On 2018/05/09 17:28, Rafael Sadowski wrote: > Simple update to the latest stable version including: > > CVE-2018-10529 fixed: out of bounds read in X3F parser > CVE-2018-10528 fixed: possible stack overrun in X3F parser > > > Upstream removed own License: > https://www.libraw.org/news/libraw-0-18-released > > A bulk would be really nice, anyone?
I don't see a need for that, or for the major bump, the function signature of utf2char() did change but it was previously a static function so nothing outside libraw itself could have used it. (And with the security fixes we may want it in -stable where a major bump is a real headache). > Index: Makefile > =================================================================== > RCS file: /cvs/ports/graphics/libraw/Makefile,v > retrieving revision 1.35 > diff -u -p -u -p -r1.35 Makefile > --- Makefile 5 Mar 2018 14:53:40 -0000 1.35 > +++ Makefile 9 May 2018 15:23:21 -0000 > @@ -2,18 +2,18 @@ > > COMMENT = library for reading RAW files > > -DISTNAME = LibRaw-0.18.8 > +DISTNAME = LibRaw-0.18.10 > PKGNAME = ${DISTNAME:L} > CATEGORIES = graphics > > -SHARED_LIBS += raw 3.0 # 15.0 > -SHARED_LIBS += raw_r 3.0 # 15.0 > +SHARED_LIBS += raw 4.0 # 15.0 > +SHARED_LIBS += raw_r 4.0 # 15.0 Change to just minor bumps, then it's OK sthen@. > > HOMEPAGE = https://www.libraw.org/ > > MAINTAINER = Rafael Sadowski <rsadow...@openbsd.org> > > -# LGPL v2.1 OR CDDL v1.0 OR their own > +# LGPL v2.1 OR CDDL v1.0 > PERMIT_PACKAGE_CDROM = Yes > > WANTLIB += c jasper jpeg lcms2 m pthread ${COMPILER_LIBCXX} > Index: distinfo > =================================================================== > RCS file: /cvs/ports/graphics/libraw/distinfo,v > retrieving revision 1.11 > diff -u -p -u -p -r1.11 distinfo > --- distinfo 5 Mar 2018 14:53:40 -0000 1.11 > +++ distinfo 9 May 2018 15:23:21 -0000 > @@ -1,2 +1,2 @@ > -SHA256 (LibRaw-0.18.8.tar.gz) = Vqyk/ZcDiSPVfS0X2QqhHYJ/Hz0/HZfp9aDVL/h0IOI= > -SIZE (LibRaw-0.18.8.tar.gz) = 1281773 > +SHA256 (LibRaw-0.18.10.tar.gz) = CMm78rtfiuzng9BeC1Joqq5VYqNNlA4X7noiy8L7mU4= > +SIZE (LibRaw-0.18.10.tar.gz) = 1282206 > Index: patches/patch-internal_libraw_x3f_cpp > =================================================================== > RCS file: /cvs/ports/graphics/libraw/patches/patch-internal_libraw_x3f_cpp,v > retrieving revision 1.4 > diff -u -p -u -p -r1.4 patch-internal_libraw_x3f_cpp > --- patches/patch-internal_libraw_x3f_cpp 7 Apr 2018 11:05:22 -0000 > 1.4 > +++ patches/patch-internal_libraw_x3f_cpp 9 May 2018 15:23:21 -0000 > @@ -5,7 +5,7 @@ fix non-constant-expression cannot be na > Index: internal/libraw_x3f.cpp > --- internal/libraw_x3f.cpp.orig > +++ internal/libraw_x3f.cpp > -@@ -1401,7 +1401,9 @@ static void huffman_decode_row(x3f_info_t *I, > +@@ -1389,7 +1389,9 @@ static void huffman_decode_row(x3f_info_t *I, > x3f_image_data_t *ID = &DEH->data_subsection.image_data; > x3f_huffman_t *HUF = ID->huffman; > >