From a288ee981186aa420e947f2153790e56d1cbc102 Mon Sep 17 00:00:00 2001 From: Mark Felder Date: Fri, 8 Jan 2016 17:53:08 +0000 Subject: [PATCH] graphics/exact-image: Update to 0.9.1 Add patch to resolve CVE PR: 200201 MFH: 2016Q1 Security: CVE-2015-3885 --- graphics/exact-image/Makefile | 4 ++-- graphics/exact-image/distinfo | 4 ++-- .../exact-image/files/patch-codecs_dcraw.h | 24 +++++++++++++++++++ 3 files changed, 28 insertions(+), 4 deletions(-) create mode 100644 graphics/exact-image/files/patch-codecs_dcraw.h diff --git a/graphics/exact-image/Makefile b/graphics/exact-image/Makefile index 8957ca0bfc8b..95d534a2e34d 100644 --- a/graphics/exact-image/Makefile +++ b/graphics/exact-image/Makefile @@ -2,8 +2,8 @@ # $FreeBSD$ PORTNAME= exact-image -PORTVERSION= 0.8.9 -PORTREVISION= 10 +PORTVERSION= 0.9.1 +PORTREVISION= 0 CATEGORIES= graphics perl5 python MASTER_SITES= http://dl.exactcode.de/oss/${PORTNAME}/ LOCAL/bf diff --git a/graphics/exact-image/distinfo b/graphics/exact-image/distinfo index 1942760466b7..7d8a80417b39 100644 --- a/graphics/exact-image/distinfo +++ b/graphics/exact-image/distinfo @@ -1,2 +1,2 @@ -SHA256 (exact-image-0.8.9.tar.bz2) = 0709913e5852214de3bdfa5df0474a4a86b0e686df28f8afd826b5ad8676c372 -SIZE (exact-image-0.8.9.tar.bz2) = 297438 +SHA256 (exact-image-0.9.1.tar.bz2) = 79e6a58522897f9740aa3b5a337f63ad1e0361a772141b24aaff2e31264ece7d +SIZE (exact-image-0.9.1.tar.bz2) = 299565 diff --git a/graphics/exact-image/files/patch-codecs_dcraw.h b/graphics/exact-image/files/patch-codecs_dcraw.h new file mode 100644 index 000000000000..7c5a9306a091 --- /dev/null +++ b/graphics/exact-image/files/patch-codecs_dcraw.h @@ -0,0 +1,24 @@ +--- codecs/dcraw.h.orig 2013-10-22 14:00:07 UTC ++++ codecs/dcraw.h +@@ -775,7 +775,8 @@ struct jhead { + + int CLASS ljpeg_start (struct jhead *jh, int info_only) + { +- int c, tag, len; ++ int c,tag; ++ ushort len; + uchar data[0x10000]; + const uchar *dp; + +@@ -786,8 +787,9 @@ int CLASS ljpeg_start (struct jhead *jh, + do { + fread (data, 2, 2, ifp); + tag = data[0] << 8 | data[1]; +- len = (data[2] << 8 | data[3]) - 2; +- if (tag <= 0xff00) return 0; ++ len = (data[2] << 8 | data[3]); ++ if (tag <= 0xff00 || len <= 2) return 0; ++ len -= 2; + fread (data, 1, len, ifp); + switch (tag) { + case 0xffc3: