Balló György pushed to branch main at Arch Linux / Packaging / Packages / libcaca
Commits: b8243d9e by Balló György at 2024-04-19T00:49:56+02:00 upgpkg: 0.99.beta20-4: Apply a security fix - - - - - 3 changed files: - .SRCINFO - PKGBUILD - + libcaca-0.99.beta20-CVE-2022-0856.patch Changes: ===================================== .SRCINFO ===================================== @@ -1,7 +1,7 @@ pkgbase = libcaca pkgdesc = Color ASCII art library pkgver = 0.99.beta20 - pkgrel = 3 + pkgrel = 4 url = http://caca.zoy.org/wiki/libcaca arch = x86_64 license = WTFPL @@ -20,6 +20,8 @@ pkgbase = libcaca depends = zlib optdepends = python: Python bindings source = https://github.com/cacalabs/libcaca/releases/download/v0.99.beta20/libcaca-0.99.beta20.tar.bz2 + source = libcaca-0.99.beta20-CVE-2022-0856.patch sha256sums = ff9aa641af180a59acedc7fc9e663543fb397ff758b5122093158fd628125ac1 + sha256sums = 242308d530e20f018c1a275a90c0697b107bf2bfd28e928610bbbe80707bdeef pkgname = libcaca ===================================== PKGBUILD ===================================== @@ -4,7 +4,7 @@ pkgname=libcaca pkgver=0.99.beta20 -pkgrel=3 +pkgrel=4 pkgdesc='Color ASCII art library' arch=('x86_64') url='http://caca.zoy.org/wiki/libcaca' @@ -12,8 +12,17 @@ license=('WTFPL') depends=('freeglut' 'gcc-libs' 'glibc' 'glu' 'imlib2' 'libglvnd' 'libx11' 'ncurses' 'slang' 'zlib') makedepends=('doxygen' 'pango' 'python') optdepends=('python: Python bindings') -source=("https://github.com/cacalabs/libcaca/releases/download/v$pkgver/$pkgname-$pkgver.tar.bz2") -sha256sums=('ff9aa641af180a59acedc7fc9e663543fb397ff758b5122093158fd628125ac1') +source=("https://github.com/cacalabs/libcaca/releases/download/v$pkgver/$pkgname-$pkgver.tar.bz2" + 'libcaca-0.99.beta20-CVE-2022-0856.patch') +sha256sums=('ff9aa641af180a59acedc7fc9e663543fb397ff758b5122093158fd628125ac1' + '242308d530e20f018c1a275a90c0697b107bf2bfd28e928610bbbe80707bdeef') + +prepare() { + cd $pkgname-$pkgver + # Prevent a divide-by-zero by checking for a zero width or height + # https://github.com/cacalabs/libcaca/pull/66 + patch -Np1 -i ../libcaca-0.99.beta20-CVE-2022-0856.patch +} build() { cd $pkgname-$pkgver ===================================== libcaca-0.99.beta20-CVE-2022-0856.patch ===================================== @@ -0,0 +1,38 @@ +From d33a9ca2b7e9f32483c1aee4c3944c56206d456b Mon Sep 17 00:00:00 2001 +From: Josef Moellers <jmoell...@suse.de> +Date: Fri, 18 Mar 2022 11:52:22 +0100 +Subject: [PATCH] Prevent a divide-by-zero by checking for a zero width or + height. + +--- + src/img2txt.c | 10 ++++++++-- + 1 file changed, 8 insertions(+), 2 deletions(-) + +diff --git a/src/img2txt.c b/src/img2txt.c +index b8a25899..b9d5ba24 100644 +--- a/src/img2txt.c ++++ b/src/img2txt.c +@@ -177,7 +177,13 @@ int main(int argc, char **argv) + } + + /* Assume a 6×10 font */ +- if(!cols && !lines) ++ if(!i->w || !i->h) ++ { ++ fprintf(stderr, "%s: image size is 0\n", argv[0]); ++ lines = 0; ++ cols = 0; ++ } ++ else if(!cols && !lines) + { + cols = 60; + lines = cols * i->h * font_width / i->w / font_height; +@@ -214,7 +220,7 @@ int main(int argc, char **argv) + export = caca_export_canvas_to_memory(cv, format?format:"ansi", &len); + if(!export) + { +- fprintf(stderr, "%s: Can't export to format '%s'\n", argv[0], format); ++ fprintf(stderr, "%s: Can't export to format '%s'\n", argv[0], format?format:"ansi"); + } + else + { View it on GitLab: https://gitlab.archlinux.org/archlinux/packaging/packages/libcaca/-/commit/b8243d9e4d17e7166b33259f050bd5b3b97bee39 -- This project does not include diff previews in email notifications. View it on GitLab: https://gitlab.archlinux.org/archlinux/packaging/packages/libcaca/-/commit/b8243d9e4d17e7166b33259f050bd5b3b97bee39 You're receiving this email because of your account on gitlab.archlinux.org.