[arch-commits] Commit in gegl02/trunk (5 files)

Jan Steffens heftig at archlinux.org
Thu Sep 10 12:30:03 UTC 2015


    Date: Thursday, September 10, 2015 @ 14:30:02
  Author: heftig
Revision: 245724

0.2.0-1

Added:
  gegl02/trunk/PKGBUILD
  gegl02/trunk/gegl-0.2.0-CVE-2012-4433.patch
  gegl02/trunk/gegl-0.2.0-ffmpeg-0.11.patch
  gegl02/trunk/gegl-0.2.0-lua-5.2.patch
  gegl02/trunk/gegl-0.2.0-remove-src-over-op.patch

-------------------------------------+
 PKGBUILD                            |   59 ++++++++++
 gegl-0.2.0-CVE-2012-4433.patch      |  159 +++++++++++++++++++++++++++
 gegl-0.2.0-ffmpeg-0.11.patch        |   47 ++++++++
 gegl-0.2.0-lua-5.2.patch            |   53 +++++++++
 gegl-0.2.0-remove-src-over-op.patch |  195 ++++++++++++++++++++++++++++++++++
 5 files changed, 513 insertions(+)

Added: PKGBUILD
===================================================================
--- PKGBUILD	                        (rev 0)
+++ PKGBUILD	2015-09-10 12:30:02 UTC (rev 245724)
@@ -0,0 +1,59 @@
+# $Id$
+# Maintainer: Jan Alexander Steffens (heftig) <jan.steffens at gmail.com>
+# Contributor: Daniel Isenmann <daniel at archlinux.org>
+
+pkgname=gegl02
+pkgver=0.2.0
+pkgrel=1
+pkgdesc="Graph based image processing framework (v0.2)"
+arch=('i686' 'x86_64')
+url="http://www.gegl.org/"
+license=('GPL3' 'LGPL3')
+depends=('babl' 'libspiro')
+makedepends=('intltool' 'ruby' 'lua' 'libopenraw' 'openexr' 'mesa' 'glu' 'ffmpeg' 'librsvg' 'jasper' 'exiv2' 'vala')
+optdepends=('libopenraw: openraw plugin'
+            'openexr: openexr plugin'
+            'ffmpeg: ffmpeg plugin'
+            'librsvg: svg plugin'
+            'jasper: jasper plugin')
+options=(!makeflags)
+source=(http://ftp.gimp.org/pub/gegl/${pkgver%.*}/gegl-${pkgver}.tar.bz2
+        gegl-0.2.0-ffmpeg-0.11.patch
+        gegl-0.2.0-CVE-2012-4433.patch
+        gegl-0.2.0-lua-5.2.patch
+        gegl-0.2.0-remove-src-over-op.patch)
+sha1sums=('764cc66cb3c7b261b8fc18a6268a0e264a91d573'
+          'f5e4c0edd32e088f768e303081f1ed2d80588d4c'
+          '44d48bd9ad008703de9f8eb683d557bac39a02c8'
+          'c78a092b880874ba7784b652bcd9c532e2b9975d'
+          'dc9ae21cc5ba0fb47ef05793f0cb169572dfab74')
+
+prepare() {
+  cd gegl-${pkgver}
+  patch -Np1 -i ../gegl-0.2.0-ffmpeg-0.11.patch
+  patch -Np1 -i ../gegl-0.2.0-CVE-2012-4433.patch
+  patch -Np1 -i ../gegl-0.2.0-lua-5.2.patch
+  patch -Np1 -i ../gegl-0.2.0-remove-src-over-op.patch
+}
+
+build() {
+  cd gegl-${pkgver}
+  ./configure  --prefix=/usr  --with-sdl --with-librsvg \
+    --with-libavformat --with-jasper --without-umfpack --disable-docs
+
+  # https://bugzilla.gnome.org/show_bug.cgi?id=655517
+  sed -i -e 's/ -shared / -Wl,-O1,--as-needed\0/g' libtool
+
+  make
+}
+
+check() {
+  cd gegl-${pkgver}
+  make -k check || :
+}
+
+package() {
+  cd gegl-${pkgver}
+  make DESTDIR="${pkgdir}" install
+  rm -r "${pkgdir}/usr/bin"
+}


Property changes on: gegl02/trunk/PKGBUILD
___________________________________________________________________
Added: svn:keywords
## -0,0 +1 ##
+Id
\ No newline at end of property
Added: gegl-0.2.0-CVE-2012-4433.patch
===================================================================
--- gegl-0.2.0-CVE-2012-4433.patch	                        (rev 0)
+++ gegl-0.2.0-CVE-2012-4433.patch	2015-09-10 12:30:02 UTC (rev 245724)
@@ -0,0 +1,159 @@
+From ffa77a246652c7e706d690682fe659f50fbe5656 Mon Sep 17 00:00:00 2001
+From: Nils Philippsen <nils at redhat.com>
+Date: Mon, 1 Jul 2013 12:03:51 +0200
+Subject: [PATCH] patch: CVE-2012-4433
+
+Squashed commit of the following:
+
+commit 2a9071e2dc4cfe1aaa7a726805985281936f9874
+Author: Nils Philippsen <nils at redhat.com>
+Date:   Tue Oct 16 16:57:37 2012 +0200
+
+    ppm-load: bring comment in line with reality
+
+    (cherry picked from commit 6975a9cfeaf0698b42ac81b1c2f00d13c8755453)
+
+commit 8bb88ebf78e54837322d3be74688f98800e9f33a
+Author: Nils Philippsen <nils at redhat.com>
+Date:   Tue Oct 16 16:56:40 2012 +0200
+
+    ppm-load: CVE-2012-4433: add plausibility checks for header fields
+
+    Refuse values that are non-decimal, negative or overflow the target
+    type.
+
+    (cherry picked from commit 4757cdf73d3675478d645a3ec8250ba02168a230)
+
+commit 2b099886969bf055a8635d06a4d89f20fed1ee42
+Author: Nils Philippsen <nils at redhat.com>
+Date:   Tue Oct 16 16:58:27 2012 +0200
+
+    ppm-load: CVE-2012-4433: don't overflow memory allocation
+
+    Carefully selected width/height values could cause the size of a later
+    allocation to overflow, resulting in a buffer much too small to store
+    the data which would then written beyond its end.
+
+    (cherry picked from commit 1e92e5235ded0415d555aa86066b8e4041ee5a53)
+---
+ operations/external/ppm-load.c | 64 +++++++++++++++++++++++++++++++++++-------
+ 1 file changed, 54 insertions(+), 10 deletions(-)
+
+diff --git a/operations/external/ppm-load.c b/operations/external/ppm-load.c
+index efe6d56..e22521c 100644
+--- a/operations/external/ppm-load.c
++++ b/operations/external/ppm-load.c
+@@ -36,6 +36,7 @@ gegl_chant_file_path (path, _("File"), "", _("Path of file to load."))
+ #include "gegl-chant.h"
+ #include <stdio.h>
+ #include <stdlib.h>
++#include <errno.h>
+ 
+ typedef enum {
+   PIXMAP_ASCII  = 51,
+@@ -44,8 +45,8 @@ typedef enum {
+ 
+ typedef struct {
+ 	map_type   type;
+-	gint       width;
+-	gint       height;
++	glong      width;
++	glong      height;
+         gsize      numsamples; /* width * height * channels */
+         gsize      bpc;        /* bytes per channel */
+ 	guchar    *data;
+@@ -61,7 +62,7 @@ ppm_load_read_header(FILE       *fp,
+     gchar  header[MAX_CHARS_IN_ROW];
+     gint   maxval;
+ 
+-    /* Check the PPM file Type P2 or P5 */
++    /* Check the PPM file Type P3 or P6 */
+     fgets (header,MAX_CHARS_IN_ROW,fp);
+ 
+     if (header[0] != ASCII_P ||
+@@ -82,12 +83,33 @@ ppm_load_read_header(FILE       *fp,
+       }
+ 
+     /* Get Width and Height */
+-    img->width  = strtol (header,&ptr,0);
+-    img->height = atoi (ptr);
+-    img->numsamples = img->width * img->height * CHANNEL_COUNT;
++    errno = 0;
++    img->width  = strtol (header,&ptr,10);
++    if (errno)
++      {
++        g_warning ("Error reading width: %s", strerror(errno));
++        return FALSE;
++      }
++    else if (img->width < 0)
++      {
++        g_warning ("Error: width is negative");
++        return FALSE;
++      }
++
++    img->height = strtol (ptr,&ptr,10);
++    if (errno)
++      {
++        g_warning ("Error reading height: %s", strerror(errno));
++        return FALSE;
++      }
++    else if (img->width < 0)
++      {
++        g_warning ("Error: height is negative");
++        return FALSE;
++      }
+ 
+     fgets (header,MAX_CHARS_IN_ROW,fp);
+-    maxval = strtol (header,&ptr,0);
++    maxval = strtol (header,&ptr,10);
+ 
+     if ((maxval != 255) && (maxval != 65535))
+       {
+@@ -109,6 +131,16 @@ ppm_load_read_header(FILE       *fp,
+       g_warning ("%s: Programmer stupidity error", G_STRLOC);
+     }
+ 
++    /* Later on, img->numsamples is multiplied with img->bpc to allocate
++     * memory. Ensure it doesn't overflow. */
++    if (!img->width || !img->height ||
++        G_MAXSIZE / img->width / img->height / CHANNEL_COUNT < img->bpc)
++      {
++        g_warning ("Illegal width/height: %ld/%ld", img->width, img->height);
++        return FALSE;
++      }
++    img->numsamples = img->width * img->height * CHANNEL_COUNT;
++
+     return TRUE;
+ }
+ 
+@@ -229,12 +261,24 @@ process (GeglOperation       *operation,
+   if (!ppm_load_read_header (fp, &img))
+     goto out;
+ 
+-  rect.height = img.height;
+-  rect.width = img.width;
+-
+   /* Allocating Array Size */
++
++  /* Should use g_try_malloc(), but this causes crashes elsewhere because the
++   * error signalled by returning FALSE isn't properly acted upon. Therefore
++   * g_malloc() is used here which aborts if the requested memory size can't be
++   * allocated causing a controlled crash. */
+   img.data = (guchar*) g_malloc (img.numsamples * img.bpc);
+ 
++  /* No-op without g_try_malloc(), see above. */
++  if (! img.data)
++    {
++      g_warning ("Couldn't allocate %" G_GSIZE_FORMAT " bytes, giving up.", ((gsize)img.numsamples * img.bpc));
++      goto out;
++    }
++
++  rect.height = img.height;
++  rect.width = img.width;
++
+   switch (img.bpc)
+     {
+     case 1:
+-- 
+1.8.3.1
+

Added: gegl-0.2.0-ffmpeg-0.11.patch
===================================================================
--- gegl-0.2.0-ffmpeg-0.11.patch	                        (rev 0)
+++ gegl-0.2.0-ffmpeg-0.11.patch	2015-09-10 12:30:02 UTC (rev 245724)
@@ -0,0 +1,47 @@
+--- ./operations/external/ff-load.c	2012-04-01 14:17:57.000000000 +0300
++++ ./operations/external/ff-load.c.new	2014-10-23 01:49:25.090139749 +0300
+@@ -137,7 +137,7 @@
+       if (p->enc)
+         avcodec_close (p->enc);
+       if (p->ic)
+-        av_close_input_file (p->ic);
++        avformat_close_input(&p->ic);
+       if (p->lavc_frame)
+         av_free (p->lavc_frame);
+ 
+@@ -216,9 +216,9 @@
+             {
+               do
+                 {
+-                  if (av_read_packet (p->ic, &p->pkt) < 0)
++                  if (av_read_frame (p->ic, &p->pkt) < 0)
+                     {
+-                      fprintf (stderr, "av_read_packet failed for %s\n",
++                      fprintf (stderr, "av_read_frame failed for %s\n",
+                                o->path);
+                       return -1;
+                     }
+@@ -271,12 +271,12 @@
+       gint err;
+ 
+       ff_cleanup (o);
+-      err = av_open_input_file (&p->ic, o->path, NULL, 0, NULL);
++      err = avformat_open_input(&p->ic, o->path, NULL, 0);
+       if (err < 0)
+         {
+           print_error (o->path, err);
+         }
+-      err = av_find_stream_info (p->ic);
++      err = avformat_find_stream_info (p->ic, NULL);
+       if (err < 0)
+         {
+           g_warning ("ff-load: error finding stream info for %s", o->path);
+@@ -312,7 +312,7 @@
+       if (p->codec->capabilities & CODEC_CAP_TRUNCATED)
+         p->enc->flags |= CODEC_FLAG_TRUNCATED;
+ 
+-      if (avcodec_open (p->enc, p->codec) < 0)
++      if (avcodec_open2 (p->enc, p->codec, NULL) < 0)
+         {
+           g_warning ("error opening codec %s", p->enc->codec->name);
+           return;
\ No newline at end of file

Added: gegl-0.2.0-lua-5.2.patch
===================================================================
--- gegl-0.2.0-lua-5.2.patch	                        (rev 0)
+++ gegl-0.2.0-lua-5.2.patch	2015-09-10 12:30:02 UTC (rev 245724)
@@ -0,0 +1,53 @@
+From 1e12a153d9a82a771c3bfd95c0265b810a424b3c Mon Sep 17 00:00:00 2001
+From: Nils Philippsen <nils at redhat.com>
+Date: Mon, 1 Jul 2013 14:41:33 +0200
+Subject: [PATCH] patch: lua-5.2
+
+Squashed commit of the following:
+
+commit 96f65d260c6e40940f2818b721c19565c1b40607
+Author: Vincent Untz <vuntz at gnome.org>
+Date:   Wed Jan 11 09:52:25 2012 +0100
+
+    Fix build with lua 5.2 by not using API deprecated in 5.1 already
+
+    https://bugzilla.gnome.org/show_bug.cgi?id=667675
+    (cherry picked from commit a14a29c39352c60f003a65b721c9af8a1d8d20df)
+---
+ operations/workshop/external/gluas.c | 6 +++---
+ 1 file changed, 3 insertions(+), 3 deletions(-)
+
+diff --git a/operations/workshop/external/gluas.c b/operations/workshop/external/gluas.c
+index 8ba1101..63e82a2 100644
+--- a/operations/workshop/external/gluas.c
++++ b/operations/workshop/external/gluas.c
+@@ -97,7 +97,7 @@ static int l_progress  (lua_State * lua);
+ static int l_flush     (lua_State * lua);
+ static int l_print     (lua_State * lua);
+ 
+-static const luaL_reg gluas_functions[] =
++static const luaL_Reg gluas_functions[] =
+ {
+     {"set_rgba",    l_set_rgba},
+     {"get_rgba",    l_get_rgba},
+@@ -122,7 +122,7 @@ static const luaL_reg gluas_functions[] =
+ };
+ static void
+ register_functions (lua_State      *L,
+-                    const luaL_reg *l)
++                    const luaL_Reg *l)
+ {
+   for (;l->name; l++)
+     lua_register (L, l->name, l->func);
+@@ -146,7 +146,7 @@ drawable_lua_process (GeglOperation       *op,
+     lua_State *L;
+     Priv p;
+ 
+-    L = lua_open ();
++    L = luaL_newstate ();
+     luaL_openlibs (L);
+ 
+     register_functions (L, gluas_functions);
+-- 
+1.8.3.1
+

Added: gegl-0.2.0-remove-src-over-op.patch
===================================================================
--- gegl-0.2.0-remove-src-over-op.patch	                        (rev 0)
+++ gegl-0.2.0-remove-src-over-op.patch	2015-09-10 12:30:02 UTC (rev 245724)
@@ -0,0 +1,195 @@
+From 72168aba34445e4cd99aaed32d8e6a80e89ce729 Mon Sep 17 00:00:00 2001
+From: Nils Philippsen <nils at redhat.com>
+Date: Mon, 1 Jul 2013 13:53:18 +0200
+Subject: [PATCH] patch: remove-src-over-op
+
+Squashed commit of the following:
+
+commit b766094d951bf1515a75408ee85d4e1af432e6bd
+Author: Daniel Sabo <DanielSabo at gmail.com>
+Date:   Tue Jun 4 20:57:03 2013 -0700
+
+    Remove auto-generated svg:src-over
+
+    It was already shadowed by gegl:over, which declares
+    svg:src-over as a compat-name.
+
+    (cherry picked from commit c1caf2401271e8a17fd1937bf84279c250bd8e2a)
+
+    Conflicts:
+    	po/POTFILES.in
+---
+ operations/generated/src-over.c            | 122 -----------------------------
+ operations/generated/svg-12-porter-duff.rb |   5 +-
+ po/POTFILES.in                             |   3 +-
+ 3 files changed, 4 insertions(+), 126 deletions(-)
+ delete mode 100644 operations/generated/src-over.c
+
+diff --git a/operations/generated/src-over.c b/operations/generated/src-over.c
+deleted file mode 100644
+index e586087..0000000
+--- a/operations/generated/src-over.c
++++ /dev/null
+@@ -1,122 +0,0 @@
+-
+-/* !!!! AUTOGENERATED FILE generated by svg-12-porter-duff.rb !!!!!
+- *
+- * This file is an image processing operation for GEGL
+- *
+- * GEGL is free software; you can redistribute it and/or
+- * modify it under the terms of the GNU Lesser General Public
+- * License as published by the Free Software Foundation; either
+- * version 3 of the License, or (at your option) any later version.
+- *
+- * GEGL is distributed in the hope that it will be useful,
+- * but WITHOUT ANY WARRANTY; without even the implied warranty of
+- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+- * Lesser General Public License for more details.
+- *
+- * You should have received a copy of the GNU Lesser General Public
+- * License along with GEGL; if not, see <http://www.gnu.org/licenses/>.
+- *
+- *  Copyright 2006, 2007 Øyvind Kolås <pippin at gimp.org>
+- *            2007 John Marshall
+- *
+- * SVG rendering modes; see:
+- *     http://www.w3.org/TR/SVG12/rendering.html
+- *     http://www.w3.org/TR/2004/WD-SVG12-20041027/rendering.html#comp-op-prop
+- *
+- *     aA = aux(src) alpha      aB = in(dst) alpha      aD = out alpha
+- *     cA = aux(src) colour     cB = in(dst) colour     cD = out colour
+- *
+- * !!!! AUTOGENERATED FILE !!!!!
+- */
+-#include "config.h"
+-#include <glib/gi18n-lib.h>
+-
+-
+-#ifdef GEGL_CHANT_PROPERTIES
+-
+-/* no properties */
+-
+-#else
+-
+-#define GEGL_CHANT_TYPE_POINT_COMPOSER
+-#define GEGL_CHANT_C_FILE        "src-over.c"
+-
+-#include "gegl-chant.h"
+-
+-static void prepare (GeglOperation *operation)
+-{
+-  const Babl *format = babl_format ("RaGaBaA float");
+-
+-  gegl_operation_set_format (operation, "input", format);
+-  gegl_operation_set_format (operation, "aux", format);
+-  gegl_operation_set_format (operation, "output", format);
+-}
+-
+-static gboolean
+-process (GeglOperation        *op,
+-          void                *in_buf,
+-          void                *aux_buf,
+-          void                *out_buf,
+-          glong                n_pixels,
+-          const GeglRectangle *roi,
+-          gint                 level)
+-{
+-  gint i;
+-  gfloat * GEGL_ALIGNED in = in_buf;
+-  gfloat * GEGL_ALIGNED aux = aux_buf;
+-  gfloat * GEGL_ALIGNED out = out_buf;
+-
+-  if (aux==NULL)
+-    return TRUE;
+-
+-  for (i = 0; i < n_pixels; i++)
+-    {
+-      gint   j;
+-      gfloat aA G_GNUC_UNUSED, aB G_GNUC_UNUSED, aD G_GNUC_UNUSED;
+-
+-      aB = in[3];
+-      aA = aux[3];
+-      aD = aA + aB - aA * aB;
+-
+-      for (j = 0; j < 3; j++)
+-        {
+-          gfloat cA G_GNUC_UNUSED, cB G_GNUC_UNUSED;
+-
+-          cB = in[j];
+-          cA = aux[j];
+-          out[j] = cA + cB * (1.0f - aA);
+-        }
+-      out[3] = aD;
+-      in  += 4;
+-      aux += 4;
+-      out += 4;
+-    }
+-  return TRUE;
+-}
+-
+-
+-static void
+-gegl_chant_class_init (GeglChantClass *klass)
+-{
+-  GeglOperationClass              *operation_class;
+-  GeglOperationPointComposerClass *point_composer_class;
+-
+-  operation_class      = GEGL_OPERATION_CLASS (klass);
+-  point_composer_class = GEGL_OPERATION_POINT_COMPOSER_CLASS (klass);
+-
+-  point_composer_class->process = process;
+-  operation_class->prepare = prepare;
+-
+-
+-  operation_class->compat_name = "gegl:src-over";
+-  gegl_operation_class_set_keys (operation_class,
+-    "name"      , "svg:src-over",
+-    "categories", "compositors:porter-duff",
+-    "description",
+-        _("Porter Duff operation src-over (d = cA + cB * (1.0f - aA))"),
+-        NULL);
+- 
+-
+-}
+-
+-#endif
+diff --git a/operations/generated/svg-12-porter-duff.rb b/operations/generated/svg-12-porter-duff.rb
+index 5516802..dab5d2f 100755
+--- a/operations/generated/svg-12-porter-duff.rb
++++ b/operations/generated/svg-12-porter-duff.rb
+@@ -1,4 +1,5 @@
+ #!/usr/bin/env ruby
++# encoding: utf-8
+ 
+ copyright = '
+ /* !!!! AUTOGENERATED FILE generated by svg-12-porter-duff.rb !!!!!
+@@ -38,8 +39,8 @@ a = [
+                         'aA'],
+       ['dst',           'cB',
+                         'aB'],
+-      ['src_over',      'cA + cB * (1.0f - aA)',
+-                        'aA + aB - aA * aB'],
++#      ['src_over',      'cA + cB * (1.0f - aA)',
++#                        'aA + aB - aA * aB'],
+       ['dst_over',      'cB + cA * (1.0f - aB)',
+                         'aA + aB - aA * aB'],
+       ['dst_in',        'cB * aA', # <- XXX: typo?
+diff --git a/po/POTFILES.in b/po/POTFILES.in
+index e309594..d36cbc2 100644
+--- a/po/POTFILES.in
++++ b/po/POTFILES.in
+@@ -115,10 +115,9 @@ operations/generated/plus.c
+ operations/generated/screen.c
+ operations/generated/soft-light.c
+ operations/generated/src-atop.c
++operations/generated/src.c
+ operations/generated/src-in.c
+ operations/generated/src-out.c
+-operations/generated/src-over.c
+-operations/generated/src.c
+ operations/generated/subtract.c
+ operations/generated/svg-multiply.c
+ operations/generated/xor.c
+-- 
+1.8.3.1
+



More information about the arch-commits mailing list