From owner-svn-ports-all@FreeBSD.ORG  Sun May 31 10:00:42 2015
Return-Path: <owner-svn-ports-all@FreeBSD.ORG>
Delivered-To: svn-ports-all@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [8.8.178.115])
 (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits))
 (No client certificate requested)
 by hub.freebsd.org (Postfix) with ESMTPS id 0D1197F0
 for <svn-ports-all@freebsd.org>; Sun, 31 May 2015 10:00:42 +0000 (UTC)
 (envelope-from jbeich@freebsd.org)
Received: from vfemail.net (ninezero.vfemail.net [96.30.253.190])
 (using TLSv1 with cipher ECDHE-RSA-AES256-SHA (256/256 bits))
 (Client did not present a certificate)
 by mx1.freebsd.org (Postfix) with ESMTPS id BC6E81E60
 for <svn-ports-all@freebsd.org>; Sun, 31 May 2015 10:00:41 +0000 (UTC)
 (envelope-from jbeich@freebsd.org)
Received: (qmail 52876 invoked by uid 89); 31 May 2015 10:00:31 -0000
Received: from localhost (HELO freequeue.vfemail.net) (127.0.0.1)
 by localhost with (DHE-RSA-AES256-SHA encrypted) SMTP;
 31 May 2015 10:00:31 -0000
Received: (qmail 52822 invoked by uid 89); 31 May 2015 10:00:13 -0000
Received: by simscan 1.3.1 ppid: 52812, pid: 52817, t: 0.0053s scanners:none
Received: from unknown (HELO smtp102-2.vfemail.net) (172.16.100.62)
 by FreeQueue with SMTP; 31 May 2015 10:00:13 -0000
Received: (qmail 16474 invoked by uid 89); 31 May 2015 10:00:13 -0000
Received: by simscan 1.4.0 ppid: 16427, pid: 16470, t: 0.8756s scanners:none
Received: from unknown (HELO nil) (amJlaWNoQHZmZW1haWwubmV0@172.16.100.27)
 by 172.16.100.62 with ESMTPA; 31 May 2015 10:00:12 -0000
From: Jan Beich <jbeich@FreeBSD.org>
To: Xin LI <delphij@FreeBSD.org>
Cc: ports-committers@freebsd.org, svn-ports-all@freebsd.org,
 svn-ports-head@freebsd.org
Subject: Re: svn commit: r388051 - in head/graphics/rawstudio: . files
References: <201505310914.t4V9E3KW008307@svn.freebsd.org>
Date: Sun, 31 May 2015 12:00:02 +0200
In-Reply-To: <201505310914.t4V9E3KW008307@svn.freebsd.org> (Xin LI's message
 of "Sun, 31 May 2015 09:14:03 +0000 (UTC)")
Message-ID: <a8wl-6p99-wny@FreeBSD.org>
MIME-Version: 1.0
Content-Type: multipart/signed; boundary="=-=-=";
 micalg=pgp-sha512; protocol="application/pgp-signature"
X-BeenThere: svn-ports-all@freebsd.org
X-Mailman-Version: 2.1.20
Precedence: list
List-Id: SVN commit messages for the ports tree <svn-ports-all.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/options/svn-ports-all>,
 <mailto:svn-ports-all-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/svn-ports-all/>
List-Post: <mailto:svn-ports-all@freebsd.org>
List-Help: <mailto:svn-ports-all-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/svn-ports-all>,
 <mailto:svn-ports-all-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Sun, 31 May 2015 10:00:42 -0000

--=-=-=
Content-Type: text/plain
Content-Transfer-Encoding: quoted-printable

Xin LI <delphij@FreeBSD.org> writes:

> Author: delphij
> Date: Sun May 31 09:14:02 2015
> New Revision: 388051
> URL: https://svnweb.freebsd.org/changeset/ports/388051
>
> Log:
>   Apply vendor patch for "Avoid overflow in ljpeg_start()"
>   (changeset 983bda1f) to prevent a denial of service (crash) via a
>   crafted image
[...]
>   Security:	CVE-2015-3885
>   Security:	57325ecf-facc-11e4-968f-b888e347c638
[...]
> @@ -0,0 +1,12 @@
> +--- plugins/load-dcraw/dcraw.cc.orig	2015-05-29 01:03:46 UTC
> ++++ plugins/load-dcraw/dcraw.cc
> +@@ -869,7 +869,8 @@ struct jhead {
> +=20
> + int CLASS ljpeg_start (struct jhead *jh, int info_only)
> + {
> +-  int c, tag, len;
> ++  int c, tag;
> ++  ushort len;
> +   uchar data[0x10000];
> +   const uchar *dp;
> +=20

Affected code is also present in at least the following ports:

  graphics/darktable
  graphics/dcraw
  graphics/dcraw-m
  graphics/freeimage
  graphics/libraw
  graphics/netpbm
  graphics/opengtl
  multimedia/kodi

--=-=-=
Content-Type: application/pgp-signature; name="signature.asc"

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQF8BAEBCgBmBQJVatujXxSAAAAAAC4AKGlzc3Vlci1mcHJAbm90YXRpb25zLm9w
ZW5wZ3AuZmlmdGhob3JzZW1hbi5uZXREQjQ0MzY3NEM3RDIzNTc4NkUxNDkyQ0VF
NEM3Nzg4MzQ3OURCRERCAAoJEOTHeINHnb3bH7MIAJkU6JVqmMqhYg7+GhF6I9e5
Ii06RTJL2L+pQ0RxHJw0Iwwx8w1WKsRNvVkW5bL6CJdALR/4wzf5D0FViBhzWz4C
V6xawC4WWOPKuX6gGoxCgKHrVdtyPEPd4GHSGEQFHK8ODQfQ41CfVog6oe4fWCHn
YkfPycLUTwBrjBryk7WVGmvB5b/UxFMQBdpREdJ0cZuNpgeOfM+NzQYrgJ+FCKpW
4y0garbUNeyEVduH36ox4MdVL8SFVXDp1V0CfLlZ1vgyq7VXcDZUfvaeFptpjrrZ
z6FbPkq6622R8Lttxq2OEbK0cCsvxkLhPWEWDmusRGx8EOUPqjOc4v46/JfV0XA=
=JS2x
-----END PGP SIGNATURE-----
--=-=-=--