MFH: r467404

Fix CVE-2016-5684 - Bump PORTREVISION for package change Obtained from: https://sourceforge.net/p/freeimage/svn/1735/ https://sourceforge.net/p/freeimage/svn/1740/ Security: 5b1631dc-eafd-11e6-9ac1-a4badb2f4699 Approved by: ports-secteam (riggs)
svn path=/branches/2018Q2/; revision=467798
2018-04-19 18:32:43 +00:00 · 2018-04-19 18:32:43 +00:00 · 88e9817680 · 2021-03-31 03:12:20 +00:00
commit 88e9817680
parent fc81531aa0
2 changed files with 24 additions and 1 deletions
--- a/graphics/freeimage/Makefile
+++ b/graphics/freeimage/Makefile
@ -3,7 +3,7 @@

 PORTNAME=	freeimage
 PORTVERSION=	3.16.0
-PORTREVISION=	4
+PORTREVISION=	5
 # Version 3.17.0 is available, but does not build on i386 (and probably
 # other 32-bit arches) without some not-quite-trivial patching.  If one
 # decides to update the port, please make sure 32-bit builds are tested!
--- a/graphics/freeimage/files/patch-Source-FreeImage-PluginXPM.cpp
+++ b/graphics/freeimage/files/patch-Source-FreeImage-PluginXPM.cpp
@ -0,0 +1,23 @@
+--- Source/FreeImage/PluginXPM.cpp.orig	2013-11-29 19:29:14 UTC
+++ Source/FreeImage/PluginXPM.cpp
+@@ -181,6 +181,11 @@ Load(FreeImageIO *io, fi_handle handle, 
+ 		}
+ 		free(str);
+ 
+		// check info string
+		if((width <= 0) || (height <= 0) || (colors <= 0) || (cpp <= 0)) {
+			throw "Improperly formed info string";
+		}
+
+         if (colors > 256) {
+ 			dib = FreeImage_AllocateHeader(header_only, width, height, 24, FI_RGBA_RED_MASK, FI_RGBA_GREEN_MASK, FI_RGBA_BLUE_MASK);
+ 		} else {
+@@ -193,7 +198,7 @@ Load(FreeImageIO *io, fi_handle handle, 
+ 			FILE_RGBA rgba;
+ 
+ 			str = ReadString(io, handle);
+-			if(!str)
+			if(!str || (strlen(str) < (size_t)cpp))
+ 				throw "Error reading color strings";
+ 
+ 			std::string chrs(str,cpp); //create a string for the color chars using the first cpp chars