1.3.20, CVE-2014-1947 (#1064098,#1083082)

11 years ago · 59e8f594d3
parent 154569a467
commit 59e8f594d3
5 changed files with 35 additions and 19 deletions
--- a/.gitignore
+++ b/.gitignore
@ -1 +1 @@
-/GraphicsMagick-1.3.19.tar.xz
+/GraphicsMagick-1.3.20.tar.xz
--- a/GraphicsMagick-1.3.19-fd85f2.patch
+++ b/GraphicsMagick-1.3.19-fd85f2.patch
@ -1,10 +0,0 @@
--- GraphicsMagick-1.3.19/wand/magick_wand.c.orig	2014-02-03 10:50:54.942163472 +0100
-+++ GraphicsMagick-1.3.19/wand/magick_wand.c	2014-02-03 10:51:23.957263231 +0100
-@@ -1907,7 +1907,6 @@
-   if ((draw_info == (DrawInfo *) NULL) ||
-       (draw_info->primitive == (char *) NULL))
-     return(False);
-  fprintf(stderr,"%s\n",draw_info->primitive);
-   status=DrawImage(wand->image,draw_info);
-   if (status == False)
-     InheritException(&wand->exception,&wand->image->exception);
--- a/GraphicsMagick-1.3.20-CVE-2014-1947.patch
+++ b/GraphicsMagick-1.3.20-CVE-2014-1947.patch
@ -0,0 +1,25 @@
+diff -up GraphicsMagick-1.3.20/coders/psd.c.CVE-2014-1947 GraphicsMagick-1.3.20/coders/psd.c
+--- GraphicsMagick-1.3.20/coders/psd.c.CVE-2014-1947	2014-08-16 15:33:23.000000000 -0500
+++ GraphicsMagick-1.3.20/coders/psd.c	2014-08-20 07:30:08.767862041 -0500
+@@ -1719,8 +1719,7 @@ static unsigned int WritePSDImage(const
+     i;
+ 
+   unsigned char
+-    *pixels,
+-    layer_name[4];
+    *pixels;
+ 
+   unsigned int
+     packet_size,
+@@ -1944,8 +1943,9 @@ static unsigned int WritePSDImage(const
+             (void) WriteBlob(image, 3, &layer_name[1]);
+           */ 
+         } else {
+-          (void) sprintf((char *) layer_name, "L%02d", layer_count++ );
+-          WritePascalString( image, (char*)layer_name, 4 );
+          char layer_name[4];
+          (void) sprintf(layer_name, "L%02d", layer_count++ );
+          WritePascalString( image, layer_name, 4 );
+         }
+         tmp_image = tmp_image->next;
+       };
--- a/GraphicsMagick.spec
+++ b/GraphicsMagick.spec
@ -32,8 +32,8 @@

 Summary: An ImageMagick fork, offering faster image generation and better quality
 Name: GraphicsMagick
-Version: 1.3.19
-Release: 9%{?dist}
+Version: 1.3.20
+Release: 1%{?dist}

 License: MIT
 Group: Applications/Multimedia
@ -44,12 +44,10 @@ BuildRoot: %(mktemp -ud %{_tmppath}/%{name}-%{version}-%{release}-XXXXXX)
 # workaround multilib conflicts with GraphicsMagick-config
 Patch1: GraphicsMagick-1.3.16-multilib.patch

-# Upstream patch - drop debug output
-# http://sourceforge.net/p/graphicsmagick/code/ci/fd85f264c97504ae5fd4308fb5347ba7f126beb8/
-Patch2: GraphicsMagick-1.3.19-fd85f2.patch
-
 ## upstreamable patches
 Patch50: GraphicsMagick-1.3.14-perl_linkage.patch
+# https://bugzilla.redhat.com/1064098
+Patch51: GraphicsMagick-1.3.20-CVE-2014-1947.patch

 ## upstream patches

@ -159,8 +157,8 @@ however.
 %setup -q

 %patch1 -p1 -b .multilib
-%patch2 -p1 -b .fd85f2
 %patch50 -p1 -b .perl_linkage
+%patch51 -p1 -b .CVE-2014-1947

 for f in ChangeLog.{2006,2008,2009,2012} NEWS.txt ; do
    iconv -f iso-8859-2 -t utf8 < $f > $f.utf8
@ -315,6 +313,9 @@ rm -rf %{buildroot}


 %changelog
+* Wed Aug 20 2014 Rex Dieter <rdieter@fedoraproject.org> 1.3.20-1
+- 1.3.20, CVE-2014-1947 (#1064098,#1083082)
+
 * Fri Aug 15 2014 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 1.3.19-9
 - Rebuilt for https://fedoraproject.org/wiki/Fedora_21_22_Mass_Rebuild

--- a/2
+++ b/2
@ -1 +1 @@
-e2795d7bdc2f3917804e40c8cae1993e  GraphicsMagick-1.3.19.tar.xz
+5bb456e3466026ada6f12cc53c9776dc  GraphicsMagick-1.3.20.tar.xz