[gentoo-commits] repo/gentoo:master commit in: media-libs/lcms/, media-libs/lcms/files/ - gentoo-commits

From:	"Andreas Hüttel" <dilfridge@g.o>
To:	gentoo-commits@l.g.o
Subject:	[gentoo-commits] repo/gentoo:master commit in: media-libs/lcms/, media-libs/lcms/files/
Date:	Fri, 27 Jan 2017 20:58:45
Message-Id:	`1485550714.d0b5a9d997ee762c077790a87a48bc611d765d74.dilfridge@gentoo`

1

commit:     d0b5a9d997ee762c077790a87a48bc611d765d74

2

Author:     Andreas K. Hüttel <dilfridge <AT> gentoo <DOT> org>

3

AuthorDate: Fri Jan 27 20:58:11 2017 +0000

4

Commit:     Andreas Hüttel <dilfridge <AT> gentoo <DOT> org>

5

CommitDate: Fri Jan 27 20:58:34 2017 +0000

6

URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=d0b5a9d9

7

8

media-libs/lcms: Add patch for out-of-bounds read in Type_MLU_Read() (CVE-2016-10165), bug 591452

9

10

Package-Manager: Portage-2.3.3, Repoman-2.3.1

11

12

 .../lcms/files/lcms-2.8-CVE-2016-10165.patch       | 22 ++++++++++

13

 media-libs/lcms/lcms-2.8-r1.ebuild                 | 51 ++++++++++++++++++++++

14

 2 files changed, 73 insertions(+)

15

16

diff --git a/media-libs/lcms/files/lcms-2.8-CVE-2016-10165.patch b/media-libs/lcms/files/lcms-2.8-CVE-2016-10165.patch

17

new file mode 100644

18

index 00000000..b380cf4

19

--- /dev/null

20

+++ b/media-libs/lcms/files/lcms-2.8-CVE-2016-10165.patch

21

@@ -0,0 +1,22 @@

22

+From 5ca71a7bc18b6897ab21d815d15e218e204581e2 Mon Sep 17 00:00:00 2001

23

+From: Marti <marti.maria@×××××××××××××.com>

24

+Date: Mon, 15 Aug 2016 23:31:39 +0200

25

+Subject: [PATCH] Added an extra check to MLU bounds

26

+

27

+Thanks to Ibrahim el-sayed for spotting the bug

28

+---

29

+ src/cmstypes.c | 1 +

30

+ 1 file changed, 1 insertion(+)

31

+

32

+diff --git a/src/cmstypes.c b/src/cmstypes.c

33

+index cb61860..c7328b9 100644

34

+--- a/src/cmstypes.c

35

++++ b/src/cmstypes.c

36

+@@ -1460,6 +1460,7 @@ void *Type_MLU_Read(struct _cms_typehandler_struct* self, cmsIOHANDLER* io, cmsU

37

+

38

+         // Check for overflow

39

+         if (Offset < (SizeOfHeader + 8)) goto Error;

40

++        if ((Offset + Len) > SizeOfTag + 8) goto Error;

41

+

42

+         // True begin of the string

43

+         BeginOfThisString = Offset - SizeOfHeader - 8;

44

45

diff --git a/media-libs/lcms/lcms-2.8-r1.ebuild b/media-libs/lcms/lcms-2.8-r1.ebuild

46

new file mode 100644

47

index 00000000..10208ae

48

--- /dev/null

49

+++ b/media-libs/lcms/lcms-2.8-r1.ebuild

50

@@ -0,0 +1,51 @@

51

+# Copyright 1999-2017 Gentoo Foundation

52

+# Distributed under the terms of the GNU General Public License v2

53

+# $Id$

54

+

55

+EAPI=6

56

+AUTOTOOLS_PRUNE_LIBTOOL_FILES="modules"

57

+inherit eutils multilib-minimal

58

+

59

+DESCRIPTION="A lightweight, speed optimized color management engine"

60

+HOMEPAGE="http://www.littlecms.com/"

61

+SRC_URI="mirror://sourceforge/${PN}/lcms2-${PV}.tar.gz"

62

+

63

+LICENSE="MIT"

64

+SLOT="2"

65

+KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~s390 ~sh ~sparc ~x86 ~amd64-fbsd ~sparc-fbsd ~x86-fbsd ~x86-freebsd ~amd64-linux ~arm-linux ~x86-linux ~ppc-macos ~x64-macos ~x86-macos ~m68k-mint ~sparc-solaris ~x64-solaris ~x86-solaris"

66

+IUSE="doc jpeg static-libs +threads test tiff zlib"

67

+

68

+RDEPEND="jpeg? ( >=virtual/jpeg-0-r2:0[${MULTILIB_USEDEP}] )

69

+	tiff? ( >=media-libs/tiff-4.0.3-r6:0=[${MULTILIB_USEDEP}] )

70

+	zlib? ( >=sys-libs/zlib-1.2.8-r1:=[${MULTILIB_USEDEP}] )

71

+	abi_x86_32? (

72

+		!<=app-emulation/emul-linux-x86-baselibs-20130224-r10

73

+		!app-emulation/emul-linux-x86-baselibs[-abi_x86_32(-)]

74

+	)"

75

+DEPEND="${RDEPEND}"

76

+

77

+S=${WORKDIR}/lcms2-${PV}

78

+

79

+PATCHES=(

80

+	"${FILESDIR}/${P}-CVE-2016-10165.patch"

81

+)

82

+

83

+multilib_src_configure() {

84

+	local myeconfargs=(

85

+		$(use_with jpeg)

86

+		$(use_with tiff)

87

+		$(use_with zlib)

88

+		$(use_with threads)

89

+	)

90

+	ECONF_SOURCE="${S}" \

91

+	econf ${myeconfargs[@]}

92

+}

93

+

94

+multilib_src_install_all() {

95

+	find "${ED}" \( -name "*.la" -o -name "*.a" \) -delete || die

96

+

97

+	if use doc; then

98

+		docinto pdf

99

+		dodoc doc/*.pdf

100

+	fi

101

+}

1	commit: d0b5a9d997ee762c077790a87a48bc611d765d74
2	Author: Andreas K. Hüttel <dilfridge <AT> gentoo <DOT> org>
3	AuthorDate: Fri Jan 27 20:58:11 2017 +0000
4	Commit: Andreas Hüttel <dilfridge <AT> gentoo <DOT> org>
5	CommitDate: Fri Jan 27 20:58:34 2017 +0000
6	URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=d0b5a9d9
7
8	media-libs/lcms: Add patch for out-of-bounds read in Type_MLU_Read() (CVE-2016-10165), bug 591452
9
10	Package-Manager: Portage-2.3.3, Repoman-2.3.1
11
12	.../lcms/files/lcms-2.8-CVE-2016-10165.patch \| 22 ++++++++++
13	media-libs/lcms/lcms-2.8-r1.ebuild \| 51 ++++++++++++++++++++++
14	2 files changed, 73 insertions(+)
15
16	diff --git a/media-libs/lcms/files/lcms-2.8-CVE-2016-10165.patch b/media-libs/lcms/files/lcms-2.8-CVE-2016-10165.patch
17	new file mode 100644
18	index 00000000..b380cf4
19	--- /dev/null
20	+++ b/media-libs/lcms/files/lcms-2.8-CVE-2016-10165.patch
21	@@ -0,0 +1,22 @@
22	+From 5ca71a7bc18b6897ab21d815d15e218e204581e2 Mon Sep 17 00:00:00 2001
23	+From: Marti <marti.maria@×××××××××××××.com>
24	+Date: Mon, 15 Aug 2016 23:31:39 +0200
25	+Subject: [PATCH] Added an extra check to MLU bounds
26	+
27	+Thanks to Ibrahim el-sayed for spotting the bug
28	+---
29	+ src/cmstypes.c \| 1 +
30	+ 1 file changed, 1 insertion(+)
31	+
32	+diff --git a/src/cmstypes.c b/src/cmstypes.c
33	+index cb61860..c7328b9 100644
34	+--- a/src/cmstypes.c
35	++++ b/src/cmstypes.c
36	+@@ -1460,6 +1460,7 @@ void Type_MLU_Read(struct _cms_typehandler_struct self, cmsIOHANDLER* io, cmsU
37	+
38	+ // Check for overflow
39	+ if (Offset < (SizeOfHeader + 8)) goto Error;
40	++ if ((Offset + Len) > SizeOfTag + 8) goto Error;
41	+
42	+ // True begin of the string
43	+ BeginOfThisString = Offset - SizeOfHeader - 8;
44
45	diff --git a/media-libs/lcms/lcms-2.8-r1.ebuild b/media-libs/lcms/lcms-2.8-r1.ebuild
46	new file mode 100644
47	index 00000000..10208ae
48	--- /dev/null
49	+++ b/media-libs/lcms/lcms-2.8-r1.ebuild
50	@@ -0,0 +1,51 @@
51	+# Copyright 1999-2017 Gentoo Foundation
52	+# Distributed under the terms of the GNU General Public License v2
53	+# $Id$
54	+
55	+EAPI=6
56	+AUTOTOOLS_PRUNE_LIBTOOL_FILES="modules"
57	+inherit eutils multilib-minimal
58	+
59	+DESCRIPTION="A lightweight, speed optimized color management engine"
60	+HOMEPAGE="http://www.littlecms.com/"
61	+SRC_URI="mirror://sourceforge/${PN}/lcms2-${PV}.tar.gz"
62	+
63	+LICENSE="MIT"
64	+SLOT="2"
65	+KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~s390 ~sh ~sparc ~x86 ~amd64-fbsd ~sparc-fbsd ~x86-fbsd ~x86-freebsd ~amd64-linux ~arm-linux ~x86-linux ~ppc-macos ~x64-macos ~x86-macos ~m68k-mint ~sparc-solaris ~x64-solaris ~x86-solaris"
66	+IUSE="doc jpeg static-libs +threads test tiff zlib"
67	+
68	+RDEPEND="jpeg? ( >=virtual/jpeg-0-r2:0[${MULTILIB_USEDEP}] )
69	+ tiff? ( >=media-libs/tiff-4.0.3-r6:0=[${MULTILIB_USEDEP}] )
70	+ zlib? ( >=sys-libs/zlib-1.2.8-r1:=[${MULTILIB_USEDEP}] )
71	+ abi_x86_32? (
72	+ !<=app-emulation/emul-linux-x86-baselibs-20130224-r10
73	+ !app-emulation/emul-linux-x86-baselibs[-abi_x86_32(-)]
74	+ )"
75	+DEPEND="${RDEPEND}"
76	+
77	+S=${WORKDIR}/lcms2-${PV}
78	+
79	+PATCHES=(
80	+ "${FILESDIR}/${P}-CVE-2016-10165.patch"
81	+)
82	+
83	+multilib_src_configure() {
84	+ local myeconfargs=(
85	+ $(use_with jpeg)
86	+ $(use_with tiff)
87	+ $(use_with zlib)
88	+ $(use_with threads)
89	+ )
90	+ ECONF_SOURCE="${S}" \
91	+ econf ${myeconfargs[@]}
92	+}
93	+
94	+multilib_src_install_all() {
95	+ find "${ED}" \( -name ".la" -o -name ".a" \) -delete \|\| die
96	+
97	+ if use doc; then
98	+ docinto pdf
99	+ dodoc doc/*.pdf
100	+ fi
101	+}

Gentoo Archives: gentoo-commits