Bug 219029

Summary:

graphics/libraw - add patch to use FreeBSD's libc implementations of non-standard string functions

Product:

Ports & Packages

Reporter:

Mikhail Teterin <mi>

Component:

Individual Port(s)

Assignee:

Jason E. Hale <jhale>

Status:

Closed FIXED

Severity:

Affects Only Me

Keywords:

easy, patch, patch-ready

Priority:

---

Flags:

jhale: maintainer-feedback+

Version:

Latest

Hardware:

Any

OS:

Any

Attachments:

Description	Flags
Add #ifdefs to avoid redefining functions provided by FreeBSD's libc	none

Description Mikhail Teterin freebsd_committer

2017-05-03 02:05:04 UTC

Created attachment 182260 [details]
Add #ifdefs to avoid redefining functions provided by FreeBSD's libc

libraw reimplements several less-than-standard functions (like strnlen) for the benefit of platforms, which do not define them.

However, FreeBSD does define them and there is no need to use the bundled implementations.

The attached patch can simply be dropped into the port's files/ subdire4ctory.

Comment 1 Jason E. Hale freebsd_committer

2017-08-03 21:26:48 UTC

I've opened a pull request upstream.
https://github.com/LibRaw/LibRaw/pull/92

If it doesn't make it into the next version, I'll add the patch to the port. No need to do it now which would require a PORTREVISION bump. Thanks!

Comment 2 Jason E. Hale freebsd_committer

2017-09-03 13:54:24 UTC

Note to self: patch has been accepted upstream in master branch. https://github.com/LibRaw/LibRaw/commit/b1a2984d6afe45d46d4c566b542b4e898343b033

Comment 3 commit-hook freebsd_committer

2017-09-29 20:12:55 UTC

A commit references this bug:

Author: jhale
Date: Fri Sep 29 20:12:39 UTC 2017
New revision: 450936
URL: https://svnweb.freebsd.org/changeset/ports/450936

Log:
  Update to 0.18.5
  This addresses CVE-2017-14265, CVE-2017-14348, and CVE-2017-14608
  Use FreeBSD libc strnlen and strcasestr functions instead of bundled [1]

  PR:		219029 [1]
  Submitted by:	mi [1]
  MFH:		2017Q3
  Security:	4cd857d9-26d2-4417-b765-69701938f9e0
  Security:	d9f96741-47bd-4426-9aba-8736c0971b24
  Security:	02bee9ae-c5d1-409b-8a79-983a88861509

Changes:
  head/graphics/libraw/Makefile
  head/graphics/libraw/distinfo
  head/graphics/libraw/files/patch-internal_dcraw__common.cpp

Comment 4 Jason E. Hale freebsd_committer

2017-09-29 20:16:21 UTC

I've added the patch locally for the 0.18.x branch since the author has only applied it to the 0.19.x (master) branch. Thanks!

Comment 5 commit-hook freebsd_committer

2017-10-08 13:11:37 UTC

A commit references this bug:

Author: jhale
Date: Sun Oct  8 13:11:18 UTC 2017
New revision: 451526
URL: https://svnweb.freebsd.org/changeset/ports/451526

Log:
  MFH: r450936

  Update to 0.18.5
  This addresses CVE-2017-14265, CVE-2017-14348, and CVE-2017-14608
  Use FreeBSD libc strnlen and strcasestr functions instead of bundled [1]

  PR:		219029 [1]
  Submitted by:	mi [1]
  Security:	4cd857d9-26d2-4417-b765-69701938f9e0
  Security:	d9f96741-47bd-4426-9aba-8736c0971b24
  Security:	02bee9ae-c5d1-409b-8a79-983a88861509

  Approved by:	ports-secteam (swills)

Changes:
_U  branches/2017Q3/
  branches/2017Q3/graphics/libraw/Makefile
  branches/2017Q3/graphics/libraw/distinfo
  branches/2017Q3/graphics/libraw/files/patch-internal_dcraw__common.cpp