Skip site navigation (1)Skip section navigation (2)
Date:      Fri, 29 Sep 2017 20:12:38 +0000 (UTC)
From:      "Jason E. Hale" <jhale@FreeBSD.org>
To:        ports-committers@freebsd.org, svn-ports-all@freebsd.org, svn-ports-head@freebsd.org
Subject:   svn commit: r450936 - in head/graphics/libraw: . files
Message-ID:  <201709292012.v8TKCckc032349@repo.freebsd.org>

next in thread | raw e-mail | index | archive | help
Author: jhale
Date: Fri Sep 29 20:12:38 2017
New Revision: 450936
URL: https://svnweb.freebsd.org/changeset/ports/450936

Log:
  Update to 0.18.5
  This addresses CVE-2017-14265, CVE-2017-14348, and CVE-2017-14608
  Use FreeBSD libc strnlen and strcasestr functions instead of bundled [1]
  
  PR:		219029 [1]
  Submitted by:	mi [1]
  MFH:		2017Q3
  Security:	4cd857d9-26d2-4417-b765-69701938f9e0
  Security:	d9f96741-47bd-4426-9aba-8736c0971b24
  Security:	02bee9ae-c5d1-409b-8a79-983a88861509

Added:
  head/graphics/libraw/files/patch-internal_dcraw__common.cpp   (contents, props changed)
Modified:
  head/graphics/libraw/Makefile
  head/graphics/libraw/distinfo

Modified: head/graphics/libraw/Makefile
==============================================================================
--- head/graphics/libraw/Makefile	Fri Sep 29 20:11:22 2017	(r450935)
+++ head/graphics/libraw/Makefile	Fri Sep 29 20:12:38 2017	(r450936)
@@ -2,8 +2,7 @@
 # $FreeBSD$
 
 PORTNAME=	libraw
-PORTVERSION=	0.18.2
-PORTREVISION=	1
+PORTVERSION=	0.18.5
 CATEGORIES=	graphics
 MASTER_SITES=	http://www.libraw.org/data/
 DISTNAME=	LibRaw-${PORTVERSION}

Modified: head/graphics/libraw/distinfo
==============================================================================
--- head/graphics/libraw/distinfo	Fri Sep 29 20:11:22 2017	(r450935)
+++ head/graphics/libraw/distinfo	Fri Sep 29 20:12:38 2017	(r450936)
@@ -1,7 +1,7 @@
-TIMESTAMP = 1491502383
-SHA256 (LibRaw-0.18.2.tar.gz) = ce366bb38c1144130737eb16e919038937b4dc1ab165179a225d5e847af2abc6
-SIZE (LibRaw-0.18.2.tar.gz) = 1281674
-SHA256 (LibRaw-demosaic-pack-GPL2-0.18.2.tar.gz) = f467689182728240c6358c1b890e9fe4ee08667c74433f6bd6a4710e3ae2aab6
-SIZE (LibRaw-demosaic-pack-GPL2-0.18.2.tar.gz) = 31777
-SHA256 (LibRaw-demosaic-pack-GPL3-0.18.2.tar.gz) = 01080bc2448de87339f086229319c9e1cca97ac0621416feb537b96f0dba4a57
-SIZE (LibRaw-demosaic-pack-GPL3-0.18.2.tar.gz) = 39290
+TIMESTAMP = 1506714254
+SHA256 (LibRaw-0.18.5.tar.gz) = fa2a7d14d9dfaf6b368f958a76d79266b3f58c2bc367bebab56e11baa94da178
+SIZE (LibRaw-0.18.5.tar.gz) = 1280046
+SHA256 (LibRaw-demosaic-pack-GPL2-0.18.5.tar.gz) = 2ae7923868c3e927eee72cf2e4d91384560b7cfe76a386ecf319c069d343c674
+SIZE (LibRaw-demosaic-pack-GPL2-0.18.5.tar.gz) = 30449
+SHA256 (LibRaw-demosaic-pack-GPL3-0.18.5.tar.gz) = b0ec998c4884cedd86a0627481a18144f0024a35c7a6fa5ae836182c16975c2b
+SIZE (LibRaw-demosaic-pack-GPL3-0.18.5.tar.gz) = 38899

Added: head/graphics/libraw/files/patch-internal_dcraw__common.cpp
==============================================================================
--- /dev/null	00:00:00 1970	(empty, because file is newly added)
+++ head/graphics/libraw/files/patch-internal_dcraw__common.cpp	Fri Sep 29 20:12:38 2017	(r450936)
@@ -0,0 +1,32 @@
+Use strnlen(3) and strcasestr(3) from FreeBSD's libc instead of the bundled
+versions. Patch has been applied upstream in master branch:
+https://github.com/LibRaw/LibRaw/commit/b1a2984
+
+--- internal/dcraw_common.cpp.orig	2017-09-22 06:35:16 UTC
++++ internal/dcraw_common.cpp
+@@ -51,6 +51,8 @@ int CLASS fcol (int row, int col)
+   if (filters == 9) return xtrans[(row+6) % 6][(col+6) % 6];
+   return FC(row,col);
+ }
++
++#if !defined(__FreeBSD__)
+ static size_t local_strnlen(const char *s, size_t n)
+ {
+   const char *p = (const char *)memchr(s, 0, n);
+@@ -58,6 +60,7 @@ static size_t local_strnlen(const char *
+ }
+ /* add OS X version check here ?? */
+ #define strnlen(a,b) local_strnlen(a,b)
++#endif
+ 
+ #ifdef LIBRAW_LIBRARY_BUILD
+ static int stread(char *buf, size_t len, LibRaw_abstract_datastream *fp)
+@@ -69,7 +72,7 @@ static int stread(char *buf, size_t len,
+ #define stmread(buf,maxlen,fp) stread(buf,MIN(maxlen,sizeof(buf)),fp)
+ #endif
+ 
+-#ifndef __GLIBC__
++#if !defined(__GLIBC__) && !defined(__FreeBSD__)
+ char *my_memmem (char *haystack, size_t haystacklen,
+ 	      char *needle, size_t needlelen)
+ {



Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201709292012.v8TKCckc032349>