- New upstream release 1.4.0
This commit is contained in:
parent
673055ca30
commit
75dc46bb12
@ -1 +1 @@
|
|||||||
imlib2-1.3.0.tar.gz
|
imlib2-1.4.0.tar.gz
|
||||||
|
@ -10,7 +10,7 @@ diff -Nur imlib2-1.2.1/src/modules/loaders/loader_argb.c imlib2-1.2.1.new/src/mo
|
|||||||
FILE *f;
|
FILE *f;
|
||||||
|
|
||||||
if (im->data)
|
if (im->data)
|
||||||
@@ -36,13 +36,15 @@
|
@@ -36,6 +36,8 @@
|
||||||
{
|
{
|
||||||
char buf[256], buf2[256];
|
char buf[256], buf2[256];
|
||||||
|
|
||||||
@ -19,14 +19,6 @@ diff -Nur imlib2-1.2.1/src/modules/loaders/loader_argb.c imlib2-1.2.1.new/src/mo
|
|||||||
if (!fgets(buf, 255, f))
|
if (!fgets(buf, 255, f))
|
||||||
{
|
{
|
||||||
fclose(f);
|
fclose(f);
|
||||||
return 0;
|
|
||||||
}
|
|
||||||
sscanf(buf, "%s %i %i %i", buf2, &w, &h, &alpha);
|
|
||||||
- if (strcmp(buf2, "ARGB"))
|
|
||||||
+ if (strcmp(buf2, "ARGB") || w < 1 || h < 1 || w > 16383 || h > 16383)
|
|
||||||
{
|
|
||||||
fclose(f);
|
|
||||||
return 0;
|
|
||||||
diff -Nur imlib2-1.2.1/src/modules/loaders/loader_jpeg.c imlib2-1.2.1.new/src/modules/loaders/loader_jpeg.c
|
diff -Nur imlib2-1.2.1/src/modules/loaders/loader_jpeg.c imlib2-1.2.1.new/src/modules/loaders/loader_jpeg.c
|
||||||
--- imlib2-1.2.1/src/modules/loaders/loader_jpeg.c 2006-11-06 01:27:59.000000000 -0800
|
--- imlib2-1.2.1/src/modules/loaders/loader_jpeg.c 2006-11-06 01:27:59.000000000 -0800
|
||||||
+++ imlib2-1.2.1.new/src/modules/loaders/loader_jpeg.c 2006-11-06 01:33:01.000000000 -0800
|
+++ imlib2-1.2.1.new/src/modules/loaders/loader_jpeg.c 2006-11-06 01:33:01.000000000 -0800
|
||||||
@ -44,15 +36,6 @@ diff -Nur imlib2-1.2.1/src/modules/loaders/loader_jpeg.c imlib2-1.2.1.new/src/mo
|
|||||||
diff -Nur imlib2-1.2.1/src/modules/loaders/loader_lbm.c imlib2-1.2.1.new/src/modules/loaders/loader_lbm.c
|
diff -Nur imlib2-1.2.1/src/modules/loaders/loader_lbm.c imlib2-1.2.1.new/src/modules/loaders/loader_lbm.c
|
||||||
--- imlib2-1.2.1/src/modules/loaders/loader_lbm.c 2006-11-06 01:27:59.000000000 -0800
|
--- imlib2-1.2.1/src/modules/loaders/loader_lbm.c 2006-11-06 01:27:59.000000000 -0800
|
||||||
+++ imlib2-1.2.1.new/src/modules/loaders/loader_lbm.c 2006-11-06 01:30:41.000000000 -0800
|
+++ imlib2-1.2.1.new/src/modules/loaders/loader_lbm.c 2006-11-06 01:30:41.000000000 -0800
|
||||||
@@ -421,7 +421,7 @@
|
|
||||||
|
|
||||||
im->w = L2RWORD(ilbm.bmhd.data);
|
|
||||||
im->h = L2RWORD(ilbm.bmhd.data + 2);
|
|
||||||
- if (im->w <= 0 || im->h <= 0) ok = 0;
|
|
||||||
+ if (im->w <= 0 || im->h <= 0 || im->w > 16383 || im->h > 16383) ok = 0;
|
|
||||||
|
|
||||||
ilbm.depth = ilbm.bmhd.data[8];
|
|
||||||
if (ilbm.depth < 1 || (ilbm.depth > 8 && ilbm.depth != 24 && ilbm.depth != 32)) ok = 0; /* Only 1 to 8, 24, or 32 planes. */
|
|
||||||
@@ -453,6 +453,7 @@
|
@@ -453,6 +453,7 @@
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
@ -87,23 +70,6 @@ diff -Nur imlib2-1.2.1/src/modules/loaders/loader_lbm.c imlib2-1.2.1.new/src/mod
|
|||||||
if (im->data) free(im->data);
|
if (im->data) free(im->data);
|
||||||
im->data = NULL;
|
im->data = NULL;
|
||||||
}
|
}
|
||||||
diff -Nur imlib2-1.2.1/src/modules/loaders/loader_png.c imlib2-1.2.1.new/src/modules/loaders/loader_png.c
|
|
||||||
--- imlib2-1.2.1/src/modules/loaders/loader_png.c 2006-11-06 01:27:59.000000000 -0800
|
|
||||||
+++ imlib2-1.2.1.new/src/modules/loaders/loader_png.c 2006-11-06 01:30:41.000000000 -0800
|
|
||||||
@@ -83,6 +83,13 @@
|
|
||||||
png_get_IHDR(png_ptr, info_ptr, (png_uint_32 *) (&w32),
|
|
||||||
(png_uint_32 *) (&h32), &bit_depth, &color_type,
|
|
||||||
&interlace_type, NULL, NULL);
|
|
||||||
+ if (w32 < 1 || h32 < 1 || w32 > 16383 || h32 > 16383)
|
|
||||||
+ {
|
|
||||||
+ png_read_end(png_ptr, info_ptr);
|
|
||||||
+ png_destroy_read_struct(&png_ptr, &info_ptr, (png_infopp) NULL);
|
|
||||||
+ fclose(f);
|
|
||||||
+ return 0;
|
|
||||||
+ }
|
|
||||||
im->w = (int)w32;
|
|
||||||
im->h = (int)h32;
|
|
||||||
if (color_type == PNG_COLOR_TYPE_PALETTE)
|
|
||||||
diff -Nur imlib2-1.2.1/src/modules/loaders/loader_pnm.c imlib2-1.2.1.new/src/modules/loaders/loader_pnm.c
|
diff -Nur imlib2-1.2.1/src/modules/loaders/loader_pnm.c imlib2-1.2.1.new/src/modules/loaders/loader_pnm.c
|
||||||
--- imlib2-1.2.1/src/modules/loaders/loader_pnm.c 2006-11-06 01:27:59.000000000 -0800
|
--- imlib2-1.2.1/src/modules/loaders/loader_pnm.c 2006-11-06 01:27:59.000000000 -0800
|
||||||
+++ imlib2-1.2.1.new/src/modules/loaders/loader_pnm.c 2006-11-06 01:30:41.000000000 -0800
|
+++ imlib2-1.2.1.new/src/modules/loaders/loader_pnm.c 2006-11-06 01:30:41.000000000 -0800
|
||||||
@ -119,24 +85,6 @@ diff -Nur imlib2-1.2.1/src/modules/loaders/loader_pnm.c imlib2-1.2.1.new/src/mod
|
|||||||
diff -Nur imlib2-1.2.1/src/modules/loaders/loader_tga.c imlib2-1.2.1.new/src/modules/loaders/loader_tga.c
|
diff -Nur imlib2-1.2.1/src/modules/loaders/loader_tga.c imlib2-1.2.1.new/src/modules/loaders/loader_tga.c
|
||||||
--- imlib2-1.2.1/src/modules/loaders/loader_tga.c 2006-11-06 01:27:59.000000000 -0800
|
--- imlib2-1.2.1/src/modules/loaders/loader_tga.c 2006-11-06 01:27:59.000000000 -0800
|
||||||
+++ imlib2-1.2.1.new/src/modules/loaders/loader_tga.c 2006-11-06 01:30:41.000000000 -0800
|
+++ imlib2-1.2.1.new/src/modules/loaders/loader_tga.c 2006-11-06 01:30:41.000000000 -0800
|
||||||
@@ -319,6 +319,7 @@
|
|
||||||
{
|
|
||||||
unsigned long datasize;
|
|
||||||
unsigned char *bufptr;
|
|
||||||
+ unsigned char *bufend;
|
|
||||||
DATA32 *dataptr;
|
|
||||||
|
|
||||||
int y, pl = 0;
|
|
||||||
@@ -348,6 +349,9 @@
|
|
||||||
/* bufptr is the next byte to be read from the buffer */
|
|
||||||
bufptr = filedata;
|
|
||||||
|
|
||||||
+ /* bufend is one past the last byte to be read from the buffer */
|
|
||||||
+ bufend = filedata + datasize;
|
|
||||||
+
|
|
||||||
/* dataptr is the next 32-bit pixel to be filled in */
|
|
||||||
dataptr = im->data;
|
|
||||||
|
|
||||||
@@ -365,7 +369,9 @@
|
@@ -365,7 +369,9 @@
|
||||||
else
|
else
|
||||||
dataptr = im->data + (y * im->w);
|
dataptr = im->data + (y * im->w);
|
||||||
@ -148,81 +96,3 @@ diff -Nur imlib2-1.2.1/src/modules/loaders/loader_tga.c imlib2-1.2.1.new/src/mod
|
|||||||
{
|
{
|
||||||
switch (bpp)
|
switch (bpp)
|
||||||
{
|
{
|
||||||
@@ -422,8 +428,8 @@
|
|
||||||
unsigned char curbyte, red, green, blue, alpha;
|
|
||||||
DATA32 *final_pixel = dataptr + im->w * im->h;
|
|
||||||
|
|
||||||
- /* loop until we've got all the pixels */
|
|
||||||
- while (dataptr < final_pixel)
|
|
||||||
+ /* loop until we've got all the pixels or run out of input */
|
|
||||||
+ while (dataptr < final_pixel && bufptr+1+bpp/8 < bufend)
|
|
||||||
{
|
|
||||||
int count;
|
|
||||||
|
|
||||||
@@ -441,7 +447,7 @@
|
|
||||||
green = *bufptr++;
|
|
||||||
red = *bufptr++;
|
|
||||||
alpha = *bufptr++;
|
|
||||||
- for (i = 0; i < count; i++)
|
|
||||||
+ for (i = 0; i < count && dataptr < final_pixel; i++)
|
|
||||||
{
|
|
||||||
WRITE_RGBA(dataptr, red, green, blue, alpha);
|
|
||||||
dataptr++;
|
|
||||||
@@ -452,7 +458,7 @@
|
|
||||||
blue = *bufptr++;
|
|
||||||
green = *bufptr++;
|
|
||||||
red = *bufptr++;
|
|
||||||
- for (i = 0; i < count; i++)
|
|
||||||
+ for (i = 0; i < count && dataptr < final_pixel; i++)
|
|
||||||
{
|
|
||||||
WRITE_RGBA(dataptr, red, green, blue,
|
|
||||||
(char)0xff);
|
|
||||||
@@ -462,7 +468,7 @@
|
|
||||||
|
|
||||||
case 8:
|
|
||||||
alpha = *bufptr++;
|
|
||||||
- for (i = 0; i < count; i++)
|
|
||||||
+ for (i = 0; i < count && dataptr < final_pixel; i++)
|
|
||||||
{
|
|
||||||
WRITE_RGBA(dataptr, alpha, alpha, alpha,
|
|
||||||
(char)0xff);
|
|
||||||
@@ -477,7 +483,7 @@
|
|
||||||
{
|
|
||||||
int i;
|
|
||||||
|
|
||||||
- for (i = 0; i < count; i++)
|
|
||||||
+ for (i = 0; i < count && dataptr < final_pixel; i++)
|
|
||||||
{
|
|
||||||
switch (bpp)
|
|
||||||
{
|
|
||||||
diff -Nur imlib2-1.2.1/src/modules/loaders/loader_tiff.c imlib2-1.2.1.new/src/modules/loaders/loader_tiff.c
|
|
||||||
--- imlib2-1.2.1/src/modules/loaders/loader_tiff.c 2006-11-06 01:27:59.000000000 -0800
|
|
||||||
+++ imlib2-1.2.1.new/src/modules/loaders/loader_tiff.c 2006-11-06 01:30:41.000000000 -0800
|
|
||||||
@@ -75,7 +75,7 @@
|
|
||||||
raster(TIFFRGBAImage_Extra * img, uint32 * rast,
|
|
||||||
uint32 x, uint32 y, uint32 w, uint32 h)
|
|
||||||
{
|
|
||||||
- uint32 image_width, image_height;
|
|
||||||
+ int image_width, image_height;
|
|
||||||
uint32 *pixel, pixel_value;
|
|
||||||
int i, j, dy, rast_offset;
|
|
||||||
DATA32 *buffer_pixel, *buffer = img->image->data;
|
|
||||||
@@ -192,8 +192,16 @@
|
|
||||||
}
|
|
||||||
|
|
||||||
rgba_image.image = im;
|
|
||||||
- im->w = width = rgba_image.rgba.width;
|
|
||||||
- im->h = height = rgba_image.rgba.height;
|
|
||||||
+ width = rgba_image.rgba.width;
|
|
||||||
+ height = rgba_image.rgba.height;
|
|
||||||
+ if (width < 1 || height < 1 || width >= 16384 || height >= 16384)
|
|
||||||
+ {
|
|
||||||
+ TIFFRGBAImageEnd((TIFFRGBAImage *) & rgba_image);
|
|
||||||
+ TIFFClose(tif);
|
|
||||||
+ return 0;
|
|
||||||
+ }
|
|
||||||
+ im->w = width;
|
|
||||||
+ im->h = height;
|
|
||||||
rgba_image.num_pixels = num_pixels = width * height;
|
|
||||||
if (rgba_image.rgba.alpha != EXTRASAMPLE_UNSPECIFIED)
|
|
||||||
SET_FLAG(im->flags, F_HAS_ALPHA);
|
|
||||||
|
11
imlib2.spec
11
imlib2.spec
@ -1,15 +1,15 @@
|
|||||||
Summary: Image loading, saving, rendering, and manipulation library
|
Summary: Image loading, saving, rendering, and manipulation library
|
||||||
Name: imlib2
|
Name: imlib2
|
||||||
Version: 1.3.0
|
Version: 1.4.0
|
||||||
Release: 3%{?dist}
|
Release: 1%{?dist}
|
||||||
License: BSD
|
License: BSD
|
||||||
Group: System Environment/Libraries
|
Group: System Environment/Libraries
|
||||||
URL: http://www.enlightenment.org/Libraries/Imlib2/
|
URL: http://www.enlightenment.org/Libraries/Imlib2/
|
||||||
Source0: http://download.sf.net/enlightenment/%{name}-%{version}.tar.gz
|
Source0: http://downloads.sourceforge.net/enlightenment/%{name}-%{version}.tar.gz
|
||||||
Patch0: imlib2-1.2.1-X11-path.patch
|
Patch0: imlib2-1.2.1-X11-path.patch
|
||||||
Patch1: imlib2-1.3.0-multilib.patch
|
Patch1: imlib2-1.3.0-multilib.patch
|
||||||
Patch2: imlib2-1.3.0-loader_overflows.patch
|
Patch2: imlib2-1.3.0-loader_overflows.patch
|
||||||
BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-buildroot
|
BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n)
|
||||||
BuildRequires: libjpeg-devel libpng-devel libtiff-devel
|
BuildRequires: libjpeg-devel libpng-devel libtiff-devel
|
||||||
BuildRequires: giflib-devel freetype-devel >= 2.1.9-4 libtool bzip2-devel
|
BuildRequires: giflib-devel freetype-devel >= 2.1.9-4 libtool bzip2-devel
|
||||||
BuildRequires: libX11-devel libXext-devel libid3tag-devel pkgconfig
|
BuildRequires: libX11-devel libXext-devel libid3tag-devel pkgconfig
|
||||||
@ -116,6 +116,9 @@ rm -rf $RPM_BUILD_ROOT
|
|||||||
|
|
||||||
|
|
||||||
%changelog
|
%changelog
|
||||||
|
* Sun May 27 2007 Hans de Goede <j.w.r.degoede@hhs.nl> 1.4.0-1
|
||||||
|
- New upstream release 1.4.0
|
||||||
|
|
||||||
* Thu Nov 9 2006 Hans de Goede <j.w.r.degoede@hhs.nl> 1.3.0-3
|
* Thu Nov 9 2006 Hans de Goede <j.w.r.degoede@hhs.nl> 1.3.0-3
|
||||||
- Fix CVE-2006-4806, CVE-2006-4807, CVE-2006-4808, CVE-2006-4809, thanks to
|
- Fix CVE-2006-4806, CVE-2006-4807, CVE-2006-4808, CVE-2006-4809, thanks to
|
||||||
Ubuntu for the patch (bug 214676)
|
Ubuntu for the patch (bug 214676)
|
||||||
|
Loading…
Reference in New Issue
Block a user