rpms/lcms2
5
0
Fork 0
Code Issues Pull Requests Releases Activity

CVE-2018-16435 lcms2: heap-based buffer overflow in SetData function in cmsIT8LoadFromFile (#1628969)

Browse Source 
.spec cosmetics, use %make_build %make_install %ldconfig_scriptlets
This commit is contained in:
Rex Dieter 2018-09-18 10:30:48 -05:00
parent 8ec6c307e2
commit a2aeb24ebf
2 changed files with 189 additions and 10 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

172
0017-Upgrade-Visual-studio-2017-15.8.patch Normal file
View File

@ -0,0 +1,172 @@
From 768f70ca405cd3159d990e962d54456773bb8cf8 Mon Sep 17 00:00:00 2001
From: Marti Maria <info@littlecms.com>
Date: Wed, 15 Aug 2018 20:07:56 +0200
Subject: [PATCH 17/18] Upgrade Visual studio 2017 15.8
- Upgrade to 15.8
- Add check on CGATS memory allocation (thanks to Quang Nguyen for
pointing out this)
---
Projects/VC2017/jpegicc/jpegicc.vcxproj | 1 +
Projects/VC2017/lcms2_DLL/lcms2_DLL.vcxproj | 2 +-
Projects/VC2017/lcms2_static/lcms2_static.vcxproj | 2 +-
Projects/VC2017/linkicc/linkicc.vcxproj | 2 +-
Projects/VC2017/psicc/psicc.vcxproj | 2 +-
Projects/VC2017/testbed/testbed.vcxproj | 2 +-
Projects/VC2017/tiffdiff/tiffdiff.vcxproj | 2 +-
Projects/VC2017/tifficc/tifficc.vcxproj | 2 +-
Projects/VC2017/transicc/transicc.vcxproj | 1 +
src/cmscgats.c | 14 ++++++++++----
10 files changed, 19 insertions(+), 11 deletions(-)
diff --git a/Projects/VC2017/jpegicc/jpegicc.vcxproj b/Projects/VC2017/jpegicc/jpegicc.vcxproj
index ab26a53..39cfd00 100644
--- a/Projects/VC2017/jpegicc/jpegicc.vcxproj
+++ b/Projects/VC2017/jpegicc/jpegicc.vcxproj
@@ -22,6 +22,7 @@
<ProjectGuid>{62812507-F926-4968-96A9-17678460AD90}</ProjectGuid>
<RootNamespace>jpegicc</RootNamespace>
<Keyword>Win32Proj</Keyword>
+ <WindowsTargetPlatformVersion>10.0.17134.0</WindowsTargetPlatformVersion>
</PropertyGroup>
<Import Project="$(VCTargetsPath)\Microsoft.Cpp.Default.props" />
<PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|Win32'" Label="Configuration">
diff --git a/Projects/VC2017/lcms2_DLL/lcms2_DLL.vcxproj b/Projects/VC2017/lcms2_DLL/lcms2_DLL.vcxproj
index 4c8aa3f..d1bf3eb 100644
--- a/Projects/VC2017/lcms2_DLL/lcms2_DLL.vcxproj
+++ b/Projects/VC2017/lcms2_DLL/lcms2_DLL.vcxproj
@@ -22,7 +22,7 @@
<ProjectGuid>{8C51BE48-ADB8-4089-A9EC-F6BF993A0548}</ProjectGuid>
<RootNamespace>lcms2_DLL</RootNamespace>
<Keyword>Win32Proj</Keyword>
- <WindowsTargetPlatformVersion>8.1</WindowsTargetPlatformVersion>
+ <WindowsTargetPlatformVersion>10.0.17134.0</WindowsTargetPlatformVersion>
</PropertyGroup>
<Import Project="$(VCTargetsPath)\Microsoft.Cpp.Default.props" />
<PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|Win32'" Label="Configuration">
diff --git a/Projects/VC2017/lcms2_static/lcms2_static.vcxproj b/Projects/VC2017/lcms2_static/lcms2_static.vcxproj
index 2a9988a..9fc05ce 100644
--- a/Projects/VC2017/lcms2_static/lcms2_static.vcxproj
+++ b/Projects/VC2017/lcms2_static/lcms2_static.vcxproj
@@ -22,7 +22,7 @@
<ProjectGuid>{71DEDE59-3F1E-486B-A899-4283000F76B5}</ProjectGuid>
<RootNamespace>lcms2_static</RootNamespace>
<Keyword>Win32Proj</Keyword>
- <WindowsTargetPlatformVersion>8.1</WindowsTargetPlatformVersion>
+ <WindowsTargetPlatformVersion>10.0.17134.0</WindowsTargetPlatformVersion>
</PropertyGroup>
<Import Project="$(VCTargetsPath)\Microsoft.Cpp.Default.props" />
<PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|Win32'" Label="Configuration">
diff --git a/Projects/VC2017/linkicc/linkicc.vcxproj b/Projects/VC2017/linkicc/linkicc.vcxproj
index 30c2b4e..51586dd 100644
--- a/Projects/VC2017/linkicc/linkicc.vcxproj
+++ b/Projects/VC2017/linkicc/linkicc.vcxproj
@@ -22,7 +22,7 @@
<ProjectGuid>{FBFBE1DC-DB84-4BA1-9552-B4780F457849}</ProjectGuid>
<RootNamespace>linkicc</RootNamespace>
<Keyword>Win32Proj</Keyword>
- <WindowsTargetPlatformVersion>8.1</WindowsTargetPlatformVersion>
+ <WindowsTargetPlatformVersion>10.0.17134.0</WindowsTargetPlatformVersion>
</PropertyGroup>
<Import Project="$(VCTargetsPath)\Microsoft.Cpp.Default.props" />
<PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|Win32'" Label="Configuration">
diff --git a/Projects/VC2017/psicc/psicc.vcxproj b/Projects/VC2017/psicc/psicc.vcxproj
index 9dcf89a..8f26e12 100644
--- a/Projects/VC2017/psicc/psicc.vcxproj
+++ b/Projects/VC2017/psicc/psicc.vcxproj
@@ -22,7 +22,7 @@
<ProjectGuid>{EF6A8851-65FE-46F5-B9EF-14F0B671F693}</ProjectGuid>
<RootNamespace>psicc</RootNamespace>
<Keyword>Win32Proj</Keyword>
- <WindowsTargetPlatformVersion>8.1</WindowsTargetPlatformVersion>
+ <WindowsTargetPlatformVersion>10.0.17134.0</WindowsTargetPlatformVersion>
</PropertyGroup>
<Import Project="$(VCTargetsPath)\Microsoft.Cpp.Default.props" />
<PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|Win32'" Label="Configuration">
diff --git a/Projects/VC2017/testbed/testbed.vcxproj b/Projects/VC2017/testbed/testbed.vcxproj
index 0af3762..3f6aea3 100644
--- a/Projects/VC2017/testbed/testbed.vcxproj
+++ b/Projects/VC2017/testbed/testbed.vcxproj
@@ -22,7 +22,7 @@
<ProjectGuid>{928A3A2B-46EF-4279-959C-513B3652FF0E}</ProjectGuid>
<RootNamespace>testbed</RootNamespace>
<Keyword>Win32Proj</Keyword>
- <WindowsTargetPlatformVersion>8.1</WindowsTargetPlatformVersion>
+ <WindowsTargetPlatformVersion>10.0.17134.0</WindowsTargetPlatformVersion>
</PropertyGroup>
<Import Project="$(VCTargetsPath)\Microsoft.Cpp.Default.props" />
<PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|Win32'" Label="Configuration">
diff --git a/Projects/VC2017/tiffdiff/tiffdiff.vcxproj b/Projects/VC2017/tiffdiff/tiffdiff.vcxproj
index 7edfe28..3a6d837 100644
--- a/Projects/VC2017/tiffdiff/tiffdiff.vcxproj
+++ b/Projects/VC2017/tiffdiff/tiffdiff.vcxproj
@@ -22,7 +22,7 @@
<ProjectGuid>{75B91835-CCD7-48BE-A606-A9C997D5DBEE}</ProjectGuid>
<RootNamespace>tiffdiff</RootNamespace>
<Keyword>Win32Proj</Keyword>
- <WindowsTargetPlatformVersion>8.1</WindowsTargetPlatformVersion>
+ <WindowsTargetPlatformVersion>10.0.17134.0</WindowsTargetPlatformVersion>
</PropertyGroup>
<Import Project="$(VCTargetsPath)\Microsoft.Cpp.Default.props" />
<PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|Win32'" Label="Configuration">
diff --git a/Projects/VC2017/tifficc/tifficc.vcxproj b/Projects/VC2017/tifficc/tifficc.vcxproj
index cd9f04c..5ef954f 100644
--- a/Projects/VC2017/tifficc/tifficc.vcxproj
+++ b/Projects/VC2017/tifficc/tifficc.vcxproj
@@ -22,7 +22,7 @@
<ProjectGuid>{2256DE16-ED92-4A6F-9C54-F65BB61E64A2}</ProjectGuid>
<RootNamespace>tifficc</RootNamespace>
<Keyword>Win32Proj</Keyword>
- <WindowsTargetPlatformVersion>8.1</WindowsTargetPlatformVersion>
+ <WindowsTargetPlatformVersion>10.0.17134.0</WindowsTargetPlatformVersion>
</PropertyGroup>
<Import Project="$(VCTargetsPath)\Microsoft.Cpp.Default.props" />
<PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|Win32'" Label="Configuration">
diff --git a/Projects/VC2017/transicc/transicc.vcxproj b/Projects/VC2017/transicc/transicc.vcxproj
index d9b77c6..b3173d8 100644
--- a/Projects/VC2017/transicc/transicc.vcxproj
+++ b/Projects/VC2017/transicc/transicc.vcxproj
@@ -22,6 +22,7 @@
<ProjectGuid>{9EE22D66-C849-474C-9ED5-C3E141DAB160}</ProjectGuid>
<RootNamespace>transicc</RootNamespace>
<Keyword>Win32Proj</Keyword>
+ <WindowsTargetPlatformVersion>10.0.17134.0</WindowsTargetPlatformVersion>
</PropertyGroup>
<Import Project="$(VCTargetsPath)\Microsoft.Cpp.Default.props" />
<PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|Win32'" Label="Configuration">
diff --git a/src/cmscgats.c b/src/cmscgats.c
index 1a87613..8c3e96d 100644
--- a/src/cmscgats.c
+++ b/src/cmscgats.c
@@ -1,7 +1,7 @@
//---------------------------------------------------------------------------------
//
// Little Color Management System
-// Copyright (c) 1998-2017 Marti Maria Saguer
+// Copyright (c) 1998-2018 Marti Maria Saguer
//
// Permission is hereby granted, free of charge, to any person obtaining
// a copy of this software and associated documentation files (the "Software"),
@@ -1506,10 +1506,16 @@ void AllocateDataSet(cmsIT8* it8)
t-> nSamples = atoi(cmsIT8GetProperty(it8, "NUMBER_OF_FIELDS"));
t-> nPatches = atoi(cmsIT8GetProperty(it8, "NUMBER_OF_SETS"));
- t-> Data = (char**)AllocChunk (it8, ((cmsUInt32Number) t->nSamples + 1) * ((cmsUInt32Number) t->nPatches + 1) *sizeof (char*));
- if (t->Data == NULL) {
+ if (t -> nSamples < 0 || t->nSamples > 0x7ffe || t->nPatches < 0 || t->nPatches > 0x7ffe)
+ {
+ SynError(it8, "AllocateDataSet: too much data");
+ }
+ else {
+ t->Data = (char**)AllocChunk(it8, ((cmsUInt32Number)t->nSamples + 1) * ((cmsUInt32Number)t->nPatches + 1) * sizeof(char*));
+ if (t->Data == NULL) {
- SynError(it8, "AllocateDataSet: Unable to allocate data array");
+ SynError(it8, "AllocateDataSet: Unable to allocate data array");
+ }
}
}
--
2.17.1

27
lcms2.spec
View File

@ -1,12 +1,13 @@
Name: lcms2 Name: lcms2
Version: 2.9 Version: 2.9
Release: 3%{?dist} Release: 4%{?dist}
Summary: Color Management Engine Summary: Color Management Engine
License: MIT License: MIT
URL: http://www.littlecms.com/ URL: http://www.littlecms.com/
Source0: http://www.littlecms.com/lcms2-%{version}.tar.gz Source0: http://www.littlecms.com/lcms2-%{version}.tar.gz
## upstream patches ## upstream patches
Patch17: 0017-Upgrade-Visual-studio-2017-15.8.patch
BuildRequires: gcc BuildRequires: gcc
BuildRequires: libjpeg-devel BuildRequires: libjpeg-devel
@ -34,22 +35,25 @@ Provides: littlecms-devel = %{version}-%{release}
Development files for LittleCMS. Development files for LittleCMS.
%prep %prep
%setup -q %autosetup -p1
%build %build
%configure --disable-static --program-suffix=2 %configure \
--disable-static \
--program-suffix=2
# remove rpath from libtool # remove rpath from libtool
sed -i.rpath 's|^hardcode_libdir_flag_spec=.*|hardcode_libdir_flag_spec=""|g' libtool sed -i.rpath 's|^hardcode_libdir_flag_spec=.*|hardcode_libdir_flag_spec=""|g' libtool
sed -i.rpath 's|^runpath_var=LD_RUN_PATH|runpath_var=DIE_RPATH_DIE|g' libtool sed -i.rpath 's|^runpath_var=LD_RUN_PATH|runpath_var=DIE_RPATH_DIE|g' libtool
make %{?_smp_mflags} %make_build
%install %install
make install DESTDIR=${RPM_BUILD_ROOT} INSTALL="install -p" %make_install
rm -fv ${RPM_BUILD_ROOT}%{_libdir}/lib*.la rm -fv %{buildroot}%{_libdir}/lib*.la
# rename docs (for use with %%doc below) # rename docs (for use with %%doc below)
cp -alf doc/LittleCMS2.?\ API.pdf api.pdf cp -alf doc/LittleCMS2.?\ API.pdf api.pdf
@ -58,12 +62,10 @@ cp -alf doc/LittleCMS2.?\ tutorial.pdf tutorial.pdf
%check %check
make check -k ||: %make_build check -k ||:
%post -p /sbin/ldconfig %ldconfig_scriptlets
%postun -p /sbin/ldconfig
%files %files
%doc AUTHORS %doc AUTHORS
@ -80,7 +82,12 @@ make check -k ||:
%{_libdir}/liblcms2.so %{_libdir}/liblcms2.so
%{_libdir}/pkgconfig/lcms2.pc %{_libdir}/pkgconfig/lcms2.pc
%changelog %changelog
* Tue Sep 18 2018 Rex Dieter <rdieter@fedoraproject.org> - 2.9-4
- CVE-2018-16435 lcms2: heap-based buffer overflow in SetData function in cmsIT8LoadFromFile (#1628969)
- .spec cosmetics, use %%make_build %%make_install %%ldconfig_scriptlets
* Fri Jul 13 2018 Fedora Release Engineering <releng@fedoraproject.org> - 2.9-3 * Fri Jul 13 2018 Fedora Release Engineering <releng@fedoraproject.org> - 2.9-3
- Rebuilt for https://fedoraproject.org/wiki/Fedora_29_Mass_Rebuild - Rebuilt for https://fedoraproject.org/wiki/Fedora_29_Mass_Rebuild