svn commit: r489415 - in head/graphics/openjpeg: . files
Kubilay Kocak
koobs at FreeBSD.org
Sun Jan 6 01:45:10 UTC 2019
On 6/01/2019 9:47 am, Sunpoet Po-Chuan Hsieh wrote:
> Author: sunpoet
> Date: Sat Jan 5 22:47:22 2019
> New Revision: 489415
> URL: https://svnweb.freebsd.org/changeset/ports/489415
>
> Log:
> Fix CVE-2018-6616
>
> - Bump PORTREVISION for package change
>
> Obtained from: https://github.com/uclouvain/openjpeg/commit/8ee335227bbcaf1614124046aa25e53d67b11ec3
> PR: 234473
> Submitted by: Andres Montalban <amontalban at gmail.com>
MFH: 2019Q1 ?
> Modified:
> head/graphics/openjpeg/Makefile
> head/graphics/openjpeg/files/patch-src-bin-jp2-convertbmp.c
>
> Modified: head/graphics/openjpeg/Makefile
> ==============================================================================
> --- head/graphics/openjpeg/Makefile Sat Jan 5 22:47:16 2019 (r489414)
> +++ head/graphics/openjpeg/Makefile Sat Jan 5 22:47:22 2019 (r489415)
> @@ -3,7 +3,7 @@
>
> PORTNAME= openjpeg
> PORTVERSION= 2.3.0
> -PORTREVISION= 2
> +PORTREVISION= 3
> DISTVERSIONPREFIX= v
> CATEGORIES= graphics
>
>
> Modified: head/graphics/openjpeg/files/patch-src-bin-jp2-convertbmp.c
> ==============================================================================
> --- head/graphics/openjpeg/files/patch-src-bin-jp2-convertbmp.c Sat Jan 5 22:47:16 2019 (r489414)
> +++ head/graphics/openjpeg/files/patch-src-bin-jp2-convertbmp.c Sat Jan 5 22:47:22 2019 (r489415)
> @@ -1,6 +1,7 @@
> -Fix CVE-2018-5785
> +Fix CVE-2018-5785 and CVE-2018-6616
>
> Obtained from: https://github.com/uclouvain/openjpeg/commit/ca16fe55014c57090dd97369256c7657aeb25975
> + https://github.com/uclouvain/openjpeg/commit/8ee335227bbcaf1614124046aa25e53d67b11ec3
>
> --- src/bin/jp2/convertbmp.c.orig 2017-10-04 22:23:14 UTC
> +++ src/bin/jp2/convertbmp.c
> @@ -36,7 +37,53 @@ Obtained from: https://github.com/uclouvain/openjpeg/c
> header->biAlphaMask = (OPJ_UINT32)getc(IN);
> header->biAlphaMask |= (OPJ_UINT32)getc(IN) << 8;
> header->biAlphaMask |= (OPJ_UINT32)getc(IN) << 16;
> -@@ -831,6 +846,12 @@ opj_image_t* bmptoimage(const char *file
> +@@ -519,14 +534,14 @@ static OPJ_BOOL bmp_read_raw_data(FILE*
> + static OPJ_BOOL bmp_read_rle8_data(FILE* IN, OPJ_UINT8* pData,
> + OPJ_UINT32 stride, OPJ_UINT32 width, OPJ_UINT32 height)
> + {
> +- OPJ_UINT32 x, y;
> ++ OPJ_UINT32 x, y, written;
> + OPJ_UINT8 *pix;
> + const OPJ_UINT8 *beyond;
> +
> + beyond = pData + stride * height;
> + pix = pData;
> +
> +- x = y = 0U;
> ++ x = y = written = 0U;
> + while (y < height) {
> + int c = getc(IN);
> + if (c == EOF) {
> +@@ -546,6 +561,7 @@ static OPJ_BOOL bmp_read_rle8_data(FILE*
> + for (j = 0; (j < c) && (x < width) &&
> + ((OPJ_SIZE_T)pix < (OPJ_SIZE_T)beyond); j++, x++, pix++) {
> + *pix = c1;
> ++ written++;
> + }
> + } else {
> + c = getc(IN);
> +@@ -583,6 +599,7 @@ static OPJ_BOOL bmp_read_rle8_data(FILE*
> + }
> + c1 = (OPJ_UINT8)c1_int;
> + *pix = c1;
> ++ written++;
> + }
> + if ((OPJ_UINT32)c & 1U) { /* skip padding byte */
> + c = getc(IN);
> +@@ -593,6 +610,12 @@ static OPJ_BOOL bmp_read_rle8_data(FILE*
> + }
> + }
> + }/* while() */
> ++
> ++ if (written != width * height) {
> ++ fprintf(stderr, "warning, image's actual size does not match advertized one\n");
> ++ return OPJ_FALSE;
> ++ }
> ++
> + return OPJ_TRUE;
> + }
> +
> +@@ -831,6 +854,12 @@ opj_image_t* bmptoimage(const char *file
> bmpmask32toimage(pData, stride, image, 0x00FF0000U, 0x0000FF00U, 0x000000FFU,
> 0x00000000U);
> } else if (Info_h.biBitCount == 32 && Info_h.biCompression == 3) { /* bitmask */
>
More information about the svn-ports-head
mailing list