Date: Sun, 8 Oct 2017 13:11:18 +0000 (UTC) From: "Jason E. Hale" <jhale@FreeBSD.org> To: ports-committers@freebsd.org, svn-ports-all@freebsd.org, svn-ports-branches@freebsd.org Subject: svn commit: r451526 - in branches/2017Q3/graphics/libraw: . files Message-ID: <201710081311.v98DBIrU084598@repo.freebsd.org>
next in thread | raw e-mail | index | archive | help
Author: jhale Date: Sun Oct 8 13:11:17 2017 New Revision: 451526 URL: https://svnweb.freebsd.org/changeset/ports/451526 Log: MFH: r450936 Update to 0.18.5 This addresses CVE-2017-14265, CVE-2017-14348, and CVE-2017-14608 Use FreeBSD libc strnlen and strcasestr functions instead of bundled [1] PR: 219029 [1] Submitted by: mi [1] Security: 4cd857d9-26d2-4417-b765-69701938f9e0 Security: d9f96741-47bd-4426-9aba-8736c0971b24 Security: 02bee9ae-c5d1-409b-8a79-983a88861509 Approved by: ports-secteam (swills) Added: branches/2017Q3/graphics/libraw/files/patch-internal_dcraw__common.cpp - copied unchanged from r450936, head/graphics/libraw/files/patch-internal_dcraw__common.cpp Modified: branches/2017Q3/graphics/libraw/Makefile branches/2017Q3/graphics/libraw/distinfo Directory Properties: branches/2017Q3/ (props changed) Modified: branches/2017Q3/graphics/libraw/Makefile ============================================================================== --- branches/2017Q3/graphics/libraw/Makefile Sun Oct 8 12:47:38 2017 (r451525) +++ branches/2017Q3/graphics/libraw/Makefile Sun Oct 8 13:11:17 2017 (r451526) @@ -2,7 +2,7 @@ # $FreeBSD$ PORTNAME= libraw -PORTVERSION= 0.18.2 +PORTVERSION= 0.18.5 CATEGORIES= graphics MASTER_SITES= http://www.libraw.org/data/ DISTNAME= LibRaw-${PORTVERSION} Modified: branches/2017Q3/graphics/libraw/distinfo ============================================================================== --- branches/2017Q3/graphics/libraw/distinfo Sun Oct 8 12:47:38 2017 (r451525) +++ branches/2017Q3/graphics/libraw/distinfo Sun Oct 8 13:11:17 2017 (r451526) @@ -1,7 +1,7 @@ -TIMESTAMP = 1491502383 -SHA256 (LibRaw-0.18.2.tar.gz) = ce366bb38c1144130737eb16e919038937b4dc1ab165179a225d5e847af2abc6 -SIZE (LibRaw-0.18.2.tar.gz) = 1281674 -SHA256 (LibRaw-demosaic-pack-GPL2-0.18.2.tar.gz) = f467689182728240c6358c1b890e9fe4ee08667c74433f6bd6a4710e3ae2aab6 -SIZE (LibRaw-demosaic-pack-GPL2-0.18.2.tar.gz) = 31777 -SHA256 (LibRaw-demosaic-pack-GPL3-0.18.2.tar.gz) = 01080bc2448de87339f086229319c9e1cca97ac0621416feb537b96f0dba4a57 -SIZE (LibRaw-demosaic-pack-GPL3-0.18.2.tar.gz) = 39290 +TIMESTAMP = 1506714254 +SHA256 (LibRaw-0.18.5.tar.gz) = fa2a7d14d9dfaf6b368f958a76d79266b3f58c2bc367bebab56e11baa94da178 +SIZE (LibRaw-0.18.5.tar.gz) = 1280046 +SHA256 (LibRaw-demosaic-pack-GPL2-0.18.5.tar.gz) = 2ae7923868c3e927eee72cf2e4d91384560b7cfe76a386ecf319c069d343c674 +SIZE (LibRaw-demosaic-pack-GPL2-0.18.5.tar.gz) = 30449 +SHA256 (LibRaw-demosaic-pack-GPL3-0.18.5.tar.gz) = b0ec998c4884cedd86a0627481a18144f0024a35c7a6fa5ae836182c16975c2b +SIZE (LibRaw-demosaic-pack-GPL3-0.18.5.tar.gz) = 38899 Copied: branches/2017Q3/graphics/libraw/files/patch-internal_dcraw__common.cpp (from r450936, head/graphics/libraw/files/patch-internal_dcraw__common.cpp) ============================================================================== --- /dev/null 00:00:00 1970 (empty, because file is newly added) +++ branches/2017Q3/graphics/libraw/files/patch-internal_dcraw__common.cpp Sun Oct 8 13:11:17 2017 (r451526, copy of r450936, head/graphics/libraw/files/patch-internal_dcraw__common.cpp) @@ -0,0 +1,32 @@ +Use strnlen(3) and strcasestr(3) from FreeBSD's libc instead of the bundled +versions. Patch has been applied upstream in master branch: +https://github.com/LibRaw/LibRaw/commit/b1a2984 + +--- internal/dcraw_common.cpp.orig 2017-09-22 06:35:16 UTC ++++ internal/dcraw_common.cpp +@@ -51,6 +51,8 @@ int CLASS fcol (int row, int col) + if (filters == 9) return xtrans[(row+6) % 6][(col+6) % 6]; + return FC(row,col); + } ++ ++#if !defined(__FreeBSD__) + static size_t local_strnlen(const char *s, size_t n) + { + const char *p = (const char *)memchr(s, 0, n); +@@ -58,6 +60,7 @@ static size_t local_strnlen(const char * + } + /* add OS X version check here ?? */ + #define strnlen(a,b) local_strnlen(a,b) ++#endif + + #ifdef LIBRAW_LIBRARY_BUILD + static int stread(char *buf, size_t len, LibRaw_abstract_datastream *fp) +@@ -69,7 +72,7 @@ static int stread(char *buf, size_t len, + #define stmread(buf,maxlen,fp) stread(buf,MIN(maxlen,sizeof(buf)),fp) + #endif + +-#ifndef __GLIBC__ ++#if !defined(__GLIBC__) && !defined(__FreeBSD__) + char *my_memmem (char *haystack, size_t haystacklen, + char *needle, size_t needlelen) + {
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201710081311.v98DBIrU084598>