Mon Apr 9 15:56:21 2012 UTC ()

Add patch for CVE-2012-1610 from http://www.imagemagick.org/discourse-server/viewtopic.php?t=20629


(tez)

diff -r1.178 -r1.179 pkgsrc/graphics/ImageMagick/Makefile
diff -r1.110 -r1.111 pkgsrc/graphics/ImageMagick/distinfo
diff -r0 -r1.1 pkgsrc/graphics/ImageMagick/patches/patch-magick_profile.c
diff -r1.1 -r1.2 pkgsrc/graphics/ImageMagick/patches/patch-magick_property.c

--- pkgsrc/graphics/ImageMagick/Makefile 2012/03/30 03:50:47 1.178
+++ pkgsrc/graphics/ImageMagick/Makefile 2012/04/09 15:56:21 1.179

 @@ -1,19 +1,19 @@
-# $NetBSD: Makefile,v 1.178 2012/03/30 03:50:47 taca Exp $
+# $NetBSD: Makefile,v 1.179 2012/04/09 15:56:21 tez Exp $
 .include "Makefile.common"
 PKGNAME=	ImageMagick-${DISTVERSION}
-PKGREVISION=	1
+PKGREVISION=	2
 MAINTAINER=	adam@NetBSD.org
 COMMENT=	Package for display and interactive manipulation of images
 CONFLICTS=	geomview<1.8.1nb2  # used to have a program named 'animate'
 PKG_DESTDIR_SUPPORT=	user-destdir
 PKG_INSTALLATION_TYPES=	overwrite pkgviews
 USE_LANGUAGES=		c c++ c99
 USE_TOOLS+=		gmake pkg-config
 CONFIGURE_ARGS+=	--disable-assert
 CONFIGURE_ARGS+=	--with-fontconfig

--- pkgsrc/graphics/ImageMagick/distinfo 2012/03/30 03:50:47 1.110
+++ pkgsrc/graphics/ImageMagick/distinfo 2012/04/09 15:56:21 1.111

 @@ -1,8 +1,9 @@
-$NetBSD: distinfo,v 1.110 2012/03/30 03:50:47 taca Exp $
+$NetBSD: distinfo,v 1.111 2012/04/09 15:56:21 tez Exp $
 SHA1 (ImageMagick-6.7.5-10.tar.bz2) = e19d7d5148de58d56a02d68049bb5d3ba470f53c
 RMD160 (ImageMagick-6.7.5-10.tar.bz2) = 5ff5b7ddc773beb048773cc252c5d306eaf28e50
 Size (ImageMagick-6.7.5-10.tar.bz2) = 10416791 bytes
 SHA1 (patch-coders_jpeg.c) = 77e47f58ee3c46888f2edeafa1964e5145b65c25
 SHA1 (patch-coders_tiff.c) = ff11a7fe6f47cd3fb7afeab986851ac417366722
-SHA1 (patch-magick_property.c) = 19c345afac494a6599ef65a8a273f52095071127
+SHA1 (patch-magick_profile.c) = e991adc22b072a967fc3459d68cd6ab1e91610c6
 SHA1 (patch-magick_property.c) = 105e9f3cfa3aa098296513c594e24759b1713c5b

$NetBSD: patch-magick_profile.c,v 1.1 2012/04/09 15:56:21 tez Exp $

* Fix for CVE-2012-1610.

--- magick/profile.c.orig	2012-04-09 14:19:45.161695800 +0000
+++ magick/profile.c
@@ -6727,8 +6727,10 @@ MagickExport MagickBooleanType SyncImage
       format=(ssize_t) ReadProfileShort(endian,q+2);
       if ((format-1) >= EXIF_NUM_FORMATS)
         break;
-      components=(int) ReadProfileLong(endian,q+4);
+      components=(ssize_t) ((int) ReadProfileLong(endian,q+4));
       number_bytes=(size_t) components*format_bytes[format];
+      if (number_bytes < components)
+        break;  /* prevent overflow */
       if (number_bytes <= 4)
         p=q+8;
       else

--- pkgsrc/graphics/ImageMagick/patches/Attic/patch-magick_property.c 2012/03/30 03:50:47 1.1
+++ pkgsrc/graphics/ImageMagick/patches/Attic/patch-magick_property.c 2012/04/09 15:56:21 1.2

 @@ -1,15 +1,25 @@
-$NetBSD: patch-magick_property.c,v 1.1 2012/03/30 03:50:47 taca Exp $
+$NetBSD: patch-magick_property.c,v 1.2 2012/04/09 15:56:21 tez Exp $
 * Fix for CVE-2012-0259.
 * Fix for CVE-2012-1610.
 --- magick/property.c.orig	2012-03-01 01:41:19.000000000 +0000
 +++ magick/property.c
-@@ -1309,6 +1309,8 @@ static MagickBooleanType GetEXIFProperty
+@@ -1286,6 +1286,8 @@ static MagickBooleanType GetEXIFProperty
          break;
        components=(ssize_t) ((int) ReadPropertyLong(endian,q+4));
        number_bytes=(size_t) components*tag_bytes[format];
 +      if (number_bytes < components)
 +        break; /* prevent overflow */
        if (number_bytes <= 4)
          p=q+8;
        else
@@ -1309,6 +1311,8 @@ static MagickBooleanType GetEXIFProperty
              buffer[MaxTextExtent],
              *value;
 +	  value = NULL;
 +	  *buffer = '\0';
            switch (format)
+           {
              case EXIF_FMT_BYTE: