pkgsrc-Changes archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
CVS commit: [pkgsrc-2019Q4] pkgsrc/graphics/openjpeg
Module Name: pkgsrc
Committed By: bsiegert
Date: Tue Jan 7 21:29:03 UTC 2020
Modified Files:
pkgsrc/graphics/openjpeg [pkgsrc-2019Q4]: Makefile distinfo
Added Files:
pkgsrc/graphics/openjpeg/patches [pkgsrc-2019Q4]:
patch-src_bin_jp2_convertbmp.c
Log Message:
Pullup ticket #6111 - requested by sevan
graphics/openjpeg: security fix
Revisions pulled up:
- graphics/openjpeg/Makefile 1.19
- graphics/openjpeg/distinfo 1.17
- graphics/openjpeg/patches/patch-src_bin_jp2_convertbmp.c 1.1
---
Module Name: pkgsrc
Committed By: sevan
Date: Tue Jan 7 20:19:46 UTC 2020
Modified Files:
pkgsrc/graphics/openjpeg: Makefile distinfo
Added Files:
pkgsrc/graphics/openjpeg/patches: patch-src_bin_jp2_convertbmp.c
Log Message:
Patch for CVE-2019-12973
To generate a diff of this commit:
cvs rdiff -u -r1.18 -r1.18.4.1 pkgsrc/graphics/openjpeg/Makefile
cvs rdiff -u -r1.16 -r1.16.4.1 pkgsrc/graphics/openjpeg/distinfo
cvs rdiff -u -r0 -r1.1.2.2 \
pkgsrc/graphics/openjpeg/patches/patch-src_bin_jp2_convertbmp.c
Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.
Modified files:
Index: pkgsrc/graphics/openjpeg/Makefile
diff -u pkgsrc/graphics/openjpeg/Makefile:1.18 pkgsrc/graphics/openjpeg/Makefile:1.18.4.1
--- pkgsrc/graphics/openjpeg/Makefile:1.18 Tue Nov 26 23:10:22 2019
+++ pkgsrc/graphics/openjpeg/Makefile Tue Jan 7 21:29:03 2020
@@ -1,7 +1,7 @@
-# $NetBSD: Makefile,v 1.18 2019/11/26 23:10:22 sevan Exp $
+# $NetBSD: Makefile,v 1.18.4.1 2020/01/07 21:29:03 bsiegert Exp $
DISTNAME= openjpeg-2.3.1
-PKGREVISION= 1
+PKGREVISION= 2
CATEGORIES= graphics
MASTER_SITES= ${MASTER_SITE_GITHUB:=uclouvain/}
GITHUB_TAG= v${PKGVERSION_NOREV}
Index: pkgsrc/graphics/openjpeg/distinfo
diff -u pkgsrc/graphics/openjpeg/distinfo:1.16 pkgsrc/graphics/openjpeg/distinfo:1.16.4.1
--- pkgsrc/graphics/openjpeg/distinfo:1.16 Tue Nov 26 23:24:25 2019
+++ pkgsrc/graphics/openjpeg/distinfo Tue Jan 7 21:29:03 2020
@@ -1,4 +1,4 @@
-$NetBSD: distinfo,v 1.16 2019/11/26 23:24:25 sevan Exp $
+$NetBSD: distinfo,v 1.16.4.1 2020/01/07 21:29:03 bsiegert Exp $
SHA1 (openjpeg-2.3.1.tar.gz) = 38321fa9730252039ad0b7f247a160a8164f5871
RMD160 (openjpeg-2.3.1.tar.gz) = 31b75aa70f5d26dd1b7e374a9e4b6be1842fefe7
@@ -6,6 +6,7 @@ SHA512 (openjpeg-2.3.1.tar.gz) = 339fbc8
Size (openjpeg-2.3.1.tar.gz) = 2214401 bytes
SHA1 (patch-CMakeLists.txt) = 3738946db63df4d623c6ce486bd22fa4d57336e2
SHA1 (patch-src_bin_jp2_CMakeLists.txt) = c9f709c23d6bab7a3c705640d66a00ec90ddabc7
+SHA1 (patch-src_bin_jp2_convertbmp.c) = bceb4a99820568386e48eb00ab13ab9987d1e86a
SHA1 (patch-src_lib_openjp2_CMakeLists.txt) = d839121ec2d008e5d3e1676d3e7ac3642bc946f7
SHA1 (patch-src_lib_openjp2_opj__config__private.h.cmake.in) = fc0c170789dbe0a2ebc9dce0ef0d21aa6b2edd49
SHA1 (patch-src_lib_openmj2_t2.c) = a4ce0faa349f1a23453ef7632fbcc3af2d045337
Added files:
Index: pkgsrc/graphics/openjpeg/patches/patch-src_bin_jp2_convertbmp.c
diff -u /dev/null pkgsrc/graphics/openjpeg/patches/patch-src_bin_jp2_convertbmp.c:1.1.2.2
--- /dev/null Tue Jan 7 21:29:03 2020
+++ pkgsrc/graphics/openjpeg/patches/patch-src_bin_jp2_convertbmp.c Tue Jan 7 21:29:03 2020
@@ -0,0 +1,77 @@
+$NetBSD: patch-src_bin_jp2_convertbmp.c,v 1.1.2.2 2020/01/07 21:29:03 bsiegert Exp $
+
+CVE-2019-12973
+https://github.com/uclouvain/openjpeg/pull/1185
+https://nvd.nist.gov/vuln/detail/CVE-2019-12973
+
+--- src/bin/jp2/convertbmp.c.orig 2020-01-07 11:06:41.960834648 +0000
++++ src/bin/jp2/convertbmp.c
+@@ -632,12 +632,18 @@ static OPJ_BOOL bmp_read_rle4_data(FILE*
+ while (y < height) {
+ int c = getc(IN);
+ if (c == EOF) {
+- break;
++ return OPJ_FALSE;
+ }
+
+ if (c) { /* encoded mode */
+- int j;
+- OPJ_UINT8 c1 = (OPJ_UINT8)getc(IN);
++ int j, c1_int;
++ OPJ_UINT8 c1;
++
++ c1_int = getc(IN);
++ if (c1_int == EOF) {
++ return OPJ_FALSE;
++ }
++ c1 = (OPJ_UINT8)c1_int;
+
+ for (j = 0; (j < c) && (x < width) &&
+ ((OPJ_SIZE_T)pix < (OPJ_SIZE_T)beyond); j++, x++, pix++) {
+@@ -646,7 +652,7 @@ static OPJ_BOOL bmp_read_rle4_data(FILE*
+ } else { /* absolute mode */
+ c = getc(IN);
+ if (c == EOF) {
+- break;
++ return OPJ_FALSE;
+ }
+
+ if (c == 0x00) { /* EOL */
+@@ -657,8 +663,14 @@ static OPJ_BOOL bmp_read_rle4_data(FILE*
+ break;
+ } else if (c == 0x02) { /* MOVE by dxdy */
+ c = getc(IN);
++ if (c == EOF) {
++ return OPJ_FALSE;
++ }
+ x += (OPJ_UINT32)c;
+ c = getc(IN);
++ if (c == EOF) {
++ return OPJ_FALSE;
++ }
+ y += (OPJ_UINT32)c;
+ pix = pData + y * stride + x;
+ } else { /* 03 .. 255 : absolute mode */
+@@ -668,12 +680,20 @@ static OPJ_BOOL bmp_read_rle4_data(FILE*
+ for (j = 0; (j < c) && (x < width) &&
+ ((OPJ_SIZE_T)pix < (OPJ_SIZE_T)beyond); j++, x++, pix++) {
+ if ((j & 1) == 0) {
+- c1 = (OPJ_UINT8)getc(IN);
++ int c1_int;
++ c1_int = getc(IN);
++ if (c1_int == EOF) {
++ return OPJ_FALSE;
++ }
++ c1 = (OPJ_UINT8)c1_int;
+ }
+ *pix = (OPJ_UINT8)((j & 1) ? (c1 & 0x0fU) : ((c1 >> 4) & 0x0fU));
+ }
+ if (((c & 3) == 1) || ((c & 3) == 2)) { /* skip padding byte */
+- getc(IN);
++ c = getc(IN);
++ if (c == EOF) {
++ return OPJ_FALSE;
++ }
+ }
+ }
+ }
Home |
Main Index |
Thread Index |
Old Index