better fix for CVE-2014-1947 (#1064098,#1083082)

11 years ago · c407c458d3
parent 59e8f594d3
commit c407c458d3
2 changed files with 6 additions and 3 deletions
--- a/GraphicsMagick-1.3.20-CVE-2014-1947.patch
+++ b/GraphicsMagick-1.3.20-CVE-2014-1947.patch
@ -17,8 +17,8 @@ diff -up GraphicsMagick-1.3.20/coders/psd.c.CVE-2014-1947 GraphicsMagick-1.3.20/
         } else {
 -          (void) sprintf((char *) layer_name, "L%02d", layer_count++ );
 -          WritePascalString( image, (char*)layer_name, 4 );
-+          char layer_name[4];
-+          (void) sprintf(layer_name, "L%02d", layer_count++ );
+          char layer_name[MaxTextExtent];
+          (void) sprintf(layer_name, "L%06ld", layer_count++ );
 +          WritePascalString( image, layer_name, 4 );
         }
         tmp_image = tmp_image->next;
--- a/GraphicsMagick.spec
+++ b/GraphicsMagick.spec
@ -33,7 +33,7 @@
 Summary: An ImageMagick fork, offering faster image generation and better quality
 Name: GraphicsMagick
 Version: 1.3.20
-Release: 1%{?dist}
+Release: 2%{?dist}

 License: MIT
 Group: Applications/Multimedia
@ -313,6 +313,9 @@ rm -rf %{buildroot}


 %changelog
+* Mon Aug 25 2014 Rex Dieter <rdieter@fedoraproject.org> 1.3.20-2
+- better fix for CVE-2014-1947 (#1064098,#1083082)
+
 * Wed Aug 20 2014 Rex Dieter <rdieter@fedoraproject.org> 1.3.20-1
 - 1.3.20, CVE-2014-1947 (#1064098,#1083082)