Hello community, here is the log from the commit of package gimp-unstable checked in at Thu Jul 5 10:13:04 CEST 2007. -------- --- GNOME/gimp-unstable/gimp-unstable.changes 2007-05-11 10:48:48.000000000 +0200 +++ /mounts/work_src_done/STABLE/gimp-unstable/gimp-unstable.changes 2007-07-04 00:37:12.155618000 +0200 @@ -1,0 +2,6 @@ +Wed Jul 4 00:37:01 CEST 2007 - maw@suse.de + +- Add gimp-psd-overflow.patch (#284288 and CVE-2007-2949), fixing + a buffer overflow. + +------------------------------------------------------------------- New: ---- gimp-psd-overflow.patch ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ gimp-unstable.spec ++++++ --- /var/tmp/diff_new_pack.wx3499/_old 2007-07-05 10:12:41.000000000 +0200 +++ /var/tmp/diff_new_pack.wx3499/_new 2007-07-05 10:12:41.000000000 +0200 @@ -21,8 +21,8 @@ %define _name gimp URL: http://www.gimp.org/ Version: 2.3.16 -Release: 3 -License: GNU General Public License (GPL) +Release: 26 +License: GPL v2 or later Group: Productivity/Graphics/Bitmap Editors Requires: glib2 >= 2.10.2 gtk2 >= 2.8.17 %if %suse_version > 1000 @@ -33,7 +33,8 @@ Autoreqprov: on Summary: The GNU Image Manipulation Program--Development Branch Source: ftp://ftp.gimp.org/pub/gimp/v2.3/%{_name}-%{version}.tar.bz2 -Patch: gimp-sunras-overflow.patch +Patch0: gimp-sunras-overflow.patch +Patch1: gimp-psd-overflow.patch BuildRoot: %{_tmppath}/%{name}-%{version}-build %description @@ -637,7 +638,8 @@ %prep %setup -q -n %{_name}-%{version} -%patch +%patch0 +%patch1 -p1 # We can ignore these warnings: # http://gcc.gnu.org/bugzilla/show_bug.cgi?id=22197 # spline.c: 47 @@ -703,6 +705,9 @@ %{_datadir}/gtk-doc/html/* %changelog +* Wed Jul 04 2007 - maw@suse.de +- Add gimp-psd-overflow.patch (#284288 and CVE-2007-2949), fixing + a buffer overflow. * Fri May 11 2007 - pgajdos@suse.cz - removed gnome-icon-theme from BuildRequires and Requires [#247450] ++++++ gimp-psd-overflow.patch ++++++ Index: gimp-2.3.7/plug-ins/common/psd.c =================================================================== --- gimp-2.3.7.orig/plug-ins/common/psd.c +++ gimp-2.3.7/plug-ins/common/psd.c @@ -1871,6 +1871,7 @@ load_image (const gchar *name) gint32 iter; fpos_t tmpfpos; int red_chan, grn_chan, blu_chan, alpha_chan, ichan; + gint lidx, cidx; IFDBG printf ("------- %s ---------------------------------\n",name); @@ -1887,6 +1888,24 @@ load_image (const gchar *name) read_whole_file (fd); + for (lidx = 0; lidx < psd_image.num_layers; ++lidx) { + PSDlayer tl = psd_image.layer[lidx]; + + for (cidx = 0; cidx < tl.num_channels; ++cidx) { + PSDchannel tc = tl.channel[cidx]; + + if (tc.width > 30000 || tc.width < 1 || + tc.height > 30000 || tc.height < 1) { + /* No good! */ + + g_message (_("Invalid file: %s"), + gimp_filename_to_utf8 (name)); + /* Is it necessary to free up anything else? */ + fclose (fd); + return -1; + } + } + } if (psd_image.num_layers > 0) /* PS3-style */ { int lnum; ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Remember to have fun... --------------------------------------------------------------------- To unsubscribe, e-mail: opensuse-commit+unsubscribe@opensuse.org For additional commands, e-mail: opensuse-commit+help@opensuse.org
participants (1)
-
root@Hilbert.suse.de