svn commit: r386494 - in head/graphics/rawtherapee: . files

[Matthias Andree]

Author: mandree
Date: Sat May 16 00:46:46 2015
New Revision: 386494
URL: https://svnweb.freebsd.org/changeset/ports/386494

Log:
  Fix CVE-2015-3885.
  
  PR:		200198
  Security:	CVE-2015-3885

Added:
  head/graphics/rawtherapee/files/patch-CVE-2015-3885   (contents, props changed)
Modified:
  head/graphics/rawtherapee/Makefile

Modified: head/graphics/rawtherapee/Makefile
==============================================================================
--- head/graphics/rawtherapee/Makefile	Sat May 16 00:04:49 2015	(r386493)
+++ head/graphics/rawtherapee/Makefile	Sat May 16 00:46:46 2015	(r386494)
@@ -3,7 +3,7 @@
 
 PORTNAME=	rawtherapee
 PORTVERSION=	4.2
-PORTREVISION=	1
+PORTREVISION=	2
 CATEGORIES=	graphics
 MASTER_SITES=	http://rawtherapee.com/shared/source/
 
@@ -95,6 +95,8 @@ post-patch:
 		${WRKSRC}/rtgui/icmpanel.h
 	@${REINPLACE_CMD} -e 's#DESTINATION "$${CMAKE_INSTALL_PREFIX}/share/man/man1"#DESTINATION "${MANPREFIX}/man/man1/"#' \
 		${WRKSRC}/CMakeLists.txt
+	${RM} ${WRKSRC}/rtengine/dcraw.patch \
+		${WRKSRC}/rtengine/dcraw.c
 
 # paranoia: run rawtherapee --help to be sure it finds all its
 # shared libraries (this hinges on proper RPATH setting and propagation)

Added: head/graphics/rawtherapee/files/patch-CVE-2015-3885
==============================================================================
--- /dev/null	00:00:00 1970	(empty, because file is newly added)
+++ head/graphics/rawtherapee/files/patch-CVE-2015-3885	Sat May 16 00:46:46 2015	(r386494)
@@ -0,0 +1,13 @@
+diff -r 0536e53bb7f3 -r 0440e663ae7f rtengine/dcraw.cc
+--- ./rtengine/dcraw.cc	Thu May 14 14:16:01 2015 +0200
++++ ./rtengine/dcraw.cc	Thu May 14 19:04:32 2015 +0200
+@@ -787,7 +787,8 @@
+ 
+ int CLASS ljpeg_start (struct jhead *jh, int info_only)
+ {
+-  int c, tag, len;
++  int c, tag;
++  ushort len;
+   uchar data[0x10000];
+   const uchar *dp;
+