Attachment #246008 for bug #274822

View | Details | Raw Unified | Return to bug 274822 | Differences between
Collapse All | Expand All




PORTNAME=	optipng
PORTVERSION=	0.7.7
PORTREVISION=	1
CATEGORIES=	graphics
MASTER_SITES=	SF/${PORTNAME}/OptiPNG/${PORTNAME}-${PORTVERSION}

MAINTAINER=	tom@hur.st
COMMENT=	Optimizer for PNG files
WWW=		https://optipng.sourceforge.net/

LICENSE=	ZLIB
LICENSE_FILE=	${WRKSRC}/LICENSE.txt

LIB_DEPENDS=	libpng.so:graphics/png

USES=		cpe gmake localbase:ldflags
CPE_VENDOR=	optipng_project
BUNDLED_LIBPNG_CONFIGURE_ON=	--without-system-libpng
BUNDLED_LIBPNG_LIB_DEPENDS_OFF=	libpng.so:graphics/png
BUNDLED_LIBPNG_USES_OFF=	localbase:ldflags

BUNDLED_ZLIB_DESC=		Use bundled zlib
BUNDLED_ZLIB_CONFIGURE_OFF=	--with-system-zlib
BUNDLED_ZLIB_CONFIGURE_ON=	--without-system-zlib

USES=		cpe gmake
HAS_CONFIGURE=	yes
CONFIGURE_ARGS=	--with-system-libpng \
		--with-system-zlib

PLIST_FILES=	bin/optipng \
		man/man1/optipng.1.gz
PLIST_FILES=	bin/optipng man/man1/optipng.1.gz
PORTDOCS=	history.txt optipng.man.html optipng.man.pdf optipng.man.txt \
		png_optimization.html todo.txt

OPTIONS_DEFINE=	DOCS

do-install:
	${INSTALL_PROGRAM} ${WRKSRC}/src/optipng/optipng ${STAGEDIR}${PREFIX}/bin/
	${INSTALL_MAN} ${WRKSRC}/src/optipng/man/optipng.1 ${STAGEDIR}${MAN1PREFIX}/man/man1/




--- src/gifread/gifread.c.orig	2017-12-10 23:49:00 UTC
+++ src/gifread/gifread.c
@@ -363,6 +363,11 @@ static int LZWGetCode(int code_size, int init_flag, FI
         lastbit = (2 + count) * 8;
     }
 
+    if ((curbit + code_size - 1) / 8 >= sizeof(buffer)) {
+        GIFError("Malformed GIF (CVE-2023-43907)");
+        return -1;
+    }
+
     ret = 0;
     for (i = curbit, j = 0; j < code_size; ++i, ++j)
         ret |= ((buffer[i / 8] & (1 << (i % 8))) != 0) << j;

Return to bug 274822

Lines 1-36 Link Here

(-)b/graphics/optipng/Makefile (-15 / +11 lines)
1	PORTNAME= optipng	1	PORTNAME= optipng
2	PORTVERSION= 0.7.7	2	PORTVERSION= 0.7.7
		3	PORTREVISION= 1
3	CATEGORIES= graphics	4	CATEGORIES= graphics
4	MASTER_SITES= SF/${PORTNAME}/OptiPNG/${PORTNAME}-${PORTVERSION}	5	MASTER_SITES= SF/${PORTNAME}/OptiPNG/${PORTNAME}-${PORTVERSION}
5		6
6	MAINTAINER= tom@hur.st	7	MAINTAINER= tom@hur.st
7	COMMENT= Optimizer for PNG files	8	COMMENT= Optimizer for PNG files
8	WWW= http://optipng.sourceforge.net/	9	WWW= https://optipng.sourceforge.net/
9		10
10	LICENSE= ZLIB	11	LICENSE= ZLIB
11	LICENSE_FILE= ${WRKSRC}/LICENSE.txt	12	LICENSE_FILE= ${WRKSRC}/LICENSE.txt
12		13
13	OPTIONS_DEFINE= BUNDLED_LIBPNG BUNDLED_ZLIB DOCS	14	LIB_DEPENDS= libpng.so:graphics/png
14		15
15	BUNDLED_LIBPNG_DESC= Use bundled libpng	16	USES= cpe gmake localbase:ldflags
16	BUNDLED_LIBPNG_CONFIGURE_OFF= --with-system-libpng	17	CPE_VENDOR= optipng_project
17	BUNDLED_LIBPNG_CONFIGURE_ON= --without-system-libpng
18	BUNDLED_LIBPNG_LIB_DEPENDS_OFF= libpng.so:graphics/png
19	BUNDLED_LIBPNG_USES_OFF= localbase:ldflags
20
21	BUNDLED_ZLIB_DESC= Use bundled zlib
22	BUNDLED_ZLIB_CONFIGURE_OFF= --with-system-zlib
23	BUNDLED_ZLIB_CONFIGURE_ON= --without-system-zlib
24		18
25	USES= cpe gmake
26	HAS_CONFIGURE= yes	19	HAS_CONFIGURE= yes
		20	CONFIGURE_ARGS= --with-system-libpng \
		21	--with-system-zlib
27		22
28	CPE_VENDOR= optipng_project	23	PLIST_FILES= bin/optipng \
29		24	man/man1/optipng.1.gz
30	PLIST_FILES= bin/optipng man/man1/optipng.1.gz
31	PORTDOCS= history.txt optipng.man.html optipng.man.pdf optipng.man.txt \	25	PORTDOCS= history.txt optipng.man.html optipng.man.pdf optipng.man.txt \
32	png_optimization.html todo.txt	26	png_optimization.html todo.txt
33		27
		28	OPTIONS_DEFINE= DOCS
		29
34	do-install:	30	do-install:
35	${INSTALL_PROGRAM} ${WRKSRC}/src/optipng/optipng ${STAGEDIR}${PREFIX}/bin/	31	${INSTALL_PROGRAM} ${WRKSRC}/src/optipng/optipng ${STAGEDIR}${PREFIX}/bin/
36	${INSTALL_MAN} ${WRKSRC}/src/optipng/man/optipng.1 ${STAGEDIR}${MAN1PREFIX}/man/man1/	32	${INSTALL_MAN} ${WRKSRC}/src/optipng/man/optipng.1 ${STAGEDIR}${MAN1PREFIX}/man/man1/

Added Link Here

(-)b/graphics/optipng/files/patch-src_gifread_gifread.c (-1 / +14 lines)
0	-	1	--- src/gifread/gifread.c.orig 2017-12-10 23:49:00 UTC
		2	+++ src/gifread/gifread.c
		3	@@ -363,6 +363,11 @@ static int LZWGetCode(int code_size, int init_flag, FI
		4	lastbit = (2 + count) * 8;
		5	}
		6
		7	+ if ((curbit + code_size - 1) / 8 >= sizeof(buffer)) {
		8	+ GIFError("Malformed GIF (CVE-2023-43907)");
		9	+ return -1;
		10	+ }
		11	+
		12	ret = 0;
		13	for (i = curbit, j = 0; j < code_size; ++i, ++j)
		14	ret \|= ((buffer[i / 8] & (1 << (i % 8))) != 0) << j;