Skip site navigation (1)Skip section navigation (2)
Date:      Fri, 8 Jan 2016 17:53:09 +0000 (UTC)
From:      Mark Felder <feld@FreeBSD.org>
To:        ports-committers@freebsd.org, svn-ports-all@freebsd.org, svn-ports-head@freebsd.org
Subject:   svn commit: r405576 - in head/graphics/exact-image: . files
Message-ID:  <201601081753.u08Hr90N027152@repo.freebsd.org>

next in thread | raw e-mail | index | archive | help
Author: feld
Date: Fri Jan  8 17:53:08 2016
New Revision: 405576
URL: https://svnweb.freebsd.org/changeset/ports/405576

Log:
  graphics/exact-image: Update to 0.9.1
  
  Add patch to resolve CVE
  
  PR:		200201
  MFH:		2016Q1
  Security:	CVE-2015-3885

Added:
  head/graphics/exact-image/files/patch-codecs_dcraw.h   (contents, props changed)
Modified:
  head/graphics/exact-image/Makefile
  head/graphics/exact-image/distinfo

Modified: head/graphics/exact-image/Makefile
==============================================================================
--- head/graphics/exact-image/Makefile	Fri Jan  8 17:51:50 2016	(r405575)
+++ head/graphics/exact-image/Makefile	Fri Jan  8 17:53:08 2016	(r405576)
@@ -2,8 +2,8 @@
 # $FreeBSD$
 
 PORTNAME=	exact-image
-PORTVERSION=	0.8.9
-PORTREVISION=	10
+PORTVERSION=	0.9.1
+PORTREVISION=	0
 CATEGORIES=	graphics perl5 python
 MASTER_SITES=	http://dl.exactcode.de/oss/${PORTNAME}/ LOCAL/bf
 

Modified: head/graphics/exact-image/distinfo
==============================================================================
--- head/graphics/exact-image/distinfo	Fri Jan  8 17:51:50 2016	(r405575)
+++ head/graphics/exact-image/distinfo	Fri Jan  8 17:53:08 2016	(r405576)
@@ -1,2 +1,2 @@
-SHA256 (exact-image-0.8.9.tar.bz2) = 0709913e5852214de3bdfa5df0474a4a86b0e686df28f8afd826b5ad8676c372
-SIZE (exact-image-0.8.9.tar.bz2) = 297438
+SHA256 (exact-image-0.9.1.tar.bz2) = 79e6a58522897f9740aa3b5a337f63ad1e0361a772141b24aaff2e31264ece7d
+SIZE (exact-image-0.9.1.tar.bz2) = 299565

Added: head/graphics/exact-image/files/patch-codecs_dcraw.h
==============================================================================
--- /dev/null	00:00:00 1970	(empty, because file is newly added)
+++ head/graphics/exact-image/files/patch-codecs_dcraw.h	Fri Jan  8 17:53:08 2016	(r405576)
@@ -0,0 +1,24 @@
+--- codecs/dcraw.h.orig	2013-10-22 14:00:07 UTC
++++ codecs/dcraw.h
+@@ -775,7 +775,8 @@ struct jhead {
+ 
+ int CLASS ljpeg_start (struct jhead *jh, int info_only)
+ {
+-  int c, tag, len;
++  int c,tag;
++  ushort len;
+   uchar data[0x10000];
+   const uchar *dp;
+ 
+@@ -786,8 +787,9 @@ int CLASS ljpeg_start (struct jhead *jh,
+   do {
+     fread (data, 2, 2, ifp);
+     tag =  data[0] << 8 | data[1];
+-    len = (data[2] << 8 | data[3]) - 2;
+-    if (tag <= 0xff00) return 0;
++    len = (data[2] << 8 | data[3]);
++    if (tag <= 0xff00 || len <= 2) return 0;
++    len -= 2;
+     fread (data, 1, len, ifp);
+     switch (tag) {
+       case 0xffc3:



Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201601081753.u08Hr90N027152>