From owner-svn-ports-head@freebsd.org Fri Jan 8 17:53:10 2016 Return-Path: Delivered-To: svn-ports-head@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 72D7CA685F4; Fri, 8 Jan 2016 17:53:10 +0000 (UTC) (envelope-from feld@FreeBSD.org) Received: from repo.freebsd.org (repo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:0]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 2B5D31849; Fri, 8 Jan 2016 17:53:10 +0000 (UTC) (envelope-from feld@FreeBSD.org) Received: from repo.freebsd.org ([127.0.1.37]) by repo.freebsd.org (8.15.2/8.15.2) with ESMTP id u08Hr9fk027155; Fri, 8 Jan 2016 17:53:09 GMT (envelope-from feld@FreeBSD.org) Received: (from feld@localhost) by repo.freebsd.org (8.15.2/8.15.2/Submit) id u08Hr90N027152; Fri, 8 Jan 2016 17:53:09 GMT (envelope-from feld@FreeBSD.org) Message-Id: <201601081753.u08Hr90N027152@repo.freebsd.org> X-Authentication-Warning: repo.freebsd.org: feld set sender to feld@FreeBSD.org using -f From: Mark Felder Date: Fri, 8 Jan 2016 17:53:09 +0000 (UTC) To: ports-committers@freebsd.org, svn-ports-all@freebsd.org, svn-ports-head@freebsd.org Subject: svn commit: r405576 - in head/graphics/exact-image: . files X-SVN-Group: ports-head MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-BeenThere: svn-ports-head@freebsd.org X-Mailman-Version: 2.1.20 Precedence: list List-Id: SVN commit messages for the ports tree for head List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 08 Jan 2016 17:53:10 -0000 Author: feld Date: Fri Jan 8 17:53:08 2016 New Revision: 405576 URL: https://svnweb.freebsd.org/changeset/ports/405576 Log: graphics/exact-image: Update to 0.9.1 Add patch to resolve CVE PR: 200201 MFH: 2016Q1 Security: CVE-2015-3885 Added: head/graphics/exact-image/files/patch-codecs_dcraw.h (contents, props changed) Modified: head/graphics/exact-image/Makefile head/graphics/exact-image/distinfo Modified: head/graphics/exact-image/Makefile ============================================================================== --- head/graphics/exact-image/Makefile Fri Jan 8 17:51:50 2016 (r405575) +++ head/graphics/exact-image/Makefile Fri Jan 8 17:53:08 2016 (r405576) @@ -2,8 +2,8 @@ # $FreeBSD$ PORTNAME= exact-image -PORTVERSION= 0.8.9 -PORTREVISION= 10 +PORTVERSION= 0.9.1 +PORTREVISION= 0 CATEGORIES= graphics perl5 python MASTER_SITES= http://dl.exactcode.de/oss/${PORTNAME}/ LOCAL/bf Modified: head/graphics/exact-image/distinfo ============================================================================== --- head/graphics/exact-image/distinfo Fri Jan 8 17:51:50 2016 (r405575) +++ head/graphics/exact-image/distinfo Fri Jan 8 17:53:08 2016 (r405576) @@ -1,2 +1,2 @@ -SHA256 (exact-image-0.8.9.tar.bz2) = 0709913e5852214de3bdfa5df0474a4a86b0e686df28f8afd826b5ad8676c372 -SIZE (exact-image-0.8.9.tar.bz2) = 297438 +SHA256 (exact-image-0.9.1.tar.bz2) = 79e6a58522897f9740aa3b5a337f63ad1e0361a772141b24aaff2e31264ece7d +SIZE (exact-image-0.9.1.tar.bz2) = 299565 Added: head/graphics/exact-image/files/patch-codecs_dcraw.h ============================================================================== --- /dev/null 00:00:00 1970 (empty, because file is newly added) +++ head/graphics/exact-image/files/patch-codecs_dcraw.h Fri Jan 8 17:53:08 2016 (r405576) @@ -0,0 +1,24 @@ +--- codecs/dcraw.h.orig 2013-10-22 14:00:07 UTC ++++ codecs/dcraw.h +@@ -775,7 +775,8 @@ struct jhead { + + int CLASS ljpeg_start (struct jhead *jh, int info_only) + { +- int c, tag, len; ++ int c,tag; ++ ushort len; + uchar data[0x10000]; + const uchar *dp; + +@@ -786,8 +787,9 @@ int CLASS ljpeg_start (struct jhead *jh, + do { + fread (data, 2, 2, ifp); + tag = data[0] << 8 | data[1]; +- len = (data[2] << 8 | data[3]) - 2; +- if (tag <= 0xff00) return 0; ++ len = (data[2] << 8 | data[3]); ++ if (tag <= 0xff00 || len <= 2) return 0; ++ len -= 2; + fread (data, 1, len, ifp); + switch (tag) { + case 0xffc3: