NetCube-Systems-Austria/kumquat-buildroot
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

imlib2: security bump to version 1.4.8

Browse Source 
Fixes:
CVE-2016-3994 - out of bound read in GIF loader
CVE-2011-5326 - divide by zero on 2x1 ellipse

Switch to sourceforge hashes.
And drop all previous patches, they're upstream, yay.

Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
This commit is contained in:
Gustavo Zacarias 2016-04-14 12:43:35 -03:00 committed by Thomas Petazzoni
parent 21c89819a4
commit 779676f62d
11 changed files with 179 additions and 428 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

43
package/imlib2/0001-GIF-loader-Fix-for-libgif-version-5.patch
View File

@ -1,43 +0,0 @@
From 17bf7bf95da6ed5b522205c321efcf838c48b13d Mon Sep 17 00:00:00 2001
From: Kim Woelders <kim@woelders.dk>
Date: Sun, 4 Aug 2013 08:05:27 +0200
Subject: [PATCH 1/5] GIF loader: Fix for libgif version 5.
---
src/modules/loaders/loader_gif.c | 7 +++++++
1 file changed, 7 insertions(+)
diff --git a/src/modules/loaders/loader_gif.c b/src/modules/loaders/loader_gif.c
index 23b8fd0..d1c2ae2 100644
--- a/src/modules/loaders/loader_gif.c
+++ b/src/modules/loaders/loader_gif.c
@@ -29,6 +29,7 @@ load(ImlibImage * im, ImlibProgressFunction progress, char progress_granularity,
/* already data in this image - dont load it again */
if (im->data)
return 0;
+
#ifndef __EMX__
fd = open(im->real_file, O_RDONLY);
#else
@@ -36,12 +37,18 @@ load(ImlibImage * im, ImlibProgressFunction progress, char progress_granularity,
#endif
if (fd < 0)
return 0;
+
+#if GIFLIB_MAJOR >= 5
+ gif = DGifOpenFileHandle(fd, NULL);
+#else
gif = DGifOpenFileHandle(fd);
+#endif
if (!gif)
{
close(fd);
return 0;
}
+
do
{
if (DGifGetRecordType(gif, &rec) == GIF_ERROR)
--
2.3.1

71
package/imlib2/0001-fix-CVE-2016-3994.patch Normal file
View File

@ -0,0 +1,71 @@
From 37a96801663b7b4cd3fbe56cc0eb8b6a17e766a8 Mon Sep 17 00:00:00 2001
From: Kim Woelders <kim@woelders.dk>
Date: Sun, 3 Apr 2016 19:40:25 +0200
Subject: [PATCH] GIF loader: Fix out-of-bound reads from colormap.
Bug-Debian: http://bugs.debian.org/785369
Note: removes all special-casing from the inner loop, optimize for common case.
Author: Yuriy M. Kaminskiy <yumkam+debian@gmail.com>
Reported-By: Jakub Wilk <jwilk@debian.org>
Thanks to Bernhard U:belacker <bernhardu@vr-web.de> for analysis.
Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar>
---
src/modules/loaders/loader_gif.c | 31 +++++++++++++++++--------------
1 file changed, 17 insertions(+), 14 deletions(-)
diff --git a/src/modules/loaders/loader_gif.c b/src/modules/loaders/loader_gif.c
index 638df59..4f08d64 100644
--- a/src/modules/loaders/loader_gif.c
+++ b/src/modules/loaders/loader_gif.c
@@ -141,8 +141,24 @@ load(ImlibImage * im, ImlibProgressFunction progress, char progress_granularity,
if (im->loader || immediate_load || progress)
{
+ DATA32 colormap[256];
+
bg = gif->SBackGroundColor;
cmap = (gif->Image.ColorMap ? gif->Image.ColorMap : gif->SColorMap);
+ memset (colormap, 0, sizeof(colormap));
+ if (cmap != NULL)
+ {
+ for (i = cmap->ColorCount > 256 ? 256 : cmap->ColorCount; i-- > 0;)
+ {
+ r = cmap->Colors[i].Red;
+ g = cmap->Colors[i].Green;
+ b = cmap->Colors[i].Blue;
+ colormap[i] = (0xff << 24) | (r << 16) | (g << 8) | b;
+ }
+ /* if bg > cmap->ColorCount, it is transparent black already */
+ if (transp >= 0 && transp < 256)
+ colormap[transp] = bg >= 0 && bg < 256 ? colormap[bg] & 0x00ffffff : 0x00000000;
+ }
im->data = (DATA32 *) malloc(sizeof(DATA32) * w * h);
if (!im->data)
goto quit;
@@ -161,20 +177,7 @@ load(ImlibImage * im, ImlibProgressFunction progress, char progress_granularity,
{
for (j = 0; j < w; j++)
{
- if (rows[i][j] == transp)
- {
- r = cmap->Colors[bg].Red;
- g = cmap->Colors[bg].Green;
- b = cmap->Colors[bg].Blue;
- *ptr++ = 0x00ffffff & ((r << 16) | (g << 8) | b);
- }
- else
- {
- r = cmap->Colors[rows[i][j]].Red;
- g = cmap->Colors[rows[i][j]].Green;
- b = cmap->Colors[rows[i][j]].Blue;
- *ptr++ = (0xff << 24) | (r << 16) | (g << 8) | b;
- }
+ *ptr++ = colormap[rows[i][j]];
per += per_inc;
if (progress && (((int)per) != last_per)
&& (((int)per) % progress_granularity == 0))
--
2.7.3

175
package/imlib2/0002-GIF-loader-Simplify-error-handling.patch
View File

@ -1,175 +0,0 @@
From 908a179726d010963f4fe1b57fb5f7bf590d7d64 Mon Sep 17 00:00:00 2001
From: Kim Woelders <kim@woelders.dk>
Date: Tue, 31 Dec 2013 18:13:45 +0100
Subject: [PATCH 2/5] GIF loader: Simplify error handling.
Also:
- Fix memory leak when image data allocation fails.
- Some aux data arrays may as well be const.
---
src/modules/loaders/loader_gif.c | 80 ++++++++++++++++------------------------
1 file changed, 32 insertions(+), 48 deletions(-)
diff --git a/src/modules/loaders/loader_gif.c b/src/modules/loaders/loader_gif.c
index d1c2ae2..a39c860 100644
--- a/src/modules/loaders/loader_gif.c
+++ b/src/modules/loaders/loader_gif.c
@@ -8,6 +8,9 @@ char
load(ImlibImage * im, ImlibProgressFunction progress, char progress_granularity,
char immediate_load)
{
+ static const int intoffset[] = { 0, 4, 2, 1 };
+ static const int intjump[] = { 8, 8, 4, 2 };
+ int rc;
DATA32 *ptr;
GifFileType *gif;
GifRowType *rows;
@@ -16,8 +19,6 @@ load(ImlibImage * im, ImlibProgressFunction progress, char progress_granularity,
int i, j, done, bg, r, g, b, w = 0, h = 0;
float per = 0.0, per_inc;
int last_per = 0, last_y = 0;
- int intoffset[] = { 0, 4, 2, 1 };
- int intjump[] = { 8, 8, 4, 2 };
int transp;
int fd;
@@ -49,6 +50,8 @@ load(ImlibImage * im, ImlibProgressFunction progress, char progress_granularity,
return 0;
}
+ rc = 0; /* Failure */
+
do
{
if (DGifGetRecordType(gif, &rec) == GIF_ERROR)
@@ -66,37 +69,19 @@ load(ImlibImage * im, ImlibProgressFunction progress, char progress_granularity,
w = gif->Image.Width;
h = gif->Image.Height;
if (!IMAGE_DIMENSIONS_OK(w, h))
- {
- DGifCloseFile(gif);
- return 0;
- }
- rows = malloc(h * sizeof(GifRowType *));
+ goto quit2;
+
+ rows = calloc(h, sizeof(GifRowType *));
if (!rows)
- {
- DGifCloseFile(gif);
- return 0;
- }
- for (i = 0; i < h; i++)
- {
- rows[i] = NULL;
- }
+ goto quit2;
+
for (i = 0; i < h; i++)
{
rows[i] = malloc(w * sizeof(GifPixelType));
if (!rows[i])
- {
- DGifCloseFile(gif);
- for (i = 0; i < h; i++)
- {
- if (rows[i])
- {
- free(rows[i]);
- }
- }
- free(rows);
- return 0;
- }
+ goto quit;
}
+
if (gif->Image.Interlace)
{
for (i = 0; i < 4; i++)
@@ -135,6 +120,7 @@ load(ImlibImage * im, ImlibProgressFunction progress, char progress_granularity,
}
}
while (rec != TERMINATE_RECORD_TYPE);
+
if (transp >= 0)
{
SET_FLAG(im->flags, F_HAS_ALPHA);
@@ -143,6 +129,7 @@ load(ImlibImage * im, ImlibProgressFunction progress, char progress_granularity,
{
UNSET_FLAG(im->flags, F_HAS_ALPHA);
}
+
/* set the format string member to the lower-case full extension */
/* name for the format - so example names would be: */
/* "png", "jpeg", "tiff", "ppm", "pgm", "pbm", "gif", "xpm" ... */
@@ -150,17 +137,15 @@ load(ImlibImage * im, ImlibProgressFunction progress, char progress_granularity,
im->h = h;
if (!im->format)
im->format = strdup("gif");
+
if (im->loader || immediate_load || progress)
{
bg = gif->SBackGroundColor;
cmap = (gif->Image.ColorMap ? gif->Image.ColorMap : gif->SColorMap);
im->data = (DATA32 *) malloc(sizeof(DATA32) * w * h);
if (!im->data)
- {
- DGifCloseFile(gif);
- free(rows);
- return 0;
- }
+ goto quit;
+
ptr = im->data;
per_inc = 100.0 / (((float)w) * h);
for (i = 0; i < h; i++)
@@ -188,30 +173,29 @@ load(ImlibImage * im, ImlibProgressFunction progress, char progress_granularity,
last_per = (int)per;
if (!(progress(im, (int)per, 0, last_y, w, i)))
{
- DGifCloseFile(gif);
- for (i = 0; i < h; i++)
- {
- free(rows[i]);
- }
- free(rows);
- return 2;
+ rc = 2;
+ goto quit;
}
last_y = i;
}
}
}
+
+ if (progress)
+ progress(im, 100, 0, last_y, w, h);
}
- if (progress)
- {
- progress(im, 100, 0, last_y, w, h);
- }
- DGifCloseFile(gif);
+
+ rc = 1; /* Success */
+
+ quit:
for (i = 0; i < h; i++)
- {
- free(rows[i]);
- }
+ free(rows[i]);
free(rows);
- return 1;
+
+ quit2:
+ DGifCloseFile(gif);
+
+ return rc;
}
void
--
2.3.1

104
package/imlib2/0002-fix-CVE-2011-5326.patch Normal file
View File

@ -0,0 +1,104 @@
From c94d83ccab15d5ef02f88d42dce38ed3f0892882 Mon Sep 17 00:00:00 2001
From: Kim Woelders <kim@woelders.dk>
Date: Wed, 6 Apr 2016 17:42:17 +0200
Subject: [PATCH] Fix potential divide-by-zero in imlib_image_draw_ellipse().
Attempting to draw a 2x1 ellipse with e.g. imlib_image_draw_ellipse(x, y, 2, 1)
causes a divide-by-zero.
It seems happy enough to draw 1x1, 1x2 and 2x2, but not 2x1.
Patch by Simon Lees.
https://bugs.debian.org/639414
Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar>
---
src/lib/ellipse.c | 24 ++++++++++++++++++++++++
1 file changed, 24 insertions(+)
diff --git a/src/lib/ellipse.c b/src/lib/ellipse.c
index cd90268..ddb410b 100644
--- a/src/lib/ellipse.c
+++ b/src/lib/ellipse.c
@@ -71,6 +71,9 @@ __imlib_Ellipse_DrawToData(int xc, int yc, int a, int b, DATA32 color,
if (IN_RANGE(rx, by, clw, clh))
pfunc(color, bp + len);
+ if (dx < 1)
+ dx = 1;
+
dy += b2;
yy -= ((dy << 16) / dx);
lx--;
@@ -123,6 +126,9 @@ __imlib_Ellipse_DrawToData(int xc, int yc, int a, int b, DATA32 color,
if (IN_RANGE(rx, by, clw, clh))
pfunc(color, bp + len);
+ if (dy < 1)
+ dy = 1;
+
dx -= a2;
xx += ((dx << 16) / dy);
ty++;
@@ -222,6 +228,9 @@ __imlib_Ellipse_DrawToData_AA(int xc, int yc, int a, int b, DATA32 color,
if (IN_RANGE(rx, by, clw, clh))
pfunc(col1, bp + len);
+ if (dx < 1)
+ dx = 1;
+
dy += b2;
yy -= ((dy << 16) / dx);
lx--;
@@ -295,6 +304,9 @@ __imlib_Ellipse_DrawToData_AA(int xc, int yc, int a, int b, DATA32 color,
if (IN_RANGE(rx, by, clw, clh))
pfunc(col1, bp + len);
+ if (dy < 1)
+ dy = 1;
+
dx -= a2;
xx += ((dx << 16) / dy);
ty++;
@@ -395,6 +407,9 @@ __imlib_Ellipse_FillToData(int xc, int yc, int a, int b, DATA32 color,
if (IN_RANGE(rx, by, clw, clh))
pfunc(color, bp + len);
+ if (dx < 1)
+ dx = 1;
+
dy += b2;
yy -= ((dy << 16) / dx);
lx--;
@@ -453,6 +468,9 @@ __imlib_Ellipse_FillToData(int xc, int yc, int a, int b, DATA32 color,
if (((unsigned)by < (unsigned)clh) && (len > 0))
sfunc(color, bpp, len);
+ if (dy < 1)
+ dy = 1;
+
dx -= a2;
xx += ((dx << 16) / dy);
ty++;
@@ -556,6 +574,9 @@ __imlib_Ellipse_FillToData_AA(int xc, int yc, int a, int b, DATA32 color,
if (IN_RANGE(rx, by, clw, clh))
pfunc(col1, bp + len);
+ if (dx < 1)
+ dx = 1;
+
dy += b2;
yy -= ((dy << 16) / dx);
lx--;
@@ -629,6 +650,9 @@ __imlib_Ellipse_FillToData_AA(int xc, int yc, int a, int b, DATA32 color,
if (IN_RANGE(rx, by, clw, clh))
pfunc(col1, bp + len);
+ if (dy < 1)
+ dy = 1;
+
dx -= a2;
xx += ((dx << 16) / dy);
ty++;
--
2.7.3

28
package/imlib2/0003-imlib2-config-delete-old-reference-to-my_libs.patch
View File

@ -1,28 +0,0 @@
From 534e736e52b6be0da58397ef05f55d47f3794ea7 Mon Sep 17 00:00:00 2001
From: Mike Frysinger <vapier@gentoo.org>
Date: Sat, 18 Jan 2014 13:56:54 -0500
Subject: [PATCH 3/6] imlib2-config: delete old reference to @my_libs@
This was cleaned up a while ago, but this file was missed.
URL: https://bugs.gentoo.org/497894
---
imlib2-config.in | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/imlib2-config.in b/imlib2-config.in
index cf814c6..965f7c3 100644
--- a/imlib2-config.in
+++ b/imlib2-config.in
@@ -46,7 +46,7 @@ while test $# -gt 0; do
;;
--libs)
libdirs=-L@libdir@
- echo $libdirs -lImlib2 @my_libs@
+ echo $libdirs -lImlib2
;;
*)
echo "${usage}" 1>&2
--
2.3.1

75
package/imlib2/0004-fix-X_DISPLAY_MISSING-redefined-warnings-when-X-is-d.patch
View File

@ -1,75 +0,0 @@
From 7fb1a4468b9d0314cffcdd1fd2a156e6f8c5101b Mon Sep 17 00:00:00 2001
From: Mike Frysinger <vapier@gentoo.org>
Date: Mon, 28 Jul 2014 22:59:35 -0400
Subject: [PATCH 4/6] fix X_DISPLAY_MISSING redefined warnings when X is
disabled
This is set up in config.h by configure, so avoid defining it again.
---
src/bin/imlib2_conv.c | 2 ++
src/lib/api.c | 2 ++
src/lib/image.h | 2 ++
src/lib/script.c | 2 ++
4 files changed, 8 insertions(+)
diff --git a/src/bin/imlib2_conv.c b/src/bin/imlib2_conv.c
index 1b05b1f..1c46d0c 100644
--- a/src/bin/imlib2_conv.c
+++ b/src/bin/imlib2_conv.c
@@ -8,7 +8,9 @@
#include <stdio.h>
#include <string.h>
+#ifndef X_DISPLAY_MISSING
#define X_DISPLAY_MISSING
+#endif
#include <Imlib2.h>
#define PROG_NAME "imlib2_conv"
diff --git a/src/lib/api.c b/src/lib/api.c
index e29eaf0..178d2ca 100644
--- a/src/lib/api.c
+++ b/src/lib/api.c
@@ -4,8 +4,10 @@
#include <X11/Xutil.h>
#include <X11/extensions/shape.h>
#else
+#ifndef X_DISPLAY_MISSING
#define X_DISPLAY_MISSING
#endif
+#endif
#include <string.h>
#include <stdarg.h>
#include "common.h"
diff --git a/src/lib/image.h b/src/lib/image.h
index eef59d2..52dde9d 100644
--- a/src/lib/image.h
+++ b/src/lib/image.h
@@ -5,7 +5,9 @@
# ifdef BUILD_X11
# include <X11/Xlib.h>
# else
+#ifndef X_DISPLAY_MISSING
# define X_DISPLAY_MISSING
+#endif
# endif
# include <dlfcn.h>
diff --git a/src/lib/script.c b/src/lib/script.c
index 55ebd4e..7c974c0 100644
--- a/src/lib/script.c
+++ b/src/lib/script.c
@@ -13,8 +13,10 @@
#ifdef BUILD_X11
#include <X11/Xlib.h>
#else
+#ifndef X_DISPLAY_MISSING
#define X_DISPLAY_MISSING
#endif
+#endif
#include "image.h"
#include "file.h"
#include "dynamic_filters.h"
--
2.3.1

29
package/imlib2/0005-do-not-link-with-X-libs-when-X-is-disabled.patch
View File

@ -1,29 +0,0 @@
From 19d568d7a58e88a6e0a43500175d731fb43f97cd Mon Sep 17 00:00:00 2001
From: Mike Frysinger <vapier@gentoo.org>
Date: Mon, 28 Jul 2014 23:01:23 -0400
Subject: [PATCH 5/6] do not link with X libs when X is disabled
URL: https://bugs.gentoo.org/517670
---
src/lib/Makefile.am | 5 ++++-
1 file changed, 4 insertions(+), 1 deletion(-)
diff --git a/src/lib/Makefile.am b/src/lib/Makefile.am
index 64de98b..ea94991 100644
--- a/src/lib/Makefile.am
+++ b/src/lib/Makefile.am
@@ -86,7 +86,10 @@ AMD64_OBJS = $(AMD64_SRCS:.S=.lo)
EXTRA_DIST = $(MMX_SRCS) $(AMD64_SRCS) asm_loadimmq.S
-MY_LIBS = -lXext -lX11 $(FREETYPE_LIBS) $(DLOPEN_LIBS) -lm
+MY_LIBS = $(FREETYPE_LIBS) $(DLOPEN_LIBS) -lm
+if BUILD_X11
+MY_LIBS += -lXext -lX11
+endif
if BUILD_MMX
libImlib2_la_LIBADD = $(MMX_OBJS) $(MY_LIBS)
--
2.3.1

44
package/imlib2/0006-GIF-loader-Fix-for-libgif-version-5.1.patch
View File

@ -1,44 +0,0 @@
From aa16abfa6c0198668b6a4e101fde8b42ec9cdb68 Mon Sep 17 00:00:00 2001
From: Heiko Becker <heirecka@exherbo.org>
Date: Mon, 13 Oct 2014 17:41:25 +0200
Subject: [PATCH 6/6] GIF loader: Fix for libgif version 5.1
Summary:
From giflib-5.1.0's NEWS:
"A small change to the API: DGifClose() and EGifClose() now take a
pointer-to-int second argument (like the corresponding openers)
where a diagnostic code will be deposited when they return
GIF_ERROR."
Test Plan:
I've built imlib2 against giflib-4.2.3 and 5.1.0 and opened a few
gif files with feh.
Reviewers: kwo
Reviewed By: kwo
Differential Revision: https://phab.enlightenment.org/D1529
---
src/modules/loaders/loader_gif.c | 4 ++++
1 file changed, 4 insertions(+)
diff --git a/src/modules/loaders/loader_gif.c b/src/modules/loaders/loader_gif.c
index a39c860..c53f62c 100644
--- a/src/modules/loaders/loader_gif.c
+++ b/src/modules/loaders/loader_gif.c
@@ -193,7 +193,11 @@ load(ImlibImage * im, ImlibProgressFunction progress, char progress_granularity,
free(rows);
quit2:
+#if GIFLIB_MAJOR > 5 || (GIFLIB_MAJOR == 5 && GIFLIB_MINOR >= 1)
+ DGifCloseFile(gif, NULL);
+#else
DGifCloseFile(gif);
+#endif
return rc;
}
--
2.3.1

31
package/imlib2/0007-fix-compilation-issues-with-musl.patch
View File

@ -1,31 +0,0 @@
From bdfa1169c549122a8dc848b84469458101adeb20 Mon Sep 17 00:00:00 2001
From: Brendan Heading <brendanheading@gmail.com>
Date: Mon, 3 Aug 2015 12:44:55 +0100
Subject: [PATCH 1/1] fix compilation issues with musl
Using time_t strictly requires time.h to be included.
NOTE I've stuck to the convention on this project where most of the
files appear to pick up most of their headers by including "common.h".
Upstream-status: pending
Signed-off-by: Brendan Heading <brendanheading@gmail.com>
---
src/lib/common.h | 1 +
1 file changed, 1 insertion(+)
diff --git a/src/lib/common.h b/src/lib/common.h
index 798965f..9053826 100644
--- a/src/lib/common.h
+++ b/src/lib/common.h
@@ -9,6 +9,7 @@
#include <config.h>
#include <string.h>
#include <math.h>
+#include <time.h>
#ifdef WITH_DMALLOC
#include <dmalloc.h>
#endif
--
2.4.3

5
package/imlib2/imlib2.hash
View File

@ -1,2 +1,3 @@
# Locally computed:
sha256 af51be727d62cfcff7457c753f355e44848fb997f33a7e1d43775276a9073274 imlib2-1.4.6.tar.bz2
# From https://sourceforge.net/projects/enlightenment/files/imlib2-src/1.4.8/
md5 97cf1007b0339102974ce20c8f17c249 imlib2-1.4.8.tar.bz2
sha1 09759f9cd0bb530a738032d06b29edf0038f2052 imlib2-1.4.8.tar.bz2

2
package/imlib2/imlib2.mk
View File

@ -4,7 +4,7 @@
#
################################################################################
IMLIB2_VERSION = 1.4.6
IMLIB2_VERSION = 1.4.8
IMLIB2_SOURCE = imlib2-$(IMLIB2_VERSION).tar.bz2
IMLIB2_SITE = http://downloads.sourceforge.net/project/enlightenment/imlib2-src/$(IMLIB2_VERSION)
IMLIB2_LICENSE = imlib2 license