Control: tags -1 + fixed Hi Oleksandr,
The lcms2 package seems to be in need of a bit of attention; the last maintainer upload was in 2011. Are you still interested in maintaining this package? Since there are a number of patches sitting in the BTS, one of which is blocking me on being able to do some alpha porting work, I've prepared a roll-up NMU to fix these various issues. The NMU debdiff is attached. Because of the age and severity of these issues (including serious security bugs), I am uploading this directly to incoming as a 0-day NMU. Bug #701993 suggests that the package is in need of more attention than just NMUs, however. Hopefully you can find the time to update the package to a new upstream version, or if you don't have time, perhaps you can consider orphaning it. Cheers, -- Steve Langasek Give me a lever long enough and a Free OS Debian Developer to set it on, and I can move the world. Ubuntu Developer http://www.debian.org/ slanga...@ubuntu.com vor...@debian.org
diff -Nru lcms2-2.2+git20110628/debian/changelog lcms2-2.2+git20110628/debian/changelog --- lcms2-2.2+git20110628/debian/changelog 2012-05-23 03:58:04.000000000 +0000 +++ lcms2-2.2+git20110628/debian/changelog 2013-10-06 21:34:38.000000000 +0000 @@ -1,3 +1,27 @@ +lcms2 (2.2+git20110628-2.3) unstable; urgency=low + + * Non-maintainer upload. + * debian/patches/sparc64-ftbfs: align blocks according to host + requirements. Thanks to Aurelien Jarno <aure...@debian.org>. + Closes: #647220. + * debian/patches/fix-cmsnamed-alignment-issue.patch: fix alignment + issues when casting chars to shorts. Thanks to Michael Cree + <mc...@orcon.net.nz>. Closes: #644473. + * Apply security fixes from IcedTea (Closes: #714529, CVE-2013-4160): + - debian/patches/ojdk-8007925+8007926.patch: Improve + cmsStageAllocLabV2ToV4curves. Improve cmsPipelineDup. + - debian/patches/ojdk-8007927.patch: Improve + cmsAllocProfileSequenceDescription. + - debian/patches/ojdk-8007929.patch: Improve CurvesAlloc. + - debian/patches/ojdk-8009654.patch: Improve stability of cmsnamed. + * Build-depend on libtiff-dev instead of libtiff4-dev, to facilitate future + library transitions. Thanks to Michael Terry <michael.te...@canonical.com> + for the patch. Closes: #681904. + * Fix a typo in the liblcms2-utils package description. Thanks to + Paolo Scarabelli <pa...@msw.it>. Closes: #640084. + + -- Steve Langasek <vor...@debian.org> Sun, 06 Oct 2013 12:38:01 -0700 + lcms2 (2.2+git20110628-2.2) unstable; urgency=low * Non-maintainer upload. diff -Nru lcms2-2.2+git20110628/debian/control lcms2-2.2+git20110628/debian/control --- lcms2-2.2+git20110628/debian/control 2012-05-24 16:27:05.000000000 +0000 +++ lcms2-2.2+git20110628/debian/control 2013-10-06 21:32:35.000000000 +0000 @@ -2,7 +2,7 @@ Section: libs Priority: optional Maintainer: Oleksandr Moskalenko <ma...@debian.org> -Build-Depends: debhelper (>= 9), dpkg-dev (>= 1.16.0), autotools-dev, libjpeg-dev, libtiff4-dev, zlib1g-dev, quilt +Build-Depends: debhelper (>= 9), dpkg-dev (>= 1.16.0), autotools-dev, libjpeg-dev, libtiff-dev, zlib1g-dev, quilt Standards-Version: 3.9.2 Homepage: http://www.littlecms.com/ #Vcs-Git: git://git.debian.org/collab-maint/liblcms2.git @@ -41,7 +41,7 @@ Section: utils Architecture: any Depends: ${shlibs:Depends}, ${misc:Depends} -Description: Little CMS 2 olor management library +Description: Little CMS 2 color management library LittleCMS 2 intends to be a small-footprint color management engine, with special focus on accuracy and performance. It uses the International Color Consortium standard (ICC) of color management. LittleCMS 2 is a full diff -Nru lcms2-2.2+git20110628/debian/patches/fix-cmsnamed-alignment-issue.patch lcms2-2.2+git20110628/debian/patches/fix-cmsnamed-alignment-issue.patch --- lcms2-2.2+git20110628/debian/patches/fix-cmsnamed-alignment-issue.patch 1970-01-01 00:00:00.000000000 +0000 +++ lcms2-2.2+git20110628/debian/patches/fix-cmsnamed-alignment-issue.patch 2013-10-06 21:09:47.000000000 +0000 @@ -0,0 +1,125 @@ +Author: Michael Cree <mc...@orcon.net.nz> +Description: fix alignment issues when casting chars to shorts + On alpha, we want our unsigned shorts to be 16-bit aligned; when casting + from a char * to an unsigned short *, this is not guaranteed, as the char * + may be only 8-bit aligned. So make the appropriate alignment fix-ups in + the relevant functions, fixing a FTBFS on alpha. +Bug-Debian: http://bugs.debian.org/644473 + +--- lcms2-2.2+git20110628/src/cmsnamed.c 2011-06-28 16:20:02.000000000 +1200 ++++ lcms2-2.2+git20110628-new/src/cmsnamed.c 2011-10-05 22:41:05.000000000 +1300 +@@ -185,8 +185,19 @@ + cmsUInt32Number i, len = (cmsUInt32Number) strlen(ASCIIString)+1; + wchar_t* WStr; + cmsBool rc; +- cmsUInt16Number Lang = _cmsAdjustEndianess16(*(cmsUInt16Number*) LanguageCode); +- cmsUInt16Number Cntry = _cmsAdjustEndianess16(*(cmsUInt16Number*) CountryCode); ++ union { ++ cmsUInt16Number uint16; ++ char str[2]; ++ } code_convert; ++ cmsUInt16Number Lang; ++ cmsUInt16Number Cntry; ++ ++ code_convert.str[0] = LanguageCode[0]; ++ code_convert.str[1] = LanguageCode[1]; ++ Lang = _cmsAdjustEndianess16(code_convert.uint16); ++ code_convert.str[0] = CountryCode[0]; ++ code_convert.str[1] = CountryCode[1]; ++ Cntry = _cmsAdjustEndianess16(code_convert.uint16); + + if (mlu == NULL) return FALSE; + +@@ -220,10 +231,21 @@ + // Add a wide entry + cmsBool CMSEXPORT cmsMLUsetWide(cmsMLU* mlu, const char Language[3], const char Country[3], const wchar_t* WideString) + { +- cmsUInt16Number Lang = _cmsAdjustEndianess16(*(cmsUInt16Number*) Language); +- cmsUInt16Number Cntry = _cmsAdjustEndianess16(*(cmsUInt16Number*) Country); + cmsUInt32Number len; +- ++ union { ++ cmsUInt16Number uint16; ++ char str[2]; ++ } code_convert; ++ cmsUInt16Number Lang; ++ cmsUInt16Number Cntry; ++ ++ code_convert.str[0] = Language[0]; ++ code_convert.str[1] = Language[1]; ++ Lang = _cmsAdjustEndianess16(code_convert.uint16); ++ code_convert.str[0] = Country[0]; ++ code_convert.str[1] = Country[1]; ++ Cntry = _cmsAdjustEndianess16(code_convert.uint16); ++ + if (mlu == NULL) return FALSE; + if (WideString == NULL) return FALSE; + +@@ -350,8 +372,19 @@ + cmsUInt32Number StrLen = 0; + cmsUInt32Number ASCIIlen, i; + +- cmsUInt16Number Lang = _cmsAdjustEndianess16(*(cmsUInt16Number*) LanguageCode); +- cmsUInt16Number Cntry = _cmsAdjustEndianess16(*(cmsUInt16Number*) CountryCode); ++ union { ++ cmsUInt16Number uint16; ++ char str[2]; ++ } code_convert; ++ cmsUInt16Number Lang; ++ cmsUInt16Number Cntry; ++ ++ code_convert.str[0] = LanguageCode[0]; ++ code_convert.str[1] = LanguageCode[1]; ++ Lang = _cmsAdjustEndianess16(code_convert.uint16); ++ code_convert.str[0] = CountryCode[0]; ++ code_convert.str[1] = CountryCode[1]; ++ Cntry = _cmsAdjustEndianess16(code_convert.uint16); + + // Sanitize + if (mlu == NULL) return 0; +@@ -394,8 +427,19 @@ + const wchar_t *Wide; + cmsUInt32Number StrLen = 0; + +- cmsUInt16Number Lang = _cmsAdjustEndianess16(*(cmsUInt16Number*) LanguageCode); +- cmsUInt16Number Cntry = _cmsAdjustEndianess16(*(cmsUInt16Number*) CountryCode); ++ union { ++ cmsUInt16Number uint16; ++ char str[2]; ++ } code_convert; ++ cmsUInt16Number Lang; ++ cmsUInt16Number Cntry; ++ ++ code_convert.str[0] = LanguageCode[0]; ++ code_convert.str[1] = LanguageCode[1]; ++ Lang = _cmsAdjustEndianess16(code_convert.uint16); ++ code_convert.str[0] = CountryCode[0]; ++ code_convert.str[1] = CountryCode[1]; ++ Cntry = _cmsAdjustEndianess16(code_convert.uint16); + + // Sanitize + if (mlu == NULL) return 0; +@@ -426,10 +470,19 @@ + char ObtainedLanguage[3], char ObtainedCountry[3]) + { + const wchar_t *Wide; +- +- cmsUInt16Number Lang = _cmsAdjustEndianess16(*(cmsUInt16Number*) LanguageCode); +- cmsUInt16Number Cntry = _cmsAdjustEndianess16(*(cmsUInt16Number*) CountryCode); +- cmsUInt16Number ObtLang, ObtCode; ++ cmsUInt16Number ObtLang, ObtCode; ++ ++ union { ++ cmsUInt16Number uint16; ++ char str[3]; ++ } code_convert; ++ cmsUInt16Number Lang; ++ cmsUInt16Number Cntry; ++ ++ strcpy(code_convert.str, LanguageCode); ++ Lang = _cmsAdjustEndianess16(code_convert.uint16); ++ strcpy(code_convert.str, CountryCode); ++ Cntry = _cmsAdjustEndianess16(code_convert.uint16); + + // Sanitize + if (mlu == NULL) return FALSE; diff -Nru lcms2-2.2+git20110628/debian/patches/ojdk-8007925+8007926.patch lcms2-2.2+git20110628/debian/patches/ojdk-8007925+8007926.patch --- lcms2-2.2+git20110628/debian/patches/ojdk-8007925+8007926.patch 1970-01-01 00:00:00.000000000 +0000 +++ lcms2-2.2+git20110628/debian/patches/ojdk-8007925+8007926.patch 2013-10-06 21:09:47.000000000 +0000 @@ -0,0 +1,28 @@ +# HG changeset patch +# Date 1364497268 -14400 +# Node ID 56f01b89d8b8f7e2cbc651dccbd904b45698be24 +# Parent 09c14ca57ff092cd304a4e29f9398176255a72ab +8007925: Improve cmsStageAllocLabV2ToV4curves +8007926: Improve cmsPipelineDup + +Index: lcms2-2.2+git20110628/src/cmslut.c +=================================================================== +--- lcms2-2.2+git20110628.orig/src/cmslut.c 2011-06-27 23:20:02.000000000 -0500 ++++ lcms2-2.2+git20110628/src/cmslut.c 2013-07-01 10:51:20.000000000 -0500 +@@ -980,6 +980,7 @@ + mpe = cmsStageAllocToneCurves(ContextID, 3, LabTable); + cmsFreeToneCurveTriple(LabTable); + ++ if (mpe == NULL) return mpe; + mpe ->Implements = cmsSigLabV2toV4; + return mpe; + } +@@ -1291,6 +1292,8 @@ + if (lut == NULL) return NULL; + + NewLUT = cmsPipelineAlloc(lut ->ContextID, lut ->InputChannels, lut ->OutputChannels); ++ if (NewLUT == NULL) return NULL; ++ + for (mpe = lut ->Elements; + mpe != NULL; + mpe = mpe ->Next) { diff -Nru lcms2-2.2+git20110628/debian/patches/ojdk-8007927.patch lcms2-2.2+git20110628/debian/patches/ojdk-8007927.patch --- lcms2-2.2+git20110628/debian/patches/ojdk-8007927.patch 1970-01-01 00:00:00.000000000 +0000 +++ lcms2-2.2+git20110628/debian/patches/ojdk-8007927.patch 2013-10-06 21:09:47.000000000 +0000 @@ -0,0 +1,22 @@ +# HG changeset patch +# User bae +# Date 1363852330 -14400 +# Node ID 4047e9efcbd0966d8cc15d51f9b25ae5b141e239 +# Parent a7299af2af32c38eef541180e26f4aac7d79bff8 +8007927: Improve cmsAllocProfileSequenceDescription + +Index: lcms2-2.2+git20110628/src/cmsnamed.c +=================================================================== +--- lcms2-2.2+git20110628.orig/src/cmsnamed.c 2013-07-01 11:02:26.000000000 -0500 ++++ lcms2-2.2+git20110628/src/cmsnamed.c 2013-07-01 11:03:56.000000000 -0500 +@@ -698,6 +702,10 @@ + Seq -> seq = (cmsPSEQDESC*) _cmsCalloc(ContextID, n, sizeof(cmsPSEQDESC)); + Seq -> n = n; + ++ if (Seq -> seq == NULL) { ++ _cmsFree(ContextID, Seq); ++ return NULL; ++ } + + for (i=0; i < n; i++) { + Seq -> seq[i].Manufacturer = NULL; diff -Nru lcms2-2.2+git20110628/debian/patches/ojdk-8007929.patch lcms2-2.2+git20110628/debian/patches/ojdk-8007929.patch --- lcms2-2.2+git20110628/debian/patches/ojdk-8007929.patch 1970-01-01 00:00:00.000000000 +0000 +++ lcms2-2.2+git20110628/debian/patches/ojdk-8007929.patch 2013-10-06 21:09:47.000000000 +0000 @@ -0,0 +1,27 @@ +# HG changeset patch +# User bae +# Date 1363852924 -14400 +# Node ID 2c71b4f2104b4951376604d50d5ecd176cd5acc7 +# Parent 4047e9efcbd0966d8cc15d51f9b25ae5b141e239 +8007929: Improve CurvesAlloc + +Index: lcms2-2.2+git20110628/src/cmsopt.c +=================================================================== +--- lcms2-2.2+git20110628.orig/src/cmsopt.c 2013-07-01 10:54:09.000000000 -0500 ++++ lcms2-2.2+git20110628/src/cmsopt.c 2013-07-01 10:54:09.000000000 -0500 +@@ -1135,6 +1135,15 @@ + for (i=0; i < nCurves; i++) { + + c16->Curves[i] = _cmsCalloc(ContextID, nElements, sizeof(cmsUInt16Number)); ++ if (c16->Curves[i] == NULL) { ++ for (j=0; j < i; j++) { ++ _cmsFree(ContextID, c16->Curves[j]); ++ } ++ _cmsFree(ContextID, c16->Curves); ++ _cmsFree(ContextID, c16); ++ ++ return NULL; ++ } + + if (nElements == 256) { + diff -Nru lcms2-2.2+git20110628/debian/patches/ojdk-8009654.patch lcms2-2.2+git20110628/debian/patches/ojdk-8009654.patch --- lcms2-2.2+git20110628/debian/patches/ojdk-8009654.patch 1970-01-01 00:00:00.000000000 +0000 +++ lcms2-2.2+git20110628/debian/patches/ojdk-8009654.patch 2013-10-06 21:09:47.000000000 +0000 @@ -0,0 +1,40 @@ +# HG changeset patch +# User bae +# Date 1364538631 -14400 +# Node ID 8718da8c36f3c265f4ee3a3410ed7e9b116283a7 +# Parent cc656d61e7135d43cd8908a8ef8ceae66ca0d462 +8009654: Improve stability of cmsnamed + +Index: lcms2-2.2+git20110628/src/cmsnamed.c +=================================================================== +--- lcms2-2.2+git20110628.orig/src/cmsnamed.c 2013-07-01 11:43:05.000000000 -0500 ++++ lcms2-2.2+git20110628/src/cmsnamed.c 2013-07-01 11:44:10.000000000 -0500 +@@ -488,8 +488,10 @@ + while (v -> Allocated < n) + GrowNamedColorList(v); + +- strncpy(v ->Prefix, Prefix, sizeof(v ->Prefix)); +- strncpy(v ->Suffix, Suffix, sizeof(v ->Suffix)); ++ strncpy(v ->Prefix, Prefix, sizeof(v ->Prefix) - 1); ++ strncpy(v ->Suffix, Suffix, sizeof(v ->Suffix) - 1); ++ v->Prefix[sizeof(v ->Prefix) - 1] = v->Suffix[sizeof(v ->Suffix) - 1] = 0; ++ + v -> ColorantCount = ColorantCount; + + return v; +@@ -543,10 +545,12 @@ + for (i=0; i < 3; i++) + NamedColorList ->List[NamedColorList ->nColors].PCS[i] = PCS == NULL ? 0 : PCS[i]; + +- if (Name != NULL) ++ if (Name != NULL) { + strncpy(NamedColorList ->List[NamedColorList ->nColors].Name, Name, +- sizeof(NamedColorList ->List[NamedColorList ->nColors].Name)); +- else ++ sizeof(NamedColorList ->List[NamedColorList ->nColors].Name) - 1); ++ NamedColorList ->List[NamedColorList ->nColors]. ++ Name[sizeof(NamedColorList ->List[NamedColorList ->nColors].Name) - 1] = 0; ++ } else + NamedColorList ->List[NamedColorList ->nColors].Name[0] = 0; + + diff -Nru lcms2-2.2+git20110628/debian/patches/series lcms2-2.2+git20110628/debian/patches/series --- lcms2-2.2+git20110628/debian/patches/series 2012-03-06 17:21:12.000000000 +0000 +++ lcms2-2.2+git20110628/debian/patches/series 2013-10-06 21:09:47.000000000 +0000 @@ -1,2 +1,8 @@ tificc.1 jpgicc.1 +sparc64-ftbfs +fix-cmsnamed-alignment-issue.patch +ojdk-8007925+8007926.patch +ojdk-8007927.patch +ojdk-8007929.patch +ojdk-8009654.patch diff -Nru lcms2-2.2+git20110628/debian/patches/sparc64-ftbfs lcms2-2.2+git20110628/debian/patches/sparc64-ftbfs --- lcms2-2.2+git20110628/debian/patches/sparc64-ftbfs 1970-01-01 00:00:00.000000000 +0000 +++ lcms2-2.2+git20110628/debian/patches/sparc64-ftbfs 2013-10-06 21:09:47.000000000 +0000 @@ -0,0 +1,19 @@ +Author: Aurelien Jarno <aure...@debian.org> +Description: align blocks according to host requirements + When aligning pointers, we need them to be aligned according to the host + system requirements, not the I/O alignment in ICC files, to avoid SIGBUS. +Bug-Debian: http://bugs.debian.org/647220 + +Index: lcms2-2.2+git20110628/src/cmscgats.c +=================================================================== +--- lcms2-2.2+git20110628.orig/src/cmscgats.c 2011-06-27 21:20:02.000000000 -0700 ++++ lcms2-2.2+git20110628/src/cmscgats.c 2013-10-06 12:36:37.000000000 -0700 +@@ -982,7 +982,7 @@ + cmsUInt32Number Free = it8 ->Allocator.BlockSize - it8 ->Allocator.Used; + cmsUInt8Number* ptr; + +- size = _cmsALIGNLONG(size); ++ size = (size + (sizeof(void *) - 1)) & ~(sizeof(void *) - 1); + + if (size > Free) { +
signature.asc
Description: Digital signature
