[ImageMagick/f17] Fix CVE-2012-3437 (bz#844101, 844103)
Pavel Alexeev
hubbitus at fedoraproject.org
Sat Aug 11 19:48:06 UTC 2012
commit 35c4c461889ae7f79f03dbd4953e38e082c53151
Author: Pavel Alexeev (aka Pahan-Hubbitus) <pahan at hubbitus.info>
Date: Sat Aug 11 23:48:41 2012 +0400
Fix CVE-2012-3437 (bz#844101, 844103)
ImageMagick-6.7.5-6-CVE-2012-3437.patch | 56 +++++++++++++++++++++++++++++++
ImageMagick.spec | 11 +++++-
2 files changed, 66 insertions(+), 1 deletions(-)
---
diff --git a/ImageMagick-6.7.5-6-CVE-2012-3437.patch b/ImageMagick-6.7.5-6-CVE-2012-3437.patch
new file mode 100644
index 0000000..b5fb983
--- /dev/null
+++ b/ImageMagick-6.7.5-6-CVE-2012-3437.patch
@@ -0,0 +1,56 @@
+--- coders/png.c (revision 8733)
++++ coders/png.c (revision 8732)
+@@ -1756,11 +1756,7 @@
+ }
+
+ #ifdef PNG_USER_MEM_SUPPORTED
+-#if PNG_LIBPNG_VER >= 14000
+-static png_voidp Magick_png_malloc(png_structp png_ptr,png_alloc_size_t size)
+-#else
+-static png_voidp Magick_png_malloc(png_structp png_ptr,png_size_t size)
+-#endif
++static png_voidp Magick_png_malloc(png_structp png_ptr,png_uint_32 size)
+ {
+ #if (PNG_LIBPNG_VER < 10011)
+ png_voidp
+@@ -7462,22 +7458,12 @@
+ (char *) profile_type, (double) length);
+ }
+
+-#if PNG_LIBPNG_VER >= 14000
+- text=(png_textp) png_malloc(ping,(png_alloc_size_t) sizeof(png_text));
+-#else
+- text=(png_textp) png_malloc(ping,(png_size_t) sizeof(png_text));
+-#endif
++ text=(png_textp) png_malloc(ping,(png_uint_32) sizeof(png_text));
+ description_length=(png_uint_32) strlen((const char *) profile_description);
+ allocated_length=(png_uint_32) (length*2 + (length >> 5) + 20
+ + description_length);
+-#if PNG_LIBPNG_VER >= 14000
+- text[0].text=(png_charp) png_malloc(ping,
+- (png_alloc_size_t) allocated_length);
+- text[0].key=(png_charp) png_malloc(ping, (png_alloc_size_t) 80);
+-#else
+- text[0].text=(png_charp) png_malloc(ping, (png_size_t) allocated_length);
+- text[0].key=(png_charp) png_malloc(ping, (png_size_t) 80);
+-#endif
++ text[0].text=(png_charp) png_malloc(ping,allocated_length);
++ text[0].key=(png_charp) png_malloc(ping, (png_uint_32) 80);
+ text[0].key[0]='\0';
+ (void) ConcatenateMagickString(text[0].key,
+ "Raw profile type ",MaxTextExtent);
+@@ -10796,13 +10782,7 @@
+ {
+ if (value != (const char *) NULL)
+ {
+-
+-#if PNG_LIBPNG_VER >= 14000
+- text=(png_textp) png_malloc(ping,
+- (png_alloc_size_t) sizeof(png_text));
+-#else
+- text=(png_textp) png_malloc(ping,(png_size_t) sizeof(png_text));
+-#endif
++ text=(png_textp) png_malloc(ping,(png_uint_32) sizeof(png_text));
+ text[0].key=(char *) property;
+ text[0].text=(char *) value;
+ text[0].text_length=strlen(value);
diff --git a/ImageMagick.spec b/ImageMagick.spec
index 8e02e08..8b17f70 100644
--- a/ImageMagick.spec
+++ b/ImageMagick.spec
@@ -3,7 +3,7 @@
Name: ImageMagick
Version: %{VER}.%{Patchlevel}
-Release: 3%{?dist}
+Release: 4%{?dist}
Summary: An X application for displaying and manipulating images
Group: Applications/Multimedia
License: ImageMagick
@@ -18,6 +18,9 @@ BuildRequires: libwmf-devel, jasper-devel, libtool-ltdl-devel
BuildRequires: libX11-devel, libXext-devel, libXt-devel
BuildRequires: lcms-devel, libxml2-devel, librsvg2-devel, OpenEXR-devel
+# bz#844101, bz#844103
+Patch1: ImageMagick-6.7.5-6-CVE-2012-3437.patch
+
%description
ImageMagick is an image display and manipulation tool for the X
Window System. ImageMagick can read and write JPEG, TIFF, PNM, GIF,
@@ -126,6 +129,9 @@ however.
%prep
%setup -q -n %{name}-%{VER}-%{Patchlevel}
+
+%patch1 -p0 -R -b .CVE-2012-3437
+
sed -i 's/libltdl.la/libltdl.so/g' configure
iconv -f ISO-8859-1 -t UTF-8 README.txt > README.txt.tmp
touch -r README.txt README.txt.tmp
@@ -303,6 +309,9 @@ rm -rf %{buildroot}
%doc PerlMagick/demo/ PerlMagick/Changelog PerlMagick/README.txt
%changelog
+* Sat Aug 11 2012 Pavel Alexeev <Pahan at Hubbitus.info> - 6.7.5.6-4
+- Fix CVE-2012-3437 (bz#844101, 844103)
+
* Sat Feb 25 2012 Pavel Alexeev <Pahan at Hubbitus.info> - 6.7.5.6-1
- Update by request https://bugzilla.redhat.com/show_bug.cgi?id=755827#c8
- Delete multilib patch as it should be in main sources.
More information about the scm-commits
mailing list