Date: Saturday, December 16, 2017 @ 19:50:06
Author: heftig
Revision: 312973
1.4.1+6+gf08c25d-1
Added:
colord/trunk/0001-Make-cd_color_get_blackbody_rgb_full-safer.patch
colord/trunk/0002-Avoid-buffer-overflow-when-reading-profile_id.patch
Modified:
colord/trunk/PKGBUILD
Deleted:
colord/trunk/colord.install
----------------------------------------------------------+
0001-Make-cd_color_get_blackbody_rgb_full-safer.patch | 74 +++++++++++++
0002-Avoid-buffer-overflow-when-reading-profile_id.patch | 62 ++++++++++
PKGBUILD | 31 ++---
colord.install | 8 -
4 files changed, 152 insertions(+), 23 deletions(-)
Added: 0001-Make-cd_color_get_blackbody_rgb_full-safer.patch
===================================================================
--- 0001-Make-cd_color_get_blackbody_rgb_full-safer.patch
(rev 0)
+++ 0001-Make-cd_color_get_blackbody_rgb_full-safer.patch 2017-12-16
19:50:06 UTC (rev 312973)
@@ -0,0 +1,74 @@
+From 264981ddfd1984b25c629d8e3ef6cf25c70cc61a Mon Sep 17 00:00:00 2001
+Message-Id:
<264981ddfd1984b25c629d8e3ef6cf25c70cc61a.1513453349.git.jan.steff...@gmail.com>
+From: "Jan Alexander Steffens (heftig)" <jan.steff...@gmail.com>
+Date: Sat, 16 Dec 2017 04:18:01 +0100
+Subject: [PATCH 1/2] Make cd_color_get_blackbody_rgb_full safer
+
+Validate arguments. If temp is divisible by 100, avoid interpolation
+because it accesses beyond the data for temp == 10000.
+---
+ lib/colord/cd-color.c | 22 ++++++++++++++--------
+ 1 file changed, 14 insertions(+), 8 deletions(-)
+
+diff --git a/lib/colord/cd-color.c b/lib/colord/cd-color.c
+index 6062595187616846..3907a7349c1351ba 100644
+--- a/lib/colord/cd-color.c
++++ b/lib/colord/cd-color.c
+@@ -29,6 +29,7 @@
+ #include "config.h"
+
+ #include <math.h>
++#include <stdlib.h>
+ #include <glib-object.h>
+ #include <lcms2.h>
+
+@@ -1444,33 +1445,38 @@ cd_color_get_blackbody_rgb_full (gdouble temp,
+ CdColorBlackbodyFlags flags)
+ {
+ gboolean ret = TRUE;
+- gdouble alpha;
+- gint temp_index;
++ div_t temp_int;
+ const CdColorRGB *blackbody_func = blackbody_data_d65modified;
+
++ g_return_val_if_fail (!isnan (temp), FALSE);
++ g_return_val_if_fail (result != NULL, FALSE);
++
+ /* use modified curve */
+ if (flags & CD_COLOR_BLACKBODY_FLAG_USE_PLANCKIAN)
+ blackbody_func = blackbody_data_d65plankian;
+
+ /* check lower bound */
+ if (temp < 1000) {
+ ret = FALSE;
+ temp = 1000;
+ }
+
+ /* check upper bound */
+ if (temp > 10000) {
+ ret = FALSE;
+ temp = 10000;
+ }
+
+ /* bilinear interpolate the blackbody data */
+- alpha = ((guint) temp % 100) / 100.0;
+- temp_index = ((guint) temp - 1000) / 100;
+- cd_color_rgb_interpolate (&blackbody_func[temp_index],
+- &blackbody_func[temp_index + 1],
+- alpha,
+- result);
++ temp_int = div (temp, 100);
++ if (temp_int.rem == 0)
++ *result = blackbody_func[temp_int.quot - 10];
++ else
++ cd_color_rgb_interpolate (&blackbody_func[temp_int.quot - 10],
++ &blackbody_func[temp_int.quot - 9],
++ temp_int.rem / 100.0,
++ result);
++
+ return ret;
+ }
+
+--
+2.15.1
+
Added: 0002-Avoid-buffer-overflow-when-reading-profile_id.patch
===================================================================
--- 0002-Avoid-buffer-overflow-when-reading-profile_id.patch
(rev 0)
+++ 0002-Avoid-buffer-overflow-when-reading-profile_id.patch 2017-12-16
19:50:06 UTC (rev 312973)
@@ -0,0 +1,62 @@
+From 1b9d7f1c7e32c831157868b536bfaf4ce436c1ee Mon Sep 17 00:00:00 2001
+Message-Id:
<1b9d7f1c7e32c831157868b536bfaf4ce436c1ee.1513453349.git.jan.steff...@gmail.com>
+In-Reply-To:
<264981ddfd1984b25c629d8e3ef6cf25c70cc61a.1513453349.git.jan.steff...@gmail.com>
+References:
<264981ddfd1984b25c629d8e3ef6cf25c70cc61a.1513453349.git.jan.steff...@gmail.com>
+From: "Jan Alexander Steffens (heftig)" <jan.steff...@gmail.com>
+Date: Sat, 16 Dec 2017 20:40:51 +0100
+Subject: [PATCH 2/2] Avoid buffer overflow when reading profile_id
+
+The profile ID is 16 bytes, not 4 bytes. Use the union type specified by
+the LCMS API.
+---
+ lib/colord/cd-icc.c | 14 +++++++-------
+ 1 file changed, 7 insertions(+), 7 deletions(-)
+
+diff --git a/lib/colord/cd-icc.c b/lib/colord/cd-icc.c
+index 99fa27b2988b26d0..8b7841fdd66de3f6 100644
+--- a/lib/colord/cd-icc.c
++++ b/lib/colord/cd-icc.c
+@@ -227,20 +227,20 @@ gchar *
+ cd_icc_to_string (CdIcc *icc)
+ {
+ CdIccPrivate *priv = GET_PRIVATE (icc);
++ cmsProfileID profile_id;
+ cmsInt32Number tag_size;
+ cmsTagSignature sig;
+ cmsTagSignature sig_link;
+ cmsTagTypeSignature tag_type;
+ gboolean ret;
+ gchar tag_str[5] = " ";
+ GDateTime *created;
+ GError *error_local = NULL;
+ GString *str;
+ guint32 i;
+ guint32 number_tags;
+ guint32 tmp;
+ guint64 header_flags;
+- guint8 profile_id[4];
+
+ g_return_val_if_fail (CD_IS_ICC (icc), NULL);
+
+@@ -335,12 +335,12 @@ cd_icc_to_string (CdIcc *icc)
+ g_string_append_printf (str, " Creator\t= %s\n", tag_str);
+
+ /* profile ID */
+- cmsGetHeaderProfileID (priv->lcms_profile, profile_id);
+- g_string_append_printf (str, " Profile ID\t= 0x%02x%02x%02x%02x\n",
+- profile_id[0],
+- profile_id[1],
+- profile_id[2],
+- profile_id[3]);
++ cmsGetHeaderProfileID (priv->lcms_profile, profile_id.ID8);
++ g_string_append_printf (str, " Profile ID\t= %08x%08x%08x%08x\n",
++ profile_id.ID32[0],
++ profile_id.ID32[1],
++ profile_id.ID32[2],
++ profile_id.ID32[3]);
+
+ /* print tags */
+ g_string_append (str, "\n");
+--
+2.15.1
+
Modified: PKGBUILD
===================================================================
--- PKGBUILD 2017-12-16 19:44:13 UTC (rev 312972)
+++ PKGBUILD 2017-12-16 19:50:06 UTC (rev 312973)
@@ -3,7 +3,7 @@
# Contributor: Ionut Biru <ib...@archlinux.org>
pkgname=colord
-pkgver=1.4.1
+pkgver=1.4.1+6+gf08c25d
pkgrel=1
pkgdesc="System daemon for managing color devices"
arch=(x86_64)
@@ -15,10 +15,14 @@
optdepends=('sane: scanner support'
'argyllcms: color profiling')
replaces=(shared-color-profiles)
-install=colord.install
-_commit=ef560710602ce590e72f8412cb200f68d6e3e153 # tags/1.4.1^0
-source=("git+https://github.com/hughsie/colord#commit=$_commit";)
-sha1sums=('SKIP')
+options=(!emptydirs)
+_commit=f08c25ddd93ad3fa691172119a038465cd178420 # master
+source=("git+https://github.com/hughsie/colord#commit=$_commit";
+ 0001-Make-cd_color_get_blackbody_rgb_full-safer.patch
+ 0002-Avoid-buffer-overflow-when-reading-profile_id.patch)
+sha256sums=('SKIP'
+ 'b804aa00631040fff7032af12c2c92c1b6de42b7adfd8d05671257071ef348ce'
+ 'db50941a8f35f819123f4dac55269acf6e1916287c69087e69d506499c0ee974')
validpgpkeys=('163EB50119225DB3DF8F49EA17ACBA8DFA970E17')
pkgver() {
@@ -27,20 +31,19 @@
}
prepare() {
- mkdir build
cd $pkgname
+ patch -Np1 -i ../0001-Make-cd_color_get_blackbody_rgb_full-safer.patch
+ patch -Np1 -i ../0002-Avoid-buffer-overflow-when-reading-profile_id.patch
}
build() {
- cd build
- meson setup --prefix=/usr --buildtype=release ../$pkgname \
- --localstatedir=/var --libexecdir=/usr/lib/$pkgname \
+ arch-meson $pkgname build \
-Denable-libcolordcompat=true \
-Denable-sane=true \
-Denable-vala=true \
-Denable-print-profiles=true \
-Dwith-daemon-user=colord
- ninja
+ ninja -C build
}
check() {
@@ -49,11 +52,9 @@
}
package() {
- cd build
- DESTDIR="$pkgdir" ninja install
-
- # the build system has no colord user, so the chown fails
- chown -R 124:124 "$pkgdir/var/lib/colord"
+ DESTDIR="$pkgdir" ninja -C build install
+ echo 'u colord - "Color management daemon" /var/lib/colord' |
+ install -Dm644 /dev/stdin "$pkgdir/usr/lib/sysusers.d/$pkgname.conf"
}
# vim:set ts=2 sw=2 et:
Deleted: colord.install
===================================================================
--- colord.install 2017-12-16 19:44:13 UTC (rev 312972)
+++ colord.install 2017-12-16 19:50:06 UTC (rev 312973)
@@ -1,8 +0,0 @@
-post_install() {
- getent group colord >/dev/null || groupadd -g 124 colord
- getent passwd colord >/dev/null || useradd -d /var/lib/colord -u 124 -g
colord -s /bin/false colord
-}
-
-post_upgrade() {
- post_install
-}
