Hello community, here is the log from the commit of package optipng for openSUSE:Factory checked in at Thu Feb 26 18:13:30 CET 2009. -------- --- optipng/optipng.changes 2009-01-13 17:43:42.000000000 +0100 +++ optipng/optipng.changes 2009-02-24 15:58:23.258014000 +0100 @@ -1,0 +2,6 @@ +Tue Feb 24 10:28:55 CET 2009 - pgajdos@suse.cz + +- fixed security bug: memory reallocation vulnerability [bnc#479067] + * reallocation-security.diff + +------------------------------------------------------------------- calling whatdependson for head-i586 New: ---- optipng-0.6.2-reallocation-security.diff ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ optipng.spec ++++++ --- /var/tmp/diff_new_pack.t20543/_old 2009-02-26 18:10:54.000000000 +0100 +++ /var/tmp/diff_new_pack.t20543/_new 2009-02-26 18:10:54.000000000 +0100 @@ -24,12 +24,13 @@ Group: Productivity/Archiving/Compression Summary: A PNG File Compressor Version: 0.6.2 -Release: 1 +Release: 2 Url: http://optipng.sourceforge.net/ BuildRoot: %{_tmppath}/%{name}-%{version}-build Source0: %name-%{version}.tar.bz2 Source1: macros.optipng Patch0: optipng-suse-paths.diff +Patch1: %{name}-%{version}-reallocation-security.diff %description OptiPNG is a PNG optimizer that recompresses image files to a smaller @@ -46,6 +47,7 @@ %prep %setup -q %patch0 +%patch1 -p1 %build ./configure -with-system-zlib -with-system-libpng @@ -66,6 +68,9 @@ /etc/rpm/macros.optipng %changelog +* Tue Feb 24 2009 pgajdos@suse.cz +- fixed security bug: memory reallocation vulnerability [bnc#479067] + * reallocation-security.diff * Tue Jan 13 2009 pgajdos@suse.cz - update to 0.6.2 * fixes CVE-2008-5101, patch removed` ++++++ optipng-0.6.2-reallocation-security.diff ++++++ diff -ru optipng-0.6.2/lib/pngxtern/gif/gifread.c optipng-0.6.2.1/lib/pngxtern/gif/gifread.c --- optipng-0.6.2/lib/pngxtern/gif/gifread.c 2006-08-10 20:17:00.000000000 -0400 +++ optipng-0.6.2.1/lib/pngxtern/gif/gifread.c 2009-02-20 03:11:00.000000000 -0500 @@ -219,8 +219,7 @@ **/ static void GIFReadNextExtension(struct GIFExtension *ext, FILE *stream) { - unsigned char *ptr; - unsigned int len; + unsigned int offset, len; int count, label; GIF_FGETC(label, stream); @@ -233,7 +232,7 @@ return; } - ptr = ext->Buffer; + offset = 0; len = ext->BufferSize; for ( ;; ) { @@ -243,10 +242,10 @@ ext->BufferSize += 1024; ext->Buffer = realloc(ext->Buffer, ext->BufferSize); } - count = ReadDataBlock(ptr, stream); + count = ReadDataBlock(ext->Buffer + offset, stream); if (count == 0) break; - ptr += count; + offset += count; len -= count; } } ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Remember to have fun... -- To unsubscribe, e-mail: opensuse-commit+unsubscribe@opensuse.org For additional commands, e-mail: opensuse-commit+help@opensuse.org