Accepting request 125934 from GNOME:Apps

CVE-2012-3236 (forwarded request 125930 from dimstar) OBS-URL: https://build.opensuse.org/request/show/125934 OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/gimp?expand=0&rev=79
2012-06-26 13:37:56 +00:00 · 2012-06-26 13:37:56 +00:00 · 9293d9150b
commit 9293d9150b
parent 194984aad3
3 changed files with 47 additions and 0 deletions
--- a/gimp-CVE-2012-3236.patch
+++ b/gimp-CVE-2012-3236.patch
@ -0,0 +1,38 @@
+From 0474376d234bc3d0901fd5e86f89d778a6473dd8 Mon Sep 17 00:00:00 2001
+From: Michael Natterer <mitch@gimp.org>
+Date: Wed, 06 Jun 2012 19:21:10 +0000
+Subject: Bug 676804 - file handling DoS for fit file format
+
+Apply patch from joe@reactionis.co.uk which fixes a buffer overflow on
+broken/malicious fits files.
+(cherry picked from commit ace45631595e8781a1420842582d67160097163c)
+---
+diff --git a/plug-ins/file-fits/fits-io.c b/plug-ins/file-fits/fits-io.c
+index 03d9652..ed77318 100644
+--- a/plug-ins/file-fits/fits-io.c
+++ b/plug-ins/file-fits/fits-io.c
+@@ -1054,10 +1054,18 @@ static FITS_HDU_LIST *fits_decode_header (FITS_RECORD_LIST *hdr,
+  hdulist->used.simple = (strncmp (hdr->data, "SIMPLE  ", 8) == 0);
+  hdulist->used.xtension = (strncmp (hdr->data, "XTENSION", 8) == 0);
+  if (hdulist->used.xtension)
+- {
+-   fdat = fits_decode_card (fits_search_card (hdr, "XTENSION"), typ_fstring);
+-   strcpy (hdulist->xtension, fdat->fstring);
+- }
+   {
+     fdat = fits_decode_card (fits_search_card (hdr, "XTENSION"), typ_fstring);
+     if (fdat != NULL)
+       {
+         strcpy (hdulist->xtension, fdat->fstring);
+       }
+     else
+       {
+         strcpy (errmsg, "No valid XTENSION header found.");
+         goto err_return;
+       }
+   }
+ 
+  FITS_DECODE_CARD (hdr, "NAXIS", fdat, typ_flong);
+  hdulist->naxis = fdat->flong;
+--
+cgit v0.9.0.2
--- a/gimp.changes
+++ b/gimp.changes
@ -1,3 +1,9 @@
+-------------------------------------------------------------------
+Mon Jun 25 09:51:07 CEST 2012 - vuntz@opensuse.org
+
+- Add gimp-CVE-2012-3236.patch: fix crash in file handling for fit
+  files. Fix CVE-2012-3236, bnc#768376.
+
 -------------------------------------------------------------------
 Mon May 14 13:05:34 UTC 2012 - vuntz@opensuse.org

--- a/gimp.spec
+++ b/gimp.spec
@ -81,6 +81,8 @@ Source1:        macros.gimp
 # openSUSE palette file
 Source2:        openSUSE.gpl
 Source99:       baselibs.conf
+# PATCH-FIX-UPSTREAM gimp-CVE-2012-3236.patch bnc#768376 bgo#676804 CVE-2012-3236 vuntz@opensuse.org -- Fix crash in file handling for fit files, taken from git
+Patch0:         gimp-CVE-2012-3236.patch
 Requires:       %{name}-branding = %{version}
 Recommends:     %{name}-lang
 Recommends:     %{name}-help-browser
@ -246,6 +248,7 @@ translation-update-upstream po-python gimp20-python
 translation-update-upstream po-script-fu gimp20-script-fu
 translation-update-upstream po-plug-ins gimp20-std-plug-ins
 translation-update-upstream po-tips gimp20-tips
+%patch0 -p1
 # Safety check for ABI version change.
 vabi=`printf "%d" $(sed -n '/#define GIMP_MODULE_ABI_VERSION/{s/.* //;p}' libgimpmodule/gimpmodule.h)`
 if test "x${vabi}" != "x%{abiver}"; then