commit OpenEXR for openSUSE:Factory

Hello community, here is the log from the commit of package OpenEXR for openSUSE:Factory checked in at Wed Sep 2 18:34:04 CEST 2009. -------- --- OpenEXR/OpenEXR.changes 2009-03-02 05:42:46.000000000 +0100 +++ OpenEXR/OpenEXR.changes 2009-08-04 09:14:16.000000000 +0200 @@ -1,0 +2,8 @@ +Tue Aug 4 07:09:30 UTC 2009 - mvyskocil@suse.cz + +- fixed bnc#527539: VUL-0: OpenEXR: [ MDVSA-2009:190 ] OpenEXR + used patches from Mandriva + * CVE-2009-1720 + * CVE-2009-1721 + +------------------------------------------------------------------- calling whatdependson for head-i586 New: ---- OpenEXR-1.6.1-CVE-2009-1720-1.diff OpenEXR-1.6.1-CVE-2009-1720-2.diff OpenEXR-1.6.1-CVE-2009-1721.diff ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ OpenEXR.spec ++++++ --- /var/tmp/diff_new_pack.rsDqrr/_old 2009-09-02 18:32:17.000000000 +0200 +++ /var/tmp/diff_new_pack.rsDqrr/_new 2009-09-02 18:32:17.000000000 +0200 @@ -22,8 +22,8 @@ BuildRequires: IlmBase-devel fltk-devel freeglut-devel gcc-c++ libdrm-devel Summary: Library to Handle EXR Pictures in 16-Bit Floating-Point Format Version: 1.6.1 -Release: 84 -License: BSD 3-Clause; GPL v2 or later +Release: 85 +License: BSD 3-clause (or similar) ; GPL v2 or later Group: Development/Libraries/C and C++ Url: http://www.openexr.com/ BuildRoot: %{_tmppath}/%{name}-%{version}-build @@ -35,6 +35,9 @@ Source0: openexr-%version.tar.bz2 Patch0: OpenEXR-docdir.patch Patch1: OpenEXR-include-string_h.patch +Patch3: OpenEXR-1.6.1-CVE-2009-1720-1.diff +Patch4: OpenEXR-1.6.1-CVE-2009-1720-2.diff +Patch5: OpenEXR-1.6.1-CVE-2009-1721.diff %description OpenEXR is a high dynamic-range (HDR) image file format developed by @@ -91,7 +94,7 @@ Lutz Latta %package devel -License: BSD 3-Clause; GPL v2 or later +License: BSD 3-clause (or similar) ; GPL v2 or later Requires: OpenEXR = %version zlib-devel IlmBase-devel Group: Development/Libraries/C and C++ Summary: Library to Handle EXR Pictures (16-bit floating-point format) @@ -145,7 +148,7 @@ Lutz Latta %package doc -License: BSD 3-Clause; GPL v2 or later +License: BSD 3-clause (or similar) ; GPL v2 or later Group: Development/Libraries/C and C++ Summary: Library to Handle EXR Pictures in 16-Bit Floating-Point Format @@ -207,6 +210,9 @@ %setup -q -n openexr-%{version} %patch0 -b .sav %patch1 -b .sav +%patch3 -p1 -b .CVE-2009-1720-1 +%patch4 -p1 -b .CVE-2009-1720-2 +%patch5 -p1 -b .CVE-2009-1721 # rename a non-linux file rm README.win32 ++++++ OpenEXR-1.6.1-CVE-2009-1720-1.diff ++++++ Fix integer overflow in Imf::PreviewImage::PreviewImage, CVE-2009-1720 [1/2]. --- a/IlmImf/ImfPreviewImage.cpp +++ b/IlmImf/ImfPreviewImage.cpp @@ -40,6 +40,7 @@ //----------------------------------------------------------------------------- #include +#include <climits> #include "Iex.h" namespace Imf { @@ -51,6 +52,10 @@ PreviewImage::PreviewImage (unsigned int { _width = width; _height = height; + + if ((_height && (_width > UINT_MAX / _height)) || (_width * _height > UINT_MAX / sizeof(PreviewRgba))) + throw Iex::ArgExc ("Invalid height and width."); + _pixels = new PreviewRgba [_width * _height]; if (pixels) ++++++ OpenEXR-1.6.1-CVE-2009-1720-2.diff ++++++ Fix integer overflows in compressor constructors, CVE-2009-1720 [2/2]. --- a/IlmImf/ImfPizCompressor.cpp +++ b/IlmImf/ImfPizCompressor.cpp @@ -53,6 +53,7 @@ #include #include #include +#include <climits> namespace Imf { @@ -181,6 +182,9 @@ PizCompressor::PizCompressor _channels (hdr.channels()), _channelData (0) { + if ((unsigned) maxScanLineSize > (INT_MAX - 65536 - 8192) / (unsigned) numScanLines) + throw InputExc ("Error: maxScanLineSize * numScanLines would overflow."); + _tmpBuffer = new unsigned short [maxScanLineSize * numScanLines / 2]; _outBuffer = new char [maxScanLineSize * numScanLines + 65536 + 8192]; --- a/IlmImf/ImfPxr24Compressor.cpp +++ b/IlmImf/ImfPxr24Compressor.cpp @@ -73,6 +73,7 @@ #include #include #include <algorithm> +#include <climits> using namespace std; using namespace Imath; @@ -187,6 +188,9 @@ Pxr24Compressor::Pxr24Compressor (const { int maxInBytes = maxScanLineSize * numScanLines; + if ((unsigned) maxScanLineSize > INT_MAX / (unsigned) numScanLines) + throw Iex::InputExc ("Error: maxScanLineSize * numScanLines would overflow."); + _tmpBuffer = new unsigned char [maxInBytes]; _outBuffer = new char [int (ceil (maxInBytes * 1.01)) + 100]; --- a/IlmImf/ImfRleCompressor.cpp +++ b/IlmImf/ImfRleCompressor.cpp @@ -41,6 +41,7 @@ //----------------------------------------------------------------------------- #include +#include <climits> #include "Iex.h" namespace Imf { @@ -164,6 +165,9 @@ RleCompressor::RleCompressor (const Head _tmpBuffer (0), _outBuffer (0) { + if ((unsigned) maxScanLineSize > INT_MAX / 3) + throw Iex::InputExc ("Error: maxScanLineSize * 3 would overflow"); + _tmpBuffer = new char [maxScanLineSize]; _outBuffer = new char [maxScanLineSize * 3 / 2]; } --- a/IlmImf/ImfZipCompressor.cpp +++ b/IlmImf/ImfZipCompressor.cpp @@ -43,6 +43,7 @@ #include #include "Iex.h" #include +#include <climits> namespace Imf { @@ -58,6 +59,9 @@ ZipCompressor::ZipCompressor _tmpBuffer (0), _outBuffer (0) { + if ((unsigned) maxScanLineSize > INT_MAX / (unsigned) numScanLines) + throw Iex::InputExc ("Error: maxScanLineSize * numScanLines would overflow."); + _tmpBuffer = new char [maxScanLineSize * numScanLines]; ++++++ OpenEXR-1.6.1-CVE-2009-1721.diff ++++++ Fix freeing uninitialized pointers in Imf::hufUncompress, CVE-2009-1721. --- a/IlmImf/ImfAutoArray.h +++ b/IlmImf/ImfAutoArray.h @@ -57,7 +57,7 @@ namespace Imf { { public: - AutoArray (): _data (new T [size]) {} + AutoArray (): _data (new T [size]) {memset(_data, 0, size * sizeof(T));} ~AutoArray () {delete [] _data;} operator T * () {return _data;} ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Remember to have fun... -- To unsubscribe, e-mail: opensuse-commit+unsubscribe@opensuse.org For additional commands, e-mail: opensuse-commit+help@opensuse.org