gnu: lcms: Update to 2.9.
* gnu/packages/ghostscript.scm (lcms): Update to 2.9. [source]: Remove patch. * gnu/packages/patches/lcms-CVE-2016-10165.patch: Delete file. * gnu/local.mk (dist_patch_DATA): Remove it.
This commit is contained in:
parent
09371ab4d0
commit
c3800f0b6e
|
@ -800,7 +800,6 @@ dist_patch_DATA = \
|
|||
%D%/packages/patches/kobodeluxe-midicon-segmentation-fault.patch \
|
||||
%D%/packages/patches/kobodeluxe-graphics-window-signed-char.patch \
|
||||
%D%/packages/patches/laby-make-install.patch \
|
||||
%D%/packages/patches/lcms-CVE-2016-10165.patch \
|
||||
%D%/packages/patches/ldc-disable-tests.patch \
|
||||
%D%/packages/patches/ldc-1.1.0-disable-dmd-tests.patch \
|
||||
%D%/packages/patches/ldc-1.1.0-disable-phobos-tests.patch \
|
||||
|
|
|
@ -6,6 +6,7 @@
|
|||
;;; Copyright © 2017 Alex Vong <alexvong1995@gmail.com>
|
||||
;;; Copyright © 2017 Efraim Flashner <efraim@flashner.co.il>
|
||||
;;; Copyright © 2017 Leo Famulari <leo@famulari.name>
|
||||
;;; Copyright © 2018 Tobias Geerinckx-Rice <me@tobias.gr>
|
||||
;;;
|
||||
;;; This file is part of GNU Guix.
|
||||
;;;
|
||||
|
@ -43,14 +44,13 @@
|
|||
(define-public lcms
|
||||
(package
|
||||
(name "lcms")
|
||||
(version "2.8")
|
||||
(version "2.9")
|
||||
(source (origin
|
||||
(method url-fetch)
|
||||
(uri (string-append "mirror://sourceforge/lcms/lcms/" version
|
||||
"/lcms2-" version ".tar.gz"))
|
||||
(patches (search-patches "lcms-CVE-2016-10165.patch"))
|
||||
(sha256 (base32
|
||||
"08pvl289g0mbznzx5l6ibhaldsgx41kwvdn2c974ga9fkli2pl36"))))
|
||||
"083xisy6z01zhm7p7rgk4bx9d6zlr8l20qkfv1g29ylnhgwzvij8"))))
|
||||
(build-system gnu-build-system)
|
||||
(inputs `(("libjpeg-8" ,libjpeg-8)
|
||||
("libtiff" ,libtiff)
|
||||
|
|
|
@ -1,36 +0,0 @@
|
|||
Fix CVE-2016-10165, an out-of-bounds heap read in Type_MLU_Read():
|
||||
|
||||
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-10165
|
||||
http://seclists.org/oss-sec/2016/q3/288
|
||||
https://bugzilla.redhat.com/show_bug.cgi?id=1367357
|
||||
https://security-tracker.debian.org/tracker/CVE-2016-10165
|
||||
|
||||
Patch copied from upstream source repository:
|
||||
|
||||
https://github.com/mm2/Little-CMS/commit/5ca71a7bc18b6897ab21d815d15e218e204581e2
|
||||
|
||||
From 5ca71a7bc18b6897ab21d815d15e218e204581e2 Mon Sep 17 00:00:00 2001
|
||||
From: Marti <marti.maria@tktbrainpower.com>
|
||||
Date: Mon, 15 Aug 2016 23:31:39 +0200
|
||||
Subject: [PATCH] Added an extra check to MLU bounds
|
||||
|
||||
Thanks to Ibrahim el-sayed for spotting the bug
|
||||
---
|
||||
src/cmstypes.c | 1 +
|
||||
1 file changed, 1 insertion(+)
|
||||
|
||||
diff --git a/src/cmstypes.c b/src/cmstypes.c
|
||||
index cb61860..c7328b9 100644
|
||||
--- a/src/cmstypes.c
|
||||
+++ b/src/cmstypes.c
|
||||
@@ -1460,6 +1460,7 @@ void *Type_MLU_Read(struct _cms_typehandler_struct* self, cmsIOHANDLER* io, cmsU
|
||||
|
||||
// Check for overflow
|
||||
if (Offset < (SizeOfHeader + 8)) goto Error;
|
||||
+ if ((Offset + Len) > SizeOfTag + 8) goto Error;
|
||||
|
||||
// True begin of the string
|
||||
BeginOfThisString = Offset - SizeOfHeader - 8;
|
||||
--
|
||||
2.11.0
|
||||
|
Loading…
Reference in New Issue