[GraphicsMagick] 1.3.20, CVE-2014-1947 (#1064098,#1083082)
Rex Dieter
rdieter at fedoraproject.org
Wed Aug 20 12:51:33 UTC 2014
commit 59e8f594d3f54a8c8d1c12b153f42029e2b9a751
Author: Rex Dieter <rdieter at math.unl.edu>
Date: Wed Aug 20 07:51:27 2014 -0500
1.3.20, CVE-2014-1947 (#1064098,#1083082)
.gitignore | 2 +-
GraphicsMagick-1.3.19-fd85f2.patch | 10 ----------
GraphicsMagick-1.3.20-CVE-2014-1947.patch | 25 +++++++++++++++++++++++++
GraphicsMagick.spec | 15 ++++++++-------
sources | 2 +-
5 files changed, 35 insertions(+), 19 deletions(-)
---
diff --git a/.gitignore b/.gitignore
index 179b11a..d9bb688 100644
--- a/.gitignore
+++ b/.gitignore
@@ -1 +1 @@
-/GraphicsMagick-1.3.19.tar.xz
+/GraphicsMagick-1.3.20.tar.xz
diff --git a/GraphicsMagick-1.3.20-CVE-2014-1947.patch b/GraphicsMagick-1.3.20-CVE-2014-1947.patch
new file mode 100644
index 0000000..27b16cd
--- /dev/null
+++ b/GraphicsMagick-1.3.20-CVE-2014-1947.patch
@@ -0,0 +1,25 @@
+diff -up GraphicsMagick-1.3.20/coders/psd.c.CVE-2014-1947 GraphicsMagick-1.3.20/coders/psd.c
+--- GraphicsMagick-1.3.20/coders/psd.c.CVE-2014-1947 2014-08-16 15:33:23.000000000 -0500
++++ GraphicsMagick-1.3.20/coders/psd.c 2014-08-20 07:30:08.767862041 -0500
+@@ -1719,8 +1719,7 @@ static unsigned int WritePSDImage(const
+ i;
+
+ unsigned char
+- *pixels,
+- layer_name[4];
++ *pixels;
+
+ unsigned int
+ packet_size,
+@@ -1944,8 +1943,9 @@ static unsigned int WritePSDImage(const
+ (void) WriteBlob(image, 3, &layer_name[1]);
+ */
+ } else {
+- (void) sprintf((char *) layer_name, "L%02d", layer_count++ );
+- WritePascalString( image, (char*)layer_name, 4 );
++ char layer_name[4];
++ (void) sprintf(layer_name, "L%02d", layer_count++ );
++ WritePascalString( image, layer_name, 4 );
+ }
+ tmp_image = tmp_image->next;
+ };
diff --git a/GraphicsMagick.spec b/GraphicsMagick.spec
index 59b32e1..f6d229a 100644
--- a/GraphicsMagick.spec
+++ b/GraphicsMagick.spec
@@ -32,8 +32,8 @@
Summary: An ImageMagick fork, offering faster image generation and better quality
Name: GraphicsMagick
-Version: 1.3.19
-Release: 9%{?dist}
+Version: 1.3.20
+Release: 1%{?dist}
License: MIT
Group: Applications/Multimedia
@@ -44,12 +44,10 @@ BuildRoot: %(mktemp -ud %{_tmppath}/%{name}-%{version}-%{release}-XXXXXX)
# workaround multilib conflicts with GraphicsMagick-config
Patch1: GraphicsMagick-1.3.16-multilib.patch
-# Upstream patch - drop debug output
-# http://sourceforge.net/p/graphicsmagick/code/ci/fd85f264c97504ae5fd4308fb5347ba7f126beb8/
-Patch2: GraphicsMagick-1.3.19-fd85f2.patch
-
## upstreamable patches
Patch50: GraphicsMagick-1.3.14-perl_linkage.patch
+# https://bugzilla.redhat.com/1064098
+Patch51: GraphicsMagick-1.3.20-CVE-2014-1947.patch
## upstream patches
@@ -159,8 +157,8 @@ however.
%setup -q
%patch1 -p1 -b .multilib
-%patch2 -p1 -b .fd85f2
%patch50 -p1 -b .perl_linkage
+%patch51 -p1 -b .CVE-2014-1947
for f in ChangeLog.{2006,2008,2009,2012} NEWS.txt ; do
iconv -f iso-8859-2 -t utf8 < $f > $f.utf8
@@ -315,6 +313,9 @@ rm -rf %{buildroot}
%changelog
+* Wed Aug 20 2014 Rex Dieter <rdieter at fedoraproject.org> 1.3.20-1
+- 1.3.20, CVE-2014-1947 (#1064098,#1083082)
+
* Fri Aug 15 2014 Fedora Release Engineering <rel-eng at lists.fedoraproject.org> - 1.3.19-9
- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_22_Mass_Rebuild
diff --git a/sources b/sources
index a814bf8..08d7599 100644
--- a/sources
+++ b/sources
@@ -1 +1 @@
-e2795d7bdc2f3917804e40c8cae1993e GraphicsMagick-1.3.19.tar.xz
+5bb456e3466026ada6f12cc53c9776dc GraphicsMagick-1.3.20.tar.xz
More information about the scm-commits
mailing list