Index: branches/2018Q1/multimedia/libvpx/Makefile
===================================================================
--- branches/2018Q1/multimedia/libvpx/Makefile	(revision 463909)
+++ branches/2018Q1/multimedia/libvpx/Makefile	(revision 463910)
@@ -1,92 +1,92 @@
 # Created by: Ashish SHUKLA <ashish@FreeBSD.org>
 # $FreeBSD$
 
 PORTNAME=	libvpx
 DISTVERSIONPREFIX=	v
 DISTVERSION=	1.6.1
-PORTREVISION=	4
+PORTREVISION=	5
 CATEGORIES=	multimedia
 
 PATCH_SITES=	https://github.com/${GH_ACCOUNT}/${GH_PROJECT}/commit/
 PATCHFILES=	bc4bc9b6223d.patch:-p1
 
 MAINTAINER=	jbeich@FreeBSD.org
 COMMENT=	VP8/VP9 Codec SDK
 
 LICENSE=	BSD3CLAUSE
 LICENSE_FILE=	${WRKSRC}/LICENSE
 
 BUILD_DEPENDS=	nasm:devel/nasm
 
 USE_GITHUB=	yes
 GH_ACCOUNT=	webmproject
 
 USES=		cpe gmake perl5 shebangfix
 CPE_VENDOR=	john_koleszar
 HAS_CONFIGURE=	yes
 USE_PERL5=	build
 USE_LDCONFIG=	yes
 SHEBANG_FILES=	build/make/ads2gas.pl
 CONFIGURE_ENV=	ASFLAGS="${ASFLAGS}"
 # Only explicitly list ARCHs with SIMD optimizations
 CONFIGURE_ARGS_aarch64=	--target=arm64-linux-gcc
 CONFIGURE_ARGS_amd64=	--target=x86_64-linux-gcc
 CONFIGURE_ARGS_armv7=	--target=armv7-linux-gcc
 CONFIGURE_ARGS_i386=	--target=x86-linux-gcc
 CONFIGURE_ARGS+=${CONFIGURE_ARGS_${ARCH}} \
 		--prefix=${PREFIX} \
 		--disable-install-docs \
 		--disable-install-srcs \
 		--enable-pic \
 		--enable-vp8 \
 		--enable-vp9
 MAKE_ARGS+=	verbose=yes
 ASFLAGS+=	${ASFLAGS_${ARCH}}
 ASFLAGS_armv7=	-meabi=5
 ALL_TARGET=	# empty
 
 # armv7 is actually armv6 target before FreeBSD 12.0
 .if ${CFLAGS:M-march=armv7*}
 CONFIGURE_ARGS+=	${CONFIGURE_ARGS_armv7}
 ASFLAGS+=		${ASFLAGS_armv7}
 .endif
 
 OPTIONS_DEFINE=	DEBUG MULTIRES POSTPROC RTCPU SHARED SIZE_LIMIT TEST THREADS
 OPTIONS_DEFAULT=MULTIRES POSTPROC RTCPU SHARED SIZE_LIMIT THREADS
 OPTIONS_EXCLUDE_aarch64=RTCPU
 OPTIONS_SUB=		yes
 
 DEBUG_CONFIGURE_ON=	--enable-debug
 
 MULTIRES_DESC=		Enable multi-resolution encoding
 MULTIRES_CONFIGURE_ON=	--enable-multi-res-encoding
 
 POSTPROC_DESC=		Enable postprocessing
 POSTPROC_CONFIGURE_ON=	--enable-postproc --enable-vp9-postproc	\
 			--enable-vp9-temporal-denoising
 
 RTCPU_DESC=		Detect CPU capabilities at runtime
 RTCPU_CONFIGURE_ON=	--enable-runtime-cpu-detect
 
 SHARED_DESC=		Enable shared-library support
 SHARED_CONFIGURE_ON=	--enable-shared
 
 SIZE_LIMIT_DESC=	Maximum size allowed by decoder: ${SIZE_LIMIT}
 SIZE_LIMIT_CONFIGURE_ON=--size-limit=${SIZE_LIMIT}
 SIZE_LIMIT?=		16384x16384 # Chromium; Firefox has 4000x3000
 
 TEST_CONFIGURE_OFF=	--disable-unit-tests
 
 THREADS_CONFIGURE_OFF=	--disable-multithread
 
 post-patch:
 	@${REINPLACE_CMD} 's|\(link_with_cc\)=gcc|\1=$${CC}|' \
 		${WRKSRC}/build/make/configure.sh
 
 post-install:
 	@${STRIP_CMD} ${STAGEDIR}${PREFIX}/bin/vpx*
 
 post-install-SHARED-on:
 	@${STRIP_CMD} ${STAGEDIR}${PREFIX}/lib/libvpx.so.*.*.*
 
 .include <bsd.port.mk>
Index: branches/2018Q1/multimedia/libvpx/files/patch-CVE-2017-13194
===================================================================
--- branches/2018Q1/multimedia/libvpx/files/patch-CVE-2017-13194	(nonexistent)
+++ branches/2018Q1/multimedia/libvpx/files/patch-CVE-2017-13194	(revision 463910)
@@ -0,0 +1,43 @@
+https://chromium.googlesource.com/webm/libvpx/+/5a40c8fde11b%5E!/
+https://chromium.googlesource.com/webm/libvpx/+/33c598990bc7%5E!/
+
+--- vpx/src/vpx_image.c.orig	2017-01-12 20:27:27 UTC
++++ vpx/src/vpx_image.c
+@@ -88,11 +88,10 @@ static vpx_image_t *img_alloc_helper(vpx_image_t *img,
+     default: ycs = 0; break;
+   }
+ 
+-  /* Calculate storage sizes given the chroma subsampling */
+-  align = (1 << xcs) - 1;
+-  w = (d_w + align) & ~align;
+-  align = (1 << ycs) - 1;
+-  h = (d_h + align) & ~align;
++  /* Calculate storage sizes. If the buffer was allocated externally, the width
++   * and height shouldn't be adjusted. */
++  w = d_w;
++  h = d_h;
+   s = (fmt & VPX_IMG_FMT_PLANAR) ? w : bps * w / 8;
+   s = (s + stride_align - 1) & ~(stride_align - 1);
+   stride_in_bytes = (fmt & VPX_IMG_FMT_HIGHBITDEPTH) ? s * 2 : s;
+@@ -111,9 +110,18 @@ static vpx_image_t *img_alloc_helper(vpx_image_t *img,
+   img->img_data = img_data;
+ 
+   if (!img_data) {
+-    const uint64_t alloc_size = (fmt & VPX_IMG_FMT_PLANAR)
+-                                    ? (uint64_t)h * s * bps / 8
+-                                    : (uint64_t)h * s;
++    uint64_t alloc_size;
++    /* Calculate storage sizes given the chroma subsampling */
++    align = (1 << xcs) - 1;
++    w = (d_w + align) & ~align;
++    align = (1 << ycs) - 1;
++    h = (d_h + align) & ~align;
++
++    s = (fmt & VPX_IMG_FMT_PLANAR) ? w : bps * w / 8;
++    s = (s + stride_align - 1) & ~(stride_align - 1);
++    stride_in_bytes = (fmt & VPX_IMG_FMT_HIGHBITDEPTH) ? s * 2 : s;
++    alloc_size = (fmt & VPX_IMG_FMT_PLANAR) ? (uint64_t)h * s * bps / 8
++                                            : (uint64_t)h * s;
+ 
+     if (alloc_size != (size_t)alloc_size) goto fail;
+ 

Property changes on: branches/2018Q1/multimedia/libvpx/files/patch-CVE-2017-13194
___________________________________________________________________
Added: fbsd:nokeywords
## -0,0 +1 ##
+yes
\ No newline at end of property
Added: svn:eol-style
## -0,0 +1 ##
+native
\ No newline at end of property
Added: svn:mime-type
## -0,0 +1 ##
+text/plain
\ No newline at end of property