Date: Sat, 10 Jan 2015 12:23:24 +0000 (UTC) From: Antoine Brodin <antoine@FreeBSD.org> To: ports-committers@freebsd.org, svn-ports-all@freebsd.org, svn-ports-head@freebsd.org Subject: svn commit: r376692 - in head/graphics: jpeg-turbo jpeg-turbo/files libjpeg-turbo Message-ID: <201501101223.t0ACNOEd014154@svn.freebsd.org>
next in thread | raw e-mail | index | archive | help
Author: antoine Date: Sat Jan 10 12:23:24 2015 New Revision: 376692 URL: https://svnweb.freebsd.org/changeset/ports/376692 QAT: https://qat.redports.org/buildarchive/r376692/ Log: Fix possible Huffman local buffer overrun MFH: 2015Q1 Security: CVE-2014-9092 Added: head/graphics/jpeg-turbo/files/ head/graphics/jpeg-turbo/files/patch-jchuff.c (contents, props changed) Modified: head/graphics/jpeg-turbo/Makefile head/graphics/libjpeg-turbo/Makefile Modified: head/graphics/jpeg-turbo/Makefile ============================================================================== --- head/graphics/jpeg-turbo/Makefile Sat Jan 10 11:51:04 2015 (r376691) +++ head/graphics/jpeg-turbo/Makefile Sat Jan 10 12:23:24 2015 (r376692) @@ -3,7 +3,7 @@ PORTNAME= jpeg-turbo PORTVERSION= 1.3.1 -PORTREVISION?= 1 +PORTREVISION?= 2 CATEGORIES= graphics MASTER_SITES= SF/lib${PORTNAME}/${PORTVERSION} DISTNAME= lib${PORTNAME}-${PORTVERSION} Added: head/graphics/jpeg-turbo/files/patch-jchuff.c ============================================================================== --- /dev/null 00:00:00 1970 (empty, because file is newly added) +++ head/graphics/jpeg-turbo/files/patch-jchuff.c Sat Jan 10 12:23:24 2015 (r376692) @@ -0,0 +1,20 @@ +--- jchuff.c.orig 2013-09-28 03:23:49 UTC ++++ jchuff.c +@@ -391,7 +391,16 @@ dump_buffer (working_state * state) + #endif + + +-#define BUFSIZE (DCTSIZE2 * 2) ++/* Although it is exceedingly rare, it is possible for a Huffman-encoded ++ * coefficient block to be larger than the 128-byte unencoded block. For each ++ * of the 64 coefficients, PUT_BITS is invoked twice, and each invocation can ++ * theoretically store 16 bits (for a maximum of 2048 bits or 256 bytes per ++ * encoded block.) If, for instance, one artificially sets the AC ++ * coefficients to alternating values of 32767 and -32768 (using the JPEG ++ * scanning order-- 1, 8, 16, etc.), then this will produce an encoded block ++ * larger than 200 bytes. ++ */ ++#define BUFSIZE (DCTSIZE2 * 4) + + #define LOAD_BUFFER() { \ + if (state->free_in_buffer < BUFSIZE) { \ Modified: head/graphics/libjpeg-turbo/Makefile ============================================================================== --- head/graphics/libjpeg-turbo/Makefile Sat Jan 10 11:51:04 2015 (r376691) +++ head/graphics/libjpeg-turbo/Makefile Sat Jan 10 12:23:24 2015 (r376692) @@ -1,7 +1,7 @@ # Created by: Denis Podolskiy <bytestore@yandex.ru> # $FreeBSD$ -PORTREVISION= 4 +PORTREVISION= 5 PKGNAMEPREFIX= lib COMMENT= SIMD-accelerated JPEG codec library, provides libTurboJPEG
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201501101223.t0ACNOEd014154>