Add patch for CVE-2012-1610 from http://www.imagemagick.org/discourse-server/viewtopic.php?t=20629
This commit is contained in:
parent
bdaafb17c0
commit
2e70a54626
4 changed files with 35 additions and 6 deletions
|
@ -1,9 +1,9 @@
|
|||
# $NetBSD: Makefile,v 1.178 2012/03/30 03:50:47 taca Exp $
|
||||
# $NetBSD: Makefile,v 1.179 2012/04/09 15:56:21 tez Exp $
|
||||
|
||||
.include "Makefile.common"
|
||||
|
||||
PKGNAME= ImageMagick-${DISTVERSION}
|
||||
PKGREVISION= 1
|
||||
PKGREVISION= 2
|
||||
|
||||
MAINTAINER= adam@NetBSD.org
|
||||
COMMENT= Package for display and interactive manipulation of images
|
||||
|
|
|
@ -1,8 +1,9 @@
|
|||
$NetBSD: distinfo,v 1.110 2012/03/30 03:50:47 taca Exp $
|
||||
$NetBSD: distinfo,v 1.111 2012/04/09 15:56:21 tez Exp $
|
||||
|
||||
SHA1 (ImageMagick-6.7.5-10.tar.bz2) = e19d7d5148de58d56a02d68049bb5d3ba470f53c
|
||||
RMD160 (ImageMagick-6.7.5-10.tar.bz2) = 5ff5b7ddc773beb048773cc252c5d306eaf28e50
|
||||
Size (ImageMagick-6.7.5-10.tar.bz2) = 10416791 bytes
|
||||
SHA1 (patch-coders_jpeg.c) = 77e47f58ee3c46888f2edeafa1964e5145b65c25
|
||||
SHA1 (patch-coders_tiff.c) = ff11a7fe6f47cd3fb7afeab986851ac417366722
|
||||
SHA1 (patch-magick_property.c) = 19c345afac494a6599ef65a8a273f52095071127
|
||||
SHA1 (patch-magick_profile.c) = e991adc22b072a967fc3459d68cd6ab1e91610c6
|
||||
SHA1 (patch-magick_property.c) = 105e9f3cfa3aa098296513c594e24759b1713c5b
|
||||
|
|
18
graphics/ImageMagick/patches/patch-magick_profile.c
Normal file
18
graphics/ImageMagick/patches/patch-magick_profile.c
Normal file
|
@ -0,0 +1,18 @@
|
|||
$NetBSD: patch-magick_profile.c,v 1.1 2012/04/09 15:56:21 tez Exp $
|
||||
|
||||
* Fix for CVE-2012-1610.
|
||||
|
||||
--- magick/profile.c.orig 2012-04-09 14:19:45.161695800 +0000
|
||||
+++ magick/profile.c
|
||||
@@ -6727,8 +6727,10 @@ MagickExport MagickBooleanType SyncImage
|
||||
format=(ssize_t) ReadProfileShort(endian,q+2);
|
||||
if ((format-1) >= EXIF_NUM_FORMATS)
|
||||
break;
|
||||
- components=(int) ReadProfileLong(endian,q+4);
|
||||
+ components=(ssize_t) ((int) ReadProfileLong(endian,q+4));
|
||||
number_bytes=(size_t) components*format_bytes[format];
|
||||
+ if (number_bytes < components)
|
||||
+ break; /* prevent overflow */
|
||||
if (number_bytes <= 4)
|
||||
p=q+8;
|
||||
else
|
|
@ -1,10 +1,20 @@
|
|||
$NetBSD: patch-magick_property.c,v 1.1 2012/03/30 03:50:47 taca Exp $
|
||||
$NetBSD: patch-magick_property.c,v 1.2 2012/04/09 15:56:21 tez Exp $
|
||||
|
||||
* Fix for CVE-2012-0259.
|
||||
* Fix for CVE-2012-1610.
|
||||
|
||||
--- magick/property.c.orig 2012-03-01 01:41:19.000000000 +0000
|
||||
+++ magick/property.c
|
||||
@@ -1309,6 +1309,8 @@ static MagickBooleanType GetEXIFProperty
|
||||
@@ -1286,6 +1286,8 @@ static MagickBooleanType GetEXIFProperty
|
||||
break;
|
||||
components=(ssize_t) ((int) ReadPropertyLong(endian,q+4));
|
||||
number_bytes=(size_t) components*tag_bytes[format];
|
||||
+ if (number_bytes < components)
|
||||
+ break; /* prevent overflow */
|
||||
if (number_bytes <= 4)
|
||||
p=q+8;
|
||||
else
|
||||
@@ -1309,6 +1311,8 @@ static MagickBooleanType GetEXIFProperty
|
||||
buffer[MaxTextExtent],
|
||||
*value;
|
||||
|
||||
|
|
Loading…
Reference in a new issue