Date: Sat, 30 Mar 2019 22:05:27 +0000 (UTC) From: Sunpoet Po-Chuan Hsieh <sunpoet@FreeBSD.org> To: ports-committers@freebsd.org, svn-ports-all@freebsd.org, svn-ports-branches@freebsd.org Subject: svn commit: r497363 - in branches/2019Q1/graphics/openjpeg: . files Message-ID: <201903302205.x2UM5RNw075295@repo.freebsd.org>
next in thread | raw e-mail | index | archive | help
Author: sunpoet Date: Sat Mar 30 22:05:26 2019 New Revision: 497363 URL: https://svnweb.freebsd.org/changeset/ports/497363 Log: MFH: r497122 Fix CVE-2018-5727 - Bump PORTREVISION for possible package change Obtained from: https://github.com/uclouvain/openjpeg/commit/d6b8aed5612e6be6d3a4053867fbd2ae0cb7c8af Security: 5efd7a93-2dfb-11e9-9549-e980e869c2e9 Approved by: ports-secteam (joneum) Added: branches/2019Q1/graphics/openjpeg/files/patch-src-lib-openjp2-t1.c - copied unchanged from r497122, head/graphics/openjpeg/files/patch-src-lib-openjp2-t1.c Modified: branches/2019Q1/graphics/openjpeg/Makefile Directory Properties: branches/2019Q1/ (props changed) Modified: branches/2019Q1/graphics/openjpeg/Makefile ============================================================================== --- branches/2019Q1/graphics/openjpeg/Makefile Sat Mar 30 21:15:08 2019 (r497362) +++ branches/2019Q1/graphics/openjpeg/Makefile Sat Mar 30 22:05:26 2019 (r497363) @@ -3,8 +3,8 @@ PORTNAME= openjpeg PORTVERSION= 2.3.0 -PORTREVISION= 3 DISTVERSIONPREFIX= v +PORTREVISION= 4 CATEGORIES= graphics MAINTAINER= sunpoet@FreeBSD.org @@ -18,8 +18,9 @@ LIB_DEPENDS= liblcms2.so:graphics/lcms2 \ libpng.so:graphics/png \ libtiff.so:graphics/tiff -USE_LDCONFIG= yes USES= cmake cpe pkgconfig + +USE_LDCONFIG= yes PLIST_SUB= PORTVERSION=${PORTVERSION} VER=${PORTVERSION:R} Copied: branches/2019Q1/graphics/openjpeg/files/patch-src-lib-openjp2-t1.c (from r497122, head/graphics/openjpeg/files/patch-src-lib-openjp2-t1.c) ============================================================================== --- /dev/null 00:00:00 1970 (empty, because file is newly added) +++ branches/2019Q1/graphics/openjpeg/files/patch-src-lib-openjp2-t1.c Sat Mar 30 22:05:26 2019 (r497363, copy of r497122, head/graphics/openjpeg/files/patch-src-lib-openjp2-t1.c) @@ -0,0 +1,24 @@ +Obtained from: https://github.com/uclouvain/openjpeg/commit/d6b8aed5612e6be6d3a4053867fbd2ae0cb7c8af + +--- src/lib/openjp2/t1.c.orig 2017-10-04 22:23:14 UTC ++++ src/lib/openjp2/t1.c +@@ -2168,9 +2168,18 @@ OPJ_BOOL opj_t1_encode_cblks(opj_t1_t *t + t1->data = tiledp; + t1->data_stride = tile_w; + if (tccp->qmfbid == 1) { ++ /* Do multiplication on unsigned type, even if the ++ * underlying type is signed, to avoid potential ++ * int overflow on large value (the output will be ++ * incorrect in such situation, but whatever...) ++ * This assumes complement-to-2 signed integer ++ * representation ++ * Fixes https://github.com/uclouvain/openjpeg/issues/1053 ++ */ ++ OPJ_UINT32* OPJ_RESTRICT tiledp_u = (OPJ_UINT32*) tiledp; + for (j = 0; j < cblk_h; ++j) { + for (i = 0; i < cblk_w; ++i) { +- tiledp[tileIndex] *= (1 << T1_NMSEDEC_FRACBITS); ++ tiledp_u[tileIndex] <<= T1_NMSEDEC_FRACBITS; + tileIndex++; + } + tileIndex += tileLineAdvance;
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201903302205.x2UM5RNw075295>