initial import
This commit is contained in:
38
xcftools/PKGBUILD
Normal file
38
xcftools/PKGBUILD
Normal file
@@ -0,0 +1,38 @@
|
||||
# Maintainer: Jesus E. <heckyel@riseup.net>
|
||||
|
||||
pkgname=xcftools
|
||||
pkgver=1.0.7
|
||||
pkgrel=1
|
||||
pkgdesc="Command line tools for use with the free and libre XCF image format (includes xcf2png)"
|
||||
url='http://henning.makholm.net/software'
|
||||
arch=('i686' 'x86_64')
|
||||
license=('Public-Domain')
|
||||
depends=('libpng' 'perl')
|
||||
makedepends=('gettext-tiny')
|
||||
source=("https://security.debian.org/debian-security/pool/updates/main/x/xcftools/xcftools_${pkgver}.orig.tar.gz"
|
||||
"xcftools.patch"
|
||||
"security.patch"
|
||||
"fix-build.patch")
|
||||
sha512sums=('88af4791e18650562db259bd96bfd122364c21b7ea7a5692d4679e619667bdbcc179040a1d912c8fd623bc2d2735461da237ccde4646553b15d6072cc4493203'
|
||||
'd85529e77666b5453f61c6e48eaf5569b05ae6ab9eab5e549062385dcae67981a10efbbe4a69b9dc344daea34c5b424d6b4ac44430cf79268433da4be676bd10'
|
||||
'af952c9b1ac8b9e0a62d7329de56d63e8a3a4719adc3ac7d9c1d45fea5473705a3e0e4d883a6c9f0291a0554b1d72bcb87c45167f50e029469a81e9eceb44533'
|
||||
'cbfabf241a074bb08b2c1ec445dd79e17b8216a55def3953100c133c2e6e8b4e52e3d873f250a95488d884b5d4c4ed4b2548717d95d6b988e83fa98073f475f1')
|
||||
|
||||
prepare() {
|
||||
grep -A16 License "$pkgname-$pkgver/README" > LICENSE
|
||||
cd $pkgname-$pkgver
|
||||
patch -i "$srcdir/xcftools.patch"
|
||||
patch -i "$srcdir/security.patch"
|
||||
patch -i "$srcdir/fix-build.patch"
|
||||
}
|
||||
|
||||
build() {
|
||||
cd $pkgname-$pkgver
|
||||
./configure --prefix=/usr
|
||||
make
|
||||
}
|
||||
|
||||
package() {
|
||||
make DESTDIR="$pkgdir" -C $pkgname-$pkgver install
|
||||
install -Dm644 LICENSE -t "$pkgdir/usr/share/licenses/$pkgname"
|
||||
}
|
||||
11
xcftools/fix-build.patch
Normal file
11
xcftools/fix-build.patch
Normal file
@@ -0,0 +1,11 @@
|
||||
--- a/Makefile.in 2022-04-13 15:01:28.000000000 +0200
|
||||
+++ b/Makefile.in 2022-04-13 15:04:09.996440508 +0200
|
||||
@@ -160,7 +160,7 @@
|
||||
touch $@
|
||||
|
||||
po/%.mo: po/%.po
|
||||
- msgfmt -c -o$@ $<
|
||||
+ msgfmt -c -o $@ $<
|
||||
|
||||
po/stamp: $(patsubst %,po/%.mo,$(LINGUAS))
|
||||
if ! make -q po/$(APPNAME).pot ; then \
|
||||
61
xcftools/security.patch
Normal file
61
xcftools/security.patch
Normal file
@@ -0,0 +1,61 @@
|
||||
From 59c38e3e45b9112c2bcb4392bccf56e297854f8a Mon Sep 17 00:00:00 2001
|
||||
From: Anton Gladky <gladk@debian.org>
|
||||
Date: Sat, 23 May 2020 17:44:33 +0200
|
||||
Subject: [PATCH] Prevent integer overflow in computeDimensions. #12
|
||||
|
||||
Fix for CVE-2019-5086 and CVE-2019-5087
|
||||
|
||||
The code checks the sizes of width and height and stop execution, if it exceeds
|
||||
maximal values.
|
||||
---
|
||||
xcf-general.c | 16 ++++++++++++++++
|
||||
xcftools.h | 2 +-
|
||||
2 files changed, 17 insertions(+), 1 deletion(-)
|
||||
|
||||
diff --git a/xcf-general.c b/xcf-general.c
|
||||
index b23c260..169b4f7 100644
|
||||
--- a/xcf-general.c
|
||||
+++ b/xcf-general.c
|
||||
@@ -19,6 +19,7 @@
|
||||
#include "xcftools.h"
|
||||
#include <string.h>
|
||||
#include <errno.h>
|
||||
+#include <limits.h>
|
||||
#ifdef HAVE_ICONV
|
||||
# include <iconv.h>
|
||||
#elif !defined(ICONV_CONST)
|
||||
@@ -182,6 +183,21 @@ xcfString(uint32_t ptr,uint32_t *after)
|
||||
void
|
||||
computeDimensions(struct tileDimensions *d)
|
||||
{
|
||||
+ // [ CVE-2019-5086 and CVE-2019-5087 ]
|
||||
+ // This part of code is the check to prevent integer overflow, see CVE-2019-5086 and CVE-2019-5087
|
||||
+
|
||||
+ if ((d->c.l + d->width)*4 > INT_MAX) {
|
||||
+ fprintf(stderr,("Width is too large (%d)! Stopping execution...\n"), (d->c.l + d->width));
|
||||
+ exit(0);
|
||||
+ }
|
||||
+
|
||||
+ if ((d->c.t + d->height)*4 > INT_MAX) {
|
||||
+ fprintf(stderr,("Height is too large (%d)! Stopping execution...\n"), (d->c.t + d->height));
|
||||
+ exit(0);
|
||||
+ }
|
||||
+
|
||||
+ // [ CVE-2019-5086 and CVE-2019-5087 ]
|
||||
+
|
||||
d->c.r = d->c.l + d->width ;
|
||||
d->c.b = d->c.t + d->height ;
|
||||
d->tilesx = (d->width+TILE_WIDTH-1)/TILE_WIDTH ;
|
||||
diff --git a/xcftools.h b/xcftools.h
|
||||
index 5a1efcc..4bb02ea 100644
|
||||
--- a/xcftools.h
|
||||
+++ b/xcftools.h
|
||||
@@ -121,7 +121,7 @@ FILE* openout(const char*);
|
||||
void closeout(FILE *,const char*);
|
||||
|
||||
struct rect {
|
||||
- int t, b, l, r ;
|
||||
+ int64_t t, b, l, r ;
|
||||
};
|
||||
|
||||
#define isSubrect(A,B) \
|
||||
27
xcftools/xcftools.patch
Normal file
27
xcftools/xcftools.patch
Normal file
@@ -0,0 +1,27 @@
|
||||
diff -rupN xcftools-1.0.7.old/Makefile.in xcftools-1.0.7/Makefile.in
|
||||
--- xcftools-1.0.7.old/Makefile.in 2009-07-03 11:31:56.000000000 +0100
|
||||
+++ xcftools-1.0.7/Makefile.in 2012-01-03 13:03:51.152358830 +0000
|
||||
@@ -79,7 +79,7 @@ xcf2pnm$e: xcf2pnm.$o $(FILEIO).$o enums
|
||||
|
||||
xcf2png$e: xcf2png.$o $(FILEIO).$o enums.$o xcf-general.$o utils.$o nlsini.$o \
|
||||
pixels.$o flatten.$o flatspec.$o scaletab.$o table.$o palette.$o
|
||||
- $(CC) $(LDFLAGS) $(LIBS) -lpng $^ -o $@
|
||||
+ $(CC) $(LDFLAGS) $(LIBS) $^ -lpng -o $@
|
||||
|
||||
xcfview: xcfview.in Makefile
|
||||
sed '1s,/usr/bin/perl,@PERL@,' < $< > $@
|
||||
diff -rupN xcftools-1.0.7.old/xcf2png.c xcftools-1.0.7/xcf2png.c
|
||||
--- xcftools-1.0.7.old/xcf2png.c 2009-07-03 11:31:52.000000000 +0100
|
||||
+++ xcftools-1.0.7/xcf2png.c 2012-01-03 13:03:36.262509165 +0000
|
||||
@@ -71,9 +71,9 @@ init_output(void)
|
||||
|
||||
outfile = openout(flatspec.output_filename);
|
||||
libpng = png_create_write_struct(PNG_LIBPNG_VER_STRING,
|
||||
- png_voidp_NULL,
|
||||
+ (png_voidp)NULL,
|
||||
my_error_callback,
|
||||
- png_error_ptr_NULL);
|
||||
+ (png_voidp)NULL);
|
||||
if( !libpng )
|
||||
FatalUnexpected(_("Couldn't initialize libpng library"));
|
||||
|
||||
Reference in New Issue
Block a user