From owner-svn-ports-head@FreeBSD.ORG Sat Jan 10 12:23:25 2015 Return-Path: Delivered-To: svn-ports-head@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [8.8.178.115]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id AAC78E14; Sat, 10 Jan 2015 12:23:25 +0000 (UTC) Received: from svn.freebsd.org (svn.freebsd.org [IPv6:2001:1900:2254:2068::e6a:0]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 7CD2EEEC; Sat, 10 Jan 2015 12:23:25 +0000 (UTC) Received: from svn.freebsd.org ([127.0.1.70]) by svn.freebsd.org (8.14.9/8.14.9) with ESMTP id t0ACNPLh014158; Sat, 10 Jan 2015 12:23:25 GMT (envelope-from antoine@FreeBSD.org) Received: (from antoine@localhost) by svn.freebsd.org (8.14.9/8.14.9/Submit) id t0ACNOEd014154; Sat, 10 Jan 2015 12:23:24 GMT (envelope-from antoine@FreeBSD.org) Message-Id: <201501101223.t0ACNOEd014154@svn.freebsd.org> X-Authentication-Warning: svn.freebsd.org: antoine set sender to antoine@FreeBSD.org using -f From: Antoine Brodin Date: Sat, 10 Jan 2015 12:23:24 +0000 (UTC) To: ports-committers@freebsd.org, svn-ports-all@freebsd.org, svn-ports-head@freebsd.org Subject: svn commit: r376692 - in head/graphics: jpeg-turbo jpeg-turbo/files libjpeg-turbo X-SVN-Group: ports-head MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-BeenThere: svn-ports-head@freebsd.org X-Mailman-Version: 2.1.18-1 Precedence: list List-Id: SVN commit messages for the ports tree for head List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 10 Jan 2015 12:23:25 -0000 Author: antoine Date: Sat Jan 10 12:23:24 2015 New Revision: 376692 URL: https://svnweb.freebsd.org/changeset/ports/376692 QAT: https://qat.redports.org/buildarchive/r376692/ Log: Fix possible Huffman local buffer overrun MFH: 2015Q1 Security: CVE-2014-9092 Added: head/graphics/jpeg-turbo/files/ head/graphics/jpeg-turbo/files/patch-jchuff.c (contents, props changed) Modified: head/graphics/jpeg-turbo/Makefile head/graphics/libjpeg-turbo/Makefile Modified: head/graphics/jpeg-turbo/Makefile ============================================================================== --- head/graphics/jpeg-turbo/Makefile Sat Jan 10 11:51:04 2015 (r376691) +++ head/graphics/jpeg-turbo/Makefile Sat Jan 10 12:23:24 2015 (r376692) @@ -3,7 +3,7 @@ PORTNAME= jpeg-turbo PORTVERSION= 1.3.1 -PORTREVISION?= 1 +PORTREVISION?= 2 CATEGORIES= graphics MASTER_SITES= SF/lib${PORTNAME}/${PORTVERSION} DISTNAME= lib${PORTNAME}-${PORTVERSION} Added: head/graphics/jpeg-turbo/files/patch-jchuff.c ============================================================================== --- /dev/null 00:00:00 1970 (empty, because file is newly added) +++ head/graphics/jpeg-turbo/files/patch-jchuff.c Sat Jan 10 12:23:24 2015 (r376692) @@ -0,0 +1,20 @@ +--- jchuff.c.orig 2013-09-28 03:23:49 UTC ++++ jchuff.c +@@ -391,7 +391,16 @@ dump_buffer (working_state * state) + #endif + + +-#define BUFSIZE (DCTSIZE2 * 2) ++/* Although it is exceedingly rare, it is possible for a Huffman-encoded ++ * coefficient block to be larger than the 128-byte unencoded block. For each ++ * of the 64 coefficients, PUT_BITS is invoked twice, and each invocation can ++ * theoretically store 16 bits (for a maximum of 2048 bits or 256 bytes per ++ * encoded block.) If, for instance, one artificially sets the AC ++ * coefficients to alternating values of 32767 and -32768 (using the JPEG ++ * scanning order-- 1, 8, 16, etc.), then this will produce an encoded block ++ * larger than 200 bytes. ++ */ ++#define BUFSIZE (DCTSIZE2 * 4) + + #define LOAD_BUFFER() { \ + if (state->free_in_buffer < BUFSIZE) { \ Modified: head/graphics/libjpeg-turbo/Makefile ============================================================================== --- head/graphics/libjpeg-turbo/Makefile Sat Jan 10 11:51:04 2015 (r376691) +++ head/graphics/libjpeg-turbo/Makefile Sat Jan 10 12:23:24 2015 (r376692) @@ -1,7 +1,7 @@ # Created by: Denis Podolskiy # $FreeBSD$ -PORTREVISION= 4 +PORTREVISION= 5 PKGNAMEPREFIX= lib COMMENT= SIMD-accelerated JPEG codec library, provides libTurboJPEG