diff options
| author | spz <spz@pkgsrc.org> | 2019-03-10 11:22:43 +0000 |
|---|---|---|
| committer | spz <spz@pkgsrc.org> | 2019-03-10 11:22:43 +0000 |
| commit | a7154e60aeaf48aa0f5d0134409e7363b55317ec (patch) | |
| tree | c2c435b1b32e8637079953c8be1ccd7a29f35831 /graphics/jpeg | |
| parent | 8206e24341ed01e65322e7d5515e3f0575cd74e5 (diff) | |
| download | pkgsrc-a7154e60aeaf48aa0f5d0134409e7363b55317ec.tar.gz | |
add patch for CVE-2018-11813 from mozjpeg, which has an easily found
development source tree.
Diffstat (limited to 'graphics/jpeg')
| -rw-r--r-- | graphics/jpeg/Makefile | 3 | ||||
| -rw-r--r-- | graphics/jpeg/distinfo | 3 | ||||
| -rw-r--r-- | graphics/jpeg/patches/patch-rdtarga.c | 37 |
3 files changed, 41 insertions, 2 deletions
diff --git a/graphics/jpeg/Makefile b/graphics/jpeg/Makefile index 7af3e81b6ea..aed83a6f685 100644 --- a/graphics/jpeg/Makefile +++ b/graphics/jpeg/Makefile @@ -1,10 +1,11 @@ -# $NetBSD: Makefile,v 1.54 2018/04/07 06:27:13 wiz Exp $ +# $NetBSD: Makefile,v 1.55 2019/03/10 11:22:43 spz Exp $ DISTNAME= jpegsrc.v9c PKGNAME= ${DISTNAME:S/src.v/-/} CATEGORIES= graphics MASTER_SITES= http://www.ijg.org/files/ DIST_SUBDIR= jpeg-9c-v2 +PKGREVISION= 1 MAINTAINER= pkgsrc-users@NetBSD.org HOMEPAGE= http://www.ijg.org/ diff --git a/graphics/jpeg/distinfo b/graphics/jpeg/distinfo index 8bb74df8698..f3956457598 100644 --- a/graphics/jpeg/distinfo +++ b/graphics/jpeg/distinfo @@ -1,4 +1,4 @@ -$NetBSD: distinfo,v 1.23 2018/04/07 06:27:13 wiz Exp $ +$NetBSD: distinfo,v 1.24 2019/03/10 11:22:43 spz Exp $ SHA1 (jpeg-9c-v2/jpegsrc.v9c.tar.gz) = 2ce111c8c0ac828a44b13ad28c265e954a342d07 RMD160 (jpeg-9c-v2/jpegsrc.v9c.tar.gz) = c181cc66d03d96ffcca85724938551bb089fd519 @@ -8,3 +8,4 @@ SHA1 (patch-af) = 925604706574009aacd452dab2d736039b0654e9 SHA1 (patch-ag) = 46164c00386d1968356f1b61d144bc9168410654 SHA1 (patch-jmorecfg.h) = c00f81ba94e2ad6b55ca9892553eedbe4eca3ad1 SHA1 (patch-jpeglib.h) = 635453c5a2b1223ef5af729edcbfcfa3ed78a8b5 +SHA1 (patch-rdtarga.c) = eaec399d67ffb5d33b32131d01a052132bb5bae2 diff --git a/graphics/jpeg/patches/patch-rdtarga.c b/graphics/jpeg/patches/patch-rdtarga.c new file mode 100644 index 00000000000..f037def55d0 --- /dev/null +++ b/graphics/jpeg/patches/patch-rdtarga.c @@ -0,0 +1,37 @@ +$NetBSD: patch-rdtarga.c,v 1.1 2019/03/10 11:22:43 spz Exp $ + +fix for CVE-2018-11813 from +https://github.com/mozilla/mozjpeg/commit/909a8cfc7bca9b2e6707425bdb74da997e8fa499 + +--- rdtarga.c.orig 2017-09-16 11:12:46.000000000 +0000 ++++ rdtarga.c +@@ -125,11 +125,10 @@ METHODDEF(void) + read_non_rle_pixel (tga_source_ptr sinfo) + /* Read one Targa pixel from the input file; no RLE expansion */ + { +- register FILE *infile = sinfo->pub.input_file; + register int i; + + for (i = 0; i < sinfo->pixel_size; i++) { +- sinfo->tga_pixel[i] = (U_CHAR) getc(infile); ++ sinfo->tga_pixel[i] = (U_CHAR) read_byte(sinfo); + } + } + +@@ -138,7 +137,6 @@ METHODDEF(void) + read_rle_pixel (tga_source_ptr sinfo) + /* Read one Targa pixel from the input file, expanding RLE data as needed */ + { +- register FILE *infile = sinfo->pub.input_file; + register int i; + + /* Duplicate previously read pixel? */ +@@ -160,7 +158,7 @@ read_rle_pixel (tga_source_ptr sinfo) + + /* Read next pixel */ + for (i = 0; i < sinfo->pixel_size; i++) { +- sinfo->tga_pixel[i] = (U_CHAR) getc(infile); ++ sinfo->tga_pixel[i] = (U_CHAR) read_byte(sinfo); + } + } + |