Add patch for CVE-2012-1610 from http://www.imagemagick.org/discourse-server/viewtopic.php?t=20629diff -r1.178 -r1.179 pkgsrc/graphics/ImageMagick/Makefile
(tez)
@@ -1,19 +1,19 @@ | @@ -1,19 +1,19 @@ | |||
1 | # $NetBSD: Makefile,v 1.178 2012/03/30 03:50:47 taca Exp $ | 1 | # $NetBSD: Makefile,v 1.179 2012/04/09 15:56:21 tez Exp $ | |
2 | 2 | |||
3 | .include "Makefile.common" | 3 | .include "Makefile.common" | |
4 | 4 | |||
5 | PKGNAME= ImageMagick-${DISTVERSION} | 5 | PKGNAME= ImageMagick-${DISTVERSION} | |
6 | PKGREVISION= 1 | 6 | PKGREVISION= 2 | |
7 | 7 | |||
8 | MAINTAINER= adam@NetBSD.org | 8 | MAINTAINER= adam@NetBSD.org | |
9 | COMMENT= Package for display and interactive manipulation of images | 9 | COMMENT= Package for display and interactive manipulation of images | |
10 | 10 | |||
11 | CONFLICTS= geomview<1.8.1nb2 # used to have a program named 'animate' | 11 | CONFLICTS= geomview<1.8.1nb2 # used to have a program named 'animate' | |
12 | 12 | |||
13 | PKG_DESTDIR_SUPPORT= user-destdir | 13 | PKG_DESTDIR_SUPPORT= user-destdir | |
14 | PKG_INSTALLATION_TYPES= overwrite pkgviews | 14 | PKG_INSTALLATION_TYPES= overwrite pkgviews | |
15 | 15 | |||
16 | USE_LANGUAGES= c c++ c99 | 16 | USE_LANGUAGES= c c++ c99 | |
17 | USE_TOOLS+= gmake pkg-config | 17 | USE_TOOLS+= gmake pkg-config | |
18 | CONFIGURE_ARGS+= --disable-assert | 18 | CONFIGURE_ARGS+= --disable-assert | |
19 | CONFIGURE_ARGS+= --with-fontconfig | 19 | CONFIGURE_ARGS+= --with-fontconfig |
@@ -1,8 +1,9 @@ | @@ -1,8 +1,9 @@ | |||
1 | $NetBSD: distinfo,v 1.110 2012/03/30 03:50:47 taca Exp $ | 1 | $NetBSD: distinfo,v 1.111 2012/04/09 15:56:21 tez Exp $ | |
2 | 2 | |||
3 | SHA1 (ImageMagick-6.7.5-10.tar.bz2) = e19d7d5148de58d56a02d68049bb5d3ba470f53c | 3 | SHA1 (ImageMagick-6.7.5-10.tar.bz2) = e19d7d5148de58d56a02d68049bb5d3ba470f53c | |
4 | RMD160 (ImageMagick-6.7.5-10.tar.bz2) = 5ff5b7ddc773beb048773cc252c5d306eaf28e50 | 4 | RMD160 (ImageMagick-6.7.5-10.tar.bz2) = 5ff5b7ddc773beb048773cc252c5d306eaf28e50 | |
5 | Size (ImageMagick-6.7.5-10.tar.bz2) = 10416791 bytes | 5 | Size (ImageMagick-6.7.5-10.tar.bz2) = 10416791 bytes | |
6 | SHA1 (patch-coders_jpeg.c) = 77e47f58ee3c46888f2edeafa1964e5145b65c25 | 6 | SHA1 (patch-coders_jpeg.c) = 77e47f58ee3c46888f2edeafa1964e5145b65c25 | |
7 | SHA1 (patch-coders_tiff.c) = ff11a7fe6f47cd3fb7afeab986851ac417366722 | 7 | SHA1 (patch-coders_tiff.c) = ff11a7fe6f47cd3fb7afeab986851ac417366722 | |
8 | SHA1 (patch-magick_property.c) = 19c345afac494a6599ef65a8a273f52095071127 | 8 | SHA1 (patch-magick_profile.c) = e991adc22b072a967fc3459d68cd6ab1e91610c6 | |
9 | SHA1 (patch-magick_property.c) = 105e9f3cfa3aa098296513c594e24759b1713c5b |
$NetBSD: patch-magick_profile.c,v 1.1 2012/04/09 15:56:21 tez Exp $
* Fix for CVE-2012-1610.
--- magick/profile.c.orig 2012-04-09 14:19:45.161695800 +0000
+++ magick/profile.c
@@ -6727,8 +6727,10 @@ MagickExport MagickBooleanType SyncImage
format=(ssize_t) ReadProfileShort(endian,q+2);
if ((format-1) >= EXIF_NUM_FORMATS)
break;
- components=(int) ReadProfileLong(endian,q+4);
+ components=(ssize_t) ((int) ReadProfileLong(endian,q+4));
number_bytes=(size_t) components*format_bytes[format];
+ if (number_bytes < components)
+ break; /* prevent overflow */
if (number_bytes <= 4)
p=q+8;
else
@@ -1,15 +1,25 @@ | @@ -1,15 +1,25 @@ | |||
1 | $NetBSD: patch-magick_property.c,v 1.1 2012/03/30 03:50:47 taca Exp $ | 1 | $NetBSD: patch-magick_property.c,v 1.2 2012/04/09 15:56:21 tez Exp $ | |
2 | 2 | |||
3 | * Fix for CVE-2012-0259. | 3 | * Fix for CVE-2012-0259. | |
4 | * Fix for CVE-2012-1610. | |||
4 | 5 | |||
5 | --- magick/property.c.orig 2012-03-01 01:41:19.000000000 +0000 | 6 | --- magick/property.c.orig 2012-03-01 01:41:19.000000000 +0000 | |
6 | +++ magick/property.c | 7 | +++ magick/property.c | |
7 | @@ -1309,6 +1309,8 @@ static MagickBooleanType GetEXIFProperty | 8 | @@ -1286,6 +1286,8 @@ static MagickBooleanType GetEXIFProperty | |
9 | break; | |||
10 | components=(ssize_t) ((int) ReadPropertyLong(endian,q+4)); | |||
11 | number_bytes=(size_t) components*tag_bytes[format]; | |||
12 | + if (number_bytes < components) | |||
13 | + break; /* prevent overflow */ | |||
14 | if (number_bytes <= 4) | |||
15 | p=q+8; | |||
16 | else | |||
17 | @@ -1309,6 +1311,8 @@ static MagickBooleanType GetEXIFProperty | |||
8 | buffer[MaxTextExtent], | 18 | buffer[MaxTextExtent], | |
9 | *value; | 19 | *value; | |
10 | 20 | |||
11 | + value = NULL; | 21 | + value = NULL; | |
12 | + *buffer = '\0'; | 22 | + *buffer = '\0'; | |
13 | switch (format) | 23 | switch (format) | |
14 | { | 24 | { | |
15 | case EXIF_FMT_BYTE: | 25 | case EXIF_FMT_BYTE: |