fix possible buffer overflows in cmd line tools found by Pedro Ribeiro

(see Debian bug #718682)
bump PKGREV

2 files changed, 39 insertions, 0 deletions

diff --git a/graphics/lcms/patches/patch-aa b/graphics/lcms/patches/patch-aa
new file mode 100644
index 00000000000..87937f7a761
--- /dev/null
+++ b/graphics/lcms/patches/patch-aa
@@ -0,0 +1,24 @@
+$NetBSD: patch-aa,v 1.13 2013/08/07 16:46:23 drochner Exp $
+
+buffer overflows
+
+--- samples/icctrans.c.orig	2009-10-30 15:57:45.000000000 +0000
++++ samples/icctrans.c
+@@ -500,7 +500,7 @@ void PrintRange(const char* C, double v,
+ 
+     Prefix[0] = 0;
+     if (!lTerse)
+-        sprintf(Prefix, "%s=", C);
++        snprintf(Prefix, sizeof(Prefix), "%s=", C);
+ 
+     if (InHexa)
+     {
+@@ -648,7 +648,7 @@ void PrintResults(WORD Encoded[], icColo
+ static
+ void GetLine(char* Buffer)
+ {    
+-    scanf("%s", Buffer);
++    scanf("%4095s", Buffer);
+     
+     if (toupper(Buffer[0]) == 'Q') { // Quit?
+ 
diff --git a/graphics/lcms/patches/patch-ab b/graphics/lcms/patches/patch-ab
new file mode 100644
index 00000000000..91aed4f45b4
--- /dev/null
+++ b/graphics/lcms/patches/patch-ab
@@ -0,0 +1,15 @@
+$NetBSD: patch-ab,v 1.12 2013/08/07 16:46:23 drochner Exp $
+
+buffer overflow
+
+--- tifficc/tiffdiff.c.orig	2009-10-30 15:57:46.000000000 +0000
++++ tifficc/tiffdiff.c
+@@ -633,7 +633,7 @@ void CreateCGATS(const char* TiffName1, 
+     cmsIT8SetSheetType(hIT8, "TIFFDIFF");
+     
+    
+-    sprintf(Buffer, "Differences between %s and %s", TiffName1, TiffName2);
++    snprintf(Buffer, sizeof(Buffer), "Differences between %s and %s", TiffName1, TiffName2);
+   
+     cmsIT8SetComment(hIT8, Buffer);
+