SECURITY for CVE-2012-4405, from Redhat.
Note that our ghostscript port isn't affected by this bug (because it doesn't build/use libicc). ok jasper@
This commit is contained in:
parent
7405d8333e
commit
421c7c8791
@ -1,11 +1,11 @@
|
||||
# $OpenBSD: Makefile,v 1.2 2011/11/13 13:54:04 ajacoutot Exp $
|
||||
# $OpenBSD: Makefile,v 1.3 2012/09/25 19:51:31 kili Exp $
|
||||
|
||||
COMMENT= ICC compatible color management system
|
||||
|
||||
V= 1.1.0-20100201
|
||||
DISTNAME= hargyllcms-${V}
|
||||
PKGNAME= argyll-${V:S/-/./}
|
||||
REVISION= 0
|
||||
REVISION= 1
|
||||
|
||||
CATEGORIES= graphics sysutils
|
||||
|
||||
|
20
graphics/argyll/patches/patch-icc_icc_c
Normal file
20
graphics/argyll/patches/patch-icc_icc_c
Normal file
@ -0,0 +1,20 @@
|
||||
$OpenBSD: patch-icc_icc_c,v 1.1 2012/09/25 19:51:31 kili Exp $
|
||||
|
||||
Fix for CVE-2012-4405 (heap-based buffer overflow). From Redhat.
|
||||
|
||||
https://bugzilla.redhat.com/show_bug.cgi?id=854227
|
||||
|
||||
--- icc/icc.c.orig Sun Jan 17 05:04:35 2010
|
||||
+++ icc/icc.c Tue Sep 25 20:18:11 2012
|
||||
@@ -6050,6 +6050,11 @@ static int icmLut_read(
|
||||
p->clutPoints = read_UInt8Number(bp+10);
|
||||
|
||||
/* Sanity check */
|
||||
+ if (p->inputChan < 1) {
|
||||
+ sprintf(icp->err,"icmLut_read: No input channels!");
|
||||
+ return icp->errc = 1;
|
||||
+ }
|
||||
+
|
||||
if (p->inputChan > MAX_CHAN) {
|
||||
sprintf(icp->err,"icmLut_read: Can't handle > %d input channels\n",MAX_CHAN);
|
||||
return icp->errc = 1;
|
Loading…
Reference in New Issue
Block a user