Skip site navigation (1)Skip section navigation (2)
Date:      Sun, 31 May 2015 09:14:03 +0000 (UTC)
From:      Xin LI <delphij@FreeBSD.org>
To:        ports-committers@freebsd.org, svn-ports-all@freebsd.org, svn-ports-head@freebsd.org
Subject:   svn commit: r388051 - in head/graphics/rawstudio: . files
Message-ID:  <201505310914.t4V9E3KW008307@svn.freebsd.org>

next in thread | raw e-mail | index | archive | help
Author: delphij
Date: Sun May 31 09:14:02 2015
New Revision: 388051
URL: https://svnweb.freebsd.org/changeset/ports/388051

Log:
  Apply vendor patch for "Avoid overflow in ljpeg_start()"
  (changeset 983bda1f) to prevent a denial of service (crash) via a
  crafted image
  
  PR:		200199
  Obtained from:	https://github.com/rawstudio/rawstudio/commit/983bda1f0fa5fa86884381208274198a620f006e
  Security:	CVE-2015-3885
  Security:	57325ecf-facc-11e4-968f-b888e347c638
  Submitted by:	Jason Unovitch <jason unovitch gmail com>
  Reported by:	Sevan Janiyan <venture37 geeklan co uk>
  Approved by:	samm os2 kiev ua (maintainer)
  MFH:		2015Q2

Added:
  head/graphics/rawstudio/files/patch-plugins_load-dcraw_dcraw.cc   (contents, props changed)
Modified:
  head/graphics/rawstudio/Makefile

Modified: head/graphics/rawstudio/Makefile
==============================================================================
--- head/graphics/rawstudio/Makefile	Sun May 31 08:08:16 2015	(r388050)
+++ head/graphics/rawstudio/Makefile	Sun May 31 09:14:02 2015	(r388051)
@@ -3,7 +3,7 @@
 
 PORTNAME=	rawstudio
 PORTVERSION=	2.0
-PORTREVISION=	10
+PORTREVISION=	11
 CATEGORIES=	graphics
 MASTER_SITES=	http://rawstudio.org/files/release/
 

Added: head/graphics/rawstudio/files/patch-plugins_load-dcraw_dcraw.cc
==============================================================================
--- /dev/null	00:00:00 1970	(empty, because file is newly added)
+++ head/graphics/rawstudio/files/patch-plugins_load-dcraw_dcraw.cc	Sun May 31 09:14:02 2015	(r388051)
@@ -0,0 +1,12 @@
+--- plugins/load-dcraw/dcraw.cc.orig	2015-05-29 01:03:46 UTC
++++ plugins/load-dcraw/dcraw.cc
+@@ -869,7 +869,8 @@ struct jhead {
+ 
+ int CLASS ljpeg_start (struct jhead *jh, int info_only)
+ {
+-  int c, tag, len;
++  int c, tag;
++  ushort len;
+   uchar data[0x10000];
+   const uchar *dp;
+ 



Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201505310914.t4V9E3KW008307>