main/lcms: fix CVE-2013-4276

fixes #2238
author: Natanael Copa <ncopa@alpinelinux.org> 2013-08-30 10:00:24 +0000
committer: Natanael Copa <ncopa@alpinelinux.org> 2013-08-30 10:04:06 +0000
commit: e5fc4122c8293488c59bfb980d6da123a3910080 (patch)
tree: aa15d19f12c017e5e711e128b4ecfc7b930c22d6
parent: 437a2ab6eccb070bfbccd6e3f9b3dac4afad2e12 (diff)
download: alpine_aports-e5fc4122c8293488c59bfb980d6da123a3910080.tar.bz2
alpine_aports-e5fc4122c8293488c59bfb980d6da123a3910080.tar.xz
alpine_aports-e5fc4122c8293488c59bfb980d6da123a3910080.zip
2 files changed, 71 insertions, 3 deletions
diff --git a/main/lcms/APKBUILD b/main/lcms/APKBUILD
index c2d09b112b..94fec4a543 100644
--- a/main/lcms/APKBUILD
+++ b/main/lcms/APKBUILD
@@ -1,7 +1,7 @@
 # Maintainer: Natanael Copa <ncopa@alpinelinux.org>
 pkgname=lcms
 pkgver=1.19
-pkgrel=4
+pkgrel=5
 pkgdesc="Lightweight color management development library/engine"
 url="http://www.littlecms.com"
 arch="all"
@@ -9,7 +9,8 @@ license="custom"
 depends=
 makedepends="tiff-dev libjpeg-turbo-dev zlib-dev"
 subpackages="$pkgname-dev $pkgname-doc liblcms"
-source="http://downloads.sourceforge.net/project/lcms/lcms/$pkgver/lcms-$pkgver.tar.gz"
+source="http://downloads.sourceforge.net/project/lcms/lcms/$pkgver/lcms-$pkgver.tar.gz
+        CVE-2013-4276.patch"
 _builddir="$srcdir"/$pkgname-$pkgver
 build() {
@@ -30,4 +31,9 @@ liblcms() {
        mv "$pkgdir"/usr/lib/liblcms.so.* "$subpkgdir"/usr/lib/
 }
-md5sums="8af94611baf20d9646c7c2c285859818  lcms-1.19.tar.gz"
+md5sums="8af94611baf20d9646c7c2c285859818  lcms-1.19.tar.gz
+fa1db4861cfa05f4c4a2c826e1c35502  CVE-2013-4276.patch"
+sha256sums="80ae32cb9f568af4dc7ee4d3c05a4c31fc513fc3e31730fed0ce7378237273a9  lcms-1.19.tar.gz
+cd10cc5ce791ae782b1257e6181a71cbdb685b705779c9ef2ceffc7fb2021bd0  CVE-2013-4276.patch"
+sha512sums="85a55ad0673f0df2aaa80d18caa50314319f8da5ee4d84eed919059d0dad9861d684ef6353ce0ec6f9892a4603ce8e8e12f84d46858e23f52846b8aefd3cf449  lcms-1.19.tar.gz
+73037e6e2f8e52f402c5160a38e1d8cc6f7f5f88145d68f733f796def539902a6dfcf685eae076d1456d885c782771993dc64f78b4e381421b0e4e8730eaa1d2  CVE-2013-4276.patch"
diff --git a/main/lcms/CVE-2013-4276.patch b/main/lcms/CVE-2013-4276.patch
new file mode 100644
index 0000000000..8f2f322978
--- /dev/null
+++ b/main/lcms/CVE-2013-4276.patch
@@ -0,0 +1,62 @@
+diff -ur lcms-1.19.dfsg/samples/icctrans.c lcms-1.19.dfsg-patched/samples/icctrans.c
+--- lcms-1.19.dfsg/samples/icctrans.c   2009-10-30 15:57:45.000000000 +0000
+++ lcms-1.19.dfsg-patched/samples/icctrans.c   2013-08-06 11:53:14.385266647 +0100
+@@ -86,6 +86,8 @@
+ static LPcmsNAMEDCOLORLIST InputColorant = NULL;
+ static LPcmsNAMEDCOLORLIST OutputColorant = NULL;
+ 
+unsigned int Buffer_size = 4096;
+
+ 
+ // isatty replacement
+ 
+@@ -500,7 +502,7 @@
+ 
+     Prefix[0] = 0;
+     if (!lTerse)
+-        sprintf(Prefix, "%s=", C);
+        snprintf(Prefix, 20, "%s=", C);
+ 
+     if (InHexa)
+     {
+@@ -648,7 +650,9 @@
+ static
+ void GetLine(char* Buffer)
+ {    
+-    scanf("%s", Buffer);
+    char User_buffer[Buffer_size];
+    fgets(User_buffer, (Buffer_size - 1), stdin);
+    sscanf(User_buffer,"%s", Buffer);
+     
+     if (toupper(Buffer[0]) == 'Q') { // Quit?
+ 
+@@ -668,7 +672,7 @@
+ static
+ double GetAnswer(const char* Prompt, double Range)
+ {
+-    char Buffer[4096];
+    char Buffer[Buffer_size];
+     double val = 0.0;
+               
+     if (Range == 0.0) {              // Range 0 means double value
+@@ -738,7 +742,7 @@
+ static
+ WORD GetIndex(void)
+ {
+-    char Buffer[4096], Name[40], Prefix[40], Suffix[40];
+    char Buffer[Buffer_size], Name[40], Prefix[40], Suffix[40];
+     int index, max;
+ 
+     max = cmsNamedColorCount(hTrans)-1;
+diff -ur lcms-1.19.dfsg/tifficc/tiffdiff.c lcms-1.19.dfsg-patched/tifficc/tiffdiff.c
+--- lcms-1.19.dfsg/tifficc/tiffdiff.c   2009-10-30 15:57:46.000000000 +0000
+++ lcms-1.19.dfsg-patched/tifficc/tiffdiff.c   2013-08-06 11:49:06.698951157 +0100
+@@ -633,7 +633,7 @@
+     cmsIT8SetSheetType(hIT8, "TIFFDIFF");
+     
+    
+-    sprintf(Buffer, "Differences between %s and %s", TiffName1, TiffName2);
+    snprintf(Buffer, 256, "Differences between %s and %s", TiffName1, TiffName2);
+   
+     cmsIT8SetComment(hIT8, Buffer);
+
author	Natanael Copa <ncopa@alpinelinux.org>	2013-08-30 10:00:24 +0000
committer	Natanael Copa <ncopa@alpinelinux.org>	2013-08-30 10:04:06 +0000
commit	e5fc4122c8293488c59bfb980d6da123a3910080 (patch)
tree	aa15d19f12c017e5e711e128b4ecfc7b930c22d6
parent	437a2ab6eccb070bfbccd6e3f9b3dac4afad2e12 (diff)
download	alpine_aports-e5fc4122c8293488c59bfb980d6da123a3910080.tar.bz2 alpine_aports-e5fc4122c8293488c59bfb980d6da123a3910080.tar.xz alpine_aports-e5fc4122c8293488c59bfb980d6da123a3910080.zip

diff --git a/main/lcms/APKBUILD b/main/lcms/APKBUILD index c2d09b112b..94fec4a543 100644 --- a/main/lcms/APKBUILD +++ b/main/lcms/APKBUILD
@@ -1,7 +1,7 @@
1	# Maintainer: Natanael Copa <ncopa@alpinelinux.org>	1	# Maintainer: Natanael Copa <ncopa@alpinelinux.org>
2	pkgname=lcms	2	pkgname=lcms
3	pkgver=1.19	3	pkgver=1.19
4	pkgrel=4	4	pkgrel=5
5	pkgdesc="Lightweight color management development library/engine"	5	pkgdesc="Lightweight color management development library/engine"
6	url="http://www.littlecms.com"	6	url="http://www.littlecms.com"
7	arch="all"	7	arch="all"
@@ -9,7 +9,8 @@ license="custom"
9	depends=	9	depends=
10	makedepends="tiff-dev libjpeg-turbo-dev zlib-dev"	10	makedepends="tiff-dev libjpeg-turbo-dev zlib-dev"
11	subpackages="$pkgname-dev $pkgname-doc liblcms"	11	subpackages="$pkgname-dev $pkgname-doc liblcms"
12	source="http://downloads.sourceforge.net/project/lcms/lcms/$pkgver/lcms-$pkgver.tar.gz"	12	source="http://downloads.sourceforge.net/project/lcms/lcms/$pkgver/lcms-$pkgver.tar.gz
		13	CVE-2013-4276.patch"
13		14
14	_builddir="$srcdir"/$pkgname-$pkgver	15	_builddir="$srcdir"/$pkgname-$pkgver
15	build() {	16	build() {
@@ -30,4 +31,9 @@ liblcms() {
30	mv "$pkgdir"/usr/lib/liblcms.so.* "$subpkgdir"/usr/lib/	31	mv "$pkgdir"/usr/lib/liblcms.so.* "$subpkgdir"/usr/lib/
31	}	32	}
32		33
33	md5sums="8af94611baf20d9646c7c2c285859818 lcms-1.19.tar.gz"	34	md5sums="8af94611baf20d9646c7c2c285859818 lcms-1.19.tar.gz
		35	fa1db4861cfa05f4c4a2c826e1c35502 CVE-2013-4276.patch"
		36	sha256sums="80ae32cb9f568af4dc7ee4d3c05a4c31fc513fc3e31730fed0ce7378237273a9 lcms-1.19.tar.gz
		37	cd10cc5ce791ae782b1257e6181a71cbdb685b705779c9ef2ceffc7fb2021bd0 CVE-2013-4276.patch"
		38	sha512sums="85a55ad0673f0df2aaa80d18caa50314319f8da5ee4d84eed919059d0dad9861d684ef6353ce0ec6f9892a4603ce8e8e12f84d46858e23f52846b8aefd3cf449 lcms-1.19.tar.gz
		39	73037e6e2f8e52f402c5160a38e1d8cc6f7f5f88145d68f733f796def539902a6dfcf685eae076d1456d885c782771993dc64f78b4e381421b0e4e8730eaa1d2 CVE-2013-4276.patch"


diff --git a/main/lcms/CVE-2013-4276.patch b/main/lcms/CVE-2013-4276.patch new file mode 100644 index 0000000000..8f2f322978 --- /dev/null +++ b/main/lcms/CVE-2013-4276.patch
@@ -0,0 +1,62 @@
		1	diff -ur lcms-1.19.dfsg/samples/icctrans.c lcms-1.19.dfsg-patched/samples/icctrans.c
		2	--- lcms-1.19.dfsg/samples/icctrans.c 2009-10-30 15:57:45.000000000 +0000
		3	+++ lcms-1.19.dfsg-patched/samples/icctrans.c 2013-08-06 11:53:14.385266647 +0100
		4	@@ -86,6 +86,8 @@
		5	static LPcmsNAMEDCOLORLIST InputColorant = NULL;
		6	static LPcmsNAMEDCOLORLIST OutputColorant = NULL;
		7
		8	+unsigned int Buffer_size = 4096;
		9	+
		10
		11	// isatty replacement
		12
		13	@@ -500,7 +502,7 @@
		14
		15	Prefix[0] = 0;
		16	if (!lTerse)
		17	- sprintf(Prefix, "%s=", C);
		18	+ snprintf(Prefix, 20, "%s=", C);
		19
		20	if (InHexa)
		21	{
		22	@@ -648,7 +650,9 @@
		23	static
		24	void GetLine(char* Buffer)
		25	{
		26	- scanf("%s", Buffer);
		27	+ char User_buffer[Buffer_size];
		28	+ fgets(User_buffer, (Buffer_size - 1), stdin);
		29	+ sscanf(User_buffer,"%s", Buffer);
		30
		31	if (toupper(Buffer[0]) == 'Q') { // Quit?
		32
		33	@@ -668,7 +672,7 @@
		34	static
		35	double GetAnswer(const char* Prompt, double Range)
		36	{
		37	- char Buffer[4096];
		38	+ char Buffer[Buffer_size];
		39	double val = 0.0;
		40
		41	if (Range == 0.0) { // Range 0 means double value
		42	@@ -738,7 +742,7 @@
		43	static
		44	WORD GetIndex(void)
		45	{
		46	- char Buffer[4096], Name[40], Prefix[40], Suffix[40];
		47	+ char Buffer[Buffer_size], Name[40], Prefix[40], Suffix[40];
		48	int index, max;
		49
		50	max = cmsNamedColorCount(hTrans)-1;
		51	diff -ur lcms-1.19.dfsg/tifficc/tiffdiff.c lcms-1.19.dfsg-patched/tifficc/tiffdiff.c
		52	--- lcms-1.19.dfsg/tifficc/tiffdiff.c 2009-10-30 15:57:46.000000000 +0000
		53	+++ lcms-1.19.dfsg-patched/tifficc/tiffdiff.c 2013-08-06 11:49:06.698951157 +0100
		54	@@ -633,7 +633,7 @@
		55	cmsIT8SetSheetType(hIT8, "TIFFDIFF");
		56
		57
		58	- sprintf(Buffer, "Differences between %s and %s", TiffName1, TiffName2);
		59	+ snprintf(Buffer, 256, "Differences between %s and %s", TiffName1, TiffName2);
		60
		61	cmsIT8SetComment(hIT8, Buffer);
		62