From 75dc46bb12b8b8cadeb404694fcea7fcc5378c81 Mon Sep 17 00:00:00 2001 From: Hans de Goede Date: Sun, 27 May 2007 20:34:16 +0000 Subject: [PATCH] - New upstream release 1.4.0 --- .cvsignore | 2 +- imlib2-1.3.0-loader_overflows.patch | 132 +--------------------------- imlib2.spec | 11 ++- sources | 2 +- 4 files changed, 10 insertions(+), 137 deletions(-) diff --git a/.cvsignore b/.cvsignore index 7e68360..8afd46c 100644 --- a/.cvsignore +++ b/.cvsignore @@ -1 +1 @@ -imlib2-1.3.0.tar.gz +imlib2-1.4.0.tar.gz diff --git a/imlib2-1.3.0-loader_overflows.patch b/imlib2-1.3.0-loader_overflows.patch index c0092c3..87269fd 100644 --- a/imlib2-1.3.0-loader_overflows.patch +++ b/imlib2-1.3.0-loader_overflows.patch @@ -10,7 +10,7 @@ diff -Nur imlib2-1.2.1/src/modules/loaders/loader_argb.c imlib2-1.2.1.new/src/mo FILE *f; if (im->data) -@@ -36,13 +36,15 @@ +@@ -36,6 +36,8 @@ { char buf[256], buf2[256]; @@ -19,14 +19,6 @@ diff -Nur imlib2-1.2.1/src/modules/loaders/loader_argb.c imlib2-1.2.1.new/src/mo if (!fgets(buf, 255, f)) { fclose(f); - return 0; - } - sscanf(buf, "%s %i %i %i", buf2, &w, &h, &alpha); -- if (strcmp(buf2, "ARGB")) -+ if (strcmp(buf2, "ARGB") || w < 1 || h < 1 || w > 16383 || h > 16383) - { - fclose(f); - return 0; diff -Nur imlib2-1.2.1/src/modules/loaders/loader_jpeg.c imlib2-1.2.1.new/src/modules/loaders/loader_jpeg.c --- imlib2-1.2.1/src/modules/loaders/loader_jpeg.c 2006-11-06 01:27:59.000000000 -0800 +++ imlib2-1.2.1.new/src/modules/loaders/loader_jpeg.c 2006-11-06 01:33:01.000000000 -0800 @@ -44,15 +36,6 @@ diff -Nur imlib2-1.2.1/src/modules/loaders/loader_jpeg.c imlib2-1.2.1.new/src/mo diff -Nur imlib2-1.2.1/src/modules/loaders/loader_lbm.c imlib2-1.2.1.new/src/modules/loaders/loader_lbm.c --- imlib2-1.2.1/src/modules/loaders/loader_lbm.c 2006-11-06 01:27:59.000000000 -0800 +++ imlib2-1.2.1.new/src/modules/loaders/loader_lbm.c 2006-11-06 01:30:41.000000000 -0800 -@@ -421,7 +421,7 @@ - - im->w = L2RWORD(ilbm.bmhd.data); - im->h = L2RWORD(ilbm.bmhd.data + 2); -- if (im->w <= 0 || im->h <= 0) ok = 0; -+ if (im->w <= 0 || im->h <= 0 || im->w > 16383 || im->h > 16383) ok = 0; - - ilbm.depth = ilbm.bmhd.data[8]; - if (ilbm.depth < 1 || (ilbm.depth > 8 && ilbm.depth != 24 && ilbm.depth != 32)) ok = 0; /* Only 1 to 8, 24, or 32 planes. */ @@ -453,6 +453,7 @@ } } @@ -87,23 +70,6 @@ diff -Nur imlib2-1.2.1/src/modules/loaders/loader_lbm.c imlib2-1.2.1.new/src/mod if (im->data) free(im->data); im->data = NULL; } -diff -Nur imlib2-1.2.1/src/modules/loaders/loader_png.c imlib2-1.2.1.new/src/modules/loaders/loader_png.c ---- imlib2-1.2.1/src/modules/loaders/loader_png.c 2006-11-06 01:27:59.000000000 -0800 -+++ imlib2-1.2.1.new/src/modules/loaders/loader_png.c 2006-11-06 01:30:41.000000000 -0800 -@@ -83,6 +83,13 @@ - png_get_IHDR(png_ptr, info_ptr, (png_uint_32 *) (&w32), - (png_uint_32 *) (&h32), &bit_depth, &color_type, - &interlace_type, NULL, NULL); -+ if (w32 < 1 || h32 < 1 || w32 > 16383 || h32 > 16383) -+ { -+ png_read_end(png_ptr, info_ptr); -+ png_destroy_read_struct(&png_ptr, &info_ptr, (png_infopp) NULL); -+ fclose(f); -+ return 0; -+ } - im->w = (int)w32; - im->h = (int)h32; - if (color_type == PNG_COLOR_TYPE_PALETTE) diff -Nur imlib2-1.2.1/src/modules/loaders/loader_pnm.c imlib2-1.2.1.new/src/modules/loaders/loader_pnm.c --- imlib2-1.2.1/src/modules/loaders/loader_pnm.c 2006-11-06 01:27:59.000000000 -0800 +++ imlib2-1.2.1.new/src/modules/loaders/loader_pnm.c 2006-11-06 01:30:41.000000000 -0800 @@ -119,24 +85,6 @@ diff -Nur imlib2-1.2.1/src/modules/loaders/loader_pnm.c imlib2-1.2.1.new/src/mod diff -Nur imlib2-1.2.1/src/modules/loaders/loader_tga.c imlib2-1.2.1.new/src/modules/loaders/loader_tga.c --- imlib2-1.2.1/src/modules/loaders/loader_tga.c 2006-11-06 01:27:59.000000000 -0800 +++ imlib2-1.2.1.new/src/modules/loaders/loader_tga.c 2006-11-06 01:30:41.000000000 -0800 -@@ -319,6 +319,7 @@ - { - unsigned long datasize; - unsigned char *bufptr; -+ unsigned char *bufend; - DATA32 *dataptr; - - int y, pl = 0; -@@ -348,6 +349,9 @@ - /* bufptr is the next byte to be read from the buffer */ - bufptr = filedata; - -+ /* bufend is one past the last byte to be read from the buffer */ -+ bufend = filedata + datasize; -+ - /* dataptr is the next 32-bit pixel to be filled in */ - dataptr = im->data; - @@ -365,7 +369,9 @@ else dataptr = im->data + (y * im->w); @@ -148,81 +96,3 @@ diff -Nur imlib2-1.2.1/src/modules/loaders/loader_tga.c imlib2-1.2.1.new/src/mod { switch (bpp) { -@@ -422,8 +428,8 @@ - unsigned char curbyte, red, green, blue, alpha; - DATA32 *final_pixel = dataptr + im->w * im->h; - -- /* loop until we've got all the pixels */ -- while (dataptr < final_pixel) -+ /* loop until we've got all the pixels or run out of input */ -+ while (dataptr < final_pixel && bufptr+1+bpp/8 < bufend) - { - int count; - -@@ -441,7 +447,7 @@ - green = *bufptr++; - red = *bufptr++; - alpha = *bufptr++; -- for (i = 0; i < count; i++) -+ for (i = 0; i < count && dataptr < final_pixel; i++) - { - WRITE_RGBA(dataptr, red, green, blue, alpha); - dataptr++; -@@ -452,7 +458,7 @@ - blue = *bufptr++; - green = *bufptr++; - red = *bufptr++; -- for (i = 0; i < count; i++) -+ for (i = 0; i < count && dataptr < final_pixel; i++) - { - WRITE_RGBA(dataptr, red, green, blue, - (char)0xff); -@@ -462,7 +468,7 @@ - - case 8: - alpha = *bufptr++; -- for (i = 0; i < count; i++) -+ for (i = 0; i < count && dataptr < final_pixel; i++) - { - WRITE_RGBA(dataptr, alpha, alpha, alpha, - (char)0xff); -@@ -477,7 +483,7 @@ - { - int i; - -- for (i = 0; i < count; i++) -+ for (i = 0; i < count && dataptr < final_pixel; i++) - { - switch (bpp) - { -diff -Nur imlib2-1.2.1/src/modules/loaders/loader_tiff.c imlib2-1.2.1.new/src/modules/loaders/loader_tiff.c ---- imlib2-1.2.1/src/modules/loaders/loader_tiff.c 2006-11-06 01:27:59.000000000 -0800 -+++ imlib2-1.2.1.new/src/modules/loaders/loader_tiff.c 2006-11-06 01:30:41.000000000 -0800 -@@ -75,7 +75,7 @@ - raster(TIFFRGBAImage_Extra * img, uint32 * rast, - uint32 x, uint32 y, uint32 w, uint32 h) - { -- uint32 image_width, image_height; -+ int image_width, image_height; - uint32 *pixel, pixel_value; - int i, j, dy, rast_offset; - DATA32 *buffer_pixel, *buffer = img->image->data; -@@ -192,8 +192,16 @@ - } - - rgba_image.image = im; -- im->w = width = rgba_image.rgba.width; -- im->h = height = rgba_image.rgba.height; -+ width = rgba_image.rgba.width; -+ height = rgba_image.rgba.height; -+ if (width < 1 || height < 1 || width >= 16384 || height >= 16384) -+ { -+ TIFFRGBAImageEnd((TIFFRGBAImage *) & rgba_image); -+ TIFFClose(tif); -+ return 0; -+ } -+ im->w = width; -+ im->h = height; - rgba_image.num_pixels = num_pixels = width * height; - if (rgba_image.rgba.alpha != EXTRASAMPLE_UNSPECIFIED) - SET_FLAG(im->flags, F_HAS_ALPHA); diff --git a/imlib2.spec b/imlib2.spec index 482da1a..f82697f 100644 --- a/imlib2.spec +++ b/imlib2.spec @@ -1,15 +1,15 @@ Summary: Image loading, saving, rendering, and manipulation library Name: imlib2 -Version: 1.3.0 -Release: 3%{?dist} +Version: 1.4.0 +Release: 1%{?dist} License: BSD Group: System Environment/Libraries URL: http://www.enlightenment.org/Libraries/Imlib2/ -Source0: http://download.sf.net/enlightenment/%{name}-%{version}.tar.gz +Source0: http://downloads.sourceforge.net/enlightenment/%{name}-%{version}.tar.gz Patch0: imlib2-1.2.1-X11-path.patch Patch1: imlib2-1.3.0-multilib.patch Patch2: imlib2-1.3.0-loader_overflows.patch -BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-buildroot +BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n) BuildRequires: libjpeg-devel libpng-devel libtiff-devel BuildRequires: giflib-devel freetype-devel >= 2.1.9-4 libtool bzip2-devel BuildRequires: libX11-devel libXext-devel libid3tag-devel pkgconfig @@ -116,6 +116,9 @@ rm -rf $RPM_BUILD_ROOT %changelog +* Sun May 27 2007 Hans de Goede 1.4.0-1 +- New upstream release 1.4.0 + * Thu Nov 9 2006 Hans de Goede 1.3.0-3 - Fix CVE-2006-4806, CVE-2006-4807, CVE-2006-4808, CVE-2006-4809, thanks to Ubuntu for the patch (bug 214676) diff --git a/sources b/sources index f800e05..bfc15e4 100644 --- a/sources +++ b/sources @@ -1 +1 @@ -00b724fc6d2dcfa3045bb6a554bb2c8a imlib2-1.3.0.tar.gz +69f7ee996c943142332b4c98597b095c imlib2-1.4.0.tar.gz