Hello community, here is the log from the commit of package ghostscript-library for openSUSE:Factory checked in at Fri May 15 22:17:15 CEST 2009. -------- --- ghostscript-library/ghostscript-library.changes 2009-04-16 16:20:49.000000000 +0200 +++ ghostscript-library/ghostscript-library.changes 2009-05-13 17:28:27.000000000 +0200 @@ -1,0 +2,10 @@ +Wed May 13 17:26:49 CEST 2009 - werner@suse.de + +- Complete patch for CVE-2009-0792 (bnc#491897) + +------------------------------------------------------------------- +Wed May 13 15:07:07 CEST 2009 - werner@suse.de + +- Remove broken part of workaround for bnc#492765 + +------------------------------------------------------------------- calling whatdependson for head-i586 Old: ---- ghostscript-mini.changes ghostscript-mini.spec ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ ghostscript-library.spec ++++++ --- /var/tmp/diff_new_pack.d12131/_old 2009-05-15 22:13:45.000000000 +0200 +++ /var/tmp/diff_new_pack.d12131/_new 2009-05-15 22:13:45.000000000 +0200 @@ -59,7 +59,7 @@ Summary: Necessary Files for Running Ghostscript %endif Version: 8.62 -Release: 65 +Release: 66 License: GPL v2 or later Source0: ghostscript-8.62.tar.bz2 Source1: ftp://mirror.cs.wisc.edu/pub/mirrors/ghost/GPL/current/ghostscript-fonts-std-8.11.tar.bz2 @@ -320,7 +320,7 @@ %package -n libgimpprint License: GPL v2 or later Version: 4.2.7 -Release: 306 +Release: 307 Summary: Gimp-Print libraries Group: Development/Libraries/C and C++ @@ -336,7 +336,7 @@ %package -n libgimpprint-devel License: GPL v2 or later Version: 4.2.7 -Release: 306 +Release: 307 PreReq: %install_info_prereq Requires: libgimpprint = %{version} Requires: glibc-devel @@ -1345,6 +1345,10 @@ %endif %changelog +* Wed May 13 2009 werner@suse.de +- Complete patch for CVE-2009-0792 (bnc#491897) +* Wed May 13 2009 werner@suse.de +- Remove broken part of workaround for bnc#492765 * Thu Apr 16 2009 werner@suse.de - Use initial workaround for bnc#492765 * Tue Apr 07 2009 werner@suse.de ++++++ ghostscript-BCN-492765.patch ++++++ --- /var/tmp/diff_new_pack.d12131/_old 2009-05-15 22:13:47.000000000 +0200 +++ /var/tmp/diff_new_pack.d12131/_new 2009-05-15 22:13:47.000000000 +0200 @@ -20,12 +20,3 @@ rlen -= qbit;\ switch ( rlen >> 3 )\ {\ -@@ -329,7 +331,7 @@ ck_eol: - goto out; - } - } -- if (rows_left == 0) { -+ if (rows_left <= 0) { - status = EOFC; - goto out; - } ++++++ ghostscript-CVE-2009-0792.patch ++++++ --- /var/tmp/diff_new_pack.d12131/_old 2009-05-15 22:13:47.000000000 +0200 +++ /var/tmp/diff_new_pack.d12131/_new 2009-05-15 22:13:47.000000000 +0200 @@ -1,6 +1,14 @@ -diff -up icclib/icc.c icclib/icc.c --- icclib/icc.c -+++ icclib/icc.c 2009-04-03 15:53:39.000000000 +0100 ++++ icclib/icc.c 2009-05-13 17:25:37.561902246 +0200 +@@ -2982,7 +2982,7 @@ static int icmCurve_lookup_fwd( + rv |= 1; + } + ix = (int)floor(val); /* Coordinate */ +- if (ix > (p->size-2)) ++ if (ix < 0 || ix > (p->size-2)) + ix = (p->size-2); + w = val - (double)ix; /* weight */ + val = p->data[ix]; @@ -3004,6 +3004,11 @@ static int icmTable_setup_bwd( ) { int i; @@ -83,6 +91,42 @@ sprintf(icp->err,"icmText_alloc: malloc() of icmText data failed"); return icp->errc = 2; } +@@ -4301,7 +4319,7 @@ double *in /* Input array[inputChan] */ + rv |= 1; + } + ix = (int)floor(val); /* Grid coordinate */ +- if (ix > (p->inputEnt-2)) ++ if (ix < 0 || ix > (p->inputEnt-2)) + ix = (p->inputEnt-2); + w = val - (double)ix; /* weight */ + val = table[ix]; +@@ -4360,7 +4378,7 @@ double *in /* Input array[outputChan] * + rv |= 1; + } + x = (int)floor(val); /* Grid coordinate */ +- if (x > clutPoints_2) ++ if (x < 0 || x > clutPoints_2) + x = clutPoints_2; + co[e] = val - (double)x; /* 1.0 - weight */ + gp += x * p->dinc[e]; /* Add index offset for base of cube */ +@@ -4433,7 +4451,7 @@ double *in /* Input array[outputChan] * + rv |= 1; + } + x = (int)floor(val); /* Grid coordinate */ +- if (x > clutPoints_2) ++ if (x < 0 || x > clutPoints_2) + x = clutPoints_2; + co[e] = val - (double)x; /* 1.0 - weight */ + gp += x * p->dinc[e]; /* Add index offset for base of cube */ +@@ -4506,7 +4524,7 @@ double *in /* Input array[outputChan] * + rv |= 1; + } + ix = (int)floor(val); /* Grid coordinate */ +- if (ix > (p->outputEnt-2)) ++ if (ix < 0 || ix > (p->outputEnt-2)) + ix = (p->outputEnt-2); + w = val - (double)ix; /* weight */ + val = table[ix]; @@ -6714,7 +6732,7 @@ static int icmTextDescription_allocate( if (p->size != p->_size) { if (p->desc != NULL) @@ -119,3 +163,12 @@ sprintf(icp->err,"icmCrdInfo_alloc: malloc() of CRD%d name string failed",t); return icp->errc = 2; } +@@ -9642,7 +9660,7 @@ static int icc_write( + if (p->errc) + return p->errc; + +- if (p->count > (UINT_MAX - 4 - len) / 12) { ++ if (p->count > (UINT_MAX - 4) / 12) { + sprintf(p->err,"icc_write: too many tags"); + return p->errc = 1; + } ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Remember to have fun... -- To unsubscribe, e-mail: opensuse-commit+unsubscribe@opensuse.org For additional commands, e-mail: opensuse-commit+help@opensuse.org