Hello community, here is the log from the commit of package imlib2 for openSUSE:Factory checked in at Fri Apr 30 01:18:01 CEST 2010. -------- --- imlib2/imlib2.changes 2010-04-15 12:02:33.000000000 +0200 +++ /mounts/work_src_done/STABLE/imlib2/imlib2.changes 2010-04-29 17:06:05.000000000 +0200 @@ -1,0 +2,5 @@ +Thu Apr 29 17:05:34 CEST 2010 - meissner@suse.de + +- fixed incorrect overflow checking (CVE-2010-0991, bnc#598935) + +------------------------------------------------------------------- calling whatdependson for head-i586 New: ---- imlib2-1.4.3-fixoverflow-checker.patch ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ imlib2.spec ++++++ --- /var/tmp/diff_new_pack.XcQ0fP/_old 2010-04-30 01:10:47.000000000 +0200 +++ /var/tmp/diff_new_pack.XcQ0fP/_new 2010-04-30 01:10:47.000000000 +0200 @@ -21,10 +21,11 @@ BuildRequires: freetype2-devel giflib-devel libpng-devel libtiff-devel xorg-x11-devel Summary: Image handling and conversion library. Version: 1.4.3 -Release: 1 +Release: 2 License: BSD3c(or similar) Group: Development/Libraries/X11 Source: %name-%version.tar.bz2 +Patch0: %name-%version-fixoverflow-checker.patch BuildRoot: %{_tmppath}/%{name}-%{version}-build Url: http://sourceforge.net/projects/enlightenment/ Suggests: imlib2-loaders @@ -90,6 +91,7 @@ %prep %setup -q +%patch0 -p1 %build autoreconf --force --install ++++++ imlib2-1.4.3-fixoverflow-checker.patch ++++++ diff -ur imlib2-1.4.3/src/lib/image.h imlib2/src/lib/image.h --- imlib2-1.4.3/src/lib/image.h 2010-03-14 16:26:27.000000000 +0100 +++ imlib2/src/lib/image.h 2010-04-29 17:00:27.375691000 +0200 @@ -190,6 +190,6 @@ # define IMAGE_DIMENSIONS_OK(w, h) \ ( ((w) > 0) && ((h) > 0) && \ - ((unsigned long long)(w) * (unsigned long long)(w) <= (1ULL << 29) - 1) ) + ((unsigned long long)(w) * (unsigned long long)(h) <= (1ULL << 29) - 1) ) #endif ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Remember to have fun... -- To unsubscribe, e-mail: opensuse-commit+unsubscribe@opensuse.org For additional commands, e-mail: opensuse-commit+help@opensuse.org