- patch for CVE-2008-2426; buffer overflow in xpm loader

2008-05-30 10:09:15 +00:00 · 2008-05-30 10:09:15 +00:00 · 197d35e202
commit 197d35e202
parent c4c72a1c43
2 changed files with 18 additions and 1 deletions
--- a/imlib2-1.4.0-CVE-2008-2426.patch
+++ b/imlib2-1.4.0-CVE-2008-2426.patch
@ -0,0 +1,12 @@
+diff -up imlib2-1.4.0/src/modules/loaders/loader_xpm.c.CVE-2008-2426 imlib2-1.4.0/src/modules/loaders/loader_xpm.c
+--- imlib2-1.4.0/src/modules/loaders/loader_xpm.c.CVE-2008-2426	2008-05-30 11:54:06.000000000 +0200
+++ imlib2-1.4.0/src/modules/loaders/loader_xpm.c	2008-05-30 11:54:40.000000000 +0200
+@@ -284,7 +284,7 @@ load(ImlibImage * im, ImlibProgressFunct
+                                  if (line[k] != ' ')
+                                    {
+                                       s[0] = 0;
+-                                      sscanf(&line[k], "%65535s", s);
+                                      sscanf(&line[k], "%255s", s);
+                                       slen = strlen(s);
+                                       k += slen;
+                                       if (!strcmp(s, "c"))
--- a/imlib2.spec
+++ b/imlib2.spec
@ -1,7 +1,7 @@
 Summary:        Image loading, saving, rendering, and manipulation library
 Name:           imlib2
 Version:        1.4.0
-Release:        6%{?dist}
+Release:        7%{?dist}
 License:        Imlib2
 Group:          System Environment/Libraries
 URL:            http://docs.enlightenment.org/api/imlib2/html/
@ -9,6 +9,7 @@ Source0:        http://downloads.sourceforge.net/enlightenment/%{name}-%{version
 Patch0:         imlib2-1.2.1-X11-path.patch
 Patch1:         imlib2-1.3.0-multilib.patch
 Patch2:         imlib2-1.3.0-loader_overflows.patch
+Patch3:         imlib2-1.4.0-CVE-2008-2426.patch
 BuildRoot:      %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n)
 BuildRequires:  libjpeg-devel libpng-devel libtiff-devel
 BuildRequires:  giflib-devel freetype-devel >= 2.1.9-4 libtool bzip2-devel
@ -60,6 +61,7 @@ conditions of the GPL version 2 (or at your option) any later version.
 %patch0 -p1 -b .x11-path
 %patch1 -p1 -b .multilib
 %patch2 -p1 -b .overflow
+%patch3 -p1 -b .CVE-2008-2426
 # sigh stop autoxxx from rerunning because of our patches above.
 touch aclocal.m4
 touch configure
@ -128,6 +130,9 @@ rm -rf $RPM_BUILD_ROOT
 %{_libdir}/imlib2/loaders/id3.*

 %changelog
+* Fri May 30 2008 Tomas Smetana <tsmetana@redhat.com> 1.4.0-7
+- patch for CVE-2008-2426
+
 * Tue Mar 11 2008 Hans de Goede <j.w.r.degoede@hhs.nl> 1.4.0-6
 - Disable amd64 assembly optimization. (Kills idesk - #222998, #436924)