MFH: r450936

Update to 0.18.5 This addresses CVE-2017-14265, CVE-2017-14348, and CVE-2017-14608 Use FreeBSD libc strnlen and strcasestr functions instead of bundled [1] PR: 219029 [1] Submitted by: mi [1] Security: 4cd857d9-26d2-4417-b765-69701938f9e0 Security: d9f96741-47bd-4426-9aba-8736c0971b24 Security: 02bee9ae-c5d1-409b-8a79-983a88861509 Approved by: ports-secteam (swills)
svn path=/branches/2017Q3/; revision=451526
2017-10-08 13:11:17 +00:00 · 2017-10-08 13:11:17 +00:00 · a16d9e9f97 · 2021-03-31 03:12:20 +00:00
commit a16d9e9f97
parent be9be33bc2
3 changed files with 40 additions and 8 deletions
--- a/graphics/libraw/Makefile
+++ b/graphics/libraw/Makefile
@ -2,7 +2,7 @@
 # $FreeBSD$

 PORTNAME=	libraw
-PORTVERSION=	0.18.2
+PORTVERSION=	0.18.5
 CATEGORIES=	graphics
 MASTER_SITES=	http://www.libraw.org/data/
 DISTNAME=	LibRaw-${PORTVERSION}
--- a/graphics/libraw/distinfo
+++ b/graphics/libraw/distinfo
@ -1,7 +1,7 @@
-TIMESTAMP = 1491502383
-SHA256 (LibRaw-0.18.2.tar.gz) = ce366bb38c1144130737eb16e919038937b4dc1ab165179a225d5e847af2abc6
-SIZE (LibRaw-0.18.2.tar.gz) = 1281674
-SHA256 (LibRaw-demosaic-pack-GPL2-0.18.2.tar.gz) = f467689182728240c6358c1b890e9fe4ee08667c74433f6bd6a4710e3ae2aab6
-SIZE (LibRaw-demosaic-pack-GPL2-0.18.2.tar.gz) = 31777
-SHA256 (LibRaw-demosaic-pack-GPL3-0.18.2.tar.gz) = 01080bc2448de87339f086229319c9e1cca97ac0621416feb537b96f0dba4a57
-SIZE (LibRaw-demosaic-pack-GPL3-0.18.2.tar.gz) = 39290
+TIMESTAMP = 1506714254
+SHA256 (LibRaw-0.18.5.tar.gz) = fa2a7d14d9dfaf6b368f958a76d79266b3f58c2bc367bebab56e11baa94da178
+SIZE (LibRaw-0.18.5.tar.gz) = 1280046
+SHA256 (LibRaw-demosaic-pack-GPL2-0.18.5.tar.gz) = 2ae7923868c3e927eee72cf2e4d91384560b7cfe76a386ecf319c069d343c674
+SIZE (LibRaw-demosaic-pack-GPL2-0.18.5.tar.gz) = 30449
+SHA256 (LibRaw-demosaic-pack-GPL3-0.18.5.tar.gz) = b0ec998c4884cedd86a0627481a18144f0024a35c7a6fa5ae836182c16975c2b
+SIZE (LibRaw-demosaic-pack-GPL3-0.18.5.tar.gz) = 38899
--- a/graphics/libraw/files/patch-internal_dcraw__common.cpp
+++ b/graphics/libraw/files/patch-internal_dcraw__common.cpp
@ -0,0 +1,32 @@
+Use strnlen(3) and strcasestr(3) from FreeBSD's libc instead of the bundled
+versions. Patch has been applied upstream in master branch:
+https://github.com/LibRaw/LibRaw/commit/b1a2984
+
+--- internal/dcraw_common.cpp.orig	2017-09-22 06:35:16 UTC
+++ internal/dcraw_common.cpp
+@@ -51,6 +51,8 @@ int CLASS fcol (int row, int col)
+   if (filters == 9) return xtrans[(row+6) % 6][(col+6) % 6];
+   return FC(row,col);
+ }
+
+#if !defined(__FreeBSD__)
+ static size_t local_strnlen(const char *s, size_t n)
+ {
+   const char *p = (const char *)memchr(s, 0, n);
+@@ -58,6 +60,7 @@ static size_t local_strnlen(const char *
+ }
+ /* add OS X version check here ?? */
+ #define strnlen(a,b) local_strnlen(a,b)
+#endif
+ 
+ #ifdef LIBRAW_LIBRARY_BUILD
+ static int stread(char *buf, size_t len, LibRaw_abstract_datastream *fp)
+@@ -69,7 +72,7 @@ static int stread(char *buf, size_t len,
+ #define stmread(buf,maxlen,fp) stread(buf,MIN(maxlen,sizeof(buf)),fp)
+ #endif
+ 
+-#ifndef __GLIBC__
+#if !defined(__GLIBC__) && !defined(__FreeBSD__)
+ char *my_memmem (char *haystack, size_t haystacklen,
+ 	      char *needle, size_t needlelen)
+ {