From 51c943e32d07edcda9c5b643123afb4aacf88d6b Mon Sep 17 00:00:00 2001
From: Tomas Smetana <tsmetana@fedoraproject.org>
Date: Sun, 23 Nov 2008 10:19:15 +0000
Subject: [PATCH] patch for CVE-2008-5187

---
 imlib2-1.4.2-cve-2008-5187 | 13 +++++++++++++
 imlib2.spec                |  7 ++++++-
 2 files changed, 19 insertions(+), 1 deletion(-)
 create mode 100644 imlib2-1.4.2-cve-2008-5187

diff --git a/imlib2-1.4.2-cve-2008-5187 b/imlib2-1.4.2-cve-2008-5187
new file mode 100644
index 0000000..7504f8d
--- /dev/null
+++ b/imlib2-1.4.2-cve-2008-5187
@@ -0,0 +1,13 @@
+diff -up imlib2-1.4.2/src/modules/loaders/loader_xpm.c.cve-2008-5187 imlib2-1.4.2/src/modules/loaders/loader_xpm.c
+--- imlib2-1.4.2/src/modules/loaders/loader_xpm.c.cve-2008-5187	2008-11-23 11:10:05.000000000 +0100
++++ imlib2-1.4.2/src/modules/loaders/loader_xpm.c	2008-11-23 11:10:38.000000000 +0100
+@@ -253,8 +253,8 @@ load(ImlibImage * im, ImlibProgressFunct
+                                  return 0;
+                               }
+                             ptr = im->data;
+-                            end = ptr + (sizeof(DATA32) * w * h);
+                             pixels = w * h;
++                            end = ptr + pixels;
+                          }
+                        else
+                          {
diff --git a/imlib2.spec b/imlib2.spec
index 688e196..f9cc9ac 100644
--- a/imlib2.spec
+++ b/imlib2.spec
@@ -1,13 +1,14 @@
 Summary:        Image loading, saving, rendering, and manipulation library
 Name:           imlib2
 Version:        1.4.2
-Release:        1%{?dist}
+Release:        2%{?dist}
 License:        Imlib2
 Group:          System Environment/Libraries
 URL:            http://docs.enlightenment.org/api/imlib2/html/
 Source0:        http://downloads.sourceforge.net/enlightenment/%{name}-%{version}.tar.bz2
 # Fedora specific multilib hack, upstream should switch to pkgconfig one day
 Patch0:         imlib2-1.3.0-multilib.patch
+Patch1:         imlib2-1.4.2-cve-2008-5187
 BuildRoot:      %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n)
 BuildRequires:  libjpeg-devel libpng-devel libtiff-devel
 BuildRequires:  giflib-devel freetype-devel >= 2.1.9-4 libtool bzip2-devel
@@ -57,6 +58,7 @@ conditions of the GPL version 2 (or at your option) any later version.
 %prep
 %setup -q
 %patch0 -p1 -b .multilib
+%patch1 -p1 -b .cve-2008-5187
 
 
 %build
@@ -121,6 +123,9 @@ rm -rf $RPM_BUILD_ROOT
 
 
 %changelog
+* Sun Nov 23 2008 Tomas Smetana <tsmetana@redhat.com> 1.4.2-2
+- patch for CVE-2008-5187
+
 * Tue Oct 21 2008 Tomas Smetana <tsmetana@redhat.com> 1.4.2-1
 - new upstream version 1.4.2