From 69a30b2817cee6fa1a857f3e6950ace559d43830 Mon Sep 17 00:00:00 2001 From: Gustavo Zacarias Date: Sun, 1 May 2016 10:34:47 -0300 Subject: [PATCH] imlib2: security bump to version 1.4.9 It already includes the fixes for CVE-2016-3994 and CVE-2011-5326 so drop the patches, and additionally fixes: CVE-2016-4024 - integer overflow in imlib2, which result in insufficient heap allocation. Signed-off-by: Gustavo Zacarias Signed-off-by: Thomas Petazzoni --- package/imlib2/0001-fix-CVE-2016-3994.patch | 71 ------------- package/imlib2/0002-fix-CVE-2011-5326.patch | 104 -------------------- package/imlib2/imlib2.hash | 6 +- package/imlib2/imlib2.mk | 2 +- 4 files changed, 4 insertions(+), 179 deletions(-) delete mode 100644 package/imlib2/0001-fix-CVE-2016-3994.patch delete mode 100644 package/imlib2/0002-fix-CVE-2011-5326.patch diff --git a/package/imlib2/0001-fix-CVE-2016-3994.patch b/package/imlib2/0001-fix-CVE-2016-3994.patch deleted file mode 100644 index bf28905216..0000000000 --- a/package/imlib2/0001-fix-CVE-2016-3994.patch +++ /dev/null @@ -1,71 +0,0 @@ -From 37a96801663b7b4cd3fbe56cc0eb8b6a17e766a8 Mon Sep 17 00:00:00 2001 -From: Kim Woelders -Date: Sun, 3 Apr 2016 19:40:25 +0200 -Subject: [PATCH] GIF loader: Fix out-of-bound reads from colormap. - -Bug-Debian: http://bugs.debian.org/785369 -Note: removes all special-casing from the inner loop, optimize for common case. -Author: Yuriy M. Kaminskiy -Reported-By: Jakub Wilk - -Thanks to Bernhard U:belacker for analysis. - -Signed-off-by: Gustavo Zacarias ---- - src/modules/loaders/loader_gif.c | 31 +++++++++++++++++-------------- - 1 file changed, 17 insertions(+), 14 deletions(-) - -diff --git a/src/modules/loaders/loader_gif.c b/src/modules/loaders/loader_gif.c -index 638df59..4f08d64 100644 ---- a/src/modules/loaders/loader_gif.c -+++ b/src/modules/loaders/loader_gif.c -@@ -141,8 +141,24 @@ load(ImlibImage * im, ImlibProgressFunction progress, char progress_granularity, - - if (im->loader || immediate_load || progress) - { -+ DATA32 colormap[256]; -+ - bg = gif->SBackGroundColor; - cmap = (gif->Image.ColorMap ? gif->Image.ColorMap : gif->SColorMap); -+ memset (colormap, 0, sizeof(colormap)); -+ if (cmap != NULL) -+ { -+ for (i = cmap->ColorCount > 256 ? 256 : cmap->ColorCount; i-- > 0;) -+ { -+ r = cmap->Colors[i].Red; -+ g = cmap->Colors[i].Green; -+ b = cmap->Colors[i].Blue; -+ colormap[i] = (0xff << 24) | (r << 16) | (g << 8) | b; -+ } -+ /* if bg > cmap->ColorCount, it is transparent black already */ -+ if (transp >= 0 && transp < 256) -+ colormap[transp] = bg >= 0 && bg < 256 ? colormap[bg] & 0x00ffffff : 0x00000000; -+ } - im->data = (DATA32 *) malloc(sizeof(DATA32) * w * h); - if (!im->data) - goto quit; -@@ -161,20 +177,7 @@ load(ImlibImage * im, ImlibProgressFunction progress, char progress_granularity, - { - for (j = 0; j < w; j++) - { -- if (rows[i][j] == transp) -- { -- r = cmap->Colors[bg].Red; -- g = cmap->Colors[bg].Green; -- b = cmap->Colors[bg].Blue; -- *ptr++ = 0x00ffffff & ((r << 16) | (g << 8) | b); -- } -- else -- { -- r = cmap->Colors[rows[i][j]].Red; -- g = cmap->Colors[rows[i][j]].Green; -- b = cmap->Colors[rows[i][j]].Blue; -- *ptr++ = (0xff << 24) | (r << 16) | (g << 8) | b; -- } -+ *ptr++ = colormap[rows[i][j]]; - per += per_inc; - if (progress && (((int)per) != last_per) - && (((int)per) % progress_granularity == 0)) --- -2.7.3 - diff --git a/package/imlib2/0002-fix-CVE-2011-5326.patch b/package/imlib2/0002-fix-CVE-2011-5326.patch deleted file mode 100644 index ed9c9b2707..0000000000 --- a/package/imlib2/0002-fix-CVE-2011-5326.patch +++ /dev/null @@ -1,104 +0,0 @@ -From c94d83ccab15d5ef02f88d42dce38ed3f0892882 Mon Sep 17 00:00:00 2001 -From: Kim Woelders -Date: Wed, 6 Apr 2016 17:42:17 +0200 -Subject: [PATCH] Fix potential divide-by-zero in imlib_image_draw_ellipse(). - -Attempting to draw a 2x1 ellipse with e.g. imlib_image_draw_ellipse(x, y, 2, 1) -causes a divide-by-zero. -It seems happy enough to draw 1x1, 1x2 and 2x2, but not 2x1. - -Patch by Simon Lees. - -https://bugs.debian.org/639414 -Signed-off-by: Gustavo Zacarias ---- - src/lib/ellipse.c | 24 ++++++++++++++++++++++++ - 1 file changed, 24 insertions(+) - -diff --git a/src/lib/ellipse.c b/src/lib/ellipse.c -index cd90268..ddb410b 100644 ---- a/src/lib/ellipse.c -+++ b/src/lib/ellipse.c -@@ -71,6 +71,9 @@ __imlib_Ellipse_DrawToData(int xc, int yc, int a, int b, DATA32 color, - if (IN_RANGE(rx, by, clw, clh)) - pfunc(color, bp + len); - -+ if (dx < 1) -+ dx = 1; -+ - dy += b2; - yy -= ((dy << 16) / dx); - lx--; -@@ -123,6 +126,9 @@ __imlib_Ellipse_DrawToData(int xc, int yc, int a, int b, DATA32 color, - if (IN_RANGE(rx, by, clw, clh)) - pfunc(color, bp + len); - -+ if (dy < 1) -+ dy = 1; -+ - dx -= a2; - xx += ((dx << 16) / dy); - ty++; -@@ -222,6 +228,9 @@ __imlib_Ellipse_DrawToData_AA(int xc, int yc, int a, int b, DATA32 color, - if (IN_RANGE(rx, by, clw, clh)) - pfunc(col1, bp + len); - -+ if (dx < 1) -+ dx = 1; -+ - dy += b2; - yy -= ((dy << 16) / dx); - lx--; -@@ -295,6 +304,9 @@ __imlib_Ellipse_DrawToData_AA(int xc, int yc, int a, int b, DATA32 color, - if (IN_RANGE(rx, by, clw, clh)) - pfunc(col1, bp + len); - -+ if (dy < 1) -+ dy = 1; -+ - dx -= a2; - xx += ((dx << 16) / dy); - ty++; -@@ -395,6 +407,9 @@ __imlib_Ellipse_FillToData(int xc, int yc, int a, int b, DATA32 color, - if (IN_RANGE(rx, by, clw, clh)) - pfunc(color, bp + len); - -+ if (dx < 1) -+ dx = 1; -+ - dy += b2; - yy -= ((dy << 16) / dx); - lx--; -@@ -453,6 +468,9 @@ __imlib_Ellipse_FillToData(int xc, int yc, int a, int b, DATA32 color, - if (((unsigned)by < (unsigned)clh) && (len > 0)) - sfunc(color, bpp, len); - -+ if (dy < 1) -+ dy = 1; -+ - dx -= a2; - xx += ((dx << 16) / dy); - ty++; -@@ -556,6 +574,9 @@ __imlib_Ellipse_FillToData_AA(int xc, int yc, int a, int b, DATA32 color, - if (IN_RANGE(rx, by, clw, clh)) - pfunc(col1, bp + len); - -+ if (dx < 1) -+ dx = 1; -+ - dy += b2; - yy -= ((dy << 16) / dx); - lx--; -@@ -629,6 +650,9 @@ __imlib_Ellipse_FillToData_AA(int xc, int yc, int a, int b, DATA32 color, - if (IN_RANGE(rx, by, clw, clh)) - pfunc(col1, bp + len); - -+ if (dy < 1) -+ dy = 1; -+ - dx -= a2; - xx += ((dx << 16) / dy); - ty++; --- -2.7.3 - diff --git a/package/imlib2/imlib2.hash b/package/imlib2/imlib2.hash index b5c2d387d4..6e1faafc9b 100644 --- a/package/imlib2/imlib2.hash +++ b/package/imlib2/imlib2.hash @@ -1,3 +1,3 @@ -# From https://sourceforge.net/projects/enlightenment/files/imlib2-src/1.4.8/ -md5 97cf1007b0339102974ce20c8f17c249 imlib2-1.4.8.tar.bz2 -sha1 09759f9cd0bb530a738032d06b29edf0038f2052 imlib2-1.4.8.tar.bz2 +# From https://sourceforge.net/projects/enlightenment/files/imlib2-src/1.4.9/ +md5 23ef8b49f2793bc63b16839a2062298b imlib2-1.4.9.tar.bz2 +sha1 f389d67c337b604a365e620b0083b2d342dd724e imlib2-1.4.9.tar.bz2 diff --git a/package/imlib2/imlib2.mk b/package/imlib2/imlib2.mk index 92dcd6c875..9781777012 100644 --- a/package/imlib2/imlib2.mk +++ b/package/imlib2/imlib2.mk @@ -4,7 +4,7 @@ # ################################################################################ -IMLIB2_VERSION = 1.4.8 +IMLIB2_VERSION = 1.4.9 IMLIB2_SOURCE = imlib2-$(IMLIB2_VERSION).tar.bz2 IMLIB2_SITE = http://downloads.sourceforge.net/project/enlightenment/imlib2-src/$(IMLIB2_VERSION) IMLIB2_LICENSE = imlib2 license -- 2.30.2