MFH: r497122

Fix CVE-2018-5727 - Bump PORTREVISION for possible package change Obtained from: https://github.com/uclouvain/openjpeg/commit/d6b8aed5612e6be6d3a4053867fbd2ae0cb7c8af Security: 5efd7a93-2dfb-11e9-9549-e980e869c2e9 Approved by: ports-secteam (joneum)
author: sunpoet <sunpoet@FreeBSD.org> 2019-03-31 06:05:26 +0800
committer: sunpoet <sunpoet@FreeBSD.org> 2019-03-31 06:05:26 +0800
commit: 01042f6ba88d54cd3b422b0752855c92bdf3d676 (patch)
tree: 38145e15e8bc43a91b52feb99413fe96bb169d79
parent: 1e88f8c3a1882fb732bb1ca8287c9fd7a4f0badb (diff)
download: freebsd-ports-01042f6ba88d54cd3b422b0752855c92bdf3d676.tar.gz
freebsd-ports-01042f6ba88d54cd3b422b0752855c92bdf3d676.tar.zst
freebsd-ports-01042f6ba88d54cd3b422b0752855c92bdf3d676.zip
2 files changed, 27 insertions, 2 deletions
diff --git a/graphics/openjpeg/Makefile b/graphics/openjpeg/Makefile
index b81c8069281c..3cba946ea485 100644
--- a/graphics/openjpeg/Makefile
+++ b/graphics/openjpeg/Makefile
@@ -3,8 +3,8 @@
 
 PORTNAME=	openjpeg
 PORTVERSION=	2.3.0
-PORTREVISION=	3
 DISTVERSIONPREFIX=	v
+PORTREVISION=	4
 CATEGORIES=	graphics
 
 MAINTAINER=	sunpoet@FreeBSD.org
@@ -18,9 +18,10 @@ LIB_DEPENDS=	liblcms2.so:graphics/lcms2 \
 		libpng.so:graphics/png \
 		libtiff.so:graphics/tiff
 
-USE_LDCONFIG=	yes
 USES=		cmake cpe pkgconfig
 
+USE_LDCONFIG=	yes
+
 PLIST_SUB=	PORTVERSION=${PORTVERSION} VER=${PORTVERSION:R}
 
 GH_ACCOUNT=	uclouvain
diff --git a/graphics/openjpeg/files/patch-src-lib-openjp2-t1.c b/graphics/openjpeg/files/patch-src-lib-openjp2-t1.c
new file mode 100644
index 000000000000..77d16c031d6a
--- /dev/null
+++ b/graphics/openjpeg/files/patch-src-lib-openjp2-t1.c
@@ -0,0 +1,24 @@
+Obtained from:	https://github.com/uclouvain/openjpeg/commit/d6b8aed5612e6be6d3a4053867fbd2ae0cb7c8af
+
+--- src/lib/openjp2/t1.c.orig	2017-10-04 22:23:14 UTC
++++ src/lib/openjp2/t1.c
+@@ -2168,9 +2168,18 @@ OPJ_BOOL opj_t1_encode_cblks(opj_t1_t *t
+                         t1->data = tiledp;
+                         t1->data_stride = tile_w;
+                         if (tccp->qmfbid == 1) {
++                            /* Do multiplication on unsigned type, even if the
++                             * underlying type is signed, to avoid potential
++                             * int overflow on large value (the output will be
++                             * incorrect in such situation, but whatever...)
++                             * This assumes complement-to-2 signed integer
++                             * representation
++                             * Fixes https://github.com/uclouvain/openjpeg/issues/1053
++                             */
++                            OPJ_UINT32* OPJ_RESTRICT tiledp_u = (OPJ_UINT32*) tiledp;
+                             for (j = 0; j < cblk_h; ++j) {
+                                 for (i = 0; i < cblk_w; ++i) {
+-                                    tiledp[tileIndex] *= (1 << T1_NMSEDEC_FRACBITS);
++                                    tiledp_u[tileIndex] <<= T1_NMSEDEC_FRACBITS;
+                                     tileIndex++;
+                                 }
+                                 tileIndex += tileLineAdvance;
author	sunpoet <sunpoet@FreeBSD.org>	2019-03-31 06:05:26 +0800
committer	sunpoet <sunpoet@FreeBSD.org>	2019-03-31 06:05:26 +0800
commit	01042f6ba88d54cd3b422b0752855c92bdf3d676 (patch)
tree	38145e15e8bc43a91b52feb99413fe96bb169d79
parent	1e88f8c3a1882fb732bb1ca8287c9fd7a4f0badb (diff)
download	freebsd-ports-01042f6ba88d54cd3b422b0752855c92bdf3d676.tar.gz freebsd-ports-01042f6ba88d54cd3b422b0752855c92bdf3d676.tar.zst freebsd-ports-01042f6ba88d54cd3b422b0752855c92bdf3d676.zip