commit gimp for openSUSE:11.3
Hello community,
here is the log from the commit of package gimp for openSUSE:11.3
checked in at Fri Sep 16 19:02:08 CEST 2011.
--- old-versions/11.3/UPDATES/all/gimp/gimp.changes 2011-07-13
00:36:45.0 +0200
+++ 11.3/gimp/gimp.changes 2011-09-09 15:04:27.0 +0200
@@ -1,0 +2,6 @@
+Fri Sep 9 13:03:51 UTC 2011 - vu...@opensuse.org
+
+- Add gimp-CVE-2011-2896.patch: Fix heap corruption and buffer
+ overflow in LZW code. Fix bnc#711491, CVE-2011-2896.
+
+---
calling whatdependson for 11.3-i586
New:
gimp-CVE-2011-2896.patch
Other differences:
--
++ gimp.spec ++
--- /var/tmp/diff_new_pack.zmNvrL/_old 2011-09-16 17:57:55.0 +0200
+++ /var/tmp/diff_new_pack.zmNvrL/_new 2011-09-16 17:57:55.0 +0200
@@ -48,7 +48,7 @@
BuildRequires: xorg-x11-libXfixes-devel
Url:http://www.gimp.org/
Version:2.6.8
-Release:7.
+Release:7.
License:GPLv2+
Group: Productivity/Graphics/Bitmap Editors
Suggests: AdobeICCProfiles
@@ -71,6 +71,8 @@
Patch3: gimp-CVE-2010-4543.patch
# PATCH-FIX-UPSTREAM gimp-pyslice-cellspacing-fix.patch bgo#641259 bnc#698769
fi...@opensuse.org -- py-slice cellspacing fix
Patch4: gimp-pyslice-cellspacing-fix.patch
+# PATCH-FIX-UPSTREAM gimp-CVE-2011-2896.patch CVE-2011-2896 bnc#711491
vu...@opensuse.org -- Fix heap corruption and buffer overflow
+Patch5: gimp-CVE-2011-2896.patch
BuildRoot: %{_tmppath}/%{name}-%{version}-build
Requires: %{name}-branding >= 2.4
Recommends: %{name}-plugins-python = %{version} gimp-2.0-scanner-plugin
%{name}-help-browser
@@ -212,6 +214,7 @@
%patch2 -p1
%patch3 -p1
%patch4 -p1
+%patch5 -p1
# Safety check for ABI version change.
vabi=`printf "%d" $(sed -n '/#define GIMP_MODULE_ABI_VERSION/{s/.* //;p}'
libgimpmodule/gimpmodule.h)`
if test "x${vabi}" != "x%{abiver}"; then
++ gimp-CVE-2011-2896.patch ++
>From 0eae221c7c6eb84591d718587a17ea90c8852d5b Mon Sep 17 00:00:00 2001
From: Nils Philippsen
Date: Thu, 04 Aug 2011 10:47:44 +
Subject: file-gif-load: ensure return value of LZWReadByte() is <= 255
(cherry picked from commit b1a3de761362db982c0ddfaff60ab4a3c4267f32)
---
diff --git a/plug-ins/common/file-gif-load.c b/plug-ins/common/file-gif-load.c
index 9a0720b..a4d98fc 100644
--- a/plug-ins/common/file-gif-load.c
+++ b/plug-ins/common/file-gif-load.c
@@ -743,11 +743,11 @@ LZWReadByte (FILE *fd,
}
while (firstcode == clear_code);
- return firstcode;
+ return firstcode & 255;
}
if (sp > stack)
-return *--sp;
+return (*--sp) & 255;
while ((code = GetCode (fd, code_size, FALSE)) >= 0)
{
@@ -770,7 +770,7 @@ LZWReadByte (FILE *fd,
sp= stack;
firstcode = oldcode = GetCode (fd, code_size, FALSE);
- return firstcode;
+ return firstcode & 255;
}
else if (code == end_code)
{
@@ -826,10 +826,10 @@ LZWReadByte (FILE *fd,
oldcode = incode;
if (sp > stack)
-return *--sp;
+return (*--sp) & 255;
}
- return code;
+ return code & 255;
}
static gint32
--
cgit v0.9.0.2
>From 62718f821b7c79a6860b8b25f0a21a91daa6e22d Mon Sep 17 00:00:00 2001
From: Nils Philippsen
Date: Thu, 04 Aug 2011 10:51:42 +
Subject: file-gif-load: fix heap corruption and buffer overflow (CVE-2011-2896)
(cherry picked from commit 376ad788c1a1c31d40f18494889c383f6909ebfc)
---
diff --git a/plug-ins/common/file-gif-load.c b/plug-ins/common/file-gif-load.c
index a4d98fc..8460ec0 100644
--- a/plug-ins/common/file-gif-load.c
+++ b/plug-ins/common/file-gif-load.c
@@ -697,7 +697,8 @@ LZWReadByte (FILE *fd,
static gint firstcode, oldcode;
static gint clear_code, end_code;
static gint table[2][(1 << MAX_LZW_BITS)];
- static gint stack[(1 << (MAX_LZW_BITS)) * 2], *sp;
+#define STACK_SIZE ((1 << (MAX_LZW_BITS)) * 2)
+ static gint stack[STACK_SIZE], *sp;
ginti;
if (just_reset_LZW)
@@ -772,7 +773,7 @@ LZWReadByte (FILE *fd,
return firstcode & 255;
}
- else if (code == end_code)
+ else if (code == end_code || code > max_code)
{
gint count;
guchar buf[260];
@@ -791,13 +792,14 @@ LZWReadByte (FILE *fd,
incode = code;
- if (code >= max_code)
+ if (code == max_code)
{
- *sp++ = firstcode;
+ if (sp < &(stack[STACK_SIZE]))
+*sp++ = firstcode;
code = oldcode;
}
- while (code >= clear_code)
+ while (code >= clear_code && sp < &(stack[STACK_SIZE]))
{
*sp++ = table[1][code];
if (code == table[0][code])
@@ -808,7 +810,8 @@ LZWReadByte (FILE *fd,
code = table[0][code];
}
- *sp++ = fi
commit gimp for openSUSE:11.3
Hello community,
here is the log from the commit of package gimp for openSUSE:11.3
checked in at Tue Jul 19 18:30:26 CEST 2011.
--- old-versions/11.3/UPDATES/all/gimp/gimp.changes 2011-05-27
23:17:18.0 +0200
+++ 11.3/gimp/gimp.changes 2011-07-13 00:36:45.0 +0200
@@ -1,0 +2,6 @@
+Tue Jul 12 22:28:15 UTC 2011 - fi...@opensuse.org
+
+- Add gimp-pyslice-cellspacing-fix.patch to fix cellspacing in
+ pyslice plugin. Fix bnc#698769.
+
+---
calling whatdependson for 11.3-i586
New:
gimp-pyslice-cellspacing-fix.patch
Other differences:
--
++ gimp.spec ++
--- /var/tmp/diff_new_pack.8cYkEY/_old 2011-07-19 18:28:54.0 +0200
+++ /var/tmp/diff_new_pack.8cYkEY/_new 2011-07-19 18:28:54.0 +0200
@@ -48,7 +48,7 @@
BuildRequires: xorg-x11-libXfixes-devel
Url:http://www.gimp.org/
Version:2.6.8
-Release:7.
+Release:7.
License:GPLv2+
Group: Productivity/Graphics/Bitmap Editors
Suggests: AdobeICCProfiles
@@ -69,6 +69,8 @@
Patch2: gimp-CVE-2010-4540-and-more.patch
# PATCH-FIX-UPSTREAM gimp-CVE-2010-4543.patch CVE-2010-4543 bgo#639203
bnc#662043 vu...@opensuse.org -- Fix a buffer overflow when reading a psp file
Patch3: gimp-CVE-2010-4543.patch
+# PATCH-FIX-UPSTREAM gimp-pyslice-cellspacing-fix.patch bgo#641259 bnc#698769
fi...@opensuse.org -- py-slice cellspacing fix
+Patch4: gimp-pyslice-cellspacing-fix.patch
BuildRoot: %{_tmppath}/%{name}-%{version}-build
Requires: %{name}-branding >= 2.4
Recommends: %{name}-plugins-python = %{version} gimp-2.0-scanner-plugin
%{name}-help-browser
@@ -209,6 +211,7 @@
%patch1 -p1
%patch2 -p1
%patch3 -p1
+%patch4 -p1
# Safety check for ABI version change.
vabi=`printf "%d" $(sed -n '/#define GIMP_MODULE_ABI_VERSION/{s/.* //;p}'
libgimpmodule/gimpmodule.h)`
if test "x${vabi}" != "x%{abiver}"; then
++ gimp-pyslice-cellspacing-fix.patch ++
diff --git a/plug-ins/pygimp/plug-ins/py-slice.py
b/plug-ins/pygimp/plug-ins/py-slice.py
index f5b80bd..13ae267 100755
--- a/plug-ins/pygimp/plug-ins/py-slice.py
+++ b/plug-ins/pygimp/plug-ins/py-slice.py
@@ -35,6 +35,9 @@ gettext.install("gimp20-python", gimp.locale_directory,
unicode=True)
def pyslice(image, drawable, save_path, html_filename,
image_basename, image_extension, separate,
image_path, cellspacing, animate, skip_caps):
+
+cellspacing = int (cellspacing)
+
if animate:
count = 0
drw = []
Remember to have fun...
--
To unsubscribe, e-mail: opensuse-commit+unsubscr...@opensuse.org
For additional commands, e-mail: opensuse-commit+h...@opensuse.org
commit gimp for openSUSE:11.3
Hello community,
here is the log from the commit of package gimp for openSUSE:11.3
checked in at Tue May 31 15:44:06 CEST 2011.
--- old-versions/11.3/UPDATES/all/gimp/gimp.changes 2011-02-15
10:17:19.0 +0100
+++ 11.3/gimp/gimp.changes 2011-05-27 23:17:18.0 +0200
@@ -1,0 +2,6 @@
+Fri May 27 20:21:20 UTC 2011 - sree...@novell.com
+
+- Modify gimp-CVE-2010-4543.patch to include fix for the second
+ part of bnc#692877. (CVE-2011-1782)
+
+---
calling whatdependson for 11.3-i586
Other differences:
--
++ gimp.spec ++
--- /var/tmp/diff_new_pack.EYGgsZ/_old 2011-05-31 15:42:01.0 +0200
+++ /var/tmp/diff_new_pack.EYGgsZ/_new 2011-05-31 15:42:01.0 +0200
@@ -48,7 +48,7 @@
BuildRequires: xorg-x11-libXfixes-devel
Url:http://www.gimp.org/
Version:2.6.8
-Release:7.
+Release:7.
License:GPLv2+
Group: Productivity/Graphics/Bitmap Editors
Suggests: AdobeICCProfiles
++ gimp-CVE-2010-4543.patch ++
--- /var/tmp/diff_new_pack.EYGgsZ/_old 2011-05-31 15:42:02.0 +0200
+++ /var/tmp/diff_new_pack.EYGgsZ/_new 2011-05-31 15:42:02.0 +0200
@@ -14,7 +14,7 @@
fread (buf, runcount, 1, f);
+
+ /* prevent buffer overflow for bogus data */
-+ runcount = MIN (runcount, endq - q);
++ runcount = MIN (runcount, (endq - q) / bytespp);
+
if (bytespp == 1)
{
Remember to have fun...
--
To unsubscribe, e-mail: opensuse-commit+unsubscr...@opensuse.org
For additional commands, e-mail: opensuse-commit+h...@opensuse.org
