From owner-svn-ports-head@freebsd.org Mon Aug 13 20:31:35 2018 Return-Path: Delivered-To: svn-ports-head@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 4A0B1107CD8C; Mon, 13 Aug 2018 20:31:35 +0000 (UTC) (envelope-from mmokhi@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client CN "mxrelay.nyi.freebsd.org", Issuer "Let's Encrypt Authority X3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id E03F78BD01; Mon, 13 Aug 2018 20:31:34 +0000 (UTC) (envelope-from mmokhi@FreeBSD.org) Received: from repo.freebsd.org (repo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:0]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id A840F11A3F; Mon, 13 Aug 2018 20:31:34 +0000 (UTC) (envelope-from mmokhi@FreeBSD.org) Received: from repo.freebsd.org ([127.0.1.37]) by repo.freebsd.org (8.15.2/8.15.2) with ESMTP id w7DKVYDE067952; Mon, 13 Aug 2018 20:31:34 GMT (envelope-from mmokhi@FreeBSD.org) Received: (from mmokhi@localhost) by repo.freebsd.org (8.15.2/8.15.2/Submit) id w7DKVYoX067949; Mon, 13 Aug 2018 20:31:34 GMT (envelope-from mmokhi@FreeBSD.org) Message-Id: <201808132031.w7DKVYoX067949@repo.freebsd.org> X-Authentication-Warning: repo.freebsd.org: mmokhi set sender to mmokhi@FreeBSD.org using -f From: Mahdi Mokhtari Date: Mon, 13 Aug 2018 20:31:34 +0000 (UTC) To: ports-committers@freebsd.org, svn-ports-all@freebsd.org, svn-ports-head@freebsd.org Subject: svn commit: r477112 - in head/graphics/openjpeg: . files X-SVN-Group: ports-head X-SVN-Commit-Author: mmokhi X-SVN-Commit-Paths: in head/graphics/openjpeg: . files X-SVN-Commit-Revision: 477112 X-SVN-Commit-Repository: ports MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-BeenThere: svn-ports-head@freebsd.org X-Mailman-Version: 2.1.27 Precedence: list List-Id: SVN commit messages for the ports tree for head List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 13 Aug 2018 20:31:35 -0000 Author: mmokhi Date: Mon Aug 13 20:31:33 2018 New Revision: 477112 URL: https://svnweb.freebsd.org/changeset/ports/477112 Log: graphics/openjpeg: Fix CVE-2017-14041 The port had 5 CVEs reported in vuxml entry < http://www.vuxml.org/freebsd/11dc3890-0e64-11e8-99b0-d017c2987f9a.html >. These patches are fix for CVE-2017-1404 Reported by: Philip Jocks Approved by: sunpoet (maintainer) Sponsored by: The FreeBSD Foundation Differential Revision: https://reviews.freebsd.org/D16685 Added: head/graphics/openjpeg/files/ head/graphics/openjpeg/files/patch-src_bin_jp3d_convert.c (contents, props changed) head/graphics/openjpeg/files/patch-src_bin_jpwl_convert.c (contents, props changed) Modified: head/graphics/openjpeg/Makefile Modified: head/graphics/openjpeg/Makefile ============================================================================== --- head/graphics/openjpeg/Makefile Mon Aug 13 20:26:05 2018 (r477111) +++ head/graphics/openjpeg/Makefile Mon Aug 13 20:31:33 2018 (r477112) @@ -3,6 +3,7 @@ PORTNAME= openjpeg PORTVERSION= 2.3.0 +PORTREVISION= 1 DISTVERSIONPREFIX= v CATEGORIES= graphics Added: head/graphics/openjpeg/files/patch-src_bin_jp3d_convert.c ============================================================================== --- /dev/null 00:00:00 1970 (empty, because file is newly added) +++ head/graphics/openjpeg/files/patch-src_bin_jp3d_convert.c Mon Aug 13 20:31:33 2018 (r477112) @@ -0,0 +1,11 @@ +--- src/bin/jp3d/convert.c.orig 2018-08-02 17:40:37 UTC ++++ src/bin/jp3d/convert.c +@@ -297,7 +297,7 @@ opj_volume_t* pgxtovolume(char *relpath, + fprintf(stdout, "[INFO] Loading %s \n", pgxfiles[pos]); + + fseek(f, 0, SEEK_SET); +- fscanf(f, "PG%[ \t]%c%c%[ \t+-]%d%[ \t]%d%[ \t]%d", temp, &endian1, &endian2, ++ fscanf(f, "PG%31[ \t]%c%c%31[ \t+-]%d%31[ \t]%d%31[ \t]%d", temp, &endian1, &endian2 + signtmp, &prec, temp, &w, temp, &h); + + i = 0; Added: head/graphics/openjpeg/files/patch-src_bin_jpwl_convert.c ============================================================================== --- /dev/null 00:00:00 1970 (empty, because file is newly added) +++ head/graphics/openjpeg/files/patch-src_bin_jpwl_convert.c Mon Aug 13 20:31:33 2018 (r477112) @@ -0,0 +1,11 @@ +--- src/bin/jpwl/convert.c.orig 2018-08-02 17:47:37 UTC ++++ src/bin/jpwl/convert.c +@@ -1348,7 +1348,7 @@ opj_image_t* pgxtoimage(const char *file + } + + fseek(f, 0, SEEK_SET); +- if (fscanf(f, "PG%[ \t]%c%c%[ \t+-]%d%[ \t]%d%[ \t]%d", temp, &endian1, ++ if (fscanf(f, "PG%31[ \t]%c%c%31[ \t+-]%d%31[ \t]%d%31[ \t]%d", temp, &endian1, + &endian2, signtmp, &prec, temp, &w, temp, &h) != 9) { + fprintf(stderr, + "ERROR: Failed to read the right number of element from the fscanf() function!\n");