svn commit: r388052 - in branches/2015Q2/graphics/rawstudio: . files
Xin LI
delphij at FreeBSD.org
Sun May 31 09:15:27 UTC 2015
Author: delphij
Date: Sun May 31 09:15:26 2015
New Revision: 388052
URL: https://svnweb.freebsd.org/changeset/ports/388052
Log:
MFH: r388051
Apply vendor patch for "Avoid overflow in ljpeg_start()"
(changeset 983bda1f) to prevent a denial of service (crash) via a
crafted image
PR: 200199
Obtained from: https://github.com/rawstudio/rawstudio/commit/983bda1f0fa5fa86884381208274198a620f006e
Security: CVE-2015-3885
Security: 57325ecf-facc-11e4-968f-b888e347c638
Submitted by: Jason Unovitch <jason unovitch gmail com>
Reported by: Sevan Janiyan <venture37 geeklan co uk>
Approved by: ports-secteam@
Added:
branches/2015Q2/graphics/rawstudio/files/patch-plugins_load-dcraw_dcraw.cc
- copied unchanged from r388051, head/graphics/rawstudio/files/patch-plugins_load-dcraw_dcraw.cc
Modified:
branches/2015Q2/graphics/rawstudio/Makefile
Directory Properties:
branches/2015Q2/ (props changed)
Modified: branches/2015Q2/graphics/rawstudio/Makefile
==============================================================================
--- branches/2015Q2/graphics/rawstudio/Makefile Sun May 31 09:14:02 2015 (r388051)
+++ branches/2015Q2/graphics/rawstudio/Makefile Sun May 31 09:15:26 2015 (r388052)
@@ -3,7 +3,7 @@
PORTNAME= rawstudio
PORTVERSION= 2.0
-PORTREVISION= 10
+PORTREVISION= 11
CATEGORIES= graphics
MASTER_SITES= http://rawstudio.org/files/release/
Copied: branches/2015Q2/graphics/rawstudio/files/patch-plugins_load-dcraw_dcraw.cc (from r388051, head/graphics/rawstudio/files/patch-plugins_load-dcraw_dcraw.cc)
==============================================================================
--- /dev/null 00:00:00 1970 (empty, because file is newly added)
+++ branches/2015Q2/graphics/rawstudio/files/patch-plugins_load-dcraw_dcraw.cc Sun May 31 09:15:26 2015 (r388052, copy of r388051, head/graphics/rawstudio/files/patch-plugins_load-dcraw_dcraw.cc)
@@ -0,0 +1,12 @@
+--- plugins/load-dcraw/dcraw.cc.orig 2015-05-29 01:03:46 UTC
++++ plugins/load-dcraw/dcraw.cc
+@@ -869,7 +869,8 @@ struct jhead {
+
+ int CLASS ljpeg_start (struct jhead *jh, int info_only)
+ {
+- int c, tag, len;
++ int c, tag;
++ ushort len;
+ uchar data[0x10000];
+ const uchar *dp;
+
More information about the svn-ports-all
mailing list