+++ /dev/null
-From ffa77a246652c7e706d690682fe659f50fbe5656 Mon Sep 17 00:00:00 2001
-From: Nils Philippsen <nils@redhat.com>
-Date: Mon, 1 Jul 2013 12:03:51 +0200
-Subject: [PATCH] patch: CVE-2012-4433
-
-Squashed commit of the following:
-
-commit 2a9071e2dc4cfe1aaa7a726805985281936f9874
-Author: Nils Philippsen <nils@redhat.com>
-Date: Tue Oct 16 16:57:37 2012 +0200
-
- ppm-load: bring comment in line with reality
-
- (cherry picked from commit 6975a9cfeaf0698b42ac81b1c2f00d13c8755453)
-
-commit 8bb88ebf78e54837322d3be74688f98800e9f33a
-Author: Nils Philippsen <nils@redhat.com>
-Date: Tue Oct 16 16:56:40 2012 +0200
-
- ppm-load: CVE-2012-4433: add plausibility checks for header fields
-
- Refuse values that are non-decimal, negative or overflow the target
- type.
-
- (cherry picked from commit 4757cdf73d3675478d645a3ec8250ba02168a230)
-
-commit 2b099886969bf055a8635d06a4d89f20fed1ee42
-Author: Nils Philippsen <nils@redhat.com>
-Date: Tue Oct 16 16:58:27 2012 +0200
-
- ppm-load: CVE-2012-4433: don't overflow memory allocation
-
- Carefully selected width/height values could cause the size of a later
- allocation to overflow, resulting in a buffer much too small to store
- the data which would then written beyond its end.
-
- (cherry picked from commit 1e92e5235ded0415d555aa86066b8e4041ee5a53)
----
- operations/external/ppm-load.c | 64 +++++++++++++++++++++++++++++++++++-------
- 1 file changed, 54 insertions(+), 10 deletions(-)
-
-diff --git a/operations/external/ppm-load.c b/operations/external/ppm-load.c
-index efe6d56..e22521c 100644
---- a/operations/external/ppm-load.c
-+++ b/operations/external/ppm-load.c
-@@ -36,6 +36,7 @@ gegl_chant_file_path (path, _("File"), "", _("Path of file to load."))
- #include "gegl-chant.h"
- #include <stdio.h>
- #include <stdlib.h>
-+#include <errno.h>
-
- typedef enum {
- PIXMAP_ASCII = 51,
-@@ -44,8 +45,8 @@ typedef enum {
-
- typedef struct {
- map_type type;
-- gint width;
-- gint height;
-+ glong width;
-+ glong height;
- gsize numsamples; /* width * height * channels */
- gsize bpc; /* bytes per channel */
- guchar *data;
-@@ -61,7 +62,7 @@ ppm_load_read_header(FILE *fp,
- gchar header[MAX_CHARS_IN_ROW];
- gint maxval;
-
-- /* Check the PPM file Type P2 or P5 */
-+ /* Check the PPM file Type P3 or P6 */
- fgets (header,MAX_CHARS_IN_ROW,fp);
-
- if (header[0] != ASCII_P ||
-@@ -82,12 +83,33 @@ ppm_load_read_header(FILE *fp,
- }
-
- /* Get Width and Height */
-- img->width = strtol (header,&ptr,0);
-- img->height = atoi (ptr);
-- img->numsamples = img->width * img->height * CHANNEL_COUNT;
-+ errno = 0;
-+ img->width = strtol (header,&ptr,10);
-+ if (errno)
-+ {
-+ g_warning ("Error reading width: %s", strerror(errno));
-+ return FALSE;
-+ }
-+ else if (img->width < 0)
-+ {
-+ g_warning ("Error: width is negative");
-+ return FALSE;
-+ }
-+
-+ img->height = strtol (ptr,&ptr,10);
-+ if (errno)
-+ {
-+ g_warning ("Error reading height: %s", strerror(errno));
-+ return FALSE;
-+ }
-+ else if (img->width < 0)
-+ {
-+ g_warning ("Error: height is negative");
-+ return FALSE;
-+ }
-
- fgets (header,MAX_CHARS_IN_ROW,fp);
-- maxval = strtol (header,&ptr,0);
-+ maxval = strtol (header,&ptr,10);
-
- if ((maxval != 255) && (maxval != 65535))
- {
-@@ -109,6 +131,16 @@ ppm_load_read_header(FILE *fp,
- g_warning ("%s: Programmer stupidity error", G_STRLOC);
- }
-
-+ /* Later on, img->numsamples is multiplied with img->bpc to allocate
-+ * memory. Ensure it doesn't overflow. */
-+ if (!img->width || !img->height ||
-+ G_MAXSIZE / img->width / img->height / CHANNEL_COUNT < img->bpc)
-+ {
-+ g_warning ("Illegal width/height: %ld/%ld", img->width, img->height);
-+ return FALSE;
-+ }
-+ img->numsamples = img->width * img->height * CHANNEL_COUNT;
-+
- return TRUE;
- }
-
-@@ -229,12 +261,24 @@ process (GeglOperation *operation,
- if (!ppm_load_read_header (fp, &img))
- goto out;
-
-- rect.height = img.height;
-- rect.width = img.width;
--
- /* Allocating Array Size */
-+
-+ /* Should use g_try_malloc(), but this causes crashes elsewhere because the
-+ * error signalled by returning FALSE isn't properly acted upon. Therefore
-+ * g_malloc() is used here which aborts if the requested memory size can't be
-+ * allocated causing a controlled crash. */
- img.data = (guchar*) g_malloc (img.numsamples * img.bpc);
-
-+ /* No-op without g_try_malloc(), see above. */
-+ if (! img.data)
-+ {
-+ g_warning ("Couldn't allocate %" G_GSIZE_FORMAT " bytes, giving up.", ((gsize)img.numsamples * img.bpc));
-+ goto out;
-+ }
-+
-+ rect.height = img.height;
-+ rect.width = img.width;
-+
- switch (img.bpc)
- {
- case 1:
---
-1.8.3.1
-
+++ /dev/null
-diff -up operations/external/ff-load.c.ffmpeg operations/external/ff-load.c
---- operations/external/ff-load.c.ffmpeg 2012-04-01 08:17:57.000000000 -0300
-+++ operations/external/ff-load.c 2013-04-21 17:45:01.635916966 -0300
-@@ -137,7 +137,7 @@ ff_cleanup (GeglChantO *o)
- if (p->enc)
- avcodec_close (p->enc);
- if (p->ic)
-- av_close_input_file (p->ic);
-+ avformat_close_input(&p->ic);
- if (p->lavc_frame)
- av_free (p->lavc_frame);
-
-@@ -216,9 +216,9 @@ decode_frame (GeglOperation *operation,
- {
- do
- {
-- if (av_read_packet (p->ic, &p->pkt) < 0)
-+ if (av_read_frame (p->ic, &p->pkt) < 0)
- {
-- fprintf (stderr, "av_read_packet failed for %s\n",
-+ fprintf (stderr, "av_read_frame failed for %s\n",
- o->path);
- return -1;
- }
-@@ -271,12 +271,12 @@ prepare (GeglOperation *operation)
- gint err;
-
- ff_cleanup (o);
-- err = av_open_input_file (&p->ic, o->path, NULL, 0, NULL);
-+ err = avformat_open_input (&p->ic, o->path, NULL, NULL);
- if (err < 0)
- {
- print_error (o->path, err);
- }
-- err = av_find_stream_info (p->ic);
-+ err = avformat_find_stream_info (p->ic, NULL);
- if (err < 0)
- {
- g_warning ("ff-load: error finding stream info for %s", o->path);
-@@ -312,7 +312,7 @@ prepare (GeglOperation *operation)
- if (p->codec->capabilities & CODEC_CAP_TRUNCATED)
- p->enc->flags |= CODEC_FLAG_TRUNCATED;
-
-- if (avcodec_open (p->enc, p->codec) < 0)
-+ if (avcodec_open2 (p->enc, p->codec, NULL) < 0)
- {
- g_warning ("error opening codec %s", p->enc->codec->name);
- return;
-diff -up operations/workshop/external/ff-save.c.ffmpeg operations/workshop/external/ff-save.c
---- operations/workshop/external/ff-save.c.ffmpeg 2012-03-29 17:05:50.000000000 -0300
-+++ operations/workshop/external/ff-save.c 2013-04-21 17:46:21.347953811 -0300
-@@ -568,7 +568,7 @@ open_video (Priv * p, AVFormatContext *
- }
-
- /* open the codec */
-- if (avcodec_open (c, codec) < 0)
-+ if (avcodec_open2 (c, codec, NULL) < 0)
- {
- fprintf (stderr, "could not open codec\n");
- exit (1);
-@@ -769,26 +769,20 @@ tfile (GeglChantO *self)
- /*XXX: FOO p->audio_st = add_audio_stream (op, p->oc, p->fmt->audio_codec);*/
- }
-
-- if (av_set_parameters (p->oc, NULL) < 0)
-- {
-- fprintf (stderr, "Invalid output format propeters\n%s", "");
-- return -1;
-- }
--
-- dump_format (p->oc, 0, self->path, 1);
-+ av_dump_format (p->oc, 0, self->path, 1);
-
- if (p->video_st)
- open_video (p, p->oc, p->video_st);
- if (p->audio_st)
- open_audio (p, p->oc, p->audio_st);
-
-- if (url_fopen (&p->oc->pb, self->path, URL_WRONLY) < 0)
-+ if (avio_open (&p->oc->pb, self->path, AVIO_FLAG_WRITE) < 0)
- {
- fprintf (stderr, "couldn't open '%s'\n", self->path);
- return -1;
- }
-
-- av_write_header (p->oc);
-+ avformat_write_header (p->oc, NULL);
-
- return 0;
- }
-@@ -858,7 +852,7 @@ finalize (GObject *object)
- av_freep (&p->oc->streams[i]);
- }
-
-- url_fclose (&p->oc->pb);
-+ avio_close (&p->oc->pb);
- free (p->oc);
- }
- g_free (o->chant_data);
+++ /dev/null
---- gegl-0.2.0/gegl/Makefile.am.orig 2012-03-25 23:30:17.000000000 +0200
-+++ gegl-0.2.0/gegl/Makefile.am 2012-04-18 20:03:57.989734708 +0200
-@@ -118,10 +118,10 @@
- INCLUDES = $(AM_CFLAGS) $(AM_CPPFLAGS)
-
- Gegl-@GEGL_API_VERSION@.gir: libgegl-@GEGL_API_VERSION@.la Makefile
--Gegl_0_1_gir_INCLUDES = GObject-2.0 GLib-2.0 Babl-0.1
--Gegl_0_1_gir_CFLAGS = $(INCLUDES)
--Gegl_0_1_gir_LIBS = libgegl-@GEGL_API_VERSION@.la
--Gegl_0_1_gir_FILES = $(introspection_sources)
-+Gegl_0_2_gir_INCLUDES = GObject-2.0 GLib-2.0 Babl-0.1
-+Gegl_0_2_gir_CFLAGS = $(INCLUDES)
-+Gegl_0_2_gir_LIBS = libgegl-@GEGL_API_VERSION@.la
-+Gegl_0_2_gir_FILES = $(introspection_sources)
- INTROSPECTION_GIRS += Gegl-@GEGL_API_VERSION@.gir
-
- girdir = $(datadir)/gir-1.0
---- gegl-0.1.8/tools/create-reference.rb.orig 2011-11-18 17:00:53.000000000 +0100
-+++ gegl-0.1.8/tools/create-reference.rb 2011-11-26 08:00:21.108041541 +0100
+--- gegl-0.3.0/tools/gobj2dot.rb,orig 2015-05-17 02:32:23.000000000 +0200
++++ gegl-0.3.0/tools/gobj2dot.rb 2015-10-24 18:10:58.319944754 +0200
@@ -1,4 +1,4 @@
-#!/usr/bin/env ruby
+#!/usr/bin/ruby -Eutf-8
- # GEGL API creator Øyvind Kolås 2007,
- #
+ # This program is free software; you can redistribute it and/or modify
+ # it under the terms of the GNU General Public License as published by
%bcond_with sse # use SSE instructions
%bcond_without doc # apidocs
%bcond_without static_libs # static library
-# reenable when new babl will arrive that actually is able to build
-%bcond_with introspection # API introspection
-# reenable when new babl will arrive that actually is able to build
-%bcond_with vala # Vala API
+%bcond_without introspection # API introspection
+%bcond_without vala # Vala API
%ifarch %{x8664} athlon pentium3 pentium4
%define with_mmx 1
Summary: Generic image processing library
Summary(pl.UTF-8): Ogólna biblioteka przetwarzania obrazu
Name: gegl
-Version: 0.2.0
-Release: 12
+Version: 0.3.0
+Release: 1
License: LGPL v3+
Group: Libraries
-Source0: http://ftp.gimp.org/pub/gegl/0.2/%{name}-%{version}.tar.bz2
-# Source0-md5: 32b00002f1f1e316115c4ed922e1dec8
+Source0: http://ftp.gimp.org/pub/gegl/0.3/%{name}-%{version}.tar.bz2
+# Source0-md5: 6d71daab78377d5074a74651bbf7a76a
Patch0: %{name}-lua.patch
-Patch1: %{name}-ffmpeg.patch
Patch2: %{name}-ruby1.9.patch
Patch3: %{name}-build.patch
-Patch4: %{name}-introspection.patch
Patch5: umfpack.patch
-Patch6: CVE-2012-4433.patch
URL: http://www.gegl.org/
-%{?with_introspection:BuildRequires: /usr/share/gir-1.0/Babl-0.1.gir}
BuildRequires: OpenEXR-devel
BuildRequires: SDL-devel
BuildRequires: UMFPACK-devel
%prep
%setup -q
%patch0 -p1
-%patch1 -p0
%patch2 -p1
%patch3 -p1
-%patch4 -p1
%patch5 -p1
-%patch6 -p1
%build
%{__libtoolize}
gtkdochtmldir=%{_gtkdocdir}/gegl
# obsoleted by pkg-config
-%{__rm} $RPM_BUILD_ROOT%{_libdir}/libgegl-0.2.la
+%{__rm} $RPM_BUILD_ROOT%{_libdir}/libgegl*-0.3.la
# dlopened modules
-%{__rm} $RPM_BUILD_ROOT%{_libdir}/gegl-0.2/*.la
+%{__rm} $RPM_BUILD_ROOT%{_libdir}/gegl-0.3/*.la
%if %{with static_libs}
-%{__rm} $RPM_BUILD_ROOT%{_libdir}/gegl-0.2/*.a
+%{__rm} $RPM_BUILD_ROOT%{_libdir}/gegl-0.3/*.a
%endif
-%find_lang %{name}-0.2
+%find_lang %{name}-0.3
%clean
rm -rf $RPM_BUILD_ROOT
%post -p /sbin/ldconfig
%postun -p /sbin/ldconfig
-%files -f %{name}-0.2.lang
+%files -f %{name}-0.3.lang
%defattr(644,root,root,755)
%doc AUTHORS ChangeLog NEWS README
+%attr(755,root,root) %{_bindir}/2geglbuffer
%attr(755,root,root) %{_bindir}/gegl
-%attr(755,root,root) %{_libdir}/libgegl-0.2.so.*.*.*
-%attr(755,root,root) %ghost %{_libdir}/libgegl-0.2.so.0
-%{?with_introspection:%{_libdir}/girepository-1.0/Gegl-0.2.typelib}
-%dir %{_libdir}/gegl-0.2
-%attr(755,root,root) %{_libdir}/gegl-0.2/*.so
+%attr(755,root,root) %{_bindir}/gegl-convert
+%attr(755,root,root) %{_bindir}/gegl-imgcmp
+%attr(755,root,root) %{_bindir}/gegl-slicer
+%attr(755,root,root) %{_bindir}/gegl-tester
+%attr(755,root,root) %{_bindir}/geglbuffer-add-image
+%attr(755,root,root) %{_bindir}/geglbuffer-clock
+%attr(755,root,root) %{_bindir}/hello-world
+%attr(755,root,root) %{_bindir}/sdl-draw
+%attr(755,root,root) %{_libdir}/libgegl-0.3.so.*.*.*
+%attr(755,root,root) %ghost %{_libdir}/libgegl-0.3.so.0
+%attr(755,root,root) %{_libdir}/libgegl-npd-0.3.so
+%attr(755,root,root) %{_libdir}/libgegl-sc-0.3.so
+%{?with_introspection:%{_libdir}/girepository-1.0/Gegl-0.3.typelib}
+%dir %{_libdir}/gegl-0.3
+%attr(755,root,root) %{_libdir}/gegl-0.3/*.so
+%{_libdir}/gegl-0.3/grey2.json
%files devel
%defattr(644,root,root,755)
-%attr(755,root,root) %{_libdir}/libgegl-0.2.so
-%{_includedir}/gegl-0.2
-%{?with_introspection:%{_datadir}/gir-1.0/Gegl-0.2.gir}
-%{_pkgconfigdir}/gegl-0.2.pc
+%attr(755,root,root) %{_libdir}/libgegl-0.3.so
+%{_includedir}/gegl-0.3
+%{?with_introspection:%{_datadir}/gir-1.0/Gegl-0.3.gir}
+%{_pkgconfigdir}/gegl-0.3.pc
+%{_pkgconfigdir}/gegl-sc-0.3.pc
%if %{with static_libs}
%files static
%defattr(644,root,root,755)
-%{_libdir}/libgegl-0.2.a
+%{_libdir}/libgegl-0.3.a
+%{_libdir}/libgegl-npd-0.3.a
+%{_libdir}/libgegl-sc-0.3.a
%endif
%if %{with doc}
%if %{with vala}
%files -n vala-gegl
%defattr(644,root,root,755)
-%{_datadir}/vala/vapi/gegl-0.2.vapi
+%{_datadir}/vala/vapi/gegl-0.3.deps
+%{_datadir}/vala/vapi/gegl-0.3.vapi
%endif
projects / packages / gegl.git / commitdiff