apply upstream fix related to CVE-2014-0459

Package-Manager: portage-2.2.8-r2/cvs/Linux x86_64
Manifest-Sign-Key: 0xBD3A97A3

3 files changed, 147 insertions, 1 deletions

diff --git a/media-libs/lcms/ChangeLog b/media-libs/lcms/ChangeLog
index e75ce384e1bd..da6f33e78b26 100644
--- a/media-libs/lcms/ChangeLog
+++ b/media-libs/lcms/ChangeLog
@@ -1,6 +1,12 @@
 # ChangeLog for media-libs/lcms
 # Copyright 1999-2014 Gentoo Foundation; Distributed under the GPL v2
-# $Header: /var/cvsroot/gentoo-x86/media-libs/lcms/ChangeLog,v 1.180 2014/10/23 20:52:58 jer Exp $
+# $Header: /var/cvsroot/gentoo-x86/media-libs/lcms/ChangeLog,v 1.181 2014/10/24 19:03:34 tamiko Exp $
+
+*lcms-2.6-r1 (24 Oct 2014)
+
+  24 Oct 2014; Matthias Maier <tamiko@gentoo.org>
+  +files/lcms-2.6-cve-2014-0459.patch, +lcms-2.6-r1.ebuild, lcms-2.6.ebuild:
+  apply upstream fix related to CVE-2014-0459
 
   23 Oct 2014; Jeroen Roovers <jer@gentoo.org> lcms-1.19-r3.ebuild,
   lcms-2.6.ebuild:
diff --git a/media-libs/lcms/files/lcms-2.6-cve-2014-0459.patch b/media-libs/lcms/files/lcms-2.6-cve-2014-0459.patch
new file mode 100644
index 000000000000..aa1b17b24083
--- /dev/null
+++ b/media-libs/lcms/files/lcms-2.6-cve-2014-0459.patch
@@ -0,0 +1,92 @@
+patch is directly taken from upstream at
+  https://github.com/mm2/Little-CMS/commit/74ba39195a0cf87c43f46a2fabd9c2168692822d
+original version
+  http://hg.openjdk.java.net/jdk8u/jdk8u/jdk/rev/d6739b8326a4
+cleaned from parts of an accidental commit of unrelated changes.
+
+--- a/src/cmscnvrt.c
++++ b/src/cmscnvrt.c
+@@ -1045,7 +1045,7 @@
+         if (TheIntents[i] == INTENT_PERCEPTUAL || TheIntents[i] == INTENT_SATURATION) {
+ 
+             // Force BPC for V4 profiles in perceptual and saturation
+-            if (cmsGetProfileVersion(hProfiles[i]) >= 4.0)
++            if (cmsGetEncodedICCversion(hProfiles[i]) >= 0x4000000)
+                 BPC[i] = TRUE;
+         }
+     }
+--- a/src/cmsintrp.c
++++ b/src/cmsintrp.c
+@@ -929,7 +929,7 @@
+ 
+                             Rest = c1 * rx + c2 * ry + c3 * rz;
+ 
+-                            Tmp1[OutChan] = (cmsUInt16Number) c0 + ROUND_FIXED_TO_INT(_cmsToFixedDomain(Rest));
++                            Tmp1[OutChan] = (cmsUInt16Number) ( c0 + ROUND_FIXED_TO_INT(_cmsToFixedDomain(Rest)));
+     }
+ 
+ 
+@@ -993,7 +993,7 @@
+ 
+                             Rest = c1 * rx + c2 * ry + c3 * rz;
+ 
+-                            Tmp2[OutChan] = (cmsUInt16Number) c0 + ROUND_FIXED_TO_INT(_cmsToFixedDomain(Rest));
++                            Tmp2[OutChan] = (cmsUInt16Number) (c0 + ROUND_FIXED_TO_INT(_cmsToFixedDomain(Rest)));
+     }
+ 
+ 
+--- a/src/cmsio0.c
++++ b/src/cmsio0.c
+@@ -623,6 +623,32 @@
+ }
+ 
+ 
++
++// Enforces that the profile version is per. spec.
++// Operates on the big endian bytes from the profile.
++// Called before converting to platform endianness.
++// Byte 0 is BCD major version, so max 9.
++// Byte 1 is 2 BCD digits, one per nibble.
++// Reserved bytes 2 & 3 must be 0.
++static 
++cmsUInt32Number _validatedVersion(cmsUInt32Number DWord)
++{
++    cmsUInt8Number* pByte = (cmsUInt8Number*) &DWord;
++    cmsUInt8Number temp1;
++    cmsUInt8Number temp2;
++
++    if (*pByte > 0x09) *pByte = (cmsUInt8Number) 0x09;
++    temp1 = *(pByte+1) & 0xf0;
++    temp2 = *(pByte+1) & 0x0f;
++    if (temp1 > 0x90) temp1 = 0x90;
++    if (temp2 > 0x09) temp2 = 0x09;
++    *(pByte+1) = (cmsUInt8Number)(temp1 | temp2);
++    *(pByte+2) = (cmsUInt8Number)0;
++    *(pByte+3) = (cmsUInt8Number)0;
++
++    return DWord;
++}
++
+ // Read profile header and validate it
+ cmsBool _cmsReadHeader(_cmsICCPROFILE* Icc)
+ {
+@@ -657,7 +683,7 @@
+     Icc -> creator         = _cmsAdjustEndianess32(Header.creator);
+     
+     _cmsAdjustEndianess64(&Icc -> attributes, &Header.attributes);
+-    Icc -> Version         = _cmsAdjustEndianess32(Header.version);
++    Icc -> Version         = _cmsAdjustEndianess32(_validatedVersion(Header.version));
+ 
+     // Get size as reported in header
+     HeaderSize = _cmsAdjustEndianess32(Header.size);
+--- a/src/cmsio1.c
++++ b/src/cmsio1.c
+@@ -906,7 +906,7 @@
+ {
+     if (!cmsWriteTag(hProfile, cmsSigProfileSequenceDescTag, seq)) return FALSE;
+ 
+-    if (cmsGetProfileVersion(hProfile) >= 4.0) {
++    if (cmsGetEncodedICCversion(hProfile) >= 0x4000000) {
+ 
+             if (!cmsWriteTag(hProfile, cmsSigProfileSequenceIdTag, seq)) return FALSE;
+     }
diff --git a/media-libs/lcms/lcms-2.6-r1.ebuild b/media-libs/lcms/lcms-2.6-r1.ebuild
new file mode 100644
index 000000000000..1bcdbc3c833a
--- /dev/null
+++ b/media-libs/lcms/lcms-2.6-r1.ebuild
@@ -0,0 +1,48 @@
+# Copyright 1999-2014 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+# $Header: /var/cvsroot/gentoo-x86/media-libs/lcms/lcms-2.6-r1.ebuild,v 1.1 2014/10/24 19:03:34 tamiko Exp $
+
+EAPI=5
+AUTOTOOLS_PRUNE_LIBTOOL_FILES="modules"
+inherit autotools-multilib
+
+DESCRIPTION="A lightweight, speed optimized color management engine"
+HOMEPAGE="http://www.littlecms.com/"
+SRC_URI="mirror://sourceforge/${PN}/lcms2-${PV}.tar.gz"
+
+LICENSE="MIT"
+SLOT="2"
+KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~s390 ~sh ~sparc ~x86 ~amd64-fbsd ~sparc-fbsd ~x86-fbsd ~x86-freebsd ~amd64-linux ~arm-linux ~x86-linux ~ppc-macos ~x64-macos ~x86-macos ~m68k-mint ~sparc-solaris ~x64-solaris ~x86-solaris"
+IUSE="doc jpeg static-libs +threads test tiff zlib"
+
+RDEPEND="jpeg? ( >=virtual/jpeg-0-r2:0[${MULTILIB_USEDEP}] )
+	tiff? ( >=media-libs/tiff-4.0.3-r6:0=[${MULTILIB_USEDEP}] )
+	zlib? ( >=sys-libs/zlib-1.2.8-r1:=[${MULTILIB_USEDEP}] )
+	abi_x86_32? (
+		!<=app-emulation/emul-linux-x86-baselibs-20130224-r10
+		!app-emulation/emul-linux-x86-baselibs[-abi_x86_32(-)]
+	)"
+DEPEND="${RDEPEND}"
+
+S=${WORKDIR}/lcms2-${PV}
+
+PATCHES=( "${FILESDIR}"/lcms-2.6-cve-2014-0459.patch )
+
+src_configure() {
+	local myeconfargs=(
+		$(use_with jpeg)
+		$(use_with tiff)
+		$(use_with zlib)
+		$(use_with threads)
+	)
+	autotools-multilib_src_configure
+}
+
+src_install() {
+	autotools-multilib_src_install
+
+	if use doc; then
+		docinto pdf
+		dodoc doc/*.pdf
+	fi
+}