- Fix potential CVE-2007-0770 issue.

GraphicsMagick-palm.patch

@@ -0,0 +1,41 @@
+--- graphicsmagick-1.1.7.orig/coders/dcm.c
++++ graphicsmagick-1.1.7/coders/dcm.c
+@@ -3022,7 +3022,7 @@
+             /*
+               Photometric interpretation.
+             */
+-            for (i=0; i < (long) length; i++)
++            for (i=0; i < (long) Min(length, MaxTextExtent-1); i++)
+               photometric[i]=data[i];
+             photometric[i]='\0';
+             break;
+--- graphicsmagick-1.1.7.orig/coders/palm.c
++++ graphicsmagick-1.1.7/coders/palm.c
+@@ -541,7 +541,8 @@
+         image->compression = RLECompression;
+         for (i = 0; i < (long) bytes_per_row; )
+           {
+           count = ReadBlobByte(image);
++          count = Min(count, bytes_per_row-i);
+           byte = ReadBlobByte(image);
+           memset(one_row + i, (int) byte, count);
+           i += count;
+@@ -579,6 +579,8 @@
+     indexes=GetIndexes(image);
+     if(bits_per_pixel == 16)
+       {
++      if (image->columns > 2*bytes_per_row)
++        ThrowReaderException(CorruptImageError,CorruptImage,image);
+       for (x=0; x < (long) image->columns; x++)
+         {
+         color16 = (*ptr++ << 8);
+@@ -595,6 +597,8 @@
+       bit = 8 - bits_per_pixel;
+       for(x = 0; x < (long) image->columns; x++)
+         {
++	if (ptr - one_row >= bytes_per_row)
++          ThrowReaderException(CorruptImageError,CorruptImage,image);
+         index =(IndexPacket) (mask - (((*ptr) & (mask << bit)) >> bit));
+         indexes[x] = index;
+         *q++ = image->colormap[index];
+

GraphicsMagick.spec

@@ -1,12 +1,12 @@
 Summary: An ImageMagick fork, offering faster image generation and better quality
 Name: GraphicsMagick
 Version: 1.1.7
-Release: 6%{?dist}
+Release: 7%{?dist}
 License: MIT
 Group: Applications/Multimedia
 Source0: http://download.sourceforge.net/graphicsmagick/GraphicsMagick-%{version}.tar.bz2
 Patch0: GraphicsMagick-gslib.patch
-
+Patch1: GraphicsMagick-palm.patch
 Url: http://www.graphicsmagick.org/
 Buildroot: %{_tmppath}/%{name}-%{version}-root
 BuildRequires: bzip2-devel, freetype-devel, libjpeg-devel, libpng-devel
@@ -16,12 +16,7 @@ BuildRequires: automake >= 1.7 autoconf >= 2.58 libtool >= 1.5
 BuildRequires: ghostscript-devel
 BuildRequires: libwmf-devel
 BuildRequires: lcms-devel, libxml2-devel, librsvg2-devel
-%if 0%{?fedora} > 4 || 0%{?rhel} > 4
-%define x_deps libX11-devel libXext-devel libXt-devel
-%else
-%define x_deps  xorg-x11-devel
-%endif
-BuildRequires: %{x_deps}
+BuildRequires: libX11-devel libXext-devel libXt-devel
 
 %description
 GraphicsMagick is a comprehensive image processing package which is initially
@@ -33,13 +28,8 @@ of the software.
 Summary: Static libraries and header files for GraphicsMagick app development
 Group: Development/Libraries
 Requires: %{name} = %{version}-%{release}
-Requires: %{x_deps}
-Requires: ghostscript-devel
-Requires: bzip2-devel
-Requires: libtiff-devel
-Requires: libjpeg-devel
-Requires: lcms-devel
-Requires: pkgconfig
+Requires: ghostscript-devel, bzip2-devel, libtiff-devel, libjpeg-devel
+Requires: lcms-devel, pkgconfig, libX11-devel, libXext-devel, libXt-devel
 
 %description devel
 GraphicsMagick-devel contains the static libraries and header files you'll
@@ -98,6 +88,7 @@ however.
 %prep
 %setup -q
 %patch0 -p 1 -b .gslib 
+%patch1 -p 1 -b .palm
 # Regenerating configure script
 autoconf
 
@@ -181,11 +172,6 @@ cat >%{buildroot}%{_includedir}/GraphicsMagick/magick/magick_config.h <<EOF
 #endif
 EOF
 
-%if "%{?rhel}" == "4"
-# el4/ImageMagick conflicts
-rm -f %{buildroot}%{_mandir}/man{4/miff.4,5/quantize.5}*
-%endif
-
 
 %clean
 rm -rf %{buildroot}
@@ -240,7 +226,11 @@ rm -rf %{buildroot}
 %{_mandir}/man3/*
 %doc PerlMagick/demo/ PerlMagick/Changelog PerlMagick/README.txt
 
+
 %changelog
+* Wed Mar 07 2007 Andreas Thienemann <andreas@bawue.net> - 1.1.7-7
+- Fix potential CVE-2007-0770 issue.
+
 * Fri Dec 01 2006 Rex Dieter <rexdieter[AT]users.sf.net> - 1.1.7-6
 - *really* fix magick_config-64.h (bug #217959)
 - make buildable on rhel4 too.