debian/0000775000000000000000000000000012762065764007207 5ustar debian/libimlib2.symbols0000664000000000000000000002615512262757307012473 0ustar argb.so libimlib2 #MINVER# formats@Base 1.4.5 load@Base 1.4.5 save@Base 1.4.5 bmp.so libimlib2 #MINVER# formats@Base 1.4.5 load@Base 1.4.5 save@Base 1.4.5 bumpmap.so libimlib2 #MINVER# deinit@Base 1.4.5 exec@Base 1.4.5 init@Base 1.4.5 bz2.so libimlib2 #MINVER# formats@Base 1.4.5 load@Base 1.4.5 colormod.so libimlib2 #MINVER# deinit@Base 1.4.5 exec@Base 1.4.5 init@Base 1.4.5 gif.so libimlib2 #MINVER# formats@Base 1.4.5 load@Base 1.4.5 id3.so libimlib2 #MINVER# formats@Base 1.4.5 load@Base 1.4.5 jpeg.so libimlib2 #MINVER# formats@Base 1.4.5 load@Base 1.4.5 save@Base 1.4.5 lbm.so libimlib2 #MINVER# formats@Base 1.4.5 load@Base 1.4.5 libImlib2.so.1 libimlib2 #MINVER# __imlib_AttachTag@Base 1.4.5 __imlib_FindBestLoaderForFile@Base 1.4.5 __imlib_GetTag@Base 1.4.5 __imlib_SetMaxXImageCount@Base 1.4.5 _dither_128128@Base 1.4.5 _dither_44@Base 1.4.5 _dither_88@Base 1.4.5 _max_colors@Base 1.4.5 _pal_type@Base 1.4.5 current_var@Base 1.4.5 curtail@Base 1.4.5 ft_lib@Base 1.4.5 imlib_add_color_to_color_range@Base 1.4.5 imlib_add_path_to_font_path@Base 1.4.5 imlib_apply_color_modifier@Base 1.4.5 imlib_apply_color_modifier_to_rectangle@Base 1.4.5 imlib_apply_filter@Base 1.4.5 imlib_blend_image_onto_image@Base 1.4.5 imlib_blend_image_onto_image_at_angle@Base 1.4.5 imlib_blend_image_onto_image_skewed@Base 1.4.5 imlib_clone_image@Base 1.4.5 imlib_context_disconnect_display@Base 1.4.5 imlib_context_free@Base 1.4.5 imlib_context_get@Base 1.4.5 imlib_context_get_TTF_encoding@Base 1.4.5 imlib_context_get_angle@Base 1.4.5 imlib_context_get_anti_alias@Base 1.4.5 imlib_context_get_blend@Base 1.4.5 imlib_context_get_cliprect@Base 1.4.5 imlib_context_get_color@Base 1.4.5 imlib_context_get_color_cmya@Base 1.4.5 imlib_context_get_color_hlsa@Base 1.4.5 imlib_context_get_color_hsva@Base 1.4.5 imlib_context_get_color_modifier@Base 1.4.5 imlib_context_get_color_range@Base 1.4.5 imlib_context_get_colormap@Base 1.4.5 imlib_context_get_direction@Base 1.4.5 imlib_context_get_display@Base 1.4.5 imlib_context_get_dither@Base 1.4.5 imlib_context_get_dither_mask@Base 1.4.5 imlib_context_get_drawable@Base 1.4.5 imlib_context_get_filter@Base 1.4.5 imlib_context_get_font@Base 1.4.5 imlib_context_get_image@Base 1.4.5 imlib_context_get_imlib_color@Base 1.4.5 imlib_context_get_mask@Base 1.4.5 imlib_context_get_mask_alpha_threshold@Base 1.4.5 imlib_context_get_operation@Base 1.4.5 imlib_context_get_progress_function@Base 1.4.5 imlib_context_get_progress_granularity@Base 1.4.5 imlib_context_get_visual@Base 1.4.5 imlib_context_new@Base 1.4.5 imlib_context_pop@Base 1.4.5 imlib_context_push@Base 1.4.5 imlib_context_set_TTF_encoding@Base 1.4.5 imlib_context_set_angle@Base 1.4.5 imlib_context_set_anti_alias@Base 1.4.5 imlib_context_set_blend@Base 1.4.5 imlib_context_set_cliprect@Base 1.4.5 imlib_context_set_color@Base 1.4.5 imlib_context_set_color_cmya@Base 1.4.5 imlib_context_set_color_hlsa@Base 1.4.5 imlib_context_set_color_hsva@Base 1.4.5 imlib_context_set_color_modifier@Base 1.4.5 imlib_context_set_color_range@Base 1.4.5 imlib_context_set_colormap@Base 1.4.5 imlib_context_set_direction@Base 1.4.5 imlib_context_set_display@Base 1.4.5 imlib_context_set_dither@Base 1.4.5 imlib_context_set_dither_mask@Base 1.4.5 imlib_context_set_drawable@Base 1.4.5 imlib_context_set_filter@Base 1.4.5 imlib_context_set_font@Base 1.4.5 imlib_context_set_image@Base 1.4.5 imlib_context_set_mask@Base 1.4.5 imlib_context_set_mask_alpha_threshold@Base 1.4.5 imlib_context_set_operation@Base 1.4.5 imlib_context_set_progress_function@Base 1.4.5 imlib_context_set_progress_granularity@Base 1.4.5 imlib_context_set_visual@Base 1.4.5 imlib_copy_drawable_to_image@Base 1.4.5 imlib_create_color_modifier@Base 1.4.5 imlib_create_color_range@Base 1.4.5 imlib_create_cropped_image@Base 1.4.5 imlib_create_cropped_scaled_image@Base 1.4.5 imlib_create_filter@Base 1.4.5 imlib_create_image@Base 1.4.5 imlib_create_image_from_drawable@Base 1.4.5 imlib_create_image_from_ximage@Base 1.4.5 imlib_create_image_using_copied_data@Base 1.4.5 imlib_create_image_using_data@Base 1.4.5 imlib_create_rotated_image@Base 1.4.5 imlib_create_scaled_image_from_drawable@Base 1.4.5 imlib_filter_constants@Base 1.4.5 imlib_filter_divisors@Base 1.4.5 imlib_filter_set@Base 1.4.5 imlib_filter_set_alpha@Base 1.4.5 imlib_filter_set_blue@Base 1.4.5 imlib_filter_set_green@Base 1.4.5 imlib_filter_set_red@Base 1.4.5 imlib_flush_font_cache@Base 1.4.5 imlib_flush_loaders@Base 1.4.5 imlib_font_add_font_path@Base 1.4.5 imlib_font_ascent_get@Base 1.4.5 imlib_font_cache_get@Base 1.4.5 imlib_font_cache_glyph_get@Base 1.4.5 imlib_font_cache_set@Base 1.4.5 imlib_font_del_font_path@Base 1.4.5 imlib_font_descent_get@Base 1.4.5 imlib_font_draw@Base 1.4.5 imlib_font_find@Base 1.4.5 imlib_font_find_glyph@Base 1.4.5 imlib_font_flush@Base 1.4.5 imlib_font_flush_last@Base 1.4.5 imlib_font_free@Base 1.4.5 imlib_font_get_line_advance@Base 1.4.5 imlib_font_init@Base 1.4.5 imlib_font_insert_into_fallback_chain_imp@Base 1.4.5 imlib_font_list_font_path@Base 1.4.5 imlib_font_list_fonts@Base 1.4.5 imlib_font_load_joined@Base 1.4.5 imlib_font_max_ascent_get@Base 1.4.5 imlib_font_max_descent_get@Base 1.4.5 imlib_font_modify_cache_by@Base 1.4.5 imlib_font_path_exists@Base 1.4.5 imlib_font_query_advance@Base 1.4.5 imlib_font_query_char_coords@Base 1.4.5 imlib_font_query_inset@Base 1.4.5 imlib_font_query_size@Base 1.4.5 imlib_font_query_text_at_pos@Base 1.4.5 imlib_font_remove_from_fallback_chain_imp@Base 1.4.5 imlib_font_utf8_get_next@Base 1.4.5 imlib_free_color_modifier@Base 1.4.5 imlib_free_color_range@Base 1.4.5 imlib_free_filter@Base 1.4.5 imlib_free_font@Base 1.4.5 imlib_free_font_list@Base 1.4.5 imlib_free_image@Base 1.4.5 imlib_free_image_and_decache@Base 1.4.5 imlib_free_pixmap_and_mask@Base 1.4.5 imlib_get_best_visual@Base 1.4.5 imlib_get_cache_size@Base 1.4.5 imlib_get_color_modifier_tables@Base 1.4.5 imlib_get_color_usage@Base 1.4.5 imlib_get_font_ascent@Base 1.4.5 imlib_get_font_cache_size@Base 1.4.5 imlib_get_font_descent@Base 1.4.5 imlib_get_maximum_font_ascent@Base 1.4.5 imlib_get_maximum_font_descent@Base 1.4.5 imlib_get_next_font_in_fallback_chain@Base 1.4.5 imlib_get_prev_font_in_fallback_chain@Base 1.4.5 imlib_get_text_advance@Base 1.4.5 imlib_get_text_inset@Base 1.4.5 imlib_get_text_size@Base 1.4.5 imlib_get_visual_depth@Base 1.4.5 imlib_hash_add@Base 1.4.5 imlib_hash_find@Base 1.4.5 imlib_hash_foreach@Base 1.4.5 imlib_hash_free@Base 1.4.5 imlib_image_attach_data_value@Base 1.4.5 imlib_image_blur@Base 1.4.5 imlib_image_clear@Base 1.4.5 imlib_image_clear_color@Base 1.4.5 imlib_image_copy_alpha_rectangle_to_image@Base 1.4.5 imlib_image_copy_alpha_to_image@Base 1.4.5 imlib_image_copy_rect@Base 1.4.5 imlib_image_draw_ellipse@Base 1.4.5 imlib_image_draw_line@Base 1.4.5 imlib_image_draw_pixel@Base 1.4.5 imlib_image_draw_polygon@Base 1.4.5 imlib_image_draw_rectangle@Base 1.4.5 imlib_image_fill_color_range_rectangle@Base 1.4.5 imlib_image_fill_ellipse@Base 1.4.5 imlib_image_fill_hsva_color_range_rectangle@Base 1.4.5 imlib_image_fill_polygon@Base 1.4.5 imlib_image_fill_rectangle@Base 1.4.5 imlib_image_filter@Base 1.4.5 imlib_image_flip_diagonal@Base 1.4.5 imlib_image_flip_horizontal@Base 1.4.5 imlib_image_flip_vertical@Base 1.4.5 imlib_image_format@Base 1.4.5 imlib_image_get_attached_data@Base 1.4.5 imlib_image_get_attached_value@Base 1.4.5 imlib_image_get_border@Base 1.4.5 imlib_image_get_data@Base 1.4.5 imlib_image_get_data_for_reading_only@Base 1.4.5 imlib_image_get_filename@Base 1.4.5 imlib_image_get_height@Base 1.4.5 imlib_image_get_width@Base 1.4.5 imlib_image_has_alpha@Base 1.4.5 imlib_image_orientate@Base 1.4.5 imlib_image_put_back_data@Base 1.4.5 imlib_image_query_pixel@Base 1.4.5 imlib_image_query_pixel_cmya@Base 1.4.5 imlib_image_query_pixel_hlsa@Base 1.4.5 imlib_image_query_pixel_hsva@Base 1.4.5 imlib_image_remove_and_free_attached_data_value@Base 1.4.5 imlib_image_remove_attached_data_value@Base 1.4.5 imlib_image_scroll_rect@Base 1.4.5 imlib_image_set_border@Base 1.4.5 imlib_image_set_changes_on_disk@Base 1.4.5 imlib_image_set_format@Base 1.4.5 imlib_image_set_has_alpha@Base 1.4.5 imlib_image_set_irrelevant_alpha@Base 1.4.5 imlib_image_set_irrelevant_border@Base 1.4.5 imlib_image_set_irrelevant_format@Base 1.4.5 imlib_image_sharpen@Base 1.4.5 imlib_image_tile@Base 1.4.5 imlib_image_tile_horizontal@Base 1.4.5 imlib_image_tile_vertical@Base 1.4.5 imlib_insert_font_into_fallback_chain@Base 1.4.5 imlib_list_font_path@Base 1.4.5 imlib_list_fonts@Base 1.4.5 imlib_load_font@Base 1.4.5 imlib_load_image@Base 1.4.5 imlib_load_image_immediately@Base 1.4.5 imlib_load_image_immediately_without_cache@Base 1.4.5 imlib_load_image_with_error_return@Base 1.4.5 imlib_load_image_without_cache@Base 1.4.5 imlib_modify_color_modifier_brightness@Base 1.4.5 imlib_modify_color_modifier_contrast@Base 1.4.5 imlib_modify_color_modifier_gamma@Base 1.4.5 imlib_object_list_prepend@Base 1.4.5 imlib_object_list_remove@Base 1.4.5 imlib_polygon_add_point@Base 1.4.5 imlib_polygon_contains_point@Base 1.4.5 imlib_polygon_free@Base 1.4.5 imlib_polygon_get_bounds@Base 1.4.5 imlib_polygon_new@Base 1.4.5 imlib_remove_font_from_fallback_chain@Base 1.4.5 imlib_remove_path_from_font_path@Base 1.4.5 imlib_render_get_pixel_color@Base 1.4.5 imlib_render_image_on_drawable@Base 1.4.5 imlib_render_image_on_drawable_at_angle@Base 1.4.5 imlib_render_image_on_drawable_at_size@Base 1.4.5 imlib_render_image_on_drawable_skewed@Base 1.4.5 imlib_render_image_part_on_drawable_at_size@Base 1.4.5 imlib_render_image_updates_on_drawable@Base 1.4.5 imlib_render_pixmaps_for_whole_image@Base 1.4.5 imlib_render_pixmaps_for_whole_image_at_size@Base 1.4.5 imlib_render_str@Base 1.4.5 imlib_reset_color_modifier@Base 1.4.5 imlib_rotate_image_from_buffer@Base 1.4.5 imlib_save_image@Base 1.4.5 imlib_save_image_with_error_return@Base 1.4.5 imlib_set_cache_size@Base 1.4.5 imlib_set_color_modifier_tables@Base 1.4.5 imlib_set_color_usage@Base 1.4.5 imlib_set_font_cache_size@Base 1.4.5 imlib_text_draw@Base 1.4.5 imlib_text_draw_with_return_metrics@Base 1.4.5 imlib_text_get_index_and_location@Base 1.4.5 imlib_text_get_location_at_index@Base 1.4.5 imlib_update_append_rect@Base 1.4.5 imlib_updates_append_updates@Base 1.4.5 imlib_updates_clone@Base 1.4.5 imlib_updates_free@Base 1.4.5 imlib_updates_get_coordinates@Base 1.4.5 imlib_updates_get_next@Base 1.4.5 imlib_updates_init@Base 1.4.5 imlib_updates_merge@Base 1.4.5 imlib_updates_merge_for_rendering@Base 1.4.5 imlib_updates_set_coordinates@Base 1.4.5 pow_lut@Base 1.4.5 pow_lut_initialized@Base 1.4.5 vars@Base 1.4.5 png.so libimlib2 #MINVER# formats@Base 1.4.5 load@Base 1.4.5 save@Base 1.4.5 pnm.so libimlib2 #MINVER# formats@Base 1.4.5 load@Base 1.4.5 save@Base 1.4.5 testfilter.so libimlib2 #MINVER# deinit@Base 1.4.5 exec@Base 1.4.5 init@Base 1.4.5 tga.so libimlib2 #MINVER# formats@Base 1.4.5 load@Base 1.4.5 save@Base 1.4.5 tiff.so libimlib2 #MINVER# formats@Base 1.4.5 load@Base 1.4.5 save@Base 1.4.5 xpm.so libimlib2 #MINVER# formats@Base 1.4.5 load@Base 1.4.5 zlib.so libimlib2 #MINVER# formats@Base 1.4.5 load@Base 1.4.5 debian/docs0000664000000000000000000000002412262757307010052 0ustar AUTHORS README TODO debian/rules0000775000000000000000000000035412262757307010265 0ustar #!/usr/bin/make -f %: dh $@ --with=autoreconf override_dh_auto_configure: dh_auto_configure -- --enable-mmx=no --disable-amd64 override_dh_auto_install: dh_auto_install sed -i "/dependency_libs/ s/'.*'/''/" `find . -name '*.la'` debian/copyright0000664000000000000000000000322412262757307011137 0ustar This package was debianized by Laurence J. Lane on Sat, 28 Oct 2000 17:56:46 -0400. The debian imlib2 source has the upstream debian/ and data/ directories removed. The debian directory is just a complete headache. The data/ directory has shareware and questionably licensed fonts. Downloaded from: http://sourceforge.net/project/showfiles.php?group_id=2 Upstream Author: Carsten Haitzler Copyright: Copyright (C) 2000 Carsten Haitzler and various contributors (see AUTHORS) Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the "Software"), to deal in the Software without restriction, including without limitation the rights to use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of the Software, and to permit persons to whom the Software is furnished to do so, subject to the following conditions: The above copyright notice and this permission notice shall be included in all copies of the Software, its documentation and marketing & publicity materials, and acknowledgment shall be given in the documentation, materials and software packages that this Software was used. THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. debian/libimlib2-dev.doc-base0000664000000000000000000000042312262757307013222 0ustar Document: imlib2 Title: Imlib2 Guide Author: Carsten Haitzler Abstract: This document describes Imlib2 API and provides sample C code. Section: Programming Format: HTML Index: /usr/share/doc/libimlib2-dev/html/index.html Files: /usr/share/doc/libimlib2-dev/html/index.html debian/imlib2-config.10000664000000000000000000000051712262757307011711 0ustar .TH imlib2-config 1 "29 Oct 2000" imlib2-config .SH NAME .HP imlib2-config - imlib2 build information script .SH SYNOPSIS .HP imlib2-config [options] .P .SH DESCRIPTION .HP .I imlib2-config is a script that's used by make and other build enviroments to gather imlib2 information. .HP Run .I imlib2-config for additional information. debian/changelog0000664000000000000000000004472412762065642011067 0ustar imlib2 (1.4.6-2ubuntu0.1) trusty-security; urgency=medium * SECURITY UPDATE: denial of service (divide-by-zero) via drawing a 2x1 ellipse. - debian/patches/debian/patches/04_CVE-2011-5326.patch: ensure denominators are not zero. - CVE-2011-5326 * SECURITY UPDATE: denial of service (segmentation fault) via a GIF image without a colormap. - debian/patches/debian/patches/CVE-2014-9762.patch: return error if no colormap. - CVE-2014-9762 * SECURITY UPDATE: denial of service (divide-by-zero) handling PNM files. - debian/patches/debian/patches/CVE-2014-9763.patch: ensure denominators are not zero. - CVE-2014-9763 * SECURITY UPDATE: denial of service (segmentation fault) handling certain GIF images - debian/patches/debian/patches/CVE-2014-9764.patch: check for NULL. - CVE-2014-9764 * SECURITY UPDATE: integer overflow leading to denial of service - debian/patches/debian/patches/05_CVE-2014-9771.patch: reduce maximum allowed image dimensions. - CVE-2014-9771 * SECURITY UPDATE: denial of service due to out-of-bounds read. - debian/patches/debian/patches/06_CVE-2016-3993.patch: check boundary condition before reading array element. - CVE-2016-3993 * SECURITY UPDATE: out-of-bounds read handling GIFs leading to denial of service or information disclosure. - debian/patches/debian/patches/07_CVE-2016-3994.patch: ensure colormap limits are honored. - CVE-2016-3994 * SECURITY UPDATE: different integer overflow on 32 bit arches leading to a denial of service - debian/patches/debian/patches/08_CVE-2016-4024.patch: reduce allowed dimensions even further. - CVE-2016-4024 -- Steve Beattie Thu, 01 Sep 2016 00:29:09 -0700 imlib2 (1.4.6-2) unstable; urgency=medium * Add 03_fix-imlib-config-libraries.patch to fix imlib2-config --libs output Thanks to Wookey for the patch (Closes: #734425) -- Alessandro Ghedini Tue, 07 Jan 2014 12:02:29 +0100 imlib2 (1.4.6-1) unstable; urgency=medium * New upstream release * Bump Standards-Version to 3.9.5 (no changes needed) * Refresh patches * Update symbols file -- Alessandro Ghedini Fri, 27 Dec 2013 12:35:13 +0100 imlib2 (1.4.5-4) unstable; urgency=low * Fix Vcs-Browser field * Add patch to fix loading gif with no color map (Closes: #697143) Thanks to Samuel Thibault -- Alessandro Ghedini Wed, 20 Nov 2013 16:24:00 +0100 imlib2 (1.4.5-3) unstable; urgency=low * New maintainer (Closes: #722197) * Remove builddir thingy * Cleanup (Build-)Depends * Bump debhelper compat level to 9 (Closes: #722781) * Use dh-autoreconf instead of calling autoreconf manually * Remove installchangelogs override * Bump Standards-Version to 3.9.4 (no changes needed) * Update short/long descriptions (Closes: #642046) * Add Vcs-* fields * Remove useless files * Update *.install files * Do not duplicate Section * Add watch file * Add *.symbols file * Do not override dh_auto_test * Add DEP3 headers to patch * Cleanup *.la cleaning code -- Alessandro Ghedini Sat, 14 Sep 2013 14:52:36 +0200 imlib2 (1.4.5-2) unstable; urgency=low * Orphaned. -- Laurence J. Lane Sun, 08 Sep 2013 18:47:22 -0400 imlib2 (1.4.5-1) unstable; urgency=low * New upstream release * Added harden build flags patch by Moritz Muehlenhoff. Thanks. Closes: #656512 * Build-depend on libpng-dev for libpng15-transition. Reported by Nobuhiro Iwamatsu. Thanks. Closes: #662377 * New release builds with libpng 1.5. FTBFS reported by Nobuhiro Iwamatsu. Thanks. Closes: #635947 -- Laurence J. Lane Fri, 27 Apr 2012 13:41:49 -0400 imlib2 (1.4.4-1.1) unstable; urgency=low * Non-maintainer upload. * Add build-arch and build-indep targets to BUILD_DIR_TARGETS (closes: #666318). Thanks to Lucas Nussbaum for the bug report. -- Jakub Wilk Sun, 22 Apr 2012 15:11:07 +0200 imlib2 (1.4.4-1) unstable; urgency=low * New upstream release * fixed FTBFS. 1.4.2-8ubuntu1 patch by Matthias Klose. Thanks. Closes: #554867 * 1.4.2-8ubuntu2 patch by Steve Langasek. Thanks. + removed dependency_libs from .la files. Closes: #619689 + use dh overrides for debian/rules -- Laurence J. Lane Sat, 02 Apr 2011 21:17:51 -0400 imlib2 (1.4.2-8) unstable; urgency=low * 1.4.2-7 was the wrong upload, sorry * changed all libjpeg build dependencies to libjpeg-dev -- Laurence J. Lane Sun, 14 Feb 2010 05:29:48 -0500 imlib2 (1.4.2-7) unstable; urgency=low * reverted to libjpeg62-dev. Closes: #569743 * removed tiff support until conflict with libjpeg62 is resolved * removed quilt build dependency -- Laurence J. Lane Sat, 13 Feb 2010 19:47:18 -0500 imlib2 (1.4.2-6) unstable; urgency=low * move to libjpeg8-dev because of conflicts * switch to dpkg-source 3.0 (quilt) format -- Laurence J. Lane Fri, 12 Feb 2010 19:25:30 -0500 imlib2 (1.4.2-5) unstable; urgency=low * renamed debian/patches to debian/patch to avoid 3.0-quilt-by-default bug reports. Closes: #538607 * bumped Standards Version to 3.8.2 -- Laurence J. Lane Tue, 28 Jul 2009 09:18:02 -0400 imlib2 (1.4.2-4) unstable; urgency=low * debian/rules again, force binary* dependency on install target -- Laurence J. Lane Tue, 13 Jan 2009 16:25:23 -0500 imlib2 (1.4.2-3) unstable; urgency=low * fixed debian/rules build and install stamps. Problem reported by Alessio Treglia. Thanks. See #511714 -- Laurence J. Lane Tue, 13 Jan 2009 15:09:40 -0500 imlib2 (1.4.2-2) unstable; urgency=low * added debian/builddir.mk support * added missing changelog entries for 1.4.0-1.1 and 1.4.0-1.2. Thanks for the NMUs nion and tv. * added missing security NMU patch from 1.4.0-1.2. -- Laurence J. Lane Mon, 12 Jan 2009 12:28:01 -0500 imlib2 (1.4.2-1) unstable; urgency=low * New upstream version * moved from cdbs to debhelper's dh * added quilt style patch management -- Laurence J. Lane Fri, 02 Jan 2009 21:03:17 -0500 imlib2 (1.4.0-1.2) unstable; urgency=high * Non-maintainer upload. * Fix crash in XPM loader. Bug and test case by Julien Danjou, patch by Peter De Wachter, thanks! Closes: #505714 aka CVE-2008-5187 * Change libungif4-dev to libgif-dev in (Build-)Depends. * Fix doc-base section to drop Apps/. -- Thomas Viehmann Sat, 22 Nov 2008 10:45:27 +0100 imlib2 (1.4.0-1.1) unstable; urgency=high * Non-maintainer upload by the Security Team. * Fix stack-based buffer overflow in pnm and xpm image loader modules leading to arbitrary code execution (CVE-2008-2426; Closes: #483816). -- Nico Golde Sat, 31 May 2008 14:14:50 +0200 imlib2 (1.4.0-1) unstable; urgency=low * New upstream version * Removed extraneous libs from 'imlib2-config --libs' output. Reported and fixed by Eric Dorland. Thanks. closes: #452449 -- Laurence J. Lane Sat, 24 Nov 2007 13:34:50 -0500 imlib2 (1.3.0.0debian1-4) unstable; urgency=high * debian/rules: disable amd64 optimzations. closes: #397012 -- Laurence J. Lane Wed, 8 Nov 2006 23:19:16 -0500 imlib2 (1.3.0.0debian1-3) unstable; urgency=high * fixes non-loading of TIFF on amd64. Reported and fixed by M Joonas Pihlaja. Thanks. Merged upstream. closes: #381177 * fixes alpha handling inconsistency with TIFF. Reported and fixed by M Joonas Pihlaja. Thanks. Merged upstream. closes: #381213 * fixes segfault when saving TIFF with alpha. Reported and fixed by M Joonas Pihlaja. Thanks. Merged upstream. closes: #381216 (again) * fixes multiple buffer overflow vulnerabilites in width and height checks in src/modules/loaders/*.c. CVE-2006-480[6-9]. Fixed in upstream CVS. Reported by Stefan Fritsch. Thanks. closes: #397371 * build-depend on debhelper 5 -- Laurence J. Lane Mon, 6 Nov 2006 20:42:17 -0500 imlib2 (1.3.0.0debian1-2) unstable; urgency=low * imlib2.pc.in, removed Requires line, deja vu, Bug#286636 * take two on removing the duplicate Architecture line -- Laurence J. Lane Wed, 25 Oct 2006 21:01:57 -0400 imlib2 (1.3.0.0debian1-1) unstable; urgency=low * New upstream release * bumped Standards version to 3.7.2, no changes * removed unusused data/ dir from upstream tarball. Fixes non-free font issue reported by Sam Hocevar. Thanks. closes: #393743 * debian/control: removed duplicate "Architecture: any" line reported by Stefan Huehner. Thanks. closes: #356902 * upstream fix for tiff with alpha segfault, reported by M Joonas Pihlaja. Thanks. closes: #381216 -- Laurence J. Lane Mon, 23 Oct 2006 23:42:43 -0400 imlib2 (1.2.1-2) unstable; urgency=low * src/lib/rend.c: upstream CVS patch fixes crash in digikam. Reported by EikeSauer@t-online.de. Thanks. Closes: #318013 -- Laurence J. Lane Wed, 24 Aug 2005 19:24:35 -0400 imlib2 (1.2.1-1) unstable; urgency=low * New upstream release -- Laurence J. Lane Sat, 20 Aug 2005 00:49:55 -0400 imlib2 (1.2.0-2.2) unstable; urgency=high * Non-maintainer upload. * High-urgency upload for sarge-targetted RC bugfix. * Drop the Requires: line from imlib2.pc.in, since there's nothing in the current code that will populate it with a proper pkg-config dependency list. Closes: #286636. -- Steve Langasek Fri, 25 Mar 2005 01:37:23 -0800 imlib2 (1.2.0-2.1) unstable; urgency=low * Non-maintainer upload. * Rip out upstream's buggy homebrew X detection code, which silently disables X support (and breaks the library ABI) if it doesn't find X headers in the right place; now fails out properly unless passing --without-x to configure. Closes: #295350. -- Steve Langasek Sun, 27 Feb 2005 13:41:05 -0800 imlib2 (1.2.0-2) unstable; urgency=high * provoke buildds -- Laurence J. Lane Mon, 21 Feb 2005 14:48:17 -0500 imlib2 (1.2.0-1.1) unstable; urgency=high * Non-maintainer upload. * High-urgency upload for sarge-targetted RC bugfix * Fix regression in the linkage of the loader modules which resulted in undefined symbols, making libimlib2 unusable when being dlopen()ed by an application; thanks to Don Armstrong for the patch. Closes: #293815. -- Steve Langasek Sat, 12 Feb 2005 15:19:12 -0800 imlib2 (1.2.0-1) unstable; urgency=low * New upstream version -- Laurence J. Lane Sat, 29 Jan 2005 11:39:44 -0500 imlib2 (1.1.2-3) unstable; urgency=medium * added tiff loader patch from Renchi Raju for Bug#285582, reported by Nick Phillips. Thanks. -- Laurence J. Lane Fri, 7 Jan 2005 22:14:24 -0500 imlib2 (1.1.2-2.1) unstable; urgency=HIGH * NMU with the following changes taken from the Ubuntu patch by Martin Pitt Closes: #284925 * SECURITY UPDATE: fix several buffer overflows * loaders/loader_bmp.c: check for negative image width/height * loaders/loader_xpm.c: - check for negative image attributes - check the length of the "col" buffer to avoid overflowing it - patch taken from upstream CVS * References: CAN-2004-1025 CAN-2004-1026 -- Joey Hess Thu, 6 Jan 2005 16:29:53 -0500 imlib2 (1.1.2-2) unstable; urgency=low * added libltdl3-dev Build-Depend for libimlib2-dev. See Bug#287188, reported by Kurt Roeckx. Thanks. * replaced libimlib2-dev's libpng3-dev Build-Depend with libpng12-dev for libimlib2-dev. See Bug#282743, reported by Tuomas Jormola. Thanks. -- Laurence J. Lane Sun, 26 Dec 2004 22:08:23 -0500 imlib2 (1.1.2-1) unstable; urgency=low * New upstream release * debian/control: added libltdl3-dev and libbz2-dev to Build-Depends * debian/*.install: adjust paths from loaders/ to imlib2_loaders/ -- Laurence J. Lane Sun, 28 Nov 2004 14:47:27 -0500 imlib2 (1.1.0-12.4) unstable; urgency=high * Non-Maintainer Upload. * Fix remote BMP heap overflow, patch from Martin Pitt. (Closes: #271375) -- Steinar H. Gunderson Sun, 19 Sep 2004 00:39:15 +0200 imlib2 (1.1.0-12.3) unstable; urgency=medium * NMU * Fix FTBFS introduced by stripping build-depends in last uploads. Use AC_PATH_X([X11],[X11/Xlib.h],[XrmInitialize()] instead of plain AC_PATH_X because libX11 is used by the package, while the default for AC_PATH_X (libXt) is not. (Closes: #263827) (Thanks to J.H.M. Dassen.) -- Andreas Metzler Sat, 7 Aug 2004 09:18:44 +0200 imlib2 (1.1.0-12.2) unstable; urgency=low * NMU to incorporate Samuel Hocevar's changes. * src/rgbadraw.c: patch from Andreas Jochens to fix FTBFS with GCC 3.4 (closes: #258971). * doc/index.html: fixed the prototype of imlib_polygon_new() (closes: #174622). * debian/control: + Standards-version is 3.6.1.1. + (Build-)depend on libx11-dev, libxext-dev instead of xlibs-dev. + Uncapitalize short description. -- Josselin Mouette Wed, 4 Aug 2004 15:45:05 +0200 imlib2 (1.1.0-12.1) unstable; urgency=medium * NMU * Rebuild against libtiff4 (closes: #262158). * configure.ac: use AM_MAINTAINER_MODE to avoid build failure. * run libtoolize -c -f; aclocal-1.7; automake-1.7 -acf; autoheader; autoconf; rm -rf autom4te.cache. * debian/rules: clean test, demo and libltdl subdirectories. -- Josselin Mouette Wed, 4 Aug 2004 13:39:07 +0200 imlib2 (1.1.0-12) unstable; urgency=low * shooting rubberbands at the arm buildd -- Laurence J. Lane Wed, 17 Mar 2004 19:05:27 -0500 imlib2 (1.1.0-11) unstable; urgency=low * removed @x_includes@ from imlib2.pc.in. Corrects a problem with pkgconfig output, reported by Rob Weir. Thanks. * disavow existence of -9 and -10 uploads -- Laurence J. Lane Sun, 8 Feb 2004 10:58:20 -0500 imlib2 (1.1.0-8) unstable; urgency=low * Closes: #218433, libimlib2-dev: cannot create dhelp file, reported by Jan Niehusmann. Thanks. * removed Depends: libedb1-dev -- Laurence J. Lane Fri, 31 Oct 2003 08:44:23 -0500 imlib2 (1.1.0-7) unstable; urgency=low * Closes: #218246, libimlib2-dev: Should replaces libimlib2, reported by Christian Marillat. Thanks. -- Laurence J. Lane Wed, 29 Oct 2003 21:20:03 -0500 imlib2 (1.1.0-6) unstable; urgency=low * converted to CDBS * src/Makefile*: added -lm to LDFLAGS * moved imlib2.pc to the -dev package * removed debian/compat and debian/docs * updated to Standards-Version: 3.6.1.0 * removed Build-Depends: libedb1-dev -- Laurence J. Lane Tue, 28 Oct 2003 18:08:29 -0500 imlib2 (1.1.0-5) unstable; urgency=low * another freetype2-dev to libfreetype6-dev change -- Laurence J. Lane Sat, 20 Sep 2003 09:26:43 -0400 imlib2 (1.1.0-4) unstable; urgency=low * update configure scripts -- Laurence J. Lane Thu, 11 Sep 2003 19:09:45 -0400 imlib2 (1.1.0-3) unstable; urgency=low * change freetype build dependency to libfreetype6-dev -- Laurence J. Lane Wed, 10 Sep 2003 10:35:06 -0400 imlib2 (1.1.0-2) unstable; urgency=low * change -dev to section libdevel -- Laurence J. Lane Wed, 10 Sep 2003 05:58:27 -0400 imlib2 (1.1.0-1) unstable; urgency=low * New upstream release * update libimlib2-dev description * change libpng3-dev dependency to libpng12-dev * return to non-native packaging -- Laurence J. Lane Tue, 9 Sep 2003 22:22:43 -0400 imlib2 (1.0.6-3) unstable; urgency=low * added CVS dynamic_filters.c patch, fixes MotionNotify segfault in feh -- Laurence J. Lane Sun, 23 Feb 2003 17:22:10 -0500 imlib2 (1.0.6-2) unstable; urgency=low * update to libpng3 -- Laurence J. Lane Wed, 15 Jan 2003 01:00:51 -0500 imlib2 (1.0.6-1) unstable; urgency=low * New upstream release * updated to debhelper 4 and Standards Version 3.5.8.0 * removed alternate giflib dependencies -- Laurence J. Lane Mon, 6 Jan 2003 09:11:32 +0000 imlib2 (1.0.5-2) unstable; urgency=low * config.{guess,sub} update, closes: #130381 -- Laurence J. Lane Tue, 22 Jan 2002 12:18:14 -0500 imlib2 (1.0.5-1) unstable; urgency=low * New upstream release * missing loaders problem corrected, closes: #129877 -- Laurence J. Lane Sun, 20 Jan 2002 17:48:45 -0500 imlib2 (1.0.5-0pre2002011602) unstable; urgency=low * automake -a -c, closes: #129799 -- Laurence J. Lane Fri, 18 Jan 2002 09:55:48 -0500 imlib2 (1.0.5-0pre2002011601) unstable; urgency=high * static buffer clean-up, closes: #129603 (BUGTRAQ 2002-01-13 "Eterm SGID utmp Buffer Overflow") -- Laurence J. Lane Wed, 16 Jan 2002 23:29:20 -0500 imlib2 (1.0.4-1) unstable; urgency=low * New upstream release * debian/rules: minor rewrite * debian/control: updated Standards-Version to 3.5.6.0 * debian/changelog; removed emacs mode settings -- Laurence J. Lane Thu, 8 Nov 2001 18:37:37 -0500 imlib2 (1.0.3-2) unstable; urgency=low * replaced config.sub, Closes: #96664 * added conditional CFLAGS for DEB_BUILD_OPTIONS -- Laurence J. Lane Mon, 7 May 2001 13:35:01 -0400 imlib2 (1.0.3-1) unstable; urgency=low * New upstream release * changed *gif-dev order, Closes: #90724 * changed freetype2-dev to libttf-dev, Closes: #94944 * upgraded standards version to 3.5.4.0 * removed dh_testversion from debian/rules * added local lintian override for plug-ins -- Laurence J. Lane Wed, 2 May 2001 09:55:55 -0400 imlib2 (1.0.2-1) unstable; urgency=low * New upstream release -- Laurence J. Lane Sat, 3 Mar 2001 22:22:28 -0500 imlib2 (1.0.1-1) unstable; urgency=low * New upstream release -- Laurence J. Lane Sat, 27 Jan 2001 13:08:15 -0500 imlib2 (1.0.0-2) unstable; urgency=low * loaders and filters (.so files) go in the main package, not -dev -- Laurence J. Lane Thu, 9 Nov 2000 14:31:33 -0500 imlib2 (1.0.0-1) unstable; urgency=low * Initial release -- Laurence J. Lane Sat, 28 Oct 2000 17:59:14 -0400 debian/control0000664000000000000000000000341712762063100010575 0ustar Source: imlib2 Section: libs Priority: optional Maintainer: Ubuntu Developers XSBC-Original-Maintainer: Alessandro Ghedini Build-Depends: debhelper (>= 9), dh-autoreconf, libbz2-dev, libfreetype6-dev, libgif-dev, libid3tag0-dev, libjpeg-dev, libltdl3-dev, libpng-dev, libtiff-dev, libx11-dev, libxext-dev, zlib1g-dev Standards-Version: 3.9.5 Vcs-Browser: http://anonscm.debian.org/gitweb/?p=collab-maint/imlib2.git Vcs-Git: git://anonscm.debian.org/collab-maint/imlib2.git Package: libimlib2 Architecture: any Depends: ${shlibs:Depends}, ${misc:Depends} Description: image loading, rendering, saving library Imlib2 is a library that does image file loading and saving as well as rendering, manipulation, arbitrary polygon support, etc. . It does ALL of these operations FAST. Imlib2 also tries to be highly intelligent about doing them, so writing naive programs can be done easily, without sacrificing speed. Package: libimlib2-dev Architecture: any Section: libdevel Replaces: libimlib2 Depends: libimlib2 (=${binary:Version}), ${misc:Depends}, libbz2-dev, libfreetype6-dev, libgif-dev, libid3tag0-dev, libjpeg-dev, libltdl3-dev, libpng-dev, libtiff-dev, libx11-dev, libxext-dev, zlib1g-dev Description: image loading, rendering, saving library (development files) Imlib2 is a library that does image file loading and saving as well as rendering, manipulation, arbitrary polygon support, etc. . It does ALL of these operations FAST. Imlib2 also tries to be highly intelligent about doing them, so writing naive programs can be done easily, without sacrificing speed. . This package provides the development files (ie. includes, static library, manual pages) that allow to build software which uses imlib2. debian/patches/0000775000000000000000000000000012762063247010630 5ustar debian/patches/06_CVE-2016-3993.patch0000664000000000000000000000170012761753226013566 0ustar From ce94edca1ccfbe314cb7cd9453433fad404ec7ef Mon Sep 17 00:00:00 2001 From: Kim Woelders Date: Wed, 6 Apr 2016 02:35:43 +0200 Subject: Fix off-by-one OOB read in __imlib_MergeUpdate(). Patch by Yuriy M. Kaminskiy. https://bugs.debian.org/819818 --- src/lib/updates.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/lib/updates.c b/src/lib/updates.c index 8167284..2f55fe7 100644 --- a/src/lib/updates.c +++ b/src/lib/updates.c @@ -112,7 +112,7 @@ __imlib_MergeUpdate(ImlibUpdate * u, int w, int h, int hgapmax) int xx, yy, ww, hh, ok; for (xx = x + 1, ww = 1; - (T(xx, y).used & T_USED) && (xx < tw); xx++, ww++); + (xx < tw) && (T(xx, y).used & T_USED); xx++, ww++); for (yy = y + 1, hh = 1, ok = 1; (yy < th) && (ok); yy++, hh++) { -- cgit v0.12 debian/patches/02_fix-gif-with-no-cmap.patch0000664000000000000000000000226412262757307016012 0ustar Description: Do not segfault when loading gif without color map Origin: vendor Bug-Debian: http://bugs.debian.org/697143 Forwarded: no Author: Samuel Thibault Reviewed-by: Alessandro Ghedini Last-Update: 2013-10-06 --- a/src/modules/loaders/loader_gif.c +++ b/src/modules/loaders/loader_gif.c @@ -162,10 +162,17 @@ { if (rows[i][j] == transp) { - r = cmap->Colors[bg].Red; - g = cmap->Colors[bg].Green; - b = cmap->Colors[bg].Blue; - *ptr++ = 0x00ffffff & ((r << 16) | (g << 8) | b); + if (cmap) + { + r = cmap->Colors[bg].Red; + g = cmap->Colors[bg].Green; + b = cmap->Colors[bg].Blue; + *ptr++ = 0x00ffffff & ((r << 16) | (g << 8) | b); + } + else + { + *ptr++ = 0; + } } else { debian/patches/CVE-2014-9764.patch0000664000000000000000000000212712761751052013260 0ustar From 1f9b0b32728803a1578e658cd0955df773e34f49 Mon Sep 17 00:00:00 2001 From: Fabian Keil Date: Wed, 3 Dec 2014 13:00:15 +0100 Subject: Fix segfault when opening input/queue/id:000007,src:000000,op:flip1,pos:51 with feh Rebased for 1.4.6 and earlier by: From: Markus Koschany Date: Mon, 21 Mar 2016 22:41:45 +0100 Subject: CVE-2014-9764 --- src/modules/loaders/loader_gif.c | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/src/modules/loaders/loader_gif.c b/src/modules/loaders/loader_gif.c index c6356ca..23dfcca 100644 --- a/src/modules/loaders/loader_gif.c +++ b/src/modules/loaders/loader_gif.c @@ -132,6 +132,12 @@ load(ImlibImage * im, ImlibProgressFunction progress, char progress_granularity, { UNSET_FLAG(im->flags, F_HAS_ALPHA); } + if (!rows) + { + DGifCloseFile(gif); + return 0; + } + /* set the format string member to the lower-case full extension */ /* name for the format - so example names would be: */ /* "png", "jpeg", "tiff", "ppm", "pgm", "pbm", "gif", "xpm" ... */ -- cgit v0.12 debian/patches/03_fix-imlib-config-libraries.patch0000664000000000000000000000114012262757307017246 0ustar Description: Provide valid library flags in imlib2-config script Nothing in the build substitutes @my_libs@, so having it here just produces an invalid response to /usr/bin/imlib2-config --libs. Origin: vendor Bug-Debian: http://bugs.debian.org/734425 Forwarded: no Author: Wookey Reviewed-by: Alessandro Ghedini Last-Update: 2014-01-06 --- a/imlib2-config.in +++ b/imlib2-config.in @@ -46,7 +46,7 @@ ;; --libs) libdirs=-L@libdir@ - echo $libdirs -lImlib2 @my_libs@ + echo $libdirs -lImlib2 ;; *) echo "${usage}" 1>&2 debian/patches/series0000664000000000000000000000041312761754253012046 0ustar 01_removed-data-dir.patch 02_fix-gif-with-no-cmap.patch 03_fix-imlib-config-libraries.patch CVE-2014-9762.patch CVE-2014-9763.patch CVE-2014-9764.patch 04_CVE-2011-5326.patch 05_CVE-2014-9771.patch 06_CVE-2016-3993.patch 07_CVE-2016-3994.patch 08_CVE-2016-4024.patch debian/patches/08_CVE-2016-4024.patch0000664000000000000000000000313712761754253013561 0ustar From 7eba2e4c8ac0e20838947f10f29d0efe1add8227 Mon Sep 17 00:00:00 2001 From: "Yuriy M. Kaminskiy" Date: Wed, 6 Apr 2016 03:34:01 +0300 Subject: Fix integer overflow resulting in insufficient heap allocation IMAGE_DIMENSIONS_OK ensures that image width and height are less then 46340, so that maximum number of pixels is ~2**31. Unfortunately, there are a lot of code that allocates image data with something like malloc(w * h * sizeof(DATA32)); Obviously, on 32-bit machines this results in integer overflow, insufficient heap allocation, with [massive] out-of-bounds heap overwrite. Either X_MAX should be reduced to 32767, or (w)*(h) should be checked to not exceed ULONG_MAX/sizeof(DATA32). Security implications: *) for 32-bit machines: insufficient heap allocation and heap overwrite in many image loaders, with escalation potential to remote code execution; *) for 64-bit machines: it seems, no impact. --- src/lib/image.h | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/src/lib/image.h b/src/lib/image.h index e9eb678..5fae6ed 100644 --- a/src/lib/image.h +++ b/src/lib/image.h @@ -188,7 +188,8 @@ void __imlib_SaveImage(ImlibImage * im, const char *file, /* The maximum pixmap dimension is 65535. */ /* However, for now, use 46340 (46340^2 < 2^31) to avoid buffer overflow issues. */ -# define X_MAX_DIM 46340 +/* Reduced further to 32767, so that (w * h * sizeof(DATA32)) won't exceed ULONG_MAX */ +# define X_MAX_DIM 32767 # define IMAGE_DIMENSIONS_OK(w, h) \ ( ((w) > 0) && ((h) > 0) && ((w) < X_MAX_DIM) && ((h) < X_MAX_DIM) ) -- cgit v0.12 debian/patches/04_CVE-2011-5326.patch0000664000000000000000000000557312761751151013556 0ustar From c94d83ccab15d5ef02f88d42dce38ed3f0892882 Mon Sep 17 00:00:00 2001 From: Kim Woelders Date: Wed, 6 Apr 2016 17:42:17 +0200 Subject: Fix potential divide-by-zero in imlib_image_draw_ellipse(). Attempting to draw a 2x1 ellipse with e.g. imlib_image_draw_ellipse(x, y, 2, 1) causes a divide-by-zero. It seems happy enough to draw 1x1, 1x2 and 2x2, but not 2x1. Patch by Simon Lees. https://bugs.debian.org/639414 --- src/lib/ellipse.c | 24 ++++++++++++++++++++++++ 1 file changed, 24 insertions(+) diff --git a/src/lib/ellipse.c b/src/lib/ellipse.c index cd90268..ddb410b 100644 --- a/src/lib/ellipse.c +++ b/src/lib/ellipse.c @@ -71,6 +71,9 @@ __imlib_Ellipse_DrawToData(int xc, int yc, int a, int b, DATA32 color, if (IN_RANGE(rx, by, clw, clh)) pfunc(color, bp + len); + if (dx < 1) + dx = 1; + dy += b2; yy -= ((dy << 16) / dx); lx--; @@ -123,6 +126,9 @@ __imlib_Ellipse_DrawToData(int xc, int yc, int a, int b, DATA32 color, if (IN_RANGE(rx, by, clw, clh)) pfunc(color, bp + len); + if (dy < 1) + dy = 1; + dx -= a2; xx += ((dx << 16) / dy); ty++; @@ -222,6 +228,9 @@ __imlib_Ellipse_DrawToData_AA(int xc, int yc, int a, int b, DATA32 color, if (IN_RANGE(rx, by, clw, clh)) pfunc(col1, bp + len); + if (dx < 1) + dx = 1; + dy += b2; yy -= ((dy << 16) / dx); lx--; @@ -295,6 +304,9 @@ __imlib_Ellipse_DrawToData_AA(int xc, int yc, int a, int b, DATA32 color, if (IN_RANGE(rx, by, clw, clh)) pfunc(col1, bp + len); + if (dy < 1) + dy = 1; + dx -= a2; xx += ((dx << 16) / dy); ty++; @@ -395,6 +407,9 @@ __imlib_Ellipse_FillToData(int xc, int yc, int a, int b, DATA32 color, if (IN_RANGE(rx, by, clw, clh)) pfunc(color, bp + len); + if (dx < 1) + dx = 1; + dy += b2; yy -= ((dy << 16) / dx); lx--; @@ -453,6 +468,9 @@ __imlib_Ellipse_FillToData(int xc, int yc, int a, int b, DATA32 color, if (((unsigned)by < (unsigned)clh) && (len > 0)) sfunc(color, bpp, len); + if (dy < 1) + dy = 1; + dx -= a2; xx += ((dx << 16) / dy); ty++; @@ -556,6 +574,9 @@ __imlib_Ellipse_FillToData_AA(int xc, int yc, int a, int b, DATA32 color, if (IN_RANGE(rx, by, clw, clh)) pfunc(col1, bp + len); + if (dx < 1) + dx = 1; + dy += b2; yy -= ((dy << 16) / dx); lx--; @@ -629,6 +650,9 @@ __imlib_Ellipse_FillToData_AA(int xc, int yc, int a, int b, DATA32 color, if (IN_RANGE(rx, by, clw, clh)) pfunc(col1, bp + len); + if (dy < 1) + dy = 1; + dx -= a2; xx += ((dx << 16) / dy); ty++; -- cgit v0.12 debian/patches/01_removed-data-dir.patch0000664000000000000000000000122112262757307015273 0ustar Description: Do not install files under data/ Origin: vendor Author: Laurence J. Lane Reviewed-by: Alessandro Ghedini Last-Update: 2013-09-14 --- a/Makefile.am +++ b/Makefile.am @@ -2,7 +2,7 @@ ACLOCAL_AMFLAGS = -I m4 -SUBDIRS = src data doc +SUBDIRS = src doc MAINTAINERCLEANFILES = aclocal.m4 config.guess config.h.in \ config.sub configure depcomp install-sh \ --- a/configure.ac +++ b/configure.ac @@ -412,9 +412,6 @@ src/modules/Makefile src/modules/filters/Makefile src/modules/loaders/Makefile -data/Makefile -data/fonts/Makefile -data/images/Makefile doc/Makefile imlib2-config README debian/patches/CVE-2014-9763.patch0000664000000000000000000000406012761750503013255 0ustar From c21beaf1780cf3ca291735ae7d58a3dde63277a2 Mon Sep 17 00:00:00 2001 From: Fabian Keil Date: Tue, 2 Dec 2014 15:08:04 +0100 Subject: Prevent division-by-zero crashes --- src/modules/loaders/loader_pnm.c | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/src/modules/loaders/loader_pnm.c b/src/modules/loaders/loader_pnm.c index 173e127..daf67df 100644 --- a/src/modules/loaders/loader_pnm.c +++ b/src/modules/loaders/loader_pnm.c @@ -229,7 +229,7 @@ load(ImlibImage * im, ImlibProgressFunction progress, } } iptr = idata; - if (v == 255) + if (v == 0 || v == 255) { for (x = 0; x < w; x++) { @@ -303,7 +303,7 @@ load(ImlibImage * im, ImlibProgressFunction progress, } } iptr = idata; - if (v == 255) + if (v == 0 || v == 255) { for (x = 0; x < w; x++) { @@ -376,7 +376,7 @@ load(ImlibImage * im, ImlibProgressFunction progress, break; ptr = data; - if (v == 255) + if (v == 0 || v == 255) { for (x = 0; x < w; x++) { @@ -418,7 +418,7 @@ load(ImlibImage * im, ImlibProgressFunction progress, break; ptr = data; - if (v == 255) + if (v == 0 || v == 255) { for (x = 0; x < w; x++) { @@ -493,7 +493,7 @@ load(ImlibImage * im, ImlibProgressFunction progress, break; ptr = data; - if (v == 255) + if (v == 0 || v == 255) { for (x = 0; x < w; x++) { -- cgit v0.12 debian/patches/CVE-2014-9762.patch0000664000000000000000000000252012761750436013260 0ustar From 39641e74a560982fbf93f29bf96b37d27803cb56 Mon Sep 17 00:00:00 2001 From: Kim Woelders Date: Tue, 31 Dec 2013 17:50:18 +0100 Subject: GIF loader: Fix segv on images without colormap. Not sure what is the proper way to handle this. For now we just fill the image with zeros. Rebased for imlib2 1.4.6 by: From: Markus Koschany Date: Mon, 21 Mar 2016 22:40:04 +0100 Subject: CVE-2014-9762 --- src/modules/loaders/loader_gif.c | 9 +++++++++ 1 file changed, 9 insertions(+) diff --git a/src/modules/loaders/loader_gif.c b/src/modules/loaders/loader_gif.c index 45ff0b9..ff78d22 100644 --- a/src/modules/loaders/loader_gif.c +++ b/src/modules/loaders/loader_gif.c @@ -154,6 +154,19 @@ load(ImlibImage * im, ImlibProgressFunction progress, char progress_granularity, free(rows); return 0; } + if (!cmap) + { + /* No colormap? Now what?? Let's clear the image (and not segv) */ + memset(im->data, 0, sizeof(DATA32) * w * h); + DGifCloseFile(gif); + for (i = 0; i < h; i++) + { + free(rows[i]); + } + free(rows); + return 1; + } + ptr = im->data; per_inc = 100.0 / (((float)w) * h); for (i = 0; i < h; i++) debian/patches/05_CVE-2014-9771.patch0000664000000000000000000000553512761752155013575 0ustar From 143f2993d7ccb73b26bb83abac6fa86f443981f9 Mon Sep 17 00:00:00 2001 From: Fabian Keil Date: Wed, 3 Dec 2014 15:00:48 +0100 Subject: Make IMAGE_DIMENSIONS_OK() more restrictive Prevents invalid reads and unreasonably large memory allocations with input/queue/id:000210,src:000114,op:int32,pos:3,val:be:+32,+cov: ==20321== Invalid read of size 1 ==20321== at 0x1FCDB16: __imlib_ScaleAARGB (scale.c:1043) ==20321== by 0x1F9BF81: __imlib_RenderImage (rend.c:409) ==20321== by 0x1F0F82C: imlib_render_image_part_on_drawable_at_size (api.c:1886) ==20321== by 0x40CD75: gib_imlib_render_image_part_on_drawable_at_size (gib_imlib.c:231) ==20321== by 0x42C732: winwidget_render_image (winwidget.c:576) ==20321== by 0x417ACA: feh_event_handle_keypress (keyevents.c:598) ==20321== by 0x4190DE: feh_main_iteration (main.c:119) ==20321== by 0x418F45: main (main.c:82) ==20321== Address 0x3a12e034 is 12 bytes before a block of size 1,965,846,976 alloc'd ==20321== at 0x103D293: malloc (in /usr/local/lib/valgrind/vgpreload_memcheck-amd64-freebsd.so) ==20321== by 0x5B3D1F1: load (loader_pnm.c:149) ==20321== by 0x1F7D70F: __imlib_LoadImage (image.c:1041) ==20321== by 0x1F090E4: imlib_load_image_with_error_return (api.c:1299) ==20321== by 0x40F47B: feh_load_image (imlib.c:252) ==20321== by 0x42CA0E: winwidget_loadimage (winwidget.c:753) ==20321== by 0x42C918: winwidget_create_from_file (winwidget.c:126) ==20321== by 0x421869: init_slideshow_mode (slideshow.c:62) ==20321== by 0x418F13: main (main.c:78) Reformatted for 1.4.6 and earlier by Alessandro Ghedini --- src/lib/image.h | 7 +++++-- src/lib/rend.c | 4 ---- 2 files changed, 5 insertions(+), 6 deletions(-) diff --git a/src/lib/image.h b/src/lib/image.h index da82576..0175e94 100644 --- a/src/lib/image.h +++ b/src/lib/image.h @@ -184,8 +184,11 @@ __hidden void __imlib_SaveImage(ImlibImage *im, const char *file, # define SET_FLAG(flags, f) ((flags) |= (f)) # define UNSET_FLAG(flags, f) ((flags) &= (~f)) +/* The maximum pixmap dimension is 65535. */ +/* However, for now, use 46340 (46340^2 < 2^31) to avoid buffer overflow issues. */ +# define X_MAX_DIM 46340 + # define IMAGE_DIMENSIONS_OK(w, h) \ - ( ((w) > 0) && ((h) > 0) && \ - ((unsigned long long)(w) * (unsigned long long)(h) <= (1ULL << 29) - 1) ) + ( ((w) > 0) && ((h) > 0) && ((w) < X_MAX_DIM) && ((h) < X_MAX_DIM) ) #endif diff --git a/src/lib/rend.c b/src/lib/rend.c index 2d7934b..44be783 100644 --- a/src/lib/rend.c +++ b/src/lib/rend.c @@ -16,10 +16,6 @@ #include "rend.h" #include "rotate.h" -/* The maximum pixmap dimension is 65535. */ -/* However, for now, use 46340 (46340^2 < 2^31) to avoid buffer overflow issues. */ -#define X_MAX_DIM 46340 - /* size of the lines per segment we scale / render at a time */ #define LINESIZE 16 -- cgit v0.12 debian/patches/07_CVE-2016-3994.patch0000664000000000000000000000613612761754040013573 0ustar From 37a96801663b7b4cd3fbe56cc0eb8b6a17e766a8 Mon Sep 17 00:00:00 2001 From: Kim Woelders Date: Sun, 3 Apr 2016 19:40:25 +0200 Subject: GIF loader: Fix out-of-bound reads from colormap. Bug-Debian: http://bugs.debian.org/785369 Note: removes all special-casing from the inner loop, optimize for common case. Author: Yuriy M. Kaminskiy Reported-By: Jakub Wilk Thanks to Bernhard U:belacker for analysis. Rebased for 1.4.6 by Alessandro Ghedini --- src/modules/loaders/loader_gif.c | 38 +++++++++++++++++--------------------- 1 file changed, 17 insertions(+), 21 deletions(-) Index: b/src/modules/loaders/loader_gif.c =================================================================== --- a/src/modules/loaders/loader_gif.c +++ b/src/modules/loaders/loader_gif.c @@ -151,8 +151,24 @@ load(ImlibImage * im, ImlibProgressFunct im->format = strdup("gif"); if (im->loader || immediate_load || progress) { + DATA32 colormap[256]; + bg = gif->SBackGroundColor; cmap = (gif->Image.ColorMap ? gif->Image.ColorMap : gif->SColorMap); + memset (colormap, 0, sizeof(colormap)); + if (cmap != NULL) + { + for (i = cmap->ColorCount > 256 ? 256 : cmap->ColorCount; i-- > 0;) + { + r = cmap->Colors[i].Red; + g = cmap->Colors[i].Green; + b = cmap->Colors[i].Blue; + colormap[i] = (0xff << 24) | (r << 16) | (g << 8) | b; + } + /* if bg > cmap->ColorCount, it is transparent black already */ + if (transp >= 0 && transp < 256) + colormap[transp] = bg >= 0 && bg < 256 ? colormap[bg] & 0x00ffffff : 0x00000000; + } im->data = (DATA32 *) malloc(sizeof(DATA32) * w * h); if (!im->data) { @@ -179,27 +195,7 @@ load(ImlibImage * im, ImlibProgressFunct { for (j = 0; j < w; j++) { - if (rows[i][j] == transp) - { - if (cmap) - { - r = cmap->Colors[bg].Red; - g = cmap->Colors[bg].Green; - b = cmap->Colors[bg].Blue; - *ptr++ = 0x00ffffff & ((r << 16) | (g << 8) | b); - } - else - { - *ptr++ = 0; - } - } - else - { - r = cmap->Colors[rows[i][j]].Red; - g = cmap->Colors[rows[i][j]].Green; - b = cmap->Colors[rows[i][j]].Blue; - *ptr++ = (0xff << 24) | (r << 16) | (g << 8) | b; - } + *ptr++ = colormap[rows[i][j]]; per += per_inc; if (progress && (((int)per) != last_per) && (((int)per) % progress_granularity == 0)) debian/watch0000664000000000000000000000021212262757307010227 0ustar version=3 http://qa.debian.org/watch/sf.php/enlightenment/ \ (?:|.*/)imlib2(?:[_\-]v?|)(\d\S*)\.(?:tar\.xz|txz|tar\.bz2|tbz2|tar\.gz|tgz) debian/compat0000664000000000000000000000000212262757307010401 0ustar 9 debian/libimlib2-dev.install0000664000000000000000000000042612262757307013216 0ustar usr/bin/imlib2-config usr/lib/*/libImlib2.a usr/lib/*/libImlib2.la usr/lib/*/imlib2/loaders/*.la usr/lib/*/imlib2/filters/*.la usr/lib/*/libImlib2.so usr/lib/*/pkgconfig/imlib2.pc usr/include doc/*html usr/share/doc/libimlib2-dev/html doc/*gif usr/share/doc/libimlib2-dev/html debian/libimlib2-dev.manpages0000664000000000000000000000002712262757307013340 0ustar debian/imlib2-config.1 debian/libimlib2.install0000664000000000000000000000011512262757307012435 0ustar usr/lib/*/*.so.* usr/lib/*/imlib2/loaders/*.so usr/lib/*/imlib2/filters/*.so debian/source/0000775000000000000000000000000012262757307010503 5ustar debian/source/format0000664000000000000000000000001412262757307011711 0ustar 3.0 (quilt)