dist-git conversion

#2781)

.gitignore

@@ -0,0 +1,2 @@
+camlimages-2.2.0-htmlref.tar.gz
+camlimages-2.2.0.tgz

Makefile

@@ -1,21 +0,0 @@
-# Makefile for source rpm: ocaml-camlimages
-# $Id$
-NAME := ocaml-camlimages
-SPECFILE = $(firstword $(wildcard *.spec))
-
-define find-makefile-common
-for d in common ../common ../../common ; do if [ -f $$d/Makefile.common ] ; then if [ -f $$d/CVS/Root -a -w $$/Makefile.common ] ; then cd $$d ; cvs -Q update ; fi ; echo "$$d/Makefile.common" ; break ; fi ; done
-endef
-
-MAKEFILE_COMMON := $(shell $(find-makefile-common))
-
-ifeq ($(MAKEFILE_COMMON),)
-# attept a checkout
-define checkout-makefile-common
-test -f CVS/Root && { cvs -Q -d $$(cat CVS/Root) checkout common && echo "common/Makefile.common" ; } || { echo "ERROR: I can't figure out how to checkout the 'common' module." ; exit -1 ; } >&2
-endef
-
-MAKEFILE_COMMON := $(shell $(checkout-makefile-common))
-endif
-
-include $(MAKEFILE_COMMON)

camlimages-2.2.0-stubdest.patch

@@ -0,0 +1,40 @@
+diff -ru camlimages-2.2.old/Makefile camlimages-2.2/Makefile
+--- camlimages-2.2.old/Makefile	2004-10-03 04:49:05.000000000 +1300
++++ camlimages-2.2/Makefile	2007-05-04 09:55:10.000000000 +1200
+@@ -92,15 +92,15 @@
+ installopt: install
+ 
+ install: all
+-	mkdir -p $(LIBDIR)
++	mkdir -p $(DESTDIR)$(LIBDIR)
+ 	if test -w $(CAMLDIR)/ld.conf \
+         && test `grep -s -c '^$(LIBDIR)$$' $(CAMLDIR)/ld.conf` = 0; then \
+ 	    echo $(LIBDIR) >> $(CAMLDIR)/ld.conf; \
+ 	fi
+-	for i in $(BUILDDIRS); do (cd $$i; $(MAKE) install) || exit $$?; done
+-	$(CP) Makefile.config $(LIBDIR)
+-	$(CP) config.h $(LIBDIR)
+-	$(RANLIB) $(LIBDIR)/*.a
++	for i in $(BUILDDIRS); do (cd $$i; $(MAKE) install DESTDIR=$(DESTDIR)) || exit $$?; done
++	$(CP) Makefile.config $(DESTDIR)$(LIBDIR)
++	$(CP) config.h $(DESTDIR)$(LIBDIR)
++	$(RANLIB) $(DESTDIR)$(LIBDIR)/*.a
+ 
+ depend:
+ 	for i in $(BUILDDIRS); do (cd $$i; $(MAKE) depend) || exit $$?; done
+diff -ru camlimages-2.2.old/Makefile.shared camlimages-2.2/Makefile.shared
+--- camlimages-2.2.old/Makefile.shared	2004-10-03 03:20:09.000000000 +1300
++++ camlimages-2.2/Makefile.shared	2007-05-04 09:53:32.000000000 +1200
+@@ -45,8 +45,10 @@
+ 	rm -f *.cm[iox] *.o *.cma *.cmxa *.a *.so *~
+ 
+ install:: all
+-	- mkdir -p $(LIBDIR)
+-	- cp -p *.mli *.cm[iox] *.o *.cma *.cmxa *.a *.so $(LIBDIR)
++	- mkdir -p $(DESTDIR)$(LIBDIR)
++	- mkdir -p $(DESTDIR)$(CAMLDIR)/stublibs
++	- cp -p *.mli *.cm[iox] *.o *.cma *.cmxa *.a $(DESTDIR)$(LIBDIR)
++	- cp -p *.so $(DESTDIR)$(CAMLDIR)/stublibs
+ 
+ #######
+ 

camlimages-oversized-png-check-CVE-2009-2295.patch

@@ -0,0 +1,83 @@
+--- camlimages-2.2.orig/png/pngread.c	2002-03-26 13:15:10.000000000 +0000
++++ camlimages-2.2.png/png/pngread.c	2009-10-16 10:46:07.759508515 +0100
+@@ -13,6 +13,8 @@
+ /***********************************************************************/
+ #include <config.h>
+ 
++#include <limits.h>
++
+ #if HAVE_PNG
+ #include <png.h>
+ #endif
+@@ -33,6 +35,12 @@
+ #define PNG_TAG_INDEX16 2
+ #define PNG_TAG_INDEX4 3
+ 
++/* Test if x or y are negative, or if multiplying x * y would cause an
++ * arithmetic overflow.
++ */
++#define oversized(x, y)                                                \
++  ((x) < 0 || (y) < 0 || ((y) != 0 && (x) > INT_MAX / (y)))
++
+ value read_png_file_as_rgb24( name )
+      value name;
+ {
+@@ -88,6 +96,9 @@
+   png_get_IHDR(png_ptr, info_ptr, &width, &height, &bit_depth, &color_type,
+ 	       &interlace_type, NULL, NULL);
+ 
++  if (oversized (width, height))
++    failwith ("png error: image contains oversized or bogus width and height");
++
+   if ( color_type == PNG_COLOR_TYPE_GRAY ||
+        color_type == PNG_COLOR_TYPE_GRAY_ALPHA ) { 
+     png_set_gray_to_rgb(png_ptr); 
+@@ -109,10 +120,16 @@
+ 
+   rowbytes = png_get_rowbytes(png_ptr, info_ptr);
+ 
++  if (oversized (rowbytes, height))
++    failwith ("png error: image contains oversized or bogus rowbytes and height");
++
+   {
+     int i;
+     png_bytep *row_pointers;
+ 
++    if (oversized (sizeof (png_bytep), height))
++      failwith ("png error: image contains oversized or bogus height");
++
+     row_pointers = (png_bytep*) stat_alloc(sizeof(png_bytep) * height);
+ 
+     res = alloc_tuple(3);
+@@ -242,6 +259,9 @@
+   png_get_IHDR(png_ptr, info_ptr, &width, &height, &bit_depth, &color_type,
+ 	       &interlace_type, NULL, NULL);
+ 
++  if (oversized (width, height))
++    failwith ("png error: image contains oversized or bogus width and height");
++
+   if ( color_type == PNG_COLOR_TYPE_GRAY ||
+        color_type == PNG_COLOR_TYPE_GRAY_ALPHA ) { 
+     png_set_gray_to_rgb(png_ptr); 
+@@ -258,6 +278,9 @@
+ 
+   rowbytes = png_get_rowbytes(png_ptr, info_ptr);
+ 
++  if (oversized (rowbytes, height))
++    failwith ("png error: image contains oversized or bogus rowbytes and height");
++
+ /*
+ fprintf(stderr, "pngread.c: actual loading\n"); fflush(stderr);
+ */
+@@ -265,7 +288,10 @@
+     int i;
+     png_bytep *row_pointers;
+     char mesg[256];
+- 
++
++    if (oversized (sizeof (png_bytep), height))
++      failwith ("png error: image contains oversized or bogus height");
++
+     row_pointers = (png_bytep*)stat_alloc(sizeof(png_bytep) * height);
+     res = alloc_tuple(3);
+ 

camlimages-oversized-tiff-check-CVE-2009-3296.patch

@@ -0,0 +1,39 @@
+--- camlimages-2.2.orig/tiff/tiffread.c	2004-09-21 22:56:44.000000000 +0100
++++ camlimages-2.2.tiff/tiff/tiffread.c	2009-10-16 10:47:32.515257997 +0100
+@@ -18,6 +18,13 @@
+ #include <caml/memory.h>
+ #include <caml/fail.h>
+ 
++#include <limits.h>
++#define oversized(x, y) \
++  ((x) < 0 || (y) < 0 || ((y) != 0 && (x) > INT_MAX / (y)))
++
++#define failwith_oversized(lib) \
++  failwith("#lib error: image contains oversized or bogus width and height");
++
+ #if HAVE_TIFF
+ 
+ /* These are defined in caml/config.h */
+@@ -68,6 +75,10 @@
+     TIFFGetField(tif, TIFFTAG_YRESOLUTION, &yres);
+     TIFFGetField(tif, TIFFTAG_PHOTOMETRIC, &photometric);
+ 
++    if (oversized (imagewidth, imagelength)) {
++      failwith_oversized("tiff");
++    }
++
+     if( imagesample == 3 && photometric == PHOTOMETRIC_RGB ){
+       if( imagebits != 8 ){
+ 	failwith("Sorry, tiff rgb file must be 24bit-color");
+@@ -156,6 +167,11 @@
+     TIFFGetField(tif, TIFFTAG_RESOLUTIONUNIT, &runit);
+     TIFFGetField(tif, TIFFTAG_XRESOLUTION, &xres);
+     TIFFGetField(tif, TIFFTAG_YRESOLUTION, &yres);
++
++    if (oversized (imagewidth, imagelength)) {
++      failwith_oversized("tiff");
++    }
++
+     if( imagesample != 3 || imagebits != 8 ) {
+       failwith("tiff file is not in the 24 bit RGB format");
+     }

ocaml-camlimages.spec

@@ -0,0 +1,116 @@
+Name:           ocaml-camlimages
+Version:        2.2.0
+Release:        12%{?dist}
+Summary:        OCaml image processing library
+
+Group:          Development/Libraries
+License:        LGPL
+URL:            http://pauillac.inria.fr/camlimages/
+Source0:        ftp://ftp.inria.fr/INRIA/Projects/cristal/caml-light/bazar-ocaml/camlimages-%{version}.tgz
+Source1:        camlimages-2.2.0-htmlref.tar.gz
+Patch0:         camlimages-2.2.0-stubdest.patch
+
+# https://bugzilla.redhat.com/show_bug.cgi?id=509531#c4
+Patch1:         camlimages-oversized-png-check-CVE-2009-2295.patch
+
+# https://bugzilla.redhat.com/show_bug.cgi?id=528732
+Patch2:         camlimages-oversized-tiff-check-CVE-2009-3296.patch
+
+BuildRoot:      %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n)
+
+BuildRequires:  lablgtk libpng-devel libjpeg-devel ocaml
+BuildRequires:  libXpm-devel ghostscript-devel freetype-devel
+BuildRequires:  giflib-devel
+Requires:       ocaml
+%define buildlibs ppm bmp xvthumb jpeg gif png xpm ps graphics freetype
+
+%description
+CamlImages is an image processing library for Objective CAML, which provides:
+basic functions for image processing and loading/saving, various image file 
+formats (hence providing a translation facility from format to format), 
+and an interface with the Caml graphics library allows to display images 
+in the Graphics module screen and to mix them with Caml drawings
+
+In addition, the library can handle huge images that cannot be (or can hardly
+be) stored into the main memory (the library then automatically creates swap
+files and escapes them to reduce the memory usage).
+
+%package        devel
+Summary:        Development files for camlimages
+Group:          Development/Libraries
+Requires:       %{name} = %{version}-%{release} 
+%description    devel
+The camlimages-devel package provides libraries and headers for 
+developing applications using camlimages
+
+Includes documentation provided by ocamldoc
+
+%prep
+%setup -q -n camlimages-2.2 -a 1
+%patch0 -p1
+%patch1 -p1
+%patch2 -p1
+
+sed -i -e 's|LIBRARYDIRS=ppm bmp xvthumb jpeg tiff gif png xpm ps graphics freetype|LIBRARYDIRS=%buildlibs|' Makefile.build.in
+
+%build
+%configure
+make
+
+%install
+rm -rf $RPM_BUILD_ROOT
+make install DESTDIR=$RPM_BUILD_ROOT
+rm $RPM_BUILD_ROOT%{_libdir}/ocaml/camlimages/*.o
+rm $RPM_BUILD_ROOT%{_libdir}/ocaml/camlimages/*.cmo
+rm $RPM_BUILD_ROOT%{_libdir}/ocaml/camlimages/*.mli
+
+%clean
+rm -rf $RPM_BUILD_ROOT
+
+
+%files
+%defattr(-,root,root,-)
+%doc Announce Announce-2.2 CHANGES LICENSE README doc/
+%{_libdir}/ocaml/stublibs/*.so
+
+%files devel
+%defattr(-,root,root,-)
+%doc htmlref/
+%{_libdir}/ocaml/camlimages
+
+
+%changelog
+* Fri Oct 16 2009 Richard W.M. Jones <rjones@redhat.com> - 2.2.0-12
+- ocaml-camlimages: TIFF reader multiple integer overflows
+  (CVE 2009-3296 / RHBZ#528732).
+- Changed dep back to 'lablgtk' so this can build.
+
+* Fri Jul  3 2009 Richard W.M. Jones <rjones@redhat.com> - 2.2.0-10
+- ocaml-camlimages: PNG reader multiple integer overflows
+  (CVE 2009-2295 / RHBZ#509531).
+- Changed dep from 'lablgtk' to 'ocaml-lablgtk'.
+
+* Fri May 04 2007 Nigel Jones <dev@nigelj.com> 2.2.0-7
+- Change to Makefile patch to move .so files to stublibs
+- Rename to ocaml-camlimages
+- Other changes per review
+
+* Thu May 03 2007 Nigel Jones <dev@nigelj.com> 2.2.0-6
+- Include .*a files just to make sure
+
+* Thu May 03 2007 Nigel Jones <dev@nigelj.com> 2.2.0-5
+- Revert -4 changes
+- Remove excludedirs patch, replace with a sed
+- Provide html documentation generated from running ocaml-ocamldoc
+
+* Thu Apr 26 2007 Nigel Jones <dev@nigelj.com> 2.2.0-4
+- Add Provides: camlimages-static, and LICENSE to -devel docs
+
+* Thu Apr 12 2007 Nigel Jones <dev@nigelj.com> 2.2.0-3
+- Remove .a & .o files
+
+* Wed Apr 11 2007 Nigel Jones <dev@nigelj.com> 2.2.0-2
+- Add missing dependencies
+
+* Tue Apr 10 2007 Nigel Jones <dev@nigelj.com> 2.2.0-1
+- Initial spec file

sources

@@ -0,0 +1,2 @@
+fb1633c9c8df0b2b2d0f892d8c4ac2ee  camlimages-2.2.0-htmlref.tar.gz
+d933eb58c7983f70b1a000fa01893aa4  camlimages-2.2.0.tgz