Here is an update to Imlib2 1.4.0.
The new version integrates the security fixes and has
a few bug fixes.
Index: Makefile
===================================================================
RCS file: /cvs/ports/graphics/imlib2/Makefile,v
retrieving revision 1.16
diff -u -p -r1.16 Makefile
--- Makefile 8 Apr 2007 16:33:41 -0000 1.16
+++ Makefile 10 Jun 2007 19:47:08 -0000
@@ -2,12 +2,11 @@
COMMENT= "image manipulation library"
-DISTNAME= imlib2-1.3.0
-PKGNAME= ${DISTNAME}p0
-SHARED_LIBS= Imlib2 4.0 # .4.0
+DISTNAME= imlib2-1.4.0
+SHARED_LIBS= Imlib2 5.0 # .5.0
CATEGORIES= graphics
-HOMEPAGE= http://enlightenment.org/Libraries/Imlib2/
+HOMEPAGE= http://www.enlightenment.org/p.php?p=about/libs/imlib2&l=en
# BSD
PERMIT_PACKAGE_CDROM= Yes
Index: distinfo
===================================================================
RCS file: /cvs/ports/graphics/imlib2/distinfo,v
retrieving revision 1.5
diff -u -p -r1.5 distinfo
--- distinfo 5 Apr 2007 16:19:56 -0000 1.5
+++ distinfo 10 Jun 2007 19:36:56 -0000
@@ -1,5 +1,5 @@
-MD5 (imlib2-1.3.0.tar.gz) = ALck/G0tz6MEW7alVLssig==
-RMD160 (imlib2-1.3.0.tar.gz) = Jy/ApiaZ4PD2kPTMhBisXI4O5hU=
-SHA1 (imlib2-1.3.0.tar.gz) = rZxnOpTU5eYQcEzv0GhV+QAVHiU=
-SHA256 (imlib2-1.3.0.tar.gz) = Eof9ThI2ghH2CcAWBz3l1CpXvN3pPkbCavdXiBU8L9M=
-SIZE (imlib2-1.3.0.tar.gz) = 955862
+MD5 (imlib2-1.4.0.tar.gz) = affumWyUMUIzK0yYWXsJXA==
+RMD160 (imlib2-1.4.0.tar.gz) = W2Y6Qg4QCN3AR2ZZEsrUczI4A9o=
+SHA1 (imlib2-1.4.0.tar.gz) = K71luCppDSHasr/rM8w3D2u0k5M=
+SHA256 (imlib2-1.4.0.tar.gz) = TdjJlrtGbBDok26yg9ofkKggBCx09t6SB7UfTofiGYs=
+SIZE (imlib2-1.4.0.tar.gz) = 955897
Index: patches/patch-src_modules_loaders_loader_argb_c
===================================================================
RCS file: patches/patch-src_modules_loaders_loader_argb_c
diff -N patches/patch-src_modules_loaders_loader_argb_c
--- patches/patch-src_modules_loaders_loader_argb_c 20 Nov 2006 09:21:09
-0000 1.1
+++ /dev/null 1 Jan 1970 00:00:00 -0000
@@ -1,19 +0,0 @@
-$OpenBSD: patch-src_modules_loaders_loader_argb_c,v 1.1 2006/11/20 09:21:09
bernd Exp $
-
-Fix for CVE-2006-4806, CVE-2006-4807, CVE-2006-4808, CVE-2006-4809.
-Should be fixed in >1.3.0.
-
---- src/modules/loaders/loader_argb.c.orig Tue Sep 5 02:37:07 2006
-+++ src/modules/loaders/loader_argb.c Mon Nov 6 10:41:32 2006
-@@ -47,6 +47,11 @@ load(ImlibImage * im, ImlibProgressFunct
- fclose(f);
- return 0;
- }
-+ if ((w < 1) || (h < 1) || (w > 8192) || (h > 8192))
-+ {
-+ fclose(f);
-+ return 0;
-+ }
- im->w = w;
- im->h = h;
- if (!im->format)
Index: patches/patch-src_modules_loaders_loader_gif_c
===================================================================
RCS file: patches/patch-src_modules_loaders_loader_gif_c
diff -N patches/patch-src_modules_loaders_loader_gif_c
--- patches/patch-src_modules_loaders_loader_gif_c 20 Nov 2006 09:21:09
-0000 1.1
+++ /dev/null 1 Jan 1970 00:00:00 -0000
@@ -1,19 +0,0 @@
-$OpenBSD: patch-src_modules_loaders_loader_gif_c,v 1.1 2006/11/20 09:21:09
bernd Exp $
-
-Fix for CVE-2006-4806, CVE-2006-4807, CVE-2006-4808, CVE-2006-4809.
-Should be fixed in >1.3.0.
-
---- src/modules/loaders/loader_gif.c.orig Tue Sep 5 02:37:07 2006
-+++ src/modules/loaders/loader_gif.c Mon Nov 6 10:41:32 2006
-@@ -72,6 +72,11 @@ load(ImlibImage * im, ImlibProgressFunct
- }
- w = gif->Image.Width;
- h = gif->Image.Height;
-+ if ((w < 1) || (h < 1) || (w > 8192) || (h > 8192))
-+ {
-+ DGifCloseFile(gif);
-+ return 0;
-+ }
- rows = malloc(h * sizeof(GifRowType *));
- if (!rows)
- {
Index: patches/patch-src_modules_loaders_loader_jpeg_c
===================================================================
RCS file: patches/patch-src_modules_loaders_loader_jpeg_c
diff -N patches/patch-src_modules_loaders_loader_jpeg_c
--- patches/patch-src_modules_loaders_loader_jpeg_c 20 Nov 2006 09:21:09
-0000 1.1
+++ /dev/null 1 Jan 1970 00:00:00 -0000
@@ -1,20 +0,0 @@
-$OpenBSD: patch-src_modules_loaders_loader_jpeg_c,v 1.1 2006/11/20 09:21:09
bernd Exp $
-
-Fix for CVE-2006-4806, CVE-2006-4807, CVE-2006-4808, CVE-2006-4809.
-Should be fixed in >1.3.0.
-
---- src/modules/loaders/loader_jpeg.c.orig Tue Sep 5 02:37:07 2006
-+++ src/modules/loaders/loader_jpeg.c Mon Nov 6 10:41:32 2006
-@@ -92,6 +92,12 @@ load(ImlibImage * im, ImlibProgressFunct
- {
- im->w = w = cinfo.output_width;
- im->h = h = cinfo.output_height;
-+ if ((w < 1) || (h < 1) || (w > 8192) || (h > 8192))
-+ {
-+ jpeg_destroy_decompress(&cinfo);
-+ fclose(f);
-+ return 0;
-+ }
- UNSET_FLAG(im->flags, F_HAS_ALPHA);
- im->format = strdup("jpeg");
- }
Index: patches/patch-src_modules_loaders_loader_lbm_c
===================================================================
RCS file: patches/patch-src_modules_loaders_loader_lbm_c
diff -N patches/patch-src_modules_loaders_loader_lbm_c
--- patches/patch-src_modules_loaders_loader_lbm_c 20 Nov 2006 09:21:09
-0000 1.1
+++ /dev/null 1 Jan 1970 00:00:00 -0000
@@ -1,19 +0,0 @@
-$OpenBSD: patch-src_modules_loaders_loader_lbm_c,v 1.1 2006/11/20 09:21:09
bernd Exp $
-
-Fix for CVE-2006-4806, CVE-2006-4807, CVE-2006-4808, CVE-2006-4809.
-Should be fixed in >1.3.0.
-
---- src/modules/loaders/loader_lbm.c.orig Wed Sep 6 13:34:49 2006
-+++ src/modules/loaders/loader_lbm.c Mon Nov 6 10:41:32 2006
-@@ -421,7 +421,10 @@ ILBM ilbm;
-
- im->w = L2RWORD(ilbm.bmhd.data);
- im->h = L2RWORD(ilbm.bmhd.data + 2);
-- if (im->w <= 0 || im->h <= 0) ok = 0;
-+ if ((im->w < 1) || (im->h < 1) || (im->w > 8192) || (im->h > 8192))
-+ {
-+ ok = 0;
-+ }
-
- ilbm.depth = ilbm.bmhd.data[8];
- if (ilbm.depth < 1 || (ilbm.depth > 8 && ilbm.depth != 24 &&
ilbm.depth != 32)) ok = 0; /* Only 1 to 8, 24, or 32 planes. */
Index: patches/patch-src_modules_loaders_loader_png_c
===================================================================
RCS file: patches/patch-src_modules_loaders_loader_png_c
diff -N patches/patch-src_modules_loaders_loader_png_c
--- patches/patch-src_modules_loaders_loader_png_c 20 Nov 2006 09:21:09
-0000 1.1
+++ /dev/null 1 Jan 1970 00:00:00 -0000
@@ -1,21 +0,0 @@
-$OpenBSD: patch-src_modules_loaders_loader_png_c,v 1.1 2006/11/20 09:21:09
bernd Exp $
-
-Fix for CVE-2006-4806, CVE-2006-4807, CVE-2006-4808, CVE-2006-4809.
-Should be fixed in >1.3.0.
-
---- src/modules/loaders/loader_png.c.orig Tue Sep 5 02:37:07 2006
-+++ src/modules/loaders/loader_png.c Mon Nov 6 10:41:32 2006
-@@ -85,6 +85,13 @@ load(ImlibImage * im, ImlibProgressFunct
- &interlace_type, NULL, NULL);
- im->w = (int)w32;
- im->h = (int)h32;
-+ if ((w32 < 1) || (h32 < 1) || (w32 > 8192) || (h32 > 8192))
-+ {
-+ png_read_end(png_ptr, info_ptr);
-+ png_destroy_read_struct(&png_ptr, &info_ptr, (png_infopp) NULL);
-+ fclose(f);
-+ return 0;
-+ }
- if (color_type == PNG_COLOR_TYPE_PALETTE)
- {
- png_set_expand(png_ptr);
Index: patches/patch-src_modules_loaders_loader_pnm_c
===================================================================
RCS file: patches/patch-src_modules_loaders_loader_pnm_c
diff -N patches/patch-src_modules_loaders_loader_pnm_c
--- patches/patch-src_modules_loaders_loader_pnm_c 20 Nov 2006 09:21:09
-0000 1.1
+++ /dev/null 1 Jan 1970 00:00:00 -0000
@@ -1,28 +0,0 @@
-$OpenBSD: patch-src_modules_loaders_loader_pnm_c,v 1.1 2006/11/20 09:21:09
bernd Exp $
-
-Fix for CVE-2006-4806, CVE-2006-4807, CVE-2006-4808, CVE-2006-4809.
-Should be fixed in >1.3.0.
-
---- src/modules/loaders/loader_pnm.c.orig Tue Sep 5 02:37:07 2006
-+++ src/modules/loaders/loader_pnm.c Mon Nov 6 10:41:32 2006
-@@ -107,7 +107,7 @@ load(ImlibImage * im, ImlibProgressFunct
- }
- }
- }
-- if ((w <= 0) || (w > 8192) || (h <= 0) || (h > 8192) || (v < 0) || (v >
255))
-+ if ((v < 0) || (v > 255))
- {
- fclose(f);
- return 0;
-@@ -115,6 +115,11 @@ load(ImlibImage * im, ImlibProgressFunct
-
- im->w = w;
- im->h = h;
-+ if ((w < 1) || (h < 1) || (w > 8192) || (h > 8192))
-+ {
-+ fclose(f);
-+ return 0;
-+ }
- if (!im->format)
- {
- if (p == '8')
Index: patches/patch-src_modules_loaders_loader_tga_c
===================================================================
RCS file: patches/patch-src_modules_loaders_loader_tga_c
diff -N patches/patch-src_modules_loaders_loader_tga_c
--- patches/patch-src_modules_loaders_loader_tga_c 20 Nov 2006 09:21:09
-0000 1.1
+++ /dev/null 1 Jan 1970 00:00:00 -0000
@@ -1,85 +0,0 @@
-$OpenBSD: patch-src_modules_loaders_loader_tga_c,v 1.1 2006/11/20 09:21:09
bernd Exp $
-
-Fix for CVE-2006-4806, CVE-2006-4807, CVE-2006-4808, CVE-2006-4809.
-Should be fixed in >1.3.0.
-
---- src/modules/loaders/loader_tga.c.orig Wed Sep 6 13:34:49 2006
-+++ src/modules/loaders/loader_tga.c Mon Nov 6 10:41:32 2006
-@@ -297,9 +297,8 @@ load(ImlibImage * im, ImlibProgressFunct
- im->w = (header->widthHi << 8) | header->widthLo;
- im->h = (header->heightHi << 8) | header->heightLo;
-
-- if ((im->w > 32767) || (im->w < 1) || (im->h > 32767) || (im->h < 1))
-+ if ((im->w < 1) || (im->h < 1) || (im->w > 8192) || (im->h > 8192))
- {
-- im->w = 0;
- munmap(seg, ss.st_size);
- close(fd);
- return 0;
-@@ -318,7 +317,7 @@ load(ImlibImage * im, ImlibProgressFunct
- if (((!im->data) && (im->loader)) || (immediate_load) || (progress))
- {
- unsigned long datasize;
-- unsigned char *bufptr;
-+ unsigned char *bufptr, *bufend;
- DATA32 *dataptr;
-
- int y;
-@@ -346,6 +345,7 @@ load(ImlibImage * im, ImlibProgressFunct
-
- /* bufptr is the next byte to be read from the buffer */
- bufptr = filedata;
-+ bufend = filedata + datasize;
-
- /* dataptr is the next 32-bit pixel to be filled in */
- dataptr = im->data;
-@@ -418,9 +418,10 @@ load(ImlibImage * im, ImlibProgressFunct
- unsigned char curbyte, red, green, blue, alpha;
- DATA32 *final_pixel = dataptr + im->w * im->h;
-
-- /* loop until we've got all the pixels */
-- while (dataptr < final_pixel)
-- {
-+ /* loop until we've got all the pixels or run out of input */
-+ while ((dataptr < final_pixel) &&
-+ ((bufptr + 1 + (bpp / 8)) < bufend))
-+ {
- int count;
-
- curbyte = *bufptr++;
-@@ -437,7 +438,7 @@ load(ImlibImage * im, ImlibProgressFunct
- green = *bufptr++;
- red = *bufptr++;
- alpha = *bufptr++;
-- for (i = 0; i < count; i++)
-+ for (i = 0; (i < count) && (dataptr < final_pixel);
i++)
- {
- WRITE_RGBA(dataptr, red, green, blue,
alpha);
- dataptr++;
-@@ -448,7 +449,7 @@ load(ImlibImage * im, ImlibProgressFunct
- blue = *bufptr++;
- green = *bufptr++;
- red = *bufptr++;
-- for (i = 0; i < count; i++)
-+ for (i = 0; (i < count) && (dataptr < final_pixel);
i++)
- {
- WRITE_RGBA(dataptr, red, green, blue,
- (char)0xff);
-@@ -458,7 +459,7 @@ load(ImlibImage * im, ImlibProgressFunct
-
- case 8:
- alpha = *bufptr++;
-- for (i = 0; i < count; i++)
-+ for (i = 0; (i < count) && (dataptr < final_pixel);
i++)
- {
- WRITE_RGBA(dataptr, alpha, alpha, alpha,
- (char)0xff);
-@@ -473,7 +474,7 @@ load(ImlibImage * im, ImlibProgressFunct
- {
- int i;
-
-- for (i = 0; i < count; i++)
-+ for (i = 0; (i < count) && (dataptr < final_pixel);
i++)
- {
- switch (bpp)
- {
Index: patches/patch-src_modules_loaders_loader_tiff_c
===================================================================
RCS file: patches/patch-src_modules_loaders_loader_tiff_c
diff -N patches/patch-src_modules_loaders_loader_tiff_c
--- patches/patch-src_modules_loaders_loader_tiff_c 20 Nov 2006 09:21:09
-0000 1.1
+++ /dev/null 1 Jan 1970 00:00:00 -0000
@@ -1,54 +0,0 @@
-$OpenBSD: patch-src_modules_loaders_loader_tiff_c,v 1.1 2006/11/20 09:21:09
bernd Exp $
-
-Fix for CVE-2006-4806, CVE-2006-4807, CVE-2006-4808, CVE-2006-4809.
-Should be fixed in >1.3.0.
-
---- src/modules/loaders/loader_tiff.c.orig Tue Sep 5 02:37:07 2006
-+++ src/modules/loaders/loader_tiff.c Mon Nov 6 10:41:32 2006
-@@ -75,11 +75,11 @@ static void
- raster(TIFFRGBAImage_Extra * img, uint32 * rast,
- uint32 x, uint32 y, uint32 w, uint32 h)
- {
-- uint32 image_width, image_height;
-+ int image_width, image_height;
- uint32 *pixel, pixel_value;
- int i, j, dy, rast_offset;
- DATA32 *buffer_pixel, *buffer = img->image->data;
-- int alpha_premult =
(EXTRASAMPLE_UNASSALPHA==img->rgba.alpha);
-+ int alpha_premult;
-
- image_width = img->image->w;
- image_height = img->image->h;
-@@ -91,6 +91,8 @@ raster(TIFFRGBAImage_Extra * img, uint32
- /* I don't understand why, but that seems to be what's going on. */
- /* libtiff needs better docs! */
-
-+ if (img->rgba.alpha == EXTRASAMPLE_UNASSALPHA)
-+ alpha_premult = 1;
- for (i = y, rast_offset = 0; i > dy; i--, rast_offset--)
- {
- pixel = rast + (rast_offset * image_width);
-@@ -204,6 +206,12 @@ load(ImlibImage * im, ImlibProgressFunct
- rgba_image.image = im;
- im->w = width = rgba_image.rgba.width;
- im->h = height = rgba_image.rgba.height;
-+ if ((width < 1) || (height < 1) || (width > 8192) || (height > 8192))
-+ {
-+ TIFFRGBAImageEnd((TIFFRGBAImage *) & rgba_image);
-+ TIFFClose(tif);
-+ return 0;
-+ }
- rgba_image.num_pixels = num_pixels = width * height;
- if (rgba_image.rgba.alpha != EXTRASAMPLE_UNSPECIFIED)
- SET_FLAG(im->flags, F_HAS_ALPHA);
-@@ -397,8 +405,9 @@ save(ImlibImage * im, ImlibProgressFunct
-
- if (has_alpha)
- {
-+ uint16 extras[] = { EXTRASAMPLE_ASSOCALPHA };
- TIFFSetField(tif, TIFFTAG_SAMPLESPERPIXEL, 4);
-- TIFFSetField(tif, TIFFTAG_EXTRASAMPLES, EXTRASAMPLE_ASSOCALPHA);
-+ TIFFSetField(tif, TIFFTAG_EXTRASAMPLES, 1, extras);
- }
- else
- {
Index: patches/patch-src_modules_loaders_loader_xpm_c
===================================================================
RCS file: patches/patch-src_modules_loaders_loader_xpm_c
diff -N patches/patch-src_modules_loaders_loader_xpm_c
--- patches/patch-src_modules_loaders_loader_xpm_c 20 Nov 2006 09:21:09
-0000 1.1
+++ /dev/null 1 Jan 1970 00:00:00 -0000
@@ -1,31 +0,0 @@
-$OpenBSD: patch-src_modules_loaders_loader_xpm_c,v 1.1 2006/11/20 09:21:09
bernd Exp $
-
-Fix for CVE-2006-4806, CVE-2006-4807, CVE-2006-4808, CVE-2006-4809.
-Should be fixed in >1.3.0.
-
---- src/modules/loaders/loader_xpm.c.orig Tue Sep 5 02:37:07 2006
-+++ src/modules/loaders/loader_xpm.c Mon Nov 6 10:41:32 2006
-@@ -211,19 +211,19 @@ load(ImlibImage * im, ImlibProgressFunct
- xpm_parse_done();
- return 0;
- }
-- if ((w > 32767) || (w < 1))
-+ if ((w > 8192) || (w < 1))
- {
- fprintf(stderr,
-- "IMLIB ERROR: Image width > 32767 or < 1
pixels for file\n");
-+ "IMLIB ERROR: Image width > 8192 or < 1
pixels for file\n");
- free(line);
- fclose(f);
- xpm_parse_done();
- return 0;
- }
-- if ((h > 32767) || (h < 1))
-+ if ((h > 8192) || (h < 1))
- {
- fprintf(stderr,
-- "IMLIB ERROR: Image height > 32767 or < 1
pixels for file\n");
-+ "IMLIB ERROR: Image height > 8192 or < 1
pixels for file\n");
- free(line);
- fclose(f);
- xpm_parse_done();
