diff --git a/gimp-psd-overflow.patch b/gimp-psd-overflow.patch new file mode 100644 index 0000000..a77941d --- /dev/null +++ b/gimp-psd-overflow.patch @@ -0,0 +1,37 @@ +Index: gimp-2.2.13/plug-ins/common/psd.c +=================================================================== +--- gimp-2.2.13.orig/plug-ins/common/psd.c ++++ gimp-2.2.13/plug-ins/common/psd.c +@@ -1771,6 +1771,7 @@ load_image (const gchar *name) + gint32 iter; + fpos_t tmpfpos; + int red_chan, grn_chan, blu_chan, alpha_chan, ichan; ++ gint lidx, cidx; + + IFDBG printf("------- %s ---------------------------------\n",name); + +@@ -1789,6 +1790,24 @@ load_image (const gchar *name) + + read_whole_file (fd); + ++ for (lidx = 0; lidx < psd_image.num_layers; ++lidx) { ++ PSDlayer tl = psd_image.layer[lidx]; ++ ++ for (cidx = 0; cidx < tl.num_channels; ++cidx) { ++ PSDchannel tc = tl.channel[cidx]; ++ ++ if (tc.width > 30000 || tc.width < 1 || ++ tc.height > 30000 || tc.height < 1) { ++ /* No good! */ ++ ++ g_message (_("Invalid file: %s"), ++ gimp_filename_to_utf8 (name)); ++ /* Is it necessary to free up anything else? */ ++ fclose (fd); ++ return -1; ++ } ++ } ++ } + if (psd_image.num_layers > 0) /* PS3-style */ + { + int lnum; diff --git a/gimp.changes b/gimp.changes index d91f88c..69cc99f 100644 --- a/gimp.changes +++ b/gimp.changes @@ -1,3 +1,9 @@ +------------------------------------------------------------------- +Wed Jul 4 00:22:16 CEST 2007 - maw@suse.de + +- Add gimp-psd-overflow.patch (#284288 and CVE-2007-2949), fixing + a buffer overflow. + ------------------------------------------------------------------- Fri May 4 15:32:01 CEST 2007 - sbrabec@suse.cz diff --git a/gimp.spec b/gimp.spec index 80119f3..515648f 100644 --- a/gimp.spec +++ b/gimp.spec @@ -21,8 +21,8 @@ BuildRequires: python-gtk %endif URL: http://www.gimp.org/ Version: 2.2.13 -Release: 60 -License: GNU General Public License (GPL) +Release: 87 +License: GPL v2 or later Group: Productivity/Graphics/Bitmap Editors Provides: gimp2 gimp-2.0 Obsoletes: libgimp gimp2-svg gimp2 @@ -36,6 +36,7 @@ Source1: gimp-logo.png Source2: gimp-splash.png Patch: gimp-default-browser.patch Patch1: gimp-sunras-overflow.patch +Patch2: gimp-psd-overflow.patch BuildRoot: %{_tmppath}/%{name}-%{version}-build %description @@ -720,6 +721,9 @@ rm -rf $RPM_BUILD_ROOT %{_datadir}/gtk-doc/html/* %changelog +* Wed Jul 04 2007 - maw@suse.de +- Add gimp-psd-overflow.patch (#284288 and CVE-2007-2949), fixing + a buffer overflow. * Fri May 04 2007 - sbrabec@suse.cz - Fixed buffer overflow in sunras plugin (#270506, GNOME#433902, CVE-2007-2356).