Accepting request 667603 from multimedia:libs
OBS-URL: https://build.opensuse.org/request/show/667603 OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/libcaca?expand=0&rev=41
This commit is contained in:
commit
1f5def3be1
35
Bug1120502-add_cast_to_prevent_overflow.patch
Normal file
35
Bug1120502-add_cast_to_prevent_overflow.patch
Normal file
@ -0,0 +1,35 @@
|
||||
Author: Josef Möllers <jmoellers@suse.de>
|
||||
Index: libcaca-da28e9684ef445ac8d42745644336b8a75c01855/caca/dither.c
|
||||
===================================================================
|
||||
--- libcaca-da28e9684ef445ac8d42745644336b8a75c01855.orig/caca/dither.c
|
||||
+++ libcaca-da28e9684ef445ac8d42745644336b8a75c01855/caca/dither.c
|
||||
@@ -991,10 +991,10 @@ int caca_dither_bitmap(caca_canvas_t *cv
|
||||
/* First get RGB */
|
||||
if(d->antialias)
|
||||
{
|
||||
- fromx = (x - x1) * w / deltax;
|
||||
- fromy = (y - y1) * h / deltay;
|
||||
- tox = (x - x1 + 1) * w / deltax;
|
||||
- toy = (y - y1 + 1) * h / deltay;
|
||||
+ fromx = (uint64_t)(x - x1) * w / deltax;
|
||||
+ fromy = (uint64_t)(y - y1) * h / deltay;
|
||||
+ tox = (uint64_t)(x - x1 + 1) * w / deltax;
|
||||
+ toy = (uint64_t)(y - y1 + 1) * h / deltay;
|
||||
|
||||
/* We want at least one pixel */
|
||||
if(tox == fromx) tox++;
|
||||
@@ -1017,10 +1017,10 @@ int caca_dither_bitmap(caca_canvas_t *cv
|
||||
}
|
||||
else
|
||||
{
|
||||
- fromx = (x - x1) * w / deltax;
|
||||
- fromy = (y - y1) * h / deltay;
|
||||
- tox = (x - x1 + 1) * w / deltax;
|
||||
- toy = (y - y1 + 1) * h / deltay;
|
||||
+ fromx = (uint64_t)(x - x1) * w / deltax;
|
||||
+ fromy = (uint64_t)(y - y1) * h / deltay;
|
||||
+ tox = (uint64_t)(x - x1 + 1) * w / deltax;
|
||||
+ toy = (uint64_t)(y - y1 + 1) * h / deltay;
|
||||
|
||||
/* tox and toy can overflow the canvas, but they cannot overflow
|
||||
* when averaged with fromx and fromy because these are guaranteed
|
27
libcaca-variable-type.patch
Normal file
27
libcaca-variable-type.patch
Normal file
@ -0,0 +1,27 @@
|
||||
Author: Josef Möllers <jmoellers@suse.de>
|
||||
Index: libcaca-da28e9684ef445ac8d42745644336b8a75c01855/src/common-image.h
|
||||
===================================================================
|
||||
--- libcaca-da28e9684ef445ac8d42745644336b8a75c01855.orig/src/common-image.h
|
||||
+++ libcaca-da28e9684ef445ac8d42745644336b8a75c01855/src/common-image.h
|
||||
@@ -13,7 +13,7 @@
|
||||
struct image
|
||||
{
|
||||
char *pixels;
|
||||
- unsigned int w, h;
|
||||
+ size_t w, h;
|
||||
struct caca_dither *dither;
|
||||
void *priv;
|
||||
};
|
||||
Index: libcaca-da28e9684ef445ac8d42745644336b8a75c01855/caca/dither.c
|
||||
===================================================================
|
||||
--- libcaca-da28e9684ef445ac8d42745644336b8a75c01855.orig/caca/dither.c
|
||||
+++ libcaca-da28e9684ef445ac8d42745644336b8a75c01855/caca/dither.c
|
||||
@@ -116,7 +116,7 @@ enum color_mode
|
||||
struct caca_dither
|
||||
{
|
||||
int bpp, has_palette, has_alpha;
|
||||
- int w, h, pitch;
|
||||
+ size_t w, h, pitch;
|
||||
int rmask, gmask, bmask, amask;
|
||||
int rright, gright, bright, aright;
|
||||
int rleft, gleft, bleft, aleft;
|
@ -1,3 +1,28 @@
|
||||
-------------------------------------------------------------------
|
||||
Mon Jan 21 13:01:52 UTC 2019 - josef.moellers@suse.com
|
||||
|
||||
- Cast intermediate results to 64 bits to prevent overflow of
|
||||
calculations with 32-bit quentities.
|
||||
[CVE-2018-20544, bsc#1120502,
|
||||
Bug1120502-add_cast_to_prevent_overflow.patch]
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Mon Jan 21 12:39:30 UTC 2019 - josef.moellers@suse.com
|
||||
|
||||
- Fix the size of width and height to be of size_t rather than
|
||||
int in struct caca_dither. Re-using existing patch.
|
||||
[CVE-2018-20546, bsc#1120503, CVE-2018-20547,
|
||||
bsc#1120504, libcaca-variable-type.patch]
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Tue Jan 15 15:03:38 UTC 2019 - josef.moellers@suse.com
|
||||
|
||||
- Fix the size of width and height to be of size_t rather than
|
||||
unsigned int which may be too small on 64 bit architectures.
|
||||
This fixes three CVS and associated bugs.
|
||||
[CVE-2018-20545, bsc#1120584, CVE-2018-20548, bsc#1120589,
|
||||
CVE-2018-20549, bsc#1120470, libcaca-variable-type.patch]
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Tue Jan 30 11:03:56 UTC 2018 - davejplater@gmail.com
|
||||
|
||||
|
@ -1,7 +1,7 @@
|
||||
#
|
||||
# spec file for package libcaca
|
||||
#
|
||||
# Copyright (c) 2018 SUSE LINUX GmbH, Nuernberg, Germany.
|
||||
# Copyright (c) 2019 SUSE LINUX GmbH, Nuernberg, Germany.
|
||||
#
|
||||
# All modifications and additions to the file contributed by third parties
|
||||
# remain the property of their copyright owners, unless otherwise agreed
|
||||
@ -35,6 +35,8 @@ Patch5: libcaca-ruby_vendor_install.patch
|
||||
Patch7: libcaca-0.99.beta16-missing-GLU.patch
|
||||
Patch9: caca-no-build-date.patch
|
||||
Patch10: libcaca-ncurses6.patch
|
||||
Patch11: libcaca-variable-type.patch
|
||||
Patch12: Bug1120502-add_cast_to_prevent_overflow.patch
|
||||
BuildRequires: doxygen
|
||||
BuildRequires: fdupes
|
||||
BuildRequires: freeglut-devel
|
||||
@ -136,6 +138,8 @@ drawing, triangle filling and sprite blitting.
|
||||
%patch9
|
||||
%patch1
|
||||
%patch10 -p1
|
||||
%patch11 -p1
|
||||
%patch12 -p1
|
||||
RUBY="ruby-`echo %{rb_ver} | sed 's|\.[^\.]*$||'`"
|
||||
find . -type f -exec sed -i "s|ruby-1.9|$RUBY|" \{\} \;
|
||||
pushd python
|
||||
|
Loading…
Reference in New Issue
Block a user