[ImageMagick/f20] - Build 6.8.7-0 version because soname bump happened in newer. - Concretize soname versioning. - Add
Pavel Alexeev
hubbitus at fedoraproject.org
Mon Apr 7 11:58:14 UTC 2014
commit 36451106b3999f54edb7c32cbf46aad386a15ec4
Author: Hubbitus <pahan at hubbitus.info>
Date: Mon Apr 7 15:57:54 2014 +0400
- Build 6.8.7-0 version because soname bump happened in newer.
- Concretize soname versioning.
- Add Patch0: ImageMagick-6.8.7-psd-CVE.patch CVE bug fix backporting:
http://www.imagemagick.org/discourse-server/viewtopic.php?f=3&t=25128&sid=ff40ad66b1f845c767aa77c7e32f9f9c&p=109901#p109901
for fix CVE-2014-1958 (bz#1067276, bz#1067277, bz#1067278), CVE-2014-1947, CVE-2014-2030 (bz#1064098)
- Enable %%check by Alexander Todorov suggestion - bz#1076671.
- Add %%{?_smp_mflags} into make install and check (not main compilation).
ImageMagick-6.8.7-psd-CVE.patch | 25 +++++++++++++++++++++++++
ImageMagick.spec | 25 +++++++++++++++++--------
sources | 2 +-
3 files changed, 43 insertions(+), 9 deletions(-)
---
diff --git a/ImageMagick-6.8.7-psd-CVE.patch b/ImageMagick-6.8.7-psd-CVE.patch
new file mode 100644
index 0000000..217c539
--- /dev/null
+++ b/ImageMagick-6.8.7-psd-CVE.patch
@@ -0,0 +1,25 @@
+Index: ImageMagick/branches/ImageMagick-6/coders/psd.c
+===================================================================
+--- a/ImageMagick/branches/ImageMagick-6/coders/psd.c
++++ b/ImageMagick/branches/ImageMagick-6/coders/psd.c
+@@ -270,5 +270,5 @@
+ for (i=0; (packets > 1) && (i < (ssize_t) number_pixels); )
+ {
+- length=(*compact_pixels++);
++ length=(size_t) (*compact_pixels++);
+ packets--;
+ if (length == 128)
+@@ -277,4 +277,6 @@
+ {
+ length=256-length+1;
++ if ((ssize_t) length + i > (ssize_t) number_pixels)
++ length=number_pixels-(size_t) i;
+ pixel=(*compact_pixels++);
+ packets--;
+@@ -323,4 +325,6 @@
+ }
+ length++;
++ if ((ssize_t) length + i > (ssize_t) number_pixels)
++ length=number_pixels-(size_t) i;
+ for (j=0; j < (ssize_t) length; j++)
+ {
diff --git a/ImageMagick.spec b/ImageMagick.spec
index 6a97624..f403ec9 100644
--- a/ImageMagick.spec
+++ b/ImageMagick.spec
@@ -1,9 +1,9 @@
-%global VER 6.8.8
-%global Patchlevel 10
+%global VER 6.8.7
+%global Patchlevel 0
Name: ImageMagick
Version: %{VER}.%{Patchlevel}
-Release: 2%{?dist}
+Release: 5%{?dist}
Summary: An X application for displaying and manipulating images
Group: Applications/Multimedia
License: ImageMagick
@@ -12,6 +12,9 @@ Source0: ftp://ftp.ImageMagick.org/pub/%{name}/%{name}-%{VER}-%{Patchlevel}.tar
Requires: %{name}-libs = %{version}-%{release}
+# CVE bug fix backporting: http://www.imagemagick.org/discourse-server/viewtopic.php?f=3&t=25128&sid=ff40ad66b1f845c767aa77c7e32f9f9c&p=109901#p109901
+Patch0: ImageMagick-6.8.7-psd-CVE.patch
+
BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n)
BuildRequires: bzip2-devel, freetype-devel, libjpeg-devel, libpng-devel
BuildRequires: libtiff-devel, giflib-devel, zlib-devel, perl-devel >= 5.8.1
@@ -132,6 +135,8 @@ however.
%prep
%setup -q -n %{name}-%{VER}-%{Patchlevel}
+%patch0 -p4 -b .cve
+
sed -i 's/libltdl.la/libltdl.so/g' configure
iconv -f ISO-8859-1 -t UTF-8 README.txt > README.txt.tmp
touch -r README.txt README.txt.tmp
@@ -253,8 +258,8 @@ rm -rf %{buildroot}
%files libs
%defattr(-,root,root,-)
%doc LICENSE NOTICE AUTHORS.txt QuickStart.txt
-%{_libdir}/libMagickCore-6.Q16.so.*
-%{_libdir}/libMagickWand-6.Q16.so.*
+%{_libdir}/libMagickCore-6.Q16.so.1*
+%{_libdir}/libMagickWand-6.Q16.so.1*
%{_libdir}/%{name}-%{VER}
%{_datadir}/%{name}-6
%exclude %{_libdir}/%{name}-%{VER}/modules-Q16/coders/djvu.*
@@ -298,7 +303,7 @@ rm -rf %{buildroot}
%defattr(-,root,root,-)
%doc Magick++/AUTHORS Magick++/ChangeLog Magick++/NEWS Magick++/README
%doc www/Magick++/COPYING
-%{_libdir}/libMagick++-6.Q16.so.*
+%{_libdir}/libMagick++-6.Q16.so.3*
%files c++-devel
%defattr(-,root,root,-)
@@ -319,8 +324,12 @@ rm -rf %{buildroot}
%doc PerlMagick/demo/ PerlMagick/Changelog PerlMagick/README.txt
%changelog
-* Sat Mar 29 2014 Pavel Alexeev <Pahan at Hubbitus.info>- 6.8.8.10-2
-- Update to 6.8.8-10 with hope to fix CVE-2014-1958 (bz#1067276, bz#1067277, bz#1067278), CVE-2014-1947, CVE-2014-2030 (bz#1064098)
+* Thu Apr 3 2014 Pavel Alexeev <Pahan at Hubbitus.info> - 6.8.7.0-5
+- Build 6.8.7-0 version because soname bump happened in newer.
+- Concretize soname versioning.
+- Add Patch0: ImageMagick-6.8.7-psd-CVE.patch CVE bug fix backporting:
+ http://www.imagemagick.org/discourse-server/viewtopic.php?f=3&t=25128&sid=ff40ad66b1f845c767aa77c7e32f9f9c&p=109901#p109901
+ for fix CVE-2014-1958 (bz#1067276, bz#1067277, bz#1067278), CVE-2014-1947, CVE-2014-2030 (bz#1064098)
- Enable %%check by Alexander Todorov suggestion - bz#1076671.
- Add %%{?_smp_mflags} into make install and check (not main compilation).
diff --git a/sources b/sources
index e1ca9af..8a1b5fc 100644
--- a/sources
+++ b/sources
@@ -1 +1 @@
-ab9b397c1d4798a9f6ae6cc94aa292fe ImageMagick-6.8.8-10.tar.xz
+65dad501b11f295f0283efca7dae5b2d ImageMagick-6.8.7-0.tar.xz
More information about the scm-commits
mailing list