Apply vendor patch for "Avoid overflow in ljpeg_start()"

(changeset 983bda1f) to prevent a denial of service (crash) via a crafted image PR: 200199 Obtained from: 983bda1f0f Security: CVE-2015-3885 Security: 57325ecf-facc-11e4-968f-b888e347c638 Submitted by: Jason Unovitch <jason unovitch gmail com> Reported by: Sevan Janiyan <venture37 geeklan co uk> Approved by: samm os2 kiev ua (maintainer) MFH: 2015Q2
svn path=/head/; revision=388051
2015-05-31 09:14:02 +00:00 · 2015-05-31 09:14:02 +00:00 · 5b161007a0 · 2021-03-31 03:12:20 +00:00
commit 5b161007a0
parent fc893d96d5
2 changed files with 13 additions and 1 deletions
--- a/graphics/rawstudio/Makefile
+++ b/graphics/rawstudio/Makefile
@ -3,7 +3,7 @@

 PORTNAME=	rawstudio
 PORTVERSION=	2.0
-PORTREVISION=	10
+PORTREVISION=	11
 CATEGORIES=	graphics
 MASTER_SITES=	http://rawstudio.org/files/release/

--- a/graphics/rawstudio/files/patch-plugins_load-dcraw_dcraw.cc
+++ b/graphics/rawstudio/files/patch-plugins_load-dcraw_dcraw.cc
@ -0,0 +1,12 @@
+--- plugins/load-dcraw/dcraw.cc.orig	2015-05-29 01:03:46 UTC
+++ plugins/load-dcraw/dcraw.cc
+@@ -869,7 +869,8 @@ struct jhead {
+ 
+ int CLASS ljpeg_start (struct jhead *jh, int info_only)
+ {
+-  int c, tag, len;
+  int c, tag;
+  ushort len;
+   uchar data[0x10000];
+   const uchar *dp;
+