Compare commits
10 Commits
Author | SHA1 | Date | |
---|---|---|---|
|
7e8eba0771 | ||
|
3dcf2e836c | ||
|
359758ff65 | ||
|
074c5b8678 | ||
|
7d394c8034 | ||
|
9294690bdb | ||
|
3a133a5cba | ||
|
e92f2cc6ff | ||
|
931548aa93 | ||
|
c3c82c0311 |
2
.gitignore
vendored
Normal file
2
.gitignore
vendored
Normal file
@ -0,0 +1,2 @@
|
||||
camlimages-2.2.0-htmlref.tar.gz
|
||||
camlimages-2.2.0.tgz
|
21
Makefile
21
Makefile
@ -1,21 +0,0 @@
|
||||
# Makefile for source rpm: ocaml-camlimages
|
||||
# $Id$
|
||||
NAME := ocaml-camlimages
|
||||
SPECFILE = $(firstword $(wildcard *.spec))
|
||||
|
||||
define find-makefile-common
|
||||
for d in common ../common ../../common ; do if [ -f $$d/Makefile.common ] ; then if [ -f $$d/CVS/Root -a -w $$/Makefile.common ] ; then cd $$d ; cvs -Q update ; fi ; echo "$$d/Makefile.common" ; break ; fi ; done
|
||||
endef
|
||||
|
||||
MAKEFILE_COMMON := $(shell $(find-makefile-common))
|
||||
|
||||
ifeq ($(MAKEFILE_COMMON),)
|
||||
# attept a checkout
|
||||
define checkout-makefile-common
|
||||
test -f CVS/Root && { cvs -Q -d $$(cat CVS/Root) checkout common && echo "common/Makefile.common" ; } || { echo "ERROR: I can't figure out how to checkout the 'common' module." ; exit -1 ; } >&2
|
||||
endef
|
||||
|
||||
MAKEFILE_COMMON := $(shell $(checkout-makefile-common))
|
||||
endif
|
||||
|
||||
include $(MAKEFILE_COMMON)
|
40
camlimages-2.2.0-stubdest.patch
Normal file
40
camlimages-2.2.0-stubdest.patch
Normal file
@ -0,0 +1,40 @@
|
||||
diff -ru camlimages-2.2.old/Makefile camlimages-2.2/Makefile
|
||||
--- camlimages-2.2.old/Makefile 2004-10-03 04:49:05.000000000 +1300
|
||||
+++ camlimages-2.2/Makefile 2007-05-04 09:55:10.000000000 +1200
|
||||
@@ -92,15 +92,15 @@
|
||||
installopt: install
|
||||
|
||||
install: all
|
||||
- mkdir -p $(LIBDIR)
|
||||
+ mkdir -p $(DESTDIR)$(LIBDIR)
|
||||
if test -w $(CAMLDIR)/ld.conf \
|
||||
&& test `grep -s -c '^$(LIBDIR)$$' $(CAMLDIR)/ld.conf` = 0; then \
|
||||
echo $(LIBDIR) >> $(CAMLDIR)/ld.conf; \
|
||||
fi
|
||||
- for i in $(BUILDDIRS); do (cd $$i; $(MAKE) install) || exit $$?; done
|
||||
- $(CP) Makefile.config $(LIBDIR)
|
||||
- $(CP) config.h $(LIBDIR)
|
||||
- $(RANLIB) $(LIBDIR)/*.a
|
||||
+ for i in $(BUILDDIRS); do (cd $$i; $(MAKE) install DESTDIR=$(DESTDIR)) || exit $$?; done
|
||||
+ $(CP) Makefile.config $(DESTDIR)$(LIBDIR)
|
||||
+ $(CP) config.h $(DESTDIR)$(LIBDIR)
|
||||
+ $(RANLIB) $(DESTDIR)$(LIBDIR)/*.a
|
||||
|
||||
depend:
|
||||
for i in $(BUILDDIRS); do (cd $$i; $(MAKE) depend) || exit $$?; done
|
||||
diff -ru camlimages-2.2.old/Makefile.shared camlimages-2.2/Makefile.shared
|
||||
--- camlimages-2.2.old/Makefile.shared 2004-10-03 03:20:09.000000000 +1300
|
||||
+++ camlimages-2.2/Makefile.shared 2007-05-04 09:53:32.000000000 +1200
|
||||
@@ -45,8 +45,10 @@
|
||||
rm -f *.cm[iox] *.o *.cma *.cmxa *.a *.so *~
|
||||
|
||||
install:: all
|
||||
- - mkdir -p $(LIBDIR)
|
||||
- - cp -p *.mli *.cm[iox] *.o *.cma *.cmxa *.a *.so $(LIBDIR)
|
||||
+ - mkdir -p $(DESTDIR)$(LIBDIR)
|
||||
+ - mkdir -p $(DESTDIR)$(CAMLDIR)/stublibs
|
||||
+ - cp -p *.mli *.cm[iox] *.o *.cma *.cmxa *.a $(DESTDIR)$(LIBDIR)
|
||||
+ - cp -p *.so $(DESTDIR)$(CAMLDIR)/stublibs
|
||||
|
||||
#######
|
||||
|
83
camlimages-oversized-png-check-CVE-2009-2295.patch
Normal file
83
camlimages-oversized-png-check-CVE-2009-2295.patch
Normal file
@ -0,0 +1,83 @@
|
||||
--- camlimages-2.2.orig/png/pngread.c 2002-03-26 13:15:10.000000000 +0000
|
||||
+++ camlimages-2.2.png/png/pngread.c 2009-10-16 10:46:07.759508515 +0100
|
||||
@@ -13,6 +13,8 @@
|
||||
/***********************************************************************/
|
||||
#include <config.h>
|
||||
|
||||
+#include <limits.h>
|
||||
+
|
||||
#if HAVE_PNG
|
||||
#include <png.h>
|
||||
#endif
|
||||
@@ -33,6 +35,12 @@
|
||||
#define PNG_TAG_INDEX16 2
|
||||
#define PNG_TAG_INDEX4 3
|
||||
|
||||
+/* Test if x or y are negative, or if multiplying x * y would cause an
|
||||
+ * arithmetic overflow.
|
||||
+ */
|
||||
+#define oversized(x, y) \
|
||||
+ ((x) < 0 || (y) < 0 || ((y) != 0 && (x) > INT_MAX / (y)))
|
||||
+
|
||||
value read_png_file_as_rgb24( name )
|
||||
value name;
|
||||
{
|
||||
@@ -88,6 +96,9 @@
|
||||
png_get_IHDR(png_ptr, info_ptr, &width, &height, &bit_depth, &color_type,
|
||||
&interlace_type, NULL, NULL);
|
||||
|
||||
+ if (oversized (width, height))
|
||||
+ failwith ("png error: image contains oversized or bogus width and height");
|
||||
+
|
||||
if ( color_type == PNG_COLOR_TYPE_GRAY ||
|
||||
color_type == PNG_COLOR_TYPE_GRAY_ALPHA ) {
|
||||
png_set_gray_to_rgb(png_ptr);
|
||||
@@ -109,10 +120,16 @@
|
||||
|
||||
rowbytes = png_get_rowbytes(png_ptr, info_ptr);
|
||||
|
||||
+ if (oversized (rowbytes, height))
|
||||
+ failwith ("png error: image contains oversized or bogus rowbytes and height");
|
||||
+
|
||||
{
|
||||
int i;
|
||||
png_bytep *row_pointers;
|
||||
|
||||
+ if (oversized (sizeof (png_bytep), height))
|
||||
+ failwith ("png error: image contains oversized or bogus height");
|
||||
+
|
||||
row_pointers = (png_bytep*) stat_alloc(sizeof(png_bytep) * height);
|
||||
|
||||
res = alloc_tuple(3);
|
||||
@@ -242,6 +259,9 @@
|
||||
png_get_IHDR(png_ptr, info_ptr, &width, &height, &bit_depth, &color_type,
|
||||
&interlace_type, NULL, NULL);
|
||||
|
||||
+ if (oversized (width, height))
|
||||
+ failwith ("png error: image contains oversized or bogus width and height");
|
||||
+
|
||||
if ( color_type == PNG_COLOR_TYPE_GRAY ||
|
||||
color_type == PNG_COLOR_TYPE_GRAY_ALPHA ) {
|
||||
png_set_gray_to_rgb(png_ptr);
|
||||
@@ -258,6 +278,9 @@
|
||||
|
||||
rowbytes = png_get_rowbytes(png_ptr, info_ptr);
|
||||
|
||||
+ if (oversized (rowbytes, height))
|
||||
+ failwith ("png error: image contains oversized or bogus rowbytes and height");
|
||||
+
|
||||
/*
|
||||
fprintf(stderr, "pngread.c: actual loading\n"); fflush(stderr);
|
||||
*/
|
||||
@@ -265,7 +288,10 @@
|
||||
int i;
|
||||
png_bytep *row_pointers;
|
||||
char mesg[256];
|
||||
-
|
||||
+
|
||||
+ if (oversized (sizeof (png_bytep), height))
|
||||
+ failwith ("png error: image contains oversized or bogus height");
|
||||
+
|
||||
row_pointers = (png_bytep*)stat_alloc(sizeof(png_bytep) * height);
|
||||
res = alloc_tuple(3);
|
||||
|
39
camlimages-oversized-tiff-check-CVE-2009-3296.patch
Normal file
39
camlimages-oversized-tiff-check-CVE-2009-3296.patch
Normal file
@ -0,0 +1,39 @@
|
||||
--- camlimages-2.2.orig/tiff/tiffread.c 2004-09-21 22:56:44.000000000 +0100
|
||||
+++ camlimages-2.2.tiff/tiff/tiffread.c 2009-10-16 10:47:32.515257997 +0100
|
||||
@@ -18,6 +18,13 @@
|
||||
#include <caml/memory.h>
|
||||
#include <caml/fail.h>
|
||||
|
||||
+#include <limits.h>
|
||||
+#define oversized(x, y) \
|
||||
+ ((x) < 0 || (y) < 0 || ((y) != 0 && (x) > INT_MAX / (y)))
|
||||
+
|
||||
+#define failwith_oversized(lib) \
|
||||
+ failwith("#lib error: image contains oversized or bogus width and height");
|
||||
+
|
||||
#if HAVE_TIFF
|
||||
|
||||
/* These are defined in caml/config.h */
|
||||
@@ -68,6 +75,10 @@
|
||||
TIFFGetField(tif, TIFFTAG_YRESOLUTION, &yres);
|
||||
TIFFGetField(tif, TIFFTAG_PHOTOMETRIC, &photometric);
|
||||
|
||||
+ if (oversized (imagewidth, imagelength)) {
|
||||
+ failwith_oversized("tiff");
|
||||
+ }
|
||||
+
|
||||
if( imagesample == 3 && photometric == PHOTOMETRIC_RGB ){
|
||||
if( imagebits != 8 ){
|
||||
failwith("Sorry, tiff rgb file must be 24bit-color");
|
||||
@@ -156,6 +167,11 @@
|
||||
TIFFGetField(tif, TIFFTAG_RESOLUTIONUNIT, &runit);
|
||||
TIFFGetField(tif, TIFFTAG_XRESOLUTION, &xres);
|
||||
TIFFGetField(tif, TIFFTAG_YRESOLUTION, &yres);
|
||||
+
|
||||
+ if (oversized (imagewidth, imagelength)) {
|
||||
+ failwith_oversized("tiff");
|
||||
+ }
|
||||
+
|
||||
if( imagesample != 3 || imagebits != 8 ) {
|
||||
failwith("tiff file is not in the 24 bit RGB format");
|
||||
}
|
116
ocaml-camlimages.spec
Normal file
116
ocaml-camlimages.spec
Normal file
@ -0,0 +1,116 @@
|
||||
Name: ocaml-camlimages
|
||||
Version: 2.2.0
|
||||
Release: 12%{?dist}
|
||||
Summary: OCaml image processing library
|
||||
|
||||
Group: Development/Libraries
|
||||
License: LGPL
|
||||
URL: http://pauillac.inria.fr/camlimages/
|
||||
Source0: ftp://ftp.inria.fr/INRIA/Projects/cristal/caml-light/bazar-ocaml/camlimages-%{version}.tgz
|
||||
Source1: camlimages-2.2.0-htmlref.tar.gz
|
||||
Patch0: camlimages-2.2.0-stubdest.patch
|
||||
|
||||
# https://bugzilla.redhat.com/show_bug.cgi?id=509531#c4
|
||||
Patch1: camlimages-oversized-png-check-CVE-2009-2295.patch
|
||||
|
||||
# https://bugzilla.redhat.com/show_bug.cgi?id=528732
|
||||
Patch2: camlimages-oversized-tiff-check-CVE-2009-3296.patch
|
||||
|
||||
BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n)
|
||||
|
||||
BuildRequires: lablgtk libpng-devel libjpeg-devel ocaml
|
||||
BuildRequires: libXpm-devel ghostscript-devel freetype-devel
|
||||
BuildRequires: giflib-devel
|
||||
Requires: ocaml
|
||||
%define buildlibs ppm bmp xvthumb jpeg gif png xpm ps graphics freetype
|
||||
|
||||
%description
|
||||
CamlImages is an image processing library for Objective CAML, which provides:
|
||||
basic functions for image processing and loading/saving, various image file
|
||||
formats (hence providing a translation facility from format to format),
|
||||
and an interface with the Caml graphics library allows to display images
|
||||
in the Graphics module screen and to mix them with Caml drawings
|
||||
|
||||
In addition, the library can handle huge images that cannot be (or can hardly
|
||||
be) stored into the main memory (the library then automatically creates swap
|
||||
files and escapes them to reduce the memory usage).
|
||||
|
||||
%package devel
|
||||
Summary: Development files for camlimages
|
||||
Group: Development/Libraries
|
||||
Requires: %{name} = %{version}-%{release}
|
||||
%description devel
|
||||
The camlimages-devel package provides libraries and headers for
|
||||
developing applications using camlimages
|
||||
|
||||
Includes documentation provided by ocamldoc
|
||||
|
||||
%prep
|
||||
%setup -q -n camlimages-2.2 -a 1
|
||||
%patch0 -p1
|
||||
%patch1 -p1
|
||||
%patch2 -p1
|
||||
|
||||
sed -i -e 's|LIBRARYDIRS=ppm bmp xvthumb jpeg tiff gif png xpm ps graphics freetype|LIBRARYDIRS=%buildlibs|' Makefile.build.in
|
||||
|
||||
%build
|
||||
%configure
|
||||
make
|
||||
|
||||
%install
|
||||
rm -rf $RPM_BUILD_ROOT
|
||||
make install DESTDIR=$RPM_BUILD_ROOT
|
||||
rm $RPM_BUILD_ROOT%{_libdir}/ocaml/camlimages/*.o
|
||||
rm $RPM_BUILD_ROOT%{_libdir}/ocaml/camlimages/*.cmo
|
||||
rm $RPM_BUILD_ROOT%{_libdir}/ocaml/camlimages/*.mli
|
||||
|
||||
%clean
|
||||
rm -rf $RPM_BUILD_ROOT
|
||||
|
||||
|
||||
%files
|
||||
%defattr(-,root,root,-)
|
||||
%doc Announce Announce-2.2 CHANGES LICENSE README doc/
|
||||
%{_libdir}/ocaml/stublibs/*.so
|
||||
|
||||
%files devel
|
||||
%defattr(-,root,root,-)
|
||||
%doc htmlref/
|
||||
%{_libdir}/ocaml/camlimages
|
||||
|
||||
|
||||
%changelog
|
||||
* Fri Oct 16 2009 Richard W.M. Jones <rjones@redhat.com> - 2.2.0-12
|
||||
- ocaml-camlimages: TIFF reader multiple integer overflows
|
||||
(CVE 2009-3296 / RHBZ#528732).
|
||||
- Changed dep back to 'lablgtk' so this can build.
|
||||
|
||||
* Fri Jul 3 2009 Richard W.M. Jones <rjones@redhat.com> - 2.2.0-10
|
||||
- ocaml-camlimages: PNG reader multiple integer overflows
|
||||
(CVE 2009-2295 / RHBZ#509531).
|
||||
- Changed dep from 'lablgtk' to 'ocaml-lablgtk'.
|
||||
|
||||
* Fri May 04 2007 Nigel Jones <dev@nigelj.com> 2.2.0-7
|
||||
- Change to Makefile patch to move .so files to stublibs
|
||||
- Rename to ocaml-camlimages
|
||||
- Other changes per review
|
||||
|
||||
* Thu May 03 2007 Nigel Jones <dev@nigelj.com> 2.2.0-6
|
||||
- Include .*a files just to make sure
|
||||
|
||||
* Thu May 03 2007 Nigel Jones <dev@nigelj.com> 2.2.0-5
|
||||
- Revert -4 changes
|
||||
- Remove excludedirs patch, replace with a sed
|
||||
- Provide html documentation generated from running ocaml-ocamldoc
|
||||
|
||||
* Thu Apr 26 2007 Nigel Jones <dev@nigelj.com> 2.2.0-4
|
||||
- Add Provides: camlimages-static, and LICENSE to -devel docs
|
||||
|
||||
* Thu Apr 12 2007 Nigel Jones <dev@nigelj.com> 2.2.0-3
|
||||
- Remove .a & .o files
|
||||
|
||||
* Wed Apr 11 2007 Nigel Jones <dev@nigelj.com> 2.2.0-2
|
||||
- Add missing dependencies
|
||||
|
||||
* Tue Apr 10 2007 Nigel Jones <dev@nigelj.com> 2.2.0-1
|
||||
- Initial spec file
|
Loading…
Reference in New Issue
Block a user