X-Original-To: alpine-aports@lists.alpinelinux.org Received: from mail-lf0-f68.google.com (mail-lf0-f68.google.com [209.85.215.68]) by lists.alpinelinux.org (Postfix) with ESMTP id B6F185C0EC6 for ; Wed, 1 Feb 2017 06:54:35 +0000 (GMT) Received: by mail-lf0-f68.google.com with SMTP id x1so35754560lff.0 for ; Tue, 31 Jan 2017 22:54:35 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=from:to:cc:subject:date:message-id; bh=14cWGdnbQPgjZ0PzKGt4zKV2QtvFjQiUZ+BulmsxAuA=; b=Cr9Kluf+ffqWvAtfE/Ef8nhBy8dF7BUKJI/qFvYSLBH28apBrTXwWpD88Wxc/Rn6WM rjp4lyykDIXC70PI6KCIMnRHVqPcGXZyjmHjwUZwIjyNQVq7Dry5w59y7UEy0Pjm4chN u7qt70J5/YGMGkQSOB317z9f5TFa5laJnEtTDiv6akVuzGbVfcmCNznefuaNscj0E62I MBks8QBz6fC1j44krpzvGqm70d89idN/cHF1GmX/g/EnvgoGofnh/yhutKl2ATrLkBfb /n/i5aO80CWgWESJEjJMbHtjObOoTkFQaPVQgt69m5ieqqoDNZWyx4W/j6BX0p8vUD8H DhFg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id; bh=14cWGdnbQPgjZ0PzKGt4zKV2QtvFjQiUZ+BulmsxAuA=; b=JFZ31/PKWFOlL43ijMSDfU+pXxsuYmzalS0sPkhtSz1i3K+hFPtAtxt0YdAbmlbQg6 Onkdmw5ja6lcjK0OeobApNdCB1NJJPGNshxeIqvDKfPAIUqHYNWPVMfvKAl8WLD8Vc64 XjtYq0kK8EMH22DRtZKMgsM12BiontGZcCyiObTnjxRWWb8l9rvVKhrSMZXubs8JruLj /V7c/hI/HhBFSbk4oqo8qdVu602wEUkmhYxTsOGgMz6fEKygyvCkBxI2afRawvPNbFN1 IC9PAM+S0qGWfYhgRhJrrM9gjX6UmRDy69P+O9eClY5FLVdp/4QoJl9VRifogupT38KH NgqA== X-Gm-Message-State: AIkVDXK0QOfziD0t1sF3ytFE/DWGqhQU2q3IPrfA42tWJY5u+MhQXPnZ7Nuv/vLQQG3wlw== X-Received: by 10.25.203.6 with SMTP id b6mr351970lfg.145.1485932074886; Tue, 31 Jan 2017 22:54:34 -0800 (PST) Received: from v3-3.util.wtbts.net ([83.145.235.199]) by smtp.gmail.com with ESMTPSA id 9sm5380316lju.28.2017.01.31.22.54.33 (version=TLS1_2 cipher=ECDHE-RSA-AES128-SHA bits=128/128); Tue, 31 Jan 2017 22:54:34 -0800 (PST) From: Sergei Lukin To: alpine-aports@lists.alpinelinux.org Cc: Sergei Lukin Subject: [alpine-aports] [PATCH v3.3] main/lcms2: security upgrade to 2.8 - fixes #6780 Date: Wed, 1 Feb 2017 06:54:27 +0000 Message-Id: <1485932067-5478-1-git-send-email-sergej.lukin@gmail.com> X-Mailer: git-send-email 2.6.6 X-Mailinglist: alpine-aports Precedence: list List-Id: Alpine Development List-Unsubscribe: List-Post: List-Help: List-Subscribe: CVE-2016-10165: Out-of-bounds read in Type_MLU_Read() --- It looks that there were no major changes made in 2.7 vs 2.8 https://github.com/mm2/Little-CMS/blob/master/ChangeLog main/lcms2/APKBUILD | 22 ++++++++++++++++------ main/lcms2/CVE-2016-10165.patch | 20 ++++++++++++++++++++ 2 files changed, 36 insertions(+), 6 deletions(-) create mode 100644 main/lcms2/CVE-2016-10165.patch diff --git a/main/lcms2/APKBUILD b/main/lcms2/APKBUILD index 1a05aac..51246e4 100644 --- a/main/lcms2/APKBUILD +++ b/main/lcms2/APKBUILD @@ -1,6 +1,7 @@ +# Contributor: Sergei Lukin # Maintainer: Natanael Copa pkgname=lcms2 -pkgver=2.7 +pkgver=2.8 pkgrel=0 pkgdesc="Color Management Engine" url="http://www.littlecms.com/" @@ -11,13 +12,19 @@ depends_dev="libjpeg-turbo-dev tiff-dev zlib-dev" makedepends="$depends_dev" install="" subpackages="$pkgname-dev $pkgname-doc $pkgname-utils" -source="http://www.littlecms.com/lcms2-$pkgver.tar.gz" +source="http://www.littlecms.com/lcms2-$pkgver.tar.gz + CVE-2016-10165.patch + " + +# secfixes: +# 2.8-r0: +# - CVE-2016-10165 + _builddir="$srcdir"/lcms2-$pkgver prepare() { local i cd "$_builddir" - update_config_sub || return 1 for i in $source; do case $i in *.patch) msg $i; patch -p1 -i "$srcdir"/$i || return 1;; @@ -51,6 +58,9 @@ utils() { mv "$pkgdir"/usr/bin "$subpkgdir"/usr/ } -md5sums="06c1626f625424a811fb4b5eb070839d lcms2-2.7.tar.gz" -sha256sums="4524234ae7de185e6b6da5d31d6875085b2198bc63b1211f7dde6e2d197d6a53 lcms2-2.7.tar.gz" -sha512sums="9e69ec30efa9d50474808c6ae3d9afb0c5798eaabca0052f82d54efecdc2b58ab40434ee6dee9cd80028597d79a07f6b3b1a73f5293fc444343274eac3e32fd4 lcms2-2.7.tar.gz" +md5sums="87a5913f1a52464190bb655ad230539c lcms2-2.8.tar.gz +bd143d366e5ad5d2b7da0b1a9255704d CVE-2016-10165.patch" +sha256sums="66d02b229d2ea9474e62c2b6cd6720fde946155cd1d0d2bffdab829790a0fb22 lcms2-2.8.tar.gz +66d2b7e9ff6aa0896acf0a107e131b9d34d4d8fb7d4129f4eace3a84b17c9cd4 CVE-2016-10165.patch" +sha512sums="a9478885b4892c79314a2ef9ab560e6655ac8f2d17abae0805e8b871138bb190e21f0e5c805398449f9dad528dc50baaf9e3cce8b8158eb8ff74179be5733f8f lcms2-2.8.tar.gz +f1e4ed19d6ab8135927d08da717b141df0f63053000a308a22a903fd4c65c1fd7aefc4508a759c737df4cd5ac4347bd1999157cdfc082930254f90a88b11026e CVE-2016-10165.patch" diff --git a/main/lcms2/CVE-2016-10165.patch b/main/lcms2/CVE-2016-10165.patch new file mode 100644 index 0000000..f0e452f --- /dev/null +++ b/main/lcms2/CVE-2016-10165.patch @@ -0,0 +1,20 @@ +commit 5ca71a7bc18b6897ab21d815d15e218e204581e2 +Author: Marti +Date: Mon Aug 15 23:31:39 2016 +0200 + + Added an extra check to MLU bounds + + Thanks to Ibrahim el-sayed for spotting the bug + +diff --git a/src/cmstypes.c b/src/cmstypes.c +index cb61860..c7328b9 100644 +--- a/src/cmstypes.c ++++ b/src/cmstypes.c +@@ -1460,6 +1460,7 @@ void *Type_MLU_Read(struct _cms_typehandler_struct* self, cmsIOHANDLER* io, cmsU + + // Check for overflow + if (Offset < (SizeOfHeader + 8)) goto Error; ++ if ((Offset + Len) > SizeOfTag + 8) goto Error; + + // True begin of the string + BeginOfThisString = Offset - SizeOfHeader - 8; -- 2.6.6 --- Unsubscribe: alpine-aports+unsubscribe@lists.alpinelinux.org Help: alpine-aports+help@lists.alpinelinux.org ---