Tue Nov 26 23:24:25 2019 UTC ()
pasto


(sevan)
diff -r1.15 -r1.16 pkgsrc/graphics/openjpeg/distinfo
diff -r1.1 -r1.2 pkgsrc/graphics/openjpeg/patches/patch-src_lib_openmj2_t2.c
cvs diff -r1.15 -r1.16 pkgsrc/graphics/openjpeg/distinfo (expand / switch to unified diff)

--- pkgsrc/graphics/openjpeg/distinfo 2019/11/26 23:10:22 1.15
+++ pkgsrc/graphics/openjpeg/distinfo 2019/11/26 23:24:25 1.16
@@ -1,11 +1,11 @@ @@ -1,11 +1,11 @@
1$NetBSD: distinfo,v 1.15 2019/11/26 23:10:22 sevan Exp $ 1$NetBSD: distinfo,v 1.16 2019/11/26 23:24:25 sevan Exp $
2 2
3SHA1 (openjpeg-2.3.1.tar.gz) = 38321fa9730252039ad0b7f247a160a8164f5871 3SHA1 (openjpeg-2.3.1.tar.gz) = 38321fa9730252039ad0b7f247a160a8164f5871
4RMD160 (openjpeg-2.3.1.tar.gz) = 31b75aa70f5d26dd1b7e374a9e4b6be1842fefe7 4RMD160 (openjpeg-2.3.1.tar.gz) = 31b75aa70f5d26dd1b7e374a9e4b6be1842fefe7
5SHA512 (openjpeg-2.3.1.tar.gz) = 339fbc899bddf2393d214df71ed5d6070a3a76b933b1e75576c8a0ae9dfcc4adec40bdc544f599e4b8d0bc173e4e9e7352408497b5b3c9356985605830c26c03 5SHA512 (openjpeg-2.3.1.tar.gz) = 339fbc899bddf2393d214df71ed5d6070a3a76b933b1e75576c8a0ae9dfcc4adec40bdc544f599e4b8d0bc173e4e9e7352408497b5b3c9356985605830c26c03
6Size (openjpeg-2.3.1.tar.gz) = 2214401 bytes 6Size (openjpeg-2.3.1.tar.gz) = 2214401 bytes
7SHA1 (patch-CMakeLists.txt) = 3738946db63df4d623c6ce486bd22fa4d57336e2 7SHA1 (patch-CMakeLists.txt) = 3738946db63df4d623c6ce486bd22fa4d57336e2
8SHA1 (patch-src_bin_jp2_CMakeLists.txt) = c9f709c23d6bab7a3c705640d66a00ec90ddabc7 8SHA1 (patch-src_bin_jp2_CMakeLists.txt) = c9f709c23d6bab7a3c705640d66a00ec90ddabc7
9SHA1 (patch-src_lib_openjp2_CMakeLists.txt) = d839121ec2d008e5d3e1676d3e7ac3642bc946f7 9SHA1 (patch-src_lib_openjp2_CMakeLists.txt) = d839121ec2d008e5d3e1676d3e7ac3642bc946f7
10SHA1 (patch-src_lib_openjp2_opj__config__private.h.cmake.in) = fc0c170789dbe0a2ebc9dce0ef0d21aa6b2edd49 10SHA1 (patch-src_lib_openjp2_opj__config__private.h.cmake.in) = fc0c170789dbe0a2ebc9dce0ef0d21aa6b2edd49
11SHA1 (patch-src_lib_openmj2_t2.c) = 7689b3d82a5d346707a3519f183757356e118a8c 11SHA1 (patch-src_lib_openmj2_t2.c) = a4ce0faa349f1a23453ef7632fbcc3af2d045337
cvs diff -r1.1 -r1.2 pkgsrc/graphics/openjpeg/patches/Attic/patch-src_lib_openmj2_t2.c (expand / switch to unified diff)

--- pkgsrc/graphics/openjpeg/patches/Attic/patch-src_lib_openmj2_t2.c 2019/11/26 23:10:22 1.1
+++ pkgsrc/graphics/openjpeg/patches/Attic/patch-src_lib_openmj2_t2.c 2019/11/26 23:24:25 1.2
@@ -1,35 +1,38 @@ @@ -1,35 +1,38 @@
1$NetBSD: patch-src_lib_openmj2_t2.c,v 1.1 2019/11/26 23:10:22 sevan Exp $ 1$NetBSD: patch-src_lib_openmj2_t2.c,v 1.2 2019/11/26 23:24:25 sevan Exp $
2 2
3CVE-2018-16376 3CVE-2018-16376
4https://github.com/uclouvain/openjpeg/issues/1127 4https://github.com/uclouvain/openjpeg/issues/1127
5https://nvd.nist.gov/vuln/detail/CVE-2018-16376 5https://nvd.nist.gov/vuln/detail/CVE-2018-16376
6 6
7--- src/lib/openmj2/t2.c.orig 2019-11-26 22:37:00.687890833 +0000 7--- src/lib/openmj2/t2.c.orig 2019-04-02 12:45:15.000000000 +0000
8+++ src/lib/openmj2/t2.c 8+++ src/lib/openmj2/t2.c
9@@ -166,6 +166,12 @@ static int t2_encode_packet(opj_tcd_tile 9@@ -166,6 +166,15 @@ static int t2_encode_packet(opj_tcd_tile
10  10
11 /* <SOP 0xff91> */ 11 /* <SOP 0xff91> */
12 if (tcp->csty & J2K_CP_CSTY_SOP) { 12 if (tcp->csty & J2K_CP_CSTY_SOP) {
13+ if (length < 6) { 13+ if (length < 6) {
14+ if (p_t2_mode == FINAL_PASS) { 14+ if (p_t2_mode == FINAL_PASS) {
15+ opj_event_msg(p_manager, EVT_ERROR, 15+ opj_event_msg(p_manager, EVT_ERROR,
16+ "opj_t2_encode_packet(): only %u bytes remaining in " 16+ "opj_t2_encode_packet(): only %u bytes remaining in "
17+ "output buffer. %u needed.\n", 17+ "output buffer. %u needed.\n",
18+ length, 6); 18+ length, 6);
 19+ }
 20+ return OPJ_FALSE;
 21+ }
19 c[0] = 255; 22 c[0] = 255;
20 c[1] = 145; 23 c[1] = 145;
21 c[2] = 0; 24 c[2] = 0;
22@@ -272,6 +278,15 @@ static int t2_encode_packet(opj_tcd_tile 25@@ -272,6 +281,15 @@ static int t2_encode_packet(opj_tcd_tile
23  26
24 /* <EPH 0xff92> */ 27 /* <EPH 0xff92> */
25 if (tcp->csty & J2K_CP_CSTY_EPH) { 28 if (tcp->csty & J2K_CP_CSTY_EPH) {
26+ if (length < 2) { 29+ if (length < 2) {
27+ if (p_t2_mode == FINAL_PASS) { 30+ if (p_t2_mode == FINAL_PASS) {
28+ opj_event_msg(p_manager, EVT_ERROR, 31+ opj_event_msg(p_manager, EVT_ERROR,
29+ "opj_t2_encode_packet(): only %u bytes remaining in " 32+ "opj_t2_encode_packet(): only %u bytes remaining in "
30+ "output buffer. %u needed.\n", 33+ "output buffer. %u needed.\n",
31+ length, 2); 34+ length, 2);
32+ } 35+ }
33+ return OPJ_FALSE; 36+ return OPJ_FALSE;
34+ } 37+ }
35 c[0] = 255; 38 c[0] = 255;