graphics/ilmbase,openexr: fix vulnerabilities

Uses backported patches from upstream Git repository, without the
exr2aces parts, and regenerates all openexr patches from scratch.

MFH:		2019Q4 (blanket, security patches)
Security:	e4d9dffb-2a32-11ea-9693-e1b3f6feec79
Security:	CVE-2018-18443
Security:	CVE-2018-18444

2 files changed, 31 insertions, 1 deletions

diff --git a/graphics/ilmbase/Makefile b/graphics/ilmbase/Makefile
index ad70373ee27e..d5b5f41d31f8 100644
--- a/graphics/ilmbase/Makefile
+++ b/graphics/ilmbase/Makefile
@@ -3,7 +3,7 @@
 
 PORTNAME=	ilmbase
 PORTVERSION=	2.3.0
-PORTREVISION=	3
+PORTREVISION=	4
 CATEGORIES=	graphics devel
 MASTER_SITES=	https://github.com/openexr/openexr/releases/download/v${PORTVERSION}/
 
diff --git a/graphics/ilmbase/files/patch-CVE-2018-18443 b/graphics/ilmbase/files/patch-CVE-2018-18443
new file mode 100644
index 000000000000..babaadd8daea
--- /dev/null
+++ b/graphics/ilmbase/files/patch-CVE-2018-18443
@@ -0,0 +1,30 @@
+From adbc1900cb9d25fcc4df008d4008b781cf2fa4f8 Mon Sep 17 00:00:00 2001
+From: Kimball Thurston <kdt3rd@gmail.com>
+Date: Thu, 27 Jun 2019 22:15:17 +1200
+Subject: [PATCH] Fix #350 - memory leak on exit
+
+This fixes CVE-2018-18443, the last thread pool provider set into the
+pool was not being correctly cleaned up at shutdown of the thread pool.
+
+Signed-off-by: Kimball Thurston <kdt3rd@gmail.com>
+---
+ CHANGES.md                          | 4 ++++ -- OMITTED/Matthias Andree
+ IlmBase/IlmThread/IlmThreadPool.cpp | 2 ++
+ 2 files changed, 6 insertions(+)
+
+diff --git a/IlmBase/IlmThread/IlmThreadPool.cpp b/IlmBase/IlmThread/IlmThreadPool.cpp
+index 174ab98c..24ca7395 100644
+--- ./IlmThread/IlmThreadPool.cpp~
++++ ./IlmThread/IlmThreadPool.cpp
+@@ -566,9 +566,11 @@ ThreadPool::Data::~Data()
+ {
+ #ifdef ILMBASE_FORCE_CXX03
+     provider->finish();
++    delete provider;
+ #else
+     ThreadPoolProvider *p = provider.load( std::memory_order_relaxed );
+     p->finish();
++    delete p;
+ #endif
+ }
+