Date: Sat, 5 Jan 2019 22:47:22 +0000 (UTC) From: Sunpoet Po-Chuan Hsieh <sunpoet@FreeBSD.org> To: ports-committers@freebsd.org, svn-ports-all@freebsd.org, svn-ports-head@freebsd.org Subject: svn commit: r489415 - in head/graphics/openjpeg: . files Message-ID: <201901052247.x05MlMqc070948@repo.freebsd.org>
next in thread | raw e-mail | index | archive | help
Author: sunpoet Date: Sat Jan 5 22:47:22 2019 New Revision: 489415 URL: https://svnweb.freebsd.org/changeset/ports/489415 Log: Fix CVE-2018-6616 - Bump PORTREVISION for package change Obtained from: https://github.com/uclouvain/openjpeg/commit/8ee335227bbcaf1614124046aa25e53d67b11ec3 PR: 234473 Submitted by: Andres Montalban <amontalban@gmail.com> Modified: head/graphics/openjpeg/Makefile head/graphics/openjpeg/files/patch-src-bin-jp2-convertbmp.c Modified: head/graphics/openjpeg/Makefile ============================================================================== --- head/graphics/openjpeg/Makefile Sat Jan 5 22:47:16 2019 (r489414) +++ head/graphics/openjpeg/Makefile Sat Jan 5 22:47:22 2019 (r489415) @@ -3,7 +3,7 @@ PORTNAME= openjpeg PORTVERSION= 2.3.0 -PORTREVISION= 2 +PORTREVISION= 3 DISTVERSIONPREFIX= v CATEGORIES= graphics Modified: head/graphics/openjpeg/files/patch-src-bin-jp2-convertbmp.c ============================================================================== --- head/graphics/openjpeg/files/patch-src-bin-jp2-convertbmp.c Sat Jan 5 22:47:16 2019 (r489414) +++ head/graphics/openjpeg/files/patch-src-bin-jp2-convertbmp.c Sat Jan 5 22:47:22 2019 (r489415) @@ -1,6 +1,7 @@ -Fix CVE-2018-5785 +Fix CVE-2018-5785 and CVE-2018-6616 Obtained from: https://github.com/uclouvain/openjpeg/commit/ca16fe55014c57090dd97369256c7657aeb25975 + https://github.com/uclouvain/openjpeg/commit/8ee335227bbcaf1614124046aa25e53d67b11ec3 --- src/bin/jp2/convertbmp.c.orig 2017-10-04 22:23:14 UTC +++ src/bin/jp2/convertbmp.c @@ -36,7 +37,53 @@ Obtained from: https://github.com/uclouvain/openjpeg/c header->biAlphaMask = (OPJ_UINT32)getc(IN); header->biAlphaMask |= (OPJ_UINT32)getc(IN) << 8; header->biAlphaMask |= (OPJ_UINT32)getc(IN) << 16; -@@ -831,6 +846,12 @@ opj_image_t* bmptoimage(const char *file +@@ -519,14 +534,14 @@ static OPJ_BOOL bmp_read_raw_data(FILE* + static OPJ_BOOL bmp_read_rle8_data(FILE* IN, OPJ_UINT8* pData, + OPJ_UINT32 stride, OPJ_UINT32 width, OPJ_UINT32 height) + { +- OPJ_UINT32 x, y; ++ OPJ_UINT32 x, y, written; + OPJ_UINT8 *pix; + const OPJ_UINT8 *beyond; + + beyond = pData + stride * height; + pix = pData; + +- x = y = 0U; ++ x = y = written = 0U; + while (y < height) { + int c = getc(IN); + if (c == EOF) { +@@ -546,6 +561,7 @@ static OPJ_BOOL bmp_read_rle8_data(FILE* + for (j = 0; (j < c) && (x < width) && + ((OPJ_SIZE_T)pix < (OPJ_SIZE_T)beyond); j++, x++, pix++) { + *pix = c1; ++ written++; + } + } else { + c = getc(IN); +@@ -583,6 +599,7 @@ static OPJ_BOOL bmp_read_rle8_data(FILE* + } + c1 = (OPJ_UINT8)c1_int; + *pix = c1; ++ written++; + } + if ((OPJ_UINT32)c & 1U) { /* skip padding byte */ + c = getc(IN); +@@ -593,6 +610,12 @@ static OPJ_BOOL bmp_read_rle8_data(FILE* + } + } + }/* while() */ ++ ++ if (written != width * height) { ++ fprintf(stderr, "warning, image's actual size does not match advertized one\n"); ++ return OPJ_FALSE; ++ } ++ + return OPJ_TRUE; + } + +@@ -831,6 +854,12 @@ opj_image_t* bmptoimage(const char *file bmpmask32toimage(pData, stride, image, 0x00FF0000U, 0x0000FF00U, 0x000000FFU, 0x00000000U); } else if (Info_h.biBitCount == 32 && Info_h.biCompression == 3) { /* bitmask */
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201901052247.x05MlMqc070948>