Hello community, here is the log from the commit of package lcms for openSUSE:Factory checked in at 2013-10-06 14:26:34 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/lcms (Old) and /work/SRC/openSUSE:Factory/.lcms.new (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "lcms" Changes: -------- --- /work/SRC/openSUSE:Factory/lcms/lcms.changes 2013-04-14 10:16:54.000000000 +0200 +++ /work/SRC/openSUSE:Factory/.lcms.new/lcms.changes 2013-10-06 14:26:35.000000000 +0200 @@ -1,0 +2,11 @@ +Sat Oct 5 19:37:49 UTC 2013 - crrodrig...@opensuse.org + +- add zlib-devel to buildrequires, not implicit anymore. + +------------------------------------------------------------------- +Fri Oct 4 18:26:21 CEST 2013 - sbra...@suse.cz + +- Stack overflow fix + (CVE-2013-4276.patch, bnc#843716, CVE-2013-4276). + +------------------------------------------------------------------- New: ---- CVE-2013-4276.patch ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ lcms.spec ++++++ --- /var/tmp/diff_new_pack.NG0Twg/_old 2013-10-06 14:26:36.000000000 +0200 +++ /var/tmp/diff_new_pack.NG0Twg/_new 2013-10-06 14:26:36.000000000 +0200 @@ -29,6 +29,8 @@ Patch: lcms-endian.patch Patch1: lcms-strict-aliasing.patch Patch2: lcms-implicit-declaration.patch +# PATCH-FIX-SECURITY CVE-2013-4276.patch bnc843716 sbra...@suse.cz -- Stack overflow fix. +Patch3: CVE-2013-4276.patch %if 0%{?fedora_version} BuildRequires: gcc-c++ @@ -44,6 +46,7 @@ BuildRequires: libtiff-devel BuildRequires: pkg-config BuildRequires: python-devel +BuildRequires: zlib-devel %endif # bug437293 @@ -97,7 +100,7 @@ %patch %patch1 %patch2 -#%patch3 -p1 +%patch3 -p1 cp -a README.1ST README chmod -x COPYING AUTHORS NEWS README doc/*.TXT ++++++ CVE-2013-4276.patch ++++++ --- lcms-1.19.dfsg/samples/icctrans.c 2009-10-30 15:57:45.000000000 +0000 +++ lcms-1.19.dfsg/samples/icctrans.c 2013-08-06 11:53:14.385266647 +0100 @@ -86,6 +86,8 @@ static LPcmsNAMEDCOLORLIST InputColorant = NULL; static LPcmsNAMEDCOLORLIST OutputColorant = NULL; +unsigned int Buffer_size = 4096; + // isatty replacement @@ -500,7 +502,7 @@ Prefix[0] = 0; if (!lTerse) - sprintf(Prefix, "%s=", C); + snprintf(Prefix, 20, "%s=", C); if (InHexa) { @@ -648,7 +650,9 @@ static void GetLine(char* Buffer) { - scanf("%s", Buffer); + char User_buffer[Buffer_size]; + fgets(User_buffer, (Buffer_size - 1), stdin); + sscanf(User_buffer,"%s", Buffer); if (toupper(Buffer[0]) == 'Q') { // Quit? @@ -668,7 +672,7 @@ static double GetAnswer(const char* Prompt, double Range) { - char Buffer[4096]; + char Buffer[Buffer_size]; double val = 0.0; if (Range == 0.0) { // Range 0 means double value @@ -738,7 +742,7 @@ static WORD GetIndex(void) { - char Buffer[4096], Name[40], Prefix[40], Suffix[40]; + char Buffer[Buffer_size], Name[40], Prefix[40], Suffix[40]; int index, max; max = cmsNamedColorCount(hTrans)-1; --- lcms-1.19.dfsg/tifficc/tiffdiff.c 2009-10-30 15:57:46.000000000 +0000 +++ lcms-1.19.dfsg/tifficc/tiffdiff.c 2013-08-06 11:49:06.698951157 +0100 @@ -633,7 +633,7 @@ cmsIT8SetSheetType(hIT8, "TIFFDIFF"); - sprintf(Buffer, "Differences between %s and %s", TiffName1, TiffName2); + snprintf(Buffer, 256, "Differences between %s and %s", TiffName1, TiffName2); cmsIT8SetComment(hIT8, Buffer); -- To unsubscribe, e-mail: opensuse-commit+unsubscr...@opensuse.org For additional commands, e-mail: opensuse-commit+h...@opensuse.org