Mercurial Mercurial > upstream > oracle > spec-files / changeset
summary | shortlog | changelog | graph | tags | bookmarks | branches | files | changeset | raw | help
Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
CR# 7079990 Problem with gnome/applications s11express-2010-11
authoran230044
Tue, 18 Oct 2011 07:00:28 +0000
branchs11express-2010-11
changeset 22192 8edf7bccbea7
parent 22150 a736c80ca6d6
child 22193 43c46eda29e6
CR# 7079990 Problem with gnome/applications
ChangeLog file | annotate | diff | comparison | revisions
base-specs/gimp.spec file | annotate | diff | comparison | revisions
patches/gimp-07-CVE-2011-2896.diff file | annotate | diff | comparison | revisions 
--- a/ChangeLog	Wed Sep 28 08:01:54 2011 +0000
+++ b/ChangeLog	Tue Oct 18 07:00:28 2011 +0000
@@ -1,3 +1,9 @@
+2011-10-18  Abhijit Nath <[email protected]>
+
+        * base-specs/gimp.spec
+        * patches/gimp-07-CVE-2011-2896.diff 
+        * Added the patch to fix security issue CR# 7079990 
+
 2011-09-28  Rohini S <[email protected]>
 
 	* base-specs/thunderbird.spec: Bump to 3.1.11
--- a/base-specs/gimp.spec	Wed Sep 28 08:01:54 2011 +0000
+++ b/base-specs/gimp.spec	Tue Oct 18 07:00:28 2011 +0000
@@ -40,6 +40,8 @@
 Patch5:       gimp-05-libpng12.diff
 # date:2011-08-16 owner:abhijit.nath type:bug
 Patch6:       gimp-06-CVE-2010-454x.diff 
+# date:2011-08-16 owner:abhijit.nath type:bug
+Patch7:       gimp-07-CVE-2011-2896.diff 
 
 URL:          http://www.gimp.org
 BuildRoot:    %{_tmppath}/%{name}-%{version}-build
@@ -117,6 +119,7 @@
 %patch4 -p1
 %patch5 -p1
 %patch6 -p1
+%patch7 -p1
 %build
 %ifos linux
 if [ -x /usr/bin/getconf ]; then
@@ -240,6 +243,8 @@
 %{_mandir}/man1/gimptool-%{subver_install}.1*
 
 %changelog
+* Mon Sep 19 2011 - [email protected]
+- Added patches/gimp-07-CVE-2011-2896.diff to fix CR #7079990
 * Mon Aug 8 2011 - [email protected]
 - Added patches/gimp-06-CVE-2010-454x.diff to fix CR #7075500 
 * Tue Aug 31 2010 [email protected]
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/patches/gimp-07-CVE-2011-2896.diff	Tue Oct 18 07:00:28 2011 +0000
@@ -0,0 +1,49 @@
+--- gimp-2.6.10/plug-ins/common/file-gif-load.c	2010-07-03 04:21:56.000000000 +0530
++++ gimp-2.6.10.new/plug-ins/common/file-gif-load.c	2011-09-20 02:03:54.506907683 +0530
+@@ -697,7 +697,8 @@ LZWReadByte (FILE *fd,
+   static gint firstcode, oldcode;
+   static gint clear_code, end_code;
+   static gint table[2][(1 << MAX_LZW_BITS)];
+-  static gint stack[(1 << (MAX_LZW_BITS)) * 2], *sp;
++  #define STACK_SIZE ((1 << (MAX_LZW_BITS)) * 2)
++  static gint stack[STACK_SIZE], *sp;
+   gint        i;
+ 
+   if (just_reset_LZW)
+@@ -772,7 +773,7 @@ LZWReadByte (FILE *fd,
+ 
+           return firstcode;
+         }
+-      else if (code == end_code)
++      else if (code == end_code || code > max_code)
+         {
+           gint   count;
+           guchar buf[260];
+@@ -791,13 +792,14 @@ LZWReadByte (FILE *fd,
+ 
+       incode = code;
+ 
+-      if (code >= max_code)
++      if (code == max_code)
+         {
+-          *sp++ = firstcode;
++          if (sp < &(stack[STACK_SIZE]))
++             *sp++ = firstcode;
+           code = oldcode;
+         }
+ 
+-      while (code >= clear_code)
++      while (code >= clear_code && sp < &(stack[STACK_SIZE]))
+         {
+           *sp++ = table[1][code];
+           if (code == table[0][code])
+@@ -808,7 +810,8 @@ LZWReadByte (FILE *fd,
+           code = table[0][code];
+         }
+ 
+-      *sp++ = firstcode = table[1][code];
++      if (sp < &(stack[STACK_SIZE]))
++         *sp++ = firstcode = table[1][code];
+ 
+       if ((code = max_code) < (1 << MAX_LZW_BITS))
+         {
upstream/oracle/spec-files