diff options
author | Natanael Copa <ncopa@alpinelinux.org> | 2012-08-16 14:48:38 +0000 |
---|---|---|
committer | Natanael Copa <ncopa@alpinelinux.org> | 2012-08-16 12:50:06 +0000 |
commit | fbbf74e64dfd0a039c3548b7a462b03598c72e81 (patch) | |
tree | d7ab65534c5bd665e2678701e971a3b5dc9fe116 /main | |
parent | 13866891b4cabe287d0ef1ba62f00129934a0ff4 (diff) | |
download | aports-fbbf74e64dfd0a039c3548b7a462b03598c72e81.tar.bz2 aports-fbbf74e64dfd0a039c3548b7a462b03598c72e81.tar.xz |
main/gimp: security fix (CVE-2012-3236)
fixes #1244
Diffstat (limited to 'main')
-rw-r--r-- | main/gimp/APKBUILD | 6 | ||||
-rw-r--r-- | main/gimp/CVE-2012-3236.patch | 38 |
2 files changed, 42 insertions, 2 deletions
diff --git a/main/gimp/APKBUILD b/main/gimp/APKBUILD index 3eac1878b..7f8be0544 100644 --- a/main/gimp/APKBUILD +++ b/main/gimp/APKBUILD @@ -1,7 +1,7 @@ # Maintainer: Natanael Copa <ncopa@alpinelinux.org> pkgname=gimp pkgver=2.8.0 -pkgrel=1 +pkgrel=2 pkgdesc="GNU Image Manipulation Program" url="http://www.gimp.org/" arch="all" @@ -12,6 +12,7 @@ makedepends="gtk+-dev libxpm-dev libxmu-dev librsvg-dev dbus-glib-dev install= subpackages="$pkgname-dev $pkgname-doc $pkgname-lang" source="ftp://ftp.$pkgname.org/pub/$pkgname/v${pkgver%.*}/$pkgname-$pkgver.tar.bz2 + CVE-2012-3236.patch " _builddir="${srcdir}/${pkgname}-${pkgver}" @@ -51,4 +52,5 @@ package() { find "$pkgdir" -name '*.la' -delete } -md5sums="28997d14055f15db063eb92e1c8a7ebb gimp-2.8.0.tar.bz2" +md5sums="28997d14055f15db063eb92e1c8a7ebb gimp-2.8.0.tar.bz2 +e01ea100274dbf0557336167933e5404 CVE-2012-3236.patch" diff --git a/main/gimp/CVE-2012-3236.patch b/main/gimp/CVE-2012-3236.patch new file mode 100644 index 000000000..f59d68ebf --- /dev/null +++ b/main/gimp/CVE-2012-3236.patch @@ -0,0 +1,38 @@ +From 0474376d234bc3d0901fd5e86f89d778a6473dd8 Mon Sep 17 00:00:00 2001 +From: Michael Natterer <mitch@gimp.org> +Date: Wed, 06 Jun 2012 19:21:10 +0000 +Subject: Bug 676804 - file handling DoS for fit file format + +Apply patch from joe@reactionis.co.uk which fixes a buffer overflow on +broken/malicious fits files. +(cherry picked from commit ace45631595e8781a1420842582d67160097163c) +--- +diff --git a/plug-ins/file-fits/fits-io.c b/plug-ins/file-fits/fits-io.c +index 03d9652..ed77318 100644 +--- a/plug-ins/file-fits/fits-io.c ++++ b/plug-ins/file-fits/fits-io.c +@@ -1054,10 +1054,18 @@ static FITS_HDU_LIST *fits_decode_header (FITS_RECORD_LIST *hdr, + hdulist->used.simple = (strncmp (hdr->data, "SIMPLE ", 8) == 0); + hdulist->used.xtension = (strncmp (hdr->data, "XTENSION", 8) == 0); + if (hdulist->used.xtension) +- { +- fdat = fits_decode_card (fits_search_card (hdr, "XTENSION"), typ_fstring); +- strcpy (hdulist->xtension, fdat->fstring); +- } ++ { ++ fdat = fits_decode_card (fits_search_card (hdr, "XTENSION"), typ_fstring); ++ if (fdat != NULL) ++ { ++ strcpy (hdulist->xtension, fdat->fstring); ++ } ++ else ++ { ++ strcpy (errmsg, "No valid XTENSION header found."); ++ goto err_return; ++ } ++ } + + FITS_DECODE_CARD (hdr, "NAXIS", fdat, typ_flong); + hdulist->naxis = fdat->flong; +-- +cgit v0.9.0.2 |