From 59e8f594d3f54a8c8d1c12b153f42029e2b9a751 Mon Sep 17 00:00:00 2001 From: Rex Dieter Date: Wed, 20 Aug 2014 07:51:27 -0500 Subject: [PATCH] 1.3.20, CVE-2014-1947 (#1064098,#1083082) --- .gitignore | 2 +- GraphicsMagick-1.3.19-fd85f2.patch | 10 --------- GraphicsMagick-1.3.20-CVE-2014-1947.patch | 25 +++++++++++++++++++++++ GraphicsMagick.spec | 15 +++++++------- sources | 2 +- 5 files changed, 35 insertions(+), 19 deletions(-) delete mode 100644 GraphicsMagick-1.3.19-fd85f2.patch create mode 100644 GraphicsMagick-1.3.20-CVE-2014-1947.patch diff --git a/.gitignore b/.gitignore index 179b11a..d9bb688 100644 --- a/.gitignore +++ b/.gitignore @@ -1 +1 @@ -/GraphicsMagick-1.3.19.tar.xz +/GraphicsMagick-1.3.20.tar.xz diff --git a/GraphicsMagick-1.3.19-fd85f2.patch b/GraphicsMagick-1.3.19-fd85f2.patch deleted file mode 100644 index aa5bbfe..0000000 --- a/GraphicsMagick-1.3.19-fd85f2.patch +++ /dev/null @@ -1,10 +0,0 @@ ---- GraphicsMagick-1.3.19/wand/magick_wand.c.orig 2014-02-03 10:50:54.942163472 +0100 -+++ GraphicsMagick-1.3.19/wand/magick_wand.c 2014-02-03 10:51:23.957263231 +0100 -@@ -1907,7 +1907,6 @@ - if ((draw_info == (DrawInfo *) NULL) || - (draw_info->primitive == (char *) NULL)) - return(False); -- fprintf(stderr,"%s\n",draw_info->primitive); - status=DrawImage(wand->image,draw_info); - if (status == False) - InheritException(&wand->exception,&wand->image->exception); diff --git a/GraphicsMagick-1.3.20-CVE-2014-1947.patch b/GraphicsMagick-1.3.20-CVE-2014-1947.patch new file mode 100644 index 0000000..27b16cd --- /dev/null +++ b/GraphicsMagick-1.3.20-CVE-2014-1947.patch @@ -0,0 +1,25 @@ +diff -up GraphicsMagick-1.3.20/coders/psd.c.CVE-2014-1947 GraphicsMagick-1.3.20/coders/psd.c +--- GraphicsMagick-1.3.20/coders/psd.c.CVE-2014-1947 2014-08-16 15:33:23.000000000 -0500 ++++ GraphicsMagick-1.3.20/coders/psd.c 2014-08-20 07:30:08.767862041 -0500 +@@ -1719,8 +1719,7 @@ static unsigned int WritePSDImage(const + i; + + unsigned char +- *pixels, +- layer_name[4]; ++ *pixels; + + unsigned int + packet_size, +@@ -1944,8 +1943,9 @@ static unsigned int WritePSDImage(const + (void) WriteBlob(image, 3, &layer_name[1]); + */ + } else { +- (void) sprintf((char *) layer_name, "L%02d", layer_count++ ); +- WritePascalString( image, (char*)layer_name, 4 ); ++ char layer_name[4]; ++ (void) sprintf(layer_name, "L%02d", layer_count++ ); ++ WritePascalString( image, layer_name, 4 ); + } + tmp_image = tmp_image->next; + }; diff --git a/GraphicsMagick.spec b/GraphicsMagick.spec index 59b32e1..f6d229a 100644 --- a/GraphicsMagick.spec +++ b/GraphicsMagick.spec @@ -32,8 +32,8 @@ Summary: An ImageMagick fork, offering faster image generation and better quality Name: GraphicsMagick -Version: 1.3.19 -Release: 9%{?dist} +Version: 1.3.20 +Release: 1%{?dist} License: MIT Group: Applications/Multimedia @@ -44,12 +44,10 @@ BuildRoot: %(mktemp -ud %{_tmppath}/%{name}-%{version}-%{release}-XXXXXX) # workaround multilib conflicts with GraphicsMagick-config Patch1: GraphicsMagick-1.3.16-multilib.patch -# Upstream patch - drop debug output -# http://sourceforge.net/p/graphicsmagick/code/ci/fd85f264c97504ae5fd4308fb5347ba7f126beb8/ -Patch2: GraphicsMagick-1.3.19-fd85f2.patch - ## upstreamable patches Patch50: GraphicsMagick-1.3.14-perl_linkage.patch +# https://bugzilla.redhat.com/1064098 +Patch51: GraphicsMagick-1.3.20-CVE-2014-1947.patch ## upstream patches @@ -159,8 +157,8 @@ however. %setup -q %patch1 -p1 -b .multilib -%patch2 -p1 -b .fd85f2 %patch50 -p1 -b .perl_linkage +%patch51 -p1 -b .CVE-2014-1947 for f in ChangeLog.{2006,2008,2009,2012} NEWS.txt ; do iconv -f iso-8859-2 -t utf8 < $f > $f.utf8 @@ -315,6 +313,9 @@ rm -rf %{buildroot} %changelog +* Wed Aug 20 2014 Rex Dieter 1.3.20-1 +- 1.3.20, CVE-2014-1947 (#1064098,#1083082) + * Fri Aug 15 2014 Fedora Release Engineering - 1.3.19-9 - Rebuilt for https://fedoraproject.org/wiki/Fedora_21_22_Mass_Rebuild diff --git a/sources b/sources index a814bf8..08d7599 100644 --- a/sources +++ b/sources @@ -1 +1 @@ -e2795d7bdc2f3917804e40c8cae1993e GraphicsMagick-1.3.19.tar.xz +5bb456e3466026ada6f12cc53c9776dc GraphicsMagick-1.3.20.tar.xz