- new upstream version

- patch for CVE-2010-0991
2010-04-23 08:15:18 +00:00 · 2010-04-23 08:15:18 +00:00 · fa12c35f49
parent 7783636d99
commit fa12c35f49
5 changed files with 22 additions and 21 deletions
--- a/.cvsignore
+++ b/.cvsignore
@ -1 +1 @@
-imlib2-1.4.2.tar.bz2
+imlib2-1.4.3.tar.bz2
--- a/imlib2-1.4.2-cve-2008-5187
+++ b/imlib2-1.4.2-cve-2008-5187
@ -1,13 +0,0 @@
-diff -up imlib2-1.4.2/src/modules/loaders/loader_xpm.c.cve-2008-5187 imlib2-1.4.2/src/modules/loaders/loader_xpm.c
--- imlib2-1.4.2/src/modules/loaders/loader_xpm.c.cve-2008-5187	2008-11-23 11:10:05.000000000 +0100
-+++ imlib2-1.4.2/src/modules/loaders/loader_xpm.c	2008-11-23 11:10:38.000000000 +0100
-@@ -253,8 +253,8 @@ load(ImlibImage * im, ImlibProgressFunct
-                                  return 0;
-                               }
-                             ptr = im->data;
-                            end = ptr + (sizeof(DATA32) * w * h);
-                             pixels = w * h;
-+                            end = ptr + pixels;
-                          }
-                        else
-                          {
--- a/imlib2-1.4.3-cve-2010-0991.patch
+++ b/imlib2-1.4.3-cve-2010-0991.patch
@ -0,0 +1,11 @@
+diff -up imlib2-1.4.3/src/lib/image.h.cve-2010-0991 imlib2-1.4.3/src/lib/image.h
+--- imlib2-1.4.3/src/lib/image.h.cve-2010-0991	2010-04-23 10:06:04.000000000 +0200
+++ imlib2-1.4.3/src/lib/image.h	2010-04-23 10:06:25.000000000 +0200
+@@ -190,6 +190,6 @@ __hidden void              __imlib_SaveI
+ 
+ # define IMAGE_DIMENSIONS_OK(w, h) \
+    ( ((w) > 0) && ((h) > 0) && \
+-     ((unsigned long long)(w) * (unsigned long long)(w) <= (1ULL << 29) - 1) )
+     ((unsigned long long)(w) * (unsigned long long)(h) <= (1ULL << 29) - 1) )
+ 
+ #endif
--- a/imlib2.spec
+++ b/imlib2.spec
@ -1,14 +1,14 @@
 Summary:        Image loading, saving, rendering, and manipulation library
 Name:           imlib2
-Version:        1.4.2
-Release:        6%{?dist}
+Version:        1.4.3
+Release:        1%{?dist}
 License:        Imlib2
 Group:          System Environment/Libraries
 URL:            http://docs.enlightenment.org/api/imlib2/html/
 Source0:        http://downloads.sourceforge.net/enlightenment/%{name}-%{version}.tar.bz2
 # Fedora specific multilib hack, upstream should switch to pkgconfig one day
 Patch0:         imlib2-1.3.0-multilib.patch
-Patch1:         imlib2-1.4.2-cve-2008-5187
+Patch1:         imlib2-1.4.3-cve-2010-0991.patch
 BuildRoot:      %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n)
 BuildRequires:  libjpeg-devel libpng-devel libtiff-devel
 BuildRequires:  giflib-devel freetype-devel >= 2.1.9-4 libtool bzip2-devel
@ -58,8 +58,7 @@ conditions of the GPL version 2 (or at your option) any later version.
 %prep
 %setup -q
 %patch0 -p1 -b .multilib
-%patch1 -p1 -b .cve-2008-5187
-
+%patch1 -p1 -b .cve-2010-0991

 %build
 asmopts="--disable-mmx --disable-amd64"
@ -96,7 +95,7 @@ rm -rf $RPM_BUILD_ROOT

 %files
 %defattr(-,root,root,-)
-%doc COPYING AUTHORS README ChangeLog TODO
+%doc COPYING AUTHORS README TODO
 %{_libdir}/libImlib2.so.*
 %dir %{_libdir}/imlib2/
 %dir %{_libdir}/imlib2/filters/
@ -118,6 +117,10 @@ rm -rf $RPM_BUILD_ROOT


 %changelog
+* Fri Apr 23 2010 Tomas Smetana <tsmetana@redhat.com> - 1.4.3-1
+- new upstream version
+- patch for CVE-2010-0991
+
 * Mon Feb 01 2010 Tomas Smetana <tsmetana@redhat.com> - 1.4.2-6
 - fix #542607 - remove static libraries

--- a/2
+++ b/2
@ -1 +1 @@
-9f15568e76ebda9092c571e0df261f54  imlib2-1.4.2.tar.bz2
+cdac0d47eca6023e3e2a18584d3f6940  imlib2-1.4.3.tar.bz2