pool/gimp
SHA256
6
0
Fork 1
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Accepting request 125934 from GNOME:Apps

Browse Source 
CVE-2012-3236 (forwarded request 125930 from dimstar)

OBS-URL: https://build.opensuse.org/request/show/125934
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/gimp?expand=0&rev=79
This commit is contained in:
Stephan Kulow 2012-06-26 13:37:56 +00:00 committed by Git OBS Bridge
parent 194984aad3
commit 9293d9150b
3 changed files with 47 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

38
gimp-CVE-2012-3236.patch Normal file
View File

@ -0,0 +1,38 @@
From 0474376d234bc3d0901fd5e86f89d778a6473dd8 Mon Sep 17 00:00:00 2001
From: Michael Natterer <mitch@gimp.org>
Date: Wed, 06 Jun 2012 19:21:10 +0000
Subject: Bug 676804 - file handling DoS for fit file format
Apply patch from joe@reactionis.co.uk which fixes a buffer overflow on
broken/malicious fits files.
(cherry picked from commit ace45631595e8781a1420842582d67160097163c)
---
diff --git a/plug-ins/file-fits/fits-io.c b/plug-ins/file-fits/fits-io.c
index 03d9652..ed77318 100644
--- a/plug-ins/file-fits/fits-io.c
+++ b/plug-ins/file-fits/fits-io.c
@@ -1054,10 +1054,18 @@ static FITS_HDU_LIST *fits_decode_header (FITS_RECORD_LIST *hdr,
hdulist->used.simple = (strncmp (hdr->data, "SIMPLE ", 8) == 0);
hdulist->used.xtension = (strncmp (hdr->data, "XTENSION", 8) == 0);
if (hdulist->used.xtension)
- {
- fdat = fits_decode_card (fits_search_card (hdr, "XTENSION"), typ_fstring);
- strcpy (hdulist->xtension, fdat->fstring);
- }
+ {
+ fdat = fits_decode_card (fits_search_card (hdr, "XTENSION"), typ_fstring);
+ if (fdat != NULL)
+ {
+ strcpy (hdulist->xtension, fdat->fstring);
+ }
+ else
+ {
+ strcpy (errmsg, "No valid XTENSION header found.");
+ goto err_return;
+ }
+ }
FITS_DECODE_CARD (hdr, "NAXIS", fdat, typ_flong);
hdulist->naxis = fdat->flong;
--
cgit v0.9.0.2

6
gimp.changes
View File

@ -1,3 +1,9 @@
-------------------------------------------------------------------
Mon Jun 25 09:51:07 CEST 2012 - vuntz@opensuse.org
- Add gimp-CVE-2012-3236.patch: fix crash in file handling for fit
files. Fix CVE-2012-3236, bnc#768376.
------------------------------------------------------------------- -------------------------------------------------------------------
Mon May 14 13:05:34 UTC 2012 - vuntz@opensuse.org Mon May 14 13:05:34 UTC 2012 - vuntz@opensuse.org

3
gimp.spec
View File

@ -81,6 +81,8 @@ Source1: macros.gimp
# openSUSE palette file # openSUSE palette file
Source2: openSUSE.gpl Source2: openSUSE.gpl
Source99: baselibs.conf Source99: baselibs.conf
# PATCH-FIX-UPSTREAM gimp-CVE-2012-3236.patch bnc#768376 bgo#676804 CVE-2012-3236 vuntz@opensuse.org -- Fix crash in file handling for fit files, taken from git
Patch0: gimp-CVE-2012-3236.patch
Requires: %{name}-branding = %{version} Requires: %{name}-branding = %{version}
Recommends: %{name}-lang Recommends: %{name}-lang
Recommends: %{name}-help-browser Recommends: %{name}-help-browser
@ -246,6 +248,7 @@ translation-update-upstream po-python gimp20-python
translation-update-upstream po-script-fu gimp20-script-fu translation-update-upstream po-script-fu gimp20-script-fu
translation-update-upstream po-plug-ins gimp20-std-plug-ins translation-update-upstream po-plug-ins gimp20-std-plug-ins
translation-update-upstream po-tips gimp20-tips translation-update-upstream po-tips gimp20-tips
%patch0 -p1
# Safety check for ABI version change. # Safety check for ABI version change.
vabi=`printf "%d" $(sed -n '/#define GIMP_MODULE_ABI_VERSION/{s/.* //;p}' libgimpmodule/gimpmodule.h)` vabi=`printf "%d" $(sed -n '/#define GIMP_MODULE_ABI_VERSION/{s/.* //;p}' libgimpmodule/gimpmodule.h)`
if test "x${vabi}" != "x%{abiver}"; then if test "x${vabi}" != "x%{abiver}"; then