Balló György pushed to branch main at Arch Linux / Packaging / Packages /
libcaca
Commits:
b8243d9e by Balló György at 2024-04-19T00:49:56+02:00
upgpkg: 0.99.beta20-4: Apply a security fix
- - - - -
3 changed files:
- .SRCINFO
- PKGBUILD
- + libcaca-0.99.beta20-CVE-2022-0856.patch
Changes:
=====================================
.SRCINFO
=====================================
@@ -1,7 +1,7 @@
pkgbase = libcaca
pkgdesc = Color ASCII art library
pkgver = 0.99.beta20
- pkgrel = 3
+ pkgrel = 4
url = http://caca.zoy.org/wiki/libcaca
arch = x86_64
license = WTFPL
@@ -20,6 +20,8 @@ pkgbase = libcaca
depends = zlib
optdepends = python: Python bindings
source =
https://github.com/cacalabs/libcaca/releases/download/v0.99.beta20/libcaca-0.99.beta20.tar.bz2
+ source = libcaca-0.99.beta20-CVE-2022-0856.patch
sha256sums =
ff9aa641af180a59acedc7fc9e663543fb397ff758b5122093158fd628125ac1
+ sha256sums =
242308d530e20f018c1a275a90c0697b107bf2bfd28e928610bbbe80707bdeef
pkgname = libcaca
=====================================
PKGBUILD
=====================================
@@ -4,7 +4,7 @@
pkgname=libcaca
pkgver=0.99.beta20
-pkgrel=3
+pkgrel=4
pkgdesc='Color ASCII art library'
arch=('x86_64')
url='http://caca.zoy.org/wiki/libcaca'
@@ -12,8 +12,17 @@ license=('WTFPL')
depends=('freeglut' 'gcc-libs' 'glibc' 'glu' 'imlib2' 'libglvnd' 'libx11'
'ncurses' 'slang' 'zlib')
makedepends=('doxygen' 'pango' 'python')
optdepends=('python: Python bindings')
-source=("https://github.com/cacalabs/libcaca/releases/download/v$pkgver/$pkgname-$pkgver.tar.bz2";)
-sha256sums=('ff9aa641af180a59acedc7fc9e663543fb397ff758b5122093158fd628125ac1')
+source=("https://github.com/cacalabs/libcaca/releases/download/v$pkgver/$pkgname-$pkgver.tar.bz2";
+ 'libcaca-0.99.beta20-CVE-2022-0856.patch')
+sha256sums=('ff9aa641af180a59acedc7fc9e663543fb397ff758b5122093158fd628125ac1'
+ '242308d530e20f018c1a275a90c0697b107bf2bfd28e928610bbbe80707bdeef')
+
+prepare() {
+ cd $pkgname-$pkgver
+ # Prevent a divide-by-zero by checking for a zero width or height
+ # https://github.com/cacalabs/libcaca/pull/66
+ patch -Np1 -i ../libcaca-0.99.beta20-CVE-2022-0856.patch
+}
build() {
cd $pkgname-$pkgver
=====================================
libcaca-0.99.beta20-CVE-2022-0856.patch
=====================================
@@ -0,0 +1,38 @@
+From d33a9ca2b7e9f32483c1aee4c3944c56206d456b Mon Sep 17 00:00:00 2001
+From: Josef Moellers <jmoell...@suse.de>
+Date: Fri, 18 Mar 2022 11:52:22 +0100
+Subject: [PATCH] Prevent a divide-by-zero by checking for a zero width or
+ height.
+
+---
+ src/img2txt.c | 10 ++++++++--
+ 1 file changed, 8 insertions(+), 2 deletions(-)
+
+diff --git a/src/img2txt.c b/src/img2txt.c
+index b8a25899..b9d5ba24 100644
+--- a/src/img2txt.c
++++ b/src/img2txt.c
+@@ -177,7 +177,13 @@ int main(int argc, char **argv)
+ }
+
+ /* Assume a 6×10 font */
+- if(!cols && !lines)
++ if(!i->w || !i->h)
++ {
++ fprintf(stderr, "%s: image size is 0\n", argv[0]);
++ lines = 0;
++ cols = 0;
++ }
++ else if(!cols && !lines)
+ {
+ cols = 60;
+ lines = cols * i->h * font_width / i->w / font_height;
+@@ -214,7 +220,7 @@ int main(int argc, char **argv)
+ export = caca_export_canvas_to_memory(cv, format?format:"ansi", &len);
+ if(!export)
+ {
+- fprintf(stderr, "%s: Can't export to format '%s'\n", argv[0], format);
++ fprintf(stderr, "%s: Can't export to format '%s'\n", argv[0],
format?format:"ansi");
+ }
+ else
+ {
View it on GitLab:
https://gitlab.archlinux.org/archlinux/packaging/packages/libcaca/-/commit/b8243d9e4d17e7166b33259f050bd5b3b97bee39
--
This project does not include diff previews in email notifications.
View it on GitLab:
https://gitlab.archlinux.org/archlinux/packaging/packages/libcaca/-/commit/b8243d9e4d17e7166b33259f050bd5b3b97bee39
You're receiving this email because of your account on gitlab.archlinux.org.
