rpms/OpenEXR/F-10 openexr-1.6.1-CVE-2009-1720-1.patch, NONE, 1.1 openexr-1.6.1-CVE-2009-1720-2.patch, NONE, 1.1 openexr-1.6.1-CVE-2009-1721.patch, NONE, 1.1 OpenEXR.spec, 1.24, 1.25
Rex Dieter
rdieter at fedoraproject.org
Wed Jul 29 18:45:54 UTC 2009
Author: rdieter
Update of /cvs/pkgs/rpms/OpenEXR/F-10
In directory cvs1.fedora.phx.redhat.com:/tmp/cvs-serv10174
Modified Files:
OpenEXR.spec
Added Files:
openexr-1.6.1-CVE-2009-1720-1.patch
openexr-1.6.1-CVE-2009-1720-2.patch
openexr-1.6.1-CVE-2009-1721.patch
Log Message:
* Wed Jul 29 2009 Rex Dieter <rdieter at fedoraproject.org> 1.6.1-8
- CVE-2009-1720 OpenEXR: Multiple integer overflows (#513995)
- CVE-2009-1721 OpenEXR: Invalid pointer free by image decompression (#514003)
openexr-1.6.1-CVE-2009-1720-1.patch:
ImfPreviewImage.cpp | 4 ++++
1 file changed, 4 insertions(+)
--- NEW FILE openexr-1.6.1-CVE-2009-1720-1.patch ---
diff -up openexr-1.6.1/IlmImf/ImfPreviewImage.cpp.CVE-2009-1720-1 openexr-1.6.1/IlmImf/ImfPreviewImage.cpp
--- openexr-1.6.1/IlmImf/ImfPreviewImage.cpp.CVE-2009-1720-1 2006-06-06 00:58:16.000000000 -0500
+++ openexr-1.6.1/IlmImf/ImfPreviewImage.cpp 2009-07-29 13:27:39.087038617 -0500
@@ -41,6 +41,7 @@
#include <ImfPreviewImage.h>
#include "Iex.h"
+#include <limits.h>
namespace Imf {
@@ -51,6 +52,9 @@ PreviewImage::PreviewImage (unsigned int
{
_width = width;
_height = height;
+ if (_height && _width > UINT_MAX / _height || _width * _height > UINT_MAX / sizeof(PreviewRgba)) {
+ throw Iex::ArgExc ("Invalid height and width.");
+ }
_pixels = new PreviewRgba [_width * _height];
if (pixels)
diff -up openexr-1.6.1/IlmImf/ImfPreviewImage.h.CVE-2009-1720-1 openexr-1.6.1/IlmImf/ImfPreviewImage.h
openexr-1.6.1-CVE-2009-1720-2.patch:
ImfPizCompressor.cpp | 3 +++
ImfRleCompressor.cpp | 3 +++
ImfZipCompressor.cpp | 3 +++
3 files changed, 9 insertions(+)
--- NEW FILE openexr-1.6.1-CVE-2009-1720-2.patch ---
diff -up openexr-1.6.1/IlmImf/ImfPizCompressor.cpp.CVE-2009-1720-2 openexr-1.6.1/IlmImf/ImfPizCompressor.cpp
--- openexr-1.6.1/IlmImf/ImfPizCompressor.cpp.CVE-2009-1720-2 2007-09-20 23:17:46.000000000 -0500
+++ openexr-1.6.1/IlmImf/ImfPizCompressor.cpp 2009-07-29 13:15:41.883288491 -0500
@@ -181,6 +181,9 @@ PizCompressor::PizCompressor
_channels (hdr.channels()),
_channelData (0)
{
+ if ((unsigned) maxScanLineSize > (INT_MAX - 65536 - 8192) / (unsigned) numScanLines) {
+ throw InputExc ("Error: maxScanLineSize * numScanLines would overflow.");
+ }
_tmpBuffer = new unsigned short [maxScanLineSize * numScanLines / 2];
_outBuffer = new char [maxScanLineSize * numScanLines + 65536 + 8192];
diff -up openexr-1.6.1/IlmImf/ImfRleCompressor.cpp.CVE-2009-1720-2 openexr-1.6.1/IlmImf/ImfRleCompressor.cpp
--- openexr-1.6.1/IlmImf/ImfRleCompressor.cpp.CVE-2009-1720-2 2006-10-13 22:06:39.000000000 -0500
+++ openexr-1.6.1/IlmImf/ImfRleCompressor.cpp 2009-07-29 13:17:39.505037955 -0500
@@ -164,6 +164,9 @@ RleCompressor::RleCompressor (const Head
_tmpBuffer (0),
_outBuffer (0)
{
+ if ((unsigned) maxScanLineSize > INT_MAX / 3) {
+ throw Iex::InputExc ("Error: maxScanLineSize * 3 would overflow.");
+ }
_tmpBuffer = new char [maxScanLineSize];
_outBuffer = new char [maxScanLineSize * 3 / 2];
}
diff -up openexr-1.6.1/IlmImf/ImfZipCompressor.cpp.CVE-2009-1720-2 openexr-1.6.1/IlmImf/ImfZipCompressor.cpp
--- openexr-1.6.1/IlmImf/ImfZipCompressor.cpp.CVE-2009-1720-2 2006-10-13 22:07:17.000000000 -0500
+++ openexr-1.6.1/IlmImf/ImfZipCompressor.cpp 2009-07-29 13:18:25.223038291 -0500
@@ -58,6 +58,9 @@ ZipCompressor::ZipCompressor
_tmpBuffer (0),
_outBuffer (0)
{
+ if ((unsigned) maxScanLineSize > INT_MAX / (unsigned) numScanLines) {
+ throw Iex::InputExc ("Error: maxScanLineSize * numScanLines would overflow.");
+ }
_tmpBuffer =
new char [maxScanLineSize * numScanLines];
openexr-1.6.1-CVE-2009-1721.patch:
ImfAutoArray.h | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
--- NEW FILE openexr-1.6.1-CVE-2009-1721.patch ---
diff -up openexr-1.6.1/IlmImf/ImfAutoArray.h.CVE-2009-1721 openexr-1.6.1/IlmImf/ImfAutoArray.h
--- openexr-1.6.1/IlmImf/ImfAutoArray.h.CVE-2009-1721 2007-04-23 20:26:56.000000000 -0500
+++ openexr-1.6.1/IlmImf/ImfAutoArray.h 2009-07-29 13:22:08.309288375 -0500
@@ -57,7 +57,7 @@ namespace Imf {
{
public:
- AutoArray (): _data (new T [size]) {}
+ AutoArray (): _data (new T [size]) {memset(_data, 0, size * sizeof(T));}
~AutoArray () {delete [] _data;}
operator T * () {return _data;}
Index: OpenEXR.spec
===================================================================
RCS file: /cvs/pkgs/rpms/OpenEXR/F-10/OpenEXR.spec,v
retrieving revision 1.24
retrieving revision 1.25
diff -u -p -r1.24 -r1.25
--- OpenEXR.spec 9 May 2008 16:52:15 -0000 1.24
+++ OpenEXR.spec 29 Jul 2009 18:45:54 -0000 1.25
@@ -6,7 +6,7 @@
Name: OpenEXR
Version: 1.6.1
-Release: 4%{?dist}
+Release: 8%{?dist}
Summary: A high dynamic-range (HDR) image file format
Group: System Environment/Libraries
@@ -22,9 +22,15 @@ Provides: openexr = %{version}-%{releas
Patch1: OpenEXR-1.6.1-pkgconfig.patch
Patch2: openexr-1.6.1-gcc43.patch
+## upstream patches
+Patch100: openexr-1.6.1-CVE-2009-1720-1.patch
+Patch101: openexr-1.6.1-CVE-2009-1720-2.patch
+Patch102: openexr-1.6.1-CVE-2009-1721.patch
+
BuildRequires: automake libtool
BuildRequires: ilmbase-devel
BuildRequires: zlib-devel
+BuildRequires: pkgconfig
%if 0%{?libs}
Requires: %{name}-libs = %{version}-%{release}
@@ -43,7 +49,7 @@ Summary: Headers and libraries for build
Group: Development/Libraries
Obsoletes: openexr-devel < %{version}-%{release}
Provides: openexr-devel = %{version}-%{release}
-Requires: %{name}-libs = %{version}-%{release}
+Requires: %{name}-libs%{?_isa} = %{version}-%{release}
Requires: ilmbase-devel
Requires: pkgconfig
%description devel
@@ -62,6 +68,10 @@ Group: System Environment/Libraries
%patch1 -p1 -b .pkgconfig
%patch2 -p1 -b .gcc43
+%patch100 -p1 -b .CVE-2009-1720-1
+%patch101 -p1 -b .CVE-2009-1720-2
+%patch102 -p1 -b .CVE-2009-1721
+
# work to remove rpaths, recheck on new releases
aclocal -Im4
libtoolize --force
@@ -102,15 +112,9 @@ rm -rf rpmdocs/examples/.deps
rm -rf $RPM_BUILD_ROOT
-%if 0%{?libs}
-%post libs -p /sbin/ldconfig
+%post %{?libs:libs} -p /sbin/ldconfig
-%postun libs -p /sbin/ldconfig
-%else
-%post -p /sbin/ldconfig
-
-%postun -p /sbin/ldconfig
-%endif
+%postun %{?libs:libs} -p /sbin/ldconfig
%files
@@ -122,19 +126,32 @@ rm -rf $RPM_BUILD_ROOT
%defattr(-,root,root,-)
%endif
%doc AUTHORS ChangeLog LICENSE NEWS README
-%{_libdir}/lib*.so.*
+%{_libdir}/libIlmImf.so.6*
%files devel
%defattr(-,root,root,-)
#omit for now, they're mostly useless, and include multilib conflicts (#342781)
#doc rpmdocs/examples
-%{_datadir}/aclocal/*
+%{_datadir}/aclocal/openexr.m4
%{_includedir}/OpenEXR/*
-%{_libdir}/lib*.so
-%{_libdir}/pkgconfig/*
+%{_libdir}/libIlmImf.so
+%{_libdir}/pkgconfig/OpenEXR.pc
%changelog
+* Wed Jul 29 2009 Rex Dieter <rdieter at fedoraproject.org> 1.6.1-8
+- CVE-2009-1720 OpenEXR: Multiple integer overflows (#513995)
+- CVE-2009-1721 OpenEXR: Invalid pointer free by image decompression (#514003)
+
+* Fri Jul 24 2009 Fedora Release Engineering <rel-eng at lists.fedoraproject.org> - 1.6.1-7
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_12_Mass_Rebuild
+
+* Mon Feb 23 2009 Fedora Release Engineering <rel-eng at lists.fedoraproject.org> - 1.6.1-6
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_11_Mass_Rebuild
+
+* Fri Dec 12 2008 Caolán McNamara <caolanm at redhat.com> 1.6.1-5
+- rebuild to get provides pkgconfig(OpenEXR)
+
* Fri May 09 2008 Rex Dieter <rdieter at fedoraproject.org> 1.6.1-4
- drop: Obsoletes: OpenEXR-utils (see OpenEXR_Viewers review, bug #428228c3)
More information about the fedora-extras-commits
mailing list