Date: Sunday, May 23, 2021 @ 19:12:37 Author: heftig Revision: 943517
0.99.beta19-5: partially fix FS#70520 Added: lib32-libcaca/trunk/57.patch Modified: lib32-libcaca/trunk/PKGBUILD ----------+ 57.patch | 59 +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ PKGBUILD | 14 ++++++++++---- 2 files changed, 69 insertions(+), 4 deletions(-) Added: 57.patch =================================================================== --- 57.patch (rev 0) +++ 57.patch 2021-05-23 19:12:37 UTC (rev 943517) @@ -0,0 +1,59 @@ +From 148437fc418bcfe521f61213cf3917f3992c7088 Mon Sep 17 00:00:00 2001 +From: Josef Moellers <jmoell...@suse.de> +Date: Thu, 22 Apr 2021 12:02:19 +0200 +Subject: [PATCH] Handle sprintf() appending a NUL byte [issues 53 and 54] + +--- + caca/codec/export.c | 24 ++++++++++++++---------- + 1 file changed, 14 insertions(+), 10 deletions(-) + +diff --git a/caca/codec/export.c b/caca/codec/export.c +index 7f7c4422..250ea2b1 100644 +--- a/caca/codec/export.c ++++ b/caca/codec/export.c +@@ -944,21 +944,21 @@ static void *export_tga(caca_canvas_t const *cv, size_t *bytes) + cur = data = malloc(*bytes); + + /* ID Length */ +- cur += sprintf(cur, "%c", 0); ++ *cur++ = 0; + /* Color Map Type: no colormap */ +- cur += sprintf(cur, "%c", 0); ++ *cur++ = 0; + /* Image Type: uncompressed truecolor */ +- cur += sprintf(cur, "%c", 2); ++ *cur++ = 2; + /* Color Map Specification: no color map */ + memset(cur, 0, 5); cur += 5; + + /* Image Specification */ +- cur += sprintf(cur, "%c%c", 0, 0); /* X Origin */ +- cur += sprintf(cur, "%c%c", 0, 0); /* Y Origin */ +- cur += sprintf(cur, "%c%c", w & 0xff, w >> 8); /* Width */ +- cur += sprintf(cur, "%c%c", h & 0xff, h >> 8); /* Height */ +- cur += sprintf(cur, "%c", 32); /* Pixel Depth */ +- cur += sprintf(cur, "%c", 40); /* Image Descriptor */ ++ *cur++ = 0; *cur++ = 0; /* X Origin */ ++ *cur++ = 0; *cur++ = 0; /* Y Origin */ ++ *cur++ = w & 0xff; *cur++ = w >> 8; /* Width */ ++ *cur++ = h & 0xff; *cur++ = h >> 8; /* Height */ ++ *cur++ = 32; /* Pixel Depth */ ++ *cur++ = 40; /* Image Descriptor */ + + /* Image ID: no ID */ + /* Color Map Data: no colormap */ +@@ -995,9 +995,13 @@ static void *export_troff(caca_canvas_t const *cv, size_t *bytes) + * + 4 bytes = 33 + * Each line has a \n (1) and maybe 0xc2 0xa0 (2) + * Header has .nf\n (3) ++ * Kludge alert: ++ * The sprintf functions all append a NUL byte, so ++ * add one byte for any terminating NUL byte, ++ * but don't tell the caller. + */ + *bytes = 3 + cv->height * 3 + (cv->width * cv->height * 33); +- cur = data = malloc(*bytes); ++ cur = data = malloc(*bytes + 1); /* Add space for a terminating NUL byte */ + + cur += sprintf(cur, ".nf\n"); + Modified: PKGBUILD =================================================================== --- PKGBUILD 2021-05-23 19:10:03 UTC (rev 943516) +++ PKGBUILD 2021-05-23 19:12:37 UTC (rev 943517) @@ -4,7 +4,7 @@ pkgname=lib32-libcaca pkgver=0.99.beta19 -pkgrel=4 +pkgrel=5 pkgdesc="Color AsCii Art library (32-bit)" url="http://caca.zoy.org/wiki/libcaca"; arch=(x86_64) @@ -12,8 +12,10 @@ depends=(lib32-imlib2 libcaca) makedepends=(git) _commit=caae67dce5d72ceceac79468bed47b58ea8e4a29 # tags/v0.99.beta19 -source=("git+https://github.com/cacalabs/libcaca#commit=$_commit";) -sha256sums=('SKIP') +source=("git+https://github.com/cacalabs/libcaca#commit=$_commit"; + 57.patch) +sha256sums=('SKIP' + 'ece7dc2cf7e0252a88ff943ec0851c19aeeab5d20b26396984810524347ea38a') pkgver() { cd libcaca @@ -27,6 +29,10 @@ # https://bugs.archlinux.org/task/70053 git cherry-pick -n 46b4ea7c e4968ba6 + # CVE-2021-30498 CVE-2021-30499 + # https://bugs.archlinux.org/task/70520 + git apply -3 ../57.patch + # Fix up version sed -i '/^AC_INIT/s/beta19pre/beta19/;/^LT_MICRO=/s/18/19/' configure.ac @@ -67,4 +73,4 @@ install -Dt "$pkgdir/usr/share/licenses/$pkgname" -m644 COPYING } -# vim:set sw=2 noet: +# vim:set sw=2 et:
