pool/libcaca
SHA256
2
0
Fork 1
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Accepting request 667600 from home:jmoellers:branches:multimedia:libs

Browse Source 
OBS-URL: https://build.opensuse.org/request/show/667600
OBS-URL: https://build.opensuse.org/package/show/multimedia:libs/libcaca?expand=0&rev=48
This commit is contained in:
Takashi Iwai 2019-01-21 13:37:29 +00:00 committed by Git OBS Bridge
parent be09a9a7cb
commit 5553c4c7ce
4 changed files with 67 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

35
Bug1120502-add_cast_to_prevent_overflow.patch Normal file
View File

@ -0,0 +1,35 @@
Author: Josef Möllers <jmoellers@suse.de>
Index: libcaca-da28e9684ef445ac8d42745644336b8a75c01855/caca/dither.c
===================================================================
--- libcaca-da28e9684ef445ac8d42745644336b8a75c01855.orig/caca/dither.c
+++ libcaca-da28e9684ef445ac8d42745644336b8a75c01855/caca/dither.c
@@ -991,10 +991,10 @@ int caca_dither_bitmap(caca_canvas_t *cv
/* First get RGB */
if(d->antialias)
{
- fromx = (x - x1) * w / deltax;
- fromy = (y - y1) * h / deltay;
- tox = (x - x1 + 1) * w / deltax;
- toy = (y - y1 + 1) * h / deltay;
+ fromx = (uint64_t)(x - x1) * w / deltax;
+ fromy = (uint64_t)(y - y1) * h / deltay;
+ tox = (uint64_t)(x - x1 + 1) * w / deltax;
+ toy = (uint64_t)(y - y1 + 1) * h / deltay;
/* We want at least one pixel */
if(tox == fromx) tox++;
@@ -1017,10 +1017,10 @@ int caca_dither_bitmap(caca_canvas_t *cv
}
else
{
- fromx = (x - x1) * w / deltax;
- fromy = (y - y1) * h / deltay;
- tox = (x - x1 + 1) * w / deltax;
- toy = (y - y1 + 1) * h / deltay;
+ fromx = (uint64_t)(x - x1) * w / deltax;
+ fromy = (uint64_t)(y - y1) * h / deltay;
+ tox = (uint64_t)(x - x1 + 1) * w / deltax;
+ toy = (uint64_t)(y - y1 + 1) * h / deltay;
/* tox and toy can overflow the canvas, but they cannot overflow
* when averaged with fromx and fromy because these are guaranteed

14
libcaca-variable-type.patch
View File

@ -1,3 +1,4 @@
Author: Josef Möllers <jmoellers@suse.de>
Index: libcaca-da28e9684ef445ac8d42745644336b8a75c01855/src/common-image.h Index: libcaca-da28e9684ef445ac8d42745644336b8a75c01855/src/common-image.h
=================================================================== ===================================================================
--- libcaca-da28e9684ef445ac8d42745644336b8a75c01855.orig/src/common-image.h --- libcaca-da28e9684ef445ac8d42745644336b8a75c01855.orig/src/common-image.h
@ -11,3 +12,16 @@ Index: libcaca-da28e9684ef445ac8d42745644336b8a75c01855/src/common-image.h
struct caca_dither *dither; struct caca_dither *dither;
void *priv; void *priv;
}; };
Index: libcaca-da28e9684ef445ac8d42745644336b8a75c01855/caca/dither.c
===================================================================
--- libcaca-da28e9684ef445ac8d42745644336b8a75c01855.orig/caca/dither.c
+++ libcaca-da28e9684ef445ac8d42745644336b8a75c01855/caca/dither.c
@@ -116,7 +116,7 @@ enum color_mode
struct caca_dither
{
int bpp, has_palette, has_alpha;
- int w, h, pitch;
+ size_t w, h, pitch;
int rmask, gmask, bmask, amask;
int rright, gright, bright, aright;
int rleft, gleft, bleft, aleft;

16
libcaca.changes
View File

@ -1,3 +1,19 @@
-------------------------------------------------------------------
Mon Jan 21 13:01:52 UTC 2019 - josef.moellers@suse.com
- Cast intermediate results to 64 bits to prevent overflow of
calculations with 32-bit quentities.
[CVE-2018-20544, bsc#1120502,
Bug1120502-add_cast_to_prevent_overflow.patch]
-------------------------------------------------------------------
Mon Jan 21 12:39:30 UTC 2019 - josef.moellers@suse.com
- Fix the size of width and height to be of size_t rather than
int in struct caca_dither. Re-using existing patch.
[CVE-2018-20546, bsc#1120503, CVE-2018-20547,
bsc#1120504, libcaca-variable-type.patch]
------------------------------------------------------------------- -------------------------------------------------------------------
Tue Jan 15 15:03:38 UTC 2019 - josef.moellers@suse.com Tue Jan 15 15:03:38 UTC 2019 - josef.moellers@suse.com

2
libcaca.spec
View File

@ -36,6 +36,7 @@ Patch7: libcaca-0.99.beta16-missing-GLU.patch
Patch9: caca-no-build-date.patch Patch9: caca-no-build-date.patch
Patch10: libcaca-ncurses6.patch Patch10: libcaca-ncurses6.patch
Patch11: libcaca-variable-type.patch Patch11: libcaca-variable-type.patch
Patch12: Bug1120502-add_cast_to_prevent_overflow.patch
BuildRequires: doxygen BuildRequires: doxygen
BuildRequires: fdupes BuildRequires: fdupes
BuildRequires: freeglut-devel BuildRequires: freeglut-devel
@ -138,6 +139,7 @@ drawing, triangle filling and sprite blitting.
%patch1 %patch1
%patch10 -p1 %patch10 -p1
%patch11 -p1 %patch11 -p1
%patch12 -p1
RUBY="ruby-`echo %{rb_ver} | sed 's|\.[^\.]*$||'`" RUBY="ruby-`echo %{rb_ver} | sed 's|\.[^\.]*$||'`"
find . -type f -exec sed -i "s|ruby-1.9|$RUBY|" \{\} \; find . -type f -exec sed -i "s|ruby-1.9|$RUBY|" \{\} \;
pushd python pushd python