diff options
| author | drochner <drochner@pkgsrc.org> | 2013-08-07 16:46:23 +0000 |
|---|---|---|
| committer | drochner <drochner@pkgsrc.org> | 2013-08-07 16:46:23 +0000 |
| commit | 101bbd56edb84704610e7f3e90bf57bea6825290 (patch) | |
| tree | d8c3c866d93d920300a7ba42a3b0ac4e68251ba2 | |
| parent | ecc572cfe340fddcd7db1b65ae732439da67e97a (diff) | |
| download | pkgsrc-101bbd56edb84704610e7f3e90bf57bea6825290.tar.gz | |
fix possible buffer overflows in cmd line tools found by Pedro Ribeiro
(see Debian bug #718682)
bump PKGREV
| -rw-r--r-- | graphics/lcms/Makefile | 4 | ||||
| -rw-r--r-- | graphics/lcms/distinfo | 4 | ||||
| -rw-r--r-- | graphics/lcms/patches/patch-aa | 24 | ||||
| -rw-r--r-- | graphics/lcms/patches/patch-ab | 15 |
4 files changed, 44 insertions, 3 deletions
diff --git a/graphics/lcms/Makefile b/graphics/lcms/Makefile index 536b46dda10..c901723a18c 100644 --- a/graphics/lcms/Makefile +++ b/graphics/lcms/Makefile @@ -1,7 +1,7 @@ -# $NetBSD: Makefile,v 1.39 2013/01/26 21:37:54 adam Exp $ +# $NetBSD: Makefile,v 1.40 2013/08/07 16:46:23 drochner Exp $ DISTNAME= lcms-1.19 -PKGREVISION= 2 +PKGREVISION= 3 CATEGORIES= graphics MASTER_SITES= ${MASTER_SITE_SOURCEFORGE:=lcms/} diff --git a/graphics/lcms/distinfo b/graphics/lcms/distinfo index c4396b5c213..a31384c63e0 100644 --- a/graphics/lcms/distinfo +++ b/graphics/lcms/distinfo @@ -1,5 +1,7 @@ -$NetBSD: distinfo,v 1.24 2010/06/16 15:17:58 drochner Exp $ +$NetBSD: distinfo,v 1.25 2013/08/07 16:46:23 drochner Exp $ SHA1 (lcms-1.19.tar.gz) = d5b075ccffc0068015f74f78e4bc39138bcfe2d4 RMD160 (lcms-1.19.tar.gz) = 530615c061dccdcb64d75c6fab148dd565bb6c91 Size (lcms-1.19.tar.gz) = 927752 bytes +SHA1 (patch-aa) = 3144d0b902ad77cfaed8b02e96f6f6f18644bc07 +SHA1 (patch-ab) = 6238598248d0321fe40bc09919ad8fbe5cdb887d diff --git a/graphics/lcms/patches/patch-aa b/graphics/lcms/patches/patch-aa new file mode 100644 index 00000000000..87937f7a761 --- /dev/null +++ b/graphics/lcms/patches/patch-aa @@ -0,0 +1,24 @@ +$NetBSD: patch-aa,v 1.13 2013/08/07 16:46:23 drochner Exp $ + +buffer overflows + +--- samples/icctrans.c.orig 2009-10-30 15:57:45.000000000 +0000 ++++ samples/icctrans.c +@@ -500,7 +500,7 @@ void PrintRange(const char* C, double v, + + Prefix[0] = 0; + if (!lTerse) +- sprintf(Prefix, "%s=", C); ++ snprintf(Prefix, sizeof(Prefix), "%s=", C); + + if (InHexa) + { +@@ -648,7 +648,7 @@ void PrintResults(WORD Encoded[], icColo + static + void GetLine(char* Buffer) + { +- scanf("%s", Buffer); ++ scanf("%4095s", Buffer); + + if (toupper(Buffer[0]) == 'Q') { // Quit? + diff --git a/graphics/lcms/patches/patch-ab b/graphics/lcms/patches/patch-ab new file mode 100644 index 00000000000..91aed4f45b4 --- /dev/null +++ b/graphics/lcms/patches/patch-ab @@ -0,0 +1,15 @@ +$NetBSD: patch-ab,v 1.12 2013/08/07 16:46:23 drochner Exp $ + +buffer overflow + +--- tifficc/tiffdiff.c.orig 2009-10-30 15:57:46.000000000 +0000 ++++ tifficc/tiffdiff.c +@@ -633,7 +633,7 @@ void CreateCGATS(const char* TiffName1, + cmsIT8SetSheetType(hIT8, "TIFFDIFF"); + + +- sprintf(Buffer, "Differences between %s and %s", TiffName1, TiffName2); ++ snprintf(Buffer, sizeof(Buffer), "Differences between %s and %s", TiffName1, TiffName2); + + cmsIT8SetComment(hIT8, Buffer); + |