On Thu, May 14, 2015 22:21, Sevan / Venture37 wrote:
> archivers/libarchive - out of bounds read
> https://github.com/libarchive/libarchive/issues/502
>
> graphics/libraw, dcraw, ufraw, rawtherapee, rawstudio
> CVE-2015-3885
> http://www.ocert.org/advisories/ocert-2015-006.html
Fixes for dcraw based software.
OK?
-stable patches will follow.
>
> textproc/ruby-redcarpet xss
> http://openwall.com/lists/oss-security/2015/04/07/11
>
>
> Sevan / Venture37
>
>
Index: Makefile
===================================================================
RCS file: /cvs/ports/graphics/rawtherapee/Makefile,v
retrieving revision 1.10
diff -u -p -r1.10 Makefile
--- Makefile 27 Mar 2015 08:11:29 -0000 1.10
+++ Makefile 26 May 2015 08:57:03 -0000
@@ -3,7 +3,7 @@
COMMENT = RAW image processing application
DISTNAME = rawtherapee-4.1
-REVISION = 0
+REVISION = 1
CATEGORIES = graphics
Index: patches/patch-rtengine_dcraw_cc
===================================================================
RCS file: patches/patch-rtengine_dcraw_cc
diff -N patches/patch-rtengine_dcraw_cc
--- /dev/null 1 Jan 1970 00:00:00 -0000
+++ patches/patch-rtengine_dcraw_cc 26 May 2015 08:57:03 -0000
@@ -0,0 +1,17 @@
+$OpenBSD$
+
+dcraw imput sanitization errors, CVE-2015-3885
+Commit ID 0440e663ae7f44a63420460dcb07cfbe0ba8ea42
+
+--- rtengine/dcraw.cc.orig Tue May 26 11:52:41 2015
++++ rtengine/dcraw.cc Tue May 26 11:54:01 2015
+@@ -789,7 +789,8 @@ struct jhead {
+
+ int CLASS ljpeg_start (struct jhead *jh, int info_only)
+ {
+- int c, tag, len;
++ int c, tag;
++ ushort len;
+ uchar data[0x10000];
+ const uchar *dp;
+ ? 7f5615e7355fab256e22fb7db0b739850d17a0b1.diff
Index: Makefile
===================================================================
RCS file: /cvs/ports/graphics/libraw/Makefile,v
retrieving revision 1.12
diff -u -p -r1.12 Makefile
--- Makefile 22 May 2015 11:31:15 -0000 1.12
+++ Makefile 26 May 2015 10:13:06 -0000
@@ -8,7 +8,7 @@ V = 0.16.0
DISTNAME = LibRaw-${V}
PKGNAME = ${DISTNAME:L}
CATEGORIES = graphics
-REVISION = 0
+REVISION = 1
SHARED_LIBS += raw 0.0 # 10.0
SHARED_LIBS += raw_r 0.0 # 10.0
Index: patches/patch-dcraw_dcraw_c
===================================================================
RCS file: patches/patch-dcraw_dcraw_c
diff -N patches/patch-dcraw_dcraw_c
--- /dev/null 1 Jan 1970 00:00:00 -0000
+++ patches/patch-dcraw_dcraw_c 26 May 2015 10:13:06 -0000
@@ -0,0 +1,17 @@
+$OpenBSD$
+
+fix CVE-2015-3885
+Upstream commit 7f5615e7355fab256e22fb7db0b739850d17a0b1
+
+--- dcraw/dcraw.c.orig Fri Jan 17 01:27:55 2014
++++ dcraw/dcraw.c Tue May 26 13:09:53 2015
+@@ -768,7 +768,8 @@ struct jhead {
+
+ int CLASS ljpeg_start (struct jhead *jh, int info_only)
+ {
+- int c, tag, len;
++ int c, tag;
++ ushort len;
+ uchar data[0x10000];
+ const uchar *dp;
+
Index: patches/patch-internal_dcraw_common_cpp
===================================================================
RCS file: patches/patch-internal_dcraw_common_cpp
diff -N patches/patch-internal_dcraw_common_cpp
--- /dev/null 1 Jan 1970 00:00:00 -0000
+++ patches/patch-internal_dcraw_common_cpp 26 May 2015 10:13:06 -0000
@@ -0,0 +1,17 @@
+$OpenBSD$
+
+fix CVE-2015-3885
+Upstream commit 7f5615e7355fab256e22fb7db0b739850d17a0b1
+
+--- internal/dcraw_common.cpp.orig Fri Jan 17 17:43:14 2014
++++ internal/dcraw_common.cpp Tue May 26 13:09:53 2015
+@@ -567,7 +567,8 @@ void CLASS canon_load_raw()
+
+ int CLASS ljpeg_start (struct jhead *jh, int info_only)
+ {
+- int c, tag, len;
++ int c, tag;
++ ushort len;
+ uchar data[0x10000];
+ const uchar *dp;
+ Index: Makefile
===================================================================
RCS file: /cvs/ports/graphics/dcraw/Makefile,v
retrieving revision 1.23
diff -u -p -r1.23 Makefile
--- Makefile 16 Feb 2015 22:57:08 -0000 1.23
+++ Makefile 26 May 2015 10:13:30 -0000
@@ -2,8 +2,8 @@
COMMENT = digital camera RAW format conversion tool
-DISTNAME = dcraw-9.23
-REVISION = 0
+DISTNAME = dcraw-9.23.0
+REVISION = 1
CATEGORIES = graphics
HOMEPAGE = http://www.cybercom.net/~dcoffin/dcraw/
Index: distinfo
===================================================================
RCS file: /cvs/ports/graphics/dcraw/distinfo,v
retrieving revision 1.15
diff -u -p -r1.15 distinfo
--- distinfo 11 Feb 2015 20:24:39 -0000 1.15
+++ distinfo 26 May 2015 10:13:30 -0000
@@ -1,2 +1,2 @@
-SHA256 (dcraw-9.23.tar.gz) = ofT8DKwugGOI6OQUPwzRRYfPfEObIpeeRqaed+tPXGo=
-SIZE (dcraw-9.23.tar.gz) = 346947
+SHA256 (dcraw-9.23.0.tar.gz) = Bi35IakfKOel5fkZuJVTbrRiXbzO63ebanb2wxjM4bM=
+SIZE (dcraw-9.23.0.tar.gz) = 175496
Index: patches/patch-dcraw_c
===================================================================
RCS file: patches/patch-dcraw_c
diff -N patches/patch-dcraw_c
--- /dev/null 1 Jan 1970 00:00:00 -0000
+++ patches/patch-dcraw_c 26 May 2015 10:13:30 -0000
@@ -0,0 +1,16 @@
+$OpenBSD$
+
+imput sanitization errors, CVE-2015-3885
+
+--- dcraw.c.orig Tue May 26 12:10:40 2015
++++ dcraw.c Tue May 26 12:13:41 2015
+@@ -824,7 +824,8 @@ struct jhead {
+
+ int CLASS ljpeg_start (struct jhead *jh, int info_only)
+ {
+- int c, tag, len;
++ int c, tag;
++ ushort len;
+ uchar data[0x10000];
+ const uchar *dp;
+ ? dcraw.cc
Index: Makefile
===================================================================
RCS file: /cvs/ports/graphics/ufraw/Makefile,v
retrieving revision 1.38
diff -u -p -r1.38 Makefile
--- Makefile 11 Feb 2015 15:06:15 -0000 1.38
+++ Makefile 26 May 2015 10:22:35 -0000
@@ -3,6 +3,7 @@
COMMENT= read and manipulate raw images from digital cameras
DISTNAME= ufraw-0.21
+REVISION= 0
CATEGORIES= graphics
MASTER_SITES= ${MASTER_SITE_SOURCEFORGE:=ufraw/}
Index: patches/patch-dcraw_cc
===================================================================
RCS file: patches/patch-dcraw_cc
diff -N patches/patch-dcraw_cc
--- /dev/null 1 Jan 1970 00:00:00 -0000
+++ patches/patch-dcraw_cc 26 May 2015 10:22:35 -0000
@@ -0,0 +1,29 @@
+$OpenBSD$
+
+fix CVE-2015-3885
+http://ufraw.cvs.sourceforge.net/viewvc/ufraw/ufraw/dcraw.cc?r1=1.334&r2=1.335
+
+--- dcraw.cc.orig Fri Jan 30 18:15:16 2015
++++ dcraw.cc Tue May 26 13:21:07 2015
+@@ -934,7 +934,8 @@ struct jhead {
+
+ int CLASS ljpeg_start (struct jhead *jh, int info_only)
+ {
+- int c, tag, len;
++ int c, tag;
++ ushort len;
+ uchar data[0x10000];
+ const uchar *dp;
+
+@@ -945,8 +946,9 @@ int CLASS ljpeg_start (struct jhead *jh, int info_only
+ do {
+ fread (data, 2, 2, ifp);
+ tag = data[0] << 8 | data[1];
+- len = (data[2] << 8 | data[3]) - 2;
+- if (tag <= 0xff00) return 0;
++ len = (data[2] << 8 | data[3]);
++ if (tag <= 0xff00 || len <= 2) return 0;
++ len -= 2;
+ fread (data, 1, len, ifp);
+ switch (tag) {
+ case 0xffc3:Index: Makefile
===================================================================
RCS file: /cvs/ports/graphics/rawstudio/Makefile,v
retrieving revision 1.20
diff -u -p -r1.20 Makefile
--- Makefile 4 Apr 2015 09:21:01 -0000 1.20
+++ Makefile 26 May 2015 11:16:00 -0000
@@ -3,7 +3,7 @@
COMMENT = tool for working with RAW images
DISTNAME = rawstudio-1.2
-REVISION = 10
+REVISION = 11
CATEGORIES = graphics
Index: patches/patch-src_dcraw_cc
===================================================================
RCS file: patches/patch-src_dcraw_cc
diff -N patches/patch-src_dcraw_cc
--- /dev/null 1 Jan 1970 00:00:00 -0000
+++ patches/patch-src_dcraw_cc 26 May 2015 11:16:00 -0000
@@ -0,0 +1,16 @@
+$OpenBSD$
+
+fix CVE-2015-3885
+
+--- src/dcraw.cc.orig Tue May 26 13:45:37 2015
++++ src/dcraw.cc Tue May 26 13:46:31 2015
+@@ -916,7 +916,8 @@ struct jhead {
+
+ int CLASS ljpeg_start (struct jhead *jh, int info_only)
+ {
+- int c, tag, len;
++ int c, tag;
++ ushort len;
+ uchar data[0x10000], *dp;
+
+ if (!info_only) init_decoder();
