pool/gimp
SHA256
5
0
Fork 1
Code Issues Pull Requests Packages Projects Releases Wiki Activity

OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/gimp?expand=0&rev=4

Browse Source
This commit is contained in:
OBS User unknown 2007-07-05 08:12:35 +00:00 committed by Git OBS Bridge
parent ee2541b2bd
commit 925f4aee13
3 changed files with 49 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

37
gimp-psd-overflow.patch Normal file
View File

@ -0,0 +1,37 @@
Index: gimp-2.2.13/plug-ins/common/psd.c
===================================================================
--- gimp-2.2.13.orig/plug-ins/common/psd.c
+++ gimp-2.2.13/plug-ins/common/psd.c
@@ -1771,6 +1771,7 @@ load_image (const gchar *name)
gint32 iter;
fpos_t tmpfpos;
int red_chan, grn_chan, blu_chan, alpha_chan, ichan;
+ gint lidx, cidx;
IFDBG printf("------- %s ---------------------------------\n",name);
@@ -1789,6 +1790,24 @@ load_image (const gchar *name)
read_whole_file (fd);
+ for (lidx = 0; lidx < psd_image.num_layers; ++lidx) {
+ PSDlayer tl = psd_image.layer[lidx];
+
+ for (cidx = 0; cidx < tl.num_channels; ++cidx) {
+ PSDchannel tc = tl.channel[cidx];
+
+ if (tc.width > 30000 || tc.width < 1 ||
+ tc.height > 30000 || tc.height < 1) {
+ /* No good! */
+
+ g_message (_("Invalid file: %s"),
+ gimp_filename_to_utf8 (name));
+ /* Is it necessary to free up anything else? */
+ fclose (fd);
+ return -1;
+ }
+ }
+ }
if (psd_image.num_layers > 0) /* PS3-style */
{
int lnum;

6
gimp.changes
View File

@ -1,3 +1,9 @@
-------------------------------------------------------------------
Wed Jul 4 00:22:16 CEST 2007 - maw@suse.de
- Add gimp-psd-overflow.patch (#284288 and CVE-2007-2949), fixing
a buffer overflow.
-------------------------------------------------------------------
Fri May 4 15:32:01 CEST 2007 - sbrabec@suse.cz

8
gimp.spec
View File

@ -21,8 +21,8 @@ BuildRequires: python-gtk
%endif
URL: http://www.gimp.org/
Version: 2.2.13
Release: 60
License: GNU General Public License (GPL)
Release: 87
License: GPL v2 or later
Group: Productivity/Graphics/Bitmap Editors
Provides: gimp2 gimp-2.0
Obsoletes: libgimp gimp2-svg gimp2
@ -36,6 +36,7 @@ Source1: gimp-logo.png
Source2: gimp-splash.png
Patch: gimp-default-browser.patch
Patch1: gimp-sunras-overflow.patch
Patch2: gimp-psd-overflow.patch
BuildRoot: %{_tmppath}/%{name}-%{version}-build
%description
@ -720,6 +721,9 @@ rm -rf $RPM_BUILD_ROOT
%{_datadir}/gtk-doc/html/*
%changelog
* Wed Jul 04 2007 - maw@suse.de
- Add gimp-psd-overflow.patch (#284288 and CVE-2007-2949), fixing
a buffer overflow.
* Fri May 04 2007 - sbrabec@suse.cz
- Fixed buffer overflow in sunras plugin (#270506, GNOME#433902,
CVE-2007-2356).