libpgf: fix CVE-2015-6673

2018-10-02 15:46:16 -03:00 · 2018-10-02 15:46:16 -03:00 · 62cb04acc2
commit 62cb04acc2
parent af3969db07
2 changed files with 105 additions and 9 deletions
--- a/srcpkgs/libpgf/patches/CVE-2015-6673.patch
+++ b/srcpkgs/libpgf/patches/CVE-2015-6673.patch
@ -0,0 +1,97 @@
+--- libpgf-6.14.12.orig/include/PGFimage.h
+++ libpgf-6.14.12/include/PGFimage.h
+@@ -538,7 +538,7 @@
+ 	ProgressMode m_progressMode;	///< progress mode used in Read and Write; PM_Relative is default mode
+ 
+ 	void ComputeLevels();
+-	void CompleteHeader();
+	bool CompleteHeader();
+ 	void RgbToYuv(int pitch, UINT8* rgbBuff, BYTE bpp, int channelMap[], CallbackPtr cb, void *data) THROW_;
+ 	void Downsample(int nChannel);
+ 	UINT32 UpdatePostHeaderSize() THROW_;
+--- libpgf-6.14.12.orig/src/PGFimage.cpp
+++ libpgf-6.14.12/src/PGFimage.cpp
+@@ -145,7 +145,7 @@
+ 	m_height[0] = m_header.height;
+ 
+ 	// complete header
+-	CompleteHeader();
+	if (!CompleteHeader()) ReturnWithError(FormatCannotRead);
+ 
+ 	// interpret quant parameter
+ 	if (m_header.quality > DownsampleThreshold && 
+@@ -205,7 +205,7 @@
+ }
+ 
+ ////////////////////////////////////////////////////////////
+-void CPGFImage::CompleteHeader() {
+bool CPGFImage::CompleteHeader() {
+ 	if (m_header.mode == ImageModeUnknown) {
+ 		// undefined mode
+ 		switch(m_header.bpp) {
+@@ -261,20 +261,21 @@
+ 		// change mode
+ 		m_header.mode = ImageModeRGBA;
+ 	}
+-	ASSERT(m_header.mode != ImageModeBitmap || m_header.bpp == 1);
+-	ASSERT(m_header.mode != ImageModeIndexedColor || m_header.bpp == 8);
+-	ASSERT(m_header.mode != ImageModeGrayScale || m_header.bpp == 8);
+-	ASSERT(m_header.mode != ImageModeGray16 || m_header.bpp == 16);
+-	ASSERT(m_header.mode != ImageModeGray32 || m_header.bpp == 32);
+-	ASSERT(m_header.mode != ImageModeRGBColor || m_header.bpp == 24);
+-	ASSERT(m_header.mode != ImageModeRGBA || m_header.bpp == 32);
+-	ASSERT(m_header.mode != ImageModeRGB12 || m_header.bpp == 12);
+-	ASSERT(m_header.mode != ImageModeRGB16 || m_header.bpp == 16);
+-	ASSERT(m_header.mode != ImageModeRGB48 || m_header.bpp == 48);
+-	ASSERT(m_header.mode != ImageModeLabColor || m_header.bpp == 24);
+-	ASSERT(m_header.mode != ImageModeLab48 || m_header.bpp == 48);
+-	ASSERT(m_header.mode != ImageModeCMYKColor || m_header.bpp == 32);
+-	ASSERT(m_header.mode != ImageModeCMYK64 || m_header.bpp == 64);
+
+	if (m_header.mode == ImageModeBitmap && m_header.bpp != 1) return false;
+	if (m_header.mode == ImageModeIndexedColor && m_header.bpp != 8) return false;
+	if (m_header.mode == ImageModeGrayScale && m_header.bpp != 8) return false;
+	if (m_header.mode == ImageModeGray16 && m_header.bpp != 16) return false;
+	if (m_header.mode == ImageModeGray32 && m_header.bpp != 32) return false;
+	if (m_header.mode == ImageModeRGBColor && m_header.bpp != 24) return false;
+	if (m_header.mode == ImageModeRGBA && m_header.bpp != 32) return false;
+	if (m_header.mode == ImageModeRGB12 && m_header.bpp != 12) return false;
+	if (m_header.mode == ImageModeRGB16 && m_header.bpp != 16) return false;
+	if (m_header.mode == ImageModeRGB48 && m_header.bpp != 48) return false;
+	if (m_header.mode == ImageModeLabColor && m_header.bpp != 24) return false;
+	if (m_header.mode == ImageModeLab48 && m_header.bpp != 48) return false;
+	if (m_header.mode == ImageModeCMYKColor && m_header.bpp != 32) return false;
+	if (m_header.mode == ImageModeCMYK64 && m_header.bpp != 64) return false;
+ 
+ 	// set number of channels
+ 	if (!m_header.channels) {
+@@ -300,8 +301,7 @@
+ 			m_header.channels = 4;
+ 			break;
+ 		default:
+-			ASSERT(false);
+-			m_header.channels = 3;
+		        return false;
+ 		}
+ 	}
+ 
+@@ -311,6 +311,8 @@
+ 	if (!m_header.usedBitsPerChannel || m_header.usedBitsPerChannel > bpc) {
+ 		m_header.usedBitsPerChannel = bpc;
+ 	}
+
+	return true;
+ }
+ 
+ //////////////////////////////////////////////////////////////////////
+--- libpgf-6.14.12.orig/src/Decoder.cpp
+++ libpgf-6.14.12/src/Decoder.cpp
+@@ -158,7 +158,7 @@
+ 		if (size > 0) {
+ 			// read post-header
+ 			if (header.mode == ImageModeIndexedColor) {
+-				ASSERT((size_t)size >= ColorTableSize);
+				if (size < ColorTableSize) ReturnWithError(FormatCannotRead);
+ 				// read color table
+ 				count = expected = ColorTableSize;
+ 				m_stream->Read(&count, postHeader.clut);
--- a/srcpkgs/libpgf/template
+++ b/srcpkgs/libpgf/template
@ -1,18 +1,17 @@
 # Template file for 'libpgf'
-# vim: set ts=4 sw=4 sts=4 et:
-
 pkgname=libpgf
 version=6.14.12
-revision=2
-maintainer="Carlo Dormeletti <carloDOTdormelettiATaliceDOTit>"
-homepage="http://www.libpgf.org"
-license="LGPL-2.1"
-short_desc="Library for working with PGF (Progresive Graphics File) images"
+revision=3
+patch_args="-Np1"
+wrksrc="$pkgname"
 build_style=gnu-configure
 hostmakedepends="automake libtool"
+short_desc="Library for working with PGF (Progresive Graphics File) images"
+maintainer="Orphaned <orphan@voidlinux.eu>"
+license="LGPL-2.1-or-later"
+homepage="http://www.libpgf.org"
 distfiles="${SOURCEFORGE_SITE}/${pkgname}/${pkgname}/${version}-latest/${pkgname}-src-${version}.tar.gz"
-checksum="bda5995d80762966a25fca3f6a9821f4458657aa87d8631c014c166ae09258eb"
-wrksrc="${pkgname}"
+checksum=bda5995d80762966a25fca3f6a9821f4458657aa87d8631c014c166ae09258eb

 pre_configure() {
 	sed -i 's/\r//g' configure.ac