commit: 5c2e598abc09a1e34306d003a36a5bbb2ad879a7 Author: Andreas Sturmlechner <asturm <AT> gentoo <DOT> org> AuthorDate: Sun Feb 22 14:36:49 2026 +0000 Commit: Andreas Sturmlechner <asturm <AT> gentoo <DOT> org> CommitDate: Sun Feb 22 15:55:24 2026 +0000 URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=5c2e598a
media-libs/libcaca: drop 0.99_beta19-r12 Bug: https://bugs.gentoo.org/970283 Signed-off-by: Andreas Sturmlechner <asturm <AT> gentoo.org> media-libs/libcaca/Manifest | 1 - media-libs/libcaca/files/100_doxygen.diff | 170 --------------------- media-libs/libcaca/files/CVE-2018-20544.patch | 45 ------ .../libcaca/files/CVE-2018-20545+20547+20549.patch | 34 ----- .../libcaca/files/CVE-2018-20546+20547.patch | 36 ----- ...em-in-the-caca_resize-overflow-detection-.patch | 135 ---------------- ...as-fix-an-integer-overflow-in-caca_resize.patch | 141 ----------------- .../files/libcaca-0.99_beta18-fix-tests.patch | 61 -------- media-libs/libcaca/libcaca-0.99_beta19-r12.ebuild | 143 ----------------- 9 files changed, 766 deletions(-) diff --git a/media-libs/libcaca/Manifest b/media-libs/libcaca/Manifest index 17f29ebf5f8a..77b86337d776 100644 --- a/media-libs/libcaca/Manifest +++ b/media-libs/libcaca/Manifest @@ -1,2 +1 @@ -DIST libcaca-0.99.beta19.tar.gz 1203495 BLAKE2B 65462090fc503d640d91753ff21b55ad1bac360fb6e5aae8f46d8162e62f8834f791a1db6e2045a63deaa7c409c3455b484750294cfb01e1027f0ca8dc2f2798 SHA512 780fc7684d40207cc10df3f87d6d8f1d47ddfffa0e76e41a5ce671b82d5c7f090facb054c3d49ca7c4ea1a619625bb9085ce52f837f50792b4a2d776a4c68e15 DIST libcaca-0.99.beta20.tar.bz2 893319 BLAKE2B 873669c8ec3f6f4b135c664e146cb7d0fc540fb54ded28ff4cd9fe7b9aece9b9e52e3fd1f49999e4f9f051d1c7027a1661440d1c1f4cd7dcdc70456cba81f862 SHA512 8cfb84351f9022c62b655822a9558fbe187260fc18ad89ccf99863c499759fba497388066d066fa529f29d6f808be02a6948849ee19617617ade59b3f5c410eb diff --git a/media-libs/libcaca/files/100_doxygen.diff b/media-libs/libcaca/files/100_doxygen.diff deleted file mode 100644 index f537f37b6d35..000000000000 --- a/media-libs/libcaca/files/100_doxygen.diff +++ /dev/null @@ -1,170 +0,0 @@ -Description: Don't mess with Doxygen's output -Author: Balint Reczey <[email protected]> -Index: libcaca-0.99.beta19/doc/Makefile.am -=================================================================== ---- libcaca-0.99.beta19.orig/doc/Makefile.am -+++ libcaca-0.99.beta19/doc/Makefile.am -@@ -28,10 +28,7 @@ stamp-latex: stamp-doxygen - if BUILD_DOCUMENTATION - if USE_LATEX - rm -f latex/libcaca.tex latex/libcaca.pdf -- mv latex/refman.tex latex/libcaca.tex -- sed 's/setlength{/renewcommand{/' latex/libcaca.tex \ -- | sed 's/.*usepackage.*times.*//' > latex/refman.tex -- cd latex && $(MAKE) $(AM_CFLAGS) refman.pdf || (cat refman.log; exit 1) -+ (cd latex && pdflatex refman ; makeindex refman.idx ; pdflatex refman ; pdflatex refman ; pdflatex refman ; pdflatex refman ; pdflatex refman; echo "pdflatex exit code: $$?") - mv latex/refman.pdf latex/libcaca.pdf - touch stamp-latex - endif -Index: libcaca-0.99.beta19/doc/doxygen.cfg.in -=================================================================== ---- libcaca-0.99.beta19.orig/doc/doxygen.cfg.in -+++ libcaca-0.99.beta19/doc/doxygen.cfg.in -@@ -1,4 +1,4 @@ --# Doxyfile 1.8.6 -+# Doxyfile 1.8.7 - - # This file describes the settings to be used by the documentation system - # doxygen (www.doxygen.org) for a project. -@@ -70,6 +70,14 @@ OUTPUT_DIRECTORY = . - - CREATE_SUBDIRS = NO - -+# If the ALLOW_UNICODE_NAMES tag is set to YES, doxygen will allow non-ASCII -+# characters to appear in the names of generated files. If set to NO, non-ASCII -+# characters will be escaped, for example _xE3_x81_x84 will be used for Unicode -+# U+3044. -+# The default value is: NO. -+ -+ALLOW_UNICODE_NAMES = NO -+ - # The OUTPUT_LANGUAGE tag is used to specify the language in which all - # documentation generated by doxygen is written. Doxygen will use this - # information to generate all constant output in the proper language. -@@ -261,9 +269,12 @@ OPTIMIZE_OUTPUT_VHDL = NO - # extension. Doxygen has a built-in mapping, but you can override or extend it - # using this tag. The format is ext=language, where ext is a file extension, and - # language is one of the parsers supported by doxygen: IDL, Java, Javascript, --# C#, C, C++, D, PHP, Objective-C, Python, Fortran, VHDL. For instance to make --# doxygen treat .inc files as Fortran files (default is PHP), and .f files as C --# (default is Fortran), use: inc=Fortran f=C. -+# C#, C, C++, D, PHP, Objective-C, Python, Fortran (fixed format Fortran: -+# FortranFixed, free formatted Fortran: FortranFree, unknown formatted Fortran: -+# Fortran. In the later case the parser tries to guess whether the code is fixed -+# or free formatted code, this is the default for Fortran type files), VHDL. For -+# instance to make doxygen treat .inc files as Fortran files (default is PHP), -+# and .f files as C (default is Fortran), use: inc=Fortran f=C. - # - # Note For files without extension you can use no_extension as a placeholder. - # -@@ -1242,7 +1253,8 @@ GENERATE_CHI = NO - CHM_INDEX_ENCODING = - - # The BINARY_TOC flag controls whether a binary table of contents is generated ( --# YES) or a normal table of contents ( NO) in the .chm file. -+# YES) or a normal table of contents ( NO) in the .chm file. Furthermore it -+# enables the Previous and Next buttons. - # The default value is: NO. - # This tag requires that the tag GENERATE_HTMLHELP is set to YES. - -@@ -1482,11 +1494,11 @@ SEARCHENGINE = NO - - # When the SERVER_BASED_SEARCH tag is enabled the search engine will be - # implemented using a web server instead of a web client using Javascript. There --# are two flavours of web server based searching depending on the --# EXTERNAL_SEARCH setting. When disabled, doxygen will generate a PHP script for --# searching and an index file used by the script. When EXTERNAL_SEARCH is --# enabled the indexing and searching needs to be provided by external tools. See --# the section "External Indexing and Searching" for details. -+# are two flavors of web server based searching depending on the EXTERNAL_SEARCH -+# setting. When disabled, doxygen will generate a PHP script for searching and -+# an index file used by the script. When EXTERNAL_SEARCH is enabled the indexing -+# and searching needs to be provided by external tools. See the section -+# "External Indexing and Searching" for details. - # The default value is: NO. - # This tag requires that the tag SEARCHENGINE is set to YES. - -@@ -1774,6 +1786,13 @@ MAN_OUTPUT = man - - MAN_EXTENSION = .3caca - -+# The MAN_SUBDIR tag determines the name of the directory created within -+# MAN_OUTPUT in which the man pages are placed. If defaults to man followed by -+# MAN_EXTENSION with the initial . removed. -+# This tag requires that the tag GENERATE_MAN is set to YES. -+ -+MAN_SUBDIR = -+ - # If the MAN_LINKS tag is set to YES and doxygen generates man output, then it - # will generate one additional man file for each entity documented in the real - # man page(s). These additional files only source the real man page, but without -@@ -1801,18 +1820,6 @@ GENERATE_XML = NO - - XML_OUTPUT = xml - --# The XML_SCHEMA tag can be used to specify a XML schema, which can be used by a --# validating XML parser to check the syntax of the XML files. --# This tag requires that the tag GENERATE_XML is set to YES. -- --XML_SCHEMA = -- --# The XML_DTD tag can be used to specify a XML DTD, which can be used by a --# validating XML parser to check the syntax of the XML files. --# This tag requires that the tag GENERATE_XML is set to YES. -- --XML_DTD = -- - # If the XML_PROGRAMLISTING tag is set to YES doxygen will dump the program - # listings (including syntax highlighting and cross-referencing information) to - # the XML output. Note that enabling this will significantly increase the size -@@ -1961,9 +1968,9 @@ EXPAND_AS_DEFINED = __extern \ - __class - - # If the SKIP_FUNCTION_MACROS tag is set to YES then doxygen's preprocessor will --# remove all refrences to function-like macros that are alone on a line, have an --# all uppercase name, and do not end with a semicolon. Such function macros are --# typically used for boiler-plate code, and will confuse the parser if not -+# remove all references to function-like macros that are alone on a line, have -+# an all uppercase name, and do not end with a semicolon. Such function macros -+# are typically used for boiler-plate code, and will confuse the parser if not - # removed. - # The default value is: YES. - # This tag requires that the tag ENABLE_PREPROCESSING is set to YES. -@@ -1983,7 +1990,7 @@ SKIP_FUNCTION_MACROS = YES - # where loc1 and loc2 can be relative or absolute paths or URLs. See the - # section "Linking to external documentation" for more information about the use - # of tag files. --# Note: Each tag file must have an unique name (where the name does NOT include -+# Note: Each tag file must have a unique name (where the name does NOT include - # the path). If a tag file is not located in the directory in which doxygen is - # run, you must also specify the path to the tagfile here. - -@@ -2061,7 +2068,7 @@ HIDE_UNDOC_RELATIONS = YES - # http://www.graphviz.org/), a graph visualization toolkit from AT&T and Lucent - # Bell Labs. The other options in this section have no effect if this option is - # set to NO --# The default value is: NO. -+# The default value is: YES. - - HAVE_DOT = NO - -@@ -2083,7 +2090,7 @@ DOT_NUM_THREADS = 0 - # The default value is: Helvetica. - # This tag requires that the tag HAVE_DOT is set to YES. - --#DOT_FONTNAME = FreeSans -+DOT_FONTNAME = Helvetica - - # The DOT_FONTSIZE tag can be used to set the size (in points) of the font of - # dot graphs. -@@ -2213,7 +2220,9 @@ DIRECTORY_GRAPH = YES - # Note: If you choose svg you need to set HTML_FILE_EXTENSION to xhtml in order - # to make the SVG files visible in IE 9+ (other browsers do not have this - # requirement). --# Possible values are: png, jpg, gif and svg. -+# Possible values are: png, png:cairo, png:cairo:cairo, png:cairo:gd, png:gd, -+# png:gd:gd, jpg, jpg:cairo, jpg:cairo:gd, jpg:gd, jpg:gd:gd, gif, gif:cairo, -+# gif:cairo:gd, gif:gd, gif:gd:gd and svg. - # The default value is: png. - # This tag requires that the tag HAVE_DOT is set to YES. - diff --git a/media-libs/libcaca/files/CVE-2018-20544.patch b/media-libs/libcaca/files/CVE-2018-20544.patch deleted file mode 100644 index 072c1dda0502..000000000000 --- a/media-libs/libcaca/files/CVE-2018-20544.patch +++ /dev/null @@ -1,45 +0,0 @@ -From 84bd155087b93ab2d8d7cb5b1ac94ecd4cf4f93c Mon Sep 17 00:00:00 2001 -From: Sam Hocevar <[email protected]> -Date: Sat, 29 Dec 2018 22:13:56 +0100 -Subject: [PATCH] dither: fix integer overflows that were causing a division by - zero. - -Fixes: #36 (CVE-2018-20544) ---- - caca/dither.c | 16 ++++++++-------- - 1 file changed, 8 insertions(+), 8 deletions(-) - -diff --git a/caca/dither.c b/caca/dither.c -index 04b678e0..c6ebab1b 100644 ---- a/caca/dither.c -+++ b/caca/dither.c -@@ -991,10 +991,10 @@ int caca_dither_bitmap(caca_canvas_t *cv, int x, int y, int w, int h, - /* First get RGB */ - if(d->antialias) - { -- fromx = (x - x1) * w / deltax; -- fromy = (y - y1) * h / deltay; -- tox = (x - x1 + 1) * w / deltax; -- toy = (y - y1 + 1) * h / deltay; -+ fromx = (uint64_t)(x - x1) * w / deltax; -+ fromy = (uint64_t)(y - y1) * h / deltay; -+ tox = (uint64_t)(x - x1 + 1) * w / deltax; -+ toy = (uint64_t)(y - y1 + 1) * h / deltay; - - /* We want at least one pixel */ - if(tox == fromx) tox++; -@@ -1017,10 +1017,10 @@ int caca_dither_bitmap(caca_canvas_t *cv, int x, int y, int w, int h, - } - else - { -- fromx = (x - x1) * w / deltax; -- fromy = (y - y1) * h / deltay; -- tox = (x - x1 + 1) * w / deltax; -- toy = (y - y1 + 1) * h / deltay; -+ fromx = (uint64_t)(x - x1) * w / deltax; -+ fromy = (uint64_t)(y - y1) * h / deltay; -+ tox = (uint64_t)(x - x1 + 1) * w / deltax; -+ toy = (uint64_t)(y - y1 + 1) * h / deltay; - - /* tox and toy can overflow the canvas, but they cannot overflow - * when averaged with fromx and fromy because these are guaranteed diff --git a/media-libs/libcaca/files/CVE-2018-20545+20547+20549.patch b/media-libs/libcaca/files/CVE-2018-20545+20547+20549.patch deleted file mode 100644 index ff1ee48c6a67..000000000000 --- a/media-libs/libcaca/files/CVE-2018-20545+20547+20549.patch +++ /dev/null @@ -1,34 +0,0 @@ -Description: img2txt: fix an integer overflow in the BMP loader. -Origin: https://github.com/cacalabs/libcaca/commit/3e52dabe3e64dc50f4422effe364a1457a8a8592 -Forwarded: not-needed -Applied-Upstream: https://github.com/cacalabs/libcaca/commit/3e52dabe3e64dc50f4422effe364a1457a8a8592 -Last-Update: 2019-04-06 ---- -This patch header follows DEP-3: http://dep.debian.net/deps/dep3/ ---- a/src/common-image.h -+++ b/src/common-image.h -@@ -1,19 +1,19 @@ - /* - * Imaging tools for cacaview and img2irc -- * Copyright (c) 2003-2012 Sam Hocevar <[email protected]> -- * All Rights Reserved -+ * Copyright (c) 2003-2018 Sam Hocevar <[email protected]> -+ * All Rights Reserved - * - * This program is free software. It comes without any warranty, to - * the extent permitted by applicable law. You can redistribute it - * and/or modify it under the terms of the Do What the Fuck You Want -- * to Public License, Version 2, as published by Sam Hocevar. See -- * http://www.wtfpl.net/ for more details. -+ * to Public License, Version 2, as published by the WTFPL Task Force. -+ * See http://www.wtfpl.net/ for more details. - */ - - struct image - { - char *pixels; -- unsigned int w, h; -+ size_t w, h; - struct caca_dither *dither; - void *priv; - }; diff --git a/media-libs/libcaca/files/CVE-2018-20546+20547.patch b/media-libs/libcaca/files/CVE-2018-20546+20547.patch deleted file mode 100644 index 95b072bfc398..000000000000 --- a/media-libs/libcaca/files/CVE-2018-20546+20547.patch +++ /dev/null @@ -1,36 +0,0 @@ -From 02a09ec9e5ed8981e7a810bfb6a0172dc24f0790 Mon Sep 17 00:00:00 2001 -From: Sam Hocevar <[email protected]> -Date: Sun, 30 Dec 2018 13:18:27 +0100 -Subject: [PATCH] dither: fix integer multiplication overflow that caused - crashes. - -Fixes: #38 (CVE-2018-20546) -Fixes: #39 (CVE-2018-20547) ---- - caca/dither.c | 6 +++--- - 1 file changed, 3 insertions(+), 3 deletions(-) - -diff --git a/caca/dither.c b/caca/dither.c -index c6ebab1b..b2e24e55 100644 ---- a/caca/dither.c -+++ b/caca/dither.c -@@ -6,8 +6,8 @@ - * This library is free software. It comes without any warranty, to - * the extent permitted by applicable law. You can redistribute it - * and/or modify it under the terms of the Do What the Fuck You Want -- * to Public License, Version 2, as published by Sam Hocevar. See -- * http://www.wtfpl.net/ for more details. -+ * to Public License, Version 2, as published by the WTFPL Task Force. -+ * See http://www.wtfpl.net/ for more details. - */ - - /* -@@ -116,7 +116,7 @@ enum color_mode - struct caca_dither - { - int bpp, has_palette, has_alpha; -- int w, h, pitch; -+ size_t w, h, pitch; - int rmask, gmask, bmask, amask; - int rright, gright, bright, aright; - int rleft, gleft, bleft, aleft; diff --git a/media-libs/libcaca/files/Fix-a-problem-in-the-caca_resize-overflow-detection-.patch b/media-libs/libcaca/files/Fix-a-problem-in-the-caca_resize-overflow-detection-.patch deleted file mode 100644 index 5305a6bdf21c..000000000000 --- a/media-libs/libcaca/files/Fix-a-problem-in-the-caca_resize-overflow-detection-.patch +++ /dev/null @@ -1,135 +0,0 @@ -From: Sam Hocevar <[email protected]> -Date: Fri, 26 Feb 2021 12:40:06 +0100 -Subject: [2/2] Fix a problem in the caca_resize() overflow detection and add - several unit tests. -Origin: https://github.com/cacalabs/libcaca/commit/e4968ba6e93e9fd35429eb16895c785c51072015 -Bug: https://github.com/cacalabs/libcaca/issues/52 -Bug-Debian: https://bugs.debian.org/983686 -Bug-Debian-Security: https://security-tracker.debian.org/tracker/CVE-2021-3410 - ---- - caca/canvas.c | 16 ++++++++-------- - test/canvas.cpp | 18 +++++++++++++++--- - tools/makefont.c | 22 +++++++++++++++++++--- - 3 files changed, 42 insertions(+), 14 deletions(-) - ---- a/caca/canvas.c -+++ b/caca/canvas.c -@@ -367,6 +367,14 @@ int caca_resize(caca_canvas_t *cv, int w - { - int x, y, f, old_width, old_height, old_size; - -+ /* Check for overflow */ -+ int new_size = width * height; -+ if (new_size < 0 || (width > 0 && new_size / width != height)) -+ { -+ seterrno(EOVERFLOW); -+ return -1; -+ } -+ - old_width = cv->width; - old_height = cv->height; - old_size = old_width * old_height; -@@ -377,14 +385,6 @@ int caca_resize(caca_canvas_t *cv, int w - * dirty rectangle handling */ - cv->width = width; - cv->height = height; -- int new_size = width * height; -- -- /* Check for overflow */ -- if (new_size / width != height) -- { -- seterrno(EOVERFLOW); -- return -1; -- } - - /* If width or height is smaller (or both), we have the opportunity to - * reduce or even remove dirty rectangles */ ---- a/test/canvas.cpp -+++ b/test/canvas.cpp -@@ -16,6 +16,7 @@ - #include <cppunit/TestCaller.h> - #include <cppunit/TestCase.h> - #include <cppunit/TestSuite.h> -+#include <climits> - - #include "caca.h" - -@@ -53,18 +54,29 @@ public: - CPPUNIT_ASSERT_EQUAL(caca_get_canvas_width(cv), 0); - CPPUNIT_ASSERT_EQUAL(caca_get_canvas_height(cv), 0); - -- caca_set_canvas_size(cv, 1, 1); -+ int ret = caca_set_canvas_size(cv, 1, 1); -+ CPPUNIT_ASSERT_EQUAL(ret, 0); - CPPUNIT_ASSERT_EQUAL(caca_get_canvas_width(cv), 1); - CPPUNIT_ASSERT_EQUAL(caca_get_canvas_height(cv), 1); - -- caca_set_canvas_size(cv, 1234, 1001); -+ ret = caca_set_canvas_size(cv, 1234, 1001); -+ CPPUNIT_ASSERT_EQUAL(ret, 0); - CPPUNIT_ASSERT_EQUAL(caca_get_canvas_width(cv), 1234); - CPPUNIT_ASSERT_EQUAL(caca_get_canvas_height(cv), 1001); - -- caca_set_canvas_size(cv, 0, 0); -+ ret = caca_set_canvas_size(cv, 0, 0); -+ CPPUNIT_ASSERT_EQUAL(ret, 0); - CPPUNIT_ASSERT_EQUAL(caca_get_canvas_width(cv), 0); - CPPUNIT_ASSERT_EQUAL(caca_get_canvas_height(cv), 0); - -+ CPPUNIT_ASSERT_EQUAL(-1, caca_set_canvas_size(cv, -1, 50)); -+ CPPUNIT_ASSERT_EQUAL(-1, caca_set_canvas_size(cv, 50, -1)); -+ CPPUNIT_ASSERT_EQUAL(-1, caca_set_canvas_size(cv, -1, -1)); -+ CPPUNIT_ASSERT_EQUAL(-1, caca_set_canvas_size(cv, INT_MAX / 2, 3)); -+ CPPUNIT_ASSERT_EQUAL(-1, caca_set_canvas_size(cv, 3, INT_MAX / 2)); -+ CPPUNIT_ASSERT_EQUAL(-1, caca_set_canvas_size(cv, INT_MAX / 2, INT_MAX / 2)); -+ CPPUNIT_ASSERT_EQUAL(0, caca_set_canvas_size(cv, 0, 0)); -+ - caca_free_canvas(cv); - } - ---- a/tools/makefont.c -+++ b/tools/makefont.c -@@ -40,7 +40,8 @@ - * and the UTF-8 glyphs necessary for canvas rotation and mirroring. */ - static unsigned int const blocklist[] = - { -- 0x0000, 0x0080, /* Basic latin: A, B, C, a, b, c */ -+ 0x0020, 0x0080, /* Basic latin: A, B, C, a, b, c */ -+#if 0 - 0x0080, 0x0100, /* Latin-1 Supplement: Ä, Ç, å, ß */ - 0x0100, 0x0180, /* Latin Extended-A: Ā č Ō œ */ - 0x0180, 0x0250, /* Latin Extended-B: Ǝ Ƹ */ -@@ -63,6 +64,7 @@ static unsigned int const blocklist[] = - 0x30a0, 0x3100, /* Katakana: ロ ル */ - 0xff00, 0xfff0, /* Halfwidth and Fullwidth Forms: A, B, C, a, b, c */ - 0x10400, 0x10450, /* Deseret: 𐐒 𐐋 */ -+#endif - 0, 0 - }; - -@@ -317,8 +319,22 @@ int main(int argc, char *argv[]) - printf_unicode(>ab[n]); - - if(gtab[n].same_as == n) -- printf_hex(" */ %s\n", -- glyph_data + gtab[n].data_offset, gtab[n].data_size); -+ { -+ char const *lut = " .:nmW@"; -+ printf("\n"); -+ for (int y = 0; y < height; ++y) -+ { -+ for (int x = 0; x < gtab[n].data_width; ++x) -+ { -+ int val = glyph_data[gtab[n].data_offset + y * gtab[n].data_width + x]; -+ char ch = lut[val * val * 7 / 256 / 256]; -+ printf("%c%c", ch, ch); -+ } -+ printf("\n"); -+ } -+ //printf_hex(" */ %s\n", -+ // glyph_data + gtab[n].data_offset, gtab[n].data_size); -+ } - else - { - printf(" is "); diff --git a/media-libs/libcaca/files/canvas-fix-an-integer-overflow-in-caca_resize.patch b/media-libs/libcaca/files/canvas-fix-an-integer-overflow-in-caca_resize.patch deleted file mode 100644 index 020f1a3603d4..000000000000 --- a/media-libs/libcaca/files/canvas-fix-an-integer-overflow-in-caca_resize.patch +++ /dev/null @@ -1,141 +0,0 @@ -From: Sam Hocevar <[email protected]> -Date: Fri, 26 Feb 2021 10:55:38 +0100 -Subject: [1/2] canvas: fix an integer overflow in caca_resize(). -Origin: https://github.com/cacalabs/libcaca/commit/46b4ea7cea72d6b3ffe65d33e604b1774dcc2bbd -Bug: https://github.com/cacalabs/libcaca/issues/52 -Bug-Debian: https://bugs.debian.org/983686 -Bug-Debian-Security: https://security-tracker.debian.org/tracker/CVE-2021-3410 - -Fixes: #52 (CVE-2021-3410) ---- - caca/canvas.c | 13 +++++++++++-- - caca/codec/import.c | 1 + - caca/codec/text.c | 21 ++++++++++++++------- - 3 files changed, 26 insertions(+), 9 deletions(-) - -diff --git a/caca/canvas.c b/caca/canvas.c -index 3fdd37ae8ef9..d07153926c3a 100644 ---- a/caca/canvas.c -+++ b/caca/canvas.c -@@ -45,6 +45,7 @@ static int caca_resize(caca_canvas_t *, int, int); - * - * If an error occurs, NULL is returned and \b errno is set accordingly: - * - \c EINVAL Specified width or height is invalid. -+ * - \c EOVERFLOW Specified width and height overflowed. - * - \c ENOMEM Not enough memory for the requested canvas size. - * - * \param width The desired canvas width -@@ -200,6 +201,7 @@ int caca_unmanage_canvas(caca_canvas_t *cv, int (*callback)(void *), void *p) - * - * If an error occurs, -1 is returned and \b errno is set accordingly: - * - \c EINVAL Specified width or height is invalid. -+ * - \c EOVERFLOW Specified width and height overflowed. - * - \c EBUSY The canvas is in use by a display driver and cannot be resized. - * - \c ENOMEM Not enough memory for the requested canvas size. If this - * happens, the canvas handle becomes invalid and should not be used. -@@ -363,7 +365,7 @@ int caca_rand(int min, int max) - - int caca_resize(caca_canvas_t *cv, int width, int height) - { -- int x, y, f, old_width, old_height, new_size, old_size; -+ int x, y, f, old_width, old_height, old_size; - - old_width = cv->width; - old_height = cv->height; -@@ -375,7 +377,14 @@ int caca_resize(caca_canvas_t *cv, int width, int height) - * dirty rectangle handling */ - cv->width = width; - cv->height = height; -- new_size = width * height; -+ int new_size = width * height; -+ -+ /* Check for overflow */ -+ if (new_size / width != height) -+ { -+ seterrno(EOVERFLOW); -+ return -1; -+ } - - /* If width or height is smaller (or both), we have the opportunity to - * reduce or even remove dirty rectangles */ -diff --git a/caca/codec/import.c b/caca/codec/import.c -index 8836fd0893e3..2dafe3cf97c1 100644 ---- a/caca/codec/import.c -+++ b/caca/codec/import.c -@@ -61,6 +61,7 @@ static ssize_t import_caca(caca_canvas_t *, void const *, size_t); - * - * If an error occurs, -1 is returned and \b errno is set accordingly: - * - \c ENOMEM Not enough memory to allocate canvas. -+ * - \c EOVERFLOW Importing data caused a value overflow. - * - \c EINVAL Invalid format requested. - * - * \param cv A libcaca canvas in which to import the file. -diff --git a/caca/codec/text.c b/caca/codec/text.c -index 358b7224fe87..94a2a4d7bcdb 100644 ---- a/caca/codec/text.c -+++ b/caca/codec/text.c -@@ -46,7 +46,7 @@ ssize_t _import_text(caca_canvas_t *cv, void const *data, size_t size) - char const *text = (char const *)data; - unsigned int width = 0, height = 0, x = 0, y = 0, i; - -- caca_set_canvas_size(cv, width, height); -+ caca_set_canvas_size(cv, 0, 0); - - for(i = 0; i < size; i++) - { -@@ -70,15 +70,19 @@ ssize_t _import_text(caca_canvas_t *cv, void const *data, size_t size) - if(y >= height) - height = y + 1; - -- caca_set_canvas_size(cv, width, height); -+ if (caca_set_canvas_size(cv, width, height) < 0) -+ return -1; - } - - caca_put_char(cv, x, y, ch); - x++; - } - -- if(y > height) -- caca_set_canvas_size(cv, width, height = y); -+ if (y > height) -+ { -+ if (caca_set_canvas_size(cv, width, height = y) < 0) -+ return -1; -+ } - - return (ssize_t)size; - } -@@ -431,7 +435,8 @@ ssize_t _import_ansi(caca_canvas_t *cv, void const *data, size_t size, int utf8) - { - savedattr = caca_get_attr(cv, -1, -1); - caca_set_attr(cv, im.clearattr); -- caca_set_canvas_size(cv, width = x + wch, height); -+ if (caca_set_canvas_size(cv, width = x + wch, height) < 0) -+ return -1; - caca_set_attr(cv, savedattr); - } - else -@@ -448,7 +453,8 @@ ssize_t _import_ansi(caca_canvas_t *cv, void const *data, size_t size, int utf8) - caca_set_attr(cv, im.clearattr); - if(growy) - { -- caca_set_canvas_size(cv, width, height = y + 1); -+ if (caca_set_canvas_size(cv, width, height = y + 1) < 0) -+ return -1; - } - else - { -@@ -480,7 +486,8 @@ ssize_t _import_ansi(caca_canvas_t *cv, void const *data, size_t size, int utf8) - { - savedattr = caca_get_attr(cv, -1, -1); - caca_set_attr(cv, im.clearattr); -- caca_set_canvas_size(cv, width, height = y); -+ if (caca_set_canvas_size(cv, width, height = y)) -+ return -1; - caca_set_attr(cv, savedattr); - } - --- -2.30.0 - diff --git a/media-libs/libcaca/files/libcaca-0.99_beta18-fix-tests.patch b/media-libs/libcaca/files/libcaca-0.99_beta18-fix-tests.patch deleted file mode 100644 index 1bfb931a75ac..000000000000 --- a/media-libs/libcaca/files/libcaca-0.99_beta18-fix-tests.patch +++ /dev/null @@ -1,61 +0,0 @@ ---- a/test/Makefile.am -+++ b/test/Makefile.am -@@ -1,3 +1,5 @@ -+AM_TESTS_ENVIRONMENT = \ -+ top_srcdir="$(top_srcdir)" - - AM_CPPFLAGS = -I$(top_srcdir) -I$(top_srcdir)/caca -I../caca - ---- a/test/check-copyright -+++ b/test/check-copyright -@@ -3,10 +3,11 @@ - # - # Check that the copyright information is valid - # -+echo "top srcdir: ${top_srcdir:=..}" - nfails=0 - nfiles=0 - for dir in $(make -s echo-dirs -C ..); do -- if [ ! -d "../$dir" ]; then continue; fi -+ if [ ! -d "$top_srcdir/$dir" ]; then continue; fi - for x in $(make -s echo-sources -C ../$dir); do - case "$x" in - *.c|*.cpp|*.h|*.m|*.php|*.cs|*.java|.py|.pl) -@@ -14,7 +15,7 @@ - *) - continue ;; - esac -- if ! grep 'Copyright *([cC])' "../$dir/$x" >/dev/null 2>&1; then -+ if ! grep 'Copyright *([cC])' "$top_srcdir/$dir/$x" >/dev/null 2>&1; then - echo "error: $dir/$x lacks proper copyright information" - nfails=$(($nfails + 1)) - elif [ -d ../.git ]; then ---- a/test/check-source -+++ b/test/check-source -@@ -3,6 +3,7 @@ - # - # Check that we have no tabs or trailing spaces in the source code - # -+echo "top srcdir: ${top_srcdir:=..}" - nfails=0 - nfiles=0 - nlines=0 -@@ -12,15 +13,15 @@ - case "$x" in - *.c|*.cpp|*.h|*.m|*.php|*.cs|*.java|*.py|*.pl) - nfiles=$(($nfiles + 1)); -- nlines=$(($nlines + `grep -c . "../$dir/$x"`)) ;; -+ nlines=$(($nlines + `grep -c . "$top_srcdir/$dir/$x"`)) ;; - *) - continue ;; - esac -- if grep '[[:space:]]$' "../$dir/$x" >/dev/null 2>&1; then -+ if grep '[[:space:]]$' "$top_srcdir/$dir/$x" >/dev/null 2>&1; then - echo "error: $dir/$x contains trailing spaces" - nfails=$(($nfails + 1)) - fi -- if grep ' ' "../$dir/$x" >/dev/null 2>&1; then -+ if grep ' ' "$top_srcdir/$dir/$x" >/dev/null 2>&1; then - echo "error: $dir/$x contains tabs" - nfails=$(($nfails + 1)) - fi diff --git a/media-libs/libcaca/libcaca-0.99_beta19-r12.ebuild b/media-libs/libcaca/libcaca-0.99_beta19-r12.ebuild deleted file mode 100644 index e29a95ed66c6..000000000000 --- a/media-libs/libcaca/libcaca-0.99_beta19-r12.ebuild +++ /dev/null @@ -1,143 +0,0 @@ -# Copyright 1999-2025 Gentoo Authors -# Distributed under the terms of the GNU General Public License v2 - -EAPI=7 - -inherit autotools flag-o-matic toolchain-funcs multilib-minimal - -MY_P=${P/_/.} -DESCRIPTION="A library that creates colored ASCII-art graphics" -HOMEPAGE="http://libcaca.zoy.org/"; -SRC_URI="http://libcaca.zoy.org/files/${PN}/${MY_P}.tar.gz"; -S="${WORKDIR}/${MY_P}" - -LICENSE="GPL-2 ISC LGPL-2.1 WTFPL-2" -SLOT="0" -KEYWORDS="~alpha amd64 arm arm64 ~hppa ~loong ~m68k ~mips ppc ppc64 ~riscv ~s390 ~sparc x86" -IUSE="doc imlib ncurses opengl slang static-libs test truetype X" -RESTRICT="!test? ( test )" - -REQUIRED_USE="" - -DEPEND=" - imlib? ( >=media-libs/imlib2-1.4.6-r2[${MULTILIB_USEDEP}] ) - ncurses? ( >=sys-libs/ncurses-5.9-r3:0=[${MULTILIB_USEDEP}] ) - opengl? ( - >=virtual/glu-9.0-r1[${MULTILIB_USEDEP}] - >=virtual/opengl-7.0-r1[${MULTILIB_USEDEP}] - >=media-libs/freeglut-2.8.1[${MULTILIB_USEDEP}] - truetype? ( >=media-libs/ftgl-2.1.3_rc5 ) - ) - slang? ( >=sys-libs/slang-2.2.4-r1 ) - X? ( - >=x11-libs/libX11-1.6.2 - >=x11-libs/libXt-1.1.4 - ) -" -RDEPEND="${DEPEND}" -BDEPEND=" - virtual/pkgconfig - doc? ( - app-text/doxygen - virtual/latex-base - >=dev-texlive/texlive-fontsrecommended-2012 - >=dev-texlive/texlive-latexextra-2012 - dev-texlive/texlive-latexrecommended - ) - test? ( dev-util/cppunit ) -" - -DOCS=( AUTHORS ChangeLog NEWS NOTES README THANKS ) - -PATCHES=( - # Fix out of source tests - "${FILESDIR}"/${PN}-0.99_beta18-fix-tests.patch - # Debian patches - "${FILESDIR}/CVE-2018-20544.patch" - "${FILESDIR}/CVE-2018-20545+20547+20549.patch" - "${FILESDIR}/CVE-2018-20546+20547.patch" - "${FILESDIR}/canvas-fix-an-integer-overflow-in-caca_resize.patch" - "${FILESDIR}/Fix-a-problem-in-the-caca_resize-overflow-detection-.patch" - "${FILESDIR}/100_doxygen.diff" - # Fix doxygen docs install, bug 543870 - "${FILESDIR}/fix-css-path.patch" - "${FILESDIR}/configure-lto.patch" -) - -src_prepare() { - # bug #339962 - sed -i -e '/doxygen_tests = check-doxygen/d' test/Makefile.am || die - - sed -i \ - -e 's:-g -O2 -fno-strength-reduce -fomit-frame-pointer::' \ - -e 's:AM_CONFIG_HEADER:AC_CONFIG_HEADERS:' \ - configure.ac || die - - if ! use truetype; then - sed -i -e '/PKG_CHECK_MODULES/s:ftgl:dIsAbLe&:' configure.ac || die - fi - - # fix docs install path, bug 543870#c14 - sed -i "s/libcaca-dev/${PF}/g" doc/Makefile.am || die - - default - eautoreconf -} - -src_configure() { - if use imlib && ! use X; then - append-cflags -DX_DISPLAY_MISSING - fi - - # bug #653400 - append-cxxflags -std=c++11 - - # bug #601902, bug #825058 - use ncurses && append-libs $($(tc-getPKG_CONFIG) --libs tinfow || die) - - # https://github.com/cacalabs/libcaca/issues/86 - append-flags -fno-strict-overflow - - multilib-minimal_src_configure -} - -multilib_src_configure() { - if multilib_is_native_abi; then - # bug #44128 - export VARTEXFONTS="${T}/fonts" - fi - - local myeconfargs=( - $(use_enable static-libs static) - $(multilib_native_use_enable slang) - $(multilib_native_use_enable ncurses) - $(multilib_native_use_enable X x11) - $(multilib_native_use_with X x) - --x-libraries=/usr/$(get_libdir) - $(use_enable opengl gl) - --enable-cxx - $(use_enable imlib imlib2) - $(use_enable test cppunit) - --disable-java - --disable-ruby - --disable-python - --disable-csharp - $(multilib_native_use_enable doc) - ) - - ECONF_SOURCE="${S}" econf "${myeconfargs[@]}" -} - -multilib_src_compile() { - emake V=1 -} - -multilib_src_test() { - emake V=1 -j1 check -} - -multilib_src_install_all() { - einstalldocs - - find "${ED}" -name '*.la' -delete || die -}
