From owner-svn-ports-head@freebsd.org  Sun Jan  6 01:45:10 2019
Return-Path: <owner-svn-ports-head@freebsd.org>
Delivered-To: svn-ports-head@mailman.ysv.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1])
 by mailman.ysv.freebsd.org (Postfix) with ESMTP id 1CC73142E7BE;
 Sun,  6 Jan 2019 01:45:10 +0000 (UTC)
 (envelope-from koobs.freebsd@gmail.com)
Received: from mail-pl1-x629.google.com (mail-pl1-x629.google.com
 [IPv6:2607:f8b0:4864:20::629])
 (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits))
 (Client CN "smtp.gmail.com",
 Issuer "Google Internet Authority G3" (verified OK))
 by mx1.freebsd.org (Postfix) with ESMTPS id 8D090821CB;
 Sun,  6 Jan 2019 01:45:09 +0000 (UTC)
 (envelope-from koobs.freebsd@gmail.com)
Received: by mail-pl1-x629.google.com with SMTP id g9so19163435plo.3;
 Sat, 05 Jan 2019 17:45:09 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025;
 h=sender:reply-to:subject:to:references:from:message-id:date
 :user-agent:mime-version:in-reply-to:content-language
 :content-transfer-encoding;
 bh=u+pjsKguw0kFxo5x8lTq1aVYKz4lMk0vN3rzxI6BbK8=;
 b=gPLg05pkkeHIM0wHfA672M0Rnt1nbRM+BMKV+z0BkwW/Pxt8WPG4ohNXXi5nTaTIfD
 d9cj4l8FUBlqpfc1aJy/EhnDRT4g8yvAIs0Svi2/beajCaeq3KHuzuBBoVUPoH3g1XMV
 WYnLuviatqNEAu1FacbSyx9rCpUzy19OOI7DLnFmzxLHjJw7E4HHBl+y0U4PqWM3OTTT
 2irRBR/9Kmh2oiVDwPikakVRneLq3iMqFgqZkXu9LQB9vB+t4zcBZxruxlRSTWYHwmJk
 3RsHPv57LAaerPgDsZBSPx1sxjebfw/+shLfdJcY7kE/qGVHYeg17RMzmtSKyeYdcLIl
 wlSQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
 d=1e100.net; s=20161025;
 h=x-gm-message-state:sender:reply-to:subject:to:references:from
 :message-id:date:user-agent:mime-version:in-reply-to
 :content-language:content-transfer-encoding;
 bh=u+pjsKguw0kFxo5x8lTq1aVYKz4lMk0vN3rzxI6BbK8=;
 b=qg9Y9IRZUWPt0jDIWd1ngvJOOiLLv8ekpi+pCHaMLG+T1KLYiNW+4024ImJYl1GgLO
 75UaBOiRsYbAhZ++hqzF4wSb3lAHKSqtsVCQShCO/A15+4vKTT5RkxF0znGl0g4Turuu
 lrGhyLYHW6gj/DRwpEizn5vDt4kTtaS4ONo+etPl2afSzVQLZWglfk0R8fMIoS0ctzQr
 YmZiAAStMzxZAr3EziXXHXXb8p+05VcoDJAtob9GTdXPtwm7sO2h8/qUF8rCUkzR6q8F
 lpRBlPAc5qOyyXjZ/JXaeU2Yvh4CtlwuUKmAwOwOHeMfHn5DX78RbA+hlSe6lQjZOSLz
 y9pw==
X-Gm-Message-State: AJcUukc8y+Pu/REvTpEryxLESbdd7ZRRnRo9Z6RSVJ98Z/HuDRkM4TFa
 9LEfXxkbyz4Qwn3VZ6XuJgYBnxz1
X-Google-Smtp-Source: ALg8bN5TA/QgLDkhUVuMNCHW+kXDaA25M1/9G8nDq5y6OwVOj7MdsxxwAHjNbNtUcymHLiF/KO0WVg==
X-Received: by 2002:a17:902:b406:: with SMTP id
 x6mr54014146plr.329.1546739108035; 
 Sat, 05 Jan 2019 17:45:08 -0800 (PST)
Received: from [192.168.1.105] (119-18-15-55.cust.aussiebb.net. [119.18.15.55])
 by smtp.gmail.com with ESMTPSA id p67sm107676829pfg.44.2019.01.05.17.45.05
 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128);
 Sat, 05 Jan 2019 17:45:07 -0800 (PST)
Sender: Kubilay Kocak <koobs.freebsd@gmail.com>
Reply-To: koobs@FreeBSD.org
Subject: Re: svn commit: r489415 - in head/graphics/openjpeg: . files
To: Sunpoet Po-Chuan Hsieh <sunpoet@FreeBSD.org>,
 ports-committers@freebsd.org, svn-ports-all@freebsd.org,
 svn-ports-head@freebsd.org
References: <201901052247.x05MlMqc070948@repo.freebsd.org>
From: Kubilay Kocak <koobs@FreeBSD.org>
Message-ID: <87b48a02-3b96-b86c-c78e-4d798aafc74d@FreeBSD.org>
Date: Sun, 6 Jan 2019 12:45:02 +1100
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:65.0) Gecko/20100101
 Thunderbird/65.0
MIME-Version: 1.0
In-Reply-To: <201901052247.x05MlMqc070948@repo.freebsd.org>
Content-Type: text/plain; charset=utf-8; format=flowed
Content-Language: en-US
Content-Transfer-Encoding: 7bit
X-Rspamd-Queue-Id: 8D090821CB
X-Spamd-Bar: ------
Authentication-Results: mx1.freebsd.org
X-Spamd-Result: default: False [-6.94 / 15.00];
 NEURAL_HAM_MEDIUM(-1.00)[-1.000,0];
 NEURAL_HAM_SHORT(-0.95)[-0.945,0]; REPLY(-4.00)[];
 TAGGED_FROM(0.00)[]; NEURAL_HAM_LONG(-1.00)[-1.000,0]
X-BeenThere: svn-ports-head@freebsd.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: SVN commit messages for the ports tree for head
 <svn-ports-head.freebsd.org>
List-Unsubscribe: <https://lists.freebsd.org/mailman/options/svn-ports-head>, 
 <mailto:svn-ports-head-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/svn-ports-head/>
List-Post: <mailto:svn-ports-head@freebsd.org>
List-Help: <mailto:svn-ports-head-request@freebsd.org?subject=help>
List-Subscribe: <https://lists.freebsd.org/mailman/listinfo/svn-ports-head>,
 <mailto:svn-ports-head-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Sun, 06 Jan 2019 01:45:10 -0000

On 6/01/2019 9:47 am, Sunpoet Po-Chuan Hsieh wrote:
> Author: sunpoet
> Date: Sat Jan  5 22:47:22 2019
> New Revision: 489415
> URL: https://svnweb.freebsd.org/changeset/ports/489415
> 
> Log:
>    Fix CVE-2018-6616
>    
>    - Bump PORTREVISION for package change
>    
>    Obtained from:	https://github.com/uclouvain/openjpeg/commit/8ee335227bbcaf1614124046aa25e53d67b11ec3
>    PR:		234473
>    Submitted by:	Andres Montalban <amontalban@gmail.com>

MFH: 2019Q1 ?

> Modified:
>    head/graphics/openjpeg/Makefile
>    head/graphics/openjpeg/files/patch-src-bin-jp2-convertbmp.c
> 
> Modified: head/graphics/openjpeg/Makefile
> ==============================================================================
> --- head/graphics/openjpeg/Makefile	Sat Jan  5 22:47:16 2019	(r489414)
> +++ head/graphics/openjpeg/Makefile	Sat Jan  5 22:47:22 2019	(r489415)
> @@ -3,7 +3,7 @@
>   
>   PORTNAME=	openjpeg
>   PORTVERSION=	2.3.0
> -PORTREVISION=	2
> +PORTREVISION=	3
>   DISTVERSIONPREFIX=	v
>   CATEGORIES=	graphics
>   
> 
> Modified: head/graphics/openjpeg/files/patch-src-bin-jp2-convertbmp.c
> ==============================================================================
> --- head/graphics/openjpeg/files/patch-src-bin-jp2-convertbmp.c	Sat Jan  5 22:47:16 2019	(r489414)
> +++ head/graphics/openjpeg/files/patch-src-bin-jp2-convertbmp.c	Sat Jan  5 22:47:22 2019	(r489415)
> @@ -1,6 +1,7 @@
> -Fix CVE-2018-5785
> +Fix CVE-2018-5785 and CVE-2018-6616
>   
>   Obtained from:	https://github.com/uclouvain/openjpeg/commit/ca16fe55014c57090dd97369256c7657aeb25975
> +		https://github.com/uclouvain/openjpeg/commit/8ee335227bbcaf1614124046aa25e53d67b11ec3
>   
>   --- src/bin/jp2/convertbmp.c.orig	2017-10-04 22:23:14 UTC
>   +++ src/bin/jp2/convertbmp.c
> @@ -36,7 +37,53 @@ Obtained from:	https://github.com/uclouvain/openjpeg/c
>            header->biAlphaMask  = (OPJ_UINT32)getc(IN);
>            header->biAlphaMask |= (OPJ_UINT32)getc(IN) << 8;
>            header->biAlphaMask |= (OPJ_UINT32)getc(IN) << 16;
> -@@ -831,6 +846,12 @@ opj_image_t* bmptoimage(const char *file
> +@@ -519,14 +534,14 @@ static OPJ_BOOL bmp_read_raw_data(FILE*
> + static OPJ_BOOL bmp_read_rle8_data(FILE* IN, OPJ_UINT8* pData,
> +                                    OPJ_UINT32 stride, OPJ_UINT32 width, OPJ_UINT32 height)
> + {
> +-    OPJ_UINT32 x, y;
> ++    OPJ_UINT32 x, y, written;
> +     OPJ_UINT8 *pix;
> +     const OPJ_UINT8 *beyond;
> +
> +     beyond = pData + stride * height;
> +     pix = pData;
> +
> +-    x = y = 0U;
> ++    x = y = written = 0U;
> +     while (y < height) {
> +         int c = getc(IN);
> +         if (c == EOF) {
> +@@ -546,6 +561,7 @@ static OPJ_BOOL bmp_read_rle8_data(FILE*
> +             for (j = 0; (j < c) && (x < width) &&
> +                     ((OPJ_SIZE_T)pix < (OPJ_SIZE_T)beyond); j++, x++, pix++) {
> +                 *pix = c1;
> ++                written++;
> +             }
> +         } else {
> +             c = getc(IN);
> +@@ -583,6 +599,7 @@ static OPJ_BOOL bmp_read_rle8_data(FILE*
> +                     }
> +                     c1 = (OPJ_UINT8)c1_int;
> +                     *pix = c1;
> ++                    written++;
> +                 }
> +                 if ((OPJ_UINT32)c & 1U) { /* skip padding byte */
> +                     c = getc(IN);
> +@@ -593,6 +610,12 @@ static OPJ_BOOL bmp_read_rle8_data(FILE*
> +             }
> +         }
> +     }/* while() */
> ++
> ++    if (written != width * height) {
> ++        fprintf(stderr, "warning, image's actual size does not match advertized one\n");
> ++        return OPJ_FALSE;
> ++    }
> ++
> +     return OPJ_TRUE;
> + }
> +
> +@@ -831,6 +854,12 @@ opj_image_t* bmptoimage(const char *file
>            bmpmask32toimage(pData, stride, image, 0x00FF0000U, 0x0000FF00U, 0x000000FFU,
>                             0x00000000U);
>        } else if (Info_h.biBitCount == 32 && Info_h.biCompression == 3) { /* bitmask */
>