[ImageMagick/f16] Fix CVE-2012-3437 (bz#844101, 844103)
Pavel Alexeev
hubbitus at fedoraproject.org
Sat Aug 11 19:31:37 UTC 2012
commit b9e98f80df13f454651a26e5ff265c623976c18f
Author: Pavel Alexeev (aka Pahan-Hubbitus) <pahan at hubbitus.info>
Date: Sat Aug 11 23:32:10 2012 +0400
Fix CVE-2012-3437 (bz#844101, 844103)
ImageMagick-6.7.0-10-CVE-2012-3437.patch | 56 ++++++++++++++++++++++++++++++
ImageMagick.spec | 8 ++++-
2 files changed, 63 insertions(+), 1 deletions(-)
---
diff --git a/ImageMagick-6.7.0-10-CVE-2012-3437.patch b/ImageMagick-6.7.0-10-CVE-2012-3437.patch
new file mode 100644
index 0000000..b5fb983
--- /dev/null
+++ b/ImageMagick-6.7.0-10-CVE-2012-3437.patch
@@ -0,0 +1,56 @@
+--- coders/png.c (revision 8733)
++++ coders/png.c (revision 8732)
+@@ -1756,11 +1756,7 @@
+ }
+
+ #ifdef PNG_USER_MEM_SUPPORTED
+-#if PNG_LIBPNG_VER >= 14000
+-static png_voidp Magick_png_malloc(png_structp png_ptr,png_alloc_size_t size)
+-#else
+-static png_voidp Magick_png_malloc(png_structp png_ptr,png_size_t size)
+-#endif
++static png_voidp Magick_png_malloc(png_structp png_ptr,png_uint_32 size)
+ {
+ #if (PNG_LIBPNG_VER < 10011)
+ png_voidp
+@@ -7462,22 +7458,12 @@
+ (char *) profile_type, (double) length);
+ }
+
+-#if PNG_LIBPNG_VER >= 14000
+- text=(png_textp) png_malloc(ping,(png_alloc_size_t) sizeof(png_text));
+-#else
+- text=(png_textp) png_malloc(ping,(png_size_t) sizeof(png_text));
+-#endif
++ text=(png_textp) png_malloc(ping,(png_uint_32) sizeof(png_text));
+ description_length=(png_uint_32) strlen((const char *) profile_description);
+ allocated_length=(png_uint_32) (length*2 + (length >> 5) + 20
+ + description_length);
+-#if PNG_LIBPNG_VER >= 14000
+- text[0].text=(png_charp) png_malloc(ping,
+- (png_alloc_size_t) allocated_length);
+- text[0].key=(png_charp) png_malloc(ping, (png_alloc_size_t) 80);
+-#else
+- text[0].text=(png_charp) png_malloc(ping, (png_size_t) allocated_length);
+- text[0].key=(png_charp) png_malloc(ping, (png_size_t) 80);
+-#endif
++ text[0].text=(png_charp) png_malloc(ping,allocated_length);
++ text[0].key=(png_charp) png_malloc(ping, (png_uint_32) 80);
+ text[0].key[0]='\0';
+ (void) ConcatenateMagickString(text[0].key,
+ "Raw profile type ",MaxTextExtent);
+@@ -10796,13 +10782,7 @@
+ {
+ if (value != (const char *) NULL)
+ {
+-
+-#if PNG_LIBPNG_VER >= 14000
+- text=(png_textp) png_malloc(ping,
+- (png_alloc_size_t) sizeof(png_text));
+-#else
+- text=(png_textp) png_malloc(ping,(png_size_t) sizeof(png_text));
+-#endif
++ text=(png_textp) png_malloc(ping,(png_uint_32) sizeof(png_text));
+ text[0].key=(char *) property;
+ text[0].text=(char *) value;
+ text[0].text_length=strlen(value);
diff --git a/ImageMagick.spec b/ImageMagick.spec
index 97ced08..8d76ea2 100644
--- a/ImageMagick.spec
+++ b/ImageMagick.spec
@@ -3,7 +3,7 @@
Name: ImageMagick
Version: %{VER}.%{Patchlevel}
-Release: 5%{?dist}
+Release: 6%{?dist}
Summary: An X application for displaying and manipulating images
Group: Applications/Multimedia
License: ImageMagick
@@ -17,6 +17,8 @@ Patch2: ImageMagick-delegates.patch
Patch3: ImageMagick-6.7.0-10-CVE-2012-0259.patch
# http://www.imagemagick.org/discourse-server/viewtopic.php?p=82865#p82865 (bz#807993)
Patch4: ImageMagick-6.7.0-10-CVE-2012-1610.patch
+# bz#844101, bz#844103
+Patch5: ImageMagick-6.7.0-10-CVE-2012-3437.patch
BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n)
BuildRequires: bzip2-devel, freetype-devel, libjpeg-devel, libpng-devel
@@ -138,6 +140,7 @@ however.
%patch2 -p0 -b .delegates
%patch3 -p1 -b .CVE-2012-0259
%patch4 -p1 -b .CVE-2012-1610
+%patch5 -p0 -R -b .CVE-2012-3437
sed -i 's/libltdl.la/libltdl.so/g' configure
@@ -315,6 +318,9 @@ rm -rf $RPM_BUILD_ROOT
%changelog
+* Sat Aug 11 2012 Pavel Alexeev <Pahan at Hubbitus.info> - 6.7.0.10-6
+- Fix CVE-2012-3437 (bz#844101, 844103)
+
* Tue Jun 12 2012 Pavel Alexeev <Pahan at Hubbitus.info> - 6.7.0.10-5
- Add Patch3: ImageMagick-6.7.0-10-CVE-2012-0259.patch - http://www.imagemagick.org/discourse-server/viewtopic.php?f=4&t=20629 (bz#807993)
- And Patch4: ImageMagick-6.7.0-10-CVE-2012-1620.patch - http://www.imagemagick.org/discourse-server/viewtopic.php?p=82865#p82865 (bz#807993)
More information about the scm-commits
mailing list