From fbbf74e64dfd0a039c3548b7a462b03598c72e81 Mon Sep 17 00:00:00 2001
From: Natanael Copa <ncopa@alpinelinux.org>
Date: Thu, 16 Aug 2012 14:48:38 +0000
Subject: main/gimp: security fix (CVE-2012-3236)

fixes #1244
---
 main/gimp/APKBUILD            |  6 ++++--
 main/gimp/CVE-2012-3236.patch | 38 ++++++++++++++++++++++++++++++++++++++
 2 files changed, 42 insertions(+), 2 deletions(-)
 create mode 100644 main/gimp/CVE-2012-3236.patch

(limited to 'main/gimp')

diff --git a/main/gimp/APKBUILD b/main/gimp/APKBUILD
index 3eac1878b7..7f8be05442 100644
--- a/main/gimp/APKBUILD
+++ b/main/gimp/APKBUILD
@@ -1,7 +1,7 @@
 # Maintainer: Natanael Copa <ncopa@alpinelinux.org>
 pkgname=gimp
 pkgver=2.8.0
-pkgrel=1
+pkgrel=2
 pkgdesc="GNU Image Manipulation Program"
 url="http://www.gimp.org/"
 arch="all"
@@ -12,6 +12,7 @@ makedepends="gtk+-dev libxpm-dev libxmu-dev librsvg-dev dbus-glib-dev
 install=
 subpackages="$pkgname-dev $pkgname-doc $pkgname-lang"
 source="ftp://ftp.$pkgname.org/pub/$pkgname/v${pkgver%.*}/$pkgname-$pkgver.tar.bz2
+	CVE-2012-3236.patch
 	"
 
 _builddir="${srcdir}/${pkgname}-${pkgver}"
@@ -51,4 +52,5 @@ package() {
 	find "$pkgdir" -name '*.la' -delete
 }
 
-md5sums="28997d14055f15db063eb92e1c8a7ebb  gimp-2.8.0.tar.bz2"
+md5sums="28997d14055f15db063eb92e1c8a7ebb  gimp-2.8.0.tar.bz2
+e01ea100274dbf0557336167933e5404  CVE-2012-3236.patch"
diff --git a/main/gimp/CVE-2012-3236.patch b/main/gimp/CVE-2012-3236.patch
new file mode 100644
index 0000000000..f59d68ebff
--- /dev/null
+++ b/main/gimp/CVE-2012-3236.patch
@@ -0,0 +1,38 @@
+From 0474376d234bc3d0901fd5e86f89d778a6473dd8 Mon Sep 17 00:00:00 2001
+From: Michael Natterer <mitch@gimp.org>
+Date: Wed, 06 Jun 2012 19:21:10 +0000
+Subject: Bug 676804 - file handling DoS for fit file format
+
+Apply patch from joe@reactionis.co.uk which fixes a buffer overflow on
+broken/malicious fits files.
+(cherry picked from commit ace45631595e8781a1420842582d67160097163c)
+---
+diff --git a/plug-ins/file-fits/fits-io.c b/plug-ins/file-fits/fits-io.c
+index 03d9652..ed77318 100644
+--- a/plug-ins/file-fits/fits-io.c
++++ b/plug-ins/file-fits/fits-io.c
+@@ -1054,10 +1054,18 @@ static FITS_HDU_LIST *fits_decode_header (FITS_RECORD_LIST *hdr,
+  hdulist->used.simple = (strncmp (hdr->data, "SIMPLE  ", 8) == 0);
+  hdulist->used.xtension = (strncmp (hdr->data, "XTENSION", 8) == 0);
+  if (hdulist->used.xtension)
+- {
+-   fdat = fits_decode_card (fits_search_card (hdr, "XTENSION"), typ_fstring);
+-   strcpy (hdulist->xtension, fdat->fstring);
+- }
++   {
++     fdat = fits_decode_card (fits_search_card (hdr, "XTENSION"), typ_fstring);
++     if (fdat != NULL)
++       {
++         strcpy (hdulist->xtension, fdat->fstring);
++       }
++     else
++       {
++         strcpy (errmsg, "No valid XTENSION header found.");
++         goto err_return;
++       }
++   }
+ 
+  FITS_DECODE_CARD (hdr, "NAXIS", fdat, typ_flong);
+  hdulist->naxis = fdat->flong;
+--
+cgit v0.9.0.2
-- 
cgit v1.2.3