Hello community,
here is the log from the commit of package gimp for openSUSE:Factory checked in
at 2012-06-26 15:37:56
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:Factory/gimp (Old)
and /work/SRC/openSUSE:Factory/.gimp.new (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "gimp", Maintainer is "gnome-maintain...@suse.de"
Changes:
--------
--- /work/SRC/openSUSE:Factory/gimp/gimp.changes 2012-05-22
10:23:02.000000000 +0200
+++ /work/SRC/openSUSE:Factory/.gimp.new/gimp.changes 2012-06-26
15:37:58.000000000 +0200
@@ -1,0 +2,6 @@
+Mon Jun 25 09:51:07 CEST 2012 - vu...@opensuse.org
+
+- Add gimp-CVE-2012-3236.patch: fix crash in file handling for fit
+ files. Fix CVE-2012-3236, bnc#768376.
+
+-------------------------------------------------------------------
New:
----
gimp-CVE-2012-3236.patch
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Other differences:
------------------
++++++ gimp.spec ++++++
--- /var/tmp/diff_new_pack.aXGdk7/_old 2012-06-26 15:37:59.000000000 +0200
+++ /var/tmp/diff_new_pack.aXGdk7/_new 2012-06-26 15:37:59.000000000 +0200
@@ -81,6 +81,8 @@
# openSUSE palette file
Source2: openSUSE.gpl
Source99: baselibs.conf
+# PATCH-FIX-UPSTREAM gimp-CVE-2012-3236.patch bnc#768376 bgo#676804
CVE-2012-3236 vu...@opensuse.org -- Fix crash in file handling for fit files,
taken from git
+Patch0: gimp-CVE-2012-3236.patch
Requires: %{name}-branding = %{version}
Recommends: %{name}-lang
Recommends: %{name}-help-browser
@@ -246,6 +248,7 @@
translation-update-upstream po-script-fu gimp20-script-fu
translation-update-upstream po-plug-ins gimp20-std-plug-ins
translation-update-upstream po-tips gimp20-tips
+%patch0 -p1
# Safety check for ABI version change.
vabi=`printf "%d" $(sed -n '/#define GIMP_MODULE_ABI_VERSION/{s/.* //;p}'
libgimpmodule/gimpmodule.h)`
if test "x${vabi}" != "x%{abiver}"; then
++++++ gimp-CVE-2012-3236.patch ++++++
>From 0474376d234bc3d0901fd5e86f89d778a6473dd8 Mon Sep 17 00:00:00 2001
From: Michael Natterer <mi...@gimp.org>
Date: Wed, 06 Jun 2012 19:21:10 +0000
Subject: Bug 676804 - file handling DoS for fit file format
Apply patch from j...@reactionis.co.uk which fixes a buffer overflow on
broken/malicious fits files.
(cherry picked from commit ace45631595e8781a1420842582d67160097163c)
---
diff --git a/plug-ins/file-fits/fits-io.c b/plug-ins/file-fits/fits-io.c
index 03d9652..ed77318 100644
--- a/plug-ins/file-fits/fits-io.c
+++ b/plug-ins/file-fits/fits-io.c
@@ -1054,10 +1054,18 @@ static FITS_HDU_LIST *fits_decode_header
(FITS_RECORD_LIST *hdr,
hdulist->used.simple = (strncmp (hdr->data, "SIMPLE ", 8) == 0);
hdulist->used.xtension = (strncmp (hdr->data, "XTENSION", 8) == 0);
if (hdulist->used.xtension)
- {
- fdat = fits_decode_card (fits_search_card (hdr, "XTENSION"), typ_fstring);
- strcpy (hdulist->xtension, fdat->fstring);
- }
+ {
+ fdat = fits_decode_card (fits_search_card (hdr, "XTENSION"), typ_fstring);
+ if (fdat != NULL)
+ {
+ strcpy (hdulist->xtension, fdat->fstring);
+ }
+ else
+ {
+ strcpy (errmsg, "No valid XTENSION header found.");
+ goto err_return;
+ }
+ }
FITS_DECODE_CARD (hdr, "NAXIS", fdat, typ_flong);
hdulist->naxis = fdat->flong;
--
cgit v0.9.0.2
--
To unsubscribe, e-mail: opensuse-commit+unsubscr...@opensuse.org
For additional commands, e-mail: opensuse-commit+h...@opensuse.org
