apply patch from upstream

(http://code.google.com/p/openjpeg/source/detail?r=1919)
to fix Heap-based buffer-overflow when decoding openjpeg image
(CVE-2012-3535)
bump PKGREV

3 files changed, 21 insertions, 8 deletions

diff --git a/graphics/openjpeg/Makefile b/graphics/openjpeg/Makefile
index fd1c5863b3c..696132108ed 100644
--- a/graphics/openjpeg/Makefile
+++ b/graphics/openjpeg/Makefile
@@ -1,8 +1,8 @@
-# $NetBSD: Makefile,v 1.4 2012/10/06 14:11:09 asau Exp $
+# $NetBSD: Makefile,v 1.5 2012/10/25 11:33:40 drochner Exp $
 #
 
 DISTNAME=		openjpeg-1.5.0
-PKGREVISION=		1
+PKGREVISION=		2
 CATEGORIES=		graphics
 MASTER_SITES=		http://openjpeg.googlecode.com/files/
 
diff --git a/graphics/openjpeg/distinfo b/graphics/openjpeg/distinfo
index 295ab58679b..3c744c7990a 100644
--- a/graphics/openjpeg/distinfo
+++ b/graphics/openjpeg/distinfo
@@ -1,7 +1,7 @@
-$NetBSD: distinfo,v 1.3 2012/07/11 09:07:21 wiz Exp $
+$NetBSD: distinfo,v 1.4 2012/10/25 11:33:41 drochner Exp $
 
 SHA1 (openjpeg-1.5.0.tar.gz) = dce705ae45f137e4698a8cf39d1fbf22bc434fa8
 RMD160 (openjpeg-1.5.0.tar.gz) = ffa85dbb0a3ba1545bc6974f4950f466789c04ef
 Size (openjpeg-1.5.0.tar.gz) = 2117572 bytes
 SHA1 (patch-aa) = 503b565958dc74a17b68f968a44c5c861d84b343
-SHA1 (patch-libopenjpeg_j2k.c) = 3ea7816b479dbba7822d20b187a6916e4d882e37
+SHA1 (patch-libopenjpeg_j2k.c) = 4660bb06d2655879ea7b479b024ca5cd978c4a01
diff --git a/graphics/openjpeg/patches/patch-libopenjpeg_j2k.c b/graphics/openjpeg/patches/patch-libopenjpeg_j2k.c
index c53cf4f205b..ff2a4773adf 100644
--- a/graphics/openjpeg/patches/patch-libopenjpeg_j2k.c
+++ b/graphics/openjpeg/patches/patch-libopenjpeg_j2k.c
@@ -1,4 +1,4 @@
-$NetBSD: patch-libopenjpeg_j2k.c,v 1.1 2012/07/11 09:07:21 wiz Exp $
+$NetBSD: patch-libopenjpeg_j2k.c,v 1.2 2012/10/25 11:33:41 drochner Exp $
 
 CVE-2012-3358:
 A heap-based buffer overflow was found in the way OpenJPEG, an
@@ -13,7 +13,20 @@ http://code.google.com/p/openjpeg/source/detail?r=1727
 
 --- libopenjpeg/j2k.c.orig	2012-02-07 10:49:55.000000000 +0000
 +++ libopenjpeg/j2k.c
-@@ -1269,7 +1269,7 @@ static void j2k_read_sot(opj_j2k_t *j2k)
+@@ -684,6 +684,12 @@ static void j2k_read_cox(opj_j2k_t *j2k,
+ 					"of resolutions of this component\nModify the cp_reduce parameter.\n\n", compno);
+ 		j2k->state |= J2K_STATE_ERR;
+ 	}
++  if( tccp->numresolutions > J2K_MAXRLVLS ) {
++    opj_event_msg(j2k->cinfo, EVT_ERROR, "Error decoding component %d.\nThe number of resolutions is too big: %d vs max= %d. Truncating.\n\n",
++      compno, tccp->numresolutions, J2K_MAXRLVLS);
++		j2k->state |= J2K_STATE_ERR;
++    tccp->numresolutions = J2K_MAXRLVLS;
++  }
+ 
+ 	tccp->cblkw = cio_read(cio, 1) + 2;	/* SPcox (E) */
+ 	tccp->cblkh = cio_read(cio, 1) + 2;	/* SPcox (F) */
+@@ -1269,7 +1275,7 @@ static void j2k_read_sot(opj_j2k_t *j2k)
  		static int backup_tileno = 0;
  
  		/* tileno is negative or larger than the number of tiles!!! */
@@ -22,7 +35,7 @@ http://code.google.com/p/openjpeg/source/detail?r=1727
  			opj_event_msg(j2k->cinfo, EVT_ERROR,
  				"JPWL: bad tile number (%d out of a maximum of %d)\n",
  				tileno, (cp->tw * cp->th));
-@@ -1286,8 +1286,18 @@ static void j2k_read_sot(opj_j2k_t *j2k)
+@@ -1286,8 +1292,18 @@ static void j2k_read_sot(opj_j2k_t *j2k)
  
  		/* keep your private count of tiles */
  		backup_tileno++;
@@ -42,7 +55,7 @@ http://code.google.com/p/openjpeg/source/detail?r=1727
  	
  	if (cp->tileno_size == 0) {
  		cp->tileno[cp->tileno_size] = tileno;
-@@ -1325,8 +1335,18 @@ static void j2k_read_sot(opj_j2k_t *j2k)
+@@ -1325,8 +1341,18 @@ static void j2k_read_sot(opj_j2k_t *j2k)
  				totlen);
  		}