Accepting request 973093 from multimedia:libs

OBS-URL: https://build.opensuse.org/request/show/973093 OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/libcaca?expand=0&rev=48
2022-04-29 22:44:35 +00:00 · 2022-04-29 22:44:35 +00:00 · 830d5778be
commit 830d5778be
parent dc26f183f6 e3eaf92ca6
3 changed files with 41 additions and 1 deletions
--- a/bsc1197028-correctly-handle-zero-width-or-height-images.patch
+++ b/bsc1197028-correctly-handle-zero-width-or-height-images.patch
@ -0,0 +1,28 @@
+Index: libcaca-da28e9684ef445ac8d42745644336b8a75c01855/src/img2txt.c
+===================================================================
+--- libcaca-da28e9684ef445ac8d42745644336b8a75c01855.orig/src/img2txt.c
+++ libcaca-da28e9684ef445ac8d42745644336b8a75c01855/src/img2txt.c
+@@ -177,7 +177,13 @@ int main(int argc, char **argv)
+     }
+ 
+     /* Assume a 6×10 font */
+-    if(!cols && !lines)
+    if(!i->w || !i->h)
+    {
+	fprintf(stderr, "%s: image size is 0\n", argv[0]);
+        lines = 0;
+	cols = 0;
+    }
+    else if(!cols && !lines)
+     {
+         cols = 60;
+         lines = cols * i->h * font_width / i->w / font_height;
+@@ -214,7 +220,7 @@ int main(int argc, char **argv)
+     export = caca_export_canvas_to_memory(cv, format?format:"ansi", &len);
+     if(!export)
+     {
+-        fprintf(stderr, "%s: Can't export to format '%s'\n", argv[0], format);
+        fprintf(stderr, "%s: Can't export to format '%s'\n", argv[0], format?format:"ansi");
+     }
+     else
+     {
--- a/libcaca.changes
+++ b/libcaca.changes
@ -1,3 +1,12 @@
+-------------------------------------------------------------------
+Mon Mar 14 13:36:16 UTC 2022 - Josef Möllers <josef.moellers@suse.com>
+
+- When a zero-width or zero-height image is given, a divide-by-zero
+  occurs. This patch checks for this and produces a zero-sized
+  output.
+  [bsc1197028-correctly-handle-zero-width-or-height-images.patch,
+   CVE-2022-0856, bsc#1197028]
+
 -------------------------------------------------------------------
 Fri Apr 16 15:57:48 UTC 2021 - Josef Möllers <josef.moellers@suse.com>

--- a/libcaca.spec
+++ b/libcaca.spec
@ -1,7 +1,7 @@
 #
 # spec file for package libcaca
 #
-# Copyright (c) 2021 SUSE LLC
+# Copyright (c) 2022 SUSE LLC
 #
 # All modifications and additions to the file contributed by third parties
 # remain the property of their copyright owners, unless otherwise agreed
@ -39,6 +39,8 @@ Patch12:        Bug1120502-add_cast_to_prevent_overflow.patch
 Patch13:        Bug1143286_libcaca_configure_ac_chg_for_lto.patch
 Patch14:        libcaca-bsc1182731-prevent-overflow.patch
 Patch99:        bsc1184751-add-space-for-NUL-byte.patch
+# PATCH-FIX-UPSTREAM correctly-handle-zero-width-or-height-images.patch bsc#1197028
+Patch100:       bsc1197028-correctly-handle-zero-width-or-height-images.patch
 BuildRequires:  doxygen
 BuildRequires:  fdupes
 BuildRequires:  freeglut-devel
@ -146,6 +148,7 @@ drawing, triangle filling and sprite blitting.
 %patch13 -p1
 %patch14 -p1
 %patch99 -p1
+%patch100 -p1
 RUBY="ruby-`echo %{rb_ver} | sed 's|\.[^\.]*$||'`"
 find . -type f -exec sed -i "s|ruby-1.9|$RUBY|" \{\} \;
 pushd python