[arch-commits] Commit in zint/repos/community-x86_64 (5 files)
Balló György
bgyorgy at archlinux.org
Sun May 30 10:27:21 UTC 2021
Date: Sunday, May 30, 2021 @ 10:27:21
Author: bgyorgy
Revision: 950361
archrelease: copy trunk to community-x86_64
Added:
zint/repos/community-x86_64/PKGBUILD
(from rev 950360, zint/trunk/PKGBUILD)
zint/repos/community-x86_64/prevent-buffer-overflow.patch
(from rev 950360, zint/trunk/prevent-buffer-overflow.patch)
zint/repos/community-x86_64/zint-qt.appdata.xml
(from rev 950360, zint/trunk/zint-qt.appdata.xml)
Deleted:
zint/repos/community-x86_64/PKGBUILD
zint/repos/community-x86_64/zint-qt.appdata.xml
-------------------------------+
PKGBUILD | 95 ++++++++++++++++++-----------------
prevent-buffer-overflow.patch | 107 ++++++++++++++++++++++++++++++++++++++++
zint-qt.appdata.xml | 75 +++++++++++++++++-----------
3 files changed, 203 insertions(+), 74 deletions(-)
Deleted: PKGBUILD
===================================================================
--- PKGBUILD 2021-05-30 10:27:14 UTC (rev 950360)
+++ PKGBUILD 2021-05-30 10:27:21 UTC (rev 950361)
@@ -1,45 +0,0 @@
-# Maintainer: Balló György <ballogyor+arch at gmail dot com>
-
-pkgbase=zint
-pkgname=(zint zint-qt)
-pkgver=2.9.1
-pkgrel=1
-pkgdesc="Barcode encoding library supporting over 50 symbologies"
-arch=('x86_64')
-url="http://zint.org.uk/"
-license=('GPL')
-depends=('hicolor-icon-theme' 'qt5-base')
-makedepends=('cmake' 'qt5-tools')
-source=("https://downloads.sourceforge.net/$pkgname/$pkgname-$pkgver-src.tar.gz"
- zint-qt.appdata.xml)
-sha256sums=('bd286d863bc60d65a805ec3e46329c5273a13719724803b0ac02e5b5804c596a'
- '6c99514fb9079b6e6322b3b11fed5ff2c43cdcdd24c15e3cbf2663b884fc2f0c')
-
-build() {
- cd $pkgbase-$pkgver-src
- cmake -DCMAKE_INSTALL_PREFIX=/usr
- make
-}
-
-package_zint() {
- depends=('libpng')
-
- cd $pkgbase-$pkgver-src
- make DESTDIR="$pkgdir" install
-
- rm "$pkgdir/usr/bin/zint-qt" \
- "$pkgdir/usr/include/qzint.h" \
- "$pkgdir/usr/lib/libQZint.so"*
-}
-
-package_zint-qt() {
- pkgdesc="Zint Barcode Studio GUI"
- depends=('hicolor-icon-theme' 'qt5-base' 'zint')
-
- cd $pkgbase-$pkgver-src
- make -C backend_qt DESTDIR="$pkgdir" install
- make -C frontend_qt DESTDIR="$pkgdir" install
- install -Dm644 zint.png "$pkgdir/usr/share/icons/hicolor/48x48/apps/zint.png"
- install -Dm644 zint-qt.desktop "$pkgdir/usr/share/applications/zint-qt.desktop"
- install -Dm644 ../zint-qt.appdata.xml "$pkgdir/usr/share/metainfo/zint-qt.appdata.xml"
-}
Copied: zint/repos/community-x86_64/PKGBUILD (from rev 950360, zint/trunk/PKGBUILD)
===================================================================
--- PKGBUILD (rev 0)
+++ PKGBUILD 2021-05-30 10:27:21 UTC (rev 950361)
@@ -0,0 +1,50 @@
+# Maintainer: Balló György <ballogyor+arch at gmail dot com>
+
+pkgbase=zint
+pkgname=(zint zint-qt)
+pkgver=2.9.1
+pkgrel=2
+pkgdesc='Barcode encoding library supporting over 50 symbologies'
+arch=('x86_64')
+url='http://zint.org.uk/'
+license=('GPL3')
+depends=('hicolor-icon-theme' 'qt5-base')
+makedepends=('cmake' 'ninja' 'qt5-tools')
+source=("https://downloads.sourceforge.net/$pkgbase/$pkgbase-$pkgver-src.tar.gz"
+ 'prevent-buffer-overflow.patch'
+ 'zint-qt.appdata.xml')
+sha256sums=('bd286d863bc60d65a805ec3e46329c5273a13719724803b0ac02e5b5804c596a'
+ '59e6d31aadb8d9c586dc4f450afca8e799f8a1e2907872d7951f0c8455a85f7e'
+ '4286c7f56f0ea8fcf8dfa164b3a3fea08a02ad3b5111c6ac63c4d55134b67564')
+
+prepare() {
+ # Fix arbitrary code execution (CVE-2021-27799, FS#70051)
+ patch -d $pkgbase-$pkgver-src -Np1 -i ../prevent-buffer-overflow.patch
+}
+
+build() {
+ cmake -S $pkgbase-$pkgver-src -B build -G Ninja -DCMAKE_INSTALL_PREFIX=/usr
+ cmake --build build
+}
+
+package_zint() {
+ depends=('libpng')
+
+ DESTDIR="$pkgdir" cmake --install build
+
+ rm "$pkgdir/usr/bin/zint-qt" \
+ "$pkgdir/usr/include/qzint.h" \
+ "$pkgdir/usr/lib/libQZint.so"*
+}
+
+package_zint-qt() {
+ pkgdesc='Zint Barcode Studio GUI'
+ depends=('hicolor-icon-theme' 'qt5-base' 'zint')
+
+ DESTDIR="$pkgdir" cmake --install build/backend_qt
+ DESTDIR="$pkgdir" cmake --install build/frontend_qt
+
+ install -Dm644 $pkgbase-$pkgver-src/zint.png "$pkgdir/usr/share/icons/hicolor/48x48/apps/zint.png"
+ install -Dm644 $pkgbase-$pkgver-src/zint-qt.desktop "$pkgdir/usr/share/applications/zint-qt.desktop"
+ install -Dm644 zint-qt.appdata.xml "$pkgdir/usr/share/metainfo/zint-qt.appdata.xml"
+}
Copied: zint/repos/community-x86_64/prevent-buffer-overflow.patch (from rev 950360, zint/trunk/prevent-buffer-overflow.patch)
===================================================================
--- prevent-buffer-overflow.patch (rev 0)
+++ prevent-buffer-overflow.patch 2021-05-30 10:27:21 UTC (rev 950361)
@@ -0,0 +1,107 @@
+diff -Naur zint-2.9.1-src.orig/backend/composite.c zint-2.9.1-src/backend/composite.c
+--- zint-2.9.1-src.orig/backend/composite.c 2020-08-04 15:10:16.000000000 +0200
++++ zint-2.9.1-src/backend/composite.c 2021-05-30 12:12:34.021736406 +0200
+@@ -65,7 +65,7 @@
+
+ INTERNAL int eanx(struct zint_symbol *symbol, unsigned char source[], int length);
+ INTERNAL int ean_128(struct zint_symbol *symbol, unsigned char source[], const size_t length);
+-INTERNAL void ean_leading_zeroes(struct zint_symbol *symbol, unsigned char source[], unsigned char local_source[]);
++INTERNAL int ean_leading_zeroes(struct zint_symbol *symbol, unsigned char source[], unsigned char local_source[]);
+ INTERNAL int rss14(struct zint_symbol *symbol, unsigned char source[], int length);
+ INTERNAL int rsslimited(struct zint_symbol *symbol, unsigned char source[], int length);
+ INTERNAL int rssexpanded(struct zint_symbol *symbol, unsigned char source[], int length);
+@@ -1422,7 +1422,10 @@
+ int padded_pri_len;
+ char padded_pri[20];
+ padded_pri[0] = '\0';
+- ean_leading_zeroes(symbol, (unsigned char *) symbol->primary, (unsigned char *) padded_pri);
++ if (!ean_leading_zeroes(symbol, (unsigned char *) symbol->primary, (unsigned char *) padded_pri)) {
++ strcpy(symbol->errtxt, "448: Input wrong length in linear component");
++ return ZINT_ERROR_TOO_LONG;
++ }
+ padded_pri_len = strlen(padded_pri);
+ if (padded_pri_len <= 7) { /* EAN-8 */
+ cc_width = 3;
+diff -Naur zint-2.9.1-src.orig/backend/upcean.c zint-2.9.1-src/backend/upcean.c
+--- zint-2.9.1-src.orig/backend/upcean.c 2020-08-04 15:10:16.000000000 +0200
++++ zint-2.9.1-src/backend/upcean.c 2021-05-30 12:17:31.795044601 +0200
+@@ -125,7 +125,7 @@
+ /* Make a UPC A barcode when we haven't been given the check digit */
+ static int upca(struct zint_symbol *symbol, unsigned char source[], char dest[]) {
+ int length;
+- char gtin[15];
++ char gtin[13];
+
+ strcpy(gtin, (char*) source);
+ length = strlen(gtin);
+@@ -391,7 +391,7 @@
+ static int ean13(struct zint_symbol *symbol, unsigned char source[], char dest[]) {
+ unsigned int length, i, half_way;
+ char parity[6];
+- char gtin[15];
++ char gtin[14];
+
+ strcpy(parity, "");
+ strcpy(gtin, (char*) source);
+@@ -569,8 +569,8 @@
+ }
+
+ /* Add leading zeroes to EAN and UPC strings */
+-INTERNAL void ean_leading_zeroes(struct zint_symbol *symbol, unsigned char source[], unsigned char local_source[]) {
+- unsigned char first_part[20], second_part[20], zfirst_part[20], zsecond_part[20];
++INTERNAL int ean_leading_zeroes(struct zint_symbol *symbol, unsigned char source[], unsigned char local_source[]) {
++ unsigned char first_part[14], second_part[6], zfirst_part[14], zsecond_part[6];
+ int with_addon = 0;
+ int first_len = 0, second_len = 0, zfirst_len = 0, zsecond_len = 0, i, h;
+
+@@ -586,6 +586,9 @@
+ }
+ }
+ }
++ if (first_len > 13 || second_len > 5) {
++ return 0;
++ }
+
+ ustrcpy(first_part, (unsigned char *) "");
+ ustrcpy(second_part, (unsigned char *) "");
+@@ -598,9 +601,6 @@
+ first_part[i + 1] = '\0';
+ }
+
+- if (second_len >= 6) { /* Allow 6 (actual max 5) so as to trigger too long error */
+- second_len = 6;
+- }
+ for (i = 0; i < second_len; i++) {
+ second_part[i] = source[i + first_len + 1];
+ second_part[i + 1] = '\0';
+@@ -698,12 +698,13 @@
+ strcat((char*) local_source, "+");
+ strcat((char*) local_source, (char*) zsecond_part);
+ }
++
++ return 1; /* Success */
+ }
+
+-/* splits string to parts before and after '+' parts */
+ INTERNAL int eanx(struct zint_symbol *symbol, unsigned char source[], int src_len) {
+- unsigned char first_part[20] = {0}, second_part[7] = {0}, dest[1000] = {0};
+- unsigned char local_source[20] = {0};
++ unsigned char first_part[14] = {0}, second_part[6] = {0}, dest[1000] = {0};
++ unsigned char local_source[20] = {0}; /* Allow 13 + "+" + 5 + 1 */
+ unsigned int latch, reader, writer, with_addon;
+ int error_number, i, plus_count;
+ int addon_gap = 0;
+@@ -743,8 +744,11 @@
+ return ZINT_ERROR_INVALID_DATA;
+ }
+
+- /* Add leading zeroes */
+- ean_leading_zeroes(symbol, source, local_source);
++ /* Add leading zeroes, checking max lengths of parts */
++ if (!ean_leading_zeroes(symbol, source, local_source)) {
++ strcpy(symbol->errtxt, "294: Input too long");
++ return ZINT_ERROR_TOO_LONG;
++ }
+
+ for (reader = 0; reader < ustrlen(local_source); reader++) {
+ if (local_source[reader] == '+') {
Deleted: zint-qt.appdata.xml
===================================================================
--- zint-qt.appdata.xml 2021-05-30 10:27:14 UTC (rev 950360)
+++ zint-qt.appdata.xml 2021-05-30 10:27:21 UTC (rev 950361)
@@ -1,29 +0,0 @@
-<?xml version="1.0" encoding="UTF-8"?>
-<component type="desktop-application">
- <id>org.zint.zint-qt</id>
- <launchable type="desktop-id">zint-qt.desktop</launchable>
- <name>Zint Barcode Studio</name>
- <summary>Barcode generator</summary>
- <metadata_license>CC0-1.0</metadata_license>
- <project_license>GPL-3.0</project_license>
- <description>
- <p>The Zint project aims to provide a complete barcode generating solution. It is hoped that Zint provides a solution which is flexible enough for professional users while at the same time takes care of as much of the processing as possible to allow easy translation from input data to barcode image.</p>
- <p>Zint is currently able to encode data in over 50 barcode symbologies (types of barcode), for each of which it is possible to translate that data from either Unicode (UTF-8) or a raw 8-bit data stream. The image can be rendered as either a Portable Network Graphic (PNG) image, Windows Bitmap (BMP), Graphics Interchange Format (GIF), ZSoft Paintbrush image (PCX), as Encapsulated Post Script (EPS) or as a Scalable Vector Graphic (SVG). Many options are available for setting the characteristics of the output image including the size and colour of the image, the amount of error correction used in the symbol and, in the case of raster images, the orientation of the image.</p>
- </description>
- <screenshots>
- <screenshot type="default">
- <image>http://zint.org.uk/_images/manualImages/gui1.png</image>
- </screenshot>
- <screenshot>
- <image>http://zint.org.uk/_images/manualImages/gui2.png</image>
- </screenshot>
- <screenshot>
- <image>http://zint.org.uk/_images/manualImages/gui3.png</image>
- </screenshot>
- <screenshot>
- <image>http://zint.org.uk/_images/manualImages/gui4.png</image>
- </screenshot>
- </screenshots>
- <url type="bugtracker">https://sourceforge.net/p/zint/tickets/</url>
- <url type="homepage">http://zint.org.uk/</url>
-</component>
Copied: zint/repos/community-x86_64/zint-qt.appdata.xml (from rev 950360, zint/trunk/zint-qt.appdata.xml)
===================================================================
--- zint-qt.appdata.xml (rev 0)
+++ zint-qt.appdata.xml 2021-05-30 10:27:21 UTC (rev 950361)
@@ -0,0 +1,46 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<component type="desktop-application">
+ <id>uk.org.zint.zint-qt</id>
+ <name>Zint Barcode Studio</name>
+ <summary>Barcode generator</summary>
+ <metadata_license>CC0-1.0</metadata_license>
+ <project_license>GPL-3.0</project_license>
+ <description>
+ <p>The Zint project aims to provide a complete barcode generating solution. It is hoped that Zint provides a solution which is flexible enough for professional users while at the same time takes care of as much of the processing as possible to allow easy translation from input data to barcode image.</p>
+ <p>Zint is currently able to encode data in over 50 barcode symbologies (types of barcode), for each of which it is possible to translate that data from either Unicode (UTF-8) or a raw 8-bit data stream. The image can be rendered as either a Portable Network Graphic (PNG) image, Windows Bitmap (BMP), Graphics Interchange Format (GIF), ZSoft Paintbrush image (PCX), as Encapsulated Post Script (EPS) or as a Scalable Vector Graphic (SVG). Many options are available for setting the characteristics of the output image including the size and colour of the image, the amount of error correction used in the symbol and, in the case of raster images, the orientation of the image.</p>
+ </description>
+ <screenshots>
+ <screenshot type="default">
+ <image>
+ https://sourceforge.net/p/zint/screenshot/zint_26_shap4.png
+ </image>
+ <caption>Create barcodes from any data</caption>
+ </screenshot>
+ <screenshot>
+ <image>
+ https://sourceforge.net/p/zint/screenshot/zint_26_shap1.png
+ </image>
+ <caption>Add binding bars or boundary boxes</caption>
+ </screenshot>
+ <screenshot>
+ <image>
+ https://sourceforge.net/p/zint/screenshot/zint_26_shap2.png
+ </image>
+ <caption>Create composite symbols from GS1 data</caption>
+ </screenshot>
+ <screenshot>
+ <image>
+ https://sourceforge.net/p/zint/screenshot/zint_26_shap3.png
+ </image>
+ <caption>Create matrix symbols and specify symbol size</caption>
+ </screenshot>
+ </screenshots>
+
+ <url type="bugtracker">https://sourceforge.net/p/zint/tickets/</url>
+ <url type="homepage">http://zint.org.uk/</url>
+
+ <launchable type="desktop-id">zint-qt.desktop</launchable>
+
+ <content_rating type="oars-1.1" />
+
+</component>
More information about the arch-commits
mailing list