New upstream bugfix version

- Fix rhbz#1323062 - out of bound read in GIF loader - Fix rhbz#1323082 - divide by zero on 2x1 ellipse
2016-04-04 08:13:28 +02:00 · 2016-04-04 08:13:28 +02:00 · a47cd07598
parent c3a8e4475e
commit a47cd07598
5 changed files with 112 additions and 3 deletions
--- a/.gitignore
+++ b/.gitignore
@ -3,3 +3,4 @@ imlib2-1.4.3.tar.bz2
 /imlib2-1.4.5.tar.bz2
 /imlib2-1.4.6.tar.bz2
 /imlib2-1.4.7.tar.bz2
+/imlib2-1.4.8.tar.bz2
--- a/imlib2-1.4.8-fpeerr.patch
+++ b/imlib2-1.4.8-fpeerr.patch
@ -0,0 +1,74 @@
+diff -up imlib2-1.4.8/src/lib/ellipse.c.fpeerr imlib2-1.4.8/src/lib/ellipse.c
+--- imlib2-1.4.8/src/lib/ellipse.c.fpeerr	2016-04-01 14:27:45.364674483 +0200
+++ imlib2-1.4.8/src/lib/ellipse.c	2016-04-01 14:36:15.317319377 +0200
+@@ -54,6 +54,7 @@ __imlib_Ellipse_DrawToData(int xc, int y
+           {
+              prev_y = y;
+              dx -= a2;
+             if (dx == 0) break; /* FIXME likely incorrect */
+              ty++;
+              by--;
+              tp += dstw;
+@@ -106,6 +107,8 @@ __imlib_Ellipse_DrawToData(int xc, int y
+           {
+              prev_x = x;
+              dy += b2;
+             if (dy == 0) /*FIXME: likely incorrect */
+                 return;
+              lx--;
+              rx++;
+              tp--;
+@@ -185,6 +188,8 @@ __imlib_Ellipse_DrawToData_AA(int xc, in
+           {
+              prev_y = y;
+              dx -= a2;
+             if (dx == 0) /* FIXME: likely incorrect */
+                 break;
+              ty++;
+              by--;
+              tp += dstw;
+@@ -258,6 +263,8 @@ __imlib_Ellipse_DrawToData_AA(int xc, in
+           {
+              prev_x = x;
+              dy += b2;
+             if (dy == 0) /* FIXME: likely incorrect */
+                 return;
+              lx--;
+              rx++;
+              tp--;
+@@ -360,6 +367,8 @@ __imlib_Ellipse_FillToData(int xc, int y
+           {
+              prev_y = y;
+              dx -= a2;
+             if (dx == 0) /* FXIME: likely incorrect */
+                 return;
+              ty++;
+              by--;
+              tp += dstw;
+@@ -429,6 +438,8 @@ __imlib_Ellipse_FillToData(int xc, int y
+           {
+              prev_x = x;
+              dy += b2;
+             if (dy == 0) /* FIXME: likely incorrect */
+                 return;
+              lx--;
+              rx++;
+              tp--;
+@@ -517,6 +528,8 @@ __imlib_Ellipse_FillToData_AA(int xc, in
+           {
+              prev_y = y;
+              dx -= a2;
+             if (dx == 0)
+                 break;
+              ty++;
+              by--;
+              tp += dstw;
+@@ -590,6 +603,8 @@ __imlib_Ellipse_FillToData_AA(int xc, in
+           {
+              prev_x = x;
+              dy += b2;
+             if (dy == 0) /* FIXME: likely incorrect */
+                 return;
+              lx--;
+              rx++;
+              tp--;
--- a/imlib2-1.4.8-oob.patch
+++ b/imlib2-1.4.8-oob.patch
@ -0,0 +1,23 @@
+diff -up imlib2-1.4.8/src/modules/loaders/loader_gif.c.oob imlib2-1.4.8/src/modules/loaders/loader_gif.c
+--- imlib2-1.4.8/src/modules/loaders/loader_gif.c.oob	2016-04-01 15:29:53.021439759 +0200
+++ imlib2-1.4.8/src/modules/loaders/loader_gif.c	2016-04-01 15:33:25.597713611 +0200
+@@ -170,9 +170,16 @@ load(ImlibImage * im, ImlibProgressFunct
+                     }
+                   else
+                     {
+-                       r = cmap->Colors[rows[i][j]].Red;
+-                       g = cmap->Colors[rows[i][j]].Green;
+-                       b = cmap->Colors[rows[i][j]].Blue;
+                       if (rows[i][j] < cmap->ColorCount)
+                         {
+                           r = cmap->Colors[rows[i][j]].Red;
+                           g = cmap->Colors[rows[i][j]].Green;
+                           b = cmap->Colors[rows[i][j]].Blue;
+                         }
+                       else
+                         {
+                           r = g = b = 0;
+                         }
+                        *ptr++ = (0xff << 24) | (r << 16) | (g << 8) | b;
+                     }
+                   per += per_inc;
--- a/imlib2.spec
+++ b/imlib2.spec
@ -1,13 +1,17 @@
 Summary:        Image loading, saving, rendering, and manipulation library
 Name:           imlib2
-Version:        1.4.7
-Release:        2%{?dist}
+Version:        1.4.8
+Release:        1%{?dist}
 License:        Imlib2
 Group:          System Environment/Libraries
 URL:            http://docs.enlightenment.org/api/imlib2/html/
 Source0:        http://downloads.sourceforge.net/enlightenment/%{name}-%{version}.tar.bz2
 # Fedora specific multilib hack, upstream should switch to pkgconfig one day
 Patch0:         imlib2-1.4.7-multilib.patch
+# Fix #1323082: divide by zero on 2x1 ellipse
+Patch1:         imlib2-1.4.8-fpeerr.patch
+# Fix #1323062: out of bound read in GIF loader
+Patch2:         imlib2-1.4.8-oob.patch

 BuildRoot:      %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n)
 BuildRequires:  libjpeg-devel libpng-devel libtiff-devel
@ -58,6 +62,8 @@ conditions of the GPL version 2 (or at your option) any later version.
 %prep
 %setup -q
 %patch0 -p1 -b .multilib
+%patch1 -p1 -b .fperr
+%patch2 -p1 -b .oob

 %build
 asmopts="--disable-mmx --disable-amd64"
@ -123,6 +129,11 @@ rm -rf $RPM_BUILD_ROOT


 %changelog
+* Fri Apr 01 2016 Tomas Smetana <tsmetana@redhat.com> - 1.4.8-1
+- New upstream bugfix version
+- Fix rhbz#1323062 - out of bound read in GIF loader
+- Fix rhbz#1323082 - divide by zero on 2x1 ellipse
+
 * Thu Feb 04 2016 Fedora Release Engineering <releng@fedoraproject.org> - 1.4.7-2
 - Rebuilt for https://fedoraproject.org/wiki/Fedora_24_Mass_Rebuild

--- a/2
+++ b/2
@ -1 +1 @@
-f2f1418c376da6125453f90f2d58d938  imlib2-1.4.7.tar.bz2
+97cf1007b0339102974ce20c8f17c249  imlib2-1.4.8.tar.bz2