Script 'mail_helper' called by obssrc
Hello community,
here is the log from the commit of package libcaca for openSUSE:Factory checked
in at 2022-04-30 00:44:35
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:Factory/libcaca (Old)
and /work/SRC/openSUSE:Factory/.libcaca.new.1538 (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "libcaca"
Sat Apr 30 00:44:35 2022 rev:48 rq:973093 version:0.99.beta19.git20171003
Changes:
--------
--- /work/SRC/openSUSE:Factory/libcaca/libcaca.changes 2021-04-19
21:06:40.620090327 +0200
+++ /work/SRC/openSUSE:Factory/.libcaca.new.1538/libcaca.changes
2022-04-30 00:44:56.634920497 +0200
@@ -1,0 +2,9 @@
+Mon Mar 14 13:36:16 UTC 2022 - Josef M??llers <josef.moell...@suse.com>
+
+- When a zero-width or zero-height image is given, a divide-by-zero
+ occurs. This patch checks for this and produces a zero-sized
+ output.
+ [bsc1197028-correctly-handle-zero-width-or-height-images.patch,
+ CVE-2022-0856, bsc#1197028]
+
+-------------------------------------------------------------------
New:
----
bsc1197028-correctly-handle-zero-width-or-height-images.patch
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Other differences:
------------------
++++++ libcaca.spec ++++++
--- /var/tmp/diff_new_pack.Z4TOYQ/_old 2022-04-30 00:44:57.934921625 +0200
+++ /var/tmp/diff_new_pack.Z4TOYQ/_new 2022-04-30 00:44:57.938921628 +0200
@@ -1,7 +1,7 @@
#
# spec file for package libcaca
#
-# Copyright (c) 2021 SUSE LLC
+# Copyright (c) 2022 SUSE LLC
#
# All modifications and additions to the file contributed by third parties
# remain the property of their copyright owners, unless otherwise agreed
@@ -39,6 +39,8 @@
Patch13: Bug1143286_libcaca_configure_ac_chg_for_lto.patch
Patch14: libcaca-bsc1182731-prevent-overflow.patch
Patch99: bsc1184751-add-space-for-NUL-byte.patch
+# PATCH-FIX-UPSTREAM correctly-handle-zero-width-or-height-images.patch
bsc#1197028
+Patch100: bsc1197028-correctly-handle-zero-width-or-height-images.patch
BuildRequires: doxygen
BuildRequires: fdupes
BuildRequires: freeglut-devel
@@ -146,6 +148,7 @@
%patch13 -p1
%patch14 -p1
%patch99 -p1
+%patch100 -p1
RUBY="ruby-`echo %{rb_ver} | sed 's|\.[^\.]*$||'`"
find . -type f -exec sed -i "s|ruby-1.9|$RUBY|" \{\} \;
pushd python
++++++ bsc1197028-correctly-handle-zero-width-or-height-images.patch ++++++
Index: libcaca-da28e9684ef445ac8d42745644336b8a75c01855/src/img2txt.c
===================================================================
--- libcaca-da28e9684ef445ac8d42745644336b8a75c01855.orig/src/img2txt.c
+++ libcaca-da28e9684ef445ac8d42745644336b8a75c01855/src/img2txt.c
@@ -177,7 +177,13 @@ int main(int argc, char **argv)
}
/* Assume a 6??10 font */
- if(!cols && !lines)
+ if(!i->w || !i->h)
+ {
+ fprintf(stderr, "%s: image size is 0\n", argv[0]);
+ lines = 0;
+ cols = 0;
+ }
+ else if(!cols && !lines)
{
cols = 60;
lines = cols * i->h * font_width / i->w / font_height;
@@ -214,7 +220,7 @@ int main(int argc, char **argv)
export = caca_export_canvas_to_memory(cv, format?format:"ansi", &len);
if(!export)
{
- fprintf(stderr, "%s: Can't export to format '%s'\n", argv[0], format);
+ fprintf(stderr, "%s: Can't export to format '%s'\n", argv[0],
format?format:"ansi");
}
else
{
