Hello community, here is the log from the commit of package imlib checked in at Fri Jul 13 20:46:35 CEST 2007. -------- --- GNOME/imlib/imlib.changes 2007-01-15 19:36:11.000000000 +0100 +++ /mounts/work_src_done/STABLE/imlib/imlib.changes 2007-07-11 15:06:24.000000000 +0200 @@ -1,0 +2,6 @@ +Wed Jul 11 15:02:59 CEST 2007 - pth@suse.de + +- Check for BPP=0 which fixes security bug CVE-2007-3568. + Rewrote the if() clause as switch() for clarity.(#291037) + +------------------------------------------------------------------- New: ---- imlib-CVE-2007-3568.patch ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ imlib.spec ++++++ --- /var/tmp/diff_new_pack.g25573/_old 2007-07-13 20:46:23.000000000 +0200 +++ /var/tmp/diff_new_pack.g25573/_new 2007-07-13 20:46:23.000000000 +0200 @@ -12,12 +12,12 @@ Name: imlib BuildRequires: giflib-devel gtk-devel jpeg libjpeg libjpeg-devel libnetpbm libpng-devel libstdc++ libstdc++-devel libtiff-devel xorg-x11 -License: GNU Library General Public License v. 2.0 and 2.1 (LGPL) +License: LGPL v2 or later Group: System/Libraries Autoreqprov: on Summary: A Shared Library for Loading and Rendering 3D Images Version: 1.9.14 -Release: 248 +Release: 283 Source: ftp://ftp.gnome.org/pub/gnome/sources/imlib/1.9/imlib-%{version}.tar.bz2 Url: http://www.labs.redhat.com/imlib/ Patch: imlib-%{version}.patch @@ -34,6 +34,7 @@ Patch13: imlib-codecleanup.diff Patch14: imlib-1.9.14-no_acconfig_h.diff Patch15: imlib-link.patch +Patch16: imlib-CVE-2007-3568.patch BuildRoot: %{_tmppath}/%{name}-%{version}-build %description @@ -102,6 +103,7 @@ %patch13 %patch14 %patch15 +%patch16 %build %{?suse_update_config:%{suse_update_config -f}} @@ -147,7 +149,10 @@ %{_libdir}/pkgconfig/* %doc %{_mandir}/man?/*.* -%changelog -n imlib +%changelog +* Wed Jul 11 2007 - pth@suse.de +- Check for BPP=0 which fixes security bug CVE-2007-3568. + Rewrote the if() clause as switch() for clarity.(#291037) * Mon Jan 15 2007 - sbrabec@suse.cz - Prefix changed to /usr. - Spec file cleanup. ++++++ imlib-CVE-2007-3568.patch ++++++ The _LoadBMP function in imlib 1.9.15 and earlier allowed context-dependent attackers to cause a denial of service (infinite loop) via a BMP image with a Bits Per Page (BPP) value of 0. --- Imlib/load.c +++ Imlib/load.c @@ -673,16 +673,30 @@ #endif bpp = (int)word; - if (bpp != 1 && bpp != 4 && bpp != 8 && bpp && 16 && bpp != 24 && bpp != 32) + + switch(bpp) { - fprintf(stderr, "IMLIB ERROR: unknown bitdepth in file\n"); - return NULL; + case 1: + case 4: + case 8: + case 16: + case 24: + case 32: + break; + + default: + { + fprintf(stderr, "IMLIB ERROR: unknown bitdepth in file\n"); + return NULL; + } } + fread(dbuf, 4, 4, file); #if __BYTE_ORDER == __BIG_ENDIAN __bswap_32(dbuf[0]); #endif comp = (int)dbuf[0]; + if (comp != BI_RGB && comp != BI_RLE4 && comp != BI_RLE8 && comp != BI_BITFIELDS) { fprintf(stderr, "IMLIB ERROR: unknown encoding in Windows BMP file\n"); ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Remember to have fun... --------------------------------------------------------------------- To unsubscribe, e-mail: opensuse-commit+unsubscribe@opensuse.org For additional commands, e-mail: opensuse-commit+help@opensuse.org