From f635fabb23f6cb34ca199ceb372ca3f7cda1fae6 Mon Sep 17 00:00:00 2001 From: mandree Date: Sat, 16 May 2015 00:46:46 +0000 Subject: Fix CVE-2015-3885. PR: 200198 Security: CVE-2015-3885 --- graphics/rawtherapee/Makefile | 4 +++- graphics/rawtherapee/files/patch-CVE-2015-3885 | 13 +++++++++++++ 2 files changed, 16 insertions(+), 1 deletion(-) create mode 100644 graphics/rawtherapee/files/patch-CVE-2015-3885 (limited to 'graphics') diff --git a/graphics/rawtherapee/Makefile b/graphics/rawtherapee/Makefile index 6188432530fa..0596064c4272 100644 --- a/graphics/rawtherapee/Makefile +++ b/graphics/rawtherapee/Makefile @@ -3,7 +3,7 @@ PORTNAME= rawtherapee PORTVERSION= 4.2 -PORTREVISION= 1 +PORTREVISION= 2 CATEGORIES= graphics MASTER_SITES= http://rawtherapee.com/shared/source/ @@ -95,6 +95,8 @@ post-patch: ${WRKSRC}/rtgui/icmpanel.h @${REINPLACE_CMD} -e 's#DESTINATION "$${CMAKE_INSTALL_PREFIX}/share/man/man1"#DESTINATION "${MANPREFIX}/man/man1/"#' \ ${WRKSRC}/CMakeLists.txt + ${RM} ${WRKSRC}/rtengine/dcraw.patch \ + ${WRKSRC}/rtengine/dcraw.c # paranoia: run rawtherapee --help to be sure it finds all its # shared libraries (this hinges on proper RPATH setting and propagation) diff --git a/graphics/rawtherapee/files/patch-CVE-2015-3885 b/graphics/rawtherapee/files/patch-CVE-2015-3885 new file mode 100644 index 000000000000..a3a0f8ecb5b0 --- /dev/null +++ b/graphics/rawtherapee/files/patch-CVE-2015-3885 @@ -0,0 +1,13 @@ +diff -r 0536e53bb7f3 -r 0440e663ae7f rtengine/dcraw.cc +--- ./rtengine/dcraw.cc Thu May 14 14:16:01 2015 +0200 ++++ ./rtengine/dcraw.cc Thu May 14 19:04:32 2015 +0200 +@@ -787,7 +787,8 @@ + + int CLASS ljpeg_start (struct jhead *jh, int info_only) + { +- int c, tag, len; ++ int c, tag; ++ ushort len; + uchar data[0x10000]; + const uchar *dp; + -- cgit