OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/gimp?expand=0&rev=3

gimp-sunras-overflow.patch

@@ -0,0 +1,63 @@
+------------------------------------------------------------------------
+r22356 | neo | 2007-04-27 13:50:58 +0200 (Pá, 27 dub 2007) | 8 lines
+
+2007-04-27  Sven Neumann  <sven@gimp.org>
+
+	Merged from trunk:
+
+	* plug-ins/common/sunras.c (set_color_table): guard against a
+	possible stack overflow.
+
+
+------------------------------------------------------------------------
+Index: sunras.c
+===================================================================
+--- plug-ins/common/sunras.c	(revision 22355)
++++ plug-ins/common/sunras.c	(revision 22356)
+@@ -102,8 +102,7 @@
+                           gint32            image_ID,
+                           gint32            drawable_ID);
+ 
+-static void set_color_table (gint32, L_SUNFILEHEADER *, unsigned char *);
+-
++static void   set_color_table  (gint32, L_SUNFILEHEADER *, const guchar *);
+ static gint32 create_new_image (const gchar   *filename,
+                                 guint          width,
+                                 guint          height,
+@@ -865,19 +864,20 @@
+ static void
+ set_color_table (gint32           image_ID,
+ 		 L_SUNFILEHEADER *sunhdr,
+-		 guchar          *suncolmap)
++		 const guchar    *suncolmap)
+ {
+-  int ncols, j;
+-  guchar ColorMap[256*3];
++  guchar ColorMap[256 * 3];
++  gint   ncols, j;
+ 
+   ncols = sunhdr->l_ras_maplength / 3;
+-  if (ncols <= 0) return;
++  if (ncols <= 0)
++    return;
+ 
+-  for (j = 0; j < ncols; j++)
++  for (j = 0; j < MIN (ncols, 256); j++)
+     {
+-      ColorMap[j*3]   = suncolmap[j];
+-      ColorMap[j*3+1] = suncolmap[j+ncols];
+-      ColorMap[j*3+2] = suncolmap[j+2*ncols];
++      ColorMap[j * 3 + 0] = suncolmap[j];
++      ColorMap[j * 3 + 1] = suncolmap[j + ncols];
++      ColorMap[j * 3 + 2] = suncolmap[j + 2 * ncols];
+     }
+ 
+ #ifdef DEBUG
+@@ -886,6 +886,7 @@
+     printf ("%3d: 0x%02x 0x%02x 0x%02x\n", j,
+ 	    ColorMap[j*3], ColorMap[j*3+1], ColorMap[j*3+2]);
+ #endif
++
+   gimp_image_set_colormap (image_ID, ColorMap, ncols);
+ }
+ 

gimp.changes

@@ -1,3 +1,9 @@
+-------------------------------------------------------------------
+Fri May  4 15:32:01 CEST 2007 - sbrabec@suse.cz
+
+- Fixed buffer overflow in sunras plugin (#270506, GNOME#433902,
+  CVE-2007-2356).
+
 -------------------------------------------------------------------
 Tue Feb 27 22:39:05 CET 2007 - dmueller@suse.de
 

gimp.spec

@@ -21,7 +21,7 @@ BuildRequires:  python-gtk
 %endif
 URL:            http://www.gimp.org/
 Version:        2.2.13
-Release:        46
+Release:        60
 License:        GNU General Public License (GPL)
 Group:          Productivity/Graphics/Bitmap Editors
 Provides:       gimp2 gimp-2.0
@@ -35,6 +35,7 @@ Source:         ftp://ftp.gimp.org/pub/gimp/v2.2/%{name}-%{version}.tar.bz2
 Source1:        gimp-logo.png
 Source2:        gimp-splash.png
 Patch:          gimp-default-browser.patch
+Patch1:         gimp-sunras-overflow.patch
 BuildRoot:      %{_tmppath}/%{name}-%{version}-build
 
 %description
@@ -419,7 +420,7 @@ Authors:
     Shirasaki Yasuhiro
 
 %package doc
-Summary:        Additional Package Documentation.
+Summary:        Additional Package Documentation for GIMP.
 Provides:       gimp2-doc gimp-2.0-doc
 Requires:       %{name} = %{version}
 Obsoletes:      gimpdev libgimpd gimp2-devel
@@ -631,6 +632,7 @@ Authors:
 # gimpbilinear.c: 179, 132
 # fit.c: 1302
 %patch
+%patch1
 rm po*/no.*
 sed -i "/ALL_LINGUAS=/s/ no / /" configure.in
 
@@ -718,6 +720,9 @@ rm -rf $RPM_BUILD_ROOT
 %{_datadir}/gtk-doc/html/*
 
 %changelog
+* Fri May 04 2007 - sbrabec@suse.cz
+- Fixed buffer overflow in sunras plugin (#270506, GNOME#433902,
+  CVE-2007-2356).
 * Tue Feb 27 2007 - dmueller@suse.de
 - adjust BuildRequires: libexif->libexif-devel
 * Wed Jan 03 2007 - sbrabec@suse.cz