rpms/imlib/EL-5 imlib-1.9.15-bpp16-CVE-2007-3568.patch, NONE, 1.1 imlib-1.9.15-check-for-shm-pixmaps.patch, NONE, 1.1 imlib.spec, 1.5, 1.6
Paul Howarth (pghmcfc)
fedora-extras-commits at redhat.com
Wed Dec 19 17:54:00 UTC 2007
- Previous message (by thread): rpms/perl-Image-Info/devel .cvsignore, 1.10, 1.11 perl-Image-Info.spec, 1.18, 1.19 sources, 1.10, 1.11
- Next message (by thread): rpms/policycoreutils/devel .cvsignore, 1.167, 1.168 policycoreutils-rhat.patch, 1.337, 1.338 policycoreutils-sepolgen.patch, 1.5, 1.6 policycoreutils.spec, 1.485, 1.486 sources, 1.172, 1.173
- Messages sorted by:
[ date ]
[ thread ]
[ subject ]
[ author ]
Author: pghmcfc
Update of /cvs/pkgs/rpms/imlib/EL-5
In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv14816
Modified Files:
imlib.spec
Added Files:
imlib-1.9.15-bpp16-CVE-2007-3568.patch
imlib-1.9.15-check-for-shm-pixmaps.patch
Log Message:
- include patch to fix a DoS caused via a BMP image with a Bits Per Page (BPP)
value of 0 (#426091, CVE-2007-3568); thanks to Peter Volkov at Gentoo for
the heads-up
- remove URL tag; this legacy package has no active upstream source, and
documentation for it is gradually disappearing from the Internet
- imlib-1.9.15-check-for-shm-pixmaps.patch: MIT-SHM pixmaps are optional,
so check that they exist before using them. (#357241)
imlib-1.9.15-bpp16-CVE-2007-3568.patch:
--- NEW FILE imlib-1.9.15-bpp16-CVE-2007-3568.patch ---
--- Imlib/load.c.orig 2007-08-13 23:06:20.000000000 -0300
+++ Imlib/load.c 2007-08-13 23:06:51.000000000 -0300
@@ -645,7 +645,7 @@
planes = (int)word;
fread(&word, 2, 1, file);
bpp = (int)word;
- if (bpp != 1 && bpp != 4 && bpp != 8 && bpp && 16 && bpp != 24 && bpp != 32)
+ if (bpp != 1 && bpp != 4 && bpp != 8 && bpp != 16 && bpp != 24 && bpp != 32)
{
fprintf(stderr, "IMLIB ERROR: unknown bitdepth in file\n");
return NULL;
imlib-1.9.15-check-for-shm-pixmaps.patch:
--- NEW FILE imlib-1.9.15-check-for-shm-pixmaps.patch ---
diff -up -ru imlib-1.9.15.orig/gdk_imlib/misc.c imlib-1.9.15/gdk_imlib/misc.c
--- imlib-1.9.15.orig/gdk_imlib/misc.c 2002-03-04 18:06:32.000000000 +0100
+++ imlib-1.9.15/gdk_imlib/misc.c 2007-10-28 14:00:04.000000000 +0100
@@ -674,6 +674,10 @@ gdk_imlib_init_params(GdkImlibInitParams
visual = gdk_rgb_get_visual();
id->x.visual = GDK_VISUAL_XVISUAL(visual); /* the visual type */
id->x.depth = visual->depth; /* the depth of the screen in bpp */
+
+ id->x.shm = 0;
+ id->x.shmp = 0;
+ id->max_shm = 0;
#ifdef HAVE_SHM
if (XShmQueryExtension(id->x.disp))
{
@@ -689,17 +693,14 @@ gdk_imlib_init_params(GdkImlibInitParams
id->x.last_xim = NULL;
id->x.last_sxim = NULL;
id->max_shm = 0x7fffffff;
- if (XShmPixmapFormat(id->x.disp) == ZPixmap)
+ if ((XShmPixmapFormat(id->x.disp) == ZPixmap) &&
+ (pm == True))
id->x.shmp = 1;
}
}
}
- else
#endif
- {
- id->x.shm = 0;
- id->x.shmp = 0;
- }
+
id->cache.on_image = 0;
id->cache.size_image = 0;
id->cache.num_image = 0;
@@ -935,8 +936,8 @@ gdk_imlib_init_params(GdkImlibInitParams
}
if (p->flags & PARAMS_SHAREDPIXMAPS)
{
- if (id->x.shm)
- id->x.shmp = p->sharedpixmaps;
+ if (!p->sharedpixmaps)
+ id->x.shmp = 0;
}
if (p->flags & PARAMS_PALETTEOVERRIDE)
override = p->paletteoverride;
diff -up -ru imlib-1.9.15.orig/Imlib/misc.c imlib-1.9.15/Imlib/misc.c
--- imlib-1.9.15.orig/Imlib/misc.c 2004-09-21 02:22:59.000000000 +0200
+++ imlib-1.9.15/Imlib/misc.c 2007-10-28 14:00:23.000000000 +0100
@@ -675,6 +675,10 @@ Imlib_init_with_params(Display * disp, I
id->x.root = DefaultRootWindow(disp); /* the root window id */
id->x.visual = DefaultVisual(disp, id->x.screen); /* the visual type */
id->x.depth = DefaultDepth(disp, id->x.screen); /* the depth of the screen in bpp */
+
+ id->x.shm = 0;
+ id->x.shmp = 0;
+ id->max_shm = 0;
#ifdef HAVE_SHM
if (XShmQueryExtension(id->x.disp))
{
@@ -690,17 +694,14 @@ Imlib_init_with_params(Display * disp, I
id->x.last_xim = NULL;
id->x.last_sxim = NULL;
id->max_shm = 0x7fffffff;
- if (XShmPixmapFormat(id->x.disp) == ZPixmap)
+ if ((XShmPixmapFormat(id->x.disp) == ZPixmap &&
+ (pm == True)))
id->x.shmp = 1;
}
}
}
- else
#endif
- {
- id->x.shm = 0;
- id->x.shmp = 0;
- }
+
id->cache.on_image = 0;
id->cache.size_image = 0;
id->cache.num_image = 0;
@@ -952,8 +953,8 @@ Imlib_init_with_params(Display * disp, I
}
if (p->flags & PARAMS_SHAREDPIXMAPS)
{
- if (id->x.shm)
- id->x.shmp = p->sharedpixmaps;
+ if (!p->sharedpixmaps)
+ id->x.shmp = 0;
}
if (p->flags & PARAMS_PALETTEOVERRIDE)
override = p->paletteoverride;
Index: imlib.spec
===================================================================
RCS file: /cvs/pkgs/rpms/imlib/EL-5/imlib.spec,v
retrieving revision 1.5
retrieving revision 1.6
diff -u -r1.5 -r1.6
--- imlib.spec 4 Sep 2007 07:10:04 -0000 1.5
+++ imlib.spec 19 Dec 2007 17:53:17 -0000 1.6
@@ -3,19 +3,20 @@
Summary: An image loading and rendering library for X11R6
Name: imlib
Version: 1.9.15
-Release: 4%{?dist}
+Release: 6%{?dist}
Epoch: 1
License: LGPLv2+
Group: System Environment/Libraries
-URL: http://enlightenment.sourceforge.net/Libraries/Imlib/
Source0: http://ftp.gnome.org/pub/GNOME/sources/imlib/1.9/imlib-%{version}.tar.bz2
Source2: local-hack-gmodule.tar.gz
Patch1: imlib-1.9.13-sec2.patch
+Patch2: imlib-1.9.15-bpp16-CVE-2007-3568.patch
Patch3: imlib-1.9.10-cppflags.patch
Patch4: imlib-1.9.15-gmodulehack.patch
Patch6: imlib-1.9.13-underquoted.patch
Patch8: imlib-1.9.15-lib-bloat.patch
Patch9: imlib-1.9.15-multilib-config.patch
+Patch10: imlib-1.9.15-check-for-shm-pixmaps.patch
BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n)
BuildRequires: automake
BuildRequires: giflib-devel
@@ -62,11 +63,13 @@
%prep
%setup -q
%patch1 -p1 -b .sec2
+%patch2 -p0 -b .bpp16
%patch3 -p1 -b .cppflags
%patch4 -p1 -b .gmodulehack
%patch6 -p1 -b .underquoted
%patch8 -p1 -b .lib-bloat
%patch9 -p1 -b .multilib
+%patch10 -p1 -b .shmpixmaps
## Local gmodule hack to support building with libpng rather than libpng10
(cd gdk_imlib && %{__tar} zxf %{SOURCE2})
@@ -148,6 +151,17 @@
%{_mandir}/man1/imlib-config.1*
%changelog
+* Tue Dec 18 2007 Paul Howarth <paul at city-fan.org> 1:1.9.15-6
+- include patch to fix a DoS caused via a BMP image with a Bits Per Page (BPP)
+ value of 0 (#426091, CVE-2007-3568); thanks to Peter Volkov at Gentoo for
+ the heads-up
+- remove URL tag; this legacy package has no active upstream source, and
+ documentation for it is gradually disappearing from the Internet
+
+* Wed Nov 28 2007 Adam Jackson <ajax at redhat.com> 1:1.9.15-5
+- imlib-1.9.15-check-for-shm-pixmaps.patch: MIT-SHM pixmaps are optional,
+ so check that they exist before using them. (#357241)
+
* Thu Aug 9 2007 Paul Howarth <paul at city-fan.org> 1:1.9.15-4
- re-clarify license as GNU Lesser General Public License v2 or later (LGPLv2+)
- Previous message (by thread): rpms/perl-Image-Info/devel .cvsignore, 1.10, 1.11 perl-Image-Info.spec, 1.18, 1.19 sources, 1.10, 1.11
- Next message (by thread): rpms/policycoreutils/devel .cvsignore, 1.167, 1.168 policycoreutils-rhat.patch, 1.337, 1.338 policycoreutils-sepolgen.patch, 1.5, 1.6 policycoreutils.spec, 1.485, 1.486 sources, 1.172, 1.173
- Messages sorted by:
[ date ]
[ thread ]
[ subject ]
[ author ]
More information about the fedora-extras-commits
mailing list