diff options
author | Natanael Copa <ncopa@alpinelinux.org> | 2013-08-30 10:00:24 +0000 |
---|---|---|
committer | Natanael Copa <ncopa@alpinelinux.org> | 2013-08-30 10:00:24 +0000 |
commit | 54ea48c2d606ad7dc278b7c9f6e72cf4b11ed9ca (patch) | |
tree | 2b49bdeb7c3f772a90eacf422ab163e83706cea8 /main | |
parent | 56e5349c172966097eb0bb4c96d416d0f198f0a4 (diff) | |
download | aports-54ea48c2d606ad7dc278b7c9f6e72cf4b11ed9ca.tar.bz2 aports-54ea48c2d606ad7dc278b7c9f6e72cf4b11ed9ca.tar.xz |
main/lcms: fix CVE-2013-4276
fixes #2239
Diffstat (limited to 'main')
-rw-r--r-- | main/lcms/APKBUILD | 12 | ||||
-rw-r--r-- | main/lcms/CVE-2013-4276.patch | 62 |
2 files changed, 71 insertions, 3 deletions
diff --git a/main/lcms/APKBUILD b/main/lcms/APKBUILD index 583a251a6a..8f781e31df 100644 --- a/main/lcms/APKBUILD +++ b/main/lcms/APKBUILD @@ -1,7 +1,7 @@ # Maintainer: Natanael Copa <ncopa@alpinelinux.org> pkgname=lcms pkgver=1.19 -pkgrel=4 +pkgrel=5 pkgdesc="Lightweight color management development library/engine" url="http://www.littlecms.com" arch="all" @@ -9,7 +9,8 @@ license="custom" depends= makedepends="tiff-dev libjpeg-turbo-dev zlib-dev" subpackages="$pkgname-dev $pkgname-doc liblcms" -source="http://downloads.sourceforge.net/project/lcms/lcms/$pkgver/lcms-$pkgver.tar.gz" +source="http://downloads.sourceforge.net/project/lcms/lcms/$pkgver/lcms-$pkgver.tar.gz + CVE-2013-4276.patch" _builddir="$srcdir"/$pkgname-$pkgver build() { @@ -34,4 +35,9 @@ liblcms() { mv "$pkgdir"/usr/lib/liblcms.so.* "$subpkgdir"/usr/lib/ } -md5sums="8af94611baf20d9646c7c2c285859818 lcms-1.19.tar.gz" +md5sums="8af94611baf20d9646c7c2c285859818 lcms-1.19.tar.gz +fa1db4861cfa05f4c4a2c826e1c35502 CVE-2013-4276.patch" +sha256sums="80ae32cb9f568af4dc7ee4d3c05a4c31fc513fc3e31730fed0ce7378237273a9 lcms-1.19.tar.gz +cd10cc5ce791ae782b1257e6181a71cbdb685b705779c9ef2ceffc7fb2021bd0 CVE-2013-4276.patch" +sha512sums="85a55ad0673f0df2aaa80d18caa50314319f8da5ee4d84eed919059d0dad9861d684ef6353ce0ec6f9892a4603ce8e8e12f84d46858e23f52846b8aefd3cf449 lcms-1.19.tar.gz +73037e6e2f8e52f402c5160a38e1d8cc6f7f5f88145d68f733f796def539902a6dfcf685eae076d1456d885c782771993dc64f78b4e381421b0e4e8730eaa1d2 CVE-2013-4276.patch" diff --git a/main/lcms/CVE-2013-4276.patch b/main/lcms/CVE-2013-4276.patch new file mode 100644 index 0000000000..8f2f322978 --- /dev/null +++ b/main/lcms/CVE-2013-4276.patch @@ -0,0 +1,62 @@ +diff -ur lcms-1.19.dfsg/samples/icctrans.c lcms-1.19.dfsg-patched/samples/icctrans.c +--- lcms-1.19.dfsg/samples/icctrans.c 2009-10-30 15:57:45.000000000 +0000 ++++ lcms-1.19.dfsg-patched/samples/icctrans.c 2013-08-06 11:53:14.385266647 +0100 +@@ -86,6 +86,8 @@ + static LPcmsNAMEDCOLORLIST InputColorant = NULL; + static LPcmsNAMEDCOLORLIST OutputColorant = NULL; + ++unsigned int Buffer_size = 4096; ++ + + // isatty replacement + +@@ -500,7 +502,7 @@ + + Prefix[0] = 0; + if (!lTerse) +- sprintf(Prefix, "%s=", C); ++ snprintf(Prefix, 20, "%s=", C); + + if (InHexa) + { +@@ -648,7 +650,9 @@ + static + void GetLine(char* Buffer) + { +- scanf("%s", Buffer); ++ char User_buffer[Buffer_size]; ++ fgets(User_buffer, (Buffer_size - 1), stdin); ++ sscanf(User_buffer,"%s", Buffer); + + if (toupper(Buffer[0]) == 'Q') { // Quit? + +@@ -668,7 +672,7 @@ + static + double GetAnswer(const char* Prompt, double Range) + { +- char Buffer[4096]; ++ char Buffer[Buffer_size]; + double val = 0.0; + + if (Range == 0.0) { // Range 0 means double value +@@ -738,7 +742,7 @@ + static + WORD GetIndex(void) + { +- char Buffer[4096], Name[40], Prefix[40], Suffix[40]; ++ char Buffer[Buffer_size], Name[40], Prefix[40], Suffix[40]; + int index, max; + + max = cmsNamedColorCount(hTrans)-1; +diff -ur lcms-1.19.dfsg/tifficc/tiffdiff.c lcms-1.19.dfsg-patched/tifficc/tiffdiff.c +--- lcms-1.19.dfsg/tifficc/tiffdiff.c 2009-10-30 15:57:46.000000000 +0000 ++++ lcms-1.19.dfsg-patched/tifficc/tiffdiff.c 2013-08-06 11:49:06.698951157 +0100 +@@ -633,7 +633,7 @@ + cmsIT8SetSheetType(hIT8, "TIFFDIFF"); + + +- sprintf(Buffer, "Differences between %s and %s", TiffName1, TiffName2); ++ snprintf(Buffer, 256, "Differences between %s and %s", TiffName1, TiffName2); + + cmsIT8SetComment(hIT8, Buffer); + |