ports/opt (3.2): [notify] imlib2: updated to 1.4.8

crux at crux.nu crux at crux.nu
Tue Apr 12 09:47:37 UTC 2016


commit 1f4fa45042269d52a8782845c01451472a17c96c
Author: Jose V Beneyto <sepen at crux.nu>
Date:   Tue Apr 12 11:39:29 2016 +0200

    [notify] imlib2: updated to 1.4.8
    
    Security fix:
    https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=785369

diff --git a/imlib2/.footprint b/imlib2/.footprint
index c1d8d58..9478cc1 100644
--- a/imlib2/.footprint
+++ b/imlib2/.footprint
@@ -27,6 +27,8 @@ drwxr-xr-x	root/root	usr/lib/imlib2/loaders/
 -rwxr-xr-x	root/root	usr/lib/imlib2/loaders/bmp.so
 -rwxr-xr-x	root/root	usr/lib/imlib2/loaders/bz2.la
 -rwxr-xr-x	root/root	usr/lib/imlib2/loaders/bz2.so
+-rwxr-xr-x	root/root	usr/lib/imlib2/loaders/ff.la
+-rwxr-xr-x	root/root	usr/lib/imlib2/loaders/ff.so
 -rwxr-xr-x	root/root	usr/lib/imlib2/loaders/gif.la
 -rwxr-xr-x	root/root	usr/lib/imlib2/loaders/gif.so
 -rwxr-xr-x	root/root	usr/lib/imlib2/loaders/id3.la
@@ -49,9 +51,9 @@ drwxr-xr-x	root/root	usr/lib/imlib2/loaders/
 -rwxr-xr-x	root/root	usr/lib/imlib2/loaders/zlib.so
 -rw-r--r--	root/root	usr/lib/libImlib2.a
 -rwxr-xr-x	root/root	usr/lib/libImlib2.la
-lrwxrwxrwx	root/root	usr/lib/libImlib2.so -> libImlib2.so.1.4.7
-lrwxrwxrwx	root/root	usr/lib/libImlib2.so.1 -> libImlib2.so.1.4.7
--rwxr-xr-x	root/root	usr/lib/libImlib2.so.1.4.7
+lrwxrwxrwx	root/root	usr/lib/libImlib2.so -> libImlib2.so.1.4.8
+lrwxrwxrwx	root/root	usr/lib/libImlib2.so.1 -> libImlib2.so.1.4.8
+-rwxr-xr-x	root/root	usr/lib/libImlib2.so.1.4.8
 drwxr-xr-x	root/root	usr/lib/pkgconfig/
 -rw-r--r--	root/root	usr/lib/pkgconfig/imlib2.pc
 drwxr-xr-x	root/root	usr/share/
diff --git a/imlib2/.md5sum b/imlib2/.md5sum
index 4968862..6b0eae4 100644
--- a/imlib2/.md5sum
+++ b/imlib2/.md5sum
@@ -1 +1,2 @@
-f2f1418c376da6125453f90f2d58d938  imlib2-1.4.7.tar.bz2
+80d8aeb7b04c8809ba4a3e3a0e0aad01  imlib2-1.4.8-gif-oob.patch
+97cf1007b0339102974ce20c8f17c249  imlib2-1.4.8.tar.bz2
diff --git a/imlib2/Pkgfile b/imlib2/Pkgfile
index 31ace21..4e7d7a1 100644
--- a/imlib2/Pkgfile
+++ b/imlib2/Pkgfile
@@ -5,13 +5,16 @@
 # Depends on: freetype, libid3tag, libpng, libtiff, giflib, xorg-libsm, xorg-libxext
 
 name=imlib2
-version=1.4.7
+version=1.4.8
 release=1
-source=(http://download.sourceforge.net/enlightenment/$name-$version.tar.bz2)
+source=(http://download.sourceforge.net/enlightenment/$name-$version.tar.bz2 \
+        https://gitweb.gentoo.org/repo/gentoo.git/plain/media-libs/$name/files/$name-$version-gif-oob.patch)
 
 build() {
   cd $name-$version
 
+  patch -p1 -i $SRC/$name-$version-gif-oob.patch
+
   ./configure --prefix=/usr
 
   make
diff --git a/imlib2/imlib2-1.4.8-gif-oob.patch b/imlib2/imlib2-1.4.8-gif-oob.patch
new file mode 100644
index 0000000..ed29757
--- /dev/null
+++ b/imlib2/imlib2-1.4.8-gif-oob.patch
@@ -0,0 +1,39 @@
+From 16de244bd03d2f75da6508feb1ad9cb4e668e9dc Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?Bernhard=20=C3=9Cbelacker?= <bernhardu at vr-web.de>
+Date: Sat, 2 Apr 2016 13:05:21 -0400
+Subject: [PATCH] gif: fix oob reads w/bad colormaps
+
+Verify the color map is inbounds before indexing with it.
+
+https://bugs.debian.org/785369
+---
+ src/modules/loaders/loader_gif.c | 13 ++++++++++---
+ 1 file changed, 10 insertions(+), 3 deletions(-)
+
+diff --git a/src/modules/loaders/loader_gif.c b/src/modules/loaders/loader_gif.c
+index 638df59..7bdf29c 100644
+--- a/src/modules/loaders/loader_gif.c
++++ b/src/modules/loaders/loader_gif.c
+@@ -170,9 +170,16 @@ load(ImlibImage * im, ImlibProgressFunction progress, char progress_granularity,
+                     }
+                   else
+                     {
+-                       r = cmap->Colors[rows[i][j]].Red;
+-                       g = cmap->Colors[rows[i][j]].Green;
+-                       b = cmap->Colors[rows[i][j]].Blue;
++                       if (rows[i][j] < cmap->ColorCount)
++                         {
++                            r = cmap->Colors[rows[i][j]].Red;
++                            g = cmap->Colors[rows[i][j]].Green;
++                            b = cmap->Colors[rows[i][j]].Blue;
++                         }
++                       else
++                         {
++                            r = g = b = 0;
++                         }
+                        *ptr++ = (0xff << 24) | (r << 16) | (g << 8) | b;
+                     }
+                   per += per_inc;
+-- 
+2.7.4
+



More information about the CRUX mailing list