rpms/gif2png/devel gif2png-overflow.patch, NONE, 1.1 gif2png.spec, 1.10, 1.11
ensc
ensc at fedoraproject.org
Fri Jan 1 16:02:03 UTC 2010
- Previous message (by thread): rpms/alsa-utils/F-12 .cvsignore, 1.29, 1.30 alsa-utils.spec, 1.88, 1.89 sources, 1.34, 1.35 alsactl-init-fix-headphone2.patch, 1.1, NONE
- Next message (by thread): rpms/gif2png/devel gif2png.spec,1.11,1.12
- Messages sorted by:
[ date ]
[ thread ]
[ subject ]
[ author ]
Author: ensc
Update of /cvs/extras/rpms/gif2png/devel
In directory cvs1.fedora.phx.redhat.com:/tmp/cvs-serv9522
Modified Files:
gif2png.spec
Added Files:
gif2png-overflow.patch
Log Message:
fixed command line buffer overlow (#547515, CVE-2009-XXXX)
gif2png-overflow.patch:
gif2png.c | 8 ++++++--
1 file changed, 6 insertions(+), 2 deletions(-)
--- NEW FILE gif2png-overflow.patch ---
Fixes cmdline buffer overflow described in
http://lists.grok.org.uk/pipermail/full-disclosure/2009-December/072002.html
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=550978
Index: gif2png-2.5.2/gif2png.c
===================================================================
--- gif2png-2.5.2.orig/gif2png.c
+++ gif2png-2.5.2/gif2png.c
@@ -682,7 +682,10 @@ int processfile(char *fname, FILE *fp)
strcpy(outname, fname);
- file_ext = outname+strlen(outname)-4;
+ file_ext = outname+strlen(outname);
+ if (file_ext >= outname + 4)
+ file_ext -= 4;
+
if (strcmp(file_ext, ".gif") != 0 && strcmp(file_ext, ".GIF") != 0 &&
strcmp(file_ext, "_gif") != 0 && strcmp(file_ext, "_GIF") != 0) {
/* try to derive basename */
@@ -874,7 +877,8 @@ int main(int argc, char *argv[])
}
} else {
for (i = ac;i<argc; i++) {
- strcpy(name, argv[i]);
+ strncpy(name, argv[i], sizeof name - sizeof ".gif");
+ name[sizeof name - sizeof ".gif"] = '\0';
if ((fp = fopen(name, "rb")) == NULL) {
/* retry with .gif appended */
strcat(name, ".gif");
Index: gif2png.spec
===================================================================
RCS file: /cvs/extras/rpms/gif2png/devel/gif2png.spec,v
retrieving revision 1.10
retrieving revision 1.11
diff -u -p -r1.10 -r1.11
--- gif2png.spec 14 Nov 2009 17:32:45 -0000 1.10
+++ gif2png.spec 1 Jan 2010 16:02:03 -0000 1.11
@@ -1,13 +1,16 @@
%{!?release_func:%global release_func() %1%{?dist}}
+%{!?apply:%global apply(p:n:b:) %patch%%{-n:%%{-n*}} %%{-p:-p %%{-p*}} %%{-b:-b %%{-b*}} \
+%nil}
Summary: A GIF to PNG converter
Name: gif2png
Version: 2.5.2
-Release: %release_func 1300
+Release: %release_func 1301
License: BSD
Group: Applications/Multimedia
URL: http://www.catb.org/~esr/gif2png/
Source0: http://www.catb.org/~esr/gif2png/%name-%version.tar.gz
+Patch0: gif2png-overflow.patch
BuildRoot: %_tmppath/%name-%version-%release-root
BuildRequires: libpng-devel
@@ -41,6 +44,7 @@ convert entire web hierarchies (images a
%prep
%setup -q
+%apply -n0
%build
@@ -71,6 +75,9 @@ rm -rf $RPM_BUILD_ROOT
%changelog
+* Fri Jan 1 2010 Enrico Scholz <enrico.scholz at informatik.tu-chemnitz.de> - 2.5.2-1301
+- fixed command line buffer overlow (#547515, CVE-2009-XXXX)
+
* Sat Nov 14 2009 Enrico Scholz <enrico.scholz at informatik.tu-chemnitz.de> - 2.5.2-1300
- updated to 2.5.2
- removed Debian patches; issues are addressed by new upstream release
- Previous message (by thread): rpms/alsa-utils/F-12 .cvsignore, 1.29, 1.30 alsa-utils.spec, 1.88, 1.89 sources, 1.34, 1.35 alsactl-init-fix-headphone2.patch, 1.1, NONE
- Next message (by thread): rpms/gif2png/devel gif2png.spec,1.11,1.12
- Messages sorted by:
[ date ]
[ thread ]
[ subject ]
[ author ]
More information about the fedora-extras-commits
mailing list