Skip site navigation (1)Skip section navigation (2) 
Date:      Sun, 31 May 2015 09:15:27 +0000 (UTC)
From:      Xin LI <delphij@FreeBSD.org>
To:        ports-committers@freebsd.org, svn-ports-all@freebsd.org, svn-ports-branches@freebsd.org
Subject:   svn commit: r388052 - in branches/2015Q2/graphics/rawstudio: . files
Message-ID:  <201505310915.t4V9FRiY008761@svn.freebsd.org>
next in thread | raw e-mail | index | archive | help 
Author: delphij
Date: Sun May 31 09:15:26 2015
New Revision: 388052
URL: https://svnweb.freebsd.org/changeset/ports/388052

Log:
  MFH: r388051
  
  Apply vendor patch for "Avoid overflow in ljpeg_start()"
  (changeset 983bda1f) to prevent a denial of service (crash) via a
  crafted image
  
  PR:		200199
  Obtained from:	https://github.com/rawstudio/rawstudio/commit/983bda1f0fa5fa86884381208274198a620f006e
  Security:	CVE-2015-3885
  Security:	57325ecf-facc-11e4-968f-b888e347c638
  Submitted by:	Jason Unovitch <jason unovitch gmail com>
  Reported by:	Sevan Janiyan <venture37 geeklan co uk>
  Approved by:	ports-secteam@

Added:
  branches/2015Q2/graphics/rawstudio/files/patch-plugins_load-dcraw_dcraw.cc
     - copied unchanged from r388051, head/graphics/rawstudio/files/patch-plugins_load-dcraw_dcraw.cc
Modified:
  branches/2015Q2/graphics/rawstudio/Makefile
Directory Properties:
  branches/2015Q2/   (props changed)

Modified: branches/2015Q2/graphics/rawstudio/Makefile
==============================================================================
--- branches/2015Q2/graphics/rawstudio/Makefile	Sun May 31 09:14:02 2015	(r388051)
+++ branches/2015Q2/graphics/rawstudio/Makefile	Sun May 31 09:15:26 2015	(r388052)
@@ -3,7 +3,7 @@
 
 PORTNAME=	rawstudio
 PORTVERSION=	2.0
-PORTREVISION=	10
+PORTREVISION=	11
 CATEGORIES=	graphics
 MASTER_SITES=	http://rawstudio.org/files/release/
 

Copied: branches/2015Q2/graphics/rawstudio/files/patch-plugins_load-dcraw_dcraw.cc (from r388051, head/graphics/rawstudio/files/patch-plugins_load-dcraw_dcraw.cc)
==============================================================================
--- /dev/null	00:00:00 1970	(empty, because file is newly added)
+++ branches/2015Q2/graphics/rawstudio/files/patch-plugins_load-dcraw_dcraw.cc	Sun May 31 09:15:26 2015	(r388052, copy of r388051, head/graphics/rawstudio/files/patch-plugins_load-dcraw_dcraw.cc)
@@ -0,0 +1,12 @@
+--- plugins/load-dcraw/dcraw.cc.orig	2015-05-29 01:03:46 UTC
++++ plugins/load-dcraw/dcraw.cc
+@@ -869,7 +869,8 @@ struct jhead {
+ 
+ int CLASS ljpeg_start (struct jhead *jh, int info_only)
+ {
+-  int c, tag, len;
++  int c, tag;
++  ushort len;
+   uchar data[0x10000];
+   const uchar *dp;
+

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201505310915.t4V9FRiY008761>