Package: lcms Version: 1.19.dfsg-1.2 Severity: normal Tags: patch pending Dear maintainer,
I've prepared an NMU for lcms (versioned as 1.19.dfsg1-1.3) and uploaded it to DELAYED/8. Please feel free to tell me if I should delay it longer. Please note that I cannot upload myself, therefore I will ask Thijs, my AM to do it for me. So please make sure to keep him CC if you need a longer delay or if the NMU shouls be canceled. Note: the nmudiff below is shortened by this three files: lcms-1.19.dfsg1/include/icc34.h lcms-1.19.dfsg1/python/lcms.py lcms-1.19.dfsg1/python/lcms_wrap.cxx They are already different in the current Debian version, compared to the orig.tar.gz and there are no additional changes for them due to this NMU (they are anyway SWIG-generated files) Regards. -- Tobi Binary files /tmp/lLzR8CKmmn/lcms-1.19.dfsg/Delphi/Samples/sRGB Color Space Profile.icm and /tmp/01pcgTspqX/lcms-1.19.dfsg1/Delphi/Samples/sRGB Color Space Profile.icm differ diff -Nru lcms-1.19.dfsg/debian/changelog lcms-1.19.dfsg1/debian/changelog --- lcms-1.19.dfsg/debian/changelog 2014-03-27 13:03:19.000000000 +0100 +++ lcms-1.19.dfsg1/debian/changelog 2014-03-27 13:03:21.000000000 +0100 @@ -1,3 +1,15 @@ +lcms (1.19.dfsg1-1.3) unstable; urgency=medium + + * Non-maintainer upload. + * Apply fix from OpenSuse for CVE-2013-4276 (Closes: #718682) + * Repack orig-source to remove non-dfsg free color profiles. This is + necessary as the resulting lintian error + license-problem-md5sum-non-free-file would lead to an autoreject + (Closes: #736806). + * Fix CVE-2013-4160 by backporting the fix from lcms-2 (Closes: #728208) + + -- Tobias Frost <[email protected]> Thu, 27 Mar 2014 12:20:24 +0100 + lcms (1.19.dfsg-1.2) unstable; urgency=low * Non-maintainer upload. Binary files /tmp/lLzR8CKmmn/lcms-1.19.dfsg/python/testbed/sRGB Color Space Profile.icm and /tmp/01pcgTspqX/lcms-1.19.dfsg1/python/testbed/sRGB Color Space Profile.icm differ diff -Nru lcms-1.19.dfsg/samples/icctrans.c lcms-1.19.dfsg1/samples/icctrans.c --- lcms-1.19.dfsg/samples/icctrans.c 2009-10-30 16:57:45.000000000 +0100 +++ lcms-1.19.dfsg1/samples/icctrans.c 2014-03-27 13:03:21.000000000 +0100 @@ -86,6 +86,8 @@ static LPcmsNAMEDCOLORLIST InputColorant = NULL; static LPcmsNAMEDCOLORLIST OutputColorant = NULL; +unsigned int Buffer_size = 4096; + // isatty replacement @@ -500,7 +502,7 @@ Prefix[0] = 0; if (!lTerse) - sprintf(Prefix, "%s=", C); + snprintf(Prefix, 20, "%s=", C); if (InHexa) { @@ -648,7 +650,9 @@ static void GetLine(char* Buffer) { - scanf("%s", Buffer); + char User_buffer[Buffer_size]; + fgets(User_buffer, (Buffer_size - 1), stdin); + sscanf(User_buffer,"%s", Buffer); if (toupper(Buffer[0]) == 'Q') { // Quit? @@ -668,7 +672,7 @@ static double GetAnswer(const char* Prompt, double Range) { - char Buffer[4096]; + char Buffer[Buffer_size]; double val = 0.0; if (Range == 0.0) { // Range 0 means double value @@ -738,7 +742,7 @@ static WORD GetIndex(void) { - char Buffer[4096], Name[40], Prefix[40], Suffix[40]; + char Buffer[Buffer_size], Name[40], Prefix[40], Suffix[40]; int index, max; max = cmsNamedColorCount(hTrans)-1; diff -Nru lcms-1.19.dfsg/src/cmsio1.c lcms-1.19.dfsg1/src/cmsio1.c --- lcms-1.19.dfsg/src/cmsio1.c 2009-11-13 10:02:11.000000000 +0100 +++ lcms-1.19.dfsg1/src/cmsio1.c 2014-03-27 13:03:21.000000000 +0100 @@ -2007,9 +2007,9 @@ return 0; } - strncpy(v ->NamedColorList->Prefix, (const char*) nc2.prefix, 32); - strncpy(v ->NamedColorList->Suffix, (const char*) nc2.suffix, 32); - v ->NamedColorList->Prefix[32] = v->NamedColorList->Suffix[32] = 0; + strncpy(v ->NamedColorList->Prefix, (const char*) nc2.prefix, 31); + strncpy(v ->NamedColorList->Suffix, (const char*) nc2.suffix, 31); + v ->NamedColorList->Prefix[31] = v->NamedColorList->Suffix[31] = 0; v ->NamedColorList ->ColorantCount = nc2.nDeviceCoords; Binary files /tmp/lLzR8CKmmn/lcms-1.19.dfsg/testbed/sRGB Color Space Profile.icm and /tmp/01pcgTspqX/lcms-1.19.dfsg1/testbed/sRGB Color Space Profile.icm differ diff -Nru lcms-1.19.dfsg/tifficc/tiffdiff.c lcms-1.19.dfsg1/tifficc/tiffdiff.c --- lcms-1.19.dfsg/tifficc/tiffdiff.c 2009-10-30 16:57:46.000000000 +0100 +++ lcms-1.19.dfsg1/tifficc/tiffdiff.c 2014-03-27 13:03:21.000000000 +0100 @@ -633,7 +633,7 @@ cmsIT8SetSheetType(hIT8, "TIFFDIFF"); - sprintf(Buffer, "Differences between %s and %s", TiffName1, TiffName2); + snprintf(Buffer, 256, "Differences between %s and %s", TiffName1, TiffName2); cmsIT8SetComment(hIT8, Buffer); -- To UNSUBSCRIBE, email to [email protected] with a subject of "unsubscribe". Trouble? Contact [email protected]
