diff -Nru freeimage-3.18.0+ds2/debian/changelog freeimage-3.18.0+ds2/debian/changelog --- freeimage-3.18.0+ds2/debian/changelog 2022-06-19 20:38:49.000000000 +0000 +++ freeimage-3.18.0+ds2/debian/changelog 2023-11-07 15:56:08.000000000 +0000 @@ -1,10 +1,46 @@ -freeimage (3.18.0+ds2-7~22.04.sav0) jammy; urgency=medium +freeimage (3.18.0+ds2-10~22.04.sav0) jammy; urgency=medium * Backport to Jammy - * d/patches/: Update Disable-vendored-dependencies.patch for Imath/OpenEXR - * debian/control: Set debhelper-compat (= 12) BD + * d/libfreeimage{,plus}-dev: Move libfreeimageplus.a to libfreeimageplus-dev + (for consistency with package description stating static libs included) + * d/control: Add Breaks/Replaces libfreeimage-dev to libfreeimageplus-dev - -- Rob Savoury Sun, 19 Jun 2022 13:38:49 -0700 + -- Rob Savoury Tue, 07 Nov 2023 07:56:08 -0800 + +freeimage (3.18.0+ds2-10) unstable; urgency=medium + + * Team upload + * Fix CVE-2020-21427 with upstream patches + * Fix CVE-2020-21428 with upstream patch + * Fix CVE-2020-22524 with upstream patch + + -- Bastian Germann Tue, 19 Sep 2023 14:50:01 +0000 + +freeimage (3.18.0+ds2-9.1) unstable; urgency=medium + + * Non-maintainer upload. + * Add upstream fix for FTBFS with LibRaw 0.21. (Closes: #1040259) + * Add upstream fix for compilation on big endian. (Closes: #1002610) + + -- Adrian Bunk Mon, 10 Jul 2023 00:29:00 +0300 + +freeimage (3.18.0+ds2-9) unstable; urgency=medium + + * Team upload. + * The -dev packages are Multi-Arch:same (Closes: #1023696) + + -- Dima Kogan Mon, 13 Feb 2023 23:56:16 -0800 + +freeimage (3.18.0+ds2-8) unstable; urgency=medium + + [ Anton Gladky ] + * [1216cab] Set Standards-Version: 4.6.1 + + [ Mathieu Malaterre ] + * [e6f1f63] d/patches: Refresh patch to handle openexr 3.x split. + (Closes: #1017512) + + -- Anton Gladky Sat, 20 Aug 2022 23:39:55 +0200 freeimage (3.18.0+ds2-7) unstable; urgency=medium diff -Nru freeimage-3.18.0+ds2/debian/control freeimage-3.18.0+ds2/debian/control --- freeimage-3.18.0+ds2/debian/control 2022-05-26 11:23:04.000000000 +0000 +++ freeimage-3.18.0+ds2/debian/control 2023-11-07 15:56:08.000000000 +0000 @@ -17,16 +17,17 @@ pkg-config, zlib1g-dev Build-Depends-Indep: doxygen -Standards-Version: 4.6.0 +Standards-Version: 4.6.1 Vcs-Browser: https://salsa.debian.org/science-team/freeimage Vcs-Git: https://salsa.debian.org/science-team/freeimage.git -Homepage: http://freeimage.sourceforge.net/ +Homepage: https://freeimage.sourceforge.net/ Package: libfreeimage-dev Architecture: any Section: libdevel Depends: libfreeimage3 (= ${binary:Version}), ${misc:Depends} +Multi-Arch: same Description: Support library for graphics image formats (development files) FreeImage is an Open Source C/C++ library project for developers who would like to support popular graphics image formats like PNG, BMP, JPEG, TIFF @@ -59,6 +60,9 @@ libfreeimageplus3 (= ${binary:Version}), ${misc:Depends} Suggests: libfreeimageplus-doc +Breaks: libfreeimage-dev (<< 3.18.0+ds2-10~) +Replaces: libfreeimage-dev (<< 3.18.0+ds2-10~) +Multi-Arch: same Description: C++ wrappers for FreeImage (development files) FreeImage is an Open Source C/C++ library project for developers who would like to support popular graphics image formats like PNG, BMP, JPEG, TIFF @@ -74,6 +78,7 @@ Section: doc Depends: ${misc:Depends}, libjs-jquery +Multi-Arch: foreign Description: C++ wrappers for FreeImage (documentation) FreeImage is an Open Source C/C++ library project for developers who would like to support popular graphics image formats like PNG, BMP, JPEG, TIFF diff -Nru freeimage-3.18.0+ds2/debian/gbp.conf freeimage-3.18.0+ds2/debian/gbp.conf --- freeimage-3.18.0+ds2/debian/gbp.conf 2022-05-26 11:11:52.000000000 +0000 +++ freeimage-3.18.0+ds2/debian/gbp.conf 2023-09-19 14:50:01.000000000 +0000 @@ -1,6 +1,6 @@ [DEFAULT] upstream-branch = upstream -debian-branch = master +debian-branch = debian/sid upstream-tag = upstream/%(version)s debian-tag = debian/%(version)s pristine-tar = True diff -Nru freeimage-3.18.0+ds2/debian/libfreeimage-dev.install freeimage-3.18.0+ds2/debian/libfreeimage-dev.install --- freeimage-3.18.0+ds2/debian/libfreeimage-dev.install 2022-05-26 11:11:52.000000000 +0000 +++ freeimage-3.18.0+ds2/debian/libfreeimage-dev.install 2023-11-07 15:51:08.000000000 +0000 @@ -1,3 +1,3 @@ usr/include/FreeImage.h usr/lib/*/libfreeimage.so -usr/lib/*/*.a +usr/lib/*/libfreeimage.a diff -Nru freeimage-3.18.0+ds2/debian/libfreeimageplus-dev.install freeimage-3.18.0+ds2/debian/libfreeimageplus-dev.install --- freeimage-3.18.0+ds2/debian/libfreeimageplus-dev.install 2022-05-26 09:25:39.000000000 +0000 +++ freeimage-3.18.0+ds2/debian/libfreeimageplus-dev.install 2023-11-07 15:51:13.000000000 +0000 @@ -1,2 +1,3 @@ usr/include/FreeImagePlus.h +usr/lib/*/libfreeimageplus.a usr/lib/*/libfreeimageplus.so diff -Nru freeimage-3.18.0+ds2/debian/patches/Disable-vendored-dependencies.patch freeimage-3.18.0+ds2/debian/patches/Disable-vendored-dependencies.patch --- freeimage-3.18.0+ds2/debian/patches/Disable-vendored-dependencies.patch 2022-06-19 20:35:41.000000000 +0000 +++ freeimage-3.18.0+ds2/debian/patches/Disable-vendored-dependencies.patch 2023-09-19 12:59:49.000000000 +0000 @@ -7,12 +7,10 @@ packaged dependencies are delibarately disabled for security reasons. This patch is based on Fedora's FreeImage-3.17.0_unbundle patch. - -Last-Update: 2022-06-19 --- Source/FreeImage.h | 9 ++++- Source/FreeImage/J2KHelper.cpp | 2 +- - Source/FreeImage/PluginEXR.cpp | 21 +++++----- + Source/FreeImage/PluginEXR.cpp | 20 +++++----- Source/FreeImage/PluginG3.cpp | 9 +++-- Source/FreeImage/PluginJ2K.cpp | 2 +- Source/FreeImage/PluginJP2.cpp | 2 +- @@ -26,7 +24,7 @@ Source/Metadata/XTIFF.cpp | 80 +++++++++++++++++++------------------- genfipsrclist.sh | 9 +---- gensrclist.sh | 11 ++---- - 16 files changed, 86 insertions(+), 90 deletions(-) + 16 files changed, 85 insertions(+), 90 deletions(-) Index: freeimage-3.18.0+ds2/Source/FreeImage.h =================================================================== @@ -110,7 +108,7 @@ +#include +#include +#include -+#include ++#include // ========================================================== diff -Nru freeimage-3.18.0+ds2/debian/patches/Fix-big-endian.patch freeimage-3.18.0+ds2/debian/patches/Fix-big-endian.patch --- freeimage-3.18.0+ds2/debian/patches/Fix-big-endian.patch 1970-01-01 00:00:00.000000000 +0000 +++ freeimage-3.18.0+ds2/debian/patches/Fix-big-endian.patch 2023-09-19 13:04:57.000000000 +0000 @@ -0,0 +1,63 @@ +Description: Fix FTBFS on some big-endian targets +Bug-Debian: https://bugs.debian.org/1002610 +Origin: backport, https://sourceforge.net/p/freeimage/svn/1809/ + +Index: freeimage-3.18.0+ds2/Source/FreeImage/PluginBMP.cpp +=================================================================== +--- freeimage-3.18.0+ds2.orig/Source/FreeImage/PluginBMP.cpp ++++ freeimage-3.18.0+ds2/Source/FreeImage/PluginBMP.cpp +@@ -518,7 +518,7 @@ LoadWindowsBMP(FreeImageIO *io, fi_handl + io->read_proc(FreeImage_GetPalette(dib), used_colors * sizeof(RGBQUAD), 1, handle); + #if FREEIMAGE_COLORORDER == FREEIMAGE_COLORORDER_RGB + RGBQUAD *pal = FreeImage_GetPalette(dib); +- for(int i = 0; i < used_colors; i++) { ++ for(unsigned i = 0; i < used_colors; i++) { + INPLACESWAP(pal[i].rgbRed, pal[i].rgbBlue); + } + #endif +@@ -1419,7 +1419,7 @@ Save(FreeImageIO *io, FIBITMAP *dib, fi_ + + free(buffer); + #ifdef FREEIMAGE_BIGENDIAN +- } else if (bpp == 16) { ++ } else if (dst_bpp == 16) { + int padding = dst_pitch - dst_width * sizeof(WORD); + WORD pad = 0; + WORD pixel; +@@ -1440,7 +1440,7 @@ Save(FreeImageIO *io, FIBITMAP *dib, fi_ + } + #endif + #if FREEIMAGE_COLORORDER == FREEIMAGE_COLORORDER_RGB +- } else if (bpp == 24) { ++ } else if (dst_bpp == 24) { + int padding = dst_pitch - dst_width * sizeof(FILE_BGR); + DWORD pad = 0; + FILE_BGR bgr; +@@ -1461,7 +1461,7 @@ Save(FreeImageIO *io, FIBITMAP *dib, fi_ + } + } + } +- } else if (bpp == 32) { ++ } else if (dst_bpp == 32) { + FILE_BGRA bgra; + for(unsigned y = 0; y < dst_height; y++) { + BYTE *line = FreeImage_GetScanLine(dib, y); +Index: freeimage-3.18.0+ds2/Source/FreeImage/PluginDDS.cpp +=================================================================== +--- freeimage-3.18.0+ds2.orig/Source/FreeImage/PluginDDS.cpp ++++ freeimage-3.18.0+ds2/Source/FreeImage/PluginDDS.cpp +@@ -356,14 +356,6 @@ SwapHeader(DDSHEADER *header) { + for(int i=0; i<11; i++) { + SwapLong(&header->surfaceDesc.dwReserved1[i]); + } +- SwapLong(&header->surfaceDesc.ddpfPixelFormat.dwSize); +- SwapLong(&header->surfaceDesc.ddpfPixelFormat.dwFlags); +- SwapLong(&header->surfaceDesc.ddpfPixelFormat.dwFourCC); +- SwapLong(&header->surfaceDesc.ddpfPixelFormat.dwRGBBitCount); +- SwapLong(&header->surfaceDesc.ddpfPixelFormat.dwRBitMask); +- SwapLong(&header->surfaceDesc.ddpfPixelFormat.dwGBitMask); +- SwapLong(&header->surfaceDesc.ddpfPixelFormat.dwBBitMask); +- SwapLong(&header->surfaceDesc.ddpfPixelFormat.dwRGBAlphaBitMask); + SwapLong(&header->surfaceDesc.ddsCaps.dwCaps1); + SwapLong(&header->surfaceDesc.ddsCaps.dwCaps2); + SwapLong(&header->surfaceDesc.ddsCaps.dwReserved[0]); diff -Nru freeimage-3.18.0+ds2/debian/patches/Fix-libraw-compilation-2.patch freeimage-3.18.0+ds2/debian/patches/Fix-libraw-compilation-2.patch --- freeimage-3.18.0+ds2/debian/patches/Fix-libraw-compilation-2.patch 1970-01-01 00:00:00.000000000 +0000 +++ freeimage-3.18.0+ds2/debian/patches/Fix-libraw-compilation-2.patch 2023-09-19 13:04:57.000000000 +0000 @@ -0,0 +1,13 @@ +Index: Source/FreeImage/PluginRAW.cpp +=================================================================== +--- a/Source/FreeImage/PluginRAW.cpp (revision 1894) ++++ b/Source/FreeImage/PluginRAW.cpp (revision 1895) +@@ -701,7 +701,7 @@ + // -------------------------------------------- + + // (-s [0..N-1]) Select one raw image from input file +- RawProcessor->imgdata.params.shot_select = 0; ++ RawProcessor->imgdata.rawparams.shot_select = 0; + // (-w) Use camera white balance, if possible (otherwise, fallback to auto_wb) + RawProcessor->imgdata.params.use_camera_wb = 1; + // (-M) Use any color matrix from the camera metadata. This option only affects Olympus, Leaf, and Phase One cameras. diff -Nru freeimage-3.18.0+ds2/debian/patches/r1830-minor-refactoring.patch freeimage-3.18.0+ds2/debian/patches/r1830-minor-refactoring.patch --- freeimage-3.18.0+ds2/debian/patches/r1830-minor-refactoring.patch 1970-01-01 00:00:00.000000000 +0000 +++ freeimage-3.18.0+ds2/debian/patches/r1830-minor-refactoring.patch 2023-09-19 14:50:01.000000000 +0000 @@ -0,0 +1,15 @@ +Index: Source/Utilities.h +=================================================================== +diff --git a/Source/Utilities.h b/Source/Utilities.h +--- a/Source/Utilities.h (revision 1829) ++++ b/Source/Utilities.h (revision 1830) +@@ -529,7 +529,8 @@ + static const char *FI_MSG_ERROR_DIB_MEMORY = "DIB allocation failed, maybe caused by an invalid image size or by a lack of memory"; + static const char *FI_MSG_ERROR_PARSING = "Parsing error"; + static const char *FI_MSG_ERROR_MAGIC_NUMBER = "Invalid magic number"; +-static const char *FI_MSG_ERROR_UNSUPPORTED_FORMAT = "Unsupported format"; ++static const char *FI_MSG_ERROR_UNSUPPORTED_FORMAT = "Unsupported image format"; ++static const char *FI_MSG_ERROR_INVALID_FORMAT = "Invalid file format"; + static const char *FI_MSG_ERROR_UNSUPPORTED_COMPRESSION = "Unsupported compression type"; + static const char *FI_MSG_WARNING_INVALID_THUMBNAIL = "Warning: attached thumbnail cannot be written to output file (invalid format) - Thumbnail saving aborted"; + diff -Nru freeimage-3.18.0+ds2/debian/patches/r1832-improved-BMP-plugin-when-working-with-malicious-images.patch freeimage-3.18.0+ds2/debian/patches/r1832-improved-BMP-plugin-when-working-with-malicious-images.patch --- freeimage-3.18.0+ds2/debian/patches/r1832-improved-BMP-plugin-when-working-with-malicious-images.patch 1970-01-01 00:00:00.000000000 +0000 +++ freeimage-3.18.0+ds2/debian/patches/r1832-improved-BMP-plugin-when-working-with-malicious-images.patch 2023-09-19 14:50:01.000000000 +0000 @@ -0,0 +1,455 @@ +Origin: upstream, r1832 +Index: Source/FreeImage/PluginBMP.cpp +--- +diff --git a/Source/FreeImage/PluginBMP.cpp b/Source/FreeImage/PluginBMP.cpp +--- a/Source/FreeImage/PluginBMP.cpp (revision 1831) ++++ b/Source/FreeImage/PluginBMP.cpp (revision 1832) +@@ -181,6 +181,7 @@ + } + } + #endif ++ + #if FREEIMAGE_COLORORDER == FREEIMAGE_COLORORDER_RGB + if (bit_count == 24 || bit_count == 32) { + for(unsigned y = 0; y < FreeImage_GetHeight(dib); y++) { +@@ -202,7 +203,7 @@ + @param handle FreeImage IO handle + @param width Image width + @param height Image height +-@param dib Image to be loaded ++@param dib 4-bit image to be loaded + @return Returns TRUE if successful, returns FALSE otherwise + */ + static BOOL +@@ -217,7 +218,9 @@ + height = abs(height); + + pixels = (BYTE*)malloc(width * height * sizeof(BYTE)); +- if(!pixels) throw(1); ++ if (!pixels) { ++ throw(1); ++ } + memset(pixels, 0, width * height * sizeof(BYTE)); + + BYTE *q = pixels; +@@ -237,7 +240,7 @@ + throw(1); + } + for (int i = 0; i < status_byte; i++) { +- *q++=(BYTE)((i & 0x01) ? (second_byte & 0x0f) : ((second_byte >> 4) & 0x0f)); ++ *q++ = (BYTE)((i & 0x01) ? (second_byte & 0x0f) : ((second_byte >> 4) & 0x0f)); + } + bits += status_byte; + } +@@ -252,7 +255,7 @@ + // End of line + bits = 0; + scanline++; +- q = pixels + scanline*width; ++ q = pixels + scanline * width; + } + break; + +@@ -264,7 +267,6 @@ + case RLE_DELTA: + { + // read the delta values +- + BYTE delta_x = 0; + BYTE delta_y = 0; + +@@ -276,7 +278,6 @@ + } + + // apply them +- + bits += delta_x; + scanline += delta_y; + q = pixels + scanline*width+bits; +@@ -293,7 +294,7 @@ + throw(1); + } + } +- *q++=(BYTE)((i & 0x01) ? (second_byte & 0x0f) : ((second_byte >> 4) & 0x0f)); ++ *q++ = (BYTE)((i & 0x01) ? (second_byte & 0x0f) : ((second_byte >> 4) & 0x0f)); + } + bits += status_byte; + // Read pad byte +@@ -334,7 +335,9 @@ + return TRUE; + + } catch(int) { +- if(pixels) free(pixels); ++ if (pixels) { ++ free(pixels); ++ } + return FALSE; + } + } +@@ -345,7 +348,7 @@ + @param handle FreeImage IO handle + @param width Image width + @param height Image height +-@param dib Image to be loaded ++@param dib 8-bit image to be loaded + @return Returns TRUE if successful, returns FALSE otherwise + */ + static BOOL +@@ -354,103 +357,85 @@ + BYTE second_byte = 0; + int scanline = 0; + int bits = 0; ++ int count = 0; ++ BYTE delta_x = 0; ++ BYTE delta_y = 0; + +- for (;;) { +- if( io->read_proc(&status_byte, sizeof(BYTE), 1, handle) != 1) { ++ height = abs(height); ++ ++ while(scanline < height) { ++ ++ if (io->read_proc(&status_byte, sizeof(BYTE), 1, handle) != 1) { + return FALSE; + } + +- switch (status_byte) { +- case RLE_COMMAND : +- if(io->read_proc(&status_byte, sizeof(BYTE), 1, handle) != 1) { +- return FALSE; +- } ++ if (status_byte == RLE_COMMAND) { ++ if (io->read_proc(&status_byte, sizeof(BYTE), 1, handle) != 1) { ++ return FALSE; ++ } + +- switch (status_byte) { +- case RLE_ENDOFLINE : +- bits = 0; +- scanline++; +- break; ++ switch (status_byte) { ++ case RLE_ENDOFLINE: ++ bits = 0; ++ scanline++; ++ break; + +- case RLE_ENDOFBITMAP : +- return TRUE; ++ case RLE_ENDOFBITMAP: ++ return TRUE; + +- case RLE_DELTA : +- { +- // read the delta values ++ case RLE_DELTA: ++ // read the delta values ++ delta_x = 0; ++ delta_y = 0; ++ if (io->read_proc(&delta_x, sizeof(BYTE), 1, handle) != 1) { ++ return FALSE; ++ } ++ if (io->read_proc(&delta_y, sizeof(BYTE), 1, handle) != 1) { ++ return FALSE; ++ } ++ // apply them ++ bits += delta_x; ++ scanline += delta_y; ++ break; + +- BYTE delta_x = 0; +- BYTE delta_y = 0; +- +- if(io->read_proc(&delta_x, sizeof(BYTE), 1, handle) != 1) { +- return FALSE; +- } +- if(io->read_proc(&delta_y, sizeof(BYTE), 1, handle) != 1) { +- return FALSE; +- } +- +- // apply them +- +- bits += delta_x; +- scanline += delta_y; +- +- break; ++ default: ++ // absolute mode ++ count = MIN((int)status_byte, width - bits); ++ if (count < 0) { ++ return FALSE; + } +- +- default : +- { +- if(scanline >= abs(height)) { +- return TRUE; +- } +- +- int count = MIN((int)status_byte, width - bits); +- +- BYTE *sline = FreeImage_GetScanLine(dib, scanline); +- +- if(io->read_proc((void *)(sline + bits), sizeof(BYTE) * count, 1, handle) != 1) { ++ BYTE *sline = FreeImage_GetScanLine(dib, scanline); ++ if (io->read_proc((void *)(sline + bits), sizeof(BYTE) * count, 1, handle) != 1) { ++ return FALSE; ++ } ++ // align run length to even number of bytes ++ if ((status_byte & 1) == 1) { ++ if (io->read_proc(&second_byte, sizeof(BYTE), 1, handle) != 1) { + return FALSE; + } +- +- // align run length to even number of bytes +- +- if ((status_byte & 1) == 1) { +- if(io->read_proc(&second_byte, sizeof(BYTE), 1, handle) != 1) { +- return FALSE; +- } +- } +- +- bits += status_byte; +- +- break; + } +- } ++ bits += status_byte; ++ break; + +- break; +- +- default : +- { +- if(scanline >= abs(height)) { +- return TRUE; +- } +- +- int count = MIN((int)status_byte, width - bits); +- +- BYTE *sline = FreeImage_GetScanLine(dib, scanline); +- +- if(io->read_proc(&second_byte, sizeof(BYTE), 1, handle) != 1) { +- return FALSE; +- } +- +- for (int i = 0; i < count; i++) { +- *(sline + bits) = second_byte; +- +- bits++; +- } +- +- break; ++ } // switch (status_byte) ++ } ++ else { ++ count = MIN((int)status_byte, width - bits); ++ if (count < 0) { ++ return FALSE; + } ++ BYTE *sline = FreeImage_GetScanLine(dib, scanline); ++ if (io->read_proc(&second_byte, sizeof(BYTE), 1, handle) != 1) { ++ return FALSE; ++ } ++ for (int i = 0; i < count; i++) { ++ *(sline + bits) = second_byte; ++ bits++; ++ } + } + } ++ ++ return FALSE; + } + + // -------------------------------------------------------------------------- +@@ -463,10 +448,12 @@ + BOOL header_only = (flags & FIF_LOAD_NOPIXELS) == FIF_LOAD_NOPIXELS; + + // load the info header +- + BITMAPINFOHEADER bih; ++ memset(&bih, 0, sizeof(BITMAPINFOHEADER)); ++ if (io->read_proc(&bih, sizeof(BITMAPINFOHEADER), 1, handle) != 1) { ++ throw FI_MSG_ERROR_INVALID_FORMAT; ++ } + +- io->read_proc(&bih, sizeof(BITMAPINFOHEADER), 1, handle); + #ifdef FREEIMAGE_BIGENDIAN + SwapInfoHeader(&bih); + #endif +@@ -514,8 +501,8 @@ + } + + // load the palette ++ io->read_proc(FreeImage_GetPalette(dib), used_colors * sizeof(RGBQUAD), 1, handle); + +- io->read_proc(FreeImage_GetPalette(dib), used_colors * sizeof(RGBQUAD), 1, handle); + #if FREEIMAGE_COLORORDER == FREEIMAGE_COLORORDER_RGB + RGBQUAD *pal = FreeImage_GetPalette(dib); + for(unsigned i = 0; i < used_colors; i++) { +@@ -544,7 +531,7 @@ + break; + + case BI_RLE4 : +- if( LoadPixelDataRLE4(io, handle, width, height, dib) ) { ++ if( (bit_count == 4) && LoadPixelDataRLE4(io, handle, width, height, dib) ) { + return dib; + } else { + throw "Error encountered while decoding RLE4 BMP data"; +@@ -552,7 +539,7 @@ + break; + + case BI_RLE8 : +- if( LoadPixelDataRLE8(io, handle, width, height, dib) ) { ++ if( (bit_count == 8) && LoadPixelDataRLE8(io, handle, width, height, dib) ) { + return dib; + } else { + throw "Error encountered while decoding RLE8 BMP data"; +@@ -602,7 +589,7 @@ + + return dib; + } +- break; // 16-bit ++ break; // 16-bit RGB + + case 24 : + case 32 : +@@ -679,10 +666,12 @@ + BOOL header_only = (flags & FIF_LOAD_NOPIXELS) == FIF_LOAD_NOPIXELS; + + // load the info header +- + BITMAPINFOHEADER bih; ++ memset(&bih, 0, sizeof(BITMAPINFOHEADER)); ++ if (io->read_proc(&bih, sizeof(BITMAPINFOHEADER), 1, handle) != 1) { ++ throw FI_MSG_ERROR_INVALID_FORMAT; ++ } + +- io->read_proc(&bih, sizeof(BITMAPINFOHEADER), 1, handle); + #ifdef FREEIMAGE_BIGENDIAN + SwapInfoHeader(&bih); + #endif +@@ -767,17 +756,19 @@ + return dib; + + case BI_RLE4 : +- if( LoadPixelDataRLE4(io, handle, width, height, dib) ) { ++ if ((bit_count == 4) && LoadPixelDataRLE4(io, handle, width, height, dib)) { + return dib; +- } else { ++ } ++ else { + throw "Error encountered while decoding RLE4 BMP data"; + } + break; + + case BI_RLE8 : +- if( LoadPixelDataRLE8(io, handle, width, height, dib) ) { ++ if ((bit_count == 8) && LoadPixelDataRLE8(io, handle, width, height, dib)) { + return dib; +- } else { ++ } ++ else { + throw "Error encountered while decoding RLE8 BMP data"; + } + break; +@@ -863,9 +854,9 @@ + } + } + } catch(const char *message) { +- if(dib) ++ if (dib) { + FreeImage_Unload(dib); +- ++ } + FreeImage_OutputMessageProc(s_format_id, message); + } + +@@ -881,9 +872,13 @@ + try { + BOOL header_only = (flags & FIF_LOAD_NOPIXELS) == FIF_LOAD_NOPIXELS; + ++ // load the info header + BITMAPINFOOS2_1X_HEADER bios2_1x; ++ memset(&bios2_1x, 0, sizeof(BITMAPINFOOS2_1X_HEADER)); ++ if (io->read_proc(&bios2_1x, sizeof(BITMAPINFOOS2_1X_HEADER), 1, handle) != 1) { ++ throw FI_MSG_ERROR_INVALID_FORMAT; ++ } + +- io->read_proc(&bios2_1x, sizeof(BITMAPINFOOS2_1X_HEADER), 1, handle); + #ifdef FREEIMAGE_BIGENDIAN + SwapOS21XHeader(&bios2_1x); + #endif +@@ -1005,9 +1000,9 @@ + } + } + } catch(const char *message) { +- if(dib) ++ if (dib) { + FreeImage_Unload(dib); +- ++ } + FreeImage_OutputMessageProc(s_format_id, message); + } + +@@ -1090,19 +1085,20 @@ + BITMAPFILEHEADER bitmapfileheader; + DWORD type = 0; + +- // we use this offset value to make seemingly absolute seeks relative in the file +- ++ // we use this offset value to make seemingly absolute seeks relative in the file + long offset_in_file = io->tell_proc(handle); + + // read the fileheader ++ memset(&bitmapfileheader, 0, sizeof(BITMAPFILEHEADER)); ++ if (io->read_proc(&bitmapfileheader, sizeof(BITMAPFILEHEADER), 1, handle) != 1) { ++ return NULL; ++ } + +- io->read_proc(&bitmapfileheader, sizeof(BITMAPFILEHEADER), 1, handle); + #ifdef FREEIMAGE_BIGENDIAN + SwapFileHeader(&bitmapfileheader); + #endif + + // check the signature +- + if((bitmapfileheader.bfType != 0x4D42) && (bitmapfileheader.bfType != 0x4142)) { + FreeImage_OutputMessageProc(s_format_id, FI_MSG_ERROR_MAGIC_NUMBER); + return NULL; +@@ -1109,9 +1105,9 @@ + } + + // read the first byte of the infoheader +- + io->read_proc(&type, sizeof(DWORD), 1, handle); + io->seek_proc(handle, 0 - (long)sizeof(DWORD), SEEK_CUR); ++ + #ifdef FREEIMAGE_BIGENDIAN + SwapLong(&type); + #endif +@@ -1138,7 +1134,7 @@ + break; + } + +- FreeImage_OutputMessageProc(s_format_id, "unknown bmp subtype with id %d", type); ++ FreeImage_OutputMessageProc(s_format_id, "Unknown bmp subtype with id %d", type); + } + + return NULL; +@@ -1418,6 +1414,7 @@ + } + + free(buffer); ++ + #ifdef FREEIMAGE_BIGENDIAN + } else if (dst_bpp == 16) { + int padding = dst_pitch - dst_width * sizeof(WORD); +@@ -1439,6 +1436,7 @@ + } + } + #endif ++ + #if FREEIMAGE_COLORORDER == FREEIMAGE_COLORORDER_RGB + } else if (dst_bpp == 24) { + int padding = dst_pitch - dst_width * sizeof(FILE_BGR); diff -Nru freeimage-3.18.0+ds2/debian/patches/r1836-improved-BMP-plugin-when-working-with-malicious-images.patch freeimage-3.18.0+ds2/debian/patches/r1836-improved-BMP-plugin-when-working-with-malicious-images.patch --- freeimage-3.18.0+ds2/debian/patches/r1836-improved-BMP-plugin-when-working-with-malicious-images.patch 1970-01-01 00:00:00.000000000 +0000 +++ freeimage-3.18.0+ds2/debian/patches/r1836-improved-BMP-plugin-when-working-with-malicious-images.patch 2023-09-19 14:50:01.000000000 +0000 @@ -0,0 +1,159 @@ +Origin: upstream, r1836 +Index: Source/FreeImage/PluginBMP.cpp +--- +diff --git a/Source/FreeImage/PluginBMP.cpp b/Source/FreeImage/PluginBMP.cpp +--- a/Source/FreeImage/PluginBMP.cpp (revision 1835) ++++ b/Source/FreeImage/PluginBMP.cpp (revision 1836) +@@ -139,6 +139,75 @@ + // -------------------------------------------------------------------------- + + /** ++Check if a BITMAPINFOHEADER is valid ++@return Returns TRUE if successful, returns FALSE otherwise ++*/ ++static BOOL ++CheckBitmapInfoHeader(BITMAPINFOHEADER *bih) { ++ if (bih->biSize != sizeof(BITMAPINFOHEADER)) { ++ // The size, in bytes, of the image.This may be set to zero for BI_RGB bitmaps. ++ // If biCompression is BI_JPEG or BI_PNG, biSizeImage indicates the size of the JPEG or PNG image buffer, respectively. ++ if ((bih->biSize == 0) && (bih->biCompression != BI_RGB)) { ++ return FALSE; ++ } ++ else if ((bih->biCompression == BI_JPEG) || (bih->biCompression == BI_PNG)) { ++ // JPEG or PNG is not yet supported ++ return FALSE; ++ } ++ else { ++ return FALSE; ++ } ++ } ++ if (bih->biWidth < 0) { ++ return FALSE; ++ } ++ if (bih->biHeight < 0) { ++ // If biHeight is negative, indicating a top-down DIB, biCompression must be either BI_RGB or BI_BITFIELDS. ++ // Top-down DIBs cannot be compressed. ++ // If biCompression is BI_JPEG or BI_PNG, the biHeight member specifies the height of the decompressed JPEG or PNG image file, respectively. ++ if ((bih->biCompression != BI_RGB) && (bih->biCompression != BI_BITFIELDS)) { ++ return FALSE; ++ } ++ } ++ if (bih->biPlanes != 1) { ++ // The number of planes for the target device. This value must be set to 1. ++ return FALSE; ++ } ++ switch (bih->biBitCount) { ++ case 0: ++ // The number of bits-per-pixel is specified or is implied by the JPEG or PNG format. ++ // JPEG or PNG is not yet supported ++ return FALSE; ++ break; ++ case 1: ++ case 4: ++ case 8: ++ case 16: ++ case 24: ++ case 32: ++ break; ++ default: ++ // Unsupported bitdepth ++ return FALSE; ++ } ++ switch (bih->biCompression) { ++ case BI_RGB: ++ case BI_RLE8: ++ case BI_RLE4: ++ case BI_BITFIELDS: ++ break; ++ case BI_JPEG: ++ case BI_PNG: ++ default: ++ return FALSE; ++ } ++ ++ return TRUE; ++} ++ ++// -------------------------------------------------------------------------- ++ ++/** + Load uncompressed image pixels for 1-, 4-, 8-, 16-, 24- and 32-bit dib + @param io FreeImage IO + @param handle FreeImage IO handle +@@ -458,6 +527,10 @@ + SwapInfoHeader(&bih); + #endif + ++ if (CheckBitmapInfoHeader(&bih) == FALSE) { ++ throw FI_MSG_ERROR_INVALID_FORMAT; ++ } ++ + // keep some general information about the bitmap + + unsigned used_colors = bih.biClrUsed; +@@ -555,10 +628,18 @@ + case 16 : + { + int use_bitfields = 0; +- if (bih.biCompression == BI_BITFIELDS) use_bitfields = 3; +- else if (bih.biCompression == BI_ALPHABITFIELDS) use_bitfields = 4; +- else if (type == 52) use_bitfields = 3; +- else if (type >= 56) use_bitfields = 4; ++ if (bih.biCompression == BI_BITFIELDS) { ++ use_bitfields = 3; ++ } ++ else if (bih.biCompression == BI_ALPHABITFIELDS) { ++ use_bitfields = 4; ++ } ++ else if (type == 52) { ++ use_bitfields = 3; ++ } ++ else if (type >= 56) { ++ use_bitfields = 4; ++ } + + if (use_bitfields > 0) { + DWORD bitfields[4]; +@@ -595,10 +676,18 @@ + case 32 : + { + int use_bitfields = 0; +- if (bih.biCompression == BI_BITFIELDS) use_bitfields = 3; +- else if (bih.biCompression == BI_ALPHABITFIELDS) use_bitfields = 4; +- else if (type == 52) use_bitfields = 3; +- else if (type >= 56) use_bitfields = 4; ++ if (bih.biCompression == BI_BITFIELDS) { ++ use_bitfields = 3; ++ } ++ else if (bih.biCompression == BI_ALPHABITFIELDS) { ++ use_bitfields = 4; ++ } ++ else if (type == 52) { ++ use_bitfields = 3; ++ } ++ else if (type >= 56) { ++ use_bitfields = 4; ++ } + + if (use_bitfields > 0) { + DWORD bitfields[4]; +@@ -676,6 +765,10 @@ + SwapInfoHeader(&bih); + #endif + ++ if (CheckBitmapInfoHeader(&bih) == FALSE) { ++ throw FI_MSG_ERROR_INVALID_FORMAT; ++ } ++ + // keep some general information about the bitmap + + unsigned used_colors = bih.biClrUsed; +@@ -780,7 +873,7 @@ + + case 16 : + { +- if (bih.biCompression == 3) { ++ if (bih.biCompression == BI_BITFIELDS) { + DWORD bitfields[3]; + + io->read_proc(bitfields, 3 * sizeof(DWORD), 1, handle); diff -Nru freeimage-3.18.0+ds2/debian/patches/r1848-improved-PFM-plugin-against-malicious-images.patch freeimage-3.18.0+ds2/debian/patches/r1848-improved-PFM-plugin-against-malicious-images.patch --- freeimage-3.18.0+ds2/debian/patches/r1848-improved-PFM-plugin-against-malicious-images.patch 1970-01-01 00:00:00.000000000 +0000 +++ freeimage-3.18.0+ds2/debian/patches/r1848-improved-PFM-plugin-against-malicious-images.patch 2023-09-19 14:50:01.000000000 +0000 @@ -0,0 +1,227 @@ +Origin: upstream, r1848 +Index: Source/FreeImage/PluginPFM.cpp +--- +diff --git a/Source/FreeImage/PluginPFM.cpp b/Source/FreeImage/PluginPFM.cpp +--- a/Source/FreeImage/PluginPFM.cpp (revision 1847) ++++ b/Source/FreeImage/PluginPFM.cpp (revision 1848) +@@ -23,6 +23,12 @@ + #include "Utilities.h" + + // ========================================================== ++// Plugin Interface ++// ========================================================== ++ ++static int s_format_id; ++ ++// ========================================================== + // Internal functions + // ========================================================== + +@@ -59,6 +65,9 @@ + + /** + Get an integer value from the actual position pointed by handle ++@param io ++@param handle ++@return Returns -1 in case of failure, returns the found number otherwise + */ + static int + pfm_get_int(FreeImageIO *io, fi_handle handle) { +@@ -65,70 +74,72 @@ + char c = 0; + BOOL bFirstChar; + +- // skip forward to start of next number ++ try { + +- if(!io->read_proc(&c, 1, 1, handle)) { +- throw FI_MSG_ERROR_PARSING; +- } ++ // skip forward to start of next number + +- while (1) { +- // eat comments ++ if (io->read_proc(&c, 1, 1, handle) != 1) { ++ throw FI_MSG_ERROR_PARSING; ++ } + +- if (c == '#') { +- // if we're at a comment, read to end of line ++ while (1) { ++ // eat comments + +- bFirstChar = TRUE; ++ if (c == '#') { ++ // if we're at a comment, read to end of line + +- while (1) { +- if(!io->read_proc(&c, 1, 1, handle)) { +- throw FI_MSG_ERROR_PARSING; +- } ++ bFirstChar = TRUE; + +- if (bFirstChar && c == ' ') { +- // loop off 1 sp after # +- bFirstChar = FALSE; +- } else if (c == '\n') { +- break; ++ while (1) { ++ if (io->read_proc(&c, 1, 1, handle) != 1) { ++ throw FI_MSG_ERROR_PARSING; ++ } ++ ++ if (bFirstChar && c == ' ') { ++ // loop off 1 sp after # ++ bFirstChar = FALSE; ++ } ++ else if (c == '\n') { ++ break; ++ } + } + } +- } + +- if (c >= '0' && c <='9') { +- // we've found what we were looking for +- break; +- } ++ if (c >= '0' && c <= '9') { ++ // we've found what we were looking for ++ break; ++ } + +- if(!io->read_proc(&c, 1, 1, handle)) { +- throw FI_MSG_ERROR_PARSING; ++ if (io->read_proc(&c, 1, 1, handle) != 1) { ++ throw FI_MSG_ERROR_PARSING; ++ } + } +- } + +- // we're at the start of a number, continue until we hit a non-number ++ // we're at the start of a number, continue until we hit a non-number + +- int i = 0; ++ int i = 0; + +- while (1) { +- i = (i * 10) + (c - '0'); ++ while (1) { ++ i = (i * 10) + (c - '0'); + +- if(!io->read_proc(&c, 1, 1, handle)) { +- throw FI_MSG_ERROR_PARSING; +- } ++ if (io->read_proc(&c, 1, 1, handle) != 1) { ++ throw FI_MSG_ERROR_PARSING; ++ } + +- if (c < '0' || c > '9') { +- break; ++ if (c < '0' || c > '9') { ++ break; ++ } + } +- } + +- return i; ++ return i; ++ } ++ catch (const char *message) { ++ FreeImage_OutputMessageProc(s_format_id, message); ++ return -1; ++ } + } + + // ========================================================== +-// Plugin Interface +-// ========================================================== +- +-static int s_format_id; +- +-// ========================================================== + // Plugin Implementation + // ========================================================== + +@@ -230,8 +241,12 @@ + } + + // Read the header information: width, height and the scale value +- unsigned width = (unsigned) pfm_get_int(io, handle); +- unsigned height = (unsigned) pfm_get_int(io, handle); ++ int width = pfm_get_int(io, handle); ++ int height = pfm_get_int(io, handle); ++ if ((width <= 0) || (height <= 0)) { ++ throw FI_MSG_ERROR_PARSING; ++ } ++ + float scalefactor = 1; + + BOOL bResult = pfm_get_line(io, handle, line_buffer, PFM_MAXLINE); +@@ -262,7 +277,7 @@ + throw FI_MSG_ERROR_MEMORY; + } + +- for (unsigned y = 0; y < height; y++) { ++ for (int y = 0; y < height; y++) { + FIRGBF *bits = (FIRGBF*)FreeImage_GetScanLine(dib, height - 1 - y); + + if(io->read_proc(lineBuffer, sizeof(float), lineWidth, handle) != lineWidth) { +@@ -271,7 +286,7 @@ + float *channel = lineBuffer; + if(scalefactor > 0) { + // MSB +- for (unsigned x = 0; x < width; x++) { ++ for (int x = 0; x < width; x++) { + REVERSEBYTES(channel++, &bits[x].red); + REVERSEBYTES(channel++, &bits[x].green); + REVERSEBYTES(channel++, &bits[x].blue); +@@ -278,7 +293,7 @@ + } + } else { + // LSB +- for (unsigned x = 0; x < width; x++) { ++ for (int x = 0; x < width; x++) { + bits[x].red = *channel++; + bits[x].green = *channel++; + bits[x].blue = *channel++; +@@ -296,7 +311,7 @@ + throw FI_MSG_ERROR_MEMORY; + } + +- for (unsigned y = 0; y < height; y++) { ++ for (int y = 0; y < height; y++) { + float *bits = (float*)FreeImage_GetScanLine(dib, height - 1 - y); + + if(io->read_proc(lineBuffer, sizeof(float), lineWidth, handle) != lineWidth) { +@@ -305,12 +320,12 @@ + float *channel = lineBuffer; + if(scalefactor > 0) { + // MSB - File is Big endian +- for (unsigned x = 0; x < width; x++) { ++ for (int x = 0; x < width; x++) { + REVERSEBYTES(channel++, &bits[x]); + } + } else { + // LSB - File is Little Endian +- for (unsigned x = 0; x < width; x++) { ++ for (int x = 0; x < width; x++) { + bits[x] = *channel++; + } + } +@@ -323,9 +338,12 @@ + return dib; + + } catch (const char *text) { +- if(lineBuffer) free(lineBuffer); +- if(dib) FreeImage_Unload(dib); +- ++ if (lineBuffer) { ++ free(lineBuffer); ++ } ++ if (dib) { ++ FreeImage_Unload(dib); ++ } + if(NULL != text) { + FreeImage_OutputMessageProc(s_format_id, text); + } diff -Nru freeimage-3.18.0+ds2/debian/patches/r1877-improved-DDS-plugin-against-malicious-images.patch freeimage-3.18.0+ds2/debian/patches/r1877-improved-DDS-plugin-against-malicious-images.patch --- freeimage-3.18.0+ds2/debian/patches/r1877-improved-DDS-plugin-against-malicious-images.patch 1970-01-01 00:00:00.000000000 +0000 +++ freeimage-3.18.0+ds2/debian/patches/r1877-improved-DDS-plugin-against-malicious-images.patch 2023-09-19 14:50:01.000000000 +0000 @@ -0,0 +1,15 @@ +Origin: upstream, r1877 +Index: Source/FreeImage/PluginDDS.cpp +=================================================================== +diff --git a/Source/FreeImage/PluginDDS.cpp b/Source/FreeImage/PluginDDS.cpp +--- a/Source/FreeImage/PluginDDS.cpp (revision 1876) ++++ b/Source/FreeImage/PluginDDS.cpp (revision 1877) +@@ -617,7 +617,7 @@ + // read the file + // ------------------------------------------------------------------------- + +- const int line = CalculateLine(width, bpp); ++ const int line = CalculateLine(width, FreeImage_GetBPP(dib)); + const int filePitch = ((desc->dwFlags & DDSD_PITCH) == DDSD_PITCH) ? (int)desc->dwPitchOrLinearSize : line; + const long delta = (long)filePitch - (long)line; + diff -Nru freeimage-3.18.0+ds2/debian/patches/series freeimage-3.18.0+ds2/debian/patches/series --- freeimage-3.18.0+ds2/debian/patches/series 2020-09-03 08:01:07.000000000 +0000 +++ freeimage-3.18.0+ds2/debian/patches/series 2023-09-19 14:50:01.000000000 +0000 @@ -11,3 +11,10 @@ Fix_compilation_external-static.patch Fix-libraw-compilation.patch Use-system-jpeg_read_icc_profile.patch +Fix-libraw-compilation-2.patch +Fix-big-endian.patch +r1830-minor-refactoring.patch +r1832-improved-BMP-plugin-when-working-with-malicious-images.patch +r1836-improved-BMP-plugin-when-working-with-malicious-images.patch +r1848-improved-PFM-plugin-against-malicious-images.patch +r1877-improved-DDS-plugin-against-malicious-images.patch