aboutsummaryrefslogtreecommitdiffstats
path: root/main/lcms2
diff options
context:
space:
mode:
authorSergey Lukin <sergej.lukin@gmail.com>2017-01-31 14:58:51 +0000
committerTimo Teräs <timo.teras@iki.fi>2017-02-01 12:33:18 +0000
commitc9d1081114d13e615a2bafddd82df7793666aad6 (patch)
tree197d71deed01f0ec4ba7494e7741794b439e96e0 /main/lcms2
parent6e8c50b532818c09f21cacb85a5a99733687c0e6 (diff)
downloadaports-c9d1081114d13e615a2bafddd82df7793666aad6.tar.bz2
aports-c9d1081114d13e615a2bafddd82df7793666aad6.tar.xz
main/lcms2: security fixes #6777
CVE-2016-10165: Out-of-bounds read in Type_MLU_Read()
Diffstat (limited to 'main/lcms2')
-rw-r--r--main/lcms2/APKBUILD28
-rw-r--r--main/lcms2/CVE-2016-10165.patch20
2 files changed, 39 insertions, 9 deletions
diff --git a/main/lcms2/APKBUILD b/main/lcms2/APKBUILD
index 78d86b41c6..308e8d5d82 100644
--- a/main/lcms2/APKBUILD
+++ b/main/lcms2/APKBUILD
@@ -1,7 +1,8 @@
+# Contributor: Sergei Lukin <sergej.lukin@gmail.com>
# Maintainer: Natanael Copa <ncopa@alpinelinux.org>
pkgname=lcms2
pkgver=2.8
-pkgrel=0
+pkgrel=1
pkgdesc="Color Management Engine"
url="http://www.littlecms.com/"
arch="all"
@@ -11,12 +12,18 @@ depends_dev="libjpeg-turbo-dev tiff-dev zlib-dev"
makedepends="$depends_dev"
install=""
subpackages="$pkgname-dev $pkgname-doc $pkgname-utils"
-source="http://www.littlecms.com/lcms2-$pkgver.tar.gz"
+source="http://www.littlecms.com/lcms2-$pkgver.tar.gz
+ CVE-2016-10165.patch
+ "
-_builddir="$srcdir"/lcms2-$pkgver
+# secfixes:
+# 2.8-r1:
+# - CVE-2016-10165
+
+builddir="$srcdir"/lcms2-$pkgver
prepare() {
local i
- cd "$_builddir"
+ cd "$builddir"
for i in $source; do
case $i in
*.patch) msg $i; patch -p1 -i "$srcdir"/$i || return 1;;
@@ -25,7 +32,7 @@ prepare() {
}
build() {
- cd "$_builddir"
+ cd "$builddir"
./configure \
--build=$CBUILD \
--host=$CHOST \
@@ -40,7 +47,7 @@ build() {
}
package() {
- cd "$_builddir"
+ cd "$builddir"
make DESTDIR="$pkgdir" install || return 1
}
@@ -50,6 +57,9 @@ utils() {
mv "$pkgdir"/usr/bin "$subpkgdir"/usr/
}
-md5sums="87a5913f1a52464190bb655ad230539c lcms2-2.8.tar.gz"
-sha256sums="66d02b229d2ea9474e62c2b6cd6720fde946155cd1d0d2bffdab829790a0fb22 lcms2-2.8.tar.gz"
-sha512sums="a9478885b4892c79314a2ef9ab560e6655ac8f2d17abae0805e8b871138bb190e21f0e5c805398449f9dad528dc50baaf9e3cce8b8158eb8ff74179be5733f8f lcms2-2.8.tar.gz"
+md5sums="87a5913f1a52464190bb655ad230539c lcms2-2.8.tar.gz
+bd143d366e5ad5d2b7da0b1a9255704d CVE-2016-10165.patch"
+sha256sums="66d02b229d2ea9474e62c2b6cd6720fde946155cd1d0d2bffdab829790a0fb22 lcms2-2.8.tar.gz
+66d2b7e9ff6aa0896acf0a107e131b9d34d4d8fb7d4129f4eace3a84b17c9cd4 CVE-2016-10165.patch"
+sha512sums="a9478885b4892c79314a2ef9ab560e6655ac8f2d17abae0805e8b871138bb190e21f0e5c805398449f9dad528dc50baaf9e3cce8b8158eb8ff74179be5733f8f lcms2-2.8.tar.gz
+f1e4ed19d6ab8135927d08da717b141df0f63053000a308a22a903fd4c65c1fd7aefc4508a759c737df4cd5ac4347bd1999157cdfc082930254f90a88b11026e CVE-2016-10165.patch"
diff --git a/main/lcms2/CVE-2016-10165.patch b/main/lcms2/CVE-2016-10165.patch
new file mode 100644
index 0000000000..f0e452f3b5
--- /dev/null
+++ b/main/lcms2/CVE-2016-10165.patch
@@ -0,0 +1,20 @@
+commit 5ca71a7bc18b6897ab21d815d15e218e204581e2
+Author: Marti <marti.maria@tktbrainpower.com>
+Date: Mon Aug 15 23:31:39 2016 +0200
+
+ Added an extra check to MLU bounds
+
+ Thanks to Ibrahim el-sayed for spotting the bug
+
+diff --git a/src/cmstypes.c b/src/cmstypes.c
+index cb61860..c7328b9 100644
+--- a/src/cmstypes.c
++++ b/src/cmstypes.c
+@@ -1460,6 +1460,7 @@ void *Type_MLU_Read(struct _cms_typehandler_struct* self, cmsIOHANDLER* io, cmsU
+
+ // Check for overflow
+ if (Offset < (SizeOfHeader + 8)) goto Error;
++ if ((Offset + Len) > SizeOfTag + 8) goto Error;
+
+ // True begin of the string
+ BeginOfThisString = Offset - SizeOfHeader - 8;
generated by cgit v1.2.3 (git 2.25.1) at 2024-11-15 12:02:12 +0000