rpms/imlib2/devel .cvsignore, 1.6, 1.7 imlib2-1.3.0-loader_overflows.patch, 1.1, 1.2 imlib2.spec, 1.25, 1.26 sources, 1.7, 1.8
Hans de Goede (jwrdegoede)
fedora-extras-commits at redhat.com
Sun May 27 20:34:51 UTC 2007
Author: jwrdegoede
Update of /cvs/extras/rpms/imlib2/devel
In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv32549
Modified Files:
.cvsignore imlib2-1.3.0-loader_overflows.patch imlib2.spec
sources
Log Message:
* Sun May 27 2007 Hans de Goede <j.w.r.degoede at hhs.nl> 1.4.0-1
- New upstream release 1.4.0
Index: .cvsignore
===================================================================
RCS file: /cvs/extras/rpms/imlib2/devel/.cvsignore,v
retrieving revision 1.6
retrieving revision 1.7
diff -u -r1.6 -r1.7
--- .cvsignore 24 Oct 2006 20:25:51 -0000 1.6
+++ .cvsignore 27 May 2007 20:34:16 -0000 1.7
@@ -1 +1 @@
-imlib2-1.3.0.tar.gz
+imlib2-1.4.0.tar.gz
imlib2-1.3.0-loader_overflows.patch:
Index: imlib2-1.3.0-loader_overflows.patch
===================================================================
RCS file: /cvs/extras/rpms/imlib2/devel/imlib2-1.3.0-loader_overflows.patch,v
retrieving revision 1.1
retrieving revision 1.2
diff -u -r1.1 -r1.2
--- imlib2-1.3.0-loader_overflows.patch 9 Nov 2006 09:48:17 -0000 1.1
+++ imlib2-1.3.0-loader_overflows.patch 27 May 2007 20:34:16 -0000 1.2
@@ -10,7 +10,7 @@
FILE *f;
if (im->data)
-@@ -36,13 +36,15 @@
+@@ -36,6 +36,8 @@
{
char buf[256], buf2[256];
@@ -19,14 +19,6 @@
if (!fgets(buf, 255, f))
{
fclose(f);
- return 0;
- }
- sscanf(buf, "%s %i %i %i", buf2, &w, &h, &alpha);
-- if (strcmp(buf2, "ARGB"))
-+ if (strcmp(buf2, "ARGB") || w < 1 || h < 1 || w > 16383 || h > 16383)
- {
- fclose(f);
- return 0;
diff -Nur imlib2-1.2.1/src/modules/loaders/loader_jpeg.c imlib2-1.2.1.new/src/modules/loaders/loader_jpeg.c
--- imlib2-1.2.1/src/modules/loaders/loader_jpeg.c 2006-11-06 01:27:59.000000000 -0800
+++ imlib2-1.2.1.new/src/modules/loaders/loader_jpeg.c 2006-11-06 01:33:01.000000000 -0800
@@ -44,15 +36,6 @@
diff -Nur imlib2-1.2.1/src/modules/loaders/loader_lbm.c imlib2-1.2.1.new/src/modules/loaders/loader_lbm.c
--- imlib2-1.2.1/src/modules/loaders/loader_lbm.c 2006-11-06 01:27:59.000000000 -0800
+++ imlib2-1.2.1.new/src/modules/loaders/loader_lbm.c 2006-11-06 01:30:41.000000000 -0800
-@@ -421,7 +421,7 @@
-
- im->w = L2RWORD(ilbm.bmhd.data);
- im->h = L2RWORD(ilbm.bmhd.data + 2);
-- if (im->w <= 0 || im->h <= 0) ok = 0;
-+ if (im->w <= 0 || im->h <= 0 || im->w > 16383 || im->h > 16383) ok = 0;
-
- ilbm.depth = ilbm.bmhd.data[8];
- if (ilbm.depth < 1 || (ilbm.depth > 8 && ilbm.depth != 24 && ilbm.depth != 32)) ok = 0; /* Only 1 to 8, 24, or 32 planes. */
@@ -453,6 +453,7 @@
}
}
@@ -87,23 +70,6 @@
if (im->data) free(im->data);
im->data = NULL;
}
-diff -Nur imlib2-1.2.1/src/modules/loaders/loader_png.c imlib2-1.2.1.new/src/modules/loaders/loader_png.c
---- imlib2-1.2.1/src/modules/loaders/loader_png.c 2006-11-06 01:27:59.000000000 -0800
-+++ imlib2-1.2.1.new/src/modules/loaders/loader_png.c 2006-11-06 01:30:41.000000000 -0800
-@@ -83,6 +83,13 @@
- png_get_IHDR(png_ptr, info_ptr, (png_uint_32 *) (&w32),
- (png_uint_32 *) (&h32), &bit_depth, &color_type,
- &interlace_type, NULL, NULL);
-+ if (w32 < 1 || h32 < 1 || w32 > 16383 || h32 > 16383)
-+ {
-+ png_read_end(png_ptr, info_ptr);
-+ png_destroy_read_struct(&png_ptr, &info_ptr, (png_infopp) NULL);
-+ fclose(f);
-+ return 0;
-+ }
- im->w = (int)w32;
- im->h = (int)h32;
- if (color_type == PNG_COLOR_TYPE_PALETTE)
diff -Nur imlib2-1.2.1/src/modules/loaders/loader_pnm.c imlib2-1.2.1.new/src/modules/loaders/loader_pnm.c
--- imlib2-1.2.1/src/modules/loaders/loader_pnm.c 2006-11-06 01:27:59.000000000 -0800
+++ imlib2-1.2.1.new/src/modules/loaders/loader_pnm.c 2006-11-06 01:30:41.000000000 -0800
@@ -119,24 +85,6 @@
diff -Nur imlib2-1.2.1/src/modules/loaders/loader_tga.c imlib2-1.2.1.new/src/modules/loaders/loader_tga.c
--- imlib2-1.2.1/src/modules/loaders/loader_tga.c 2006-11-06 01:27:59.000000000 -0800
+++ imlib2-1.2.1.new/src/modules/loaders/loader_tga.c 2006-11-06 01:30:41.000000000 -0800
-@@ -319,6 +319,7 @@
- {
- unsigned long datasize;
- unsigned char *bufptr;
-+ unsigned char *bufend;
- DATA32 *dataptr;
-
- int y, pl = 0;
-@@ -348,6 +349,9 @@
- /* bufptr is the next byte to be read from the buffer */
- bufptr = filedata;
-
-+ /* bufend is one past the last byte to be read from the buffer */
-+ bufend = filedata + datasize;
-+
- /* dataptr is the next 32-bit pixel to be filled in */
- dataptr = im->data;
-
@@ -365,7 +369,9 @@
else
dataptr = im->data + (y * im->w);
@@ -148,81 +96,3 @@
{
switch (bpp)
{
-@@ -422,8 +428,8 @@
- unsigned char curbyte, red, green, blue, alpha;
- DATA32 *final_pixel = dataptr + im->w * im->h;
-
-- /* loop until we've got all the pixels */
-- while (dataptr < final_pixel)
-+ /* loop until we've got all the pixels or run out of input */
-+ while (dataptr < final_pixel && bufptr+1+bpp/8 < bufend)
- {
- int count;
-
-@@ -441,7 +447,7 @@
- green = *bufptr++;
- red = *bufptr++;
- alpha = *bufptr++;
-- for (i = 0; i < count; i++)
-+ for (i = 0; i < count && dataptr < final_pixel; i++)
- {
- WRITE_RGBA(dataptr, red, green, blue, alpha);
- dataptr++;
-@@ -452,7 +458,7 @@
- blue = *bufptr++;
- green = *bufptr++;
- red = *bufptr++;
-- for (i = 0; i < count; i++)
-+ for (i = 0; i < count && dataptr < final_pixel; i++)
- {
- WRITE_RGBA(dataptr, red, green, blue,
- (char)0xff);
-@@ -462,7 +468,7 @@
-
- case 8:
- alpha = *bufptr++;
-- for (i = 0; i < count; i++)
-+ for (i = 0; i < count && dataptr < final_pixel; i++)
- {
- WRITE_RGBA(dataptr, alpha, alpha, alpha,
- (char)0xff);
-@@ -477,7 +483,7 @@
- {
- int i;
-
-- for (i = 0; i < count; i++)
-+ for (i = 0; i < count && dataptr < final_pixel; i++)
- {
- switch (bpp)
- {
-diff -Nur imlib2-1.2.1/src/modules/loaders/loader_tiff.c imlib2-1.2.1.new/src/modules/loaders/loader_tiff.c
---- imlib2-1.2.1/src/modules/loaders/loader_tiff.c 2006-11-06 01:27:59.000000000 -0800
-+++ imlib2-1.2.1.new/src/modules/loaders/loader_tiff.c 2006-11-06 01:30:41.000000000 -0800
-@@ -75,7 +75,7 @@
- raster(TIFFRGBAImage_Extra * img, uint32 * rast,
- uint32 x, uint32 y, uint32 w, uint32 h)
- {
-- uint32 image_width, image_height;
-+ int image_width, image_height;
- uint32 *pixel, pixel_value;
- int i, j, dy, rast_offset;
- DATA32 *buffer_pixel, *buffer = img->image->data;
-@@ -192,8 +192,16 @@
- }
-
- rgba_image.image = im;
-- im->w = width = rgba_image.rgba.width;
-- im->h = height = rgba_image.rgba.height;
-+ width = rgba_image.rgba.width;
-+ height = rgba_image.rgba.height;
-+ if (width < 1 || height < 1 || width >= 16384 || height >= 16384)
-+ {
-+ TIFFRGBAImageEnd((TIFFRGBAImage *) & rgba_image);
-+ TIFFClose(tif);
-+ return 0;
-+ }
-+ im->w = width;
-+ im->h = height;
- rgba_image.num_pixels = num_pixels = width * height;
- if (rgba_image.rgba.alpha != EXTRASAMPLE_UNSPECIFIED)
- SET_FLAG(im->flags, F_HAS_ALPHA);
Index: imlib2.spec
===================================================================
RCS file: /cvs/extras/rpms/imlib2/devel/imlib2.spec,v
retrieving revision 1.25
retrieving revision 1.26
diff -u -r1.25 -r1.26
--- imlib2.spec 9 Nov 2006 09:48:17 -0000 1.25
+++ imlib2.spec 27 May 2007 20:34:16 -0000 1.26
@@ -1,15 +1,15 @@
Summary: Image loading, saving, rendering, and manipulation library
Name: imlib2
-Version: 1.3.0
-Release: 3%{?dist}
+Version: 1.4.0
+Release: 1%{?dist}
License: BSD
Group: System Environment/Libraries
URL: http://www.enlightenment.org/Libraries/Imlib2/
-Source0: http://download.sf.net/enlightenment/%{name}-%{version}.tar.gz
+Source0: http://downloads.sourceforge.net/enlightenment/%{name}-%{version}.tar.gz
Patch0: imlib2-1.2.1-X11-path.patch
Patch1: imlib2-1.3.0-multilib.patch
Patch2: imlib2-1.3.0-loader_overflows.patch
-BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-buildroot
+BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n)
BuildRequires: libjpeg-devel libpng-devel libtiff-devel
BuildRequires: giflib-devel freetype-devel >= 2.1.9-4 libtool bzip2-devel
BuildRequires: libX11-devel libXext-devel libid3tag-devel pkgconfig
@@ -116,6 +116,9 @@
%changelog
+* Sun May 27 2007 Hans de Goede <j.w.r.degoede at hhs.nl> 1.4.0-1
+- New upstream release 1.4.0
+
* Thu Nov 9 2006 Hans de Goede <j.w.r.degoede at hhs.nl> 1.3.0-3
- Fix CVE-2006-4806, CVE-2006-4807, CVE-2006-4808, CVE-2006-4809, thanks to
Ubuntu for the patch (bug 214676)
Index: sources
===================================================================
RCS file: /cvs/extras/rpms/imlib2/devel/sources,v
retrieving revision 1.7
retrieving revision 1.8
diff -u -r1.7 -r1.8
--- sources 24 Oct 2006 20:25:51 -0000 1.7
+++ sources 27 May 2007 20:34:16 -0000 1.8
@@ -1 +1 @@
-00b724fc6d2dcfa3045bb6a554bb2c8a imlib2-1.3.0.tar.gz
+69f7ee996c943142332b4c98597b095c imlib2-1.4.0.tar.gz
More information about the fedora-extras-commits
mailing list