lcms2: upgrade to release 2.9

... at least, that's the plan - this is harder than it appears, as the upstream maintainer appears to have released version 2.9 at least 3 times: - Fedora has a file evidently downloaded before Nov. 17 with SHA512 of e30ad5a9a1ab9e7aaace9431434caa19a5ff6143db46644aba971a5ee37a265b26bf738e886d766405a7eb45a9d620d67c7ab3684ace86a107cf5a76642c04a5 - Gentoo has a file evidently downloaded before Nov. 19 with SHA256 of d4ad6f8718f7f9dc8b2a3276c9f237aa3f5eccdcf98b86dedc4262d8a1e7f009 - Debian has a file evidently downloaded before Dec. 17 with SHA256 of 48c6fdf98396fa245ed86e622028caf49b96fa22f3e5734f853f806fbc8e7d20 The lcms2-2.9.tar.gz available from sourceforge currently matches the one Debian has, so let's use it. * 0017-Upgrade-Visual-studio-2017-15.8.patch added (fixing CVE-2018-16435) * 0001-Added-an-extra-check-to-MLU-bounds.patch.1 removed (fixed upstream) Change-Id: Iab8dada8f6d77d5b2da8560993380b3332bc02f6 Reviewed-on: https://gerrit.libreoffice.org/66400 Tested-by: Jenkins Reviewed-by: Michael Stahl <Michael.Stahl@cib.de> (cherry picked from commit 99b20e589e64fbcf374d84ae68911ef2a96e537c) Reviewed-on: https://gerrit.libreoffice.org/66428 Reviewed-by: Caolán McNamara <caolanm@redhat.com> Tested-by: Caolán McNamara <caolanm@redhat.com>
author: Michael Stahl <Michael.Stahl@cib.de> 2019-01-15 17:05:00 +0100
committer: Caolán McNamara <caolanm@redhat.com> 2019-01-16 12:47:35 +0100
commit: 5d6a91c4df0ea51bb32794ff6068fa19bda44307 (patch)
tree: 697c5bc26b38d9a30405bfd954c569b63d156923
parent: b5698ac28a8a79105edf28ffc1db19bbcbecda3a (diff)
4 files changed, 175 insertions, 28 deletions
diff --git a/download.lst b/download.lst
index 64b29fc1b704..636ae693f599 100644
--- a/download.lst
+++ b/download.lst
@@ -134,8 +134,8 @@ export LANGTAGREG_SHA256SUM := 14c21f4533ca74e3af9e09184d6756a750d0cd46099015ba8
 export LANGTAGREG_TARBALL := language-subtag-registry-2018-04-23.tar.bz2
 export LANGUAGETOOL_SHA256SUM := 48c87e41636783bba438b65fd895821e369ed139e1465fac654323ad93c5a82d
 export LANGUAGETOOL_TARBALL := b63e6340a02ff1cacfeadb2c42286161-JLanguageTool-1.7.0.tar.bz2
-export LCMS2_SHA256SUM := 66d02b229d2ea9474e62c2b6cd6720fde946155cd1d0d2bffdab829790a0fb22
-export LCMS2_TARBALL := lcms2-2.8.tar.gz
+export LCMS2_SHA256SUM := 48c6fdf98396fa245ed86e622028caf49b96fa22f3e5734f853f806fbc8e7d20
+export LCMS2_TARBALL := lcms2-2.9.tar.gz
 export LIBASSUAN_SHA256SUM := 47f96c37b4f2aac289f0bc1bacfa8bd8b4b209a488d3d15e2229cb6cc9b26449
 export LIBASSUAN_TARBALL := libassuan-2.5.1.tar.bz2
 export LIBATOMIC_OPS_SHA256SUM := cf5c52f08a2067ae4fe7c8919e3c1ccf3ee917f1749e0bcc7efffff59c68d9ad
diff --git a/external/lcms2/0001-Added-an-extra-check-to-MLU-bounds.patch.1 b/external/lcms2/0001-Added-an-extra-check-to-MLU-bounds.patch.1
deleted file mode 100644
index 913f82887cb2..000000000000
--- a/external/lcms2/0001-Added-an-extra-check-to-MLU-bounds.patch.1
+++ /dev/null
@@ -1,25 +0,0 @@
-From 5ca71a7bc18b6897ab21d815d15e218e204581e2 Mon Sep 17 00:00:00 2001
-From: Marti <marti.maria@tktbrainpower.com>
-Date: Mon, 15 Aug 2016 23:31:39 +0200
-Subject: [PATCH] Added an extra check to MLU bounds
-
-Thanks to Ibrahim el-sayed for spotting the bug
----
- src/cmstypes.c | 1 +
- 1 file changed, 1 insertion(+)
-
-diff --git a/src/cmstypes.c b/src/cmstypes.c
-index cb61860..c7328b9 100644
---- a/src/cmstypes.c
-+++ b/src/cmstypes.c
-@@ -1460,6 +1460,7 @@ void *Type_MLU_Read(struct _cms_typehandler_struct* self, cmsIOHANDLER* io, cmsU
- 
-         // Check for overflow
-         if (Offset < (SizeOfHeader + 8)) goto Error;
-+        if ((Offset + Len) > SizeOfTag + 8) goto Error;
- 
-         // True begin of the string
-         BeginOfThisString = Offset - SizeOfHeader - 8;
--- 
-2.7.4
-
diff --git a/external/lcms2/0017-Upgrade-Visual-studio-2017-15.8.patch.1 b/external/lcms2/0017-Upgrade-Visual-studio-2017-15.8.patch.1
new file mode 100644
index 000000000000..f616e6d38239
--- /dev/null
+++ b/external/lcms2/0017-Upgrade-Visual-studio-2017-15.8.patch.1
@@ -0,0 +1,172 @@
+From 768f70ca405cd3159d990e962d54456773bb8cf8 Mon Sep 17 00:00:00 2001
+From: Marti Maria <info@littlecms.com>
+Date: Wed, 15 Aug 2018 20:07:56 +0200
+Subject: [PATCH 17/18] Upgrade Visual studio 2017 15.8
+
+- Upgrade to 15.8
+- Add check on CGATS memory allocation (thanks to Quang Nguyen for
+pointing out this)
+---
+ Projects/VC2017/jpegicc/jpegicc.vcxproj           |  1 +
+ Projects/VC2017/lcms2_DLL/lcms2_DLL.vcxproj       |  2 +-
+ Projects/VC2017/lcms2_static/lcms2_static.vcxproj |  2 +-
+ Projects/VC2017/linkicc/linkicc.vcxproj           |  2 +-
+ Projects/VC2017/psicc/psicc.vcxproj               |  2 +-
+ Projects/VC2017/testbed/testbed.vcxproj           |  2 +-
+ Projects/VC2017/tiffdiff/tiffdiff.vcxproj         |  2 +-
+ Projects/VC2017/tifficc/tifficc.vcxproj           |  2 +-
+ Projects/VC2017/transicc/transicc.vcxproj         |  1 +
+ src/cmscgats.c                                    | 14 ++++++++++----
+ 10 files changed, 19 insertions(+), 11 deletions(-)
+
+diff --git a/Projects/VC2017/jpegicc/jpegicc.vcxproj b/Projects/VC2017/jpegicc/jpegicc.vcxproj
+index ab26a53..39cfd00 100644
+--- a/Projects/VC2017/jpegicc/jpegicc.vcxproj
++++ b/Projects/VC2017/jpegicc/jpegicc.vcxproj
+@@ -22,6 +22,7 @@
+     <ProjectGuid>{62812507-F926-4968-96A9-17678460AD90}</ProjectGuid>
+     <RootNamespace>jpegicc</RootNamespace>
+     <Keyword>Win32Proj</Keyword>
++    <WindowsTargetPlatformVersion>10.0.17134.0</WindowsTargetPlatformVersion>
+   </PropertyGroup>
+   <Import Project="$(VCTargetsPath)\Microsoft.Cpp.Default.props" />
+   <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|Win32'" Label="Configuration">
+diff --git a/Projects/VC2017/lcms2_DLL/lcms2_DLL.vcxproj b/Projects/VC2017/lcms2_DLL/lcms2_DLL.vcxproj
+index 4c8aa3f..d1bf3eb 100644
+--- a/Projects/VC2017/lcms2_DLL/lcms2_DLL.vcxproj
++++ b/Projects/VC2017/lcms2_DLL/lcms2_DLL.vcxproj
+@@ -22,7 +22,7 @@
+     <ProjectGuid>{8C51BE48-ADB8-4089-A9EC-F6BF993A0548}</ProjectGuid>
+     <RootNamespace>lcms2_DLL</RootNamespace>
+     <Keyword>Win32Proj</Keyword>
+-    <WindowsTargetPlatformVersion>8.1</WindowsTargetPlatformVersion>
++    <WindowsTargetPlatformVersion>10.0.17134.0</WindowsTargetPlatformVersion>
+   </PropertyGroup>
+   <Import Project="$(VCTargetsPath)\Microsoft.Cpp.Default.props" />
+   <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|Win32'" Label="Configuration">
+diff --git a/Projects/VC2017/lcms2_static/lcms2_static.vcxproj b/Projects/VC2017/lcms2_static/lcms2_static.vcxproj
+index 2a9988a..9fc05ce 100644
+--- a/Projects/VC2017/lcms2_static/lcms2_static.vcxproj
++++ b/Projects/VC2017/lcms2_static/lcms2_static.vcxproj
+@@ -22,7 +22,7 @@
+     <ProjectGuid>{71DEDE59-3F1E-486B-A899-4283000F76B5}</ProjectGuid>
+     <RootNamespace>lcms2_static</RootNamespace>
+     <Keyword>Win32Proj</Keyword>
+-    <WindowsTargetPlatformVersion>8.1</WindowsTargetPlatformVersion>
++    <WindowsTargetPlatformVersion>10.0.17134.0</WindowsTargetPlatformVersion>
+   </PropertyGroup>
+   <Import Project="$(VCTargetsPath)\Microsoft.Cpp.Default.props" />
+   <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|Win32'" Label="Configuration">
+diff --git a/Projects/VC2017/linkicc/linkicc.vcxproj b/Projects/VC2017/linkicc/linkicc.vcxproj
+index 30c2b4e..51586dd 100644
+--- a/Projects/VC2017/linkicc/linkicc.vcxproj
++++ b/Projects/VC2017/linkicc/linkicc.vcxproj
+@@ -22,7 +22,7 @@
+     <ProjectGuid>{FBFBE1DC-DB84-4BA1-9552-B4780F457849}</ProjectGuid>
+     <RootNamespace>linkicc</RootNamespace>
+     <Keyword>Win32Proj</Keyword>
+-    <WindowsTargetPlatformVersion>8.1</WindowsTargetPlatformVersion>
++    <WindowsTargetPlatformVersion>10.0.17134.0</WindowsTargetPlatformVersion>
+   </PropertyGroup>
+   <Import Project="$(VCTargetsPath)\Microsoft.Cpp.Default.props" />
+   <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|Win32'" Label="Configuration">
+diff --git a/Projects/VC2017/psicc/psicc.vcxproj b/Projects/VC2017/psicc/psicc.vcxproj
+index 9dcf89a..8f26e12 100644
+--- a/Projects/VC2017/psicc/psicc.vcxproj
++++ b/Projects/VC2017/psicc/psicc.vcxproj
+@@ -22,7 +22,7 @@
+     <ProjectGuid>{EF6A8851-65FE-46F5-B9EF-14F0B671F693}</ProjectGuid>
+     <RootNamespace>psicc</RootNamespace>
+     <Keyword>Win32Proj</Keyword>
+-    <WindowsTargetPlatformVersion>8.1</WindowsTargetPlatformVersion>
++    <WindowsTargetPlatformVersion>10.0.17134.0</WindowsTargetPlatformVersion>
+   </PropertyGroup>
+   <Import Project="$(VCTargetsPath)\Microsoft.Cpp.Default.props" />
+   <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|Win32'" Label="Configuration">
+diff --git a/Projects/VC2017/testbed/testbed.vcxproj b/Projects/VC2017/testbed/testbed.vcxproj
+index 0af3762..3f6aea3 100644
+--- a/Projects/VC2017/testbed/testbed.vcxproj
++++ b/Projects/VC2017/testbed/testbed.vcxproj
+@@ -22,7 +22,7 @@
+     <ProjectGuid>{928A3A2B-46EF-4279-959C-513B3652FF0E}</ProjectGuid>
+     <RootNamespace>testbed</RootNamespace>
+     <Keyword>Win32Proj</Keyword>
+-    <WindowsTargetPlatformVersion>8.1</WindowsTargetPlatformVersion>
++    <WindowsTargetPlatformVersion>10.0.17134.0</WindowsTargetPlatformVersion>
+   </PropertyGroup>
+   <Import Project="$(VCTargetsPath)\Microsoft.Cpp.Default.props" />
+   <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|Win32'" Label="Configuration">
+diff --git a/Projects/VC2017/tiffdiff/tiffdiff.vcxproj b/Projects/VC2017/tiffdiff/tiffdiff.vcxproj
+index 7edfe28..3a6d837 100644
+--- a/Projects/VC2017/tiffdiff/tiffdiff.vcxproj
++++ b/Projects/VC2017/tiffdiff/tiffdiff.vcxproj
+@@ -22,7 +22,7 @@
+     <ProjectGuid>{75B91835-CCD7-48BE-A606-A9C997D5DBEE}</ProjectGuid>
+     <RootNamespace>tiffdiff</RootNamespace>
+     <Keyword>Win32Proj</Keyword>
+-    <WindowsTargetPlatformVersion>8.1</WindowsTargetPlatformVersion>
++    <WindowsTargetPlatformVersion>10.0.17134.0</WindowsTargetPlatformVersion>
+   </PropertyGroup>
+   <Import Project="$(VCTargetsPath)\Microsoft.Cpp.Default.props" />
+   <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|Win32'" Label="Configuration">
+diff --git a/Projects/VC2017/tifficc/tifficc.vcxproj b/Projects/VC2017/tifficc/tifficc.vcxproj
+index cd9f04c..5ef954f 100644
+--- a/Projects/VC2017/tifficc/tifficc.vcxproj
++++ b/Projects/VC2017/tifficc/tifficc.vcxproj
+@@ -22,7 +22,7 @@
+     <ProjectGuid>{2256DE16-ED92-4A6F-9C54-F65BB61E64A2}</ProjectGuid>
+     <RootNamespace>tifficc</RootNamespace>
+     <Keyword>Win32Proj</Keyword>
+-    <WindowsTargetPlatformVersion>8.1</WindowsTargetPlatformVersion>
++    <WindowsTargetPlatformVersion>10.0.17134.0</WindowsTargetPlatformVersion>
+   </PropertyGroup>
+   <Import Project="$(VCTargetsPath)\Microsoft.Cpp.Default.props" />
+   <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|Win32'" Label="Configuration">
+diff --git a/Projects/VC2017/transicc/transicc.vcxproj b/Projects/VC2017/transicc/transicc.vcxproj
+index d9b77c6..b3173d8 100644
+--- a/Projects/VC2017/transicc/transicc.vcxproj
++++ b/Projects/VC2017/transicc/transicc.vcxproj
+@@ -22,6 +22,7 @@
+     <ProjectGuid>{9EE22D66-C849-474C-9ED5-C3E141DAB160}</ProjectGuid>
+     <RootNamespace>transicc</RootNamespace>
+     <Keyword>Win32Proj</Keyword>
++    <WindowsTargetPlatformVersion>10.0.17134.0</WindowsTargetPlatformVersion>
+   </PropertyGroup>
+   <Import Project="$(VCTargetsPath)\Microsoft.Cpp.Default.props" />
+   <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|Win32'" Label="Configuration">
+diff --git a/src/cmscgats.c b/src/cmscgats.c
+index 1a87613..8c3e96d 100644
+--- a/src/cmscgats.c
++++ b/src/cmscgats.c
+@@ -1,7 +1,7 @@
+ //---------------------------------------------------------------------------------
+ //
+ //  Little Color Management System
+-//  Copyright (c) 1998-2017 Marti Maria Saguer
++//  Copyright (c) 1998-2018 Marti Maria Saguer
+ //
+ // Permission is hereby granted, free of charge, to any person obtaining
+ // a copy of this software and associated documentation files (the "Software"),
+@@ -1506,10 +1506,16 @@ void AllocateDataSet(cmsIT8* it8)
+     t-> nSamples   = atoi(cmsIT8GetProperty(it8, "NUMBER_OF_FIELDS"));
+     t-> nPatches   = atoi(cmsIT8GetProperty(it8, "NUMBER_OF_SETS"));
+ 
+-    t-> Data = (char**)AllocChunk (it8, ((cmsUInt32Number) t->nSamples + 1) * ((cmsUInt32Number) t->nPatches + 1) *sizeof (char*));
+-    if (t->Data == NULL) {
++    if (t -> nSamples < 0 || t->nSamples > 0x7ffe || t->nPatches < 0 || t->nPatches > 0x7ffe)
++    {
++        SynError(it8, "AllocateDataSet: too much data");
++    }
++    else {
++        t->Data = (char**)AllocChunk(it8, ((cmsUInt32Number)t->nSamples + 1) * ((cmsUInt32Number)t->nPatches + 1) * sizeof(char*));
++        if (t->Data == NULL) {
+ 
+-        SynError(it8, "AllocateDataSet: Unable to allocate data array");
++            SynError(it8, "AllocateDataSet: Unable to allocate data array");
++        }
+     }
+ 
+ }
+-- 
+2.17.1
+
diff --git a/external/lcms2/UnpackedTarball_lcms2.mk b/external/lcms2/UnpackedTarball_lcms2.mk
index 01d04802c739..c5e1839cfccc 100644
--- a/external/lcms2/UnpackedTarball_lcms2.mk
+++ b/external/lcms2/UnpackedTarball_lcms2.mk
@@ -16,9 +16,9 @@ $(eval $(call gb_UnpackedTarball_update_autoconf_configs,lcms2))
 $(eval $(call gb_UnpackedTarball_set_patchlevel,lcms2,3))
 
 $(eval $(call gb_UnpackedTarball_add_patches,lcms2,\
+	external/lcms2/0017-Upgrade-Visual-studio-2017-15.8.patch.1 \
 	external/lcms2/lcms2-2.4-windows.patch \
 	external/lcms2/lcms2-msvc-disable-sse2.patch.1 \
-	external/lcms2/0001-Added-an-extra-check-to-MLU-bounds.patch.1 \
 	external/lcms2/c++17.patch.0 \
 ))
author	Michael Stahl <Michael.Stahl@cib.de>	2019-01-15 17:05:00 +0100
committer	Caolán McNamara <caolanm@redhat.com>	2019-01-16 12:47:35 +0100
commit	5d6a91c4df0ea51bb32794ff6068fa19bda44307 (patch)
tree	697c5bc26b38d9a30405bfd954c569b63d156923
parent	b5698ac28a8a79105edf28ffc1db19bbcbecda3a (diff)