Add patch for the security vulnerability reported in SA34634/CVE-2009-0793

taken from Redhat's Bugzilla.
This commit is contained in:
tron 2009-04-14 18:54:38 +00:00
parent 5d8453eed2
commit 6c41d87ebe
3 changed files with 32 additions and 3 deletions

View file

@ -1,7 +1,7 @@
# $NetBSD: Makefile,v 1.28 2009/03/22 18:17:15 gdt Exp $
# $NetBSD: Makefile,v 1.29 2009/04/14 18:54:38 tron Exp $
DISTNAME= lcms-1.18
PKGREVISION= 1
PKGREVISION= 2
CATEGORIES= graphics
MASTER_SITES= http://www.littlecms.com/

View file

@ -1,5 +1,6 @@
$NetBSD: distinfo,v 1.19 2009/03/22 18:17:15 gdt Exp $
$NetBSD: distinfo,v 1.20 2009/04/14 18:54:38 tron Exp $
SHA1 (lcms-1.18.tar.gz) = 7001badb14b2e9cb89e2637bdc56f23ebff2d40e
RMD160 (lcms-1.18.tar.gz) = 76c37ac029f733bbb9a850234e62bfd2a4a04bf4
Size (lcms-1.18.tar.gz) = 915536 bytes
SHA1 (patch-aa) = f28cf7682b8731d8729058a51ad6d5ccc86ba1c6

View file

@ -0,0 +1,28 @@
$NetBSD: patch-aa,v 1.10 2009/04/14 18:54:38 tron Exp $
Patch for SA34634/CVE-2009-0793 taken for Redhat's Bugzilla:
https://bugzilla.redhat.com/attachment.cgi?id=337279
--- src/cmsxform.c.orig 2009-03-21 15:31:52.000000000 +0000
+++ src/cmsxform.c 2009-04-14 19:18:05.000000000 +0100
@@ -660,6 +660,9 @@
GrayTRC = cmsReadICCGamma(hProfile, icSigGrayTRCTag);
FromLstarToXYZ(GrayTRC, Shapes1);
+ if (GrayTRC == NULL)
+ return NULL;
+
// Reversing must be done after curve translation
Shapes[0] = cmsReverseGamma(Shapes1[0]->nEntries, Shapes1[0]);
@@ -675,6 +678,9 @@
GrayTRC = cmsReadICCGammaReversed(hProfile, icSigGrayTRCTag); // Y
+ if (GrayTRC == NULL)
+ return NULL;
+
Shapes[0] = cmsDupGamma(GrayTRC);
Shapes[1] = cmsDupGamma(GrayTRC);
Shapes[2] = cmsDupGamma(GrayTRC);