219029 – graphics/libraw - add patch to use FreeBSD's libc implementations of non-standard string functions

Bug 219029 - graphics/libraw - add patch to use FreeBSD's libc implementations of non-standard string functions

Summary: graphics/libraw - add patch to use FreeBSD's libc implementations of non-stan...

Status:	Closed FIXED

Alias:	None

Product:	Ports & Packages
Classification:	Unclassified
Component:	Individual Port(s) (show other bugs)
Version:	Latest
Hardware:	Any Any

Importance:	--- Affects Only Me
Assignee:	Jason E. Hale

URL:
Keywords:	easy, patch, patch-ready

Depends on:
Blocks:

Reported:	2017-05-03 02:05 UTC by Mikhail Teterin
Modified:	2017-10-08 13:11 UTC (History)
CC List:	0 users

See Also:

Flags:	jhale: maintainer-feedback+

Attachments
Add #ifdefs to avoid redefining functions provided by FreeBSD's libc (589 bytes, patch) 2017-05-03 02:05 UTC, Mikhail Teterin	no flags	Details \| Diff
View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Mikhail Teterin freebsd_committer

2017-05-03 02:05:04 UTC

Created attachment 182260 [details]
Add #ifdefs to avoid redefining functions provided by FreeBSD's libc

libraw reimplements several less-than-standard functions (like strnlen) for the benefit of platforms, which do not define them.

However, FreeBSD does define them and there is no need to use the bundled implementations.

The attached patch can simply be dropped into the port's files/ subdire4ctory.

Comment 1 Jason E. Hale freebsd_committer

2017-08-03 21:26:48 UTC

I've opened a pull request upstream.
https://github.com/LibRaw/LibRaw/pull/92

If it doesn't make it into the next version, I'll add the patch to the port. No need to do it now which would require a PORTREVISION bump. Thanks!

Comment 2 Jason E. Hale freebsd_committer

2017-09-03 13:54:24 UTC

Note to self: patch has been accepted upstream in master branch. https://github.com/LibRaw/LibRaw/commit/b1a2984d6afe45d46d4c566b542b4e898343b033

Comment 3 commit-hook freebsd_committer

2017-09-29 20:12:55 UTC

A commit references this bug:

Author: jhale
Date: Fri Sep 29 20:12:39 UTC 2017
New revision: 450936
URL: https://svnweb.freebsd.org/changeset/ports/450936

Log:
  Update to 0.18.5
  This addresses CVE-2017-14265, CVE-2017-14348, and CVE-2017-14608
  Use FreeBSD libc strnlen and strcasestr functions instead of bundled [1]

  PR:		219029 [1]
  Submitted by:	mi [1]
  MFH:		2017Q3
  Security:	4cd857d9-26d2-4417-b765-69701938f9e0
  Security:	d9f96741-47bd-4426-9aba-8736c0971b24
  Security:	02bee9ae-c5d1-409b-8a79-983a88861509

Changes:
  head/graphics/libraw/Makefile
  head/graphics/libraw/distinfo
  head/graphics/libraw/files/patch-internal_dcraw__common.cpp

Comment 4 Jason E. Hale freebsd_committer

2017-09-29 20:16:21 UTC

I've added the patch locally for the 0.18.x branch since the author has only applied it to the 0.19.x (master) branch. Thanks!

Comment 5 commit-hook freebsd_committer

2017-10-08 13:11:37 UTC

A commit references this bug:

Author: jhale
Date: Sun Oct  8 13:11:18 UTC 2017
New revision: 451526
URL: https://svnweb.freebsd.org/changeset/ports/451526

Log:
  MFH: r450936

  Update to 0.18.5
  This addresses CVE-2017-14265, CVE-2017-14348, and CVE-2017-14608
  Use FreeBSD libc strnlen and strcasestr functions instead of bundled [1]

  PR:		219029 [1]
  Submitted by:	mi [1]
  Security:	4cd857d9-26d2-4417-b765-69701938f9e0
  Security:	d9f96741-47bd-4426-9aba-8736c0971b24
  Security:	02bee9ae-c5d1-409b-8a79-983a88861509

  Approved by:	ports-secteam (swills)

Changes:
_U  branches/2017Q3/
  branches/2017Q3/graphics/libraw/Makefile
  branches/2017Q3/graphics/libraw/distinfo
  branches/2017Q3/graphics/libraw/files/patch-internal_dcraw__common.cpp