svn commit: r405577 - in branches/2016Q1/graphics/exact-image: . files
Mark Felder
feld at FreeBSD.org
Fri Jan 8 17:53:55 UTC 2016
Author: feld
Date: Fri Jan 8 17:53:53 2016
New Revision: 405577
URL: https://svnweb.freebsd.org/changeset/ports/405577
Log:
MFH: r405576
graphics/exact-image: Update to 0.9.1
Add patch to resolve CVE
PR: 200201
Security: CVE-2015-3885
Approved by: ports-secteam (with hat)
Added:
branches/2016Q1/graphics/exact-image/files/patch-codecs_dcraw.h
- copied unchanged from r405576, head/graphics/exact-image/files/patch-codecs_dcraw.h
Modified:
branches/2016Q1/graphics/exact-image/Makefile
branches/2016Q1/graphics/exact-image/distinfo
Directory Properties:
branches/2016Q1/ (props changed)
Modified: branches/2016Q1/graphics/exact-image/Makefile
==============================================================================
--- branches/2016Q1/graphics/exact-image/Makefile Fri Jan 8 17:53:08 2016 (r405576)
+++ branches/2016Q1/graphics/exact-image/Makefile Fri Jan 8 17:53:53 2016 (r405577)
@@ -2,8 +2,8 @@
# $FreeBSD$
PORTNAME= exact-image
-PORTVERSION= 0.8.9
-PORTREVISION= 10
+PORTVERSION= 0.9.1
+PORTREVISION= 0
CATEGORIES= graphics perl5 python
MASTER_SITES= http://dl.exactcode.de/oss/${PORTNAME}/ LOCAL/bf
Modified: branches/2016Q1/graphics/exact-image/distinfo
==============================================================================
--- branches/2016Q1/graphics/exact-image/distinfo Fri Jan 8 17:53:08 2016 (r405576)
+++ branches/2016Q1/graphics/exact-image/distinfo Fri Jan 8 17:53:53 2016 (r405577)
@@ -1,2 +1,2 @@
-SHA256 (exact-image-0.8.9.tar.bz2) = 0709913e5852214de3bdfa5df0474a4a86b0e686df28f8afd826b5ad8676c372
-SIZE (exact-image-0.8.9.tar.bz2) = 297438
+SHA256 (exact-image-0.9.1.tar.bz2) = 79e6a58522897f9740aa3b5a337f63ad1e0361a772141b24aaff2e31264ece7d
+SIZE (exact-image-0.9.1.tar.bz2) = 299565
Copied: branches/2016Q1/graphics/exact-image/files/patch-codecs_dcraw.h (from r405576, head/graphics/exact-image/files/patch-codecs_dcraw.h)
==============================================================================
--- /dev/null 00:00:00 1970 (empty, because file is newly added)
+++ branches/2016Q1/graphics/exact-image/files/patch-codecs_dcraw.h Fri Jan 8 17:53:53 2016 (r405577, copy of r405576, head/graphics/exact-image/files/patch-codecs_dcraw.h)
@@ -0,0 +1,24 @@
+--- codecs/dcraw.h.orig 2013-10-22 14:00:07 UTC
++++ codecs/dcraw.h
+@@ -775,7 +775,8 @@ struct jhead {
+
+ int CLASS ljpeg_start (struct jhead *jh, int info_only)
+ {
+- int c, tag, len;
++ int c,tag;
++ ushort len;
+ uchar data[0x10000];
+ const uchar *dp;
+
+@@ -786,8 +787,9 @@ int CLASS ljpeg_start (struct jhead *jh,
+ do {
+ fread (data, 2, 2, ifp);
+ tag = data[0] << 8 | data[1];
+- len = (data[2] << 8 | data[3]) - 2;
+- if (tag <= 0xff00) return 0;
++ len = (data[2] << 8 | data[3]);
++ if (tag <= 0xff00 || len <= 2) return 0;
++ len -= 2;
+ fread (data, 1, len, ifp);
+ switch (tag) {
+ case 0xffc3:
More information about the svn-ports-all
mailing list