Pullup ticket #6111 - requested by sevan

graphics/openjpeg: security fix Revisions pulled up: - graphics/openjpeg/Makefile 1.19 - graphics/openjpeg/distinfo 1.17 - graphics/openjpeg/patches/patch-src_bin_jp2_convertbmp.c 1.1 --- Module Name: pkgsrc Committed By: sevan Date: Tue Jan 7 20:19:46 UTC 2020 Modified Files: pkgsrc/graphics/openjpeg: Makefile distinfo Added Files: pkgsrc/graphics/openjpeg/patches: patch-src_bin_jp2_convertbmp.c Log Message: Patch for CVE-2019-12973
author: bsiegert <bsiegert@pkgsrc.org> 2020-01-07 21:29:03 +0000
committer: bsiegert <bsiegert@pkgsrc.org> 2020-01-07 21:29:03 +0000
commit: a4dcf7189771008c66f983ae58ef7c85d6607393 (patch)
tree: cd38c63ad1e6ad5f99761c6b4ae0316e77ee531e
parent: 46b32755250c4d772900dd66405fff06150d6431 (diff)
download: pkgsrc-a4dcf7189771008c66f983ae58ef7c85d6607393.tar.gz
3 files changed, 81 insertions, 3 deletions
diff --git a/graphics/openjpeg/Makefile b/graphics/openjpeg/Makefile
index 5fef6eb3bfa..fb967dfbbef 100644
--- a/graphics/openjpeg/Makefile
+++ b/graphics/openjpeg/Makefile
@@ -1,7 +1,7 @@
-# $NetBSD: Makefile,v 1.18 2019/11/26 23:10:22 sevan Exp $
+# $NetBSD: Makefile,v 1.18.4.1 2020/01/07 21:29:03 bsiegert Exp $
 
 DISTNAME=	openjpeg-2.3.1
-PKGREVISION= 	1
+PKGREVISION= 	2
 CATEGORIES=	graphics
 MASTER_SITES=	${MASTER_SITE_GITHUB:=uclouvain/}
 GITHUB_TAG=	v${PKGVERSION_NOREV}
diff --git a/graphics/openjpeg/distinfo b/graphics/openjpeg/distinfo
index 2a1d9ddc8b0..2021a4b0ada 100644
--- a/graphics/openjpeg/distinfo
+++ b/graphics/openjpeg/distinfo
@@ -1,4 +1,4 @@
-$NetBSD: distinfo,v 1.16 2019/11/26 23:24:25 sevan Exp $
+$NetBSD: distinfo,v 1.16.4.1 2020/01/07 21:29:03 bsiegert Exp $
 
 SHA1 (openjpeg-2.3.1.tar.gz) = 38321fa9730252039ad0b7f247a160a8164f5871
 RMD160 (openjpeg-2.3.1.tar.gz) = 31b75aa70f5d26dd1b7e374a9e4b6be1842fefe7
@@ -6,6 +6,7 @@ SHA512 (openjpeg-2.3.1.tar.gz) = 339fbc899bddf2393d214df71ed5d6070a3a76b933b1e75
 Size (openjpeg-2.3.1.tar.gz) = 2214401 bytes
 SHA1 (patch-CMakeLists.txt) = 3738946db63df4d623c6ce486bd22fa4d57336e2
 SHA1 (patch-src_bin_jp2_CMakeLists.txt) = c9f709c23d6bab7a3c705640d66a00ec90ddabc7
+SHA1 (patch-src_bin_jp2_convertbmp.c) = bceb4a99820568386e48eb00ab13ab9987d1e86a
 SHA1 (patch-src_lib_openjp2_CMakeLists.txt) = d839121ec2d008e5d3e1676d3e7ac3642bc946f7
 SHA1 (patch-src_lib_openjp2_opj__config__private.h.cmake.in) = fc0c170789dbe0a2ebc9dce0ef0d21aa6b2edd49
 SHA1 (patch-src_lib_openmj2_t2.c) = a4ce0faa349f1a23453ef7632fbcc3af2d045337
diff --git a/graphics/openjpeg/patches/patch-src_bin_jp2_convertbmp.c b/graphics/openjpeg/patches/patch-src_bin_jp2_convertbmp.c
new file mode 100644
index 00000000000..ab6c35bdc34
--- /dev/null
+++ b/graphics/openjpeg/patches/patch-src_bin_jp2_convertbmp.c
@@ -0,0 +1,77 @@
+$NetBSD: patch-src_bin_jp2_convertbmp.c,v 1.1.2.2 2020/01/07 21:29:03 bsiegert Exp $
+
+CVE-2019-12973
+https://github.com/uclouvain/openjpeg/pull/1185
+https://nvd.nist.gov/vuln/detail/CVE-2019-12973
+
+--- src/bin/jp2/convertbmp.c.orig	2020-01-07 11:06:41.960834648 +0000
++++ src/bin/jp2/convertbmp.c
+@@ -632,12 +632,18 @@ static OPJ_BOOL bmp_read_rle4_data(FILE*
+     while (y < height) {
+         int c = getc(IN);
+         if (c == EOF) {
+-            break;
++            return OPJ_FALSE;
+         }
+ 
+         if (c) { /* encoded mode */
+-            int j;
+-            OPJ_UINT8 c1 = (OPJ_UINT8)getc(IN);
++            int j, c1_int;
++            OPJ_UINT8 c1;
++
++            c1_int = getc(IN);
++            if (c1_int == EOF) {
++                return OPJ_FALSE;
++            }
++            c1 = (OPJ_UINT8)c1_int;
+ 
+             for (j = 0; (j < c) && (x < width) &&
+                     ((OPJ_SIZE_T)pix < (OPJ_SIZE_T)beyond); j++, x++, pix++) {
+@@ -646,7 +652,7 @@ static OPJ_BOOL bmp_read_rle4_data(FILE*
+         } else { /* absolute mode */
+             c = getc(IN);
+             if (c == EOF) {
+-                break;
++                return OPJ_FALSE;
+             }
+ 
+             if (c == 0x00) { /* EOL */
+@@ -657,8 +663,14 @@ static OPJ_BOOL bmp_read_rle4_data(FILE*
+                 break;
+             } else if (c == 0x02) { /* MOVE by dxdy */
+                 c = getc(IN);
++                if (c == EOF) {
++                    return OPJ_FALSE;
++                }
+                 x += (OPJ_UINT32)c;
+                 c = getc(IN);
++                if (c == EOF) {
++                    return OPJ_FALSE;
++                }
+                 y += (OPJ_UINT32)c;
+                 pix = pData + y * stride + x;
+             } else { /* 03 .. 255 : absolute mode */
+@@ -668,12 +680,20 @@ static OPJ_BOOL bmp_read_rle4_data(FILE*
+                 for (j = 0; (j < c) && (x < width) &&
+                         ((OPJ_SIZE_T)pix < (OPJ_SIZE_T)beyond); j++, x++, pix++) {
+                     if ((j & 1) == 0) {
+-                        c1 = (OPJ_UINT8)getc(IN);
++                        int c1_int;
++			c1_int = getc(IN);
++			if (c1_int == EOF) {
++			    return OPJ_FALSE;
++			}
++			c1 = (OPJ_UINT8)c1_int;
+                     }
+                     *pix = (OPJ_UINT8)((j & 1) ? (c1 & 0x0fU) : ((c1 >> 4) & 0x0fU));
+                 }
+                 if (((c & 3) == 1) || ((c & 3) == 2)) { /* skip padding byte */
+-                    getc(IN);
++                    c = getc(IN);
++		    if (c == EOF) {
++			return OPJ_FALSE;
++		    }
+                 }
+             }
+         }
author	bsiegert <bsiegert@pkgsrc.org>	2020-01-07 21:29:03 +0000
committer	bsiegert <bsiegert@pkgsrc.org>	2020-01-07 21:29:03 +0000
commit	a4dcf7189771008c66f983ae58ef7c85d6607393 (patch)
tree	cd38c63ad1e6ad5f99761c6b4ae0316e77ee531e
parent	46b32755250c4d772900dd66405fff06150d6431 (diff)
download	pkgsrc-a4dcf7189771008c66f983ae58ef7c85d6607393.tar.gz