From da0047ad06dc2741b535716dd6fb0d6dab856e98 Mon Sep 17 00:00:00 2001
From: Paul Howarth <pghmcfc@fedoraproject.org>
Date: Dec 19 2007 10:31:38 +0000
Subject: - include patch to fix a DoS caused via a BMP image with a Bits Per Page

    (BPP) value of 0 (#426091, CVE-2007-3568); thanks to Peter Volkov at
    Gentoo for the heads-up
- remove URL tag; this legacy package has no active upstream source, and
    documentation for it is gradually disappearing from the Internet

---

diff --git a/imlib-1.9.15-bpp16-CVE-2007-3568.patch b/imlib-1.9.15-bpp16-CVE-2007-3568.patch
new file mode 100644
index 0000000..94595ff
--- /dev/null
+++ b/imlib-1.9.15-bpp16-CVE-2007-3568.patch
@@ -0,0 +1,11 @@
+--- Imlib/load.c.orig	2007-08-13 23:06:20.000000000 -0300
++++ Imlib/load.c	2007-08-13 23:06:51.000000000 -0300
+@@ -645,7 +645,7 @@
+   planes = (int)word;
+   fread(&word, 2, 1, file);
+   bpp = (int)word;
+-  if (bpp != 1 && bpp != 4 && bpp != 8 && bpp && 16 && bpp != 24 && bpp != 32)
++  if (bpp != 1 && bpp != 4 && bpp != 8 && bpp != 16 && bpp != 24 && bpp != 32)
+     {
+       fprintf(stderr, "IMLIB ERROR: unknown bitdepth in file\n");
+       return NULL;
diff --git a/imlib.spec b/imlib.spec
index f7df339..97b89e1 100644
--- a/imlib.spec
+++ b/imlib.spec
@@ -3,14 +3,14 @@
 Summary:	An image loading and rendering library for X11R6
 Name:		imlib
 Version:	1.9.15
-Release:	5%{?dist}
+Release:	6%{?dist}
 Epoch:		1
 License:	LGPLv2+
 Group:		System Environment/Libraries
-URL:		http://enlightenment.sourceforge.net/Libraries/Imlib/
 Source0:	http://ftp.gnome.org/pub/GNOME/sources/imlib/1.9/imlib-%{version}.tar.bz2
 Source2:	local-hack-gmodule.tar.gz
 Patch1:		imlib-1.9.13-sec2.patch
+Patch2:		imlib-1.9.15-bpp16-CVE-2007-3568.patch
 Patch3:		imlib-1.9.10-cppflags.patch
 Patch4:		imlib-1.9.15-gmodulehack.patch
 Patch6:		imlib-1.9.13-underquoted.patch
@@ -63,6 +63,7 @@ applications. You will also need to install the imlib package.
 %prep
 %setup -q
 %patch1 -p1 -b .sec2
+%patch2 -p0 -b .bpp16
 %patch3 -p1 -b .cppflags
 %patch4 -p1 -b .gmodulehack
 %patch6 -p1 -b .underquoted
@@ -150,6 +151,13 @@ GX_LIBS=$(/usr/bin/gtk-config --libs | %{__sed} -e 's/-lgtk //; s/-lgmodule //; 
 %{_mandir}/man1/imlib-config.1*
 
 %changelog
+* Tue Dec 18 2007 Paul Howarth <paul@city-fan.org> 1:1.9.15-6
+- include patch to fix a DoS caused via a BMP image with a Bits Per Page (BPP)
+  value of 0 (#426091, CVE-2007-3568); thanks to Peter Volkov at Gentoo for
+  the heads-up
+- remove URL tag; this legacy package has no active upstream source, and
+  documentation for it is gradually disappearing from the Internet
+
 * Wed Nov 28 2007 Adam Jackson <ajax@redhat.com> 1:1.9.15-5
 - imlib-1.9.15-check-for-shm-pixmaps.patch: MIT-SHM pixmaps are optional,
   so check that they exist before using them. (#357241)