New upstream version
Fix rhbz#1834969 - CVE-2020-12761 integer overflow in ICO color maps handling
This commit is contained in:
parent
38191a5a06
commit
f564d4c27b
1
.gitignore
vendored
1
.gitignore
vendored
@ -6,3 +6,4 @@ imlib2-1.4.3.tar.bz2
|
||||
/imlib2-1.4.8.tar.bz2
|
||||
/imlib2-1.4.9.tar.bz2
|
||||
/imlib2-1.5.1.tar.bz2
|
||||
/imlib2-1.6.1.tar.bz2
|
||||
|
30
imlib2-1.6.1-ico-overflow.patch
Normal file
30
imlib2-1.6.1-ico-overflow.patch
Normal file
@ -0,0 +1,30 @@
|
||||
diff -up imlib2-1.6.1/src/modules/loaders/loader_ico.c.overflow imlib2-1.6.1/src/modules/loaders/loader_ico.c
|
||||
--- imlib2-1.6.1/src/modules/loaders/loader_ico.c.overflow 2020-05-21 09:42:21.592650197 +0200
|
||||
+++ imlib2-1.6.1/src/modules/loaders/loader_ico.c 2020-05-21 09:45:06.339214806 +0200
|
||||
@@ -8,6 +8,7 @@
|
||||
#include "loader_common.h"
|
||||
|
||||
#include <string.h>
|
||||
+#include <limits.h>
|
||||
|
||||
#define DEBUG 0
|
||||
#if DEBUG
|
||||
@@ -168,6 +169,8 @@ ico_read_icon(ico_t * ico, int ino)
|
||||
case 4:
|
||||
case 8:
|
||||
D("Allocating a %d slot colormap\n", ie->bih.colors);
|
||||
+ if (UINT_MAX / sizeof(DATA32) < ie->bih.colors)
|
||||
+ goto bail;
|
||||
size = ie->bih.colors * sizeof(DATA32);
|
||||
ie->cmap = malloc(size);
|
||||
nr = fread(ie->cmap, 1, size, ico->fp);
|
||||
@@ -183,6 +186,9 @@ ico_read_icon(ico_t * ico, int ino)
|
||||
}
|
||||
|
||||
size = ((ie->bih.bpp * ie->w + 31) / 32 * 4) * ie->h;
|
||||
+ if (!IMAGE_DIMENSIONS_OK(ie->w, ie->h) || ie->bih.bpp == 0 ||
|
||||
+ UINT_MAX / ie->bih.bpp < ie->w * ie->h)
|
||||
+ goto bail;
|
||||
ie->pxls = malloc(size);
|
||||
nr = fread(ie->pxls, 1, size, ico->fp);
|
||||
if (nr != size)
|
11
imlib2.spec
11
imlib2.spec
@ -1,12 +1,14 @@
|
||||
Summary: Image loading, saving, rendering, and manipulation library
|
||||
Name: imlib2
|
||||
Version: 1.5.1
|
||||
Release: 4%{?dist}
|
||||
Version: 1.6.1
|
||||
Release: 1%{?dist}
|
||||
License: Imlib2
|
||||
URL: http://docs.enlightenment.org/api/imlib2/html/
|
||||
Source0: http://downloads.sourceforge.net/enlightenment/%{name}-%{version}.tar.bz2
|
||||
# Fedora specific multilib hack, upstream should switch to pkgconfig one day
|
||||
Patch0: imlib2-1.4.7-multilib.patch
|
||||
# Fix for CVE-1834969, backport from upstream
|
||||
Patch1: imlib2-1.6.1-ico-overflow.patch
|
||||
|
||||
BuildRequires: libjpeg-devel
|
||||
BuildRequires: libpng-devel
|
||||
@ -65,6 +67,7 @@ conditions of the GPL version 2 (or at your option) any later version.
|
||||
%prep
|
||||
%setup -q
|
||||
%patch0 -p1 -b .multilib
|
||||
%patch1 -p1 -b .overflow
|
||||
|
||||
%build
|
||||
asmopts="--disable-mmx --disable-amd64"
|
||||
@ -124,6 +127,10 @@ find $RPM_BUILD_ROOT -name '*.la' -exec rm -f \{\} \;
|
||||
|
||||
|
||||
%changelog
|
||||
* Thu May 21 2020 Tomas Smetana <tsmetana@redhat.com> - 1.6.1-1
|
||||
- New upstream version
|
||||
- Fix rhbz#1834969 - CVE-2020-12761 integer overflow in ICO color maps handling
|
||||
|
||||
* Wed Jan 29 2020 Fedora Release Engineering <releng@fedoraproject.org> - 1.5.1-4
|
||||
- Rebuilt for https://fedoraproject.org/wiki/Fedora_32_Mass_Rebuild
|
||||
|
||||
|
2
sources
2
sources
@ -1 +1 @@
|
||||
SHA512 (imlib2-1.5.1.tar.bz2) = f9d971674887d4af067c6921e34b6fe598db0317052bc864b676c526b36373ce021d9d49cad95aa64dbbd8e74f1831ddf3ed105900e3df2b66a6b53f7f27c732
|
||||
SHA512 (imlib2-1.6.1.tar.bz2) = ecdbdbfe8767ec2b1f22ce664cbab5e1d3f75be7a3c8f37488f5243b3c31dbc433414b8d50d2d1b70c67a80e31e42cc5398161991ce3955e991c114c82ddd58f
|
||||
|
Loading…
Reference in New Issue
Block a user