Fix CVE-2015-3885.

PR:		200198
Security:	CVE-2015-3885

2 files changed, 16 insertions, 1 deletions

diff --git a/graphics/rawtherapee/Makefile b/graphics/rawtherapee/Makefile
index 6188432530fa..0596064c4272 100644
--- a/graphics/rawtherapee/Makefile
+++ b/graphics/rawtherapee/Makefile
@@ -3,7 +3,7 @@
 
 PORTNAME=	rawtherapee
 PORTVERSION=	4.2
-PORTREVISION=	1
+PORTREVISION=	2
 CATEGORIES=	graphics
 MASTER_SITES=	http://rawtherapee.com/shared/source/
 
@@ -95,6 +95,8 @@ post-patch:
 		${WRKSRC}/rtgui/icmpanel.h
 	@${REINPLACE_CMD} -e 's#DESTINATION "$${CMAKE_INSTALL_PREFIX}/share/man/man1"#DESTINATION "${MANPREFIX}/man/man1/"#' \
 		${WRKSRC}/CMakeLists.txt
+	${RM} ${WRKSRC}/rtengine/dcraw.patch \
+		${WRKSRC}/rtengine/dcraw.c
 
 # paranoia: run rawtherapee --help to be sure it finds all its
 # shared libraries (this hinges on proper RPATH setting and propagation)
diff --git a/graphics/rawtherapee/files/patch-CVE-2015-3885 b/graphics/rawtherapee/files/patch-CVE-2015-3885
new file mode 100644
index 000000000000..a3a0f8ecb5b0
--- /dev/null
+++ b/graphics/rawtherapee/files/patch-CVE-2015-3885
@@ -0,0 +1,13 @@
+diff -r 0536e53bb7f3 -r 0440e663ae7f rtengine/dcraw.cc
+--- ./rtengine/dcraw.cc	Thu May 14 14:16:01 2015 +0200
++++ ./rtengine/dcraw.cc	Thu May 14 19:04:32 2015 +0200
+@@ -787,7 +787,8 @@
+ 
+ int CLASS ljpeg_start (struct jhead *jh, int info_only)
+ {
+-  int c, tag, len;
++  int c, tag;
++  ushort len;
+   uchar data[0x10000];
+   const uchar *dp;
+