From ed7732bc625585e6ec51c6f60716c8a6a916082b Mon Sep 17 00:00:00 2001
From: Alex Vong <alexvong1995@gmail.com>
Date: Sat, 11 Feb 2017 22:58:19 +0800
Subject: gnu: lcms: Mention CVE-2016-10165.

* gnu/packages/patches/lcms-fix-out-of-bounds-read.patch: Rename to ...
* gnu/packages/patches/lcms-CVE-2016-10165.patch: ... this.
* gnu/local.mk (dist_patch_DATA): Adjust.
* gnu/packages/ghostscript.scm (lcms)[source]: Use renamed patch.

Signed-off-by: Marius Bakke <mbakke@fastmail.com>
---
 gnu/local.mk                                       |  3 +-
 gnu/packages/ghostscript.scm                       |  2 +-
 gnu/packages/patches/lcms-CVE-2016-10165.patch     | 36 ++++++++++++++++++++++
 .../patches/lcms-fix-out-of-bounds-read.patch      | 34 --------------------
 4 files changed, 39 insertions(+), 36 deletions(-)
 create mode 100644 gnu/packages/patches/lcms-CVE-2016-10165.patch
 delete mode 100644 gnu/packages/patches/lcms-fix-out-of-bounds-read.patch

(limited to 'gnu')

diff --git a/gnu/local.mk b/gnu/local.mk
index 753c0ef053..af9dfff0f8 100644
--- a/gnu/local.mk
+++ b/gnu/local.mk
@@ -9,6 +9,7 @@
 # Copyright © 2016 Adonay "adfeno" Felipe Nogueira <https://libreplanet.org/wiki/User:Adfeno> <adfeno@openmailbox.org>
 # Copyright © 2016, 2017 Ricardo Wurmus <rekado@elephly.net>
 # Copyright © 2016 Ben Woodcroft <donttrustben@gmail.com>
+# Copyright © 2016, 2017 Alex Vong <alexvong1995@gmail.com>
 #
 # This file is part of GNU Guix.
 #
@@ -656,7 +657,7 @@ dist_patch_DATA =						\
   %D%/packages/patches/kobodeluxe-midicon-segmentation-fault.patch	\
   %D%/packages/patches/kobodeluxe-graphics-window-signed-char.patch	\
   %D%/packages/patches/laby-make-install.patch			\
-  %D%/packages/patches/lcms-fix-out-of-bounds-read.patch	\
+  %D%/packages/patches/lcms-CVE-2016-10165.patch		\
   %D%/packages/patches/ldc-disable-tests.patch			\
   %D%/packages/patches/ldc-1.1.0-disable-dmd-tests.patch	\
   %D%/packages/patches/ldc-1.1.0-disable-phobos-tests.patch	\
diff --git a/gnu/packages/ghostscript.scm b/gnu/packages/ghostscript.scm
index 4b8e62348c..826a2fc374 100644
--- a/gnu/packages/ghostscript.scm
+++ b/gnu/packages/ghostscript.scm
@@ -45,7 +45,7 @@
             (method url-fetch)
             (uri (string-append "mirror://sourceforge/lcms/lcms/" version
                                 "/lcms2-" version ".tar.gz"))
-            (patches (search-patches "lcms-fix-out-of-bounds-read.patch"))
+            (patches (search-patches "lcms-CVE-2016-10165.patch"))
             (sha256 (base32
                      "08pvl289g0mbznzx5l6ibhaldsgx41kwvdn2c974ga9fkli2pl36"))))
    (build-system gnu-build-system)
diff --git a/gnu/packages/patches/lcms-CVE-2016-10165.patch b/gnu/packages/patches/lcms-CVE-2016-10165.patch
new file mode 100644
index 0000000000..fa4d75c9ee
--- /dev/null
+++ b/gnu/packages/patches/lcms-CVE-2016-10165.patch
@@ -0,0 +1,36 @@
+Fix CVE-2016-10165, an out-of-bounds heap read in Type_MLU_Read():
+
+https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-10165
+http://seclists.org/oss-sec/2016/q3/288
+https://bugzilla.redhat.com/show_bug.cgi?id=1367357
+https://security-tracker.debian.org/tracker/CVE-2016-10165
+
+Patch copied from upstream source repository:
+
+https://github.com/mm2/Little-CMS/commit/5ca71a7bc18b6897ab21d815d15e218e204581e2
+
+From 5ca71a7bc18b6897ab21d815d15e218e204581e2 Mon Sep 17 00:00:00 2001
+From: Marti <marti.maria@tktbrainpower.com>
+Date: Mon, 15 Aug 2016 23:31:39 +0200
+Subject: [PATCH] Added an extra check to MLU bounds
+
+Thanks to Ibrahim el-sayed for spotting the bug
+---
+ src/cmstypes.c | 1 +
+ 1 file changed, 1 insertion(+)
+
+diff --git a/src/cmstypes.c b/src/cmstypes.c
+index cb61860..c7328b9 100644
+--- a/src/cmstypes.c
++++ b/src/cmstypes.c
+@@ -1460,6 +1460,7 @@ void *Type_MLU_Read(struct _cms_typehandler_struct* self, cmsIOHANDLER* io, cmsU
+ 
+         // Check for overflow
+         if (Offset < (SizeOfHeader + 8)) goto Error;
++        if ((Offset + Len) > SizeOfTag + 8) goto Error;
+ 
+         // True begin of the string
+         BeginOfThisString = Offset - SizeOfHeader - 8;
+-- 
+2.11.0
+
diff --git a/gnu/packages/patches/lcms-fix-out-of-bounds-read.patch b/gnu/packages/patches/lcms-fix-out-of-bounds-read.patch
deleted file mode 100644
index d9f7ac6a36..0000000000
--- a/gnu/packages/patches/lcms-fix-out-of-bounds-read.patch
+++ /dev/null
@@ -1,34 +0,0 @@
-Fix an out-of-bounds heap read in Type_MLU_Read():
-
-http://seclists.org/oss-sec/2016/q3/288
-https://bugzilla.redhat.com/show_bug.cgi?id=1367357
-
-Patch copied from upstream source repository:
-
-https://github.com/mm2/Little-CMS/commit/5ca71a7bc18b6897ab21d815d15e218e204581e2
-
-From 5ca71a7bc18b6897ab21d815d15e218e204581e2 Mon Sep 17 00:00:00 2001
-From: Marti <marti.maria@tktbrainpower.com>
-Date: Mon, 15 Aug 2016 23:31:39 +0200
-Subject: [PATCH] Added an extra check to MLU bounds
-
-Thanks to Ibrahim el-sayed for spotting the bug
----
- src/cmstypes.c | 1 +
- 1 file changed, 1 insertion(+)
-
-diff --git a/src/cmstypes.c b/src/cmstypes.c
-index cb61860..c7328b9 100644
---- a/src/cmstypes.c
-+++ b/src/cmstypes.c
-@@ -1460,6 +1460,7 @@ void *Type_MLU_Read(struct _cms_typehandler_struct* self, cmsIOHANDLER* io, cmsU
- 
-         // Check for overflow
-         if (Offset < (SizeOfHeader + 8)) goto Error;
-+        if ((Offset + Len) > SizeOfTag + 8) goto Error;
- 
-         // True begin of the string
-         BeginOfThisString = Offset - SizeOfHeader - 8;
--- 
-2.11.0
-
-- 
cgit v1.2.3