lcms: upgrade 2.18 -> 2.19

CVE-2026-41254_1.patch CVE-2026-41254_2.patch removed since they're included in 2.19 Changes: ======== - CMake build system. Thanks to Vlad Erium for the initial implementation and kmilos for improvements. - Large files support to use profiles up to 4Gb - Black point compensation works on multi-channel profiles - Added more test platforms/architectures in GitHub tests, Cygwin and MSYS are now fully checked. - jpgicc banner is not shown on normal operation, only when help is requested. - Added a way to access internal transform pipelines. For read only. - Add a way to retrieve the CMM signature - Added extra checks on postscript undocumented functions - Added guard on integer overflow when reading .cube files - Added unneeded checks as a try to get rid of spam reports about "vulnerabilities" that are not real. - Utility program names generated by Visual Studio 2026 are now same as all other platforms. - Creating an output profile by cmsTransform2DeviceLink does not propagate correctly the colorant table. Fixed. - Added some profile class definitions from iccMAX - Deprecated uint16 and uint32 types removed from tifdiff - fixed generation of tifdiff on Cmake and meson Signed-off-by: Wang Mingyu <wangmy@fujitsu.com> Signed-off-by: Khem Raj <khem.raj@oss.qualcomm.com>
2026-05-08 17:39:24 +00:00 · 2026-04-30 18:48:34 +08:00
parent 551c3606b1
commit 037d8ec930
3 changed files with 2 additions and 67 deletions
@@ -1,28 +0,0 @@
 From c83cfcd249d06950a307cee8d1e22b7f6a78a8a7 Mon Sep 17 00:00:00 2001
 From: Marti Maria <marti.maria@littlecms.com>
 Date: Thu, 19 Feb 2026 09:07:20 +0100
 Subject: [PATCH] Fix integer overflow in CubeSize()
 Thanks to @zerojackyi for reporting
 CVE: CVE-2026-41254
 Upstream-Status: Backport [https://github.com/mm2/Little-CMS/commit/da6110b1d14abc394633a388209abd5ebedd7ab0]
 Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
 ---
 src/cmslut.c | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)
 diff --git a/src/cmslut.c b/src/cmslut.c
 index 1089148..b245209 100644
 --- a/src/cmslut.c
 +++ b/src/cmslut.c
@@ -460,7 +460,8 @@ void EvaluateCLUTfloatIn16(const cmsFloat32Number In[], cmsFloat32Number Out[],
 static
 cmsUInt32Number CubeSize(const cmsUInt32Number Dims[], cmsUInt32Number b)
 {
 -    cmsUInt32Number rv, dim;
 +    cmsUInt32Number dim;
 +    cmsUInt64Number rv;
     _cmsAssert(Dims != NULL);
@@ -1,34 +0,0 @@
 From f5994aea02d5620f3182cafdcf116ffe9d6c9fd2 Mon Sep 17 00:00:00 2001
 From: Marti Maria <marti.maria@littlecms.com>
 Date: Thu, 12 Mar 2026 22:57:35 +0100
 Subject: [PATCH] check for overflow
 Thanks to Guanni Qu for detecting & reporting the issue
 CVE: CVE-2026-41254
 Upstream-Status: Backport [https://github.com/mm2/Little-CMS/commit/e0641b1828d0a1af5ecb1b11fe22f24fceefd4bc]
 Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
 ---
 src/cmslut.c | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)
 diff --git a/src/cmslut.c b/src/cmslut.c
 index b245209..c1dbb32 100644
 --- a/src/cmslut.c
 +++ b/src/cmslut.c
@@ -468,12 +468,12 @@ cmsUInt32Number CubeSize(const cmsUInt32Number Dims[], cmsUInt32Number b)
     for (rv = 1; b > 0; b--) {
         dim = Dims[b-1];
 -        if (dim <= 1) return 0;  // Error
 -
 -        rv *= dim;
 +        if (dim <= 1) return 0;  
         // Check for overflow
         if (rv > UINT_MAX / dim) return 0;
 +
 +        rv *= dim;
     }
     // Again, prevent overflow
@@ -3,11 +3,8 @@ SECTION = "libs"
 LICENSE = "MIT"
 LIC_FILES_CHKSUM = "file://LICENSE;md5=e9ce323c4b71c943a785db90142b228a"
-SRC_URI = "${SOURCEFORGE_MIRROR}/lcms/lcms2-${PV}.tar.gz \
+SRC_URI = "${SOURCEFORGE_MIRROR}/lcms/lcms2-${PV}.tar.gz"
-           file://CVE-2026-41254_1.patch \
+SRC_URI[sha256sum] = "49e7e134e4299733dd0eda434fa468997a28ab3d33fa397c642b03644f552216"
           file://CVE-2026-41254_2.patch \
           "
 SRC_URI[sha256sum] = "ee67be3566f459362c1ee094fde2c159d33fa0390aa4ed5f5af676f9e5004347"
 DEPENDS = "tiff"