From ec4fea080a9644ed20af64a85f30ce58b6405a4c Mon Sep 17 00:00:00 2001 From: Tomas Smetana Date: Nov 23 2008 10:58:35 +0000 Subject: - patch for CVE-2008-5187 --- diff --git a/imlib2-1.4.2-cve-2008-5187 b/imlib2-1.4.2-cve-2008-5187 new file mode 100644 index 0000000..7504f8d --- /dev/null +++ b/imlib2-1.4.2-cve-2008-5187 @@ -0,0 +1,13 @@ +diff -up imlib2-1.4.2/src/modules/loaders/loader_xpm.c.cve-2008-5187 imlib2-1.4.2/src/modules/loaders/loader_xpm.c +--- imlib2-1.4.2/src/modules/loaders/loader_xpm.c.cve-2008-5187 2008-11-23 11:10:05.000000000 +0100 ++++ imlib2-1.4.2/src/modules/loaders/loader_xpm.c 2008-11-23 11:10:38.000000000 +0100 +@@ -253,8 +253,8 @@ load(ImlibImage * im, ImlibProgressFunct + return 0; + } + ptr = im->data; +- end = ptr + (sizeof(DATA32) * w * h); + pixels = w * h; ++ end = ptr + pixels; + } + else + { diff --git a/imlib2.spec b/imlib2.spec index 40f916b..626e3ec 100644 --- a/imlib2.spec +++ b/imlib2.spec @@ -1,12 +1,13 @@ Summary: Image loading, saving, rendering, and manipulation library Name: imlib2 Version: 1.4.2 -Release: 1%{?dist} +Release: 2%{?dist} License: Imlib2 Group: System Environment/Libraries URL: http://docs.enlightenment.org/api/imlib2/html/ Source0: http://downloads.sourceforge.net/enlightenment/%{name}-%{version}.tar.bz2 Patch0: imlib2-1.3.0-multilib.patch +Patch1: imlib2-1.4.2-cve-2008-5187 BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n) BuildRequires: libjpeg-devel libpng-devel libtiff-devel BuildRequires: giflib-devel freetype-devel >= 2.1.9-4 libtool bzip2-devel @@ -56,6 +57,7 @@ conditions of the GPL version 2 (or at your option) any later version. %prep %setup -q %patch0 -p1 -b .multilib +%patch1 -p1 -b .cve-2008-5187 %build @@ -122,6 +124,9 @@ rm -rf $RPM_BUILD_ROOT %{_libdir}/imlib2/loaders/id3.* %changelog +* Sun Nov 23 2008 Tomas Smetana 1.4.2-2 +- patch for CVE-2008-5187 + * Thu Oct 23 2008 Tomas Smetana 1.4.2-1 - new upstream version