc b/tools/djxl_main.cc
+index b755301fcb..42b889e7ce 100644
+--- a/tools/djxl_main.cc
++++ b/tools/djxl_main.cc
+@@ -370,6 +370,7 @@ int main(int argc, const char* argv[]) {
+     args.color_space = force_colorspace;
+   }
+   if (codec == jxl::extras::Codec::kPNM && extension != ".pfm" &&
++      args.opt_jpeg_quality_id != -1 &&
+       !cmdline.GetOption(args.opt_jpeg_quality_id)->matched()) {
+     args.bits_per_sample = 0;
+   }
diff --git a/package/libjxl/libjxl.hash b/package/libjxl/libjxl.hash
index e71d32e61d..6b4c9d8d0a 100644
--- a/package/libjxl/libjxl.hash
+++ b/package/libjxl/libjxl.hash
@@ -1,4 +1,4 @@
 # Locally computed:
-sha256  3114bba1fabb36f6f4adc2632717209aa6f84077bc4e93b420e0d63fa0455c5e  libjxl-0.7.0.tar.gz
+sha256  60f43921ad3209c9e180563025eda0c0f9b1afac51a2927b9ff59fff3950dc56  libjxl-0.8.1.tar.gz
 sha256  8405932022a556380c2d8c272eff154a923feb197233f348ce5f7334fb0a5ede  LICENSE
 sha256  91915f8ae056a68a3c5bdf05d9f6f78bb6903e27a8ca3a8434c9e4ac87300575  PATENTS
diff --git a/package/libjxl/libjxl.mk b/package/libjxl/libjxl.mk
index b4dfbecf82..f603327bf6 100644
--- a/package/libjxl/libjxl.mk
+++ b/package/libjxl/libjxl.mk
@@ -4,7 +4,7 @@
 #
 ################################################################################
 
-LIBJXL_VERSION = 0.7.0
+LIBJXL_VERSION = 0.8.1
 LIBJXL_SITE = $(call github,libjxl,libjxl,v$(LIBJXL_VERSION))
 LIBJXL_LICENSE = BSD-3-Clause
 LIBJXL_LICENSE_FILES = LICENSE PATENTS