summary refs log tree commit diff
diff options
context:
space:
mode:
authorTobias Geerinckx-Rice <me@tobias.gr>2018-02-19 19:26:44 +0100
committerTobias Geerinckx-Rice <me@tobias.gr>2018-02-20 03:01:41 +0100
commitc3800f0b6e1f510d0174c6b425bd34410182e502 (patch)
treee890643f1696c0e2331a8871970a1e770d1776a2
parent09371ab4d0c80cfd43b14e9ea645706b21ecbc3a (diff)
downloadguix-c3800f0b6e1f510d0174c6b425bd34410182e502.tar.gz
gnu: lcms: Update to 2.9.
* gnu/packages/ghostscript.scm (lcms): Update to 2.9.
[source]: Remove patch.
* gnu/packages/patches/lcms-CVE-2016-10165.patch: Delete file.
* gnu/local.mk (dist_patch_DATA): Remove it.
-rw-r--r--gnu/local.mk1
-rw-r--r--gnu/packages/ghostscript.scm6
-rw-r--r--gnu/packages/patches/lcms-CVE-2016-10165.patch36
3 files changed, 3 insertions, 40 deletions
diff --git a/gnu/local.mk b/gnu/local.mk
index f1834e3687..a46fba6246 100644
--- a/gnu/local.mk
+++ b/gnu/local.mk
@@ -800,7 +800,6 @@ dist_patch_DATA =						\
   %D%/packages/patches/kobodeluxe-midicon-segmentation-fault.patch	\
   %D%/packages/patches/kobodeluxe-graphics-window-signed-char.patch	\
   %D%/packages/patches/laby-make-install.patch			\
-  %D%/packages/patches/lcms-CVE-2016-10165.patch		\
   %D%/packages/patches/ldc-disable-tests.patch			\
   %D%/packages/patches/ldc-1.1.0-disable-dmd-tests.patch	\
   %D%/packages/patches/ldc-1.1.0-disable-phobos-tests.patch	\
diff --git a/gnu/packages/ghostscript.scm b/gnu/packages/ghostscript.scm
index 0561387931..6cad2ba93b 100644
--- a/gnu/packages/ghostscript.scm
+++ b/gnu/packages/ghostscript.scm
@@ -6,6 +6,7 @@
 ;;; Copyright © 2017 Alex Vong <alexvong1995@gmail.com>
 ;;; Copyright © 2017 Efraim Flashner <efraim@flashner.co.il>
 ;;; Copyright © 2017 Leo Famulari <leo@famulari.name>
+;;; Copyright © 2018 Tobias Geerinckx-Rice <me@tobias.gr>
 ;;;
 ;;; This file is part of GNU Guix.
 ;;;
@@ -43,14 +44,13 @@
 (define-public lcms
   (package
    (name "lcms")
-   (version "2.8")
+   (version "2.9")
    (source (origin
             (method url-fetch)
             (uri (string-append "mirror://sourceforge/lcms/lcms/" version
                                 "/lcms2-" version ".tar.gz"))
-            (patches (search-patches "lcms-CVE-2016-10165.patch"))
             (sha256 (base32
-                     "08pvl289g0mbznzx5l6ibhaldsgx41kwvdn2c974ga9fkli2pl36"))))
+                     "083xisy6z01zhm7p7rgk4bx9d6zlr8l20qkfv1g29ylnhgwzvij8"))))
    (build-system gnu-build-system)
    (inputs `(("libjpeg-8" ,libjpeg-8)
              ("libtiff" ,libtiff)
diff --git a/gnu/packages/patches/lcms-CVE-2016-10165.patch b/gnu/packages/patches/lcms-CVE-2016-10165.patch
deleted file mode 100644
index fa4d75c9ee..0000000000
--- a/gnu/packages/patches/lcms-CVE-2016-10165.patch
+++ /dev/null
@@ -1,36 +0,0 @@
-Fix CVE-2016-10165, an out-of-bounds heap read in Type_MLU_Read():
-
-https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-10165
-http://seclists.org/oss-sec/2016/q3/288
-https://bugzilla.redhat.com/show_bug.cgi?id=1367357
-https://security-tracker.debian.org/tracker/CVE-2016-10165
-
-Patch copied from upstream source repository:
-
-https://github.com/mm2/Little-CMS/commit/5ca71a7bc18b6897ab21d815d15e218e204581e2
-
-From 5ca71a7bc18b6897ab21d815d15e218e204581e2 Mon Sep 17 00:00:00 2001
-From: Marti <marti.maria@tktbrainpower.com>
-Date: Mon, 15 Aug 2016 23:31:39 +0200
-Subject: [PATCH] Added an extra check to MLU bounds
-
-Thanks to Ibrahim el-sayed for spotting the bug
----
- src/cmstypes.c | 1 +
- 1 file changed, 1 insertion(+)
-
-diff --git a/src/cmstypes.c b/src/cmstypes.c
-index cb61860..c7328b9 100644
---- a/src/cmstypes.c
-+++ b/src/cmstypes.c
-@@ -1460,6 +1460,7 @@ void *Type_MLU_Read(struct _cms_typehandler_struct* self, cmsIOHANDLER* io, cmsU
- 
-         // Check for overflow
-         if (Offset < (SizeOfHeader + 8)) goto Error;
-+        if ((Offset + Len) > SizeOfTag + 8) goto Error;
- 
-         // True begin of the string
-         BeginOfThisString = Offset - SizeOfHeader - 8;
--- 
-2.11.0
-