Hello community, here is the log from the commit of package libcaca for openSUSE:Leap:15.2 checked in at 2020-03-17 04:15:19 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Leap:15.2/libcaca (Old) and /work/SRC/openSUSE:Leap:15.2/.libcaca.new.3160 (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "libcaca" Tue Mar 17 04:15:19 2020 rev:23 rq:784755 version:0.99.beta19.git20171003 Changes: -------- --- /work/SRC/openSUSE:Leap:15.2/libcaca/libcaca.changes 2020-01-15 15:19:11.334367957 +0100 +++ /work/SRC/openSUSE:Leap:15.2/.libcaca.new.3160/libcaca.changes 2020-03-17 04:15:27.552970239 +0100 @@ -2 +2 @@ -Tue Jan 22 09:24:31 UTC 2019 - josef.moell...@suse.com +Tue Mar 10 15:20:55 UTC 2020 - Josef Möllers <josef.moell...@suse.com> @@ -4,3 +4,22 @@ -- Prevent overflow of arithmetic of large (unsigned) ints by - * declaring fields as size_t - * casting intermediate results to uint64_t +- The contents of libcaca-prevent-overflow.patch + have been moved to Bug1120502-add_cast_to_prevent_overflow.patch + and libcaca-variable-type.patch + [libcaca-prevent-overflow.patch] + +------------------------------------------------------------------- +Wed Feb 26 16:47:50 UTC 2020 - Илья Индиго <i...@ilya.pp.ua> + +- Refresh spec-file via spec-cleaner. +- Add Requires:toilet for caca-utils, because need for cacaclock. + +------------------------------------------------------------------- +Thu Aug 1 09:46:57 UTC 2019 - Michel Normand <norm...@linux.vnet.ibm.com> + +- Add Bug1143286_libcaca_configure_ac_chg_for_lto.patch + bypass boo#1143286 + +------------------------------------------------------------------- +Mon Jan 21 13:01:52 UTC 2019 - josef.moell...@suse.com + +- Cast intermediate results to 64 bits to prevent overflow of + calculations with 32-bit quentities. @@ -8,6 +27,18 @@ - CVE-2018-20545, bsc#1120584, - CVE-2018-20546, bsc#1120503, - CVE-2018-20547, bsc#1120504, - CVE-2018-20548, bsc#1120589, - CVE-2018-20549, bsc#1120470, - libcaca-prevent-overflow.patch] + Bug1120502-add_cast_to_prevent_overflow.patch] + +------------------------------------------------------------------- +Mon Jan 21 12:39:30 UTC 2019 - josef.moell...@suse.com + +- Fix the size of width and height to be of size_t rather than + int in struct caca_dither. Re-using existing patch. + [CVE-2018-20546, bsc#1120503, CVE-2018-20547, + bsc#1120504, libcaca-variable-type.patch] + +------------------------------------------------------------------- +Tue Jan 15 15:03:38 UTC 2019 - josef.moell...@suse.com + +- Fix the size of width and height to be of size_t rather than + unsigned int which may be too small on 64 bit architectures. + This fixes three CVS and associated bugs. + [CVE-2018-20545, bsc#1120584, CVE-2018-20548, bsc#1120589, + CVE-2018-20549, bsc#1120470, libcaca-variable-type.patch] Old: ---- libcaca-prevent-overflow.patch New: ---- Bug1120502-add_cast_to_prevent_overflow.patch Bug1143286_libcaca_configure_ac_chg_for_lto.patch libcaca-variable-type.patch ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ libcaca.spec ++++++ --- /var/tmp/diff_new_pack.obfg48/_old 2020-03-17 04:15:28.084970547 +0100 +++ /var/tmp/diff_new_pack.obfg48/_new 2020-03-17 04:15:28.088970550 +0100 @@ -1,7 +1,7 @@ # # spec file for package libcaca # -# Copyright (c) 2018 SUSE LINUX GmbH, Nuernberg, Germany. +# Copyright (c) 2020 SUSE LLC # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed @@ -12,20 +12,19 @@ # license that conforms to the Open Source Definition (Version 1.9) # published by the Open Source Initiative. -# Please submit bugfixes or comments via http://bugs.opensuse.org/ +# Please submit bugfixes or comments via https://bugs.opensuse.org/ # # %define _rev da28e9684ef445ac8d42745644336b8a75c01855 - Name: libcaca Version: 0.99.beta19.git20171003 Release: 0 Summary: Library for Colour ASCII Art, text mode graphics License: WTFPL Group: Development/Languages/C and C++ -Url: http://caca.zoy.org/ +URL: http://caca.zoy.org Source0: https://github.com/cacalabs/%{name}/archive/%{_rev}.tar.gz#/%{name}-%{version}.tar.gz Source1: baselibs.conf Patch1: libcaca-0.99-texbuild.patch @@ -35,7 +34,9 @@ Patch7: libcaca-0.99.beta16-missing-GLU.patch Patch9: caca-no-build-date.patch Patch10: libcaca-ncurses6.patch -Patch11: libcaca-prevent-overflow.patch +Patch11: libcaca-variable-type.patch +Patch12: Bug1120502-add_cast_to_prevent_overflow.patch +Patch13: Bug1143286_libcaca_configure_ac_chg_for_lto.patch BuildRequires: doxygen BuildRequires: fdupes BuildRequires: freeglut-devel @@ -112,6 +113,7 @@ Summary: Colour ASCII Art Text mode graphics utilities based on libcaca Group: Amusements/Toys/Graphics Requires: imlib2-loaders +Requires: toilet %description -n caca-utils This package contains utilities and demonstration programs for libcaca, @@ -138,6 +140,8 @@ %patch1 %patch10 -p1 %patch11 -p1 +%patch12 -p1 +%patch13 -p1 RUBY="ruby-`echo %{rb_ver} | sed 's|\.[^\.]*$||'`" find . -type f -exec sed -i "s|ruby-1.9|$RUBY|" \{\} \; pushd python @@ -163,7 +167,7 @@ --enable-plugins \ --enable-java=no \ --enable-python -make %{?_smp_mflags} V=1 +%make_build %install %make_install @@ -191,7 +195,7 @@ %{_bindir}/caca-config %{_libdir}/pkgconfig/*.pc %{_includedir}/* -%{_mandir}/man1/caca-config.1* +%{_mandir}/man1/caca-config.1%{?ext_man} %{_mandir}/man3/* %files ruby @@ -217,11 +221,11 @@ %{_bindir}/cacaserver %{_bindir}/img2txt %{_datadir}/libcaca -%{_mandir}/man1/cacademo.1* -%{_mandir}/man1/cacafire.1* -%{_mandir}/man1/cacaview.1* -%{_mandir}/man1/cacaplay.1* -%{_mandir}/man1/cacaserver.1* -%{_mandir}/man1/img2txt.1* +%{_mandir}/man1/cacademo.1%{?ext_man} +%{_mandir}/man1/cacafire.1%{?ext_man} +%{_mandir}/man1/cacaview.1%{?ext_man} +%{_mandir}/man1/cacaplay.1%{?ext_man} +%{_mandir}/man1/cacaserver.1%{?ext_man} +%{_mandir}/man1/img2txt.1%{?ext_man} %changelog ++++++ Bug1120502-add_cast_to_prevent_overflow.patch ++++++ Author: Josef Möllers <jmoell...@suse.de> Index: libcaca-da28e9684ef445ac8d42745644336b8a75c01855/caca/dither.c =================================================================== --- libcaca-da28e9684ef445ac8d42745644336b8a75c01855.orig/caca/dither.c +++ libcaca-da28e9684ef445ac8d42745644336b8a75c01855/caca/dither.c @@ -991,10 +991,10 @@ int caca_dither_bitmap(caca_canvas_t *cv /* First get RGB */ if(d->antialias) { - fromx = (x - x1) * w / deltax; - fromy = (y - y1) * h / deltay; - tox = (x - x1 + 1) * w / deltax; - toy = (y - y1 + 1) * h / deltay; + fromx = (uint64_t)(x - x1) * w / deltax; + fromy = (uint64_t)(y - y1) * h / deltay; + tox = (uint64_t)(x - x1 + 1) * w / deltax; + toy = (uint64_t)(y - y1 + 1) * h / deltay; /* We want at least one pixel */ if(tox == fromx) tox++; @@ -1017,10 +1017,10 @@ int caca_dither_bitmap(caca_canvas_t *cv } else { - fromx = (x - x1) * w / deltax; - fromy = (y - y1) * h / deltay; - tox = (x - x1 + 1) * w / deltax; - toy = (y - y1 + 1) * h / deltay; + fromx = (uint64_t)(x - x1) * w / deltax; + fromy = (uint64_t)(y - y1) * h / deltay; + tox = (uint64_t)(x - x1 + 1) * w / deltax; + toy = (uint64_t)(y - y1 + 1) * h / deltay; /* tox and toy can overflow the canvas, but they cannot overflow * when averaged with fromx and fromy because these are guaranteed ++++++ Bug1143286_libcaca_configure_ac_chg_for_lto.patch ++++++ From: Michel Normand <norm...@linux.vnet.ibm.com> Subject: Bug1143286 libcaca configure ac chg for lto Date: Thu, 01 Aug 2019 11:43:35 +0200 Bug1143286 libcaca configure ac chg for lto bypass to avoid PowerPC/ARM build failures now that LTO is default build option for openSUSE. Signed-off-by: Michel Normand <norm...@linux.vnet.ibm.com> --- configure.ac | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) Index: libcaca-da28e9684ef445ac8d42745644336b8a75c01855/configure.ac =================================================================== --- libcaca-da28e9684ef445ac8d42745644336b8a75c01855.orig/configure.ac +++ libcaca-da28e9684ef445ac8d42745644336b8a75c01855/configure.ac @@ -145,13 +145,13 @@ AC_TRY_COMPILE([#include <windows.h>],[S [AC_MSG_RESULT(no)]) AC_MSG_CHECKING(for fsin/fcos) -AC_TRY_COMPILE([],[double x; asm volatile("fsin; fcos":"=t"(x):);], +AC_TRY_LINK([],[double x; asm volatile("fsin; fcos":"=t"(x):);], [AC_MSG_RESULT(yes) AC_DEFINE(HAVE_FSIN_FCOS, 1, [Define to 1 if you have the ‘fsin’ and ‘fcos’ instructions.])], [AC_MSG_RESULT(no)]) AC_MSG_CHECKING(for fldln2/fxch/fyl2x) -AC_TRY_COMPILE([],[double x; asm volatile("fldln2; fldln2; fxch; fyl2x":"=t"(x):);], +AC_TRY_LINK([],[double x; asm volatile("fldln2; fldln2; fxch; fyl2x":"=t"(x):);], [AC_MSG_RESULT(yes) AC_DEFINE(HAVE_FLDLN2, 1, [Define to 1 if you have the ‘fldln2’ and other floating point instructions.])], [AC_MSG_RESULT(no)]) ++++++ libcaca-variable-type.patch ++++++ Author: Josef Möllers <jmoell...@suse.de> Index: libcaca-da28e9684ef445ac8d42745644336b8a75c01855/src/common-image.h =================================================================== --- libcaca-da28e9684ef445ac8d42745644336b8a75c01855.orig/src/common-image.h +++ libcaca-da28e9684ef445ac8d42745644336b8a75c01855/src/common-image.h @@ -13,7 +13,7 @@ struct image { char *pixels; - unsigned int w, h; + size_t w, h; struct caca_dither *dither; void *priv; }; Index: libcaca-da28e9684ef445ac8d42745644336b8a75c01855/caca/dither.c =================================================================== --- libcaca-da28e9684ef445ac8d42745644336b8a75c01855.orig/caca/dither.c +++ libcaca-da28e9684ef445ac8d42745644336b8a75c01855/caca/dither.c @@ -116,7 +116,7 @@ enum color_mode struct caca_dither { int bpp, has_palette, has_alpha; - int w, h, pitch; + size_t w, h, pitch; int rmask, gmask, bmask, amask; int rright, gright, bright, aright; int rleft, gleft, bleft, aleft;
