Package: release.debian.org
Severity: normal
Tags: wheezy
User: release.debian....@packages.debian.org
Usertags: pu
Moritz Muehlenhoff asked me to provide a update for lcms to fix a few CVE's:
lcms (1.19.dfsg2-1.2+deb7u1) stable-proposed-updates; urgency=medium
* Non-maintainer upload.
* Remove non-free file python/testbed/AdobeRGB1998.icc from source tarball
(Closes: #753759). Also remove testbed/sRGBSpac.icm
* Cherry-Pick fix from Peter Michael Green's NMU (1.19.dfsg1-1.4)
- Link icctrans with -lm to Fix link failure on amd64.
* Apply fix from OpenSuse for CVE-2013-4276 (Closes: #718682)
* Repack orig-source to remove non-dfsg free color profiles. This is
necessary as the resulting lintian error
license-problem-md5sum-non-free-file would lead to an autoreject
(Closes: #736806).
* Fix CVE-2013-4160 by backporting the fix from lcms-2 (Closes: #728208)
-- Tobias Frost <t...@debian.org> Sat, 17 Jan 2015 21:51:31 +0100
debdiff attached.
Let me know when I should upload the pacakge to stable-proposed-updates.
--
tobi
-- System Information:
Debian Release: 8.0
APT prefers testing-updates
APT policy: (500, 'testing-updates'), (500, 'stable-updates'), (500,
'testing'), (500, 'stable')
Architecture: amd64 (x86_64)
Kernel: Linux 3.16.0-4-amd64 (SMP w/4 CPU cores)
Locale: LANG=de_DE.UTF-8, LC_CTYPE=de_DE.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)
diff -Nru lcms-1.19.dfsg/debian/changelog lcms-1.19.dfsg2/debian/changelog
--- lcms-1.19.dfsg/debian/changelog 2015-01-17 21:55:17.000000000 +0100
+++ lcms-1.19.dfsg2/debian/changelog 2015-01-17 21:55:17.000000000 +0100
@@ -1,3 +1,19 @@
+lcms (1.19.dfsg2-1.2+deb7u1) stable-proposed-updates; urgency=medium
+
+ * Non-maintainer upload.
+ * Remove non-free file python/testbed/AdobeRGB1998.icc from source tarball
+ (Closes: #753759). Also remove testbed/sRGBSpac.icm
+ * Cherry-Pick fix from Peter Michael Green's NMU (1.19.dfsg1-1.4)
+ - Link icctrans with -lm to Fix link failure on amd64.
+ * Apply fix from OpenSuse for CVE-2013-4276 (Closes: #718682)
+ * Repack orig-source to remove non-dfsg free color profiles. This is
+ necessary as the resulting lintian error
+ license-problem-md5sum-non-free-file would lead to an autoreject
+ (Closes: #736806).
+ * Fix CVE-2013-4160 by backporting the fix from lcms-2 (Closes: #728208)
+
+ -- Tobias Frost <t...@debian.org> Sat, 17 Jan 2015 21:51:31 +0100
+
lcms (1.19.dfsg-1.2) unstable; urgency=low
* Non-maintainer upload.
Binärdateien /tmp/lskYV26pVc/lcms-1.19.dfsg/Delphi/Samples/sRGB Color Space Profile.icm und /tmp/w1Aof1U6N3/lcms-1.19.dfsg2/Delphi/Samples/sRGB Color Space Profile.icm sind verschieden.
Binärdateien /tmp/lskYV26pVc/lcms-1.19.dfsg/python/testbed/AdobeRGB1998.icc und /tmp/w1Aof1U6N3/lcms-1.19.dfsg2/python/testbed/AdobeRGB1998.icc sind verschieden.
Binärdateien /tmp/lskYV26pVc/lcms-1.19.dfsg/python/testbed/sRGB Color Space Profile.icm und /tmp/w1Aof1U6N3/lcms-1.19.dfsg2/python/testbed/sRGB Color Space Profile.icm sind verschieden.
diff -Nru lcms-1.19.dfsg/samples/icctrans.c lcms-1.19.dfsg2/samples/icctrans.c
--- lcms-1.19.dfsg/samples/icctrans.c 2009-10-30 16:57:45.000000000 +0100
+++ lcms-1.19.dfsg2/samples/icctrans.c 2015-01-17 21:55:17.000000000 +0100
@@ -86,6 +86,8 @@
static LPcmsNAMEDCOLORLIST InputColorant = NULL;
static LPcmsNAMEDCOLORLIST OutputColorant = NULL;
+unsigned int Buffer_size = 4096;
+
// isatty replacement
@@ -500,7 +502,7 @@
Prefix[0] = 0;
if (!lTerse)
- sprintf(Prefix, "%s=", C);
+ snprintf(Prefix, 20, "%s=", C);
if (InHexa)
{
@@ -648,7 +650,9 @@
static
void GetLine(char* Buffer)
{
- scanf("%s", Buffer);
+ char User_buffer[Buffer_size];
+ fgets(User_buffer, (Buffer_size - 1), stdin);
+ sscanf(User_buffer,"%s", Buffer);
if (toupper(Buffer[0]) == 'Q') { // Quit?
@@ -668,7 +672,7 @@
static
double GetAnswer(const char* Prompt, double Range)
{
- char Buffer[4096];
+ char Buffer[Buffer_size];
double val = 0.0;
if (Range == 0.0) { // Range 0 means double value
@@ -738,7 +742,7 @@
static
WORD GetIndex(void)
{
- char Buffer[4096], Name[40], Prefix[40], Suffix[40];
+ char Buffer[Buffer_size], Name[40], Prefix[40], Suffix[40];
int index, max;
max = cmsNamedColorCount(hTrans)-1;
diff -Nru lcms-1.19.dfsg/samples/Makefile.am lcms-1.19.dfsg2/samples/Makefile.am
--- lcms-1.19.dfsg/samples/Makefile.am 2009-10-30 16:57:45.000000000 +0100
+++ lcms-1.19.dfsg2/samples/Makefile.am 2015-01-17 21:55:17.000000000 +0100
@@ -11,7 +11,7 @@
bin_PROGRAMS = icctrans wtpt icc2ps icclink
icctrans_LDADD = $(top_builddir)/src/liblcms.la
-icctrans_LDFLAGS = @LDFLAGS@
+icctrans_LDFLAGS = @LDFLAGS@ -lm
icctrans_SOURCES = icctrans.c xgetopt.c vprf.c
icctrans_MANS = icctrans.1
diff -Nru lcms-1.19.dfsg/src/cmsio1.c lcms-1.19.dfsg2/src/cmsio1.c
--- lcms-1.19.dfsg/src/cmsio1.c 2009-11-13 10:02:11.000000000 +0100
+++ lcms-1.19.dfsg2/src/cmsio1.c 2015-01-17 21:55:17.000000000 +0100
@@ -2007,9 +2007,9 @@
return 0;
}
- strncpy(v ->NamedColorList->Prefix, (const char*) nc2.prefix, 32);
- strncpy(v ->NamedColorList->Suffix, (const char*) nc2.suffix, 32);
- v ->NamedColorList->Prefix[32] = v->NamedColorList->Suffix[32] = 0;
+ strncpy(v ->NamedColorList->Prefix, (const char*) nc2.prefix, 31);
+ strncpy(v ->NamedColorList->Suffix, (const char*) nc2.suffix, 31);
+ v ->NamedColorList->Prefix[31] = v->NamedColorList->Suffix[31] = 0;
v ->NamedColorList ->ColorantCount = nc2.nDeviceCoords;
Binärdateien /tmp/lskYV26pVc/lcms-1.19.dfsg/testbed/sRGB Color Space Profile.icm und /tmp/w1Aof1U6N3/lcms-1.19.dfsg2/testbed/sRGB Color Space Profile.icm sind verschieden.
Binärdateien /tmp/lskYV26pVc/lcms-1.19.dfsg/testbed/sRGBSpac.icm und /tmp/w1Aof1U6N3/lcms-1.19.dfsg2/testbed/sRGBSpac.icm sind verschieden.
diff -Nru lcms-1.19.dfsg/tifficc/tiffdiff.c lcms-1.19.dfsg2/tifficc/tiffdiff.c
--- lcms-1.19.dfsg/tifficc/tiffdiff.c 2009-10-30 16:57:46.000000000 +0100
+++ lcms-1.19.dfsg2/tifficc/tiffdiff.c 2015-01-17 21:55:17.000000000 +0100
@@ -633,7 +633,7 @@
cmsIT8SetSheetType(hIT8, "TIFFDIFF");
- sprintf(Buffer, "Differences between %s and %s", TiffName1, TiffName2);
+ snprintf(Buffer, 256, "Differences between %s and %s", TiffName1, TiffName2);
cmsIT8SetComment(hIT8, Buffer);
