rpms
/
imlib2
2
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

New upstream version 

Fix rhbz#2015742 - Compile with WebP support
This commit is contained in:
Tomas Smetana 2021-10-20 17:06:10 +02:00
parent 282cdc03eb
commit ec1f88c52e
4 changed files with 9 additions and 36 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
.gitignore vendored
View File

@ -7,3 +7,4 @@ imlib2-1.4.3.tar.bz2
/imlib2-1.4.9.tar.bz2
/imlib2-1.5.1.tar.bz2
/imlib2-1.6.1.tar.bz2
/imlib2-1.7.4.tar.bz2

30
imlib2-1.6.1-ico-overflow.patch
View File

@ -1,30 +0,0 @@
diff -up imlib2-1.6.1/src/modules/loaders/loader_ico.c.overflow imlib2-1.6.1/src/modules/loaders/loader_ico.c
--- imlib2-1.6.1/src/modules/loaders/loader_ico.c.overflow 2020-05-21 09:42:21.592650197 +0200
+++ imlib2-1.6.1/src/modules/loaders/loader_ico.c 2020-05-21 09:45:06.339214806 +0200
@@ -8,6 +8,7 @@
#include "loader_common.h"
#include <string.h>
+#include <limits.h>
#define DEBUG 0
#if DEBUG
@@ -168,6 +169,8 @@ ico_read_icon(ico_t * ico, int ino)
case 4:
case 8:
D("Allocating a %d slot colormap\n", ie->bih.colors);
+ if (UINT_MAX / sizeof(DATA32) < ie->bih.colors)
+ goto bail;
size = ie->bih.colors * sizeof(DATA32);
ie->cmap = malloc(size);
nr = fread(ie->cmap, 1, size, ico->fp);
@@ -183,6 +186,9 @@ ico_read_icon(ico_t * ico, int ino)
}
size = ((ie->bih.bpp * ie->w + 31) / 32 * 4) * ie->h;
+ if (!IMAGE_DIMENSIONS_OK(ie->w, ie->h) || ie->bih.bpp == 0 ||
+ UINT_MAX / ie->bih.bpp < ie->w * ie->h)
+ goto bail;
ie->pxls = malloc(size);
nr = fread(ie->pxls, 1, size, ico->fp);
if (nr != size)

12
imlib2.spec
View File

@ -1,14 +1,12 @@
Summary: Image loading, saving, rendering, and manipulation library
Name: imlib2
Version: 1.6.1
Release: 4%{?dist}
Version: 1.7.4
Release: 1%{?dist}
License: Imlib2
URL: http://docs.enlightenment.org/api/imlib2/html/
Source0: http://downloads.sourceforge.net/enlightenment/%{name}-%{version}.tar.bz2
# Fedora specific multilib hack, upstream should switch to pkgconfig one day
Patch0: imlib2-1.4.7-multilib.patch
# Fix for CVE-1834969, backport from upstream
Patch1: imlib2-1.6.1-ico-overflow.patch
BuildRequires: libjpeg-devel
BuildRequires: libpng-devel
@ -20,6 +18,7 @@ BuildRequires: bzip2-devel
BuildRequires: libX11-devel
BuildRequires: libXext-devel
BuildRequires: libid3tag-devel
BuildRequires: libwebp-devel
BuildRequires: pkgconfig
BuildRequires: make
@ -68,7 +67,6 @@ conditions of the GPL version 2 (or at your option) any later version.
%prep
%setup -q
%patch0 -p1 -b .multilib
%patch1 -p1 -b .overflow
%build
asmopts="--disable-mmx --disable-amd64"
@ -128,6 +126,10 @@ find $RPM_BUILD_ROOT -name '*.la' -exec rm -f \{\} \;
%changelog
* Wed Oct 20 2021 Tomas Smetana <tsmetana@redhat.com> - 1.7.4-1
- New upstream version
- Fix rhbz#2015742 - Compile with WebP support
* Thu Jul 22 2021 Fedora Release Engineering <releng@fedoraproject.org> - 1.6.1-4
- Rebuilt for https://fedoraproject.org/wiki/Fedora_35_Mass_Rebuild

2
sources
View File

@ -1 +1 @@
SHA512 (imlib2-1.6.1.tar.bz2) = ecdbdbfe8767ec2b1f22ce664cbab5e1d3f75be7a3c8f37488f5243b3c31dbc433414b8d50d2d1b70c67a80e31e42cc5398161991ce3955e991c114c82ddd58f
SHA512 (imlib2-1.7.4.tar.bz2) = 54c213de38535f14359d9e407b9ae5911a158347525a298673ba53d122c3e506449feb34203e764e43d5aa163f3024093803cd976a23c0f0f65b843ed9685d66