X-Original-To: alpine-aports@lists.alpinelinux.org Received: from mail-lf0-f68.google.com (mail-lf0-f68.google.com [209.85.215.68]) by lists.alpinelinux.org (Postfix) with ESMTP id 177CB5C4B01 for ; Wed, 1 Feb 2017 06:51:50 +0000 (GMT) Received: by mail-lf0-f68.google.com with SMTP id v186so35659919lfa.2 for ; Tue, 31 Jan 2017 22:51:50 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=from:to:cc:subject:date:message-id; bh=5nwoNyCBnqaHkJmtMqZpeC6rsZWyjZ8QNC2zCo7FsWw=; b=MeTrvOyNzgGAhDtdAKTvlozePTbYpFhNwrSaT7xRqvy9HgqTfv5LB3FhpxV4NjB+Se WSFBKM+/AXs/Is736DTsb+KqaZFr5CaeP7iiq5igFo9NYBmrfpt0eVRMqf+Hq9WHk4Sh JIAPYTXjqqAZWS8ZwvWEZx0QxIlck1aibrf2eHrQmrC0kIuArcEL4YW+sV3Lowj21RZM DdoQVe/oaLNq8f8VViwiqY6UIOlUDOu1YftwbHN8f60a/TKrpyRE3a0l171CFfl03zVl t/vJxtC5o1+UHAypHPTYVa5gyq1mMCxLuABCqqMJ3AXo6FkUo0xX7NP47vrYiT59ERE5 k5kA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id; bh=5nwoNyCBnqaHkJmtMqZpeC6rsZWyjZ8QNC2zCo7FsWw=; b=M7PjrjEQcgwe8D7sCuLyd0E/FbwTMr7TJ/RNkzDmMPw9QdClDU5aahLFKDw/CyHyL5 Yh/O4z2F1kB9+F96NVrKnDVMNL1rPdHN0ToqQLBqjHduYy8O2gcf/ASqilBN8AnDsWmy PvrGvp0WWpGHJLF6hnTogPm/svFuQLKdRikMPtmfzT/vwBqhHqx9+53Vmt9/cBY9Clju wMfLXZQJl2RZ7nZ1EgT3/6LBWE8hHe/hBBAH1eBkreUqE4HbqNy6b6zsw0niFjIBQdul 0eQzdIXIn2lWjB1UhjCf96LciMLzjrQG8wRPGIuwT9BxmlYYf+jdWPmxLbOio5DH7Acg hVyw== X-Gm-Message-State: AIkVDXIw2GYCSPripC5FNppWlLINLRCK8YwwwGuVoUSiRVbvDcu6oXWeXJVhWRJiTnrzaA== X-Received: by 10.46.87.73 with SMTP id r9mr526909ljd.22.1485931909095; Tue, 31 Jan 2017 22:51:49 -0800 (PST) Received: from v3-4.util.wtbts.net ([83.145.235.199]) by smtp.gmail.com with ESMTPSA id 98sm5478133ljb.37.2017.01.31.22.51.48 (version=TLS1_2 cipher=ECDHE-RSA-AES128-SHA bits=128/128); Tue, 31 Jan 2017 22:51:48 -0800 (PST) From: Sergei Lukin To: alpine-aports@lists.alpinelinux.org Cc: Sergei Lukin Subject: [alpine-aports] [PATCH v3.4] main/lcms2: security upgrade to 2.8 - fixes #6779 Date: Wed, 1 Feb 2017 06:51:38 +0000 Message-Id: <20170201065138.5604-1-sergej.lukin@gmail.com> X-Mailer: git-send-email 2.8.3 X-Mailinglist: alpine-aports Precedence: list List-Id: Alpine Development List-Unsubscribe: List-Post: List-Help: List-Subscribe: CVE-2016-10165: Out-of-bounds read in Type_MLU_Read() --- It looks that there were no major changes made in 2.7 vs 2.8 https://github.com/mm2/Little-CMS/blob/master/ChangeLog main/lcms2/APKBUILD | 21 +++++++++++++++------ main/lcms2/CVE-2016-10165.patch | 20 ++++++++++++++++++++ 2 files changed, 35 insertions(+), 6 deletions(-) create mode 100644 main/lcms2/CVE-2016-10165.patch diff --git a/main/lcms2/APKBUILD b/main/lcms2/APKBUILD index 1a05aac..940960f 100644 --- a/main/lcms2/APKBUILD +++ b/main/lcms2/APKBUILD @@ -1,6 +1,7 @@ +# Contributor: Sergei Lukin # Maintainer: Natanael Copa pkgname=lcms2 -pkgver=2.7 +pkgver=2.8 pkgrel=0 pkgdesc="Color Management Engine" url="http://www.littlecms.com/" @@ -11,13 +12,18 @@ depends_dev="libjpeg-turbo-dev tiff-dev zlib-dev" makedepends="$depends_dev" install="" subpackages="$pkgname-dev $pkgname-doc $pkgname-utils" -source="http://www.littlecms.com/lcms2-$pkgver.tar.gz" +source="http://www.littlecms.com/lcms2-$pkgver.tar.gz + CVE-2016-10165.patch + " + +# secfixes: +# 2.8-r0: +# - CVE-2016-10165 _builddir="$srcdir"/lcms2-$pkgver prepare() { local i cd "$_builddir" - update_config_sub || return 1 for i in $source; do case $i in *.patch) msg $i; patch -p1 -i "$srcdir"/$i || return 1;; @@ -51,6 +57,9 @@ utils() { mv "$pkgdir"/usr/bin "$subpkgdir"/usr/ } -md5sums="06c1626f625424a811fb4b5eb070839d lcms2-2.7.tar.gz" -sha256sums="4524234ae7de185e6b6da5d31d6875085b2198bc63b1211f7dde6e2d197d6a53 lcms2-2.7.tar.gz" -sha512sums="9e69ec30efa9d50474808c6ae3d9afb0c5798eaabca0052f82d54efecdc2b58ab40434ee6dee9cd80028597d79a07f6b3b1a73f5293fc444343274eac3e32fd4 lcms2-2.7.tar.gz" +md5sums="87a5913f1a52464190bb655ad230539c lcms2-2.8.tar.gz +bd143d366e5ad5d2b7da0b1a9255704d CVE-2016-10165.patch" +sha256sums="66d02b229d2ea9474e62c2b6cd6720fde946155cd1d0d2bffdab829790a0fb22 lcms2-2.8.tar.gz +66d2b7e9ff6aa0896acf0a107e131b9d34d4d8fb7d4129f4eace3a84b17c9cd4 CVE-2016-10165.patch" +sha512sums="a9478885b4892c79314a2ef9ab560e6655ac8f2d17abae0805e8b871138bb190e21f0e5c805398449f9dad528dc50baaf9e3cce8b8158eb8ff74179be5733f8f lcms2-2.8.tar.gz +f1e4ed19d6ab8135927d08da717b141df0f63053000a308a22a903fd4c65c1fd7aefc4508a759c737df4cd5ac4347bd1999157cdfc082930254f90a88b11026e CVE-2016-10165.patch" diff --git a/main/lcms2/CVE-2016-10165.patch b/main/lcms2/CVE-2016-10165.patch new file mode 100644 index 0000000..f0e452f --- /dev/null +++ b/main/lcms2/CVE-2016-10165.patch @@ -0,0 +1,20 @@ +commit 5ca71a7bc18b6897ab21d815d15e218e204581e2 +Author: Marti +Date: Mon Aug 15 23:31:39 2016 +0200 + + Added an extra check to MLU bounds + + Thanks to Ibrahim el-sayed for spotting the bug + +diff --git a/src/cmstypes.c b/src/cmstypes.c +index cb61860..c7328b9 100644 +--- a/src/cmstypes.c ++++ b/src/cmstypes.c +@@ -1460,6 +1460,7 @@ void *Type_MLU_Read(struct _cms_typehandler_struct* self, cmsIOHANDLER* io, cmsU + + // Check for overflow + if (Offset < (SizeOfHeader + 8)) goto Error; ++ if ((Offset + Len) > SizeOfTag + 8) goto Error; + + // True begin of the string + BeginOfThisString = Offset - SizeOfHeader - 8; -- 2.8.3 --- Unsubscribe: alpine-aports+unsubscribe@lists.alpinelinux.org Help: alpine-aports+help@lists.alpinelinux.org ---