diff options
Diffstat (limited to 'media-libs/libcaca')
| -rw-r--r-- | media-libs/libcaca/Manifest | 10 | ||||
| -rw-r--r-- | media-libs/libcaca/files/100_doxygen.diff | 170 | ||||
| -rw-r--r-- | media-libs/libcaca/files/CVE-2018-20544.patch | 45 | ||||
| -rw-r--r-- | media-libs/libcaca/files/CVE-2018-20545+20547+20549.patch | 34 | ||||
| -rw-r--r-- | media-libs/libcaca/files/CVE-2018-20546+20547.patch | 36 | ||||
| -rw-r--r-- | media-libs/libcaca/files/Fix-a-problem-in-the-caca_resize-overflow-detection-.patch | 135 | ||||
| -rw-r--r-- | media-libs/libcaca/files/canvas-fix-an-integer-overflow-in-caca_resize.patch | 141 | ||||
| -rw-r--r-- | media-libs/libcaca/files/fix-css-path.patch | 12 | ||||
| -rw-r--r-- | media-libs/libcaca/libcaca-0.99_beta19-r1.ebuild | 4 | ||||
| -rw-r--r-- | media-libs/libcaca/libcaca-0.99_beta19-r4.ebuild | 182 |
10 files changed, 766 insertions, 3 deletions
diff --git a/media-libs/libcaca/Manifest b/media-libs/libcaca/Manifest index 827812886c76..3968566050c2 100644 --- a/media-libs/libcaca/Manifest +++ b/media-libs/libcaca/Manifest @@ -1,6 +1,14 @@ +AUX 100_doxygen.diff 8299 BLAKE2B 6de98b3f9e46ba42de588c1c41bcb709fa78a7d25181593b87cc701cddd69778f1d256d37d46292145f87519eb9d071b2d22385d770ff6c036148d212a7b52c8 SHA512 540a59bc71c4d609c1db86848a73167003587ede4ebc115e6616d6f69d8f629ed12605266ef3225d51bf1910e012aff8d395c9a87da00ce7bfb6e9db7f8b957c +AUX CVE-2018-20544.patch 1799 BLAKE2B f2eb0a1f9798c41f64f0f92d3a6d5f36c3729cef204adb4577de4d1ca98c44ab9c444935bfbd149a8d92b76bdf0ffe92ac22c4519708792a34d1a2ca371880ce SHA512 09450e15075daf7d944b7af6e7ad4a3124aa600a1cd9a5a49f8aafb8198497ae84b66a8bf84c9633007220fc39fa923aa3d300990fe7b12bcf770f9bb39a52e0 +AUX CVE-2018-20545+20547+20549.patch 1273 BLAKE2B f4a71b5e811dfb4cf43009e1dee80fbbd783bc362b27089d8a13e54eade1c8dea9239f4897eb51f18e4b41434857045c58a647c6e28256d4d712618e0bc835f8 SHA512 7d574f5e323a5b10bbe7d7287e5a353f31b9a12f3d0fa626213c053c3814ed91975884c5de51f6faf1c140b014e0657645aac2895050ec59e29f29a54f5c8dff +AUX CVE-2018-20546+20547.patch 1211 BLAKE2B 46b96b322cd2595e6782f8ced146819394db3a9a2f9dc41e4ce102b584a5d4cbe05dcf8176ce766b781c2d1da7110efca875b498717669a434c94e2bbd40341a SHA512 9fd85f8551daac7cae3ef1025407e020fbb5233979e6894fecf561a3b59530bda0e79f9983d0778d957ffc698af37b7cfb2591bb7e811761ed16bad2b3d06ef9 +AUX Fix-a-problem-in-the-caca_resize-overflow-detection-.patch 4951 BLAKE2B c66475e9267eb7cd3b227faa82a3ebcbf20e83d31d72ffd4eeea80ee3b97c2005f54cebfb981be5cdea0ce4df006a7c37bb7c37a79ff83dea755ac78e7dcc9ea SHA512 fee4777d59b3a19f2ce8e1a6474ea0e092031d131473a5957b31a61f367f15ac8519223b4d54ab6c1cb2eb0cf24340584daf1bb6ff7d81fefa349168a9e4964f +AUX canvas-fix-an-integer-overflow-in-caca_resize.patch 5265 BLAKE2B e75b3366a8e93971baecdc808ff4cc3d9bb1801836b80d4ee97905eb474af0ab65af762b5ee7a16490fa836c2381cf7cda8dad4df35f2d3ac9bf36c6f7db646f SHA512 626e91a2af949f79438529db454f4fad0ca335dd89d6e783eabcf66b76b972a648afa54951c34b4e1ee33017e14edce9cb94d7579ae484403bfdceb08e6d32de +AUX fix-css-path.patch 502 BLAKE2B c494c458524f98017dceb41266ed051cb3bc9f00c57185715d2ec7846ea5ea3990419d5b8a99062ace0f63ca06e68a45eb4c85210aacc2a6f29255b1088683ac SHA512 de6c43fb73d86dd8e8ee1e22e329ee2201bf09947568382c4637145b297edfae206c269edd05e08000d5670734f8e2c3373c5095682ac850cce588c4cd0cb636 AUX libcaca-0.99_beta18-fix-tests.patch 1886 BLAKE2B 8961c617ae568ab19b0404a8ddb1e4da743f7792b36fd32ace460071c04754f8e5845200333f96e4b9602f547d3249da301c3df62cee7bb20235da6a3242789f SHA512 583b440f93d2d468b14a707946eda928811b8c6573b1a48a1f6010d2f3713399689434531b0068ebbc1999dc82867c7ae6da0bdea9fb754277eda484fe39b1f6 AUX libcaca-0.99_beta18-latex_hacks.patch 645 BLAKE2B 8b72799bdb19accf044c590a144ec7330532aebb7faa3076b12cc49ca82e8e127126b7d1ec8930d0a0871476e4f7632c6ebb6d10ae36146a3006040be72157d6 SHA512 9c1fc4aba3eecf94f47f296ebf11441de60ddf7a335c11bae4da4aa04e5cbbddd07d8cacf40b2b0aaf96312923c24cc0f1a3f031284cac13e8dd9c29ce36aa18 DIST libcaca-0.99.beta19.tar.gz 1203495 BLAKE2B 65462090fc503d640d91753ff21b55ad1bac360fb6e5aae8f46d8162e62f8834f791a1db6e2045a63deaa7c409c3455b484750294cfb01e1027f0ca8dc2f2798 SHA512 780fc7684d40207cc10df3f87d6d8f1d47ddfffa0e76e41a5ce671b82d5c7f090facb054c3d49ca7c4ea1a619625bb9085ce52f837f50792b4a2d776a4c68e15 -EBUILD libcaca-0.99_beta19-r1.ebuild 4014 BLAKE2B 658006e7e49ef8b9d705431ef29b29e4e8d8bf307f5e371895d37323f30856229e206e5dcd7d05865986bcaff1c7213d464213cf9ec64354c551eab164ca64dd SHA512 d79418fe064ade96cd94602086720bbe46092b0cd3bcca863b7bd5cd9c2710b7a11d5dc4510895f14e1c9702f6637491120283e6b9c74a66c73fa0d5d6f9cf7b +EBUILD libcaca-0.99_beta19-r1.ebuild 4017 BLAKE2B 09e3b339beb9a45a816779ce2b0394601b4bd687e6606bbe70ce09dcf0d91e8b82388909f657cb3de11ec4210bd06cd7bee5fe6379cae83ea023a49d38b5f84d SHA512 5c5356db2d1e3d4e0cd083d29be5261698677989c59941b1b632ce2164a23a829bcd249e4178e33589dd81ba40447b0b9fce1125cceb6bca4109cd0257c73038 EBUILD libcaca-0.99_beta19-r3.ebuild 4162 BLAKE2B 721115dcd52859816b62ad09c2ca11e0083154fabd5cf5298b9f1ca28f908e64fb8521c5f507ef9995a8a84b3cbdaa28573b3bce777ef2ef20d5eb40c07d14fc SHA512 b2a5edc036c7b92b75a9bef4a7007ad71afb24d068adc405b11e70076a35b3bba3a0993bee9b1ed2627284c7df59aeb6e373faeca17969738aa73f57b594574f +EBUILD libcaca-0.99_beta19-r4.ebuild 4490 BLAKE2B 47664ad6a48d3da5ad6d51e1a02f6f8339a0783510001b9105265691a043a06c662a5824bdcf6b576e1735d0214fd03184b6383af0abad7593483ec6b157ebfa SHA512 f3a531b9683a5d957001696b0984312afda4abeb1fe24389c518d296e3c407e42294d6c59fdcb9dce491484799aae83c9f88276606ad9ee6cd5475f22d882498 MISC metadata.xml 219 BLAKE2B bca5749b6f2d3541ba2d2635b59056f9ecdc46553991dec3ee5a7bc9f26393bdae62755418850d3cbda0eeb65b7f72029ddf09d4f088b21c84d407d0e6eaa098 SHA512 24793c7fd0e2cef8fa5a0efd9bd55fed1e62ff6810199a969d4c0b869bac9b9ec79b288105b73b1b99734320bb13569a8ee00516b5452dd67d91d14dd17038e2 diff --git a/media-libs/libcaca/files/100_doxygen.diff b/media-libs/libcaca/files/100_doxygen.diff new file mode 100644 index 000000000000..f537f37b6d35 --- /dev/null +++ b/media-libs/libcaca/files/100_doxygen.diff @@ -0,0 +1,170 @@ +Description: Don't mess with Doxygen's output +Author: Balint Reczey <balint@balintreczey.hu> +Index: libcaca-0.99.beta19/doc/Makefile.am +=================================================================== +--- libcaca-0.99.beta19.orig/doc/Makefile.am ++++ libcaca-0.99.beta19/doc/Makefile.am +@@ -28,10 +28,7 @@ stamp-latex: stamp-doxygen + if BUILD_DOCUMENTATION + if USE_LATEX + rm -f latex/libcaca.tex latex/libcaca.pdf +- mv latex/refman.tex latex/libcaca.tex +- sed 's/setlength{/renewcommand{/' latex/libcaca.tex \ +- | sed 's/.*usepackage.*times.*//' > latex/refman.tex +- cd latex && $(MAKE) $(AM_CFLAGS) refman.pdf || (cat refman.log; exit 1) ++ (cd latex && pdflatex refman ; makeindex refman.idx ; pdflatex refman ; pdflatex refman ; pdflatex refman ; pdflatex refman ; pdflatex refman; echo "pdflatex exit code: $$?") + mv latex/refman.pdf latex/libcaca.pdf + touch stamp-latex + endif +Index: libcaca-0.99.beta19/doc/doxygen.cfg.in +=================================================================== +--- libcaca-0.99.beta19.orig/doc/doxygen.cfg.in ++++ libcaca-0.99.beta19/doc/doxygen.cfg.in +@@ -1,4 +1,4 @@ +-# Doxyfile 1.8.6 ++# Doxyfile 1.8.7 + + # This file describes the settings to be used by the documentation system + # doxygen (www.doxygen.org) for a project. +@@ -70,6 +70,14 @@ OUTPUT_DIRECTORY = . + + CREATE_SUBDIRS = NO + ++# If the ALLOW_UNICODE_NAMES tag is set to YES, doxygen will allow non-ASCII ++# characters to appear in the names of generated files. If set to NO, non-ASCII ++# characters will be escaped, for example _xE3_x81_x84 will be used for Unicode ++# U+3044. ++# The default value is: NO. ++ ++ALLOW_UNICODE_NAMES = NO ++ + # The OUTPUT_LANGUAGE tag is used to specify the language in which all + # documentation generated by doxygen is written. Doxygen will use this + # information to generate all constant output in the proper language. +@@ -261,9 +269,12 @@ OPTIMIZE_OUTPUT_VHDL = NO + # extension. Doxygen has a built-in mapping, but you can override or extend it + # using this tag. The format is ext=language, where ext is a file extension, and + # language is one of the parsers supported by doxygen: IDL, Java, Javascript, +-# C#, C, C++, D, PHP, Objective-C, Python, Fortran, VHDL. For instance to make +-# doxygen treat .inc files as Fortran files (default is PHP), and .f files as C +-# (default is Fortran), use: inc=Fortran f=C. ++# C#, C, C++, D, PHP, Objective-C, Python, Fortran (fixed format Fortran: ++# FortranFixed, free formatted Fortran: FortranFree, unknown formatted Fortran: ++# Fortran. In the later case the parser tries to guess whether the code is fixed ++# or free formatted code, this is the default for Fortran type files), VHDL. For ++# instance to make doxygen treat .inc files as Fortran files (default is PHP), ++# and .f files as C (default is Fortran), use: inc=Fortran f=C. + # + # Note For files without extension you can use no_extension as a placeholder. + # +@@ -1242,7 +1253,8 @@ GENERATE_CHI = NO + CHM_INDEX_ENCODING = + + # The BINARY_TOC flag controls whether a binary table of contents is generated ( +-# YES) or a normal table of contents ( NO) in the .chm file. ++# YES) or a normal table of contents ( NO) in the .chm file. Furthermore it ++# enables the Previous and Next buttons. + # The default value is: NO. + # This tag requires that the tag GENERATE_HTMLHELP is set to YES. + +@@ -1482,11 +1494,11 @@ SEARCHENGINE = NO + + # When the SERVER_BASED_SEARCH tag is enabled the search engine will be + # implemented using a web server instead of a web client using Javascript. There +-# are two flavours of web server based searching depending on the +-# EXTERNAL_SEARCH setting. When disabled, doxygen will generate a PHP script for +-# searching and an index file used by the script. When EXTERNAL_SEARCH is +-# enabled the indexing and searching needs to be provided by external tools. See +-# the section "External Indexing and Searching" for details. ++# are two flavors of web server based searching depending on the EXTERNAL_SEARCH ++# setting. When disabled, doxygen will generate a PHP script for searching and ++# an index file used by the script. When EXTERNAL_SEARCH is enabled the indexing ++# and searching needs to be provided by external tools. See the section ++# "External Indexing and Searching" for details. + # The default value is: NO. + # This tag requires that the tag SEARCHENGINE is set to YES. + +@@ -1774,6 +1786,13 @@ MAN_OUTPUT = man + + MAN_EXTENSION = .3caca + ++# The MAN_SUBDIR tag determines the name of the directory created within ++# MAN_OUTPUT in which the man pages are placed. If defaults to man followed by ++# MAN_EXTENSION with the initial . removed. ++# This tag requires that the tag GENERATE_MAN is set to YES. ++ ++MAN_SUBDIR = ++ + # If the MAN_LINKS tag is set to YES and doxygen generates man output, then it + # will generate one additional man file for each entity documented in the real + # man page(s). These additional files only source the real man page, but without +@@ -1801,18 +1820,6 @@ GENERATE_XML = NO + + XML_OUTPUT = xml + +-# The XML_SCHEMA tag can be used to specify a XML schema, which can be used by a +-# validating XML parser to check the syntax of the XML files. +-# This tag requires that the tag GENERATE_XML is set to YES. +- +-XML_SCHEMA = +- +-# The XML_DTD tag can be used to specify a XML DTD, which can be used by a +-# validating XML parser to check the syntax of the XML files. +-# This tag requires that the tag GENERATE_XML is set to YES. +- +-XML_DTD = +- + # If the XML_PROGRAMLISTING tag is set to YES doxygen will dump the program + # listings (including syntax highlighting and cross-referencing information) to + # the XML output. Note that enabling this will significantly increase the size +@@ -1961,9 +1968,9 @@ EXPAND_AS_DEFINED = __extern \ + __class + + # If the SKIP_FUNCTION_MACROS tag is set to YES then doxygen's preprocessor will +-# remove all refrences to function-like macros that are alone on a line, have an +-# all uppercase name, and do not end with a semicolon. Such function macros are +-# typically used for boiler-plate code, and will confuse the parser if not ++# remove all references to function-like macros that are alone on a line, have ++# an all uppercase name, and do not end with a semicolon. Such function macros ++# are typically used for boiler-plate code, and will confuse the parser if not + # removed. + # The default value is: YES. + # This tag requires that the tag ENABLE_PREPROCESSING is set to YES. +@@ -1983,7 +1990,7 @@ SKIP_FUNCTION_MACROS = YES + # where loc1 and loc2 can be relative or absolute paths or URLs. See the + # section "Linking to external documentation" for more information about the use + # of tag files. +-# Note: Each tag file must have an unique name (where the name does NOT include ++# Note: Each tag file must have a unique name (where the name does NOT include + # the path). If a tag file is not located in the directory in which doxygen is + # run, you must also specify the path to the tagfile here. + +@@ -2061,7 +2068,7 @@ HIDE_UNDOC_RELATIONS = YES + # http://www.graphviz.org/), a graph visualization toolkit from AT&T and Lucent + # Bell Labs. The other options in this section have no effect if this option is + # set to NO +-# The default value is: NO. ++# The default value is: YES. + + HAVE_DOT = NO + +@@ -2083,7 +2090,7 @@ DOT_NUM_THREADS = 0 + # The default value is: Helvetica. + # This tag requires that the tag HAVE_DOT is set to YES. + +-#DOT_FONTNAME = FreeSans ++DOT_FONTNAME = Helvetica + + # The DOT_FONTSIZE tag can be used to set the size (in points) of the font of + # dot graphs. +@@ -2213,7 +2220,9 @@ DIRECTORY_GRAPH = YES + # Note: If you choose svg you need to set HTML_FILE_EXTENSION to xhtml in order + # to make the SVG files visible in IE 9+ (other browsers do not have this + # requirement). +-# Possible values are: png, jpg, gif and svg. ++# Possible values are: png, png:cairo, png:cairo:cairo, png:cairo:gd, png:gd, ++# png:gd:gd, jpg, jpg:cairo, jpg:cairo:gd, jpg:gd, jpg:gd:gd, gif, gif:cairo, ++# gif:cairo:gd, gif:gd, gif:gd:gd and svg. + # The default value is: png. + # This tag requires that the tag HAVE_DOT is set to YES. + diff --git a/media-libs/libcaca/files/CVE-2018-20544.patch b/media-libs/libcaca/files/CVE-2018-20544.patch new file mode 100644 index 000000000000..072c1dda0502 --- /dev/null +++ b/media-libs/libcaca/files/CVE-2018-20544.patch @@ -0,0 +1,45 @@ +From 84bd155087b93ab2d8d7cb5b1ac94ecd4cf4f93c Mon Sep 17 00:00:00 2001 +From: Sam Hocevar <sam@hocevar.net> +Date: Sat, 29 Dec 2018 22:13:56 +0100 +Subject: [PATCH] dither: fix integer overflows that were causing a division by + zero. + +Fixes: #36 (CVE-2018-20544) +--- + caca/dither.c | 16 ++++++++-------- + 1 file changed, 8 insertions(+), 8 deletions(-) + +diff --git a/caca/dither.c b/caca/dither.c +index 04b678e0..c6ebab1b 100644 +--- a/caca/dither.c ++++ b/caca/dither.c +@@ -991,10 +991,10 @@ int caca_dither_bitmap(caca_canvas_t *cv, int x, int y, int w, int h, + /* First get RGB */ + if(d->antialias) + { +- fromx = (x - x1) * w / deltax; +- fromy = (y - y1) * h / deltay; +- tox = (x - x1 + 1) * w / deltax; +- toy = (y - y1 + 1) * h / deltay; ++ fromx = (uint64_t)(x - x1) * w / deltax; ++ fromy = (uint64_t)(y - y1) * h / deltay; ++ tox = (uint64_t)(x - x1 + 1) * w / deltax; ++ toy = (uint64_t)(y - y1 + 1) * h / deltay; + + /* We want at least one pixel */ + if(tox == fromx) tox++; +@@ -1017,10 +1017,10 @@ int caca_dither_bitmap(caca_canvas_t *cv, int x, int y, int w, int h, + } + else + { +- fromx = (x - x1) * w / deltax; +- fromy = (y - y1) * h / deltay; +- tox = (x - x1 + 1) * w / deltax; +- toy = (y - y1 + 1) * h / deltay; ++ fromx = (uint64_t)(x - x1) * w / deltax; ++ fromy = (uint64_t)(y - y1) * h / deltay; ++ tox = (uint64_t)(x - x1 + 1) * w / deltax; ++ toy = (uint64_t)(y - y1 + 1) * h / deltay; + + /* tox and toy can overflow the canvas, but they cannot overflow + * when averaged with fromx and fromy because these are guaranteed diff --git a/media-libs/libcaca/files/CVE-2018-20545+20547+20549.patch b/media-libs/libcaca/files/CVE-2018-20545+20547+20549.patch new file mode 100644 index 000000000000..ff1ee48c6a67 --- /dev/null +++ b/media-libs/libcaca/files/CVE-2018-20545+20547+20549.patch @@ -0,0 +1,34 @@ +Description: img2txt: fix an integer overflow in the BMP loader. +Origin: https://github.com/cacalabs/libcaca/commit/3e52dabe3e64dc50f4422effe364a1457a8a8592 +Forwarded: not-needed +Applied-Upstream: https://github.com/cacalabs/libcaca/commit/3e52dabe3e64dc50f4422effe364a1457a8a8592 +Last-Update: 2019-04-06 +--- +This patch header follows DEP-3: http://dep.debian.net/deps/dep3/ +--- a/src/common-image.h ++++ b/src/common-image.h +@@ -1,19 +1,19 @@ + /* + * Imaging tools for cacaview and img2irc +- * Copyright (c) 2003-2012 Sam Hocevar <sam@hocevar.net> +- * All Rights Reserved ++ * Copyright (c) 2003-2018 Sam Hocevar <sam@hocevar.net> ++ * All Rights Reserved + * + * This program is free software. It comes without any warranty, to + * the extent permitted by applicable law. You can redistribute it + * and/or modify it under the terms of the Do What the Fuck You Want +- * to Public License, Version 2, as published by Sam Hocevar. See +- * http://www.wtfpl.net/ for more details. ++ * to Public License, Version 2, as published by the WTFPL Task Force. ++ * See http://www.wtfpl.net/ for more details. + */ + + struct image + { + char *pixels; +- unsigned int w, h; ++ size_t w, h; + struct caca_dither *dither; + void *priv; + }; diff --git a/media-libs/libcaca/files/CVE-2018-20546+20547.patch b/media-libs/libcaca/files/CVE-2018-20546+20547.patch new file mode 100644 index 000000000000..95b072bfc398 --- /dev/null +++ b/media-libs/libcaca/files/CVE-2018-20546+20547.patch @@ -0,0 +1,36 @@ +From 02a09ec9e5ed8981e7a810bfb6a0172dc24f0790 Mon Sep 17 00:00:00 2001 +From: Sam Hocevar <sam@hocevar.net> +Date: Sun, 30 Dec 2018 13:18:27 +0100 +Subject: [PATCH] dither: fix integer multiplication overflow that caused + crashes. + +Fixes: #38 (CVE-2018-20546) +Fixes: #39 (CVE-2018-20547) +--- + caca/dither.c | 6 +++--- + 1 file changed, 3 insertions(+), 3 deletions(-) + +diff --git a/caca/dither.c b/caca/dither.c +index c6ebab1b..b2e24e55 100644 +--- a/caca/dither.c ++++ b/caca/dither.c +@@ -6,8 +6,8 @@ + * This library is free software. It comes without any warranty, to + * the extent permitted by applicable law. You can redistribute it + * and/or modify it under the terms of the Do What the Fuck You Want +- * to Public License, Version 2, as published by Sam Hocevar. See +- * http://www.wtfpl.net/ for more details. ++ * to Public License, Version 2, as published by the WTFPL Task Force. ++ * See http://www.wtfpl.net/ for more details. + */ + + /* +@@ -116,7 +116,7 @@ enum color_mode + struct caca_dither + { + int bpp, has_palette, has_alpha; +- int w, h, pitch; ++ size_t w, h, pitch; + int rmask, gmask, bmask, amask; + int rright, gright, bright, aright; + int rleft, gleft, bleft, aleft; diff --git a/media-libs/libcaca/files/Fix-a-problem-in-the-caca_resize-overflow-detection-.patch b/media-libs/libcaca/files/Fix-a-problem-in-the-caca_resize-overflow-detection-.patch new file mode 100644 index 000000000000..5305a6bdf21c --- /dev/null +++ b/media-libs/libcaca/files/Fix-a-problem-in-the-caca_resize-overflow-detection-.patch @@ -0,0 +1,135 @@ +From: Sam Hocevar <sam@hocevar.net> +Date: Fri, 26 Feb 2021 12:40:06 +0100 +Subject: [2/2] Fix a problem in the caca_resize() overflow detection and add + several unit tests. +Origin: https://github.com/cacalabs/libcaca/commit/e4968ba6e93e9fd35429eb16895c785c51072015 +Bug: https://github.com/cacalabs/libcaca/issues/52 +Bug-Debian: https://bugs.debian.org/983686 +Bug-Debian-Security: https://security-tracker.debian.org/tracker/CVE-2021-3410 + +--- + caca/canvas.c | 16 ++++++++-------- + test/canvas.cpp | 18 +++++++++++++++--- + tools/makefont.c | 22 +++++++++++++++++++--- + 3 files changed, 42 insertions(+), 14 deletions(-) + +--- a/caca/canvas.c ++++ b/caca/canvas.c +@@ -367,6 +367,14 @@ int caca_resize(caca_canvas_t *cv, int w + { + int x, y, f, old_width, old_height, old_size; + ++ /* Check for overflow */ ++ int new_size = width * height; ++ if (new_size < 0 || (width > 0 && new_size / width != height)) ++ { ++ seterrno(EOVERFLOW); ++ return -1; ++ } ++ + old_width = cv->width; + old_height = cv->height; + old_size = old_width * old_height; +@@ -377,14 +385,6 @@ int caca_resize(caca_canvas_t *cv, int w + * dirty rectangle handling */ + cv->width = width; + cv->height = height; +- int new_size = width * height; +- +- /* Check for overflow */ +- if (new_size / width != height) +- { +- seterrno(EOVERFLOW); +- return -1; +- } + + /* If width or height is smaller (or both), we have the opportunity to + * reduce or even remove dirty rectangles */ +--- a/test/canvas.cpp ++++ b/test/canvas.cpp +@@ -16,6 +16,7 @@ + #include <cppunit/TestCaller.h> + #include <cppunit/TestCase.h> + #include <cppunit/TestSuite.h> ++#include <climits> + + #include "caca.h" + +@@ -53,18 +54,29 @@ public: + CPPUNIT_ASSERT_EQUAL(caca_get_canvas_width(cv), 0); + CPPUNIT_ASSERT_EQUAL(caca_get_canvas_height(cv), 0); + +- caca_set_canvas_size(cv, 1, 1); ++ int ret = caca_set_canvas_size(cv, 1, 1); ++ CPPUNIT_ASSERT_EQUAL(ret, 0); + CPPUNIT_ASSERT_EQUAL(caca_get_canvas_width(cv), 1); + CPPUNIT_ASSERT_EQUAL(caca_get_canvas_height(cv), 1); + +- caca_set_canvas_size(cv, 1234, 1001); ++ ret = caca_set_canvas_size(cv, 1234, 1001); ++ CPPUNIT_ASSERT_EQUAL(ret, 0); + CPPUNIT_ASSERT_EQUAL(caca_get_canvas_width(cv), 1234); + CPPUNIT_ASSERT_EQUAL(caca_get_canvas_height(cv), 1001); + +- caca_set_canvas_size(cv, 0, 0); ++ ret = caca_set_canvas_size(cv, 0, 0); ++ CPPUNIT_ASSERT_EQUAL(ret, 0); + CPPUNIT_ASSERT_EQUAL(caca_get_canvas_width(cv), 0); + CPPUNIT_ASSERT_EQUAL(caca_get_canvas_height(cv), 0); + ++ CPPUNIT_ASSERT_EQUAL(-1, caca_set_canvas_size(cv, -1, 50)); ++ CPPUNIT_ASSERT_EQUAL(-1, caca_set_canvas_size(cv, 50, -1)); ++ CPPUNIT_ASSERT_EQUAL(-1, caca_set_canvas_size(cv, -1, -1)); ++ CPPUNIT_ASSERT_EQUAL(-1, caca_set_canvas_size(cv, INT_MAX / 2, 3)); ++ CPPUNIT_ASSERT_EQUAL(-1, caca_set_canvas_size(cv, 3, INT_MAX / 2)); ++ CPPUNIT_ASSERT_EQUAL(-1, caca_set_canvas_size(cv, INT_MAX / 2, INT_MAX / 2)); ++ CPPUNIT_ASSERT_EQUAL(0, caca_set_canvas_size(cv, 0, 0)); ++ + caca_free_canvas(cv); + } + +--- a/tools/makefont.c ++++ b/tools/makefont.c +@@ -40,7 +40,8 @@ + * and the UTF-8 glyphs necessary for canvas rotation and mirroring. */ + static unsigned int const blocklist[] = + { +- 0x0000, 0x0080, /* Basic latin: A, B, C, a, b, c */ ++ 0x0020, 0x0080, /* Basic latin: A, B, C, a, b, c */ ++#if 0 + 0x0080, 0x0100, /* Latin-1 Supplement: Ä, Ç, å, ß */ + 0x0100, 0x0180, /* Latin Extended-A: Ā č Ō œ */ + 0x0180, 0x0250, /* Latin Extended-B: Ǝ Ƹ */ +@@ -63,6 +64,7 @@ static unsigned int const blocklist[] = + 0x30a0, 0x3100, /* Katakana: ロ ル */ + 0xff00, 0xfff0, /* Halfwidth and Fullwidth Forms: A, B, C, a, b, c */ + 0x10400, 0x10450, /* Deseret: 𐐒 𐐋 */ ++#endif + 0, 0 + }; + +@@ -317,8 +319,22 @@ int main(int argc, char *argv[]) + printf_unicode(>ab[n]); + + if(gtab[n].same_as == n) +- printf_hex(" */ %s\n", +- glyph_data + gtab[n].data_offset, gtab[n].data_size); ++ { ++ char const *lut = " .:nmW@"; ++ printf("\n"); ++ for (int y = 0; y < height; ++y) ++ { ++ for (int x = 0; x < gtab[n].data_width; ++x) ++ { ++ int val = glyph_data[gtab[n].data_offset + y * gtab[n].data_width + x]; ++ char ch = lut[val * val * 7 / 256 / 256]; ++ printf("%c%c", ch, ch); ++ } ++ printf("\n"); ++ } ++ //printf_hex(" */ %s\n", ++ // glyph_data + gtab[n].data_offset, gtab[n].data_size); ++ } + else + { + printf(" is "); diff --git a/media-libs/libcaca/files/canvas-fix-an-integer-overflow-in-caca_resize.patch b/media-libs/libcaca/files/canvas-fix-an-integer-overflow-in-caca_resize.patch new file mode 100644 index 000000000000..020f1a3603d4 --- /dev/null +++ b/media-libs/libcaca/files/canvas-fix-an-integer-overflow-in-caca_resize.patch @@ -0,0 +1,141 @@ +From: Sam Hocevar <sam@hocevar.net> +Date: Fri, 26 Feb 2021 10:55:38 +0100 +Subject: [1/2] canvas: fix an integer overflow in caca_resize(). +Origin: https://github.com/cacalabs/libcaca/commit/46b4ea7cea72d6b3ffe65d33e604b1774dcc2bbd +Bug: https://github.com/cacalabs/libcaca/issues/52 +Bug-Debian: https://bugs.debian.org/983686 +Bug-Debian-Security: https://security-tracker.debian.org/tracker/CVE-2021-3410 + +Fixes: #52 (CVE-2021-3410) +--- + caca/canvas.c | 13 +++++++++++-- + caca/codec/import.c | 1 + + caca/codec/text.c | 21 ++++++++++++++------- + 3 files changed, 26 insertions(+), 9 deletions(-) + +diff --git a/caca/canvas.c b/caca/canvas.c +index 3fdd37ae8ef9..d07153926c3a 100644 +--- a/caca/canvas.c ++++ b/caca/canvas.c +@@ -45,6 +45,7 @@ static int caca_resize(caca_canvas_t *, int, int); + * + * If an error occurs, NULL is returned and \b errno is set accordingly: + * - \c EINVAL Specified width or height is invalid. ++ * - \c EOVERFLOW Specified width and height overflowed. + * - \c ENOMEM Not enough memory for the requested canvas size. + * + * \param width The desired canvas width +@@ -200,6 +201,7 @@ int caca_unmanage_canvas(caca_canvas_t *cv, int (*callback)(void *), void *p) + * + * If an error occurs, -1 is returned and \b errno is set accordingly: + * - \c EINVAL Specified width or height is invalid. ++ * - \c EOVERFLOW Specified width and height overflowed. + * - \c EBUSY The canvas is in use by a display driver and cannot be resized. + * - \c ENOMEM Not enough memory for the requested canvas size. If this + * happens, the canvas handle becomes invalid and should not be used. +@@ -363,7 +365,7 @@ int caca_rand(int min, int max) + + int caca_resize(caca_canvas_t *cv, int width, int height) + { +- int x, y, f, old_width, old_height, new_size, old_size; ++ int x, y, f, old_width, old_height, old_size; + + old_width = cv->width; + old_height = cv->height; +@@ -375,7 +377,14 @@ int caca_resize(caca_canvas_t *cv, int width, int height) + * dirty rectangle handling */ + cv->width = width; + cv->height = height; +- new_size = width * height; ++ int new_size = width * height; ++ ++ /* Check for overflow */ ++ if (new_size / width != height) ++ { ++ seterrno(EOVERFLOW); ++ return -1; ++ } + + /* If width or height is smaller (or both), we have the opportunity to + * reduce or even remove dirty rectangles */ +diff --git a/caca/codec/import.c b/caca/codec/import.c +index 8836fd0893e3..2dafe3cf97c1 100644 +--- a/caca/codec/import.c ++++ b/caca/codec/import.c +@@ -61,6 +61,7 @@ static ssize_t import_caca(caca_canvas_t *, void const *, size_t); + * + * If an error occurs, -1 is returned and \b errno is set accordingly: + * - \c ENOMEM Not enough memory to allocate canvas. ++ * - \c EOVERFLOW Importing data caused a value overflow. + * - \c EINVAL Invalid format requested. + * + * \param cv A libcaca canvas in which to import the file. +diff --git a/caca/codec/text.c b/caca/codec/text.c +index 358b7224fe87..94a2a4d7bcdb 100644 +--- a/caca/codec/text.c ++++ b/caca/codec/text.c +@@ -46,7 +46,7 @@ ssize_t _import_text(caca_canvas_t *cv, void const *data, size_t size) + char const *text = (char const *)data; + unsigned int width = 0, height = 0, x = 0, y = 0, i; + +- caca_set_canvas_size(cv, width, height); ++ caca_set_canvas_size(cv, 0, 0); + + for(i = 0; i < size; i++) + { +@@ -70,15 +70,19 @@ ssize_t _import_text(caca_canvas_t *cv, void const *data, size_t size) + if(y >= height) + height = y + 1; + +- caca_set_canvas_size(cv, width, height); ++ if (caca_set_canvas_size(cv, width, height) < 0) ++ return -1; + } + + caca_put_char(cv, x, y, ch); + x++; + } + +- if(y > height) +- caca_set_canvas_size(cv, width, height = y); ++ if (y > height) ++ { ++ if (caca_set_canvas_size(cv, width, height = y) < 0) ++ return -1; ++ } + + return (ssize_t)size; + } +@@ -431,7 +435,8 @@ ssize_t _import_ansi(caca_canvas_t *cv, void const *data, size_t size, int utf8) + { + savedattr = caca_get_attr(cv, -1, -1); + caca_set_attr(cv, im.clearattr); +- caca_set_canvas_size(cv, width = x + wch, height); ++ if (caca_set_canvas_size(cv, width = x + wch, height) < 0) ++ return -1; + caca_set_attr(cv, savedattr); + } + else +@@ -448,7 +453,8 @@ ssize_t _import_ansi(caca_canvas_t *cv, void const *data, size_t size, int utf8) + caca_set_attr(cv, im.clearattr); + if(growy) + { +- caca_set_canvas_size(cv, width, height = y + 1); ++ if (caca_set_canvas_size(cv, width, height = y + 1) < 0) ++ return -1; + } + else + { +@@ -480,7 +486,8 @@ ssize_t _import_ansi(caca_canvas_t *cv, void const *data, size_t size, int utf8) + { + savedattr = caca_get_attr(cv, -1, -1); + caca_set_attr(cv, im.clearattr); +- caca_set_canvas_size(cv, width, height = y); ++ if (caca_set_canvas_size(cv, width, height = y)) ++ return -1; + caca_set_attr(cv, savedattr); + } + +-- +2.30.0 + diff --git a/media-libs/libcaca/files/fix-css-path.patch b/media-libs/libcaca/files/fix-css-path.patch new file mode 100644 index 000000000000..ce48e4fbda05 --- /dev/null +++ b/media-libs/libcaca/files/fix-css-path.patch @@ -0,0 +1,12 @@ +https://bugs.gentoo.org/543870#c11 +--- a/doc/doxygen.cfg.in 2014-05-16 21:19:51.000000000 +0200 ++++ b/doc/doxygen.cfg.in 2016-12-22 13:31:00.181040572 +0100 +@@ -1069,7 +1069,7 @@ + # obsolete. + # This tag requires that the tag GENERATE_HTML is set to YES. + +-HTML_STYLESHEET = doxygen.css ++HTML_STYLESHEET = @srcdir@/doxygen.css + + # The HTML_EXTRA_STYLESHEET tag can be used to specify an additional user- + # defined cascading style sheet that is included after the standard style sheets diff --git a/media-libs/libcaca/libcaca-0.99_beta19-r1.ebuild b/media-libs/libcaca/libcaca-0.99_beta19-r1.ebuild index 4c634422850e..a7e21adb2add 100644 --- a/media-libs/libcaca/libcaca-0.99_beta19-r1.ebuild +++ b/media-libs/libcaca/libcaca-0.99_beta19-r1.ebuild @@ -5,7 +5,7 @@ EAPI=5 RUBY_OPTIONAL=yes #USE_RUBY=ruby20 -inherit autotools ruby-ng epatch eutils flag-o-matic ltprune mono-env multilib java-pkg-opt-2 multilib-minimal +inherit autotools ruby-ng epatch eutils flag-o-matic mono-env multilib java-pkg-opt-2 multilib-minimal MY_P=${P/_/.} DESCRIPTION="A library that creates colored ASCII-art graphics" @@ -145,5 +145,5 @@ multilib_src_install() { multilib_src_install_all() { einstalldocs rm -rf "${D}"/usr/share/java - prune_libtool_files --modules + find "${ED}" -name '*.la' -delete || die } diff --git a/media-libs/libcaca/libcaca-0.99_beta19-r4.ebuild b/media-libs/libcaca/libcaca-0.99_beta19-r4.ebuild new file mode 100644 index 000000000000..7fe4815820c6 --- /dev/null +++ b/media-libs/libcaca/libcaca-0.99_beta19-r4.ebuild @@ -0,0 +1,182 @@ +# Copyright 1999-2021 Gentoo Authors +# Distributed under the terms of the GNU General Public License v2 + +EAPI=7 + +RUBY_OPTIONAL=yes +#USE_RUBY=ruby20 + +inherit autotools ruby-ng flag-o-matic java-pkg-opt-2 mono-env toolchain-funcs multilib-minimal + +MY_P=${P/_/.} +DESCRIPTION="A library that creates colored ASCII-art graphics" +HOMEPAGE="http://libcaca.zoy.org/" +SRC_URI="http://libcaca.zoy.org/files/${PN}/${MY_P}.tar.gz" +S="${WORKDIR}/${MY_P}" + +LICENSE="GPL-2 ISC LGPL-2.1 WTFPL-2" +SLOT="0" +KEYWORDS="~alpha amd64 arm ~arm64 ~hppa ~ia64 ~mips ppc ppc64 ~riscv ~s390 sparc x86" +IUSE="cxx doc imlib java mono ncurses opengl ruby slang static-libs test truetype X" +RESTRICT="!test? ( test )" + +# ruby? ( ruby_targets_${USE_RUBY} ) +REQUIRED_USE="" + +# ruby? ( $(ruby_implementations_depend) ) +DEPEND=" + imlib? ( >=media-libs/imlib2-1.4.6-r2[${MULTILIB_USEDEP}] ) + mono? ( dev-lang/mono ) + ncurses? ( >=sys-libs/ncurses-5.9-r3:0=[${MULTILIB_USEDEP}] ) + opengl? ( + >=virtual/glu-9.0-r1[${MULTILIB_USEDEP}] + >=virtual/opengl-7.0-r1[${MULTILIB_USEDEP}] + >=media-libs/freeglut-2.8.1[${MULTILIB_USEDEP}] + truetype? ( >=media-libs/ftgl-2.1.3_rc5 ) + ) + slang? ( >=sys-libs/slang-2.2.4-r1[${MULTILIB_USEDEP}] ) + X? ( + >=x11-libs/libX11-1.6.2[${MULTILIB_USEDEP}] + >=x11-libs/libXt-1.1.4[${MULTILIB_USEDEP}] + ) +" +RDEPEND="java? ( >=virtual/jre-1.5 )" +BDEPEND=" + virtual/pkgconfig + doc? ( + app-doc/doxygen + virtual/latex-base + >=dev-texlive/texlive-fontsrecommended-2012 + >=dev-texlive/texlive-latexextra-2012 + dev-texlive/texlive-latexrecommended + ) + java? ( >=virtual/jdk-1.5 ) + test? ( dev-util/cppunit ) +" + +DOCS=( AUTHORS ChangeLog NEWS NOTES README THANKS ) + +PATCHES=( + # Fix out of source tests + "${FILESDIR}"/${PN}-0.99_beta18-fix-tests.patch + # Debian patches + "${FILESDIR}/CVE-2018-20544.patch" + "${FILESDIR}/CVE-2018-20545+20547+20549.patch" + "${FILESDIR}/CVE-2018-20546+20547.patch" + "${FILESDIR}/canvas-fix-an-integer-overflow-in-caca_resize.patch" + "${FILESDIR}/Fix-a-problem-in-the-caca_resize-overflow-detection-.patch" + "${FILESDIR}/100_doxygen.diff" + # Fix doxygen docs install, bug 543870 + "${FILESDIR}/fix-css-path.patch" +) + +pkg_setup() { + java-pkg-opt-2_pkg_setup + use mono && mono-env_pkg_setup +} + +src_unpack() { + default +} + +src_prepare() { + # bug #339962 + sed -i -e '/doxygen_tests = check-doxygen/d' test/Makefile.am || die + + sed -i \ + -e 's:-g -O2 -fno-strength-reduce -fomit-frame-pointer::' \ + -e 's:AM_CONFIG_HEADER:AC_CONFIG_HEADERS:' \ + configure.ac || die + + sed -i \ + -e 's:$(JAVAC):$(JAVAC) $(JAVACFLAGS):' \ + -e 's:libcaca_java_la_CPPFLAGS =:libcaca_java_la_CPPFLAGS = -I$(top_srcdir)/caca:' \ + java/Makefile.am || die + + if ! use truetype; then + sed -i -e '/PKG_CHECK_MODULES/s:ftgl:dIsAbLe&:' configure.ac || die + fi + + if use imlib && ! use X; then + append-cflags -DX_DISPLAY_MISSING + fi + + # bug #653400 + append-cxxflags -std=c++11 + + # bug #601902 + append-libs "$($(tc-getPKG_CONFIG) --libs ncurses)" + + # fix docs install path, bug 543870#c14 + sed -i "s/libcaca-dev/${PF}/g" doc/Makefile.am || die + + default + eautoreconf + + java-pkg-opt-2_src_prepare +} + +multilib_src_configure() { + if multilib_is_native_abi; then + if use java; then + export JAVACFLAGS="$(java-pkg_javac-args)" + export JAVA_CFLAGS="$(java-pkg_get-jni-cflags)" + fi + + # bug #44128 + export VARTEXFONTS="${T}/fonts" + + # bug #329651 + use mono && export CSC="$(type -P gmcs)" + use ruby && use ruby_targets_${USE_RUBY} && export RUBY=$(ruby_implementation_command ${USE_RUBY}) + fi + + local myeconfargs=( + $(use_enable static-libs static) + $(use_enable slang) + $(use_enable ncurses) + $(use_enable X x11) + $(use_with X x) + --x-libraries=/usr/$(get_libdir) + $(use_enable opengl gl) + $(use_enable cxx) + $(use_enable imlib imlib2) + $(use_enable test cppunit) + $(multilib_native_use_enable java) + $(multilib_native_use_enable ruby) + --disable-python + $(multilib_native_use_enable mono csharp) + $(multilib_native_use_enable doc) + ) + + ECONF_SOURCE="${S}" econf "${myeconfargs[@]}" +} + +multilib_src_compile() { + local _java_makeopts + + # bug #480864 + use java && _java_makeopts="-j1" + emake V=1 ${_java_makeopts} +} + +multilib_src_test() { + emake V=1 -j1 check +} + +multilib_src_install() { + emake V=1 DESTDIR="${D}" install + + # Note: broken, see bug #508564 and bug #773913 + if multilib_is_native_abi && use java; then + java-pkg_newjar java/libjava.jar + fi +} + +multilib_src_install_all() { + einstalldocs + + rm -rf "${ED}"/usr/share/java || die + + find "${ED}" -name '*.la' -delete || die +} |