pkgsrc-Changes-HG archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
[pkgsrc/trunk]: pkgsrc/graphics/jpeg add patch for CVE-2018-11813 from mozjpe...
details: https://anonhg.NetBSD.org/pkgsrc/rev/a91744cb7d60
branches: trunk
changeset: 392982:a91744cb7d60
user: spz <spz%pkgsrc.org@localhost>
date: Sun Mar 10 11:22:43 2019 +0000
description:
add patch for CVE-2018-11813 from mozjpeg, which has an easily found
development source tree.
diffstat:
graphics/jpeg/Makefile | 3 +-
graphics/jpeg/distinfo | 3 +-
graphics/jpeg/patches/patch-rdtarga.c | 37 +++++++++++++++++++++++++++++++++++
3 files changed, 41 insertions(+), 2 deletions(-)
diffs (71 lines):
diff -r f4f782e9dde9 -r a91744cb7d60 graphics/jpeg/Makefile
--- a/graphics/jpeg/Makefile Sun Mar 10 10:51:30 2019 +0000
+++ b/graphics/jpeg/Makefile Sun Mar 10 11:22:43 2019 +0000
@@ -1,10 +1,11 @@
-# $NetBSD: Makefile,v 1.54 2018/04/07 06:27:13 wiz Exp $
+# $NetBSD: Makefile,v 1.55 2019/03/10 11:22:43 spz Exp $
DISTNAME= jpegsrc.v9c
PKGNAME= ${DISTNAME:S/src.v/-/}
CATEGORIES= graphics
MASTER_SITES= http://www.ijg.org/files/
DIST_SUBDIR= jpeg-9c-v2
+PKGREVISION= 1
MAINTAINER= pkgsrc-users%NetBSD.org@localhost
HOMEPAGE= http://www.ijg.org/
diff -r f4f782e9dde9 -r a91744cb7d60 graphics/jpeg/distinfo
--- a/graphics/jpeg/distinfo Sun Mar 10 10:51:30 2019 +0000
+++ b/graphics/jpeg/distinfo Sun Mar 10 11:22:43 2019 +0000
@@ -1,4 +1,4 @@
-$NetBSD: distinfo,v 1.23 2018/04/07 06:27:13 wiz Exp $
+$NetBSD: distinfo,v 1.24 2019/03/10 11:22:43 spz Exp $
SHA1 (jpeg-9c-v2/jpegsrc.v9c.tar.gz) = 2ce111c8c0ac828a44b13ad28c265e954a342d07
RMD160 (jpeg-9c-v2/jpegsrc.v9c.tar.gz) = c181cc66d03d96ffcca85724938551bb089fd519
@@ -8,3 +8,4 @@
SHA1 (patch-ag) = 46164c00386d1968356f1b61d144bc9168410654
SHA1 (patch-jmorecfg.h) = c00f81ba94e2ad6b55ca9892553eedbe4eca3ad1
SHA1 (patch-jpeglib.h) = 635453c5a2b1223ef5af729edcbfcfa3ed78a8b5
+SHA1 (patch-rdtarga.c) = eaec399d67ffb5d33b32131d01a052132bb5bae2
diff -r f4f782e9dde9 -r a91744cb7d60 graphics/jpeg/patches/patch-rdtarga.c
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/graphics/jpeg/patches/patch-rdtarga.c Sun Mar 10 11:22:43 2019 +0000
@@ -0,0 +1,37 @@
+$NetBSD: patch-rdtarga.c,v 1.1 2019/03/10 11:22:43 spz Exp $
+
+fix for CVE-2018-11813 from
+https://github.com/mozilla/mozjpeg/commit/909a8cfc7bca9b2e6707425bdb74da997e8fa499
+
+--- rdtarga.c.orig 2017-09-16 11:12:46.000000000 +0000
++++ rdtarga.c
+@@ -125,11 +125,10 @@ METHODDEF(void)
+ read_non_rle_pixel (tga_source_ptr sinfo)
+ /* Read one Targa pixel from the input file; no RLE expansion */
+ {
+- register FILE *infile = sinfo->pub.input_file;
+ register int i;
+
+ for (i = 0; i < sinfo->pixel_size; i++) {
+- sinfo->tga_pixel[i] = (U_CHAR) getc(infile);
++ sinfo->tga_pixel[i] = (U_CHAR) read_byte(sinfo);
+ }
+ }
+
+@@ -138,7 +137,6 @@ METHODDEF(void)
+ read_rle_pixel (tga_source_ptr sinfo)
+ /* Read one Targa pixel from the input file, expanding RLE data as needed */
+ {
+- register FILE *infile = sinfo->pub.input_file;
+ register int i;
+
+ /* Duplicate previously read pixel? */
+@@ -160,7 +158,7 @@ read_rle_pixel (tga_source_ptr sinfo)
+
+ /* Read next pixel */
+ for (i = 0; i < sinfo->pixel_size; i++) {
+- sinfo->tga_pixel[i] = (U_CHAR) getc(infile);
++ sinfo->tga_pixel[i] = (U_CHAR) read_byte(sinfo);
+ }
+ }
+
Home |
Main Index |
Thread Index |
Old Index