On 2018/05/09 17:28, Rafael Sadowski wrote:
> Simple update to the latest stable version including:
> 
> CVE-2018-10529 fixed: out of bounds read in X3F parser
> CVE-2018-10528 fixed: possible stack overrun in X3F parser
> 
> 
> Upstream removed own License:
> https://www.libraw.org/news/libraw-0-18-released
> 
> A bulk would be really nice, anyone?

I don't see a need for that, or for the major bump, the function signature
of utf2char() did change but it was previously a static function so nothing
outside libraw itself could have used it. (And with the security fixes we
may want it in -stable where a major bump is a real headache).

> Index: Makefile
> ===================================================================
> RCS file: /cvs/ports/graphics/libraw/Makefile,v
> retrieving revision 1.35
> diff -u -p -u -p -r1.35 Makefile
> --- Makefile  5 Mar 2018 14:53:40 -0000       1.35
> +++ Makefile  9 May 2018 15:23:21 -0000
> @@ -2,18 +2,18 @@
>  
>  COMMENT =            library for reading RAW files
>  
> -DISTNAME =           LibRaw-0.18.8
> +DISTNAME =           LibRaw-0.18.10
>  PKGNAME =            ${DISTNAME:L}
>  CATEGORIES =         graphics
>  
> -SHARED_LIBS +=  raw                  3.0      # 15.0
> -SHARED_LIBS +=  raw_r                3.0      # 15.0
> +SHARED_LIBS +=  raw                  4.0      # 15.0
> +SHARED_LIBS +=  raw_r                4.0      # 15.0

Change to just minor bumps, then it's OK sthen@.

>  
>  HOMEPAGE =           https://www.libraw.org/
>  
>  MAINTAINER =         Rafael Sadowski <rsadow...@openbsd.org>
>  
> -# LGPL v2.1 OR CDDL v1.0 OR their own
> +# LGPL v2.1 OR CDDL v1.0
>  PERMIT_PACKAGE_CDROM =       Yes
>  
>  WANTLIB += c jasper jpeg lcms2 m pthread ${COMPILER_LIBCXX}
> Index: distinfo
> ===================================================================
> RCS file: /cvs/ports/graphics/libraw/distinfo,v
> retrieving revision 1.11
> diff -u -p -u -p -r1.11 distinfo
> --- distinfo  5 Mar 2018 14:53:40 -0000       1.11
> +++ distinfo  9 May 2018 15:23:21 -0000
> @@ -1,2 +1,2 @@
> -SHA256 (LibRaw-0.18.8.tar.gz) = Vqyk/ZcDiSPVfS0X2QqhHYJ/Hz0/HZfp9aDVL/h0IOI=
> -SIZE (LibRaw-0.18.8.tar.gz) = 1281773
> +SHA256 (LibRaw-0.18.10.tar.gz) = CMm78rtfiuzng9BeC1Joqq5VYqNNlA4X7noiy8L7mU4=
> +SIZE (LibRaw-0.18.10.tar.gz) = 1282206
> Index: patches/patch-internal_libraw_x3f_cpp
> ===================================================================
> RCS file: /cvs/ports/graphics/libraw/patches/patch-internal_libraw_x3f_cpp,v
> retrieving revision 1.4
> diff -u -p -u -p -r1.4 patch-internal_libraw_x3f_cpp
> --- patches/patch-internal_libraw_x3f_cpp     7 Apr 2018 11:05:22 -0000       
> 1.4
> +++ patches/patch-internal_libraw_x3f_cpp     9 May 2018 15:23:21 -0000
> @@ -5,7 +5,7 @@ fix non-constant-expression cannot be na
>  Index: internal/libraw_x3f.cpp
>  --- internal/libraw_x3f.cpp.orig
>  +++ internal/libraw_x3f.cpp
> -@@ -1401,7 +1401,9 @@ static void huffman_decode_row(x3f_info_t *I,
> +@@ -1389,7 +1389,9 @@ static void huffman_decode_row(x3f_info_t *I,
>     x3f_image_data_t *ID = &DEH->data_subsection.image_data;
>     x3f_huffman_t *HUF = ID->huffman;
>   
> 

Reply via email to