graphics/exact-image: Update to 0.9.1

Add patch to resolve CVE

PR:		200201
MFH:		2016Q1
Security:	CVE-2015-3885
This commit is contained in:
Mark Felder 2016-01-08 17:53:08 +00:00
parent 63366d65f2
commit a288ee9811
Notes: svn2git 2021-03-31 03:12:20 +00:00
svn path=/head/; revision=405576
3 changed files with 28 additions and 4 deletions

View file

@ -2,8 +2,8 @@
# $FreeBSD$
PORTNAME= exact-image
PORTVERSION= 0.8.9
PORTREVISION= 10
PORTVERSION= 0.9.1
PORTREVISION= 0
CATEGORIES= graphics perl5 python
MASTER_SITES= http://dl.exactcode.de/oss/${PORTNAME}/ LOCAL/bf

View file

@ -1,2 +1,2 @@
SHA256 (exact-image-0.8.9.tar.bz2) = 0709913e5852214de3bdfa5df0474a4a86b0e686df28f8afd826b5ad8676c372
SIZE (exact-image-0.8.9.tar.bz2) = 297438
SHA256 (exact-image-0.9.1.tar.bz2) = 79e6a58522897f9740aa3b5a337f63ad1e0361a772141b24aaff2e31264ece7d
SIZE (exact-image-0.9.1.tar.bz2) = 299565

View file

@ -0,0 +1,24 @@
--- codecs/dcraw.h.orig 2013-10-22 14:00:07 UTC
+++ codecs/dcraw.h
@@ -775,7 +775,8 @@ struct jhead {
int CLASS ljpeg_start (struct jhead *jh, int info_only)
{
- int c, tag, len;
+ int c,tag;
+ ushort len;
uchar data[0x10000];
const uchar *dp;
@@ -786,8 +787,9 @@ int CLASS ljpeg_start (struct jhead *jh,
do {
fread (data, 2, 2, ifp);
tag = data[0] << 8 | data[1];
- len = (data[2] << 8 | data[3]) - 2;
- if (tag <= 0xff00) return 0;
+ len = (data[2] << 8 | data[3]);
+ if (tag <= 0xff00 || len <= 2) return 0;
+ len -= 2;
fread (data, 1, len, ifp);
switch (tag) {
case 0xffc3: