From owner-svn-ports-all@freebsd.org  Tue Oct 11 15:13:17 2016
Return-Path: <owner-svn-ports-all@freebsd.org>
Delivered-To: svn-ports-all@mailman.ysv.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org
 [IPv6:2001:1900:2254:206a::19:1])
 by mailman.ysv.freebsd.org (Postfix) with ESMTP id 3D7DCC0D48B;
 Tue, 11 Oct 2016 15:13:17 +0000 (UTC)
 (envelope-from feld@FreeBSD.org)
Received: from repo.freebsd.org (repo.freebsd.org
 [IPv6:2610:1c1:1:6068::e6a:0])
 (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
 (Client did not present a certificate)
 by mx1.freebsd.org (Postfix) with ESMTPS id EF19E8B3;
 Tue, 11 Oct 2016 15:13:16 +0000 (UTC)
 (envelope-from feld@FreeBSD.org)
Received: from repo.freebsd.org ([127.0.1.37])
 by repo.freebsd.org (8.15.2/8.15.2) with ESMTP id u9BFDGE0085686;
 Tue, 11 Oct 2016 15:13:16 GMT (envelope-from feld@FreeBSD.org)
Received: (from feld@localhost)
 by repo.freebsd.org (8.15.2/8.15.2/Submit) id u9BFDFSH085681;
 Tue, 11 Oct 2016 15:13:15 GMT (envelope-from feld@FreeBSD.org)
Message-Id: <201610111513.u9BFDFSH085681@repo.freebsd.org>
X-Authentication-Warning: repo.freebsd.org: feld set sender to
 feld@FreeBSD.org using -f
From: Mark Felder <feld@FreeBSD.org>
Date: Tue, 11 Oct 2016 15:13:15 +0000 (UTC)
To: ports-committers@freebsd.org, svn-ports-all@freebsd.org,
 svn-ports-head@freebsd.org
Subject: svn commit: r423771 - in head/graphics/openjpeg: . files
X-SVN-Group: ports-head
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
X-BeenThere: svn-ports-all@freebsd.org
X-Mailman-Version: 2.1.23
Precedence: list
List-Id: SVN commit messages for the ports tree <svn-ports-all.freebsd.org>
List-Unsubscribe: <https://lists.freebsd.org/mailman/options/svn-ports-all>,
 <mailto:svn-ports-all-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/svn-ports-all/>
List-Post: <mailto:svn-ports-all@freebsd.org>
List-Help: <mailto:svn-ports-all-request@freebsd.org?subject=help>
List-Subscribe: <https://lists.freebsd.org/mailman/listinfo/svn-ports-all>,
 <mailto:svn-ports-all-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Tue, 11 Oct 2016 15:13:17 -0000

Author: feld
Date: Tue Oct 11 15:13:15 2016
New Revision: 423771
URL: https://svnweb.freebsd.org/changeset/ports/423771

Log:
  graphics/openjpeg: Add patches to resolve CVEs
  
  PR:		212672
  MFH:		2016Q4
  Security:	CVE-2016-5157
  Security:	CVE-2016-7163

Added:
  head/graphics/openjpeg/files/patch-src_lib_openjp2_pi.c   (contents, props changed)
  head/graphics/openjpeg/files/patch-src_lib_openjp2_tcd.c   (contents, props changed)
  head/graphics/openjpeg/files/patch-tests_compare__dump__files.c   (contents, props changed)
  head/graphics/openjpeg/files/patch-tests_nonregression_test__suite.ctest.in   (contents, props changed)
Modified:
  head/graphics/openjpeg/Makefile

Modified: head/graphics/openjpeg/Makefile
==============================================================================
--- head/graphics/openjpeg/Makefile	Tue Oct 11 15:09:30 2016	(r423770)
+++ head/graphics/openjpeg/Makefile	Tue Oct 11 15:13:15 2016	(r423771)
@@ -3,6 +3,7 @@
 
 PORTNAME=	openjpeg
 PORTVERSION=	2.1.1
+PORTREVISION=	1
 CATEGORIES=	graphics
 
 MAINTAINER=	sunpoet@FreeBSD.org

Added: head/graphics/openjpeg/files/patch-src_lib_openjp2_pi.c
==============================================================================
--- /dev/null	00:00:00 1970	(empty, because file is newly added)
+++ head/graphics/openjpeg/files/patch-src_lib_openjp2_pi.c	Tue Oct 11 15:13:15 2016	(r423771)
@@ -0,0 +1,17 @@
+--- src/lib/openjp2/pi.c.orig	2016-09-14 00:01:22 UTC
++++ src/lib/openjp2/pi.c
+@@ -1236,7 +1236,13 @@ opj_pi_iterator_t *opj_pi_create_decode(
+ 	l_current_pi = l_pi;
+ 
+ 	/* memory allocation for include */
+-	l_current_pi->include = (OPJ_INT16*) opj_calloc((l_tcp->numlayers +1) * l_step_l, sizeof(OPJ_INT16));
++	/* prevent an integer overflow issue */
++	l_current_pi->include = 00;
++	if (l_step_l <= (SIZE_MAX / (l_tcp->numlayers + 1U)))
++	{
++		l_current_pi->include = (OPJ_INT16*) opj_calloc((l_tcp->numlayers +1) * l_step_l, sizeof(OPJ_INT16));
++	}
++
+ 	if
+ 		(!l_current_pi->include)
+ 	{

Added: head/graphics/openjpeg/files/patch-src_lib_openjp2_tcd.c
==============================================================================
--- /dev/null	00:00:00 1970	(empty, because file is newly added)
+++ head/graphics/openjpeg/files/patch-src_lib_openjp2_tcd.c	Tue Oct 11 15:13:15 2016	(r423771)
@@ -0,0 +1,23 @@
+--- src/lib/openjp2/tcd.c.orig	2016-09-14 00:02:27 UTC
++++ src/lib/openjp2/tcd.c
+@@ -706,9 +706,20 @@ static INLINE OPJ_BOOL opj_tcd_init_tile
+ 	l_tx0 = l_cp->tx0 + p * l_cp->tdx; /* can't be greater than l_image->x1 so won't overflow */
+ 	l_tile->x0 = (OPJ_INT32)opj_uint_max(l_tx0, l_image->x0);
+ 	l_tile->x1 = (OPJ_INT32)opj_uint_min(opj_uint_adds(l_tx0, l_cp->tdx), l_image->x1);
++	/* all those OPJ_UINT32 are casted to OPJ_INT32, let's do some sanity check */
++	if ((l_tile->x0 < 0) || (l_tile->x1 <= l_tile->x0)) {
++		opj_event_msg(manager, EVT_ERROR, "Tile X coordinates are not supported\n");
++		return OPJ_FALSE;
++	}
+ 	l_ty0 = l_cp->ty0 + q * l_cp->tdy; /* can't be greater than l_image->y1 so won't overflow */
+ 	l_tile->y0 = (OPJ_INT32)opj_uint_max(l_ty0, l_image->y0);
+ 	l_tile->y1 = (OPJ_INT32)opj_uint_min(opj_uint_adds(l_ty0, l_cp->tdy), l_image->y1);
++	/* all those OPJ_UINT32 are casted to OPJ_INT32, let's do some sanity check */
++	if ((l_tile->y0 < 0) || (l_tile->y1 <= l_tile->y0)) {
++		opj_event_msg(manager, EVT_ERROR, "Tile Y coordinates are not supported\n");
++		return OPJ_FALSE;
++	}
++	
+ 
+ 	/* testcase 1888.pdf.asan.35.988 */
+ 	if (l_tccp->numresolutions == 0) {

Added: head/graphics/openjpeg/files/patch-tests_compare__dump__files.c
==============================================================================
--- /dev/null	00:00:00 1970	(empty, because file is newly added)
+++ head/graphics/openjpeg/files/patch-tests_compare__dump__files.c	Tue Oct 11 15:13:15 2016	(r423771)
@@ -0,0 +1,30 @@
+--- tests/compare_dump_files.c.orig	2016-09-14 00:05:13 UTC
++++ tests/compare_dump_files.c
+@@ -118,10 +118,10 @@ int main(int argc, char **argv)
+   test_cmp_parameters inParam;
+   FILE *fbase=NULL, *ftest=NULL;
+   int same = 0;
+-  char lbase[256];
+-  char strbase[256];
+-  char ltest[256];
+-  char strtest[256];
++  char lbase[512];
++  char strbase[512];
++  char ltest[512];
++  char strtest[512];
+ 
+   if( parse_cmdline_cmp(argc, argv, &inParam) == 1 )
+     {
+@@ -154,9 +154,9 @@ int main(int argc, char **argv)
+ 
+   while (fgets(lbase, sizeof(lbase), fbase) && fgets(ltest,sizeof(ltest),ftest))
+     {
+-    int nbase = sscanf(lbase, "%255[^\r\n]", strbase);
+-    int ntest = sscanf(ltest, "%255[^\r\n]", strtest);
+-    assert( nbase != 255 && ntest != 255 );
++    int nbase = sscanf(lbase, "%511[^\r\n]", strbase);
++    int ntest = sscanf(ltest, "%511[^\r\n]", strtest);
++    assert( nbase != 511 && ntest != 511 );
+     if( nbase != 1 || ntest != 1 )
+       {
+       fprintf(stderr, "could not parse line from files\n" );

Added: head/graphics/openjpeg/files/patch-tests_nonregression_test__suite.ctest.in
==============================================================================
--- /dev/null	00:00:00 1970	(empty, because file is newly added)
+++ head/graphics/openjpeg/files/patch-tests_nonregression_test__suite.ctest.in	Tue Oct 11 15:13:15 2016	(r423771)
@@ -0,0 +1,9 @@
+--- tests/nonregression/test_suite.ctest.in.orig	2016-09-14 00:06:50 UTC
++++ tests/nonregression/test_suite.ctest.in
+@@ -505,3 +505,6 @@ opj_decompress -i @INPUT_NR_PATH@/issue2
+ # issue 326 + PR 559: CIELab colorspace
+ opj_decompress -i @INPUT_NR_PATH@/issue559-eci-090-CIELab.jp2 -o @TEMP_PATH@/issue559-eci-090-CIELab.jp2.pgx
+ opj_decompress -i @INPUT_NR_PATH@/issue559-eci-091-CIELab.jp2 -o @TEMP_PATH@/issue559-eci-091-CIELab.jp2.pgx
++# issue 823 (yes, not a typo, test image is issue822)
++!opj_decompress -i @INPUT_NR_PATH@/issue822.jp2 -o @TEMP_PATH@/issue822.png
++