mirrors/aports
1
0
Fork 0
mirror of https://gitlab.alpinelinux.org/alpine/aports.git synced 2025-08-05 13:27:09 +02:00
Code Issues Packages Projects Releases Wiki Activity

main/lcms2: upgrade to 2.9

Browse Source
This commit is contained in:
prspkt 2018-03-21 09:00:22 +00:00 committed by Sören Tempel
parent 0e6a8948c9
commit a8f721b340
2 changed files with 5 additions and 32 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

17
main/lcms2/APKBUILD
View File

@ -1,10 +1,10 @@
# Contributor: Sergei Lukin <sergej.lukin@gmail.com>
# Maintainer: Natanael Copa <ncopa@alpinelinux.org>
pkgname=lcms2
pkgver=2.8
pkgrel=2
pkgver=2.9
pkgrel=0
pkgdesc="Color Management Engine"
url="http://www.littlecms.com/"
url="http://www.littlecms.com"
arch="all"
license="MIT"
depends=""
@ -12,9 +12,7 @@ depends_dev="libjpeg-turbo-dev tiff-dev zlib-dev"
makedepends="$depends_dev"
install=""
subpackages="$pkgname-dev $pkgname-doc $pkgname-utils"
source="http://www.littlecms.com/lcms2-$pkgver.tar.gz
CVE-2016-10165.patch
"
source="http://www.littlecms.com/$pkgname-$pkgver.tar.gz"
# secfixes:
# 2.8-r1:
@ -54,9 +52,4 @@ utils() {
mv "$pkgdir"/usr/bin "$subpkgdir"/usr/
}
md5sums="87a5913f1a52464190bb655ad230539c lcms2-2.8.tar.gz
bd143d366e5ad5d2b7da0b1a9255704d CVE-2016-10165.patch"
sha256sums="66d02b229d2ea9474e62c2b6cd6720fde946155cd1d0d2bffdab829790a0fb22 lcms2-2.8.tar.gz
66d2b7e9ff6aa0896acf0a107e131b9d34d4d8fb7d4129f4eace3a84b17c9cd4 CVE-2016-10165.patch"
sha512sums="a9478885b4892c79314a2ef9ab560e6655ac8f2d17abae0805e8b871138bb190e21f0e5c805398449f9dad528dc50baaf9e3cce8b8158eb8ff74179be5733f8f lcms2-2.8.tar.gz
f1e4ed19d6ab8135927d08da717b141df0f63053000a308a22a903fd4c65c1fd7aefc4508a759c737df4cd5ac4347bd1999157cdfc082930254f90a88b11026e CVE-2016-10165.patch"
sha512sums="70b1c51fa8d137d5072425e580745ff1fbf49c6e8bb1da0a8adb0647d3b7c095208793cb02de1e8d1a01363b8575fa60c61bedbff99bbec57a44228239cb00e5 lcms2-2.9.tar.gz"

20
main/lcms2/CVE-2016-10165.patch
View File

@ -1,20 +0,0 @@
commit 5ca71a7bc18b6897ab21d815d15e218e204581e2
Author: Marti <marti.maria@tktbrainpower.com>
Date: Mon Aug 15 23:31:39 2016 +0200
Added an extra check to MLU bounds
Thanks to Ibrahim el-sayed for spotting the bug
diff --git a/src/cmstypes.c b/src/cmstypes.c
index cb61860..c7328b9 100644
--- a/src/cmstypes.c
+++ b/src/cmstypes.c
@@ -1460,6 +1460,7 @@ void *Type_MLU_Read(struct _cms_typehandler_struct* self, cmsIOHANDLER* io, cmsU
// Check for overflow
if (Offset < (SizeOfHeader + 8)) goto Error;
+ if ((Offset + Len) > SizeOfTag + 8) goto Error;
// True begin of the string
BeginOfThisString = Offset - SizeOfHeader - 8;