summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorAndrew Savchenko <bircoph@gentoo.org>2021-05-22 14:36:04 +0300
committerAndrew Savchenko <bircoph@gentoo.org>2021-05-22 14:39:14 +0300
commit9e49df2222085dded48b58473bc2fd6347f8352f (patch)
treebf28ad21d4fb77cd297b31369d40b872212bfa1c
parentapp-portage/flaggie: Enable python3.9 (diff)
downloadgentoo-9e49df2222085dded48b58473bc2fd6347f8352f.tar.gz
gentoo-9e49df2222085dded48b58473bc2fd6347f8352f.tar.bz2
gentoo-9e49df2222085dded48b58473bc2fd6347f8352f.zip
media-libs/libcaca: fix multiple CVEs and docs build failure
CVE fixed (using Debian patchset): CVE-2018-20544, CVE-2018-20545, CVE-2018-20546, CVE-2018-20547, CVE-2018-20549, CVE-2021-3410. Fix docs build failure (doxygen and latex issues) using both Debian patch and patch from bug 543870#c11. Install docs into proper path. Bug: https://bugs.gentoo.org/543870 Bug: https://bugs.gentoo.org/772317 Package-Manager: Portage-3.0.18, Repoman-3.0.3 Signed-off-by: Andrew Savchenko <bircoph@gentoo.org>
-rw-r--r--media-libs/libcaca/files/100_doxygen.diff170
-rw-r--r--media-libs/libcaca/files/CVE-2018-20544.patch45
-rw-r--r--media-libs/libcaca/files/CVE-2018-20545+20547+20549.patch34
-rw-r--r--media-libs/libcaca/files/CVE-2018-20546+20547.patch36
-rw-r--r--media-libs/libcaca/files/Fix-a-problem-in-the-caca_resize-overflow-detection-.patch135
-rw-r--r--media-libs/libcaca/files/canvas-fix-an-integer-overflow-in-caca_resize.patch141
-rw-r--r--media-libs/libcaca/files/fix-css-path.patch12
-rw-r--r--media-libs/libcaca/libcaca-0.99_beta19-r4.ebuild182
8 files changed, 755 insertions, 0 deletions
diff --git a/media-libs/libcaca/files/100_doxygen.diff b/media-libs/libcaca/files/100_doxygen.diff
new file mode 100644
index 000000000000..f537f37b6d35
--- /dev/null
+++ b/media-libs/libcaca/files/100_doxygen.diff
@@ -0,0 +1,170 @@
+Description: Don't mess with Doxygen's output
+Author: Balint Reczey <balint@balintreczey.hu>
+Index: libcaca-0.99.beta19/doc/Makefile.am
+===================================================================
+--- libcaca-0.99.beta19.orig/doc/Makefile.am
++++ libcaca-0.99.beta19/doc/Makefile.am
+@@ -28,10 +28,7 @@ stamp-latex: stamp-doxygen
+ if BUILD_DOCUMENTATION
+ if USE_LATEX
+ rm -f latex/libcaca.tex latex/libcaca.pdf
+- mv latex/refman.tex latex/libcaca.tex
+- sed 's/setlength{/renewcommand{/' latex/libcaca.tex \
+- | sed 's/.*usepackage.*times.*//' > latex/refman.tex
+- cd latex && $(MAKE) $(AM_CFLAGS) refman.pdf || (cat refman.log; exit 1)
++ (cd latex && pdflatex refman ; makeindex refman.idx ; pdflatex refman ; pdflatex refman ; pdflatex refman ; pdflatex refman ; pdflatex refman; echo "pdflatex exit code: $$?")
+ mv latex/refman.pdf latex/libcaca.pdf
+ touch stamp-latex
+ endif
+Index: libcaca-0.99.beta19/doc/doxygen.cfg.in
+===================================================================
+--- libcaca-0.99.beta19.orig/doc/doxygen.cfg.in
++++ libcaca-0.99.beta19/doc/doxygen.cfg.in
+@@ -1,4 +1,4 @@
+-# Doxyfile 1.8.6
++# Doxyfile 1.8.7
+
+ # This file describes the settings to be used by the documentation system
+ # doxygen (www.doxygen.org) for a project.
+@@ -70,6 +70,14 @@ OUTPUT_DIRECTORY = .
+
+ CREATE_SUBDIRS = NO
+
++# If the ALLOW_UNICODE_NAMES tag is set to YES, doxygen will allow non-ASCII
++# characters to appear in the names of generated files. If set to NO, non-ASCII
++# characters will be escaped, for example _xE3_x81_x84 will be used for Unicode
++# U+3044.
++# The default value is: NO.
++
++ALLOW_UNICODE_NAMES = NO
++
+ # The OUTPUT_LANGUAGE tag is used to specify the language in which all
+ # documentation generated by doxygen is written. Doxygen will use this
+ # information to generate all constant output in the proper language.
+@@ -261,9 +269,12 @@ OPTIMIZE_OUTPUT_VHDL = NO
+ # extension. Doxygen has a built-in mapping, but you can override or extend it
+ # using this tag. The format is ext=language, where ext is a file extension, and
+ # language is one of the parsers supported by doxygen: IDL, Java, Javascript,
+-# C#, C, C++, D, PHP, Objective-C, Python, Fortran, VHDL. For instance to make
+-# doxygen treat .inc files as Fortran files (default is PHP), and .f files as C
+-# (default is Fortran), use: inc=Fortran f=C.
++# C#, C, C++, D, PHP, Objective-C, Python, Fortran (fixed format Fortran:
++# FortranFixed, free formatted Fortran: FortranFree, unknown formatted Fortran:
++# Fortran. In the later case the parser tries to guess whether the code is fixed
++# or free formatted code, this is the default for Fortran type files), VHDL. For
++# instance to make doxygen treat .inc files as Fortran files (default is PHP),
++# and .f files as C (default is Fortran), use: inc=Fortran f=C.
+ #
+ # Note For files without extension you can use no_extension as a placeholder.
+ #
+@@ -1242,7 +1253,8 @@ GENERATE_CHI = NO
+ CHM_INDEX_ENCODING =
+
+ # The BINARY_TOC flag controls whether a binary table of contents is generated (
+-# YES) or a normal table of contents ( NO) in the .chm file.
++# YES) or a normal table of contents ( NO) in the .chm file. Furthermore it
++# enables the Previous and Next buttons.
+ # The default value is: NO.
+ # This tag requires that the tag GENERATE_HTMLHELP is set to YES.
+
+@@ -1482,11 +1494,11 @@ SEARCHENGINE = NO
+
+ # When the SERVER_BASED_SEARCH tag is enabled the search engine will be
+ # implemented using a web server instead of a web client using Javascript. There
+-# are two flavours of web server based searching depending on the
+-# EXTERNAL_SEARCH setting. When disabled, doxygen will generate a PHP script for
+-# searching and an index file used by the script. When EXTERNAL_SEARCH is
+-# enabled the indexing and searching needs to be provided by external tools. See
+-# the section "External Indexing and Searching" for details.
++# are two flavors of web server based searching depending on the EXTERNAL_SEARCH
++# setting. When disabled, doxygen will generate a PHP script for searching and
++# an index file used by the script. When EXTERNAL_SEARCH is enabled the indexing
++# and searching needs to be provided by external tools. See the section
++# "External Indexing and Searching" for details.
+ # The default value is: NO.
+ # This tag requires that the tag SEARCHENGINE is set to YES.
+
+@@ -1774,6 +1786,13 @@ MAN_OUTPUT = man
+
+ MAN_EXTENSION = .3caca
+
++# The MAN_SUBDIR tag determines the name of the directory created within
++# MAN_OUTPUT in which the man pages are placed. If defaults to man followed by
++# MAN_EXTENSION with the initial . removed.
++# This tag requires that the tag GENERATE_MAN is set to YES.
++
++MAN_SUBDIR =
++
+ # If the MAN_LINKS tag is set to YES and doxygen generates man output, then it
+ # will generate one additional man file for each entity documented in the real
+ # man page(s). These additional files only source the real man page, but without
+@@ -1801,18 +1820,6 @@ GENERATE_XML = NO
+
+ XML_OUTPUT = xml
+
+-# The XML_SCHEMA tag can be used to specify a XML schema, which can be used by a
+-# validating XML parser to check the syntax of the XML files.
+-# This tag requires that the tag GENERATE_XML is set to YES.
+-
+-XML_SCHEMA =
+-
+-# The XML_DTD tag can be used to specify a XML DTD, which can be used by a
+-# validating XML parser to check the syntax of the XML files.
+-# This tag requires that the tag GENERATE_XML is set to YES.
+-
+-XML_DTD =
+-
+ # If the XML_PROGRAMLISTING tag is set to YES doxygen will dump the program
+ # listings (including syntax highlighting and cross-referencing information) to
+ # the XML output. Note that enabling this will significantly increase the size
+@@ -1961,9 +1968,9 @@ EXPAND_AS_DEFINED = __extern \
+ __class
+
+ # If the SKIP_FUNCTION_MACROS tag is set to YES then doxygen's preprocessor will
+-# remove all refrences to function-like macros that are alone on a line, have an
+-# all uppercase name, and do not end with a semicolon. Such function macros are
+-# typically used for boiler-plate code, and will confuse the parser if not
++# remove all references to function-like macros that are alone on a line, have
++# an all uppercase name, and do not end with a semicolon. Such function macros
++# are typically used for boiler-plate code, and will confuse the parser if not
+ # removed.
+ # The default value is: YES.
+ # This tag requires that the tag ENABLE_PREPROCESSING is set to YES.
+@@ -1983,7 +1990,7 @@ SKIP_FUNCTION_MACROS = YES
+ # where loc1 and loc2 can be relative or absolute paths or URLs. See the
+ # section "Linking to external documentation" for more information about the use
+ # of tag files.
+-# Note: Each tag file must have an unique name (where the name does NOT include
++# Note: Each tag file must have a unique name (where the name does NOT include
+ # the path). If a tag file is not located in the directory in which doxygen is
+ # run, you must also specify the path to the tagfile here.
+
+@@ -2061,7 +2068,7 @@ HIDE_UNDOC_RELATIONS = YES
+ # http://www.graphviz.org/), a graph visualization toolkit from AT&T and Lucent
+ # Bell Labs. The other options in this section have no effect if this option is
+ # set to NO
+-# The default value is: NO.
++# The default value is: YES.
+
+ HAVE_DOT = NO
+
+@@ -2083,7 +2090,7 @@ DOT_NUM_THREADS = 0
+ # The default value is: Helvetica.
+ # This tag requires that the tag HAVE_DOT is set to YES.
+
+-#DOT_FONTNAME = FreeSans
++DOT_FONTNAME = Helvetica
+
+ # The DOT_FONTSIZE tag can be used to set the size (in points) of the font of
+ # dot graphs.
+@@ -2213,7 +2220,9 @@ DIRECTORY_GRAPH = YES
+ # Note: If you choose svg you need to set HTML_FILE_EXTENSION to xhtml in order
+ # to make the SVG files visible in IE 9+ (other browsers do not have this
+ # requirement).
+-# Possible values are: png, jpg, gif and svg.
++# Possible values are: png, png:cairo, png:cairo:cairo, png:cairo:gd, png:gd,
++# png:gd:gd, jpg, jpg:cairo, jpg:cairo:gd, jpg:gd, jpg:gd:gd, gif, gif:cairo,
++# gif:cairo:gd, gif:gd, gif:gd:gd and svg.
+ # The default value is: png.
+ # This tag requires that the tag HAVE_DOT is set to YES.
+
diff --git a/media-libs/libcaca/files/CVE-2018-20544.patch b/media-libs/libcaca/files/CVE-2018-20544.patch
new file mode 100644
index 000000000000..072c1dda0502
--- /dev/null
+++ b/media-libs/libcaca/files/CVE-2018-20544.patch
@@ -0,0 +1,45 @@
+From 84bd155087b93ab2d8d7cb5b1ac94ecd4cf4f93c Mon Sep 17 00:00:00 2001
+From: Sam Hocevar <sam@hocevar.net>
+Date: Sat, 29 Dec 2018 22:13:56 +0100
+Subject: [PATCH] dither: fix integer overflows that were causing a division by
+ zero.
+
+Fixes: #36 (CVE-2018-20544)
+---
+ caca/dither.c | 16 ++++++++--------
+ 1 file changed, 8 insertions(+), 8 deletions(-)
+
+diff --git a/caca/dither.c b/caca/dither.c
+index 04b678e0..c6ebab1b 100644
+--- a/caca/dither.c
++++ b/caca/dither.c
+@@ -991,10 +991,10 @@ int caca_dither_bitmap(caca_canvas_t *cv, int x, int y, int w, int h,
+ /* First get RGB */
+ if(d->antialias)
+ {
+- fromx = (x - x1) * w / deltax;
+- fromy = (y - y1) * h / deltay;
+- tox = (x - x1 + 1) * w / deltax;
+- toy = (y - y1 + 1) * h / deltay;
++ fromx = (uint64_t)(x - x1) * w / deltax;
++ fromy = (uint64_t)(y - y1) * h / deltay;
++ tox = (uint64_t)(x - x1 + 1) * w / deltax;
++ toy = (uint64_t)(y - y1 + 1) * h / deltay;
+
+ /* We want at least one pixel */
+ if(tox == fromx) tox++;
+@@ -1017,10 +1017,10 @@ int caca_dither_bitmap(caca_canvas_t *cv, int x, int y, int w, int h,
+ }
+ else
+ {
+- fromx = (x - x1) * w / deltax;
+- fromy = (y - y1) * h / deltay;
+- tox = (x - x1 + 1) * w / deltax;
+- toy = (y - y1 + 1) * h / deltay;
++ fromx = (uint64_t)(x - x1) * w / deltax;
++ fromy = (uint64_t)(y - y1) * h / deltay;
++ tox = (uint64_t)(x - x1 + 1) * w / deltax;
++ toy = (uint64_t)(y - y1 + 1) * h / deltay;
+
+ /* tox and toy can overflow the canvas, but they cannot overflow
+ * when averaged with fromx and fromy because these are guaranteed
diff --git a/media-libs/libcaca/files/CVE-2018-20545+20547+20549.patch b/media-libs/libcaca/files/CVE-2018-20545+20547+20549.patch
new file mode 100644
index 000000000000..ff1ee48c6a67
--- /dev/null
+++ b/media-libs/libcaca/files/CVE-2018-20545+20547+20549.patch
@@ -0,0 +1,34 @@
+Description: img2txt: fix an integer overflow in the BMP loader.
+Origin: https://github.com/cacalabs/libcaca/commit/3e52dabe3e64dc50f4422effe364a1457a8a8592
+Forwarded: not-needed
+Applied-Upstream: https://github.com/cacalabs/libcaca/commit/3e52dabe3e64dc50f4422effe364a1457a8a8592
+Last-Update: 2019-04-06
+---
+This patch header follows DEP-3: http://dep.debian.net/deps/dep3/
+--- a/src/common-image.h
++++ b/src/common-image.h
+@@ -1,19 +1,19 @@
+ /*
+ * Imaging tools for cacaview and img2irc
+- * Copyright (c) 2003-2012 Sam Hocevar <sam@hocevar.net>
+- * All Rights Reserved
++ * Copyright (c) 2003-2018 Sam Hocevar <sam@hocevar.net>
++ * All Rights Reserved
+ *
+ * This program is free software. It comes without any warranty, to
+ * the extent permitted by applicable law. You can redistribute it
+ * and/or modify it under the terms of the Do What the Fuck You Want
+- * to Public License, Version 2, as published by Sam Hocevar. See
+- * http://www.wtfpl.net/ for more details.
++ * to Public License, Version 2, as published by the WTFPL Task Force.
++ * See http://www.wtfpl.net/ for more details.
+ */
+
+ struct image
+ {
+ char *pixels;
+- unsigned int w, h;
++ size_t w, h;
+ struct caca_dither *dither;
+ void *priv;
+ };
diff --git a/media-libs/libcaca/files/CVE-2018-20546+20547.patch b/media-libs/libcaca/files/CVE-2018-20546+20547.patch
new file mode 100644
index 000000000000..95b072bfc398
--- /dev/null
+++ b/media-libs/libcaca/files/CVE-2018-20546+20547.patch
@@ -0,0 +1,36 @@
+From 02a09ec9e5ed8981e7a810bfb6a0172dc24f0790 Mon Sep 17 00:00:00 2001
+From: Sam Hocevar <sam@hocevar.net>
+Date: Sun, 30 Dec 2018 13:18:27 +0100
+Subject: [PATCH] dither: fix integer multiplication overflow that caused
+ crashes.
+
+Fixes: #38 (CVE-2018-20546)
+Fixes: #39 (CVE-2018-20547)
+---
+ caca/dither.c | 6 +++---
+ 1 file changed, 3 insertions(+), 3 deletions(-)
+
+diff --git a/caca/dither.c b/caca/dither.c
+index c6ebab1b..b2e24e55 100644
+--- a/caca/dither.c
++++ b/caca/dither.c
+@@ -6,8 +6,8 @@
+ * This library is free software. It comes without any warranty, to
+ * the extent permitted by applicable law. You can redistribute it
+ * and/or modify it under the terms of the Do What the Fuck You Want
+- * to Public License, Version 2, as published by Sam Hocevar. See
+- * http://www.wtfpl.net/ for more details.
++ * to Public License, Version 2, as published by the WTFPL Task Force.
++ * See http://www.wtfpl.net/ for more details.
+ */
+
+ /*
+@@ -116,7 +116,7 @@ enum color_mode
+ struct caca_dither
+ {
+ int bpp, has_palette, has_alpha;
+- int w, h, pitch;
++ size_t w, h, pitch;
+ int rmask, gmask, bmask, amask;
+ int rright, gright, bright, aright;
+ int rleft, gleft, bleft, aleft;
diff --git a/media-libs/libcaca/files/Fix-a-problem-in-the-caca_resize-overflow-detection-.patch b/media-libs/libcaca/files/Fix-a-problem-in-the-caca_resize-overflow-detection-.patch
new file mode 100644
index 000000000000..5305a6bdf21c
--- /dev/null
+++ b/media-libs/libcaca/files/Fix-a-problem-in-the-caca_resize-overflow-detection-.patch
@@ -0,0 +1,135 @@
+From: Sam Hocevar <sam@hocevar.net>
+Date: Fri, 26 Feb 2021 12:40:06 +0100
+Subject: [2/2] Fix a problem in the caca_resize() overflow detection and add
+ several unit tests.
+Origin: https://github.com/cacalabs/libcaca/commit/e4968ba6e93e9fd35429eb16895c785c51072015
+Bug: https://github.com/cacalabs/libcaca/issues/52
+Bug-Debian: https://bugs.debian.org/983686
+Bug-Debian-Security: https://security-tracker.debian.org/tracker/CVE-2021-3410
+
+---
+ caca/canvas.c | 16 ++++++++--------
+ test/canvas.cpp | 18 +++++++++++++++---
+ tools/makefont.c | 22 +++++++++++++++++++---
+ 3 files changed, 42 insertions(+), 14 deletions(-)
+
+--- a/caca/canvas.c
++++ b/caca/canvas.c
+@@ -367,6 +367,14 @@ int caca_resize(caca_canvas_t *cv, int w
+ {
+ int x, y, f, old_width, old_height, old_size;
+
++ /* Check for overflow */
++ int new_size = width * height;
++ if (new_size < 0 || (width > 0 && new_size / width != height))
++ {
++ seterrno(EOVERFLOW);
++ return -1;
++ }
++
+ old_width = cv->width;
+ old_height = cv->height;
+ old_size = old_width * old_height;
+@@ -377,14 +385,6 @@ int caca_resize(caca_canvas_t *cv, int w
+ * dirty rectangle handling */
+ cv->width = width;
+ cv->height = height;
+- int new_size = width * height;
+-
+- /* Check for overflow */
+- if (new_size / width != height)
+- {
+- seterrno(EOVERFLOW);
+- return -1;
+- }
+
+ /* If width or height is smaller (or both), we have the opportunity to
+ * reduce or even remove dirty rectangles */
+--- a/test/canvas.cpp
++++ b/test/canvas.cpp
+@@ -16,6 +16,7 @@
+ #include <cppunit/TestCaller.h>
+ #include <cppunit/TestCase.h>
+ #include <cppunit/TestSuite.h>
++#include <climits>
+
+ #include "caca.h"
+
+@@ -53,18 +54,29 @@ public:
+ CPPUNIT_ASSERT_EQUAL(caca_get_canvas_width(cv), 0);
+ CPPUNIT_ASSERT_EQUAL(caca_get_canvas_height(cv), 0);
+
+- caca_set_canvas_size(cv, 1, 1);
++ int ret = caca_set_canvas_size(cv, 1, 1);
++ CPPUNIT_ASSERT_EQUAL(ret, 0);
+ CPPUNIT_ASSERT_EQUAL(caca_get_canvas_width(cv), 1);
+ CPPUNIT_ASSERT_EQUAL(caca_get_canvas_height(cv), 1);
+
+- caca_set_canvas_size(cv, 1234, 1001);
++ ret = caca_set_canvas_size(cv, 1234, 1001);
++ CPPUNIT_ASSERT_EQUAL(ret, 0);
+ CPPUNIT_ASSERT_EQUAL(caca_get_canvas_width(cv), 1234);
+ CPPUNIT_ASSERT_EQUAL(caca_get_canvas_height(cv), 1001);
+
+- caca_set_canvas_size(cv, 0, 0);
++ ret = caca_set_canvas_size(cv, 0, 0);
++ CPPUNIT_ASSERT_EQUAL(ret, 0);
+ CPPUNIT_ASSERT_EQUAL(caca_get_canvas_width(cv), 0);
+ CPPUNIT_ASSERT_EQUAL(caca_get_canvas_height(cv), 0);
+
++ CPPUNIT_ASSERT_EQUAL(-1, caca_set_canvas_size(cv, -1, 50));
++ CPPUNIT_ASSERT_EQUAL(-1, caca_set_canvas_size(cv, 50, -1));
++ CPPUNIT_ASSERT_EQUAL(-1, caca_set_canvas_size(cv, -1, -1));
++ CPPUNIT_ASSERT_EQUAL(-1, caca_set_canvas_size(cv, INT_MAX / 2, 3));
++ CPPUNIT_ASSERT_EQUAL(-1, caca_set_canvas_size(cv, 3, INT_MAX / 2));
++ CPPUNIT_ASSERT_EQUAL(-1, caca_set_canvas_size(cv, INT_MAX / 2, INT_MAX / 2));
++ CPPUNIT_ASSERT_EQUAL(0, caca_set_canvas_size(cv, 0, 0));
++
+ caca_free_canvas(cv);
+ }
+
+--- a/tools/makefont.c
++++ b/tools/makefont.c
+@@ -40,7 +40,8 @@
+ * and the UTF-8 glyphs necessary for canvas rotation and mirroring. */
+ static unsigned int const blocklist[] =
+ {
+- 0x0000, 0x0080, /* Basic latin: A, B, C, a, b, c */
++ 0x0020, 0x0080, /* Basic latin: A, B, C, a, b, c */
++#if 0
+ 0x0080, 0x0100, /* Latin-1 Supplement: Ä, Ç, å, ß */
+ 0x0100, 0x0180, /* Latin Extended-A: Ā č Ō œ */
+ 0x0180, 0x0250, /* Latin Extended-B: Ǝ Ƹ */
+@@ -63,6 +64,7 @@ static unsigned int const blocklist[] =
+ 0x30a0, 0x3100, /* Katakana: ロ ル */
+ 0xff00, 0xfff0, /* Halfwidth and Fullwidth Forms: A, B, C, a, b, c */
+ 0x10400, 0x10450, /* Deseret: 𐐒 𐐋 */
++#endif
+ 0, 0
+ };
+
+@@ -317,8 +319,22 @@ int main(int argc, char *argv[])
+ printf_unicode(&gtab[n]);
+
+ if(gtab[n].same_as == n)
+- printf_hex(" */ %s\n",
+- glyph_data + gtab[n].data_offset, gtab[n].data_size);
++ {
++ char const *lut = " .:nmW@";
++ printf("\n");
++ for (int y = 0; y < height; ++y)
++ {
++ for (int x = 0; x < gtab[n].data_width; ++x)
++ {
++ int val = glyph_data[gtab[n].data_offset + y * gtab[n].data_width + x];
++ char ch = lut[val * val * 7 / 256 / 256];
++ printf("%c%c", ch, ch);
++ }
++ printf("\n");
++ }
++ //printf_hex(" */ %s\n",
++ // glyph_data + gtab[n].data_offset, gtab[n].data_size);
++ }
+ else
+ {
+ printf(" is ");
diff --git a/media-libs/libcaca/files/canvas-fix-an-integer-overflow-in-caca_resize.patch b/media-libs/libcaca/files/canvas-fix-an-integer-overflow-in-caca_resize.patch
new file mode 100644
index 000000000000..020f1a3603d4
--- /dev/null
+++ b/media-libs/libcaca/files/canvas-fix-an-integer-overflow-in-caca_resize.patch
@@ -0,0 +1,141 @@
+From: Sam Hocevar <sam@hocevar.net>
+Date: Fri, 26 Feb 2021 10:55:38 +0100
+Subject: [1/2] canvas: fix an integer overflow in caca_resize().
+Origin: https://github.com/cacalabs/libcaca/commit/46b4ea7cea72d6b3ffe65d33e604b1774dcc2bbd
+Bug: https://github.com/cacalabs/libcaca/issues/52
+Bug-Debian: https://bugs.debian.org/983686
+Bug-Debian-Security: https://security-tracker.debian.org/tracker/CVE-2021-3410
+
+Fixes: #52 (CVE-2021-3410)
+---
+ caca/canvas.c | 13 +++++++++++--
+ caca/codec/import.c | 1 +
+ caca/codec/text.c | 21 ++++++++++++++-------
+ 3 files changed, 26 insertions(+), 9 deletions(-)
+
+diff --git a/caca/canvas.c b/caca/canvas.c
+index 3fdd37ae8ef9..d07153926c3a 100644
+--- a/caca/canvas.c
++++ b/caca/canvas.c
+@@ -45,6 +45,7 @@ static int caca_resize(caca_canvas_t *, int, int);
+ *
+ * If an error occurs, NULL is returned and \b errno is set accordingly:
+ * - \c EINVAL Specified width or height is invalid.
++ * - \c EOVERFLOW Specified width and height overflowed.
+ * - \c ENOMEM Not enough memory for the requested canvas size.
+ *
+ * \param width The desired canvas width
+@@ -200,6 +201,7 @@ int caca_unmanage_canvas(caca_canvas_t *cv, int (*callback)(void *), void *p)
+ *
+ * If an error occurs, -1 is returned and \b errno is set accordingly:
+ * - \c EINVAL Specified width or height is invalid.
++ * - \c EOVERFLOW Specified width and height overflowed.
+ * - \c EBUSY The canvas is in use by a display driver and cannot be resized.
+ * - \c ENOMEM Not enough memory for the requested canvas size. If this
+ * happens, the canvas handle becomes invalid and should not be used.
+@@ -363,7 +365,7 @@ int caca_rand(int min, int max)
+
+ int caca_resize(caca_canvas_t *cv, int width, int height)
+ {
+- int x, y, f, old_width, old_height, new_size, old_size;
++ int x, y, f, old_width, old_height, old_size;
+
+ old_width = cv->width;
+ old_height = cv->height;
+@@ -375,7 +377,14 @@ int caca_resize(caca_canvas_t *cv, int width, int height)
+ * dirty rectangle handling */
+ cv->width = width;
+ cv->height = height;
+- new_size = width * height;
++ int new_size = width * height;
++
++ /* Check for overflow */
++ if (new_size / width != height)
++ {
++ seterrno(EOVERFLOW);
++ return -1;
++ }
+
+ /* If width or height is smaller (or both), we have the opportunity to
+ * reduce or even remove dirty rectangles */
+diff --git a/caca/codec/import.c b/caca/codec/import.c
+index 8836fd0893e3..2dafe3cf97c1 100644
+--- a/caca/codec/import.c
++++ b/caca/codec/import.c
+@@ -61,6 +61,7 @@ static ssize_t import_caca(caca_canvas_t *, void const *, size_t);
+ *
+ * If an error occurs, -1 is returned and \b errno is set accordingly:
+ * - \c ENOMEM Not enough memory to allocate canvas.
++ * - \c EOVERFLOW Importing data caused a value overflow.
+ * - \c EINVAL Invalid format requested.
+ *
+ * \param cv A libcaca canvas in which to import the file.
+diff --git a/caca/codec/text.c b/caca/codec/text.c
+index 358b7224fe87..94a2a4d7bcdb 100644
+--- a/caca/codec/text.c
++++ b/caca/codec/text.c
+@@ -46,7 +46,7 @@ ssize_t _import_text(caca_canvas_t *cv, void const *data, size_t size)
+ char const *text = (char const *)data;
+ unsigned int width = 0, height = 0, x = 0, y = 0, i;
+
+- caca_set_canvas_size(cv, width, height);
++ caca_set_canvas_size(cv, 0, 0);
+
+ for(i = 0; i < size; i++)
+ {
+@@ -70,15 +70,19 @@ ssize_t _import_text(caca_canvas_t *cv, void const *data, size_t size)
+ if(y >= height)
+ height = y + 1;
+
+- caca_set_canvas_size(cv, width, height);
++ if (caca_set_canvas_size(cv, width, height) < 0)
++ return -1;
+ }
+
+ caca_put_char(cv, x, y, ch);
+ x++;
+ }
+
+- if(y > height)
+- caca_set_canvas_size(cv, width, height = y);
++ if (y > height)
++ {
++ if (caca_set_canvas_size(cv, width, height = y) < 0)
++ return -1;
++ }
+
+ return (ssize_t)size;
+ }
+@@ -431,7 +435,8 @@ ssize_t _import_ansi(caca_canvas_t *cv, void const *data, size_t size, int utf8)
+ {
+ savedattr = caca_get_attr(cv, -1, -1);
+ caca_set_attr(cv, im.clearattr);
+- caca_set_canvas_size(cv, width = x + wch, height);
++ if (caca_set_canvas_size(cv, width = x + wch, height) < 0)
++ return -1;
+ caca_set_attr(cv, savedattr);
+ }
+ else
+@@ -448,7 +453,8 @@ ssize_t _import_ansi(caca_canvas_t *cv, void const *data, size_t size, int utf8)
+ caca_set_attr(cv, im.clearattr);
+ if(growy)
+ {
+- caca_set_canvas_size(cv, width, height = y + 1);
++ if (caca_set_canvas_size(cv, width, height = y + 1) < 0)
++ return -1;
+ }
+ else
+ {
+@@ -480,7 +486,8 @@ ssize_t _import_ansi(caca_canvas_t *cv, void const *data, size_t size, int utf8)
+ {
+ savedattr = caca_get_attr(cv, -1, -1);
+ caca_set_attr(cv, im.clearattr);
+- caca_set_canvas_size(cv, width, height = y);
++ if (caca_set_canvas_size(cv, width, height = y))
++ return -1;
+ caca_set_attr(cv, savedattr);
+ }
+
+--
+2.30.0
+
diff --git a/media-libs/libcaca/files/fix-css-path.patch b/media-libs/libcaca/files/fix-css-path.patch
new file mode 100644
index 000000000000..ce48e4fbda05
--- /dev/null
+++ b/media-libs/libcaca/files/fix-css-path.patch
@@ -0,0 +1,12 @@
+https://bugs.gentoo.org/543870#c11
+--- a/doc/doxygen.cfg.in 2014-05-16 21:19:51.000000000 +0200
++++ b/doc/doxygen.cfg.in 2016-12-22 13:31:00.181040572 +0100
+@@ -1069,7 +1069,7 @@
+ # obsolete.
+ # This tag requires that the tag GENERATE_HTML is set to YES.
+
+-HTML_STYLESHEET = doxygen.css
++HTML_STYLESHEET = @srcdir@/doxygen.css
+
+ # The HTML_EXTRA_STYLESHEET tag can be used to specify an additional user-
+ # defined cascading style sheet that is included after the standard style sheets
diff --git a/media-libs/libcaca/libcaca-0.99_beta19-r4.ebuild b/media-libs/libcaca/libcaca-0.99_beta19-r4.ebuild
new file mode 100644
index 000000000000..a84afaa8b835
--- /dev/null
+++ b/media-libs/libcaca/libcaca-0.99_beta19-r4.ebuild
@@ -0,0 +1,182 @@
+# Copyright 1999-2021 Gentoo Authors
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI=7
+
+RUBY_OPTIONAL=yes
+#USE_RUBY=ruby20
+
+inherit autotools ruby-ng flag-o-matic java-pkg-opt-2 mono-env toolchain-funcs multilib-minimal
+
+MY_P=${P/_/.}
+DESCRIPTION="A library that creates colored ASCII-art graphics"
+HOMEPAGE="http://libcaca.zoy.org/"
+SRC_URI="http://libcaca.zoy.org/files/${PN}/${MY_P}.tar.gz"
+S="${WORKDIR}/${MY_P}"
+
+LICENSE="GPL-2 ISC LGPL-2.1 WTFPL-2"
+SLOT="0"
+KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~mips ~ppc ~ppc64 ~s390 ~sparc ~x86"
+IUSE="cxx doc imlib java mono ncurses opengl ruby slang static-libs test truetype X"
+RESTRICT="!test? ( test )"
+
+# ruby? ( ruby_targets_${USE_RUBY} )
+REQUIRED_USE=""
+
+# ruby? ( $(ruby_implementations_depend) )
+DEPEND="
+ imlib? ( >=media-libs/imlib2-1.4.6-r2[${MULTILIB_USEDEP}] )
+ mono? ( dev-lang/mono )
+ ncurses? ( >=sys-libs/ncurses-5.9-r3:0=[${MULTILIB_USEDEP}] )
+ opengl? (
+ >=virtual/glu-9.0-r1[${MULTILIB_USEDEP}]
+ >=virtual/opengl-7.0-r1[${MULTILIB_USEDEP}]
+ >=media-libs/freeglut-2.8.1[${MULTILIB_USEDEP}]
+ truetype? ( >=media-libs/ftgl-2.1.3_rc5 )
+ )
+ slang? ( >=sys-libs/slang-2.2.4-r1[${MULTILIB_USEDEP}] )
+ X? (
+ >=x11-libs/libX11-1.6.2[${MULTILIB_USEDEP}]
+ >=x11-libs/libXt-1.1.4[${MULTILIB_USEDEP}]
+ )
+"
+RDEPEND="java? ( >=virtual/jre-1.5 )"
+BDEPEND="
+ virtual/pkgconfig
+ doc? (
+ app-doc/doxygen
+ virtual/latex-base
+ >=dev-texlive/texlive-fontsrecommended-2012
+ >=dev-texlive/texlive-latexextra-2012
+ dev-texlive/texlive-latexrecommended
+ )
+ java? ( >=virtual/jdk-1.5 )
+ test? ( dev-util/cppunit )
+"
+
+DOCS=( AUTHORS ChangeLog NEWS NOTES README THANKS )
+
+PATCHES=(
+ # Fix out of source tests
+ "${FILESDIR}"/${PN}-0.99_beta18-fix-tests.patch
+ # Debian patches
+ "${FILESDIR}/CVE-2018-20544.patch"
+ "${FILESDIR}/CVE-2018-20545+20547+20549.patch"
+ "${FILESDIR}/CVE-2018-20546+20547.patch"
+ "${FILESDIR}/canvas-fix-an-integer-overflow-in-caca_resize.patch"
+ "${FILESDIR}/Fix-a-problem-in-the-caca_resize-overflow-detection-.patch"
+ "${FILESDIR}/100_doxygen.diff"
+ # Fix doxygen docs install, bug 543870
+ "${FILESDIR}/fix-css-path.patch"
+)
+
+pkg_setup() {
+ java-pkg-opt-2_pkg_setup
+ use mono && mono-env_pkg_setup
+}
+
+src_unpack() {
+ default
+}
+
+src_prepare() {
+ # bug #339962
+ sed -i -e '/doxygen_tests = check-doxygen/d' test/Makefile.am || die
+
+ sed -i \
+ -e 's:-g -O2 -fno-strength-reduce -fomit-frame-pointer::' \
+ -e 's:AM_CONFIG_HEADER:AC_CONFIG_HEADERS:' \
+ configure.ac || die
+
+ sed -i \
+ -e 's:$(JAVAC):$(JAVAC) $(JAVACFLAGS):' \
+ -e 's:libcaca_java_la_CPPFLAGS =:libcaca_java_la_CPPFLAGS = -I$(top_srcdir)/caca:' \
+ java/Makefile.am || die
+
+ if ! use truetype; then
+ sed -i -e '/PKG_CHECK_MODULES/s:ftgl:dIsAbLe&:' configure.ac || die
+ fi
+
+ if use imlib && ! use X; then
+ append-cflags -DX_DISPLAY_MISSING
+ fi
+
+ # bug #653400
+ append-cxxflags -std=c++11
+
+ # bug #601902
+ append-libs "$($(tc-getPKG_CONFIG) --libs ncurses)"
+
+ # fix docs install path, bug 543870#c14
+ sed -i "s/libcaca-dev/${PF}/g" doc/Makefile.am || die
+
+ default
+ eautoreconf
+
+ java-pkg-opt-2_src_prepare
+}
+
+multilib_src_configure() {
+ if multilib_is_native_abi; then
+ if use java; then
+ export JAVACFLAGS="$(java-pkg_javac-args)"
+ export JAVA_CFLAGS="$(java-pkg_get-jni-cflags)"
+ fi
+
+ # bug #44128
+ export VARTEXFONTS="${T}/fonts"
+
+ # bug #329651
+ use mono && export CSC="$(type -P gmcs)"
+ use ruby && use ruby_targets_${USE_RUBY} && export RUBY=$(ruby_implementation_command ${USE_RUBY})
+ fi
+
+ local myeconfargs=(
+ $(use_enable static-libs static)
+ $(use_enable slang)
+ $(use_enable ncurses)
+ $(use_enable X x11)
+ $(use_with X x)
+ --x-libraries=/usr/$(get_libdir)
+ $(use_enable opengl gl)
+ $(use_enable cxx)
+ $(use_enable imlib imlib2)
+ $(use_enable test cppunit)
+ $(multilib_native_use_enable java)
+ $(multilib_native_use_enable ruby)
+ --disable-python
+ $(multilib_native_use_enable mono csharp)
+ $(multilib_native_use_enable doc)
+ )
+
+ ECONF_SOURCE="${S}" econf "${myeconfargs[@]}"
+}
+
+multilib_src_compile() {
+ local _java_makeopts
+
+ # bug #480864
+ use java && _java_makeopts="-j1"
+ emake V=1 ${_java_makeopts}
+}
+
+multilib_src_test() {
+ emake V=1 -j1 check
+}
+
+multilib_src_install() {
+ emake V=1 DESTDIR="${D}" install
+
+ # Note: broken, see bug #508564 and bug #773913
+ if multilib_is_native_abi && use java; then
+ java-pkg_newjar java/libjava.jar
+ fi
+}
+
+multilib_src_install_all() {
+ einstalldocs
+
+ rm -rf "${ED}"/usr/share/java || die
+
+ find "${ED}" -name '*.la' -delete || die
+}