Hello community, here is the log from the commit of package gimp.1141 for openSUSE:12.2:Update checked in at 2012-12-07 10:52:59 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:12.2:Update/gimp.1141 (Old) and /work/SRC/openSUSE:12.2:Update/.gimp.1141.new (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "gimp.1141", Maintainer is "" Changes: -------- New Changes file: --- /dev/null 2012-11-30 12:21:47.308011256 +0100 +++ /work/SRC/openSUSE:12.2:Update/.gimp.1141.new/gimp.changes 2012-12-07 10:53:01.000000000 +0100 @@ -0,0 +1,1204 @@ +------------------------------------------------------------------- +Tue Nov 27 11:38:03 UTC 2012 - dims...@opensuse.org + +- Add gimp-CVE-2012-5576.patch: fix memory corruption vulnerability + when reading XWD files (bnc#791372, bgo#687392, CVE-2012-5576). + +------------------------------------------------------------------- +Wed Aug 29 02:05:34 UTC 2012 - r...@suse.com + +- fixed bnc#724628 + VUL-0: CVE-2012-3481: gimp: GIF plugin 'height' / 'len' integer overflow leading to heap-based buffer overflow +- fixed bnc#763595 + VUL-0: CVE-2012-2763: gimp: buffer overflow in script-fu's server component + +------------------------------------------------------------------- +Mon Jun 25 09:51:07 CEST 2012 - vu...@opensuse.org + +- Add gimp-CVE-2012-3236.patch: fix crash in file handling for fit + files. Fix CVE-2012-3236, bnc#768376. + +------------------------------------------------------------------- +Mon May 14 13:05:34 UTC 2012 - vu...@opensuse.org + +- Correctly version librsvg-devel BuildRequires: 2.36.0 is needed. + We don't version the BuildRequires on 12.1 and earlier to avoid + useless unresolvables; it will just result in file-svg plugin not + being built when librsvg is not recent enough there. + +------------------------------------------------------------------- +Thu May 3 14:52:22 UTC 2012 - badshah...@gmail.com + +- Update to version 2.8.0: + + Core: Add gimp's own GimpOperationBrightnessContrast because + GEGL one is different + + Plug-ins: Fix some GFig rendering issues + + Source and build system: Depend on Babl 0.1.10, GEGL 0.2.0 + and some other new library versions. + +------------------------------------------------------------------- +Sat Apr 7 08:08:21 UTC 2012 - vu...@opensuse.org + +- Update license from GPL-2.0+ to GPL-3.0+, following upstream + change. +- Completely drop HAL-related packaging since it is now gone + upstream: + + Remove build_hal macro + + Remove optional hal-devel BuildRequires. + + Remove optional gimp-module-hal subpackage. + + Note that we already have a Obsoletes for gimp-module-hal. +- Add pkgconfig(gudev-1.0) BuildRequires for the new gudev input + module. +- Add ghostscript-devel, ghostscript-library, libbz2-devel, + libjasper-devel, pkgconfig(atk), pkgconfig(xcursor) + BuildRequires: new dependencies upstream. + + Note about ghostscript-library: ideally, we'd avoid listing it + explicitly, but in OBS, ghostscript-mini is preferred by + default, but it is not enough for gimp. +- Add explicit pkgconfig(gdk-pixbuf-2.0) BuildRequires so it can be + versioned. +- Add explicit libjpeg-devel, xorg-x11-libXpm-devel, zlib-devel + BuildRequires: they were missing before. +- Add libxslt-tools BuildRequires (or libxslt-devel on versions of + openSUSE <= 12.1) to have xsltproc installed. +- Add fdupes BuildRequires and use %fdupes in %install to avoid + duplicated files. +- Change gimp-doc Obsoletes in devel subpackage from <= to < to + avoid rpmlint warning about self-obsoletion. + +------------------------------------------------------------------- +Fri Apr 6 17:44:10 UTC 2012 - dims...@opensuse.org + +- Update to 2.8.0-RC1: + + User Interface: + - Single-Window Mode + - Multi-Column Dock Windows + - More Screen Real Estate For Dockable Dialogs + - Save And Export + - Layer Groups + - Tools Drawn With Cairo + - On-Canvas Text Editing + - Keyboard Shortcut Changes + - Simple Math In Size Entries + + Tools & Plug-ins: + - Brush System Improvements + - Tool Preset Improvements + - Cage Transform Tool + - File Plug-Ins + - For Tablet Users + - Resource Tagging + + Miscellaneous: + - Enhancements to scripting abilities + - API changes + + For detailed changes, see NEWS file and + http://www.gimp.org/release-notes/gimp-2.7.html + +------------------------------------------------------------------- +Wed Feb 1 09:09:46 UTC 2012 - vu...@opensuse.org + +- Update to version 2.6.12: + + Bugs fixed: bgo#623045, bgo#627328, bgo#631728, bgo#631885, + bgo#639203, bgo#640219, bgo#640612, bgo#641259, bgo#646947, + bgo#652280, bgo#660305. + + Updated translations. +- Drop gimp-CVE-2010-4540-and-more.patch: fixed upstream. +- Drop gimp-CVE-2010-4543.patch: fixed upstream. +- Drop gimp-fix-linking.patch: fixed upstream. +- Drop gimp-CVE-2011-2896.patch: fixed upstream. +- Drop gimp-pyslice-cellspacing-fix.patch: fixed upstream. +- Drop gimp-poppler-0.18.patch: fixed upstream. +- Remove call to autoreconf and libtool BuildRequires: they were + only needed for gimp-fix-linking.patch. + +------------------------------------------------------------------- +Fri Oct 21 11:19:42 UTC 2011 - vu...@opensuse.org + +- Change gimp-2.0-scanner-plugin Recommends to a Suggests: this + installs xsane by default, and really, xsane is so horribly + broken UI-wise that we don't want that. + +------------------------------------------------------------------- +Sat Oct 15 04:47:12 UTC 2011 - co...@suse.com + +- add libtool as buildrequire to make the spec file more reliable + +------------------------------------------------------------------- +Wed Oct 12 15:26:00 UTC 2011 - vu...@opensuse.org + +- Add a warning comment about changing the content of the branding + package, to make our life easier in branding-openSUSE. + +------------------------------------------------------------------- +Thu Oct 6 21:57:36 UTC 2011 - vu...@opensuse.org + +- Add iso-codes Recommends since the iso-codes data is used at + runtime, but its presence is not mandatory. +- Remove explicit gtk2 Requires: the library will get + automatically added to the list of Requires. + +------------------------------------------------------------------- +Tue Sep 20 13:34:58 UTC 2011 - vu...@opensuse.org + +- Update gimp-fix-linking.patch: add another missing -lm. +- Add gimp-poppler-0.18.patch: fix build with poppler 0.17/0.18. + +------------------------------------------------------------------- +Fri Sep 9 13:29:26 UTC 2011 - vu...@opensuse.org + +- Add gimp-fix-linking.patch: fix linking issue. +- Add gimp-CVE-2011-2896.patch: Fix heap corruption and buffer + overflow in LZW code. Fix bnc#711491, CVE-2011-2896. +- Add gimp-pyslice-cellspacing-fix.patch: fix a crash in the + pyslice plugin. +- Add call to autoreconf, needed by gimp-fix-linking.patch. + +------------------------------------------------------------------- +Wed Jul 6 16:24:31 CEST 2011 - vu...@opensuse.org + +- Change branding-upstream subpackage: + + Add Requires for gimp since the branding package is useless + without it. + + Update summary and description. + + Make noarch. +- Change branding Requires in main subpackage to be "= %{version}", + instead of ">= 2.4", which is wrong. + +------------------------------------------------------------------- +Wed Jun 15 16:19:39 CEST 2011 - vu...@opensuse.org + +- Fix build on Factory, by not excluding the + libcontroller-linux-input.so module from the file list of the + main package when we build without hal. It was only excluded to + be part of a hal subpackage when there is the hal dependency. + +------------------------------------------------------------------- +Sun Jun 12 00:14:35 CEST 2011 - vu...@opensuse.org + +- On 12.1 and later, stop building the gimp-module-hal subpackage: + + we don't want hal anymore on 12.1 and later (see bnc#697016). + We use a build_hal define to control that behavior. + + remove hal-devel BuildRequires + + do not build a gimp-module-hal subpackage anymore + + add gimp-module-hal Obsoletes for smooth upgrades + +------------------------------------------------------------------- +Tue Feb 15 10:13:30 CET 2011 - vu...@opensuse.org + +- Add gimp-CVE-2010-4540-and-more.patch and + gimp-CVE-2010-4543.patch to fix buffer overflows: CVE-2010-4540, + CVE-2010-4541, CVE-2010-4542, CVE-2010-4543. Fix bnc#662043. + +------------------------------------------------------------------- +Sat Feb 12 17:45:43 CET 2011 - vu...@opensuse.org + +- Call relevant macros in %post/%postun: + + %desktop_database_post/postun because the package ships at + least one desktop file. + + %icon_theme_cache_post/postun because the package ships themed ++++ 1007 more lines (skipped) ++++ between /dev/null ++++ and /work/SRC/openSUSE:12.2:Update/.gimp.1141.new/gimp.changes New: ---- baselibs.conf bnc#724628-0001-file-gif-load-limit-len-and-height-CVE-2012-3481.patch bnc#724628-0002-file-gif-load-fix-type-overflow-CVE-2012-3481.patch bnc#763595-0001-file-cel-check-fread-g_fopen-return-values-and-pass-.patch bnc#763595-0002-file-cel-validate-header-data-CVE-2012-3403.patch bnc#763595-0003-file-cel-use-statically-allocated-palette-buffer.patch bnc#763595-0004-file-cel-use-g_set_error-for-errors-instead-of-g_mes.patch gimp-2.8.0.tar.bz2 gimp-CVE-2012-3236.patch gimp-CVE-2012-5576.patch gimp.changes gimp.spec macros.gimp openSUSE.gpl ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ gimp.spec ++++++ # # spec file for package gimp # # Copyright (c) 2012 SUSE LINUX Products GmbH, Nuernberg, Germany. # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed # upon. The license for this file, and modifications and additions to the # file, is the same license as for the pristine package itself (unless the # license for the pristine package is not an Open Source License, in which # case the license is the MIT License). An "Open Source License" is a # license that conforms to the Open Source Definition (Version 1.9) # published by the Open Source Initiative. # Please submit bugfixes or comments via http://bugs.opensuse.org/ # %global abiver 4 %global apiver 2.0 Name: gimp BuildRequires: aalib-devel BuildRequires: alsa-devel >= 1.0.0 BuildRequires: babl-devel >= 0.1.10 BuildRequires: cairo-devel >= 1.10.2 BuildRequires: dbus-1-glib-devel >= 0.70 BuildRequires: fdupes BuildRequires: fontconfig-devel >= 2.2.0 BuildRequires: gegl-devel >= 0.2.0 BuildRequires: ghostscript-devel # Explicitly needed, otherwise ghostscript-mini is used during the # build, and it's not enough for gimp. BuildRequires: ghostscript-library BuildRequires: glib2-devel >= 2.30.2 BuildRequires: gtk2-devel >= 2.24.10 BuildRequires: intltool >= 0.40.1 BuildRequires: iso-codes-devel BuildRequires: libbz2-devel BuildRequires: libexif-devel >= 0.6.15 BuildRequires: libjasper-devel BuildRequires: libjpeg-devel BuildRequires: liblcms-devel >= 1.16 BuildRequires: libmng-devel BuildRequires: libpng-devel >= 1.2.37 BuildRequires: libpoppler-glib-devel >= 0.12.4 %if 0%{?suse_version} < 1220 # best-effort attempt to use librsvg (file-svg plugin will be built # if recent-enough version of librsvg is there) BuildRequires: librsvg-devel %else BuildRequires: librsvg-devel >= 2.36.0 %endif BuildRequires: libtiff-devel BuildRequires: libwebkit-devel >= 1.6.1 BuildRequires: libwmf-devel >= 0.2.8 %if 0%{?suse_version} < 1220 BuildRequires: libxslt-devel %else BuildRequires: libxslt-tools %endif BuildRequires: pango-devel >= 1.29.4 BuildRequires: python-gtk-devel >= 2.10.4 BuildRequires: translation-update-upstream BuildRequires: update-desktop-files BuildRequires: xorg-x11-libXfixes-devel BuildRequires: xorg-x11-libXpm-devel BuildRequires: zlib-devel BuildRequires: pkgconfig(atk) >= 2.2.0 BuildRequires: pkgconfig(gdk-pixbuf-2.0) >= 2.24.1 BuildRequires: pkgconfig(gudev-1.0) >= 167 BuildRequires: pkgconfig(xcursor) Url: http://www.gimp.org/ Version: 2.8.0 Release: 0 Summary: The GNU Image Manipulation Program License: GPL-3.0+ Group: Productivity/Graphics/Bitmap Editors Source: ftp://ftp.gimp.org/pub/gimp/v2.8/%{name}-%{version}.tar.bz2 Source1: macros.gimp # openSUSE palette file Source2: openSUSE.gpl Source99: baselibs.conf # PATCH-FIX-UPSTREAM gimp-CVE-2012-3236.patch bnc#768376 bgo#676804 CVE-2012-3236 vu...@opensuse.org -- Fix crash in file handling for fit files, taken from git Patch0: gimp-CVE-2012-3236.patch # patches set to fix bnc#724628 Patch1: bnc#724628-0001-file-gif-load-limit-len-and-height-CVE-2012-3481.patch Patch2: bnc#724628-0002-file-gif-load-fix-type-overflow-CVE-2012-3481.patch # patches set to fix bnc#763595 Patch3: bnc#763595-0001-file-cel-check-fread-g_fopen-return-values-and-pass-.patch Patch4: bnc#763595-0002-file-cel-validate-header-data-CVE-2012-3403.patch Patch5: bnc#763595-0003-file-cel-use-statically-allocated-palette-buffer.patch Patch6: bnc#763595-0004-file-cel-use-g_set_error-for-errors-instead-of-g_mes.patch Patch7: gimp-CVE-2012-5576.patch Requires: %{name}-branding = %{version} Recommends: %{name}-lang Recommends: %{name}-help-browser Recommends: %{name}-plugins-python = %{version} Recommends: iso-codes Suggests: AdobeICCProfiles Suggests: gimp-2.0-scanner-plugin Provides: gimp-2.0 = %{version} Provides: gimp(abi) = %{abiver} Provides: gimp(api) = %{apiver} Obsoletes: gimp-unstable < 2.6.0 # Obsolete hal subpackage which we had until 11.4. Obsoletes: %{name}-module-hal < %{version} BuildRoot: %{_tmppath}/%{name}-%{version}-build %description The GIMP (GNU Image Manipulation Program) is a powerful image composition and editing program, which can be extremely useful for creating logos and other graphics for Web pages. The GIMP offers many of the tools and filters you would expect to find in similar commercial offerings and contains some interesting extras as well. The GIMP provides a large image manipulation toolbox, including channel operations and layers, effects, subpixel imaging and antialiasing, and conversions- all including multilevel undo. The GIMP offers a scripting facility, but many of the included scripts rely on fonts that we cannot distribute. %package -n libgimp-2_0-0 Summary: The GNU Image Manipulation Program - Libraries Group: Productivity/Graphics/Bitmap Editors %description -n libgimp-2_0-0 The GIMP (GNU Image Manipulation Program) is a powerful image composition and editing program, which can be extremely useful for creating logos and other graphics for Web pages. The GIMP offers many of the tools and filters you would expect to find in similar commercial offerings and contains some interesting extras as well. The GIMP provides a large image manipulation toolbox, including channel operations and layers, effects, subpixel imaging and antialiasing, and conversions- all including multilevel undo. The GIMP offers a scripting facility, but many of the included scripts rely on fonts that we cannot distribute. This package provides GIMP libraries. %package -n libgimpui-2_0-0 Summary: The GNU Image Manipulation Program - UI Libraries Group: Productivity/Graphics/Bitmap Editors %description -n libgimpui-2_0-0 The GIMP (GNU Image Manipulation Program) is a powerful image composition and editing program, which can be extremely useful for creating logos and other graphics for Web pages. The GIMP offers many of the tools and filters you would expect to find in similar commercial offerings and contains some interesting extras as well. The GIMP provides a large image manipulation toolbox, including channel operations and layers, effects, subpixel imaging and antialiasing, and conversions- all including multilevel undo. The GIMP offers a scripting facility, but many of the included scripts rely on fonts that we cannot distribute. This package provides GIMP UI libraries. %package branding-upstream Summary: The GNU Image Manipulation Program -- Upstream Splash Screen Group: Productivity/Graphics/Bitmap Editors Requires: %{name} = %{version} Provides: %{name}-branding = %{version} Conflicts: otherproviders(%{name}-branding) Obsoletes: gimp-unstable-branding-upstream < 2.6.0 Supplements: packageand(%{name}:branding-upstream) # It is technically compatible with 2.4, but upstream branding has version specific image: Conflicts: %{name} < 2.6.0 BuildArch: noarch ## WARNING WARNING WARNING: see warning in %%files section #BRAND: /usr/share/gimp/2.0/images/gimp-splash.png is a splash screen in #BRAND: GIMP, original size is 300x400. Bottom part displays "just #BRAND: starting" text and progress bar. ## WARNING WARNING WARNING: see warning in %%files section %description branding-upstream The GIMP (GNU Image Manipulation Program) is a powerful image composition and editing program, which can be extremely useful for creating logos and other graphics for Web pages. The GIMP offers many of the tools and filters you would expect to find in similar commercial offerings and contains some interesting extras as well. The GIMP provides a large image manipulation toolbox, including channel operations and layers, effects, subpixel imaging and antialiasing, and conversions- all including multilevel undo. The GIMP offers a scripting facility, but many of the included scripts rely on fonts that we cannot distribute. This package contains the upstream splash screen for the GIMP. %package plugins-python Summary: The GNU Image Manipulation Program - python-gtk based plugins Group: Productivity/Graphics/Bitmap Editors Requires: %{name} = %{version} Requires: python-gtk Supplements: %{name} Provides: gimp-2.0-plugins-python = %{version} Obsoletes: gimp-unstable-plugins-python < 2.6.0 # For update from <= 10.3 and SLED 10: Provides: %{name}:%{_libdir}/gimp/2.0/plug-ins/pyconsole.py = %{version} %py_requires %description plugins-python The GIMP (GNU Image Manipulation Program) is a powerful image composition and editing program, which can be extremely useful for creating logos and other graphics for Web pages. The GIMP offers many of the tools and filters you would expect to find in similar commercial offerings and contains some interesting extras as well. The GIMP provides a large image manipulation toolbox, including channel operations and layers, effects, subpixel imaging and antialiasing, and conversions- all including multilevel undo. The GIMP offers a scripting facility, but many of the included scripts rely on fonts that we cannot distribute. %package devel Summary: The GNU Image Manipulation Program Group: Productivity/Graphics/Bitmap Editors Requires: libgimp-2_0-0 = %{version} Requires: libgimpui-2_0-0 = %{version} Provides: gimp-2.0-devel = %{version} Provides: gimp-doc = 2.6.4 Obsoletes: gimp-doc < 2.6.4 Obsoletes: gimp-unstable-devel < 2.6.0 %description devel The GIMP (GNU Image Manipulation Program) is a powerful image composition and editing program, which can be extremely useful for creating logos and other graphics for Web pages. The GIMP offers many of the tools and filters you would expect to find in similar commercial offerings and contains some interesting extras as well. The GIMP provides a large image manipulation toolbox, including channel operations and layers, effects, subpixel imaging and antialiasing, and conversions- all including multilevel undo. The GIMP offers a scripting facility, but many of the included scripts rely on fonts that we cannot distribute. %package help-browser Summary: The GNU Image Manipulation Program - Help Browser Group: Productivity/Graphics/Bitmap Editors Requires: %{name} = %{version} Supplements: packageand(%{name}:gimp-help) %description help-browser This package contains the help browser for the GIMP. %lang_package %prep %setup -q translation-update-upstream translation-update-upstream po-libgimp gimp20-libgimp translation-update-upstream po-python gimp20-python translation-update-upstream po-script-fu gimp20-script-fu translation-update-upstream po-plug-ins gimp20-std-plug-ins translation-update-upstream po-tips gimp20-tips %patch0 -p1 %patch1 -p1 %patch2 -p1 %patch3 -p1 %patch4 -p1 %patch5 -p1 %patch6 -p1 %patch7 -p1 # Safety check for ABI version change. vabi=`printf "%d" $(sed -n '/#define GIMP_MODULE_ABI_VERSION/{s/.* //;p}' libgimpmodule/gimpmodule.h)` if test "x${vabi}" != "x%{abiver}"; then : Error: Upstream ABI version is now ${vabi}, expecting %{abiver}. : Update the apiver macro and rebuild. exit 1 fi # Safety check for API version change. vapi=`sed -n '/#define GIMP_API_VERSION/{s/.* //;p}' libgimpbase/gimpversion.h | sed -e 's@"@@g'` if test "x${vapi}" != "x%{apiver}"; then : Error: Upstream API version is now ${vapi}, expecting %{apiver}. : Update the apiver macro and rebuild. exit 1 fi %build export CFLAGS="$RPM_OPT_FLAGS -fno-strict-aliasing" %configure --with-pic\ --disable-static\ --libexecdir=%{_prefix}/lib\ --enable-default-binary\ --enable-mp make %{?jobs:-j%jobs} %install %makeinstall install -D -m 0644 %{S:2} %{buildroot}%{_datadir}/gimp/2.0/palettes %suse_update_desktop_file -N GIMP gimp rm $RPM_BUILD_ROOT%{_libdir}/gimp/2.0/*/*.*a %find_lang gimp20 %{?no_lang_C} %find_lang gimp20-libgimp %{?no_lang_C} gimp20.lang %find_lang gimp20-python %{?no_lang_C} gimp20.lang %find_lang gimp20-script-fu %{?no_lang_C} gimp20.lang %find_lang gimp20-std-plug-ins %{?no_lang_C} gimp20.lang %find_lang gimp20-tips %{?no_lang_C} gimp20.lang echo "%%defattr(-,root,root)" >plugins.list echo "%%defattr(-,root,root)" >plugins-python.list for PLUGIN in $RPM_BUILD_ROOT%{_libdir}/gimp/2.0/plug-ins/* ; do if grep -q '^#!.*python' $PLUGIN ; then echo "${PLUGIN#$RPM_BUILD_ROOT}" >>plugins-python.list else echo "${PLUGIN#$RPM_BUILD_ROOT}" >>plugins.list fi done rm %{buildroot}%{_libdir}/*.la # Install the macros file: install -d $RPM_BUILD_ROOT%{_sysconfdir}/rpm sed -e "s/@GIMP_APIVER@/%{apiver}/;s/@GIMP_ABIVER@/%{abiver}/" \ < $RPM_SOURCE_DIR/macros.gimp > macros.gimp install -m 644 -c macros.gimp \ $RPM_BUILD_ROOT%{_sysconfdir}/rpm/macros.gimp %fdupes %{buildroot}%{_datadir}/gtk-doc/ %fdupes %{buildroot}%{_libdir}/gimp/2.0/python/ %fdupes %{buildroot}%{_datadir}/gimp/2.0/ %if 0%{?suse_version} > 1130 %post %desktop_database_post %icon_theme_cache_post %endif %if 0%{?suse_version} > 1130 %postun %desktop_database_postun %icon_theme_cache_postun %endif %post -n libgimp-2_0-0 -p /sbin/ldconfig %postun -n libgimp-2_0-0 -p /sbin/ldconfig %post -n libgimpui-2_0-0 -p /sbin/ldconfig %postun -n libgimpui-2_0-0 -p /sbin/ldconfig %clean rm -rf $RPM_BUILD_ROOT %files -f plugins.list %defattr(-,root,root) %doc AUTHORS COPYING ChangeLog LICENSE NEWS* README %exclude %{_libdir}/gimp/2.0/plug-ins/help-browser %{_bindir}/gimp %{_bindir}/gimp-2.? %{_bindir}/gimp-console %{_bindir}/gimp-console-2.? %{_datadir}/applications/gimp.desktop %{_datadir}/icons/hicolor/*/apps/*.png %{_datadir}/gimp/ %exclude %{_datadir}/gimp/2.0/images/gimp-splash.png %{_libdir}/gimp/2.0/environ/default.env %{_libdir}/gimp/2.0/interpreters/default.interp # Explicitly list modules so we don't lose one by accident %{_libdir}/gimp/2.0/modules/libcolor-selector-cmyk.so %{_libdir}/gimp/2.0/modules/libcolor-selector-water.so %{_libdir}/gimp/2.0/modules/libcolor-selector-wheel.so %{_libdir}/gimp/2.0/modules/libcontroller-linux-input.so %{_libdir}/gimp/2.0/modules/libcontroller-midi.so %{_libdir}/gimp/2.0/modules/libdisplay-filter-color-blind.so %{_libdir}/gimp/2.0/modules/libdisplay-filter-gamma.so %{_libdir}/gimp/2.0/modules/libdisplay-filter-high-contrast.so %{_libdir}/gimp/2.0/modules/libdisplay-filter-lcms.so %{_libdir}/gimp/2.0/modules/libdisplay-filter-proof.so %doc %{_mandir}/man?/gimp.* %doc %{_mandir}/man?/gimp-2.?.* %doc %{_mandir}/man?/gimp-console.* %doc %{_mandir}/man?/gimp-console-2.?.* %doc %{_mandir}/man?/gimprc.* %doc %{_mandir}/man?/gimprc-2.?.* %dir %{_sysconfdir}/gimp %dir %{_sysconfdir}/gimp/2.0 %config %{_sysconfdir}/gimp/2.0/*rc %files -n libgimp-2_0-0 %defattr(-,root,root) %dir %{_datadir}/gimp %dir %{_datadir}/gimp/2.0 %dir %{_libdir}/gimp %dir %{_libdir}/gimp/2.0 %dir %{_libdir}/gimp/2.0/environ %dir %{_libdir}/gimp/2.0/interpreters %dir %{_libdir}/gimp/2.0/modules %dir %{_libdir}/gimp/2.0/plug-ins %{_libdir}/libgimp-2.0.so.* %{_libdir}/libgimpbase-2.0.so.* %{_libdir}/libgimpcolor-2.0.so.* %{_libdir}/libgimpconfig-2.0.so.* %{_libdir}/libgimpmath-2.0.so.* %{_libdir}/libgimpmodule-2.0.so.* %files -n libgimpui-2_0-0 %defattr(-,root,root) %{_libdir}/libgimpthumb-2.0.so.* %{_libdir}/libgimpui-2.0.so.* %{_libdir}/libgimpwidgets-2.0.so.* %files help-browser %defattr(-,root,root) %doc AUTHORS COPYING ChangeLog LICENSE NEWS* README %{_libdir}/gimp/2.0/plug-ins/help-browser %files branding-upstream %defattr(-,root,root) ## WARNING WARNING WARNING: if we change the branding package to contain other # files than the splash, and this means the branding package should have a real # strict dependency on the gimp version, then branding-openSUSE should be # changed. Right now it only has an unversioned Requires for the gimp. %{_datadir}/gimp/2.0/images/gimp-splash.png %files plugins-python -f plugins-python.list %defattr(-,root,root) %{_libdir}/gimp/2.0/environ/pygimp.env %{_libdir}/gimp/2.0/interpreters/pygimp.interp %{_libdir}/gimp/2.0/python/ # FIXME: Maybe split gimp-lang and gimp-plugins-python-lang %files lang -f gimp20.lang %files devel %defattr(-,root,root) %doc README.i18n %{_bindir}/gimptool-2.0 %doc %{_mandir}/man?/gimptool-2.0.* %{_includedir}/gimp-2.0/ %{_libdir}/*.so %{_datadir}/aclocal/gimp-2.0.m4 %{_libdir}/pkgconfig/gimp-2.0.pc %{_libdir}/pkgconfig/gimpthumb-2.0.pc %{_libdir}/pkgconfig/gimpui-2.0.pc # Own these repositories to not depend on gtk-doc while building: %dir %{_datadir}/gtk-doc %dir %{_datadir}/gtk-doc/html %{_datadir}/gtk-doc/html/* %config %{_sysconfdir}/rpm/macros.gimp %changelog ++++++ baselibs.conf ++++++ libgimp-2_0-0 libgimpui-2_0-0 ++++++ bnc#724628-0001-file-gif-load-limit-len-and-height-CVE-2012-3481.patch ++++++ >From 4347b3496abd56d8419f3a14cc97fac25e6f546d Mon Sep 17 00:00:00 2001 From: Jan Lieskovsky <jlies...@redhat.com> Date: Tue, 14 Aug 2012 12:18:22 +0200 Subject: [PATCH 1/2] file-gif-load: limit len and height (CVE-2012-3481) Ensure values of len and height can't overflow g_malloc() argument type. (cherry picked from commit d95c2f0bcb6775bdee2bef35b7d84f6dfd490783) --- plug-ins/common/file-gif-load.c | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/plug-ins/common/file-gif-load.c b/plug-ins/common/file-gif-load.c index 4fdbe7a..4287b46 100644 --- a/plug-ins/common/file-gif-load.c +++ b/plug-ins/common/file-gif-load.c @@ -1057,6 +1057,13 @@ ReadImage (FILE *fd, cur_progress = 0; max_progress = height; + if (len > (G_MAXSIZE / height / (alpha_frame ? (promote_to_rgb ? 4 : 2) : 1))) + { + g_message ("'%s' has a larger image size than GIMP can handle.", + gimp_filename_to_utf8 (filename)); + return -1; + } + if (alpha_frame) dest = (guchar *) g_malloc (len * height * (promote_to_rgb ? 4 : 2)); else -- 1.7.11.4 ++++++ bnc#724628-0002-file-gif-load-fix-type-overflow-CVE-2012-3481.patch ++++++ >From 6b642a26daaf0204fa9a6cf622a6b459e3a059ef Mon Sep 17 00:00:00 2001 From: Nils Philippsen <n...@redhat.com> Date: Tue, 14 Aug 2012 15:27:39 +0200 Subject: [PATCH 2/2] file-gif-load: fix type overflow (CVE-2012-3481) Cast variables properly to avoid overflowing when computing how much memory to allocate. (cherry picked from commit 43fc9dbd8e2196944c8a71321e525b89b7df9f5c) --- plug-ins/common/file-gif-load.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/plug-ins/common/file-gif-load.c b/plug-ins/common/file-gif-load.c index 4287b46..0bb9bc4 100644 --- a/plug-ins/common/file-gif-load.c +++ b/plug-ins/common/file-gif-load.c @@ -1065,9 +1065,9 @@ ReadImage (FILE *fd, } if (alpha_frame) - dest = (guchar *) g_malloc (len * height * (promote_to_rgb ? 4 : 2)); + dest = (guchar *) g_malloc ((gsize)len * (gsize)height * (promote_to_rgb ? 4 : 2)); else - dest = (guchar *) g_malloc (len * height); + dest = (guchar *) g_malloc ((gsize)len * (gsize)height); #ifdef GIFDEBUG g_print ("GIF: reading %d by %d%s GIF image, ncols=%d\n", -- 1.7.11.4 ++++++ bnc#763595-0001-file-cel-check-fread-g_fopen-return-values-and-pass-.patch ++++++ >From 58e502a6718d9dfc6e00bd4c967a6dea2235b7f9 Mon Sep 17 00:00:00 2001 From: Nils Philippsen <n...@redhat.com> Date: Thu, 12 Jul 2012 15:50:02 +0200 Subject: [PATCH 1/4] file-cel: check fread()/g_fopen() return values and pass on errors (cherry picked from commit 9b2b8999497c28a4f9152c6d1bc85219d5fdd845) --- plug-ins/common/file-cel.c | 190 +++++++++++++++++++++++++++++++++++++------- 1 file changed, 160 insertions(+), 30 deletions(-) diff --git a/plug-ins/common/file-cel.c b/plug-ins/common/file-cel.c index d285936..c3b271c 100644 --- a/plug-ins/common/file-cel.c +++ b/plug-ins/common/file-cel.c @@ -44,8 +44,10 @@ static void run (const gchar *name, gint *nreturn_vals, GimpParam **return_vals); -static gint load_palette (FILE *fp, - guchar palette[]); +static gint load_palette (const gchar *file, + FILE *fp, + guchar palette[], + GError **error); static gint32 load_image (const gchar *file, const gchar *brief, GError **error); @@ -55,7 +57,8 @@ static gboolean save_image (const gchar *file, gint32 layer, GError **error); static void palette_dialog (const gchar *title); -static gboolean need_palette (const gchar *file); +static gboolean need_palette (const gchar *file, + GError **error); /* Globals... */ @@ -150,6 +153,7 @@ run (const gchar *name, gint32 image; GimpExportReturn export = GIMP_EXPORT_CANCEL; GError *error = NULL; + gint needs_palette = 0; run_mode = param[0].data.d_int32; @@ -187,20 +191,32 @@ run (const gchar *name, else if (run_mode == GIMP_RUN_INTERACTIVE) { /* Let user choose KCF palette (cancel ignores) */ - if (need_palette (param[1].data.d_string)) - palette_dialog (_("Load KISS Palette")); + needs_palette = need_palette (param[1].data.d_string, &error); - gimp_set_data (SAVE_PROC, palette_file, data_length); - } + if (! error) + { + if (needs_palette) + palette_dialog (_("Load KISS Palette")); - image = load_image (param[1].data.d_string, param[2].data.d_string, - &error); + gimp_set_data (SAVE_PROC, palette_file, data_length); + } + } - if (image != -1) + if (! error) { - *nreturn_vals = 2; - values[1].type = GIMP_PDB_IMAGE; - values[1].data.d_image = image; + image = load_image (param[1].data.d_string, param[2].data.d_string, + &error); + + if (image != -1) + { + *nreturn_vals = 2; + values[1].type = GIMP_PDB_IMAGE; + values[1].data.d_image = image; + } + else + { + status = GIMP_PDB_EXECUTION_ERROR; + } } else { @@ -263,18 +279,33 @@ run (const gchar *name, /* Peek into the file to determine whether we need a palette */ static gboolean -need_palette (const gchar *file) +need_palette (const gchar *file, + GError **error) { FILE *fp; guchar header[32]; + size_t n_read; fp = g_fopen (file, "rb"); - if (!fp) - return FALSE; + if (fp == NULL) + { + g_set_error (error, G_FILE_ERROR, g_file_error_from_errno (errno), + _("Could not open '%s' for reading: %s"), + gimp_filename_to_utf8 (file), g_strerror (errno)); + return FALSE; + } + + n_read = fread (header, 32, 1, fp); - fread (header, 32, 1, fp); fclose (fp); + if (n_read < 1) + { + g_set_error (error, G_FILE_ERROR, G_FILE_ERROR_FAILED, + _("EOF or error while reading image header")); + return FALSE; + } + return (header[5] < 32); } @@ -301,6 +332,7 @@ load_image (const gchar *file, GimpPixelRgn pixel_rgn; /* Pixel region for layer */ gint i, j, k; /* Counters */ + size_t n_read; /* Number of items read from file */ /* Open the file for reading */ @@ -319,7 +351,14 @@ load_image (const gchar *file, /* Get the image dimensions and create the image... */ - fread (header, 4, 1, fp); + n_read = fread (header, 4, 1, fp); + + if (n_read < 1) + { + g_set_error (error, G_FILE_ERROR, G_FILE_ERROR_FAILED, + _("EOF or error while reading image header")); + return -1; + } if (strncmp ((const gchar *) header, "KiSS", 4)) { @@ -332,7 +371,15 @@ load_image (const gchar *file, } else { /* New-style image file, read full header */ - fread (header, 28, 1, fp); + n_read = fread (header, 28, 1, fp); + + if (n_read < 1) + { + g_set_error (error, G_FILE_ERROR, G_FILE_ERROR_FAILED, + _("EOF or error while reading image header")); + return -1; + } + bpp = header[1]; if (bpp == 24) colours = -1; @@ -384,7 +431,15 @@ load_image (const gchar *file, switch (bpp) { case 4: - fread (buffer, (width+1)/2, 1, fp); + n_read = fread (buffer, (width+1)/2, 1, fp); + + if (n_read < 1) + { + g_set_error (error, G_FILE_ERROR, G_FILE_ERROR_FAILED, + _("EOF or error while reading image data")); + return -1; + } + for (j = 0, k = 0; j < width*2; j+= 4, ++k) { if (buffer[k] / 16 == 0) @@ -411,7 +466,15 @@ load_image (const gchar *file, break; case 8: - fread (buffer, width, 1, fp); + n_read = fread (buffer, width, 1, fp); + + if (n_read < 1) + { + g_set_error (error, G_FILE_ERROR, G_FILE_ERROR_FAILED, + _("EOF or error while reading image data")); + return -1; + } + for (j = 0, k = 0; j < width*2; j+= 2, ++k) { if (buffer[k] == 0) @@ -428,7 +491,15 @@ load_image (const gchar *file, break; case 32: - fread (line, width*4, 1, fp); + n_read = fread (line, width*4, 1, fp); + + if (n_read < 1) + { + g_set_error (error, G_FILE_ERROR, G_FILE_ERROR_FAILED, + _("EOF or error while reading image data")); + return -1; + } + /* The CEL file order is BGR so we need to swap B and R * to get the Gimp RGB order. */ @@ -469,12 +540,23 @@ load_image (const gchar *file, else { fp = g_fopen (palette_file, "r"); + + if (fp == NULL) + { + g_set_error (error, G_FILE_ERROR, g_file_error_from_errno (errno), + _("Could not open '%s' for reading: %s"), + gimp_filename_to_utf8 (palette_file), + g_strerror (errno)); + return -1; + } } if (fp != NULL) { - colours = load_palette (fp, palette); + colours = load_palette (palette_file, fp, palette, error); fclose (fp); + if (colours < 0) + return -1; } else { @@ -500,24 +582,55 @@ load_image (const gchar *file, } static gint -load_palette (FILE *fp, - guchar palette[]) +load_palette (const gchar *file, + FILE *fp, + guchar palette[], + GError **error) { guchar header[32]; /* File header */ guchar buffer[2]; int i, bpp, colours= 0; + size_t n_read; + + n_read = fread (header, 4, 1, fp); + + if (n_read < 1) + { + g_set_error (error, G_FILE_ERROR, G_FILE_ERROR_FAILED, + _("'%s': EOF or error while reading palette header"), + gimp_filename_to_utf8 (file)); + return -1; + } - fread (header, 4, 1, fp); if (!strncmp ((const gchar *) header, "KiSS", 4)) { - fread (header+4, 28, 1, fp); + n_read = fread (header+4, 28, 1, fp); + + if (n_read < 1) + { + g_set_error (error, G_FILE_ERROR, G_FILE_ERROR_FAILED, + _("'%s': EOF or error while reading palette header"), + gimp_filename_to_utf8 (file)); + return -1; + } + bpp = header[5]; colours = header[8] + header[9] * 256; if (bpp == 12) { for (i = 0; i < colours; ++i) { - fread (buffer, 1, 2, fp); + n_read = fread (buffer, 1, 2, fp); + + if (n_read < 2) + { + g_set_error (error, G_FILE_ERROR, G_FILE_ERROR_FAILED, + _("'%s': EOF or error while reading " + "palette data"), + gimp_filename_to_utf8 (file)); + return -1; + } + palette[i*3]= buffer[0] & 0xf0; palette[i*3+1]= (buffer[1] & 0x0f) * 16; palette[i*3+2]= (buffer[0] & 0x0f) * 16; @@ -525,7 +638,15 @@ load_palette (FILE *fp, } else { - fread (palette, colours, 3, fp); + n_read = fread (palette, colours, 3, fp); + + if (n_read < 3) + { + g_set_error (error, G_FILE_ERROR, G_FILE_ERROR_FAILED, + _("'%s': EOF or error while reading palette data"), + gimp_filename_to_utf8 (file)); + return -1; + } } } else @@ -534,7 +655,16 @@ load_palette (FILE *fp, fseek (fp, 0, SEEK_SET); for (i= 0; i < colours; ++i) { - fread (buffer, 1, 2, fp); + n_read = fread (buffer, 1, 2, fp); + + if (n_read < 2) + { + g_set_error (error, G_FILE_ERROR, G_FILE_ERROR_FAILED, + _("'%s': EOF or error while reading palette data"), + gimp_filename_to_utf8 (file)); + return -1; + } + palette[i*3] = buffer[0] & 0xf0; palette[i*3+1] = (buffer[1] & 0x0f) * 16; palette[i*3+2] = (buffer[0] & 0x0f) * 16; -- 1.7.10.4 ++++++ bnc#763595-0002-file-cel-validate-header-data-CVE-2012-3403.patch ++++++ >From 04e153ec9f3d4a0391c2a44ecb6327f3cc2f09ac Mon Sep 17 00:00:00 2001 From: Nils Philippsen <n...@redhat.com> Date: Fri, 13 Jul 2012 15:20:06 +0200 Subject: [PATCH 2/4] file-cel: validate header data (CVE-2012-3403) (cherry picked from commit 50c81019ade3084ec77e2e3cd848ba51d9845a97) --- plug-ins/common/file-cel.c | 83 +++++++++++++++++++++++++++++++++++++------- 1 file changed, 70 insertions(+), 13 deletions(-) diff --git a/plug-ins/common/file-cel.c b/plug-ins/common/file-cel.c index c3b271c..1b1c424 100644 --- a/plug-ins/common/file-cel.c +++ b/plug-ins/common/file-cel.c @@ -317,11 +317,12 @@ load_image (const gchar *file, GError **error) { FILE *fp; /* Read file pointer */ - guchar header[32]; /* File header */ + guchar header[32], /* File header */ + file_mark, /* KiSS file type */ + bpp; /* Bits per pixel */ gint height, width, /* Dimensions of image */ offx, offy, /* Layer offets */ - colours, /* Number of colours */ - bpp; /* Bits per pixel */ + colours; /* Number of colours */ gint32 image, /* Image */ layer; /* Layer */ @@ -380,17 +381,44 @@ load_image (const gchar *file, return -1; } + file_mark = header[0]; + if (file_mark != 0x20 && file_mark != 0x21) + { + g_set_error (error, G_FILE_ERROR, G_FILE_ERROR_FAILED, + _("is not a CEL image file")); + return -1; + } + bpp = header[1]; - if (bpp == 24) - colours = -1; - else - colours = (1 << header[1]); + switch (bpp) + { + case 4: + case 8: + case 32: + colours = (1 << bpp); + break; + default: + g_set_error (error, G_FILE_ERROR, G_FILE_ERROR_FAILED, + _("illegal bpp value in image: %hhu"), bpp); + return -1; + } + width = header[4] + (256 * header[5]); height = header[6] + (256 * header[7]); offx = header[8] + (256 * header[9]); offy = header[10] + (256 * header[11]); } + if ((width == 0) || (height == 0) || (width + offx > GIMP_MAX_IMAGE_SIZE) || + (height + offy > GIMP_MAX_IMAGE_SIZE)) + { + g_set_error (error, G_FILE_ERROR, G_FILE_ERROR_FAILED, + _("illegal image dimensions: width: %d, horizontal offset: " + "%d, height: %d, vertical offset: %d"), + width, offx, height, offy); + return -1; + } + if (bpp == 32) image = gimp_image_new (width + offx, height + offy, GIMP_RGB); else @@ -555,7 +583,7 @@ load_image (const gchar *file, { colours = load_palette (palette_file, fp, palette, error); fclose (fp); - if (colours < 0) + if (colours < 0 || *error) return -1; } else @@ -589,7 +617,8 @@ load_palette (const gchar *file, { guchar header[32]; /* File header */ guchar buffer[2]; - int i, bpp, colours= 0; + guchar file_mark, bpp; + gint i, colours = 0; size_t n_read; n_read = fread (header, 4, 1, fp); @@ -614,10 +643,36 @@ load_palette (const gchar *file, return -1; } + file_mark = header[4]; + if (file_mark != 0x10) + { + g_set_error (error, G_FILE_ERROR, G_FILE_ERROR_FAILED, + _("'%s': is not a KCF palette file"), + gimp_filename_to_utf8 (file)); + return -1; + } + bpp = header[5]; + if (bpp != 12 && bpp != 24) + { + g_set_error (error, G_FILE_ERROR, G_FILE_ERROR_FAILED, + _("'%s': illegal bpp value in palette: %hhu"), + gimp_filename_to_utf8 (file), bpp); + return -1; + } + colours = header[8] + header[9] * 256; - if (bpp == 12) + if (colours != 16 && colours != 256) { + g_set_error (error, G_FILE_ERROR, G_FILE_ERROR_FAILED, + _("'%s': illegal number of colors: %u"), + gimp_filename_to_utf8 (file), colours); + return -1; + } + + switch (bpp) + { + case 12: for (i = 0; i < colours; ++i) { n_read = fread (buffer, 1, 2, fp); @@ -635,9 +690,8 @@ load_palette (const gchar *file, palette[i*3+1]= (buffer[1] & 0x0f) * 16; palette[i*3+2]= (buffer[0] & 0x0f) * 16; } - } - else - { + break; + case 24: n_read = fread (palette, colours, 3, fp); if (n_read < 3) @@ -647,6 +701,9 @@ load_palette (const gchar *file, gimp_filename_to_utf8 (file)); return -1; } + break; + default: + g_assert_not_reached (); } } else -- 1.7.10.4 ++++++ bnc#763595-0003-file-cel-use-statically-allocated-palette-buffer.patch ++++++ >From 244176ea46fe23e552e9970b52b5bdb6f525661c Mon Sep 17 00:00:00 2001 From: Nils Philippsen <n...@redhat.com> Date: Fri, 13 Jul 2012 15:30:44 +0200 Subject: [PATCH 3/4] file-cel: use statically allocated palette buffer (cherry picked from commit dbf2538d68f2d3194fb12c14fc713ec7836cd59a) --- plug-ins/common/file-cel.c | 6 +----- 1 file changed, 1 insertion(+), 5 deletions(-) diff --git a/plug-ins/common/file-cel.c b/plug-ins/common/file-cel.c index 1b1c424..0f2a4c7 100644 --- a/plug-ins/common/file-cel.c +++ b/plug-ins/common/file-cel.c @@ -558,7 +558,7 @@ load_image (const gchar *file, if (bpp != 32) { /* Use palette from file or otherwise default grey palette */ - palette = g_new (guchar, colours*3); + guchar palette[256*3]; /* Open the file for reading if user picked one */ if (palette_file == NULL) @@ -595,10 +595,6 @@ load_image (const gchar *file, } gimp_image_set_colormap (image, palette + 3, colours - 1); - - /* Close palette file, give back allocated memory */ - - g_free (palette); } /* Now get everything redrawn and hand back the finished image */ -- 1.7.10.4 ++++++ bnc#763595-0004-file-cel-use-g_set_error-for-errors-instead-of-g_mes.patch ++++++ >From a80a3528dcf15ef804f391cec78628d4d57a3174 Mon Sep 17 00:00:00 2001 From: Nils Philippsen <n...@redhat.com> Date: Fri, 13 Jul 2012 15:33:27 +0200 Subject: [PATCH 4/4] file-cel: use g_set_error() for errors instead of g_message() (cherry picked from commit a3b486d952664a6f9b98f7fb8f59042df79f59ef) --- plug-ins/common/file-cel.c | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/plug-ins/common/file-cel.c b/plug-ins/common/file-cel.c index 0f2a4c7..6292d7a 100644 --- a/plug-ins/common/file-cel.c +++ b/plug-ins/common/file-cel.c @@ -426,7 +426,7 @@ load_image (const gchar *file, if (image == -1) { - g_message (_("Can't create a new image")); + g_set_error (error, 0, 0, _("Can't create a new image")); fclose (fp); return -1; } @@ -540,7 +540,8 @@ load_image (const gchar *file, break; default: - g_message (_("Unsupported bit depth (%d)!"), bpp); + g_set_error (error, G_FILE_ERROR, G_FILE_ERROR_FAILED, + _("Unsupported bit depth (%d)!"), bpp); return -1; } -- 1.7.10.4 ++++++ gimp-CVE-2012-3236.patch ++++++ >From 0474376d234bc3d0901fd5e86f89d778a6473dd8 Mon Sep 17 00:00:00 2001 From: Michael Natterer <mi...@gimp.org> Date: Wed, 06 Jun 2012 19:21:10 +0000 Subject: Bug 676804 - file handling DoS for fit file format Apply patch from j...@reactionis.co.uk which fixes a buffer overflow on broken/malicious fits files. (cherry picked from commit ace45631595e8781a1420842582d67160097163c) --- diff --git a/plug-ins/file-fits/fits-io.c b/plug-ins/file-fits/fits-io.c index 03d9652..ed77318 100644 --- a/plug-ins/file-fits/fits-io.c +++ b/plug-ins/file-fits/fits-io.c @@ -1054,10 +1054,18 @@ static FITS_HDU_LIST *fits_decode_header (FITS_RECORD_LIST *hdr, hdulist->used.simple = (strncmp (hdr->data, "SIMPLE ", 8) == 0); hdulist->used.xtension = (strncmp (hdr->data, "XTENSION", 8) == 0); if (hdulist->used.xtension) - { - fdat = fits_decode_card (fits_search_card (hdr, "XTENSION"), typ_fstring); - strcpy (hdulist->xtension, fdat->fstring); - } + { + fdat = fits_decode_card (fits_search_card (hdr, "XTENSION"), typ_fstring); + if (fdat != NULL) + { + strcpy (hdulist->xtension, fdat->fstring); + } + else + { + strcpy (errmsg, "No valid XTENSION header found."); + goto err_return; + } + } FITS_DECODE_CARD (hdr, "NAXIS", fdat, typ_flong); hdulist->naxis = fdat->flong; -- cgit v0.9.0.2 ++++++ gimp-CVE-2012-5576.patch ++++++ >From 0b35f6a082a0b3c372c568ea6bde39a4796acde2 Mon Sep 17 00:00:00 2001 From: Michael Natterer <mi...@gimp.org> Date: Wed, 07 Nov 2012 23:16:31 +0000 Subject: Bug 687392 - Memory corruption vulnerability when reading XWD files Applied and enhanced patch from andres which makes file-xwd detect this kind of file corruption and abort loading with an error message. --- diff --git a/plug-ins/common/file-xwd.c b/plug-ins/common/file-xwd.c index 4e8a95e..f91d757 100644 --- a/plug-ins/common/file-xwd.c +++ b/plug-ins/common/file-xwd.c @@ -186,11 +186,13 @@ static gint32 load_xwd_f2_d16_b16 (const gchar *, static gint32 load_xwd_f2_d24_b32 (const gchar *, FILE *, L_XWDFILEHEADER *, - L_XWDCOLOR *); + L_XWDCOLOR *, + GError **); static gint32 load_xwd_f1_d24_b1 (const gchar *, FILE *, L_XWDFILEHEADER *, - L_XWDCOLOR *); + L_XWDCOLOR *, + GError **); static L_CARD32 read_card32 (FILE *, gint *); @@ -540,7 +542,8 @@ load_image (const gchar *filename, case 1: /* Single plane pixmap */ if ((depth <= 24) && (bpp == 1)) { - image_ID = load_xwd_f1_d24_b1 (filename, ifp, &xwdhdr, xwdcolmap); + image_ID = load_xwd_f1_d24_b1 (filename, ifp, &xwdhdr, xwdcolmap, + error); } break; @@ -559,7 +562,8 @@ load_image (const gchar *filename, } else if ((depth <= 24) && ((bpp == 24) || (bpp == 32))) { - image_ID = load_xwd_f2_d24_b32 (filename, ifp, &xwdhdr, xwdcolmap); + image_ID = load_xwd_f2_d24_b32 (filename, ifp, &xwdhdr, xwdcolmap, + error); } break; } @@ -570,7 +574,7 @@ load_image (const gchar *filename, if (xwdcolmap) g_free (xwdcolmap); - if (image_ID == -1) + if (image_ID == -1 && ! (error && *error)) g_set_error (error, G_FILE_ERROR, G_FILE_ERROR_FAILED, _("XWD-file %s has format %d, depth %d and bits per pixel %d. " "Currently this is not supported."), @@ -1624,10 +1628,11 @@ load_xwd_f2_d16_b16 (const gchar *filename, /* Load XWD with pixmap_format 2, pixmap_depth up to 24, bits_per_pixel 24/32 */ static gint32 -load_xwd_f2_d24_b32 (const gchar *filename, - FILE *ifp, - L_XWDFILEHEADER *xwdhdr, - L_XWDCOLOR *xwdcolmap) +load_xwd_f2_d24_b32 (const gchar *filename, + FILE *ifp, + L_XWDFILEHEADER *xwdhdr, + L_XWDCOLOR *xwdcolmap, + GError **error) { register guchar *dest, lsbyte_first; gint width, height, linepad, i, j, c0, c1, c2, c3; @@ -1652,12 +1657,6 @@ load_xwd_f2_d24_b32 (const gchar *filename, width = xwdhdr->l_pixmap_width; height = xwdhdr->l_pixmap_height; - image_ID = create_new_image (filename, width, height, GIMP_RGB, - &layer_ID, &drawable, &pixel_rgn); - - tile_height = gimp_tile_height (); - data = g_malloc (tile_height * width * 3); - redmask = xwdhdr->l_red_mask; greenmask = xwdhdr->l_green_mask; bluemask = xwdhdr->l_blue_mask; @@ -1685,6 +1684,22 @@ load_xwd_f2_d24_b32 (const gchar *filename, maxblue = 0; while (bluemask >> (blueshift + maxblue)) maxblue++; maxblue = (1 << maxblue) - 1; + if (maxred > sizeof (redmap) || + maxgreen > sizeof (greenmap) || + maxblue > sizeof (bluemap)) + { + g_set_error (error, G_FILE_ERROR, G_FILE_ERROR_FAILED, + _("XWD-file %s is corrupt."), + gimp_filename_to_utf8 (filename)); + return -1; + } + + image_ID = create_new_image (filename, width, height, GIMP_RGB, + &layer_ID, &drawable, &pixel_rgn); + + tile_height = gimp_tile_height (); + data = g_malloc (tile_height * width * 3); + /* Set map-arrays for red, green, blue */ for (red = 0; red <= maxred; red++) redmap[red] = (red * 255) / maxred; @@ -1825,10 +1840,11 @@ load_xwd_f2_d24_b32 (const gchar *filename, /* Load XWD with pixmap_format 1, pixmap_depth up to 24, bits_per_pixel 1 */ static gint32 -load_xwd_f1_d24_b1 (const gchar *filename, - FILE *ifp, - L_XWDFILEHEADER *xwdhdr, - L_XWDCOLOR *xwdcolmap) +load_xwd_f1_d24_b1 (const gchar *filename, + FILE *ifp, + L_XWDFILEHEADER *xwdhdr, + L_XWDCOLOR *xwdcolmap, + GError **error) { register guchar *dest, outmask, inmask, do_reverse; gint width, height, i, j, plane, fromright; @@ -1863,13 +1879,6 @@ load_xwd_f1_d24_b1 (const gchar *filename, indexed = (xwdhdr->l_pixmap_depth <= 8); bytes_per_pixel = (indexed ? 1 : 3); - image_ID = create_new_image (filename, width, height, - indexed ? GIMP_INDEXED : GIMP_RGB, - &layer_ID, &drawable, &pixel_rgn); - - tile_height = gimp_tile_height (); - data = g_malloc (tile_height * width * bytes_per_pixel); - for (j = 0; j < 256; j++) /* Create an array for reversing bits */ { inmask = 0; @@ -1913,6 +1922,16 @@ load_xwd_f1_d24_b1 (const gchar *filename, maxblue = 0; while (bluemask >> (blueshift + maxblue)) maxblue++; maxblue = (1 << maxblue) - 1; + if (maxred > sizeof (redmap) || + maxgreen > sizeof (greenmap) || + maxblue > sizeof (bluemap)) + { + g_set_error (error, G_FILE_ERROR, G_FILE_ERROR_FAILED, + _("XWD-file %s is corrupt."), + gimp_filename_to_utf8 (filename)); + return -1; + } + /* Set map-arrays for red, green, blue */ for (red = 0; red <= maxred; red++) redmap[red] = (red * 255) / maxred; @@ -1922,6 +1941,13 @@ load_xwd_f1_d24_b1 (const gchar *filename, bluemap[blue] = (blue * 255) / maxblue; } + image_ID = create_new_image (filename, width, height, + indexed ? GIMP_INDEXED : GIMP_RGB, + &layer_ID, &drawable, &pixel_rgn); + + tile_height = gimp_tile_height (); + data = g_malloc (tile_height * width * bytes_per_pixel); + ncols = xwdhdr->l_colormap_entries; if (xwdhdr->l_ncolors < ncols) ncols = xwdhdr->l_ncolors; -- cgit v0.9.0.2 ++++++ macros.gimp ++++++ # # Interface versions exposed by GIMP: # %gimp_api_version @GIMP_APIVER@ %gimp_abi_version @GIMP_ABIVER@++++++ openSUSE.gpl ++++++ GIMP Palette Name: openSUSE Columns: 7 # 252 177 28 Orange Light 255 255 102 Butter Light 145 208 7 Lemon Light 212 196 255 Plum Light 80 128 255 Sky Light 186 189 182 Dust Light 255 77 77 Blood Light 227 83 2 Orange 178 178 71 Butter 33 120 8 Lemon 77 68 102 Plum 0 0 116 Sky 46 52 54 Dust 140 0 0 Blood 115 186 37 SUSE Green -- To unsubscribe, e-mail: opensuse-commit+unsubscr...@opensuse.org For additional commands, e-mail: opensuse-commit+h...@opensuse.org
