diff --git a/.cvsignore b/.cvsignore index 57d3834..115ec22 100644 --- a/.cvsignore +++ b/.cvsignore @@ -1 +1 @@ -GraphicsMagick-1.3.7.tar.lzma +GraphicsMagick-1.3.11.tar.lzma diff --git a/GraphicsMagick-CVE-2009-1882.patch b/GraphicsMagick-CVE-2009-1882.patch deleted file mode 100644 index 04c2403..0000000 --- a/GraphicsMagick-CVE-2009-1882.patch +++ /dev/null @@ -1,482 +0,0 @@ ---- GraphicsMagick/magick/xwindow.c 2009/09/16 02:13:01 1.230 -+++ GraphicsMagick/magick/xwindow.c 2009/10/10 17:55:17 1.232 -@@ -43,10 +43,12 @@ - #include "magick/describe.h" - #include "magick/log.h" - #include "magick/magick.h" -+#include "magick/monitor.h" - #include "magick/pixel_cache.h" - #include "magick/resize.h" - #include "magick/shear.h" - #include "magick/tempfile.h" -+#include "magick/texture.h" - #include "magick/transform.h" - #include "magick/utility.h" - #include "magick/version.h" -@@ -2937,7 +2939,7 @@ MagickExport void MagickXGetImportInfo(M - % % - % % - % % --% M a g i c k X G e t P i x e l I n f o % -+% M a g i c k X G e t P i x e l P a c k e t % - % % - % % - % % -@@ -5350,8 +5352,8 @@ MagickExport Cursor MagickXMakeCursor(Di - % The format of the MagickXMakeImage method is: - % - % unsigned int MagickXMakeImage(Display *display, --% const MagickXResourceInfo *resource_info,MagickXWindowInfo *window,Image *image, --% unsigned int width,unsigned int height) -+% const MagickXResourceInfo *resource_info,MagickXWindowInfo *window, -+% Image *image,unsigned int width,unsigned int height) - % - % A description of each parameter follows: - % -@@ -5376,9 +5378,49 @@ MagickExport Cursor MagickXMakeCursor(Di - % - % - */ --MagickExport unsigned int MagickXMakeImage(Display *display, -- const MagickXResourceInfo *resource_info,MagickXWindowInfo *window,Image *image, -- unsigned int width,unsigned int height) -+static const char * -+MagickXImageFormatToString(int xformat) -+{ -+ static const char -+ *formats[] = -+ { -+ "XYBitmap", -+ "XYPixmap", -+ "ZPixmap" -+ }; -+ -+ const char -+ *format = "Unknown"; -+ -+ if ((size_t) xformat < sizeof(formats)/sizeof(formats[0])) -+ format=formats[xformat]; -+ -+ return format; -+} -+static const char * -+MagickXByteOrderToString(int xbyte_order) -+{ -+ static const char -+ *byte_orders[] = -+ { -+ "LSBFirst", -+ "MSBFirst" -+ }; -+ -+ const char -+ *byte_order = "Unknown"; -+ -+ if ((size_t) xbyte_order < sizeof(byte_orders)/sizeof(byte_orders[0])) -+ byte_order=byte_orders[xbyte_order]; -+ -+ return byte_order; -+} -+MagickExport unsigned int -+MagickXMakeImage(Display *display, -+ const MagickXResourceInfo *resource_info, -+ MagickXWindowInfo *window, -+ Image *image, -+ unsigned int width,unsigned int height) - { - int - depth, -@@ -5410,6 +5452,10 @@ MagickExport unsigned int MagickXMakeIma - window->destroy=False; - if (window->image != (Image *) NULL) - { -+ MonitorHandler -+ handler=(MonitorHandler) NULL; -+ -+ handler=SetMonitorHandler((MonitorHandler) NULL); - if (window->crop_geometry) - { - Image -@@ -5459,44 +5505,49 @@ MagickExport unsigned int MagickXMakeIma - window->destroy=MagickTrue; - } - } --#if 0 -- if ((window->immutable == MagickFalse) && -- (window->image->matte != MagickFalse) && -- (window->pixel_info->colors == 0)) -+ if ((window->image->matte != MagickFalse) && -+ (window->pixel_info->colors == 0) -+ /* && (window->immutable == MagickFalse) */) - { - Image - *texture; - - /* -- Tile background with texture. -+ Tile background with texture according to opacity - */ -- strlcpy(resource_info->image_info->filename,"image:checkerboard",MaxTextExtent); -+ strlcpy(resource_info->image_info->filename,"image:checkerboard", -+ sizeof(resource_info->image_info->filename)); - texture=ReadImage(resource_info->image_info,&window->image->exception); - if (texture != (Image *) NULL) - { - Image - *textured_image; - -- textured_image=CloneImage(window->image,window->image->columns, -- window->image->rows,MagickTrue,&window->image->exception); -+ textured_image=CloneImage(window->image,0,0,MagickTrue, -+ &window->image->exception); - if (textured_image != (Image *) NULL) - { --/* strlcpy(window->image->filename,"textured_image.miff", MaxTextExtent); */ --/* WriteImage(resource_info->image_info,window->image); */ -- TextureImage(textured_image,texture); -- textured_image->matte=MagickFalse; -- if (window->image != image) -- DestroyImage(window->image); -- window->image=textured_image; -- window->destroy=MagickTrue; -+ if (TextureImage(textured_image,texture) != MagickFail) -+ { -+ if (window->image != image) -+ DestroyImage(window->image); -+ window->image=textured_image; -+ window->destroy=MagickTrue; -+ } -+ else -+ { -+ DestroyImage(textured_image); -+ } - } - DestroyImage(texture); - texture=(Image *) NULL; - } - } --#endif - width=(unsigned int) window->image->columns; -+ assert(width == window->image->columns); - height=(unsigned int) window->image->rows; -+ assert(height == window->image->rows); -+ (void) SetMonitorHandler(handler); - } - /* - Create X image. -@@ -5504,27 +5555,32 @@ MagickExport unsigned int MagickXMakeIma - ximage=(XImage *) NULL; - format=(depth == 1) ? XYBitmap : ZPixmap; - #if defined(HasSharedMemory) -- window->shared_memory&=XShmQueryExtension(display); -+ window->shared_memory &= XShmQueryExtension(display); - if (window->shared_memory) - { - XShmSegmentInfo - *segment_info; - -+ size_t -+ shm_extent; -+ - segment_info=(XShmSegmentInfo *) window->segment_info; - segment_info[1].shmid=(-1); - segment_info[1].shmaddr=NULL; - ximage=XShmCreateImage(display,window->visual,depth,format,(char *) NULL, -- &segment_info[1],width,height); -- window->shared_memory&=(ximage != (XImage *) NULL); -+ &segment_info[1],width,height); -+ window->shared_memory &= (ximage != (XImage *) NULL); -+ -+ shm_extent=MagickArraySize(ximage->height,ximage->bytes_per_line); -+ window->shared_memory &= (shm_extent != 0); - - if (window->shared_memory) -- segment_info[1].shmid=shmget(IPC_PRIVATE,(size_t) -- (ximage->bytes_per_line*ximage->height),IPC_CREAT | 0777); -- window->shared_memory&=(segment_info[1].shmid >= 0); -+ segment_info[1].shmid=shmget(IPC_PRIVATE,shm_extent,IPC_CREAT | 0777); -+ window->shared_memory &= (segment_info[1].shmid >= 0); - - if (window->shared_memory) - segment_info[1].shmaddr=(char *) MagickShmAt(segment_info[1].shmid,0,0); -- window->shared_memory&=(segment_info[1].shmaddr != NULL); -+ window->shared_memory &= (segment_info[1].shmaddr != NULL); - - if (!window->shared_memory) - { -@@ -5607,12 +5663,12 @@ MagickExport unsigned int MagickXMakeIma - if (IsEventLogging()) - { - (void) LogMagickEvent(X11Event,GetMagickModule(),"XImage:"); -- (void) LogMagickEvent(X11Event,GetMagickModule()," width, height: %dx%d", -+ (void) LogMagickEvent(X11Event,GetMagickModule()," width x height: %dx%d", - ximage->width,ximage->height); -- (void) LogMagickEvent(X11Event,GetMagickModule()," format: %d", -- ximage->format); -- (void) LogMagickEvent(X11Event,GetMagickModule()," byte order: %d", -- ximage->byte_order); -+ (void) LogMagickEvent(X11Event,GetMagickModule()," format: %s", -+ MagickXImageFormatToString(ximage->format)); -+ (void) LogMagickEvent(X11Event,GetMagickModule()," byte order: %s", -+ MagickXByteOrderToString(ximage->byte_order)); - (void) LogMagickEvent(X11Event,GetMagickModule(), - " bitmap unit, bit order, pad: %d %d %d",ximage->bitmap_unit, - ximage->bitmap_bit_order,ximage->bitmap_pad); -@@ -5629,11 +5685,13 @@ MagickExport unsigned int MagickXMakeIma - if (!window->shared_memory) - { - if (ximage->format == XYBitmap) -- ximage->data=MagickAllocateArray(char *, -- ximage->height*ximage->depth,ximage->bytes_per_line); -+ ximage->data= -+ MagickAllocateArray(char *, -+ MagickArraySize(ximage->height,ximage->bytes_per_line), -+ ximage->depth); - else -- ximage->data=MagickAllocateArray(char *, -- ximage->height,ximage->bytes_per_line); -+ ximage->data= -+ MagickAllocateArray(char *,ximage->height,ximage->bytes_per_line); - } - if (ximage->data == (char *) NULL) - { -@@ -5709,8 +5767,9 @@ MagickExport unsigned int MagickXMakeIma - /* - Allocate matte image pixel data. - */ -- length=matte_image->bytes_per_line* -- matte_image->height*matte_image->depth; -+ length=MagickArraySize(MagickArraySize(matte_image->bytes_per_line, -+ matte_image->height), -+ matte_image->depth); - matte_image->data=MagickAllocateMemory(char *,length); - if (matte_image->data == (char *) NULL) - { -@@ -7371,9 +7430,9 @@ MagickExport void MagickXMakeMagnifyImag - % - % The format of the MagickXMakePixmap method is: - % --% void MagickXMakeStandardColormap(Display *display,XVisualInfo *visual_info, --% MagickXResourceInfo *resource_info,Image *image,XStandardColormap *map_info, --% MagickXPixelInfo *pixel) -+% unsigned int MagickXMakePixmap(Display *display, -+% const MagickXResourceInfo *resource_info, -+% MagickXWindowInfo *window) - % - % A description of each parameter follows: - % ---- GraphicsMagick/magick/xwindow.c 2009/10/10 17:55:17 1.232 -+++ GraphicsMagick/magick/xwindow.c 2009/10/11 00:46:55 1.233 -@@ -1,5 +1,5 @@ - /* --% Copyright (C) 2003, 2004 GraphicsMagick Group -+% Copyright (C) 2003 - 2009 GraphicsMagick Group - % Copyright (C) 2002 ImageMagick Studio - % - % This program is covered by multiple licenses, which are described in -@@ -808,7 +808,7 @@ static char **MagickFontToList(char *fon - for (p=font; *p != '\0'; p++) - if ((*p == ':') || (*p == ';') || (*p == ',')) - fonts++; -- fontlist=MagickAllocateMemory(char **,(fonts+1)*sizeof(char *)); -+ fontlist=MagickAllocateArray(char **,(fonts+1),sizeof(char *)); - if (fontlist == (char **) NULL) - { - MagickError3(ResourceLimitError,MemoryAllocationFailed, -@@ -1103,7 +1103,7 @@ MagickExport void MagickXBestPixel(Displ - /* - Read X server colormap. - */ -- colors=MagickAllocateMemory(XColor *,number_colors*sizeof(XColor)); -+ colors=MagickAllocateArray(XColor *,number_colors,sizeof(XColor)); - if (colors == (XColor *) NULL) - { - MagickError3(ResourceLimitError,MemoryAllocationFailed, -@@ -2133,10 +2133,10 @@ static void MagickXDitherImage(Image *im - for (i=0; i < 2; i++) - for (j=0; j < 16; j++) - { -- red_map[i][j]=MagickAllocateMemory(unsigned char *,256*sizeof(unsigned char)); -- green_map[i][j]=MagickAllocateMemory(unsigned char *, -- 256*sizeof(unsigned char)); -- blue_map[i][j]=MagickAllocateMemory(unsigned char *,256*sizeof(unsigned char)); -+ red_map[i][j]=MagickAllocateArray(unsigned char *,256,sizeof(unsigned char)); -+ green_map[i][j]=MagickAllocateArray(unsigned char *, -+ 256,sizeof(unsigned char)); -+ blue_map[i][j]=MagickAllocateArray(unsigned char *,256,sizeof(unsigned char)); - if ((red_map[i][j] == (unsigned char *) NULL) || - (green_map[i][j] == (unsigned char *) NULL) || - (blue_map[i][j] == (unsigned char *) NULL)) -@@ -3022,7 +3022,7 @@ MagickExport void MagickXGetPixelPacket( - if (pixel->pixels != (unsigned long *) NULL) - MagickFreeMemory(pixel->pixels); - pixel->pixels= -- MagickAllocateMemory(unsigned long *,packets*sizeof(unsigned long)); -+ MagickAllocateArray(unsigned long *,packets,sizeof(unsigned long)); - if (pixel->pixels == (unsigned long *) NULL) - MagickFatalError(ResourceLimitFatalError,MemoryAllocationFailed, - MagickMsg(XServerFatalError,UnableToGetPixelInfo)); -@@ -4073,8 +4073,8 @@ static Image *MagickXGetWindowImage(Disp - */ - max_windows+=1024; - if (window_info == (WindowInfo *) NULL) -- window_info=MagickAllocateMemory(WindowInfo *, -- max_windows*sizeof(WindowInfo)); -+ window_info=MagickAllocateArray(WindowInfo *, -+ max_windows,sizeof(WindowInfo)); - else - MagickReallocMemory(WindowInfo *,window_info,max_windows*sizeof(WindowInfo)); - } -@@ -4227,7 +4227,7 @@ static Image *MagickXGetWindowImage(Disp - /* - Get the window colormap. - */ -- colors=MagickAllocateMemory(XColor *,number_colors*sizeof(XColor)); -+ colors=MagickAllocateArray(XColor *,number_colors,sizeof(XColor)); - if (colors == (XColor *) NULL) - { - XDestroyImage(ximage); -@@ -4577,7 +4577,7 @@ MagickExport void MagickXGetWindowInfo(D - *segment_info; - - if (window->segment_info == (void *) NULL) -- window->segment_info=MagickAllocateMemory(void *,2*sizeof(XShmSegmentInfo)); -+ window->segment_info=MagickAllocateArray(void *,2,sizeof(XShmSegmentInfo)); - segment_info=(XShmSegmentInfo *) window->segment_info; - segment_info[0].shmid=(-1); - segment_info[0].shmaddr=NULL; -@@ -7734,8 +7734,8 @@ MagickExport void MagickXMakeStandardCol - Define Standard Colormap for StaticGray or StaticColor visual. - */ - number_colors=image->colors; -- colors=MagickAllocateMemory(XColor *, -- visual_info->colormap_size*sizeof(XColor)); -+ colors=MagickAllocateArray(XColor *, -+ visual_info->colormap_size,sizeof(XColor)); - if (colors == (XColor *) NULL) - MagickFatalError3(ResourceLimitError,MemoryAllocationFailed, - UnableToCreateColormap); -@@ -7774,8 +7774,8 @@ MagickExport void MagickXMakeStandardCol - Define Standard Colormap for GrayScale or PseudoColor visual. - */ - number_colors=image->colors; -- colors=MagickAllocateMemory(XColor *, -- visual_info->colormap_size*sizeof(XColor)); -+ colors=MagickAllocateArray(XColor *, -+ visual_info->colormap_size,sizeof(XColor)); - if (colors == (XColor *) NULL) - MagickFatalError3(ResourceLimitFatalError,MemoryAllocationFailed, - UnableToCreateColormap); -@@ -7820,8 +7820,8 @@ MagickExport void MagickXMakeStandardCol - /* - Define Standard colormap for shared GrayScale or PseudoColor visual. - */ -- diversity=MagickAllocateMemory(DiversityPacket *, -- image->colors*sizeof(DiversityPacket)); -+ diversity=MagickAllocateArray(DiversityPacket *, -+ image->colors,sizeof(DiversityPacket)); - if (diversity == (DiversityPacket *) NULL) - MagickFatalError3(ResourceLimitFatalError,MemoryAllocationFailed, - UnableToCreateColormap); -@@ -7882,8 +7882,9 @@ MagickExport void MagickXMakeStandardCol - /* - Read X server colormap. - */ -- server_colors=MagickAllocateMemory(XColor *, -- visual_info->colormap_size*sizeof(XColor)); -+ server_colors=MagickAllocateArray(XColor *, -+ visual_info->colormap_size, -+ sizeof(XColor)); - if (server_colors == (XColor *) NULL) - MagickFatalError3(ResourceLimitFatalError,MemoryAllocationFailed, - UnableToCreateColormap); -@@ -8023,7 +8024,7 @@ MagickExport void MagickXMakeStandardCol - /* - Allocate color array. - */ -- colors=MagickAllocateMemory(XColor *,number_colors*sizeof(XColor)); -+ colors=MagickAllocateArray(XColor *,number_colors,sizeof(XColor)); - if (colors == (XColor *) NULL) - MagickFatalError3(ResourceLimitFatalError,MemoryAllocationFailed, - UnableToCreateColormap); ---- GraphicsMagick/magick/memory.c 2009/10/05 23:57:54 1.54 -+++ GraphicsMagick/magick/memory.c 2009/10/09 18:20:22 1.55 -@@ -90,6 +90,43 @@ MagickExport void MagickAllocFunctions(M - % % - % % - % % -++ M a g i c k A r r a y Si z e % -+% % -+% % -+% % -+%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% -+% -+% MagickArraySize() returnes the size of an array given two size_t arguments. -+% Zero is returned if the computed result overflows the size_t type. -+% -+% The format of the MagickArraySize method is: -+% -+% size_t MagickArraySize(const size_t count, const size_t size); -+% -+% A description of each parameter follows: -+% -+% o count: The number of elements in the array. -+% -+% o size: The size of one array element. -+% -+*/ -+MagickExport size_t MagickArraySize(const size_t count, const size_t size) -+{ -+ size_t -+ allocation_size; -+ -+ allocation_size = size * count; -+ if ((count != 0) && (size != allocation_size/count)) -+ allocation_size = 0; -+ -+ return allocation_size; -+} -+ -+/* -+%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% -+% % -+% % -+% % - % M a g i c k M a l l o c % - % % - % % -@@ -155,9 +192,8 @@ MagickExport void *MagickMallocArray(con - *allocation; - - allocation = (void *) NULL; -- allocation_size = size * count; -- if ((count != 0) && (size != allocation_size/count)) -- allocation_size = 0; -+ allocation_size=MagickArraySize(count,size); -+ - if (allocation_size) - allocation = (MallocFunc)(allocation_size); - return allocation; ---- GraphicsMagick/magick/memory.h 2009/06/10 00:38:07 1.16 -+++ GraphicsMagick/magick/memory.h 2009/10/09 18:20:22 1.17 -@@ -22,7 +22,6 @@ extern MagickExport void - MagickAllocFunctions(MagickFreeFunc free_func,MagickMallocFunc malloc_func, - MagickReallocFunc realloc_func), - *MagickMalloc(const size_t size), -- *MagickMallocArray(const size_t count,const size_t size), - *MagickMallocCleared(const size_t size), - *MagickCloneMemory(void *destination,const void *source,const size_t size), - *MagickRealloc(void *memory,const size_t size), -@@ -30,6 +29,12 @@ extern MagickExport void - - #if defined(MAGICK_IMPLEMENTATION) - -+extern MagickExport void -+ *MagickMallocArray(const size_t count,const size_t size); -+ -+extern MagickExport size_t -+ MagickArraySize(const size_t count,const size_t size); -+ - /* - Allocate memory - */ diff --git a/GraphicsMagick.spec b/GraphicsMagick.spec index d763c0e..a598440 100644 --- a/GraphicsMagick.spec +++ b/GraphicsMagick.spec @@ -1,8 +1,8 @@ Summary: An ImageMagick fork, offering faster image generation and better quality Name: GraphicsMagick -Version: 1.3.7 -Release: 4%{?dist} +Version: 1.3.11 +Release: 1%{?dist} License: MIT Group: Applications/Multimedia Source0: http://downloads.sourceforge.net/sourceforge/graphicsmagick/GraphicsMagick-%{version}.tar.lzma @@ -27,12 +27,6 @@ BuildRequires: perl-devel %endif BuildRequires: zlib-devel -# http://cvs.graphicsmagick.org/cgi-bin/cvsweb.cgi/GraphicsMagick/magick/xwindow.c.diff?r1=1.230;r2=1.232' -# http://cvs.graphicsmagick.org/cgi-bin/cvsweb.cgi/GraphicsMagick/magick/xwindow.c.diff?r1=1.232;r2=1.233' -# http://cvs.graphicsmagick.org/cgi-bin/cvsweb.cgi/GraphicsMagick/magick/memory.c.diff?r1=1.54;r2=1.55 -# http://cvs.graphicsmagick.org/cgi-bin/cvsweb.cgi/GraphicsMagick/magick/memory.h.diff?r1=1.16;r2=1.17' -Patch100: GraphicsMagick-CVE-2009-1882.patch - %description GraphicsMagick is a comprehensive image processing package which is initially based on ImageMagick 5.5.2, but which has undergone significant re-work by @@ -101,8 +95,6 @@ however. %prep %setup -q -%patch100 -p1 -b .CVE-2009-1882 - iconv -f iso-8859-2 -t utf8 < ChangeLog > ChangeLog.utf8 mv -f ChangeLog.utf8 ChangeLog @@ -120,12 +112,14 @@ sed -i.rpath -e 's|"/lib /usr/lib|"/%{_lib} %{_libdir}|' configure --with-perl \ --with-perl-options="INSTALLDIRS=vendor %{?perl_prefix}" \ --with-threads \ - --with-windows-font-dir=%{_datadir}/fonts/default/TrueType \ --with-wmf \ --with-x \ --with-xml \ --without-dps \ - --without-gslib + --without-gslib \ + --with-windows-font-dir=%{_datadir}/fonts/msttcorefonts \ + --with-gs-font-dir=%{_datadir}/fonts/default/ghostscript + make %{?_smp_mflags} make %{?_smp_mflags} perl-build @@ -192,10 +186,10 @@ cat >%{buildroot}%{_includedir}/GraphicsMagick/magick/magick_config.h < - 1.3.11-1 +- GraphicsMagick-1.3.11 + * Mon Dec 28 2009 Rex Dieter - 1.3.7-4 - CVE-2009-1882 (#503017) diff --git a/sources b/sources index 0141532..d0b8162 100644 --- a/sources +++ b/sources @@ -1 +1 @@ -8a1ccf10d15816206426a9e716def9ac GraphicsMagick-1.3.7.tar.lzma +9c65e39e79ffc36f243e1643ae8b81f0 GraphicsMagick-1.3.11.tar.lzma