On 2018/05/09 17:28, Rafael Sadowski wrote:
> Simple update to the latest stable version including:
>
> CVE-2018-10529 fixed: out of bounds read in X3F parser
> CVE-2018-10528 fixed: possible stack overrun in X3F parser
>
>
> Upstream removed own License:
> https://www.libraw.org/news/libraw-0-18-released
>
> A bulk would be really nice, anyone?
I don't see a need for that, or for the major bump, the function signature
of utf2char() did change but it was previously a static function so nothing
outside libraw itself could have used it. (And with the security fixes we
may want it in -stable where a major bump is a real headache).
> Index: Makefile
> ===================================================================
> RCS file: /cvs/ports/graphics/libraw/Makefile,v
> retrieving revision 1.35
> diff -u -p -u -p -r1.35 Makefile
> --- Makefile 5 Mar 2018 14:53:40 -0000 1.35
> +++ Makefile 9 May 2018 15:23:21 -0000
> @@ -2,18 +2,18 @@
>
> COMMENT = library for reading RAW files
>
> -DISTNAME = LibRaw-0.18.8
> +DISTNAME = LibRaw-0.18.10
> PKGNAME = ${DISTNAME:L}
> CATEGORIES = graphics
>
> -SHARED_LIBS += raw 3.0 # 15.0
> -SHARED_LIBS += raw_r 3.0 # 15.0
> +SHARED_LIBS += raw 4.0 # 15.0
> +SHARED_LIBS += raw_r 4.0 # 15.0
Change to just minor bumps, then it's OK sthen@.
>
> HOMEPAGE = https://www.libraw.org/
>
> MAINTAINER = Rafael Sadowski <[email protected]>
>
> -# LGPL v2.1 OR CDDL v1.0 OR their own
> +# LGPL v2.1 OR CDDL v1.0
> PERMIT_PACKAGE_CDROM = Yes
>
> WANTLIB += c jasper jpeg lcms2 m pthread ${COMPILER_LIBCXX}
> Index: distinfo
> ===================================================================
> RCS file: /cvs/ports/graphics/libraw/distinfo,v
> retrieving revision 1.11
> diff -u -p -u -p -r1.11 distinfo
> --- distinfo 5 Mar 2018 14:53:40 -0000 1.11
> +++ distinfo 9 May 2018 15:23:21 -0000
> @@ -1,2 +1,2 @@
> -SHA256 (LibRaw-0.18.8.tar.gz) = Vqyk/ZcDiSPVfS0X2QqhHYJ/Hz0/HZfp9aDVL/h0IOI=
> -SIZE (LibRaw-0.18.8.tar.gz) = 1281773
> +SHA256 (LibRaw-0.18.10.tar.gz) = CMm78rtfiuzng9BeC1Joqq5VYqNNlA4X7noiy8L7mU4=
> +SIZE (LibRaw-0.18.10.tar.gz) = 1282206
> Index: patches/patch-internal_libraw_x3f_cpp
> ===================================================================
> RCS file: /cvs/ports/graphics/libraw/patches/patch-internal_libraw_x3f_cpp,v
> retrieving revision 1.4
> diff -u -p -u -p -r1.4 patch-internal_libraw_x3f_cpp
> --- patches/patch-internal_libraw_x3f_cpp 7 Apr 2018 11:05:22 -0000
> 1.4
> +++ patches/patch-internal_libraw_x3f_cpp 9 May 2018 15:23:21 -0000
> @@ -5,7 +5,7 @@ fix non-constant-expression cannot be na
> Index: internal/libraw_x3f.cpp
> --- internal/libraw_x3f.cpp.orig
> +++ internal/libraw_x3f.cpp
> -@@ -1401,7 +1401,9 @@ static void huffman_decode_row(x3f_info_t *I,
> +@@ -1389,7 +1389,9 @@ static void huffman_decode_row(x3f_info_t *I,
> x3f_image_data_t *ID = &DEH->data_subsection.image_data;
> x3f_huffman_t *HUF = ID->huffman;
>
>
