Hello community, here is the log from the commit of package gimp for openSUSE:Factory checked in at 2012-06-26 15:37:56 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/gimp (Old) and /work/SRC/openSUSE:Factory/.gimp.new (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "gimp", Maintainer is "gnome-maintain...@suse.de" Changes: -------- --- /work/SRC/openSUSE:Factory/gimp/gimp.changes 2012-05-22 10:23:02.000000000 +0200 +++ /work/SRC/openSUSE:Factory/.gimp.new/gimp.changes 2012-06-26 15:37:58.000000000 +0200 @@ -1,0 +2,6 @@ +Mon Jun 25 09:51:07 CEST 2012 - vu...@opensuse.org + +- Add gimp-CVE-2012-3236.patch: fix crash in file handling for fit + files. Fix CVE-2012-3236, bnc#768376. + +------------------------------------------------------------------- New: ---- gimp-CVE-2012-3236.patch ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ gimp.spec ++++++ --- /var/tmp/diff_new_pack.aXGdk7/_old 2012-06-26 15:37:59.000000000 +0200 +++ /var/tmp/diff_new_pack.aXGdk7/_new 2012-06-26 15:37:59.000000000 +0200 @@ -81,6 +81,8 @@ # openSUSE palette file Source2: openSUSE.gpl Source99: baselibs.conf +# PATCH-FIX-UPSTREAM gimp-CVE-2012-3236.patch bnc#768376 bgo#676804 CVE-2012-3236 vu...@opensuse.org -- Fix crash in file handling for fit files, taken from git +Patch0: gimp-CVE-2012-3236.patch Requires: %{name}-branding = %{version} Recommends: %{name}-lang Recommends: %{name}-help-browser @@ -246,6 +248,7 @@ translation-update-upstream po-script-fu gimp20-script-fu translation-update-upstream po-plug-ins gimp20-std-plug-ins translation-update-upstream po-tips gimp20-tips +%patch0 -p1 # Safety check for ABI version change. vabi=`printf "%d" $(sed -n '/#define GIMP_MODULE_ABI_VERSION/{s/.* //;p}' libgimpmodule/gimpmodule.h)` if test "x${vabi}" != "x%{abiver}"; then ++++++ gimp-CVE-2012-3236.patch ++++++ >From 0474376d234bc3d0901fd5e86f89d778a6473dd8 Mon Sep 17 00:00:00 2001 From: Michael Natterer <mi...@gimp.org> Date: Wed, 06 Jun 2012 19:21:10 +0000 Subject: Bug 676804 - file handling DoS for fit file format Apply patch from j...@reactionis.co.uk which fixes a buffer overflow on broken/malicious fits files. (cherry picked from commit ace45631595e8781a1420842582d67160097163c) --- diff --git a/plug-ins/file-fits/fits-io.c b/plug-ins/file-fits/fits-io.c index 03d9652..ed77318 100644 --- a/plug-ins/file-fits/fits-io.c +++ b/plug-ins/file-fits/fits-io.c @@ -1054,10 +1054,18 @@ static FITS_HDU_LIST *fits_decode_header (FITS_RECORD_LIST *hdr, hdulist->used.simple = (strncmp (hdr->data, "SIMPLE ", 8) == 0); hdulist->used.xtension = (strncmp (hdr->data, "XTENSION", 8) == 0); if (hdulist->used.xtension) - { - fdat = fits_decode_card (fits_search_card (hdr, "XTENSION"), typ_fstring); - strcpy (hdulist->xtension, fdat->fstring); - } + { + fdat = fits_decode_card (fits_search_card (hdr, "XTENSION"), typ_fstring); + if (fdat != NULL) + { + strcpy (hdulist->xtension, fdat->fstring); + } + else + { + strcpy (errmsg, "No valid XTENSION header found."); + goto err_return; + } + } FITS_DECODE_CARD (hdr, "NAXIS", fdat, typ_flong); hdulist->naxis = fdat->flong; -- cgit v0.9.0.2 -- To unsubscribe, e-mail: opensuse-commit+unsubscr...@opensuse.org For additional commands, e-mail: opensuse-commit+h...@opensuse.org