[arch-commits] Commit in gegl/trunk (5 files)
Jan Steffens
heftig at nymeria.archlinux.org
Sun Oct 20 02:07:52 UTC 2013
Date: Sunday, October 20, 2013 @ 04:07:52
Author: heftig
Revision: 196814
various fixes
Added:
gegl/trunk/gegl-0.2.0-CVE-2012-4433.patch
gegl/trunk/gegl-0.2.0-lua-5.2.patch
gegl/trunk/gegl-0.2.0-remove-src-over-op.patch
Modified:
gegl/trunk/PKGBUILD
gegl/trunk/gegl-0.2.0-ffmpeg-0.11.diff
-------------------------------------+
PKGBUILD | 38 ++++--
gegl-0.2.0-CVE-2012-4433.patch | 159 +++++++++++++++++++++++++++
gegl-0.2.0-ffmpeg-0.11.diff | 15 ++
gegl-0.2.0-lua-5.2.patch | 53 +++++++++
gegl-0.2.0-remove-src-over-op.patch | 195 ++++++++++++++++++++++++++++++++++
5 files changed, 445 insertions(+), 15 deletions(-)
Modified: PKGBUILD
===================================================================
--- PKGBUILD 2013-10-19 21:41:49 UTC (rev 196813)
+++ PKGBUILD 2013-10-20 02:07:52 UTC (rev 196814)
@@ -3,40 +3,54 @@
pkgname=gegl
pkgver=0.2.0
-pkgrel=9
+pkgrel=10
pkgdesc="Graph based image processing framework"
arch=('i686' 'x86_64')
url="http://www.gegl.org/"
license=('GPL3' 'LGPL3')
-depends=('babl' 'gtk2')
+depends=('babl' 'gtk2' 'libspiro')
makedepends=('intltool' 'ruby' 'lua' 'openexr' 'ffmpeg' 'librsvg' 'jasper' 'exiv2')
-optdepends=('openexr: for using the openexr plugin' \
- 'ffmpeg: for using the ffmpeg plugin' \
- 'librsvg: for using the svg plugin' \
+optdepends=('openexr: for using the openexr plugin'
+ 'ffmpeg: for using the ffmpeg plugin'
+ 'librsvg: for using the svg plugin'
'jasper: for using the jasper plugin')
options=('!libtool')
-source=(ftp://ftp.gimp.org/pub/${pkgname}/${pkgver%.*}/${pkgname}-${pkgver}.tar.bz2 gegl-0.2.0-ffmpeg-0.11.diff)
+source=(ftp://ftp.gimp.org/pub/${pkgname}/${pkgver%.*}/${pkgname}-${pkgver}.tar.bz2
+ gegl-0.2.0-ffmpeg-0.11.diff
+ gegl-0.2.0-CVE-2012-4433.patch
+ gegl-0.2.0-lua-5.2.patch
+ gegl-0.2.0-remove-src-over-op.patch)
sha1sums=('764cc66cb3c7b261b8fc18a6268a0e264a91d573'
- 'c10fd988c634fcf0948cc91a51d6528f6f1704ba')
+ 'e2e00633149fa4d5196520e284609de257eb012f'
+ '44d48bd9ad008703de9f8eb683d557bac39a02c8'
+ 'c78a092b880874ba7784b652bcd9c532e2b9975d'
+ 'dc9ae21cc5ba0fb47ef05793f0cb169572dfab74')
prepare() {
- cd "${srcdir}/${pkgname}-${pkgver}"
- patch -p1 -i "${srcdir}/gegl-0.2.0-ffmpeg-0.11.diff"
+ cd ${pkgname}-${pkgver}
+ patch -Np1 -i ../gegl-0.2.0-ffmpeg-0.11.diff
+ patch -Np1 -i ../gegl-0.2.0-CVE-2012-4433.patch
+ patch -Np1 -i ../gegl-0.2.0-lua-5.2.patch
+ patch -Np1 -i ../gegl-0.2.0-remove-src-over-op.patch
}
build() {
- cd "${srcdir}/${pkgname}-${pkgver}"
+ cd ${pkgname}-${pkgver}
./configure --prefix=/usr --with-sdl --with-openexr --with-librsvg \
--with-libavformat --with-jasper --disable-docs
+
+ # https://bugzilla.gnome.org/show_bug.cgi?id=655517
+ sed -i -e 's/ -shared / -Wl,-O1,--as-needed\0/g' libtool
+
make
}
check() {
- cd "${srcdir}/${pkgname}-${pkgver}"
+ cd ${pkgname}-${pkgver}
make check
}
package() {
- cd "${srcdir}/${pkgname}-${pkgver}"
+ cd ${pkgname}-${pkgver}
make DESTDIR="${pkgdir}" install
}
Added: gegl-0.2.0-CVE-2012-4433.patch
===================================================================
--- gegl-0.2.0-CVE-2012-4433.patch (rev 0)
+++ gegl-0.2.0-CVE-2012-4433.patch 2013-10-20 02:07:52 UTC (rev 196814)
@@ -0,0 +1,159 @@
+From ffa77a246652c7e706d690682fe659f50fbe5656 Mon Sep 17 00:00:00 2001
+From: Nils Philippsen <nils at redhat.com>
+Date: Mon, 1 Jul 2013 12:03:51 +0200
+Subject: [PATCH] patch: CVE-2012-4433
+
+Squashed commit of the following:
+
+commit 2a9071e2dc4cfe1aaa7a726805985281936f9874
+Author: Nils Philippsen <nils at redhat.com>
+Date: Tue Oct 16 16:57:37 2012 +0200
+
+ ppm-load: bring comment in line with reality
+
+ (cherry picked from commit 6975a9cfeaf0698b42ac81b1c2f00d13c8755453)
+
+commit 8bb88ebf78e54837322d3be74688f98800e9f33a
+Author: Nils Philippsen <nils at redhat.com>
+Date: Tue Oct 16 16:56:40 2012 +0200
+
+ ppm-load: CVE-2012-4433: add plausibility checks for header fields
+
+ Refuse values that are non-decimal, negative or overflow the target
+ type.
+
+ (cherry picked from commit 4757cdf73d3675478d645a3ec8250ba02168a230)
+
+commit 2b099886969bf055a8635d06a4d89f20fed1ee42
+Author: Nils Philippsen <nils at redhat.com>
+Date: Tue Oct 16 16:58:27 2012 +0200
+
+ ppm-load: CVE-2012-4433: don't overflow memory allocation
+
+ Carefully selected width/height values could cause the size of a later
+ allocation to overflow, resulting in a buffer much too small to store
+ the data which would then written beyond its end.
+
+ (cherry picked from commit 1e92e5235ded0415d555aa86066b8e4041ee5a53)
+---
+ operations/external/ppm-load.c | 64 +++++++++++++++++++++++++++++++++++-------
+ 1 file changed, 54 insertions(+), 10 deletions(-)
+
+diff --git a/operations/external/ppm-load.c b/operations/external/ppm-load.c
+index efe6d56..e22521c 100644
+--- a/operations/external/ppm-load.c
++++ b/operations/external/ppm-load.c
+@@ -36,6 +36,7 @@ gegl_chant_file_path (path, _("File"), "", _("Path of file to load."))
+ #include "gegl-chant.h"
+ #include <stdio.h>
+ #include <stdlib.h>
++#include <errno.h>
+
+ typedef enum {
+ PIXMAP_ASCII = 51,
+@@ -44,8 +45,8 @@ typedef enum {
+
+ typedef struct {
+ map_type type;
+- gint width;
+- gint height;
++ glong width;
++ glong height;
+ gsize numsamples; /* width * height * channels */
+ gsize bpc; /* bytes per channel */
+ guchar *data;
+@@ -61,7 +62,7 @@ ppm_load_read_header(FILE *fp,
+ gchar header[MAX_CHARS_IN_ROW];
+ gint maxval;
+
+- /* Check the PPM file Type P2 or P5 */
++ /* Check the PPM file Type P3 or P6 */
+ fgets (header,MAX_CHARS_IN_ROW,fp);
+
+ if (header[0] != ASCII_P ||
+@@ -82,12 +83,33 @@ ppm_load_read_header(FILE *fp,
+ }
+
+ /* Get Width and Height */
+- img->width = strtol (header,&ptr,0);
+- img->height = atoi (ptr);
+- img->numsamples = img->width * img->height * CHANNEL_COUNT;
++ errno = 0;
++ img->width = strtol (header,&ptr,10);
++ if (errno)
++ {
++ g_warning ("Error reading width: %s", strerror(errno));
++ return FALSE;
++ }
++ else if (img->width < 0)
++ {
++ g_warning ("Error: width is negative");
++ return FALSE;
++ }
++
++ img->height = strtol (ptr,&ptr,10);
++ if (errno)
++ {
++ g_warning ("Error reading height: %s", strerror(errno));
++ return FALSE;
++ }
++ else if (img->width < 0)
++ {
++ g_warning ("Error: height is negative");
++ return FALSE;
++ }
+
+ fgets (header,MAX_CHARS_IN_ROW,fp);
+- maxval = strtol (header,&ptr,0);
++ maxval = strtol (header,&ptr,10);
+
+ if ((maxval != 255) && (maxval != 65535))
+ {
+@@ -109,6 +131,16 @@ ppm_load_read_header(FILE *fp,
+ g_warning ("%s: Programmer stupidity error", G_STRLOC);
+ }
+
++ /* Later on, img->numsamples is multiplied with img->bpc to allocate
++ * memory. Ensure it doesn't overflow. */
++ if (!img->width || !img->height ||
++ G_MAXSIZE / img->width / img->height / CHANNEL_COUNT < img->bpc)
++ {
++ g_warning ("Illegal width/height: %ld/%ld", img->width, img->height);
++ return FALSE;
++ }
++ img->numsamples = img->width * img->height * CHANNEL_COUNT;
++
+ return TRUE;
+ }
+
+@@ -229,12 +261,24 @@ process (GeglOperation *operation,
+ if (!ppm_load_read_header (fp, &img))
+ goto out;
+
+- rect.height = img.height;
+- rect.width = img.width;
+-
+ /* Allocating Array Size */
++
++ /* Should use g_try_malloc(), but this causes crashes elsewhere because the
++ * error signalled by returning FALSE isn't properly acted upon. Therefore
++ * g_malloc() is used here which aborts if the requested memory size can't be
++ * allocated causing a controlled crash. */
+ img.data = (guchar*) g_malloc (img.numsamples * img.bpc);
+
++ /* No-op without g_try_malloc(), see above. */
++ if (! img.data)
++ {
++ g_warning ("Couldn't allocate %" G_GSIZE_FORMAT " bytes, giving up.", ((gsize)img.numsamples * img.bpc));
++ goto out;
++ }
++
++ rect.height = img.height;
++ rect.width = img.width;
++
+ switch (img.bpc)
+ {
+ case 1:
+--
+1.8.3.1
+
Modified: gegl-0.2.0-ffmpeg-0.11.diff
===================================================================
--- gegl-0.2.0-ffmpeg-0.11.diff 2013-10-19 21:41:49 UTC (rev 196813)
+++ gegl-0.2.0-ffmpeg-0.11.diff 2013-10-20 02:07:52 UTC (rev 196814)
@@ -1,12 +1,21 @@
-diff -Naur gegl-0.2.0/operations/external/ff-load.c gegl-0.2.0-1/operations/external/ff-load.c
+diff -u -r gegl-0.2.0/operations/external/ff-load.c gegl-0.2.0-1/operations/external/ff-load.c
--- gegl-0.2.0/operations/external/ff-load.c 2012-04-01 13:17:57.000000000 +0200
-+++ gegl-0.2.0-1/operations/external/ff-load.c 2012-07-11 12:42:05.174756560 +0200
++++ gegl-0.2.0-1/operations/external/ff-load.c 2013-10-20 03:22:06.824278863 +0200
@@ -271,7 +271,7 @@
gint err;
ff_cleanup (o);
- err = av_open_input_file (&p->ic, o->path, NULL, 0, NULL);
-+err = avformat_open_input (&p->ic, o->path, NULL, NULL);
++ err = avformat_open_input (&p->ic, o->path, NULL, NULL);
if (err < 0)
{
print_error (o->path, err);
+@@ -312,7 +312,7 @@
+ if (p->codec->capabilities & CODEC_CAP_TRUNCATED)
+ p->enc->flags |= CODEC_FLAG_TRUNCATED;
+
+- if (avcodec_open (p->enc, p->codec) < 0)
++ if (avcodec_open2 (p->enc, p->codec, NULL) < 0)
+ {
+ g_warning ("error opening codec %s", p->enc->codec->name);
+ return;
Added: gegl-0.2.0-lua-5.2.patch
===================================================================
--- gegl-0.2.0-lua-5.2.patch (rev 0)
+++ gegl-0.2.0-lua-5.2.patch 2013-10-20 02:07:52 UTC (rev 196814)
@@ -0,0 +1,53 @@
+From 1e12a153d9a82a771c3bfd95c0265b810a424b3c Mon Sep 17 00:00:00 2001
+From: Nils Philippsen <nils at redhat.com>
+Date: Mon, 1 Jul 2013 14:41:33 +0200
+Subject: [PATCH] patch: lua-5.2
+
+Squashed commit of the following:
+
+commit 96f65d260c6e40940f2818b721c19565c1b40607
+Author: Vincent Untz <vuntz at gnome.org>
+Date: Wed Jan 11 09:52:25 2012 +0100
+
+ Fix build with lua 5.2 by not using API deprecated in 5.1 already
+
+ https://bugzilla.gnome.org/show_bug.cgi?id=667675
+ (cherry picked from commit a14a29c39352c60f003a65b721c9af8a1d8d20df)
+---
+ operations/workshop/external/gluas.c | 6 +++---
+ 1 file changed, 3 insertions(+), 3 deletions(-)
+
+diff --git a/operations/workshop/external/gluas.c b/operations/workshop/external/gluas.c
+index 8ba1101..63e82a2 100644
+--- a/operations/workshop/external/gluas.c
++++ b/operations/workshop/external/gluas.c
+@@ -97,7 +97,7 @@ static int l_progress (lua_State * lua);
+ static int l_flush (lua_State * lua);
+ static int l_print (lua_State * lua);
+
+-static const luaL_reg gluas_functions[] =
++static const luaL_Reg gluas_functions[] =
+ {
+ {"set_rgba", l_set_rgba},
+ {"get_rgba", l_get_rgba},
+@@ -122,7 +122,7 @@ static const luaL_reg gluas_functions[] =
+ };
+ static void
+ register_functions (lua_State *L,
+- const luaL_reg *l)
++ const luaL_Reg *l)
+ {
+ for (;l->name; l++)
+ lua_register (L, l->name, l->func);
+@@ -146,7 +146,7 @@ drawable_lua_process (GeglOperation *op,
+ lua_State *L;
+ Priv p;
+
+- L = lua_open ();
++ L = luaL_newstate ();
+ luaL_openlibs (L);
+
+ register_functions (L, gluas_functions);
+--
+1.8.3.1
+
Added: gegl-0.2.0-remove-src-over-op.patch
===================================================================
--- gegl-0.2.0-remove-src-over-op.patch (rev 0)
+++ gegl-0.2.0-remove-src-over-op.patch 2013-10-20 02:07:52 UTC (rev 196814)
@@ -0,0 +1,195 @@
+From 72168aba34445e4cd99aaed32d8e6a80e89ce729 Mon Sep 17 00:00:00 2001
+From: Nils Philippsen <nils at redhat.com>
+Date: Mon, 1 Jul 2013 13:53:18 +0200
+Subject: [PATCH] patch: remove-src-over-op
+
+Squashed commit of the following:
+
+commit b766094d951bf1515a75408ee85d4e1af432e6bd
+Author: Daniel Sabo <DanielSabo at gmail.com>
+Date: Tue Jun 4 20:57:03 2013 -0700
+
+ Remove auto-generated svg:src-over
+
+ It was already shadowed by gegl:over, which declares
+ svg:src-over as a compat-name.
+
+ (cherry picked from commit c1caf2401271e8a17fd1937bf84279c250bd8e2a)
+
+ Conflicts:
+ po/POTFILES.in
+---
+ operations/generated/src-over.c | 122 -----------------------------
+ operations/generated/svg-12-porter-duff.rb | 5 +-
+ po/POTFILES.in | 3 +-
+ 3 files changed, 4 insertions(+), 126 deletions(-)
+ delete mode 100644 operations/generated/src-over.c
+
+diff --git a/operations/generated/src-over.c b/operations/generated/src-over.c
+deleted file mode 100644
+index e586087..0000000
+--- a/operations/generated/src-over.c
++++ /dev/null
+@@ -1,122 +0,0 @@
+-
+-/* !!!! AUTOGENERATED FILE generated by svg-12-porter-duff.rb !!!!!
+- *
+- * This file is an image processing operation for GEGL
+- *
+- * GEGL is free software; you can redistribute it and/or
+- * modify it under the terms of the GNU Lesser General Public
+- * License as published by the Free Software Foundation; either
+- * version 3 of the License, or (at your option) any later version.
+- *
+- * GEGL is distributed in the hope that it will be useful,
+- * but WITHOUT ANY WARRANTY; without even the implied warranty of
+- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+- * Lesser General Public License for more details.
+- *
+- * You should have received a copy of the GNU Lesser General Public
+- * License along with GEGL; if not, see <http://www.gnu.org/licenses/>.
+- *
+- * Copyright 2006, 2007 Øyvind Kolås <pippin at gimp.org>
+- * 2007 John Marshall
+- *
+- * SVG rendering modes; see:
+- * http://www.w3.org/TR/SVG12/rendering.html
+- * http://www.w3.org/TR/2004/WD-SVG12-20041027/rendering.html#comp-op-prop
+- *
+- * aA = aux(src) alpha aB = in(dst) alpha aD = out alpha
+- * cA = aux(src) colour cB = in(dst) colour cD = out colour
+- *
+- * !!!! AUTOGENERATED FILE !!!!!
+- */
+-#include "config.h"
+-#include <glib/gi18n-lib.h>
+-
+-
+-#ifdef GEGL_CHANT_PROPERTIES
+-
+-/* no properties */
+-
+-#else
+-
+-#define GEGL_CHANT_TYPE_POINT_COMPOSER
+-#define GEGL_CHANT_C_FILE "src-over.c"
+-
+-#include "gegl-chant.h"
+-
+-static void prepare (GeglOperation *operation)
+-{
+- const Babl *format = babl_format ("RaGaBaA float");
+-
+- gegl_operation_set_format (operation, "input", format);
+- gegl_operation_set_format (operation, "aux", format);
+- gegl_operation_set_format (operation, "output", format);
+-}
+-
+-static gboolean
+-process (GeglOperation *op,
+- void *in_buf,
+- void *aux_buf,
+- void *out_buf,
+- glong n_pixels,
+- const GeglRectangle *roi,
+- gint level)
+-{
+- gint i;
+- gfloat * GEGL_ALIGNED in = in_buf;
+- gfloat * GEGL_ALIGNED aux = aux_buf;
+- gfloat * GEGL_ALIGNED out = out_buf;
+-
+- if (aux==NULL)
+- return TRUE;
+-
+- for (i = 0; i < n_pixels; i++)
+- {
+- gint j;
+- gfloat aA G_GNUC_UNUSED, aB G_GNUC_UNUSED, aD G_GNUC_UNUSED;
+-
+- aB = in[3];
+- aA = aux[3];
+- aD = aA + aB - aA * aB;
+-
+- for (j = 0; j < 3; j++)
+- {
+- gfloat cA G_GNUC_UNUSED, cB G_GNUC_UNUSED;
+-
+- cB = in[j];
+- cA = aux[j];
+- out[j] = cA + cB * (1.0f - aA);
+- }
+- out[3] = aD;
+- in += 4;
+- aux += 4;
+- out += 4;
+- }
+- return TRUE;
+-}
+-
+-
+-static void
+-gegl_chant_class_init (GeglChantClass *klass)
+-{
+- GeglOperationClass *operation_class;
+- GeglOperationPointComposerClass *point_composer_class;
+-
+- operation_class = GEGL_OPERATION_CLASS (klass);
+- point_composer_class = GEGL_OPERATION_POINT_COMPOSER_CLASS (klass);
+-
+- point_composer_class->process = process;
+- operation_class->prepare = prepare;
+-
+-
+- operation_class->compat_name = "gegl:src-over";
+- gegl_operation_class_set_keys (operation_class,
+- "name" , "svg:src-over",
+- "categories", "compositors:porter-duff",
+- "description",
+- _("Porter Duff operation src-over (d = cA + cB * (1.0f - aA))"),
+- NULL);
+-
+-
+-}
+-
+-#endif
+diff --git a/operations/generated/svg-12-porter-duff.rb b/operations/generated/svg-12-porter-duff.rb
+index 5516802..dab5d2f 100755
+--- a/operations/generated/svg-12-porter-duff.rb
++++ b/operations/generated/svg-12-porter-duff.rb
+@@ -1,4 +1,5 @@
+ #!/usr/bin/env ruby
++# encoding: utf-8
+
+ copyright = '
+ /* !!!! AUTOGENERATED FILE generated by svg-12-porter-duff.rb !!!!!
+@@ -38,8 +39,8 @@ a = [
+ 'aA'],
+ ['dst', 'cB',
+ 'aB'],
+- ['src_over', 'cA + cB * (1.0f - aA)',
+- 'aA + aB - aA * aB'],
++# ['src_over', 'cA + cB * (1.0f - aA)',
++# 'aA + aB - aA * aB'],
+ ['dst_over', 'cB + cA * (1.0f - aB)',
+ 'aA + aB - aA * aB'],
+ ['dst_in', 'cB * aA', # <- XXX: typo?
+diff --git a/po/POTFILES.in b/po/POTFILES.in
+index e309594..d36cbc2 100644
+--- a/po/POTFILES.in
++++ b/po/POTFILES.in
+@@ -115,10 +115,9 @@ operations/generated/plus.c
+ operations/generated/screen.c
+ operations/generated/soft-light.c
+ operations/generated/src-atop.c
++operations/generated/src.c
+ operations/generated/src-in.c
+ operations/generated/src-out.c
+-operations/generated/src-over.c
+-operations/generated/src.c
+ operations/generated/subtract.c
+ operations/generated/svg-multiply.c
+ operations/generated/xor.c
+--
+1.8.3.1
+
More information about the arch-commits
mailing list