diff options
author | sunpoet <sunpoet@FreeBSD.org> | 2019-03-31 06:05:26 +0800 |
---|---|---|
committer | sunpoet <sunpoet@FreeBSD.org> | 2019-03-31 06:05:26 +0800 |
commit | 01042f6ba88d54cd3b422b0752855c92bdf3d676 (patch) | |
tree | 38145e15e8bc43a91b52feb99413fe96bb169d79 | |
parent | 1e88f8c3a1882fb732bb1ca8287c9fd7a4f0badb (diff) | |
download | freebsd-ports-01042f6ba88d54cd3b422b0752855c92bdf3d676.tar.gz freebsd-ports-01042f6ba88d54cd3b422b0752855c92bdf3d676.tar.zst freebsd-ports-01042f6ba88d54cd3b422b0752855c92bdf3d676.zip |
MFH: r497122
Fix CVE-2018-5727
- Bump PORTREVISION for possible package change
Obtained from: https://github.com/uclouvain/openjpeg/commit/d6b8aed5612e6be6d3a4053867fbd2ae0cb7c8af
Security: 5efd7a93-2dfb-11e9-9549-e980e869c2e9
Approved by: ports-secteam (joneum)
-rw-r--r-- | graphics/openjpeg/Makefile | 5 | ||||
-rw-r--r-- | graphics/openjpeg/files/patch-src-lib-openjp2-t1.c | 24 |
2 files changed, 27 insertions, 2 deletions
diff --git a/graphics/openjpeg/Makefile b/graphics/openjpeg/Makefile index b81c8069281c..3cba946ea485 100644 --- a/graphics/openjpeg/Makefile +++ b/graphics/openjpeg/Makefile @@ -3,8 +3,8 @@ PORTNAME= openjpeg PORTVERSION= 2.3.0 -PORTREVISION= 3 DISTVERSIONPREFIX= v +PORTREVISION= 4 CATEGORIES= graphics MAINTAINER= sunpoet@FreeBSD.org @@ -18,9 +18,10 @@ LIB_DEPENDS= liblcms2.so:graphics/lcms2 \ libpng.so:graphics/png \ libtiff.so:graphics/tiff -USE_LDCONFIG= yes USES= cmake cpe pkgconfig +USE_LDCONFIG= yes + PLIST_SUB= PORTVERSION=${PORTVERSION} VER=${PORTVERSION:R} GH_ACCOUNT= uclouvain diff --git a/graphics/openjpeg/files/patch-src-lib-openjp2-t1.c b/graphics/openjpeg/files/patch-src-lib-openjp2-t1.c new file mode 100644 index 000000000000..77d16c031d6a --- /dev/null +++ b/graphics/openjpeg/files/patch-src-lib-openjp2-t1.c @@ -0,0 +1,24 @@ +Obtained from: https://github.com/uclouvain/openjpeg/commit/d6b8aed5612e6be6d3a4053867fbd2ae0cb7c8af + +--- src/lib/openjp2/t1.c.orig 2017-10-04 22:23:14 UTC ++++ src/lib/openjp2/t1.c +@@ -2168,9 +2168,18 @@ OPJ_BOOL opj_t1_encode_cblks(opj_t1_t *t + t1->data = tiledp; + t1->data_stride = tile_w; + if (tccp->qmfbid == 1) { ++ /* Do multiplication on unsigned type, even if the ++ * underlying type is signed, to avoid potential ++ * int overflow on large value (the output will be ++ * incorrect in such situation, but whatever...) ++ * This assumes complement-to-2 signed integer ++ * representation ++ * Fixes https://github.com/uclouvain/openjpeg/issues/1053 ++ */ ++ OPJ_UINT32* OPJ_RESTRICT tiledp_u = (OPJ_UINT32*) tiledp; + for (j = 0; j < cblk_h; ++j) { + for (i = 0; i < cblk_w; ++i) { +- tiledp[tileIndex] *= (1 << T1_NMSEDEC_FRACBITS); ++ tiledp_u[tileIndex] <<= T1_NMSEDEC_FRACBITS; + tileIndex++; + } + tileIndex += tileLineAdvance; |