svn commit: r497122 - in head/graphics/openjpeg: . files

Fri Mar 29 14:15:25 UTC 2019

Author: sunpoet
Date: Fri Mar 29 14:15:23 2019
New Revision: 497122
URL: https://svnweb.freebsd.org/changeset/ports/497122

Log:
  Fix CVE-2018-5727
  
  - Bump PORTREVISION for possible package change
  
  Obtained from:	https://github.com/uclouvain/openjpeg/commit/d6b8aed5612e6be6d3a4053867fbd2ae0cb7c8af
  Security:	5efd7a93-2dfb-11e9-9549-e980e869c2e9
  MFH:		2019Q1

Added:
  head/graphics/openjpeg/files/patch-src-lib-openjp2-t1.c   (contents, props changed)
Modified:
  head/graphics/openjpeg/Makefile

Modified: head/graphics/openjpeg/Makefile
==============================================================================

--- head/graphics/openjpeg/Makefile	Fri Mar 29 14:15:18 2019	(r497121)
+++ head/graphics/openjpeg/Makefile	Fri Mar 29 14:15:23 2019	(r497122)
@@ -3,8 +3,8 @@
 
 PORTNAME=	openjpeg
 PORTVERSION=	2.3.0
-PORTREVISION=	3
 DISTVERSIONPREFIX=	v
+PORTREVISION=	4
 CATEGORIES=	graphics
 
 MAINTAINER=	sunpoet at FreeBSD.org
@@ -18,8 +18,9 @@ LIB_DEPENDS=	liblcms2.so:graphics/lcms2 \
 		libpng.so:graphics/png \
 		libtiff.so:graphics/tiff
 
-USE_LDCONFIG=	yes
 USES=		cmake cpe pkgconfig
+
+USE_LDCONFIG=	yes
 
 PLIST_SUB=	PORTVERSION=${PORTVERSION} VER=${PORTVERSION:R}
 

Added: head/graphics/openjpeg/files/patch-src-lib-openjp2-t1.c
==============================================================================
--- /dev/null	00:00:00 1970	(empty, because file is newly added)
+++ head/graphics/openjpeg/files/patch-src-lib-openjp2-t1.c	Fri Mar 29 14:15:23 2019	(r497122)
@@ -0,0 +1,24 @@
+Obtained from:	https://github.com/uclouvain/openjpeg/commit/d6b8aed5612e6be6d3a4053867fbd2ae0cb7c8af
+
+--- src/lib/openjp2/t1.c.orig	2017-10-04 22:23:14 UTC
++++ src/lib/openjp2/t1.c
+@@ -2168,9 +2168,18 @@ OPJ_BOOL opj_t1_encode_cblks(opj_t1_t *t
+                         t1->data = tiledp;
+                         t1->data_stride = tile_w;
+                         if (tccp->qmfbid == 1) {
++                            /* Do multiplication on unsigned type, even if the
++                             * underlying type is signed, to avoid potential
++                             * int overflow on large value (the output will be
++                             * incorrect in such situation, but whatever...)
++                             * This assumes complement-to-2 signed integer
++                             * representation
++                             * Fixes https://github.com/uclouvain/openjpeg/issues/1053
++                             */
++                            OPJ_UINT32* OPJ_RESTRICT tiledp_u = (OPJ_UINT32*) tiledp;
+                             for (j = 0; j < cblk_h; ++j) {
+                                 for (i = 0; i < cblk_w; ++i) {
+-                                    tiledp[tileIndex] *= (1 << T1_NMSEDEC_FRACBITS);
++                                    tiledp_u[tileIndex] <<= T1_NMSEDEC_FRACBITS;
+                                     tileIndex++;
+                                 }
+                                 tileIndex += tileLineAdvance;
