diff --git a/CVE-2018-18544.patch b/CVE-2018-18544.patch deleted file mode 100644 index 95edec4ea2a8c5f7b46dcfcf2f2be21928a2a07e..0000000000000000000000000000000000000000 --- a/CVE-2018-18544.patch +++ /dev/null @@ -1,26 +0,0 @@ -From 960de60924208e2fceff6d118c0bcec38dae627b Mon Sep 17 00:00:00 2001 -From: maminjie -Date: Sat, 19 Sep 2020 16:00:58 +0800 -Subject: [PATCH] ProcessMSLScript(): Release msl_image if OpenBlob fails. - (CVE-2018-18544) - -refers to http://hg.code.sf.net/p/graphicsmagick/code/rev/31349424878d ---- - coders/msl.c | 1 + - 1 file changed, 1 insertion(+) - -diff --git a/coders/msl.c b/coders/msl.c -index 5add044..9e99629 100644 ---- a/coders/msl.c -+++ b/coders/msl.c -@@ -4540,6 +4540,7 @@ ProcessMSLScript(const ImageInfo *image_info,Image **image, - status=OpenBlob(image_info,msl_image,ReadBinaryBlobMode,exception); - if (status == False) - { -+ DestroyImage(msl_image); - ThrowException(exception,FileOpenError,UnableToOpenFile, - msl_image->filename); - return(False); --- -2.23.0 - diff --git a/CVE-2019-11005.patch b/CVE-2019-11005.patch deleted file mode 100644 index 10cca6b520609250026ecbe03eae402306d9e1ce..0000000000000000000000000000000000000000 --- a/CVE-2019-11005.patch +++ /dev/null @@ -1,30 +0,0 @@ -SVGStartElement(): Fix stack buffer overflow while parsing quoted font family value. -(CVE-2019-11005) - -refers to http://hg.graphicsmagick.org/hg/GraphicsMagick/rev/b6fb77d7d54d - -diff -r f7610c1281c1 -r b6fb77d7d54d coders/svg.c ---- a/coders/svg.c Fri Apr 05 08:13:14 2019 -0500 -+++ b/coders/svg.c Fri Apr 05 08:43:15 2019 -0500 -@@ -1745,12 +1745,12 @@ - font-family. Maybe we need a generalized solution for - this. - */ -- if ((value[0] == '\'') && (value[strlen(value)-1] == '\'')) -+ int value_length; -+ if ((value[0] == '\'') && ((value_length=(int) strlen(value)) > 2) -+ && (value[value_length-1] == '\'')) - { -- char nvalue[MaxTextExtent]; -- (void) strlcpy(nvalue,value+1,sizeof(nvalue)); -- nvalue[strlen(nvalue)-1]='\0'; -- MVGPrintf(svg_info->file,"font-family '%s'\n",nvalue); -+ MVGPrintf(svg_info->file,"font-family '%.*s'\n", -+ (int)(value_length-2),value+1); - } - else - { - - - - diff --git a/CVE-2019-11006.patch b/CVE-2019-11006.patch deleted file mode 100644 index 20bc2239c712c0991df215d134eb305f310d7616..0000000000000000000000000000000000000000 --- a/CVE-2019-11006.patch +++ /dev/null @@ -1,45 +0,0 @@ -From a404f04f6114057b9b64eab8436a0668f6aa16f7 Mon Sep 17 00:00:00 2001 -From: maminjie -Date: Sat, 19 Sep 2020 15:35:05 +0800 -Subject: [PATCH] ReadMIFFImage(): Detect end of file while reading RLE - packets. (CVE-2019-11006) - -refers to http://hg.graphicsmagick.org/hg/GraphicsMagick/rev/f7610c1281c1 ---- - coders/miff.c | 13 +++++++++++-- - 1 file changed, 11 insertions(+), 2 deletions(-) - -diff --git a/coders/miff.c b/coders/miff.c -index 307b10e..60ad6f7 100644 ---- a/coders/miff.c -+++ b/coders/miff.c -@@ -1706,7 +1706,13 @@ static Image *ReadMIFFImage(const ImageInfo *image_info, - p=pixels; - for (length=0; length < image->columns; ) - { -- p+=ReadBlob(image,packet_size,p); -+ size_t -+ bytes_read; -+ -+ if ((bytes_read=ReadBlob(image,packet_size,p)) != packet_size) -+ ThrowMIFFReaderException(CorruptImageError,UnexpectedEndOfFile, -+ image); -+ p+=bytes_read; - length+=*(p-1)+1; - } - -@@ -1731,7 +1737,10 @@ static Image *ReadMIFFImage(const ImageInfo *image_info, - if (q == (PixelPacket *) NULL) - break; - pixels_p=pixels; -- (void) ReadBlobZC(image,packet_size*image->columns,&pixels_p); -+ if (ReadBlobZC(image,packet_size*image->columns,&pixels_p) -+ != (size_t) packet_size*image->columns) -+ ThrowMIFFReaderException(CorruptImageError,UnexpectedEndOfFile, -+ image); - (void) ImportImagePixelArea(image,quantum_type,quantum_size,(const unsigned char*) pixels_p,0,0); - if (!SyncImagePixels(image)) - break; --- -2.23.0 - diff --git a/CVE-2019-11007.patch b/CVE-2019-11007.patch deleted file mode 100644 index 3b78004b2724acf1b751f15f96d810c607e4b2e5..0000000000000000000000000000000000000000 --- a/CVE-2019-11007.patch +++ /dev/null @@ -1,111 +0,0 @@ ---- a/magick/colormap.c Tue Apr 02 18:38:00 2019 -0500 -+++ b/magick/colormap.c Tue Apr 02 19:44:26 2019 -0500 -@@ -35,11 +35,11 @@ - % AllocateImageColormap() allocates an image colormap and initializes - % it to a linear gray colorspace with increasing intensity. If the image - % already has a colormap, it is replaced. AllocateImageColormap() returns --% True if successful, otherwise False if there is not enough memory. -+% MagickPass if successful, otherwise MagickFail if there is not enough memory. - % - % The format of the AllocateImageColormap method is: - % --% unsigned int AllocateImageColormap(Image *image, -+% MagickPassFail AllocateImageColormap(Image *image, - % const unsigned long colors) - % - % A description of each parameter follows: -@@ -109,7 +109,7 @@ - % - % The format of the CycleColormapImage method is: - % --% CycleColormapImage(Image *image,const int amount) -+% MagickPassFail CycleColormapImage(Image *image,const int amount) - % - % A description of each parameter follows: - % -@@ -250,6 +250,76 @@ - % % - % % - % % -++ R e a l l o c a t e I m a g e C o l o r m a p % -+% % -+% % -+% % -+%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% -+% -+% ReallocateImageColormap() reallocates an image colormap (or allocates it -+% if is not already allocated) and clears any added colormap entries -+% while preserving existing entries. ReallocateImageColormap() returns -+% MagickPass if successful, otherwise MagickFail if there is not enough -+% memory or the number of colormap entries is not supported. -+% -+% The image storage class is not modified by this function. -+% -+% The format of the ReallocateImageColormap method is: -+% -+% MagickPassFail ReallocateImageColormap(Image *image, -+% const unsigned int colors) -+% -+% A description of each parameter follows: -+% -+% o image: The image. -+% -+% o colors: The number of colors in the image colormap. -+% -+% -+*/ -+MagickExport MagickPassFail ReallocateImageColormap(Image *image, -+ const unsigned int colors) -+{ -+ register unsigned int -+ i; -+ -+ unsigned int -+ prev_colors; -+ -+ size_t -+ length; -+ -+ /* -+ Allocate image colormap. -+ */ -+ assert(image != (Image *) NULL); -+ assert(image->signature == MagickSignature); -+ if (colors > MaxColormapSize) -+ return (MagickFail); -+ prev_colors=image->colors; -+ length=MagickArraySize((size_t) colors,sizeof(PixelPacket)); -+ MagickReallocMemory(PixelPacket *,image->colormap,length); -+ if (image->colormap == (PixelPacket *) NULL) -+ { -+ image->colors=0; -+ return(MagickFail); -+ } -+ image->colors=colors; -+ for (i=prev_colors; i < image->colors; i++) -+ { -+ image->colormap[i].red=0; -+ image->colormap[i].green=0; -+ image->colormap[i].blue=0; -+ image->colormap[i].opacity=OpaqueOpacity; -+ } -+ return(MagickPass); -+} -+ -+/* -+%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% -+% % -+% % -+% % - % R e p l a c e I m a g e C o l o r m a p % - % % - % % -@@ -438,7 +508,7 @@ - % - % The format of the SortColormapByIntensity method is: - % --% unsigned int SortColormapByIntensity(Image *image) -+% MagickPassFail SortColormapByIntensity(Image *image) - % - % A description of each parameter follows: - % diff --git a/CVE-2019-11008.patch b/CVE-2019-11008.patch deleted file mode 100644 index 1b4fae5b7d22d06e80e855572b377ce6cff07ce1..0000000000000000000000000000000000000000 --- a/CVE-2019-11008.patch +++ /dev/null @@ -1,488 +0,0 @@ ---- a/coders/xwd.c Fri Apr 05 08:43:15 2019 -0500 -+++ b/coders/xwd.c Sun Apr 07 15:29:54 2019 -0500 -@@ -96,6 +96,102 @@ - - #if defined(HasX11) - #include "magick/xwindow.h" -+ -+static void TraceXWDHeader(const XWDFileHeader *header) -+{ -+ (void) LogMagickEvent(CoderEvent,GetMagickModule(), -+ "XWDFileHeader:\n" -+ " header_size : %u\n" -+ " file_version : %u\n" -+ " pixmap_format : %s\n" -+ " pixmap_depth : %u\n" -+ " pixmap_width : %u\n" -+ " pixmap_height : %u\n" -+ " xoffset : %u\n" -+ " byte_order : %s\n" -+ " bitmap_unit : %u\n" -+ " bitmap_bit_order : %s\n" -+ " bitmap_pad : %u\n" -+ " bits_per_pixel : %u\n" -+ " bytes_per_line : %u\n" -+ " visual_class : %s\n" -+ " red_mask : 0x%06X\n" -+ " green_mask : 0x%06X\n" -+ " blue_mask : 0x%06X\n" -+ " bits_per_rgb : %u\n" -+ " colormap_entries : %u\n" -+ " ncolors : %u\n" -+ " window_width : %u\n" -+ " window_height : %u\n" -+ " window_x : %u\n" -+ " window_y : %u\n" -+ " window_bdrwidth : %u", -+ (unsigned int) header->header_size, -+ (unsigned int) header->file_version, -+ /* (unsigned int) header->pixmap_format, */ -+ (header->pixmap_format == XYBitmap ? "XYBitmap" : -+ (header->pixmap_format == XYPixmap ? "XYPixmap" : -+ (header->pixmap_format == ZPixmap ? "ZPixmap" : "?"))), -+ (unsigned int) header->pixmap_depth, -+ (unsigned int) header->pixmap_width, -+ (unsigned int) header->pixmap_height, -+ (unsigned int) header->xoffset, -+ (header->byte_order == MSBFirst? "MSBFirst" : -+ (header->byte_order == LSBFirst ? "LSBFirst" : "?")), -+ (unsigned int) header->bitmap_unit, -+ (header->bitmap_bit_order == MSBFirst? "MSBFirst" : -+ (header->bitmap_bit_order == LSBFirst ? "LSBFirst" : -+ "?")), -+ (unsigned int) header->bitmap_pad, -+ (unsigned int) header->bits_per_pixel, -+ (unsigned int) header->bytes_per_line, -+ (header->visual_class == StaticGray ? "StaticGray" : -+ (header->visual_class == GrayScale ? "GrayScale" : -+ (header->visual_class == StaticColor ? "StaticColor" : -+ (header->visual_class == PseudoColor ? "PseudoColor" : -+ (header->visual_class == TrueColor ? "TrueColor" : -+ (header->visual_class == DirectColor ? -+ "DirectColor" : "?")))))), -+ (unsigned int) header->red_mask, -+ (unsigned int) header->green_mask, -+ (unsigned int) header->blue_mask, -+ (unsigned int) header->bits_per_rgb, -+ (unsigned int) header->colormap_entries, -+ (unsigned int) header->ncolors, -+ (unsigned int) header->window_width, -+ (unsigned int) header->window_height, -+ (unsigned int) header->window_x, -+ (unsigned int) header->window_y, -+ (unsigned int) header->window_bdrwidth -+ ); -+} -+ -+/* -+ Compute required allocation sizes -+ -+ FIXME: This is still a work in progress. -+ -+ BitmapUnit (pixmap_depth) is the size of each data unit in each -+ scan line. This value may be 8, 16, or 32. -+ -+ BitmapPad (bitmap_pad) is the number of bits of padding added to -+ each scan line. This value may be 8, 16, or 32. -+*/ -+static MagickPassFail BytesPerLine(size_t *bytes_per_line, -+ size_t *scanline_bits, -+ const size_t pixmap_width, -+ const size_t pixmap_depth, -+ const size_t bitmap_pad) -+{ -+ *bytes_per_line=0; -+ *scanline_bits=MagickArraySize(pixmap_width,pixmap_depth); -+ if ((*scanline_bits > 0) && (((~(size_t)0) - *scanline_bits > (bitmap_pad)-1))) -+ *bytes_per_line=((((*scanline_bits)+((bitmap_pad)-1))/ -+ (bitmap_pad))*((bitmap_pad) >> 3)); -+ -+ return (*bytes_per_line !=0 && *scanline_bits != 0) ? MagickPass : MagickFail; -+} -+ - /* - %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% - % % -@@ -211,71 +307,11 @@ - if (*(char *) &lsb_first) - MSBOrderLong((unsigned char *) &header,sz_XWDheader); - -- (void) LogMagickEvent(CoderEvent,GetMagickModule(), -- "XWDFileHeader:\n" -- " header_size : %u\n" -- " file_version : %u\n" -- " pixmap_format : %s\n" -- " pixmap_depth : %u\n" -- " pixmap_width : %u\n" -- " pixmap_height : %u\n" -- " xoffset : %u\n" -- " byte_order : %s\n" -- " bitmap_unit : %u\n" -- " bitmap_bit_order : %s\n" -- " bitmap_pad : %u\n" -- " bits_per_pixel : %u\n" -- " bytes_per_line : %u\n" -- " visual_class : %s\n" -- " red_mask : 0x%06X\n" -- " green_mask : 0x%06X\n" -- " blue_mask : 0x%06X\n" -- " bits_per_rgb : %u\n" -- " colormap_entries : %u\n" -- " ncolors : %u\n" -- " window_width : %u\n" -- " window_height : %u\n" -- " window_x : %u\n" -- " window_y : %u\n" -- " window_bdrwidth : %u", -- (unsigned int) header.header_size, -- (unsigned int) header.file_version, -- /* (unsigned int) header.pixmap_format, */ -- (header.pixmap_format == XYBitmap ? "XYBitmap" : -- (header.pixmap_format == XYPixmap ? "XYPixmap" : -- (header.pixmap_format == ZPixmap ? "ZPixmap" : "?"))), -- (unsigned int) header.pixmap_depth, -- (unsigned int) header.pixmap_width, -- (unsigned int) header.pixmap_height, -- (unsigned int) header.xoffset, -- (header.byte_order == MSBFirst? "MSBFirst" : -- (header.byte_order == LSBFirst ? "LSBFirst" : "?")), -- (unsigned int) header.bitmap_unit, -- (header.bitmap_bit_order == MSBFirst? "MSBFirst" : -- (header.bitmap_bit_order == LSBFirst ? "LSBFirst" : -- "?")), -- (unsigned int) header.bitmap_pad, -- (unsigned int) header.bits_per_pixel, -- (unsigned int) header.bytes_per_line, -- (header.visual_class == StaticGray ? "StaticGray" : -- (header.visual_class == GrayScale ? "GrayScale" : -- (header.visual_class == StaticColor ? "StaticColor" : -- (header.visual_class == PseudoColor ? "PseudoColor" : -- (header.visual_class == TrueColor ? "TrueColor" : -- (header.visual_class == DirectColor ? -- "DirectColor" : "?")))))), -- (unsigned int) header.red_mask, -- (unsigned int) header.green_mask, -- (unsigned int) header.blue_mask, -- (unsigned int) header.bits_per_rgb, -- (unsigned int) header.colormap_entries, -- (unsigned int) header.ncolors, -- (unsigned int) header.window_width, -- (unsigned int) header.window_height, -- (unsigned int) header.window_x, -- (unsigned int) header.window_y, -- (unsigned int) header.window_bdrwidth -- ); -+ /* -+ Trace XWD header -+ */ -+ if (image->logging) -+ TraceXWDHeader(&header); - - /* - Check to see if the dump file is in the proper format. -@@ -283,7 +319,8 @@ - if (header.file_version != XWD_FILE_VERSION) - ThrowXWDReaderException(CorruptImageError,InvalidFileFormatVersion,image); - if (header.header_size < sz_XWDheader) -- ThrowXWDReaderException(CorruptImageError,CorruptImage,image); -+ ThrowXWDReaderException(CorruptImageError,ImproperImageHeader,image); -+ - switch (header.visual_class) - { - case StaticGray: -@@ -295,7 +332,7 @@ - break; - default: - { -- ThrowXWDReaderException(CorruptImageError,CorruptImage,image); -+ ThrowXWDReaderException(CorruptImageError,ImproperImageHeader,image); - } - } - switch (header.pixmap_format) -@@ -306,10 +343,36 @@ - break; - default: - { -- ThrowXWDReaderException(CorruptImageError,CorruptImage,image); -+ ThrowXWDReaderException(CorruptImageError,ImproperImageHeader,image); - } - } - -+ if ((header.bits_per_pixel == 0) || (header.bits_per_pixel > 32)) -+ ThrowXWDReaderException(CorruptImageError,ImproperImageHeader,image); -+ if ((header.bitmap_pad % 8 != 0) || (header.bitmap_pad > 32)) -+ ThrowXWDReaderException(CorruptImageError,ImproperImageHeader,image); -+ -+ { -+ size_t -+ bytes_per_line=0, -+ scanline_bits; -+ -+ if (BytesPerLine(&bytes_per_line,&scanline_bits, -+ header.pixmap_width,header.pixmap_depth,header.bitmap_pad) -+ == MagickFail) -+ ThrowReaderException(CoderError,ArithmeticOverflow,image); -+ -+ if (header.bytes_per_line < bytes_per_line) -+ { -+ (void) LogMagickEvent(CoderEvent,GetMagickModule(), -+ "Header bytes_per_line = %" MAGICK_SIZE_T_F "u," -+ " expected %" MAGICK_SIZE_T_F "u", -+ (MAGICK_SIZE_T) header.bytes_per_line, -+ (MAGICK_SIZE_T) bytes_per_line); -+ ThrowXWDReaderException(CorruptImageError,ImproperImageHeader,image); -+ } -+ } -+ - /* - Retrieve comment (if any) - */ -@@ -366,6 +429,7 @@ - /* Guard against buffer overflow in libX11. */ - if (ximage->bits_per_pixel > 32 || ximage->bitmap_unit > 32) - ThrowXWDReaderException(CorruptImageError,ImproperImageHeader,image); -+ - status=XInitImage(ximage); - if (status == False) - ThrowXWDReaderException(CorruptImageError,UnrecognizedXWDHeader,image); -@@ -456,6 +520,22 @@ - ThrowXWDReaderException(ResourceLimitError,MemoryAllocationFailed, - image); - } -+ { -+ -+ magick_off_t -+ file_size; -+ -+ file_size=GetBlobSize(image); -+ -+ (void) LogMagickEvent(CoderEvent,GetMagickModule(), -+ "File size %" MAGICK_OFF_F "d," -+ "Pixels allocation size %" MAGICK_SIZE_T_F "u", -+ file_size, (MAGICK_SIZE_T) length); -+ -+ if ((file_size != 0) && ((size_t) file_size < length)) -+ ThrowXWDReaderException(CorruptImageError,UnexpectedEndOfFile,image); -+ } -+ - ximage->data=MagickAllocateMemory(char *,length); - if (ximage->data == (char *) NULL) - ThrowXWDReaderException(ResourceLimitError,MemoryAllocationFailed,image); -@@ -725,16 +805,16 @@ - */ - static unsigned int WriteXWDImage(const ImageInfo *image_info,Image *image) - { -- long -+ unsigned long - y; - - register const PixelPacket - *p; - -- register long -+ register unsigned long - x; - -- register long -+ register unsigned int - i; - - register unsigned char -@@ -743,17 +823,22 @@ - unsigned char - *pixels; - -+ unsigned int -+ bits_per_pixel; -+ - size_t -- pixels_size; -+ bytes_per_line=0, -+ scanline_bits, -+ scanline_pad=0; - - unsigned int -+ bitmap_pad; -+ -+ MagickPassFail - status; - - unsigned long -- bits_per_pixel, -- bytes_per_line, -- lsb_first, -- scanline_pad; -+ lsb_first; - - XWDFileHeader - xwd_info; -@@ -766,7 +851,7 @@ - assert(image != (Image *) NULL); - assert(image->signature == MagickSignature); - status=OpenBlob(image_info,image,WriteBinaryBlobMode,&image->exception); -- if (status == False) -+ if (status == MagickFail) - ThrowWriterException(FileOpenError,UnableToOpenFile,image); - (void) TransformColorspace(image,RGBColorspace); - /* -@@ -774,6 +859,40 @@ - */ - if ((image->storage_class == PseudoClass) && (image->colors > 256)) - SetImageType(image,TrueColorType); -+ -+ /* -+ Compute required allocation sizes -+ -+ BitmapUnit is the size of each data unit in each scan line. This -+ value may be 8, 16, or 32. -+ -+ BitmapPad is the number of bits of padding added to each scan -+ line. This value may be 8, 16, or 32. -+ */ -+ bits_per_pixel=(image->storage_class == DirectClass ? 24 : 8); -+ bitmap_pad=(image->storage_class == DirectClass ? 32 : 8); -+ -+ if (BytesPerLine(&bytes_per_line,&scanline_bits,image->columns, -+ bits_per_pixel,bitmap_pad) != MagickFail) -+ scanline_pad=(bytes_per_line-(scanline_bits >> 3)); -+ -+ if (image->logging) -+ (void) LogMagickEvent(CoderEvent,GetMagickModule(), -+ " image->columns=%lu," -+ " bits_per_pixel=%u," -+ " bytes_per_line=%" MAGICK_SIZE_T_F "u," -+ " bitmap_pad=%u", -+ image->columns, -+ bits_per_pixel, -+ (MAGICK_SIZE_T) bytes_per_line, -+ bitmap_pad); -+ if ((scanline_bits == 0) || (bytes_per_line < (scanline_bits >> 3))) -+ ThrowWriterException(CoderError,ArithmeticOverflow,image); -+ -+ if (((bytes_per_line & 0x7fffffff) != bytes_per_line) || -+ ((image->rows & 0x7fffffff) != image->rows)) -+ ThrowWriterException(CoderError,ImageColumnOrRowSizeIsNotSupported,image); -+ - /* - Initialize XWD file header. - */ -@@ -788,19 +907,14 @@ - xwd_info.byte_order=(CARD32) MSBFirst; - xwd_info.bitmap_unit=(CARD32) (image->storage_class == DirectClass ? 32 : 8); - xwd_info.bitmap_bit_order=(CARD32) MSBFirst; -- xwd_info.bitmap_pad=(CARD32) (image->storage_class == DirectClass ? 32 : 8); -- bits_per_pixel=(image->storage_class == DirectClass ? 24 : 8); -+ xwd_info.bitmap_pad=(CARD32) bitmap_pad; - xwd_info.bits_per_pixel=(CARD32) bits_per_pixel; -- bytes_per_line=(CARD32) ((((xwd_info.bits_per_pixel* -- xwd_info.pixmap_width)+((xwd_info.bitmap_pad)-1))/ -- (xwd_info.bitmap_pad))*((xwd_info.bitmap_pad) >> 3)); - xwd_info.bytes_per_line=(CARD32) bytes_per_line; - xwd_info.visual_class=(CARD32) - (image->storage_class == DirectClass ? DirectColor : PseudoColor); - xwd_info.red_mask=(CARD32) - (image->storage_class == DirectClass ? 0xff0000 : 0); -- xwd_info.green_mask=(CARD32) -- (image->storage_class == DirectClass ? 0xff00 : 0); -+ xwd_info.green_mask=(CARD32)(image->storage_class == DirectClass ? 0xff00 : 0); - xwd_info.blue_mask=(CARD32) (image->storage_class == DirectClass ? 0xff : 0); - xwd_info.bits_per_rgb=(CARD32) (image->storage_class == DirectClass ? 24 : 8); - xwd_info.colormap_entries=(CARD32) -@@ -812,6 +926,20 @@ - xwd_info.window_x=0; - xwd_info.window_y=0; - xwd_info.window_bdrwidth=(CARD32) 0; -+ -+ /* -+ Trace XWD header -+ */ -+ if (image->logging) -+ TraceXWDHeader(&xwd_info); -+ -+ /* -+ Allocate memory for pixels. -+ */ -+ pixels=MagickAllocateMemory(unsigned char *,bytes_per_line); -+ if (pixels == (unsigned char *) NULL) -+ ThrowWriterException(ResourceLimitError,MemoryAllocationFailed,image); -+ - /* - Write XWD header. - */ -@@ -835,7 +963,7 @@ - colors=MagickAllocateArray(XColor *,image->colors,sizeof(XColor)); - if (colors == (XColor *) NULL) - ThrowWriterException(ResourceLimitError,MemoryAllocationFailed,image); -- for (i=0; i < (long) image->colors; i++) -+ for (i=0; i < image->colors; i++) - { - colors[i].pixel=i; - colors[i].red=ScaleQuantumToShort(image->colormap[i].red); -@@ -849,30 +977,22 @@ - MSBOrderShort((unsigned char *) &colors[i].red,3*sizeof(short)); - } - } -- for (i=0; i < (long) image->colors; i++) -+ for (i=0; i < image->colors; i++) - { - color.pixel=(CARD32) colors[i].pixel; - color.red=colors[i].red; - color.green=colors[i].green; - color.blue=colors[i].blue; - color.flags=colors[i].flags; -- (void) WriteBlob(image,sz_XWDColor,(char *) &color); -+ if (WriteBlob(image,sz_XWDColor,(char *) &color) != sz_XWDColor) -+ break; - } - MagickFreeMemory(colors); - } - /* -- Allocate memory for pixels. -- */ -- scanline_pad=(bytes_per_line-((image->columns*bits_per_pixel) >> 3)); -- pixels_size=image->columns*(image->storage_class == PseudoClass ? 1 : 3)+scanline_pad; -- pixels=MagickAllocateMemory(unsigned char *,pixels_size); -- if (pixels == (unsigned char *) NULL) -- ThrowWriterException(ResourceLimitError,MemoryAllocationFailed,image); -- (void) memset(pixels,0,pixels_size); -- /* - Convert MIFF to XWD raster pixels. - */ -- for (y=0; y < (long) image->rows; y++) -+ for (y=0; y < image->rows; y++) - { - p=AcquireImagePixels(image,0,y,image->columns,1,&image->exception); - if (p == (const PixelPacket *) NULL) -@@ -885,12 +1005,12 @@ - *indexes; - - indexes=AccessImmutableIndexes(image); -- for (x=0; x < (long) image->columns; x++) -+ for (x=0; x < image->columns; x++) - *q++=(unsigned char) indexes[x]; - } - else - { -- for (x=(long) image->columns; x > 0; x--) -+ for (x=0; x < image->columns; x++) - { - - *q++=ScaleQuantumToChar(p->red); -@@ -901,7 +1021,8 @@ - } - for (x=(long) scanline_pad; x > 0; x--) - *q++=0; -- (void) WriteBlob(image,(size_t) (q-pixels),(char *) pixels); -+ if (WriteBlob(image,(size_t) (q-pixels),(char *) pixels) != (size_t) (q-pixels)) -+ break; - if (image->previous == (Image *) NULL) - if (QuantumTick(y,image->rows)) - if (!MagickMonitorFormatted(y,image->rows,&image->exception, -@@ -911,6 +1032,6 @@ - } - MagickFreeMemory(pixels); - CloseBlob(image); -- return(True); -+ return (y < image->rows ? MagickFail : MagickPass); - } - #endif diff --git a/CVE-2019-11009.patch b/CVE-2019-11009.patch deleted file mode 100644 index b3b41b4f58ba365f584dfe821c64a89cbd7dc362..0000000000000000000000000000000000000000 --- a/CVE-2019-11009.patch +++ /dev/null @@ -1,37 +0,0 @@ ---- a/coders/xwd.c Tue Apr 02 19:44:48 2019 -0500 -+++ b/coders/xwd.c Wed Apr 03 19:42:39 2019 -0500 -@@ -390,8 +390,8 @@ - else - { - image->storage_class=PseudoClass; -+ image->colors=header.ncolors; - } -- image->colors=header.ncolors; - if (!image_info->ping) - { - /* -@@ -507,7 +507,7 @@ - /* - Convert X image to DirectClass packets. - */ -- if (image->colors != 0) -+ if (header.ncolors != 0) - { - for (y=0; y < (long) image->rows; y++) - { -@@ -519,12 +519,15 @@ - pixel=XGetPixel(ximage,(int) x,(int) y); - index_val=(unsigned short) - ((pixel >> red_shift) & red_mask); -+ VerifyColormapIndexWithColors(image,index_val,header.ncolors); - q->red=ScaleShortToQuantum(colors[index_val].red); - index_val=(unsigned short) - ((pixel >> green_shift) & green_mask); -+ VerifyColormapIndexWithColors(image,index_val,header.ncolors); - q->green=ScaleShortToQuantum(colors[index_val].green); - index_val=(unsigned short) - ((pixel >> blue_shift) & blue_mask); -+ VerifyColormapIndexWithColors(image,index_val,header.ncolors); - q->blue=ScaleShortToQuantum(colors[index_val].blue); - q++; - } diff --git a/CVE-2019-11010.patch b/CVE-2019-11010.patch deleted file mode 100644 index b1b46bae737954f5f6b3b7627729177d42af305d..0000000000000000000000000000000000000000 --- a/CVE-2019-11010.patch +++ /dev/null @@ -1,110 +0,0 @@ -From 38b2e7d3f5a027058a92a48c440b1cf47f2d8af5 Mon Sep 17 00:00:00 2001 -From: maminjie -Date: Sat, 19 Sep 2020 17:41:12 +0800 -Subject: [PATCH] ReadMPCImage(): Deal with a profile length of zero, or an - irrationally large profile length. (CVE-2019-11010) - -refers to http://hg.graphicsmagick.org/hg/GraphicsMagick/rev/a348d9661019 ---- - coders/miff.c | 36 ++++++++++++++++++++++++++++-------- - coders/mpc.c | 37 ++++++++++++++++++++++++++++--------- - 2 files changed, 56 insertions(+), 17 deletions(-) - -diff --git a/coders/miff.c b/coders/miff.c -index 60ad6f7..00813c4 100644 ---- a/coders/miff.c -+++ b/coders/miff.c -@@ -1368,14 +1368,34 @@ static Image *ReadMIFFImage(const ImageInfo *image_info, - { - for (i=0; i < (long) number_of_profiles; i++) - { -- if (profiles[i].length == 0) -- continue; -- profiles[i].info=MagickAllocateMemory(unsigned char *,profiles[i].length); -- if (profiles[i].info == (unsigned char *) NULL) -- ThrowMIFFReaderException(CorruptImageError,UnableToReadGenericProfile, -- image); -- (void) ReadBlob(image,profiles[i].length,profiles[i].info); -- (void) SetImageProfile(image,profiles[i].name,profiles[i].info,profiles[i].length); -+ if (profiles[i].length > 0) -+ { -+ if ((profiles[i].length - ((magick_off_t) profiles[i].length) == 0) && -+ ((BlobIsSeekable(image) -+ && (GetBlobSize(image) - TellBlob(image)) > -+ (magick_off_t) profiles[i].length) || -+ (profiles[i].length < 15*1024*1024))) -+ { -+ profiles[i].info=MagickAllocateMemory(unsigned char *,profiles[i].length); -+ if (profiles[i].info == (unsigned char *) NULL) -+ ThrowMIFFReaderException(CorruptImageError,UnableToReadGenericProfile, -+ image); -+ if (ReadBlob(image,profiles[i].length,profiles[i].info) -+ != profiles[i].length) -+ ThrowMIFFReaderException(CorruptImageError, -+ UnexpectedEndOfFile, -+ image); -+ (void) SetImageProfile(image,profiles[i].name,profiles[i].info,profiles[i].length); -+ } -+ else -+ { -+ (void) LogMagickEvent(CoderEvent,GetMagickModule(), -+ "Profile size %" MAGICK_SIZE_T_F "u is excessively large", -+ (MAGICK_SIZE_T ) profiles[i].length); -+ ThrowMIFFReaderException(CorruptImageError,ImproperImageHeader, -+ image); -+ } -+ } - MagickFreeMemory(profiles[i].name); - MagickFreeMemory(profiles[i].info); - } -diff --git a/coders/mpc.c b/coders/mpc.c -index 3459f92..e184fd1 100644 ---- a/coders/mpc.c -+++ b/coders/mpc.c -@@ -772,15 +772,34 @@ static Image *ReadMPCImage(const ImageInfo *image_info,ExceptionInfo *exception) - { - for (i=0; i < (long) number_of_profiles; i++) - { -- if (profiles[i].length == 0) -- continue; -- profiles[i].info=MagickAllocateMemory(unsigned char *,profiles[i].length); -- if (profiles[i].info == (unsigned char *) NULL) -- ThrowMPCReaderException(CorruptImageError,UnableToReadGenericProfile, -- image); -- (void) ReadBlob(image,profiles[i].length,profiles[i].info); -- (void) SetImageProfile(image,profiles[i].name,profiles[i].info, -- profiles[i].length); -+ if (profiles[i].length > 0) -+ { -+ if ((profiles[i].length - ((magick_off_t) profiles[i].length) == 0) && -+ ((BlobIsSeekable(image) -+ && (GetBlobSize(image) - TellBlob(image)) > -+ (magick_off_t) profiles[i].length) || -+ (profiles[i].length < 15*1024*1024))) -+ { -+ profiles[i].info=MagickAllocateMemory(unsigned char *,profiles[i].length); -+ if (profiles[i].info == (unsigned char *) NULL) -+ ThrowMPCReaderException(CorruptImageError,UnableToReadGenericProfile, -+ image); -+ if (ReadBlob(image,profiles[i].length,profiles[i].info) -+ != profiles[i].length) -+ ThrowMPCReaderException(CorruptImageError, -+ UnexpectedEndOfFile, -+ image); -+ (void) SetImageProfile(image,profiles[i].name,profiles[i].info,profiles[i].length); -+ } -+ else -+ { -+ (void) LogMagickEvent(CoderEvent,GetMagickModule(), -+ "Profile size %" MAGICK_SIZE_T_F "u is excessively large", -+ (MAGICK_SIZE_T ) profiles[i].length); -+ ThrowMPCReaderException(CorruptImageError,ImproperImageHeader, -+ image); -+ } -+ } - MagickFreeMemory(profiles[i].name); - MagickFreeMemory(profiles[i].info); - } --- -2.23.0 - diff --git a/CVE-2019-11473-CVE-2019-11474.patch b/CVE-2019-11473-CVE-2019-11474.patch deleted file mode 100644 index 15d294f47ab803a156317df0b0f3e52cbba6c359..0000000000000000000000000000000000000000 --- a/CVE-2019-11473-CVE-2019-11474.patch +++ /dev/null @@ -1,333 +0,0 @@ -From 3c23dfbe1c4c3446fc0c6ab5095e6f9c488ec34f Mon Sep 17 00:00:00 2001 -From: caodongxia <315816521@qq.com> -Date: Mon, 7 Dec 2020 18:22:24 +0800 -Subject: [PATCH] create patch - - -diff --git a/ChangeLog b/ChangeLog -index 4284834..a89c828 100644 ---- a/ChangeLog -+++ b/ChangeLog -@@ -1,3 +1,12 @@ -+2019-04-17 Bob Friesenhahn -+ * coders/xwd.c (ReadXWDImage): Added even more XWD header -+ validation logic. Addresses problems noted by email from Hongxu -+ Chen to the graphicsmagick-security mail alias on Wed, 17 Apr 2019 -+ and entitled "Multiple crashes (FPE and invalid read) when -+ processing XWD files". Also addresses additional issues noted -+ that an attacker could request to allocate an arbitrary amount of -+ memory based on ncolors and the claimed header size. -+ - 2018-06-23 Bob Friesenhahn - - * version.sh: Update library versioning for 1.3.30 release. -diff --git a/coders/xwd.c b/coders/xwd.c -index 9f9b850..caff995 100644 ---- a/coders/xwd.c -+++ b/coders/xwd.c -@@ -225,7 +225,6 @@ static MagickPassFail BytesPerLine(size_t *bytes_per_line, - */ - #define ThrowXWDReaderException(code_,reason_,image_) \ - do { \ -- MagickFreeMemory(comment); \ - if (ximage) \ - MagickFreeMemory(ximage->data); \ - MagickFreeMemory(ximage); \ -@@ -236,8 +235,7 @@ do { \ - static Image *ReadXWDImage(const ImageInfo *image_info,ExceptionInfo *exception) - { - char -- *comment = (char *) NULL; -- -+ comment[MaxTextExtent]; - Image - *image; - -@@ -320,7 +318,7 @@ static Image *ReadXWDImage(const ImageInfo *image_info,ExceptionInfo *exception) - ThrowXWDReaderException(CorruptImageError,InvalidFileFormatVersion,image); - if (header.header_size < sz_XWDheader) - ThrowXWDReaderException(CorruptImageError,ImproperImageHeader,image); -- -+ /* Display classes used in opening the connection */ - switch (header.visual_class) - { - case StaticGray: -@@ -335,11 +333,18 @@ static Image *ReadXWDImage(const ImageInfo *image_info,ExceptionInfo *exception) - ThrowXWDReaderException(CorruptImageError,ImproperImageHeader,image); - } - } -+ -+ /* XYBitmap, XYPixmap, ZPixmap */ - switch (header.pixmap_format) - { -- case XYBitmap: -- case XYPixmap: -- case ZPixmap: -+ case XYBitmap: /* 1 bit bitmap format */ -+ if (header.pixmap_depth != 1) -+ ThrowXWDReaderException(CorruptImageError,ImproperImageHeader,image); -+ break; -+ case XYPixmap: /* Single plane bitmap. */ -+ case ZPixmap: /* Bitmap with 2 or more planes */ -+ if ((header.pixmap_depth < 1) || (header.pixmap_depth > 32)) -+ ThrowXWDReaderException(CorruptImageError,ImproperImageHeader,image); - break; - default: - { -@@ -347,8 +352,80 @@ static Image *ReadXWDImage(const ImageInfo *image_info,ExceptionInfo *exception) - } - } - -- if ((header.bits_per_pixel == 0) || (header.bits_per_pixel > 32)) -+ /* Data byte order, LSBFirst, MSBFirst */ -+ switch (header.byte_order) -+ { -+ case LSBFirst: -+ case MSBFirst: -+ break; -+ default: -+ { -+ ThrowXWDReaderException(CorruptImageError,ImproperImageHeader,image); -+ } -+ } -+ /* Quant. of scanline 8, 16, 32 */ -+ switch (header.bitmap_unit) -+ { -+ case 8: -+ case 16: -+ case 32: -+ break; -+ default: -+ { -+ ThrowXWDReaderException(CorruptImageError,ImproperImageHeader,image); -+ } -+ } -+ /* LSBFirst, MSBFirst */ -+ switch (header.bitmap_bit_order) -+ { -+ case LSBFirst: -+ case MSBFirst: -+ break; -+ default: -+ { -+ ThrowXWDReaderException(CorruptImageError,ImproperImageHeader,image); -+ } -+ } -+ /* 8, 16, 32 either XY or ZPixmap */ -+ if ((header.pixmap_format == XYPixmap) || (header.pixmap_format == ZPixmap)) -+ switch (header.bitmap_pad) -+ { -+ case 8: -+ case 16: -+ case 32: -+ break; -+ default: -+ { -+ ThrowXWDReaderException(CorruptImageError,ImproperImageHeader,image); -+ } -+ } -+ /* Bits per pixel (ZPixmap) */ -+ switch (header.visual_class) -+ { -+ case StaticGray: -+ case GrayScale: -+ /* Gray-scale image */ -+ if (header.bits_per_pixel != 1) -+ ThrowXWDReaderException(CorruptImageError,ImproperImageHeader,image); -+ break; -+ case StaticColor: -+ case PseudoColor: -+ /* Color-mapped image */ -+ if ((header.bits_per_pixel < 1) || (header.bits_per_pixel > 15) || (header.ncolors == 0)) -+ ThrowXWDReaderException(CorruptImageError,ImproperImageHeader,image); -+ break; -+ case TrueColor: -+ case DirectColor: -+ /* True-color image */ -+ if ((header.bits_per_pixel != 16) && (header.bits_per_pixel != 24) && (header.bits_per_pixel != 32)) -+ ThrowXWDReaderException(CorruptImageError,ImproperImageHeader,image); -+ break; -+ } -+ /* Place an arbitrary limit on colormap size */ -+ if (header.ncolors > 4096) - ThrowXWDReaderException(CorruptImageError,ImproperImageHeader,image); -+ -+ /* 8, 16, 32 either XY or ZPixmap */ - if ((header.bitmap_pad % 8 != 0) || (header.bitmap_pad > 32)) - ThrowXWDReaderException(CorruptImageError,ImproperImageHeader,image); - -@@ -377,18 +454,14 @@ static Image *ReadXWDImage(const ImageInfo *image_info,ExceptionInfo *exception) - Retrieve comment (if any) - */ - length=header.header_size-sz_XWDheader; -- if (length > ((~0UL)/sizeof(*comment))) -+ if (length >= MaxTextExtent) - ThrowXWDReaderException(CorruptImageError,ImproperImageHeader,image); -- comment=MagickAllocateMemory(char *,length+1); -- if (comment == (char *) NULL) -- ThrowXWDReaderException(ResourceLimitError,MemoryAllocationFailed,image); - count=ReadBlob(image,length,comment); - if (count != length) - ThrowXWDReaderException(CorruptImageError,UnableToReadWindowNameFromDumpFile, - image); - comment[length]='\0'; - (void) SetImageAttribute(image,"comment",comment); -- MagickFreeMemory(comment); - - /* - Initialize the X image. -@@ -417,6 +490,7 @@ static Image *ReadXWDImage(const ImageInfo *image_info,ExceptionInfo *exception) - */ - if (ximage->width < 0 || - ximage->height < 0 || -+ ximage->xoffset < 0 || - ximage->format < 0 || - ximage->byte_order < 0 || - ximage->bitmap_unit < 0 || -@@ -439,10 +513,14 @@ static Image *ReadXWDImage(const ImageInfo *image_info,ExceptionInfo *exception) - if (CheckImagePixelLimits(image, exception) != MagickPass) - ThrowXWDReaderException(ResourceLimitError,ImagePixelLimitExceeded,image); - image->depth=8; -- if ((header.ncolors == 0U) || -- ((ximage->red_mask != 0) || -- (ximage->green_mask != 0) || -- (ximage->blue_mask != 0))) -+ /* -+ FIXME: This block of logic should be re-worked. -+ */ -+ if ((header.visual_class != StaticGray) && -+ ((header.ncolors == 0U) || -+ ((ximage->red_mask != 0) || -+ (ximage->green_mask != 0) || -+ (ximage->blue_mask != 0)))) - { - image->storage_class=DirectClass; - if (!image_info->ping) -@@ -454,7 +532,7 @@ static Image *ReadXWDImage(const ImageInfo *image_info,ExceptionInfo *exception) - else - { - image->storage_class=PseudoClass; -- image->colors=header.ncolors; -+ image->colors=header.visual_class == StaticGray ? 2 : header.ncolors; /* FIXME! */ - } - if (!image_info->ping) - { -@@ -467,17 +545,13 @@ static Image *ReadXWDImage(const ImageInfo *image_info,ExceptionInfo *exception) - XWDColor - color; - -- register long -+ register unsigned int - i; -- -- length=(size_t) header.ncolors; -- if (length > ((~0UL)/sizeof(*colors))) -- ThrowXWDReaderException(CorruptImageError,ImproperImageHeader,image); -- colors=MagickAllocateArray(XColor *,length,sizeof(XColor)); -+ colors=MagickAllocateArray(XColor *,header.ncolors,sizeof(XColor)); - if (colors == (XColor *) NULL) - ThrowXWDReaderException(ResourceLimitError,MemoryAllocationFailed, - image); -- for (i=0; i < (long) header.ncolors; i++) -+ for (i=0; i < header.ncolors; i++) - { - count=ReadBlob(image,sz_XWDColor,(char *) &color); - if (count != sz_XWDColor) -@@ -494,7 +568,7 @@ static Image *ReadXWDImage(const ImageInfo *image_info,ExceptionInfo *exception) - */ - lsb_first=1; - if (*(char *) &lsb_first) -- for (i=0; i < (long) header.ncolors; i++) -+ for (i=0; i < header.ncolors; i++) - { - MSBOrderLong((unsigned char *) &colors[i].pixel, - sizeof(unsigned long)); -@@ -508,15 +582,14 @@ static Image *ReadXWDImage(const ImageInfo *image_info,ExceptionInfo *exception) - /* - Allocate the pixel buffer. - */ --#define XWD_OVERFLOW(c,a,b) ((b) != 0 && ((c)/((size_t) b) != ((size_t) a))) -+ length=MagickArraySize(ximage->bytes_per_line,ximage->height); - length=ximage->bytes_per_line*ximage->height; -- if (XWD_OVERFLOW(length,ximage->bytes_per_line,ximage->height)) -+ if (0 == length) - ThrowXWDReaderException(ResourceLimitError,MemoryAllocationFailed,image); - if (ximage->format != ZPixmap) - { -- size_t tmp=length; -- length*=ximage->depth; -- if (XWD_OVERFLOW(length,tmp,ximage->depth)) -+ length=MagickArraySize(length,ximage->depth); -+ if (0 == length) - ThrowXWDReaderException(ResourceLimitError,MemoryAllocationFailed, - image); - } -@@ -658,17 +731,21 @@ static Image *ReadXWDImage(const ImageInfo *image_info,ExceptionInfo *exception) - /* - Convert X image to PseudoClass packets. - */ -- register long -+ register unsigned int - i; - - if (!AllocateImageColormap(image,image->colors)) - ThrowXWDReaderException(ResourceLimitError,MemoryAllocationFailed, - image); -- for (i=0; i < (long) image->colors; i++) -- { -- image->colormap[i].red=ScaleShortToQuantum(colors[i].red); -- image->colormap[i].green=ScaleShortToQuantum(colors[i].green); -- image->colormap[i].blue=ScaleShortToQuantum(colors[i].blue); -+ if (colors != (XColor *) NULL) -+ { -+ const unsigned int min_colors = Min(image->colors,header.ncolors); -+ for (i=0; i < min_colors; i++) -+ { -+ image->colormap[i].red=ScaleShortToQuantum(colors[i].red); -+ image->colormap[i].green=ScaleShortToQuantum(colors[i].green); -+ image->colormap[i].blue=ScaleShortToQuantum(colors[i].blue); -+ } - } - for (y=0; y < (long) image->rows; y++) - { -diff --git a/magick/version.h b/magick/version.h -index 527a09a..a9e0dca 100644 ---- a/magick/version.h -+++ b/magick/version.h -@@ -38,8 +38,8 @@ extern "C" { - #define MagickLibVersion 0x211801 - #define MagickLibVersionText "1.3.30" - #define MagickLibVersionNumber 21,18,1 --#define MagickChangeDate "20180623" --#define MagickReleaseDate "2018-06-23" -+#define MagickChangeDate "20190417" -+#define MagickReleaseDate "snapshot-20190417" - - /* - The MagickLibInterfaceNewest and MagickLibInterfaceOldest defines -diff --git a/www/Changelog.html b/www/Changelog.html -index f1ab73c..e5a21da 100644 ---- a/www/Changelog.html -+++ b/www/Changelog.html -@@ -34,6 +34,18 @@ - -
- -+

2019-04-17 Bob Friesenhahn <bfriesen@simple.dallas.tx.us>

-+
-+
    -+
  • coders/xwd.c (ReadXWDImage): Added even more XWD header -+validation logic. Addresses problems noted by email from Hongxu -+Chen to the graphicsmagick-security mail alias on Wed, 17 Apr 2019 -+and entitled "Multiple crashes (FPE and invalid read) when -+processing XWD files". Also addresses additional issues noted -+that an attacker could request to allocate an arbitrary amount of -+memory based on ncolors and the claimed header size.
    • -+
-+
- -

2018-06-23 Bob Friesenhahn <bfriesen@simple.dallas.tx.us>

-
--- -2.27.0 - diff --git a/CVE-2019-11505.patch b/CVE-2019-11505.patch deleted file mode 100644 index 15ebff24f3f8a150a7eb4d6b464d6f641ebc5531..0000000000000000000000000000000000000000 --- a/CVE-2019-11505.patch +++ /dev/null @@ -1,59 +0,0 @@ ---- a/coders/pdb.c Wed Apr 10 11:27:35 2019 -0500 -+++ b/coders/pdb.c Wed Apr 10 20:48:28 2019 -0500 -@@ -30,6 +30,13 @@ - % - % - */ -+/* -+ Some information on this format may be found at -+ http://fileformats.archiveteam.org/wiki/Palm_Database_ImageViewer -+ -+ Round-trip tests do not pass so this format is not included in the -+ test suite. -+*/ - - /* - Include declarations. -@@ -733,6 +740,7 @@ - entry->magick=(MagickHandler) IsPDB; - entry->description="Palm Database ImageViewer Format"; - entry->module="PDB"; -+ entry->coder_class=UnstableCoderClass; - (void) RegisterMagickInfo(entry); - } - -@@ -842,7 +850,7 @@ - status; - - size_t -- packets; -+ packets; - - unsigned long - literal, -@@ -867,6 +875,7 @@ - if (status == False) - ThrowPDBWriterException(FileOpenError,UnableToOpenFile,image); - (void) TransformColorspace(image,RGBColorspace); -+ (void) SetImageType(image,GrayscaleType); - bits_per_pixel=image->depth; - if (GetImageType(image,&image->exception) == BilevelType) - bits_per_pixel=1; -@@ -939,7 +948,7 @@ - if (buffer == (unsigned char *) NULL) - ThrowPDBWriterException(ResourceLimitWarning,MemoryAllocationFailed,image); - (void) memset(buffer,0,512); -- packet_size=image->depth > 8 ? 2: 1; -+ packet_size=bits_per_pixel > 8 ? 2: 1; - scanline=MagickAllocateArray(unsigned char *,image->columns,packet_size); - if (scanline == (unsigned char *) NULL) - ThrowPDBWriterException(ResourceLimitWarning,MemoryAllocationFailed,image); -@@ -956,7 +965,7 @@ - { - if (!AcquireImagePixels(image,0,y,image->columns,1,&image->exception)) - break; -- (void) ExportImagePixelArea(image,GrayQuantum,image->depth,scanline,0,0); -+ (void) ExportImagePixelArea(image,GrayQuantum,bits_per_pixel,scanline,0,0); - for (x=0; x < pdb_image.width; x++) - { - if (x < (long) image->columns) diff --git a/CVE-2019-11506.patch b/CVE-2019-11506.patch deleted file mode 100644 index e4cb8a8cce3b4acb1b640999c095f61049fe7884..0000000000000000000000000000000000000000 --- a/CVE-2019-11506.patch +++ /dev/null @@ -1,66 +0,0 @@ ---- a/coders/mat.c Wed Apr 10 20:48:28 2019 -0500 -+++ b/coders/mat.c Thu Apr 11 20:10:35 2019 -0500 -@@ -1376,11 +1376,11 @@ - % o image: A pointer to an Image structure. - % - */ --static unsigned int WriteMATLABImage(const ImageInfo *image_info,Image *image) -+static MagickPassFail WriteMATLABImage(const ImageInfo *image_info,Image *image) - { - long y; - unsigned z; -- unsigned int status; -+ MagickPassFail status; - int logging; - unsigned long DataSize; - char padding; -@@ -1403,7 +1403,7 @@ - assert(image->signature == MagickSignature); - logging = LogMagickEvent(CoderEvent,GetMagickModule(),"enter MAT"); - status=OpenBlob(image_info,image,WriteBinaryBlobMode,&image->exception); -- if (status == False) -+ if (status == MagickFail) - ThrowWriterException(FileOpenError,UnableToOpenFile,image); - - /* -@@ -1477,26 +1477,32 @@ - for (y=0; y<(long)image->columns; y++) - { - progress_quantum++; -- (void) AcquireImagePixels(image,y,0,1,image->rows,&image->exception); -- (void) ExportImagePixelArea(image,z2qtype[z],8,pixels,0,0); -- (void) WriteBlob(image,image->rows,pixels); -+ if (AcquireImagePixels(image,y,0,1,image->rows,&image->exception) == (PixelPacket *) NULL) -+ break; -+ if (ExportImagePixelArea(image,z2qtype[z],8,pixels,0,0) == MagickFail) -+ break; -+ if (WriteBlob(image,image->rows,pixels) != image->rows) -+ break; - if (QuantumTick(progress_quantum,progress_span)) - if (!MagickMonitorFormatted(progress_quantum,progress_span,&image->exception, - SaveImageText,image->filename, - image->columns,image->rows)) -- goto BreakAll; -+ break; - } -+ if (y != (long)image->columns) -+ { -+ status=MagickFail; -+ goto BreakAll; -+ } -+ - } while(z-- >= 2); - } - BreakAll: - - while(padding-->0) (void) WriteBlobByte(image,0); - -- status=True; -- -- if(pixels) -- {MagickFreeMemory(pixels);pixels=NULL;} -- if(image->next==NULL) break; -+ MagickFreeMemory(pixels); -+ if(status == MagickFail || image->next==NULL) break; - image=SyncNextImageInList(image); - } diff --git a/CVE-2019-12921.patch b/CVE-2019-12921.patch deleted file mode 100644 index c4757fb2d4c12918d9e1964e251f52ec7f2113ff..0000000000000000000000000000000000000000 --- a/CVE-2019-12921.patch +++ /dev/null @@ -1,39 +0,0 @@ -From 1b5507f188dd0cd76099348c5f151a8ba61a812d Mon Sep 17 00:00:00 2001 -From: maminjie -Date: Sat, 19 Sep 2020 16:39:22 +0800 -Subject: [PATCH] fix CVE-2019-12921 - -the text filename component potentially allows to read arbitrary files via TranslateTextEx for SVG - -refers to https://build.opensuse.org/request/show/788214 ---- - magick/render.c | 11 ++++++++--- - 1 file changed, 8 insertions(+), 3 deletions(-) - -diff --git a/magick/render.c b/magick/render.c -index 3caf603..75bbe2f 100644 ---- a/magick/render.c -+++ b/magick/render.c -@@ -2360,11 +2360,16 @@ DrawImage(Image *image,const DrawInfo *draw_info) - if (*draw_info->primitive == '\0') - return(MagickFail); - (void) LogMagickEvent(RenderEvent,GetMagickModule(),"begin draw-image"); -- if (*draw_info->primitive != '@') -- primitive=AllocateString(draw_info->primitive); -- else -+ /* -+ Read primitive from file if supplied primitive starts with '@' and -+ we are not already drawing. -+ */ -+ if ((*draw_info->primitive == '@') && -+ (DrawImageGetCurrentRecurseLevel(image) == 1)) - primitive=(char *) - FileToBlob(draw_info->primitive+1,&length,&image->exception); -+ else -+ primitive=AllocateString(draw_info->primitive); - if (primitive == (char *) NULL) - return(MagickFail); - primitive_extent=strlen(primitive); --- -2.23.0 - diff --git a/CVE-2019-7397.patch b/CVE-2019-7397.patch deleted file mode 100644 index da0b615b1538f6c07e58d5118c9d27907d41bc8e..0000000000000000000000000000000000000000 --- a/CVE-2019-7397.patch +++ /dev/null @@ -1,34 +0,0 @@ -WritePDFImage(): Make sure to free 'xref' before returning. (ImageMagick CVE-2019-7397) - -refers to http://hg.graphicsmagick.org/hg/GraphicsMagick/rev/11ad3aeb8ab1 - -diff -r e29c20957e2d -r 11ad3aeb8ab1 coders/pdf.c ---- a/coders/pdf.c Sun Feb 10 17:07:33 2019 -0600 -+++ b/coders/pdf.c Mon Feb 11 20:31:53 2019 -0600 -@@ -1,5 +1,5 @@ - /* --% Copyright (C) 2003-2018 GraphicsMagick Group -+% Copyright (C) 2003-2019 GraphicsMagick Group - % Copyright (C) 2002 ImageMagick Studio - % Copyright 1991-1999 E. I. du Pont de Nemours and Company - % -@@ -1375,6 +1375,7 @@ - if (!status) - { - CloseBlob(image); -+ MagickFreeMemory(xref); - return(False); - } - break; -@@ -1478,6 +1479,7 @@ - if (!status) - { - CloseBlob(image); -+ MagickFreeMemory(xref); - return(False); - } - break; - - - - diff --git a/CVE-2020-10938.patch b/CVE-2020-10938.patch deleted file mode 100644 index 36645f952e5cd07a559a937f48a675aa94da680f..0000000000000000000000000000000000000000 --- a/CVE-2020-10938.patch +++ /dev/null @@ -1,296 +0,0 @@ -HuffmanDecodeImage(): Fix signed overflow on range check which leads to heap overflow in 32-bit applications. Ascii85Tuple(): Fix thread safety issue. -(CVE-2020-10938) - -refers to http://hg.code.sf.net/p/graphicsmagick/code/rev/95abc2b694ce - -diff -r 751e9e822b09 -r 95abc2b694ce magick/compress.c ---- a/magick/compress.c Sun Nov 10 13:33:34 2019 -0600 -+++ b/magick/compress.c Sat Nov 16 10:31:37 2019 -0600 -@@ -1,5 +1,5 @@ - /* --% Copyright (C) 2003 - 2015 GraphicsMagick Group -+% Copyright (C) 2003-2019 GraphicsMagick Group - % Copyright (C) 2002 ImageMagick Studio - % Copyright 1991-1999 E. I. du Pont de Nemours and Company - % -@@ -53,21 +53,26 @@ - */ - typedef struct HuffmanTable - { -+ unsigned int -+ id; -+ - int -- id, -- code, -+ code; -+ -+ unsigned int - length, - count; -+ - } HuffmanTable; - - /* - Huffman coding declarations. - */ --#define TWId 23 --#define MWId 24 --#define TBId 25 --#define MBId 26 --#define EXId 27 -+#define TWId 23U -+#define MWId 24U -+#define TBId 25U -+#define MBId 26U -+#define EXId 27U - - static const HuffmanTable - MBTable[]= -@@ -202,37 +207,38 @@ - */ - #define MaxLineExtent 36 - --static char *Ascii85Tuple(unsigned char *data) -+static char *Ascii85Tuple(char tuple[6], const unsigned char * restrict data) - { -- static char -- tuple[6]; -+ magick_uint32_t -+ code; - -- register long -- i, -- x; -- -- unsigned long -- code, -- quantum; -- -- code=((((unsigned long) data[0] << 8) | (unsigned long) data[1]) << 16) | -- ((unsigned long) data[2] << 8) | (unsigned long) data[3]; -- if (code == 0L) -+ code=((((magick_uint32_t) data[0] << 8) | (magick_uint32_t) data[1]) << 16) | -+ ((magick_uint32_t) data[2] << 8) | (magick_uint32_t) data[3]; -+ if (code == 0) - { - tuple[0]='z'; - tuple[1]='\0'; -- return(tuple); - } -- quantum=85UL*85UL*85UL*85UL; -- for (i=0; i < 4; i++) -- { -- x=(long) (code/quantum); -- code-=quantum*x; -- tuple[i]=(char) (x+(int) '!'); -- quantum/=85L; -- } -- tuple[4]=(char) ((code % 85L)+(int) '!'); -- tuple[5]='\0'; -+ else -+ { -+ register magick_int32_t -+ i, -+ x; -+ -+ magick_uint32_t -+ quantum; -+ -+ quantum=85U*85U*85U*85U; -+ for (i=0; i < 4; i++) -+ { -+ x=(magick_int32_t) (code/quantum); -+ code-=quantum*x; -+ tuple[i]=(char) (x+(int) '!'); -+ quantum/=85; -+ } -+ tuple[4]=(char) ((code % 85)+(int) '!'); -+ tuple[5]='\0'; -+ } - return(tuple); - } - -@@ -255,6 +261,9 @@ - - MagickExport void Ascii85Flush(Image *image) - { -+ char -+ tuple_buff[6]; -+ - register char - *tuple; - -@@ -266,7 +275,7 @@ - image->ascii85->buffer[image->ascii85->offset]=0; - image->ascii85->buffer[image->ascii85->offset+1]=0; - image->ascii85->buffer[image->ascii85->offset+2]=0; -- tuple=Ascii85Tuple(image->ascii85->buffer); -+ tuple=Ascii85Tuple(tuple_buff, image->ascii85->buffer); - (void) WriteBlob(image,image->ascii85->offset+1, - *tuple == 'z' ? "!!!!" : tuple); - } -@@ -286,6 +295,9 @@ - register unsigned char - *p; - -+ char -+ tuple_buff[6]; -+ - assert(image != (Image *) NULL); - assert(image->signature == MagickSignature); - assert(image->ascii85 != (Ascii85Info *) NULL); -@@ -296,7 +308,7 @@ - p=image->ascii85->buffer; - for (n=image->ascii85->offset; n >= 4; n-=4) - { -- for (q=Ascii85Tuple(p); *q; q++) -+ for (q=Ascii85Tuple(tuple_buff,p); *q; q++) - { - image->ascii85->line_break--; - if ((image->ascii85->line_break < 0) && (*q != '%')) -@@ -355,11 +367,11 @@ - % - % - */ --#define HashSize 1021 --#define MBHashA 293 --#define MBHashB 2695 --#define MWHashA 3510 --#define MWHashB 1178 -+#define HashSize 1021U -+#define MBHashA 293U -+#define MBHashB 2695U -+#define MWHashA 3510U -+#define MWHashB 1178U - - #define InitializeHashTable(hash,table,a,b) \ - { \ -@@ -401,26 +413,30 @@ - byte, - code, - color, -- length, - null_lines, - runlength; - - unsigned int - bit, - index, -+ length, - mask; - - long -- count, -+ count; -+ -+ unsigned long - y; - - register IndexPacket - *indexes; - -- register long -- i, -+ register unsigned long - x; - -+ unsigned int -+ i; -+ - register PixelPacket - *q; - -@@ -481,13 +497,13 @@ - image->x_resolution=204.0; - image->y_resolution=196.0; - image->units=PixelsPerInchResolution; -- for (y=0; ((y < (long) image->rows) && (null_lines < 3)); ) -+ for (y=0; ((y < image->rows) && (null_lines < 3)); ) - { - /* - Initialize scanline to white. - */ - p=scanline; -- for (x=0; x < (long) image->columns; x++) -+ for (x=0; x < image->columns; x++) - *p++=0; - /* - Decode Huffman encoded scanline. -@@ -502,7 +518,7 @@ - { - if (byte == EOF) - break; -- if (x >= (long) image->columns) -+ if (x >= image->columns) - { - while (runlength < 11) - InputBit(bit); -@@ -563,7 +579,7 @@ - case TBId: - { - count+=entry->count; -- if ((x+count) > (long) image->columns) -+ if ((x+(unsigned long) count) > image->columns) - count=(long) image->columns-x; - if (count > 0) - { -@@ -603,7 +619,7 @@ - break; - } - indexes=AccessMutableIndexes(image); -- for (x=0; x < (long) image->columns; x++) -+ for (x=0; x < image->columns; x++) - { - index=(unsigned int) (*p++); - indexes[x]=index; -@@ -695,7 +711,9 @@ - runlength; - - long -- n, -+ n; -+ -+ unsigned long - y; - - Image -@@ -704,8 +722,10 @@ - register const IndexPacket - *indexes; - -- register long -- i, -+ unsigned long -+ i; -+ -+ register unsigned long - x; - - register const PixelPacket -@@ -772,10 +792,10 @@ - polarity=(PixelIntensityToQuantum(&huffman_image->colormap[0]) < - PixelIntensityToQuantum(&huffman_image->colormap[1]) ? 0x00 : 0x01); - q=scanline; -- for (i=(long) width; i > 0; i--) -+ for (i=0; i < width; i++) /* was: for (i=(long) width; i > 0; i--) */ - *q++=(unsigned char) polarity; - q=scanline; -- for (y=0; y < (long) huffman_image->rows; y++) -+ for (y=0; y < huffman_image->rows; y++) - { - p=AcquireImagePixels(huffman_image,0,y,huffman_image->columns,1, - &huffman_image->exception); -@@ -785,7 +805,7 @@ - break; - } - indexes=AccessImmutableIndexes(huffman_image); -- for (x=0; x < (long) huffman_image->columns; x++) -+ for (x=0; x < huffman_image->columns; x++) - { - *q=(unsigned char) (indexes[x] == polarity ? !polarity : polarity); - q++; - - - - diff --git a/CVE-2020-12672.patch b/CVE-2020-12672.patch deleted file mode 100644 index 9295895e616176d6c9c5fe494bb29308d85d5809..0000000000000000000000000000000000000000 --- a/CVE-2020-12672.patch +++ /dev/null @@ -1,48 +0,0 @@ -From a5646313975525c598527269bbfe4524909275f3 Mon Sep 17 00:00:00 2001 -From: maminjie -Date: Sat, 19 Sep 2020 17:59:51 +0800 -Subject: [PATCH] MNG: Fix small heap overwrite or assertion if magnifying and - image to be magnified has rows or columns == 1. (CVE-2020-12672) - -refers to http://hg.graphicsmagick.org/hg/GraphicsMagick/rev/50395430a371 ---- - coders/png.c | 23 ++++++++++++++++++++++- - 1 file changed, 22 insertions(+), 1 deletion(-) - -diff --git a/coders/png.c b/coders/png.c -index ebb0a4a..b8b6c2b 100644 ---- a/coders/png.c -+++ b/coders/png.c -@@ -5571,7 +5571,28 @@ static Image *ReadMNGImage(const ImageInfo *image_info, - - if (logging) - (void) LogMagickEvent(CoderEvent,GetMagickModule(), -- " Processing MNG MAGN chunk"); -+ " Processing MNG MAGN chunk: MB=%u, ML=%u," -+ " MR=%u, MT=%u, MX=%u, MY=%u," -+ " X_method=%u, Y_method=%u", -+ mng_info->magn_mb,mng_info->magn_ml, -+ mng_info->magn_mr,mng_info->magn_mt, -+ mng_info->magn_mx,mng_info->magn_my, -+ mng_info->magn_methx, -+ mng_info->magn_methy); -+ -+ /* -+ If the image width is 1, then X magnification is done -+ by simple pixel replication. -+ */ -+ if (image->columns == 1) -+ mng_info->magn_methx = 1; -+ -+ /* -+ If the image height is 1, then Y magnification is done -+ by simple pixel replication. -+ */ -+ if (image->rows == 1) -+ mng_info->magn_methy = 1; - - if (mng_info->magn_methx == 1) - { --- -2.23.0 - diff --git a/CVE-2022-1270.patch b/CVE-2022-1270.patch deleted file mode 100644 index c836564af981f07fdfa41f58d239057d80336cc1..0000000000000000000000000000000000000000 --- a/CVE-2022-1270.patch +++ /dev/null @@ -1,89 +0,0 @@ - -# HG changeset patch -# User Bob Friesenhahn -# Date 1648301533 18000 -# Node ID 94f4bcf448ad29d6d8470e444038402d34fbba12 -# Parent 07c1e6eeffb8cb2abb9ede843a45ba7e5435b3b0 -ReadMIFFImage(): Validate claimed bzip2-compressed row length prior to reading data into fixed size buffer. - ---- - ChangeLog | 7 +++++++ - coders/miff.c | 11 +++++++++++ - magick/version.h | 2 ++ - www/Changelog.html | 7 +++++++ - 4 files changed, 27 insertions(+) - -diff --git a/ChangeLog b/ChangeLog -index a89c828..5116ad0 100644 ---- a/ChangeLog -+++ b/ChangeLog -@@ -1,3 +1,10 @@ -+2022-03-26 Bob Friesenhahn -+ * coders/miff.c (ReadMIFFImage): Validate claimed bzip2-compressed -+ row length prior to reading data into fixed size buffer. -+ Addresses SourceForge bug #664 "[bug]Heap buffer overflow when -+ parsing MIFF". This severe bug only impacts builds with BZLIB -+ support. -+ - 2019-04-17 Bob Friesenhahn - * coders/xwd.c (ReadXWDImage): Added even more XWD header - validation logic. Addresses problems noted by email from Hongxu -diff --git a/coders/miff.c b/coders/miff.c -index 00813c4..9149a15 100644 ---- a/coders/miff.c -+++ b/coders/miff.c -@@ -1674,9 +1674,20 @@ static Image *ReadMIFFImage(const ImageInfo *image_info, - else - { - length=ReadBlobMSBLong(image); -+ if (image->logging) -+ (void) LogMagickEvent(CoderEvent,GetMagickModule(), -+ "length = %"MAGICK_SIZE_T_F"u", -+ (MAGICK_SIZE_T) length); -+ if ((length == 0) || (length > compressed_length)) -+ { -+ (void) BZ2_bzDecompressEnd(&bzip_info); -+ ThrowMIFFReaderException(CorruptImageError,UnableToUncompressImage, -+ image); -+ } - bzip_info.avail_in=(unsigned int) ReadBlob(image,length,bzip_info.next_in); - if ((size_t) bzip_info.avail_in != length) - { -+ (void) BZ2_bzDecompressEnd(&bzip_info); - ThrowMIFFReaderException(CorruptImageError,UnexpectedEndOfFile, - image); - } -diff --git a/magick/version.h b/magick/version.h -index a9e0dca..1e17abc 100644 ---- a/magick/version.h -+++ b/magick/version.h -@@ -40,6 +40,8 @@ extern "C" { - #define MagickLibVersionNumber 21,18,1 - #define MagickChangeDate "20190417" - #define MagickReleaseDate "snapshot-20190417" -+#define MagickChangeDate "20220326" -+#define MagickReleaseDate "snapshot-20220326" - - /* - The MagickLibInterfaceNewest and MagickLibInterfaceOldest defines -diff --git a/www/Changelog.html b/www/Changelog.html -index e5a21da..5ec8096 100644 ---- a/www/Changelog.html -+++ b/www/Changelog.html -@@ -34,6 +34,13 @@ -
-
- -+

2022-03-26 Bob Friesenhahn <bfriesen@simple.dallas.tx.us>

-+
-+* coders/miff.c (ReadMIFFImage): Validate claimed bzip2-compressed -+row length prior to reading data into fixed size buffer. -+Addresses SourceForge bug #664 "[bug]Heap buffer overflow when -+parsing MIFF". This severe bug only impacts builds with BZLIB -+support.
-

2019-04-17 Bob Friesenhahn <bfriesen@simple.dallas.tx.us>

-
-
    --- -2.23.0 - diff --git a/GraphicsMagick-1.3.14-perl_linkage.patch b/GraphicsMagick-1.3.14-perl_linkage.patch deleted file mode 100644 index db504a0ec31a0eb93a598319071352f8d844edc1..0000000000000000000000000000000000000000 --- a/GraphicsMagick-1.3.14-perl_linkage.patch +++ /dev/null @@ -1,12 +0,0 @@ -diff -up GraphicsMagick-1.3.14/PerlMagick/Makefile.PL.in.perl_linkage GraphicsMagick-1.3.14/PerlMagick/Makefile.PL.in ---- GraphicsMagick-1.3.14/PerlMagick/Makefile.PL.in.perl_linkage 2012-02-25 14:43:38.000000000 -0600 -+++ GraphicsMagick-1.3.14/PerlMagick/Makefile.PL.in 2012-02-26 07:35:38.542731280 -0600 -@@ -78,7 +78,7 @@ WriteMakefile - 'INSTALLBIN' => $magick_BIN_DIR, - - # Library specification -- 'LIBS' => ["-L$magick_LIB_DIR -lGraphicsMagick $magick_LDFLAGS $magick_DEP_LIBS"], -+ 'LIBS' => ["-L$magick_LIB_DIR -L../magick/.libs -lGraphicsMagick $magick_LDFLAGS $magick_DEP_LIBS"], - - # Perl binary name (if a Perl binary is built) - 'MAP_TARGET' => 'PerlMagick', diff --git a/GraphicsMagick-1.3.16-multilib.patch b/GraphicsMagick-1.3.16-multilib.patch deleted file mode 100644 index e3c8e90305652d75e7dd46ebb12816fd388f3aec..0000000000000000000000000000000000000000 --- a/GraphicsMagick-1.3.16-multilib.patch +++ /dev/null @@ -1,43 +0,0 @@ -diff -up GraphicsMagick-1.3.16/Magick++/bin/GraphicsMagick++-config.in.multilib GraphicsMagick-1.3.16/Magick++/bin/GraphicsMagick++-config.in ---- GraphicsMagick-1.3.16/Magick++/bin/GraphicsMagick++-config.in.multilib 2011-11-12 14:39:22.000000000 -0600 -+++ GraphicsMagick-1.3.16/Magick++/bin/GraphicsMagick++-config.in 2012-06-24 11:25:12.603862643 -0500 -@@ -33,13 +33,13 @@ while test $# -gt 0; do - echo '@MAGICK_API_CPPFLAGS@' - ;; - --cxxflags) -- echo '@CXXFLAGS@' -+ echo '' - ;; - --ldflags) -- echo '@MAGICK_API_LDFLAGS@' -+ echo '' - ;; - --libs) -- echo '-lGraphicsMagick++ @MAGICK_API_LIBS@' -+ echo '-lGraphicsMagick++' - ;; - *) - echo "${usage}" 1>&2 -diff -up GraphicsMagick-1.3.16/magick/GraphicsMagick-config.in.multilib GraphicsMagick-1.3.16/magick/GraphicsMagick-config.in ---- GraphicsMagick-1.3.16/magick/GraphicsMagick-config.in.multilib 2011-11-12 14:39:26.000000000 -0600 -+++ GraphicsMagick-1.3.16/magick/GraphicsMagick-config.in 2012-06-24 11:14:55.947571850 -0500 -@@ -30,16 +30,16 @@ while test $# -gt 0; do - echo @PACKAGE_VERSION@ - ;; - --cflags) -- echo '@CFLAGS@' -+ echo '' - ;; - --cppflags) - echo '@MAGICK_API_CPPFLAGS@' - ;; - --ldflags) -- echo '@MAGICK_API_LDFLAGS@' -+ echo '' - ;; - --libs) -- echo '@MAGICK_API_LIBS@' -+ echo '-lGraphicsMagick' - ;; - *) - echo "${usage}" 1>&2 diff --git a/GraphicsMagick-1.3.31-perl_linkage.patch b/GraphicsMagick-1.3.31-perl_linkage.patch new file mode 100644 index 0000000000000000000000000000000000000000..9511eb1626815e9cb6a1755ac6dd1c6c06146294 --- /dev/null +++ b/GraphicsMagick-1.3.31-perl_linkage.patch @@ -0,0 +1,12 @@ +diff -up GraphicsMagick-1.3.31/PerlMagick/Makefile.PL.in.perl_linkage GraphicsMagick-1.3.31/PerlMagick/Makefile.PL.in +--- GraphicsMagick-1.3.31/PerlMagick/Makefile.PL.in.perl_linkage 2018-11-20 08:09:30.804633076 -0600 ++++ GraphicsMagick-1.3.31/PerlMagick/Makefile.PL.in 2018-11-20 08:10:29.460027024 -0600 +@@ -78,7 +78,7 @@ WriteMakefile + 'INSTALLBIN' => $magick_BIN_DIR, + + # Library specification +- 'LIBS' => ["-L$magick_LIB_DIR $magick_LDFLAGS $magick_API_LIBS"], ++ 'LIBS' => ["-L$magick_LIB_DIR -L../magick/.libs $magick_LDFLAGS $magick_API_LIBS"], + + # Perl binary name (if a Perl binary is built) + 'MAP_TARGET' => 'PerlMagick', diff --git a/GraphicsMagick-1.3.30.tar.xz b/GraphicsMagick-1.3.41.tar.xz similarity index 43% rename from GraphicsMagick-1.3.30.tar.xz rename to GraphicsMagick-1.3.41.tar.xz index a76b4c68573ad0d657482c07e22665e54ebb2582..2ec3bd818b318b11398e0e21deff5c2fa03068ec 100644 Binary files a/GraphicsMagick-1.3.30.tar.xz and b/GraphicsMagick-1.3.41.tar.xz differ diff --git a/GraphicsMagick.spec b/GraphicsMagick.spec index bd59abc6565217eb1e3603357649f96a31593668..7f330393d0a9d61e4e80eaf1a8857cfbf0f2e4b7 100644 --- a/GraphicsMagick.spec +++ b/GraphicsMagick.spec @@ -1,166 +1,256 @@ -%ifarch x86_64 +%global _with_quantum_depth --with-quantum-depth=16 +%global _enable_quantum_library_names --enable-quantum-library-names +%global libQ -Q16 + +# Disable automatic .la file removal +%global __brp_remove_la_files %nil + +%if ! 0%{?flatpak} +%global perl 1 +%endif + +%global multilib_archs x86_64 %{ix86} ppc64 ppc64le ppc s390x s390 sparc64 sparcv9 +# hack for older platforms/rpm-versions that do not support %%__isa_bits (like el5) +%ifarch %{multilib_archs} %if ! 0%{?__isa_bits:1} -%ifarch x86_64 +%ifarch x86_64 s390x ia64 ppc64 sparc64 %global __isa_bits 64 +%else +%global __isa_bits 32 %endif %endif %endif %global __provides_exclude_from ^%{_libdir}/GraphicsMagick-%{version}/.*\\.(la|so)$ -Name: GraphicsMagick -Version: 1.3.30 -Release: 9 -Summary: Derived from ImageMagick, providing faster image generation speed and better quality -License: MIT -Source0: http://downloads.sourceforge.net/sourceforge/graphicsmagick/GraphicsMagick-%{version}.tar.xz -Url: http://www.graphicsmagick.org/ - -Patch0000: GraphicsMagick-1.3.14-perl_linkage.patch -Patch0001: GraphicsMagick-1.3.16-multilib.patch -Patch0002: CVE-2019-11007.patch -Patch0003: CVE-2019-11505.patch -Patch0004: CVE-2019-11008.patch -Patch0005: CVE-2019-11506.patch -Patch0006: CVE-2019-11009.patch -Patch0007: CVE-2018-18544.patch -Patch0008: CVE-2019-7397.patch -Patch0009: CVE-2019-11005.patch -Patch0010: CVE-2019-11006.patch -Patch0011: CVE-2019-11010.patch -Patch0012: CVE-2019-12921.patch -Patch0013: CVE-2020-10938.patch -Patch0014: CVE-2020-12672.patch -Patch0015: CVE-2019-11473-CVE-2019-11474.patch -Patch0016: CVE-2022-1270.patch - -BuildRequires: bzip2-devel freetype-devel gcc-c++ giflib-devel lcms2-devel libjpeg-devel -BuildRequires: libpng-devel librsvg2-devel libtiff-devel libtool-ltdl-devel libxml2-devel lpr -BuildRequires: libX11-devel libXext-devel libXt-devel perl-devel perl-generators perl(ExtUtils::MakeMaker) -BuildRequires: xdg-utils xz-devel zlib-devel time jbigkit-devel libwebp-devel - -Requires: urw-fonts +Summary: An ImageMagick fork, offering faster image generation and better quality +Name: GraphicsMagick +Version: 1.3.41 +Release: 1 + +License: MIT +Source0: http://downloads.sourceforge.net/sourceforge/graphicsmagick/GraphicsMagick-%{version}.tar.xz +Source1: urw-fonts-1.0.7pre44.tar.bz2 +#S1 URL: http://svn.ghostscript.com/ghostscript/tags/urw-fonts-1.0.7pre44/ -- urw-fonts-2.4-16.el7.src.rpm +#S1 https://gitee.com/src-openeuler/urw-base35-fonts.git +Url: http://www.graphicsmagick.org/ + +Patch002: GraphicsMagick-1.3.31-perl_linkage.patch + +BuildRequires: bzip2-devel +BuildRequires: freetype-devel +BuildRequires: gcc-c++ +BuildRequires: giflib-devel +BuildRequires: lcms2-devel +BuildRequires: libjpeg-devel +BuildRequires: libpng-devel +BuildRequires: librsvg2-devel +BuildRequires: libtiff-devel +BuildRequires: libtool-ltdl-devel +BuildRequires: libwmf-devel +BuildRequires: libxml2-devel +BuildRequires: libX11-devel libXext-devel libXt-devel +BuildRequires: lpr +BuildRequires: make +BuildRequires: p7zip +%if 0%{?perl} +BuildRequires: perl-devel +BuildRequires: perl-generators +BuildRequires: perl(ExtUtils::MakeMaker) +%endif +BuildRequires: xdg-utils +BuildRequires: xz-devel +BuildRequires: zlib-devel +## %%check stuff +BuildRequires: time +BuildRequires: libwebp-devel jbigkit-devel +# upgrade path for introduction of -doc subpkg in 1.3.19-4 +Obsoletes: GraphicsMagick < 1.3.19-4 + +%global urw_font_bundle 1 + +%if 0%{?urw_font_bundle} +%global urw_font_path %{_datadir}/GraphicsMagick-%{version}/urw-fonts +%else +%global urw_font_path %{_datadir}/X11/fonts/urw-fonts +BuildRequires: urw-base35-fonts-legacy +Requires: urw-base35-fonts-legacy +%endif %description -GraphicsMagick is the swiss army knife of image processing. Comprised of 267K physical lines -(according to David A. Wheeler's SLOCCount) of source code in the base package -(or 1,225K including 3rd party libraries) it provides a robust and efficient collection of tools -and libraries which support reading, writing, and manipulating an image in over 89 major formats -including important formats like DPX, GIF, JPEG, JPEG-2000, PNG, PDF, PNM, TIFF, and WebP. +GraphicsMagick is a comprehensive image processing package which is initially +based on ImageMagick 5.5.2, but which has undergone significant re-work by +the GraphicsMagick Group to significantly improve the quality and performance +of the software. %package devel -Summary: Libraries and header files for GraphicsMagick -Requires: %{name} = %{version}-%{release} +Summary: Libraries and header files for GraphicsMagick app development +Requires: %{name}%{?_isa} = %{version}-%{release} %description devel -GraphicsMagick-devel contains libraries and header files needed to -develop GraphicsMagick applications. This is an image processing program. +GraphicsMagick-devel contains the Libraries and header files you'll +need to develop GraphicsMagick applications. GraphicsMagick is an image +manipulation program. -If you want to create an application that will use GraphicsMagick code -or API, you need to install GraphicsMagick-devel and GraphicsMagick. -If you just want to use, don't install +If you want to create applications that will use GraphicsMagick code or +APIs, you need to install GraphicsMagick-devel as well as GraphicsMagick. +You do not need to install it if you just want to use GraphicsMagick, +however. -%package help -Provides: %{name}-doc = %{version}-%{release} -Obsoletes: %{name}-doc < %{version}-%{release} -Summary: GraphicsMagick documentation and usage introduction -Obsoletes: GraphicsMagick < 1.3.19-4 -BuildArch: noarch - -%description help -GraphicsMagick documentation and usage introduction. +%if 0%{?perl} %package perl -Summary: GraphicsMagick perl package -Requires: %{name} = %{version}-%{release} -Requires: perl(:MODULE_COMPAT_%(eval "`%{__perl} -V:version`"; echo $version)) +Summary: GraphicsMagick perl bindings +Requires: %{name}%{?_isa} = %{version}-%{release} +Requires: perl(:MODULE_COMPAT_%(eval "`%{__perl} -V:version`"; echo $version)) %description perl -GraphicsMagick's perl package +Perl bindings to GraphicsMagick. -Use GraphicsMagick's perl script to install the GraphicsMagick-perl package. +Install GraphicsMagick-perl if you want to use any perl scripts that use +GraphicsMagick. +%endif %package c++ -Summary: GraphicsMagick c ++ package -Requires: %{name} = %{version}-%{release} +Summary: GraphicsMagick Magick++ library (C++ bindings) +Requires: %{name}%{?_isa} = %{version}-%{release} %description c++ -This package contains the GraphicsMagick ++ library, which is -a C ++ library for the GraphicsMagick graphics manipulation library. +This package contains the GraphicsMagick++ library, a C++ binding to the +GraphicsMagick graphics manipulation library. -To use any application that uses GraphicsMagick ++, -install GraphicsMagick-c ++. +Install GraphicsMagick-c++ if you want to use any applications that use +GraphicsMagick++. %package c++-devel -Summary: GraphicsMagick's C ++ Development Kit -Requires: %{name}-c++ = %{version}-%{release} -Requires: %{name}-devel = %{version}-%{release} +Summary: C++ bindings for the GraphicsMagick library +Requires: %{name}-c++%{?_isa} = %{version}-%{release} +Requires: %{name}-devel%{?_isa} = %{version}-%{release} %description c++-devel -GraphicsMagick-devel contains libraries and header files needed to -develop GraphicsMagick applications using Magick ++ C ++ bindings. +GraphicsMagick-devel contains the Libraries and header files you'll +need to develop GraphicsMagick applications using the Magick++ C++ bindings. +GraphicsMagick is an image manipulation program. -If you want to create an application that uses Magick ++ code or API, -you need to install GraphicsMagick-c ++-devel, ImageMagick devel, and GraphicsMagick. +If you want to create applications that will use Magick++ code +or APIs, you'll need to install GraphicsMagick-c++-devel, ImageMagick-devel and +GraphicsMagick. +You don't need to install it if you just want to use GraphicsMagick, or if you +want to develop/compile applications using the GraphicsMagick C interface, +however. -If you are just using GraphicsMagick, or you want to develop / compile -applications using the GraphicsMagick C interface, you do not need to install it. +%package help +Provides: %{name}-doc = %{version}-%{release} +Obsoletes: %{name}-doc < %{version}-%{release} +Summary: GraphicsMagick documentation and usage introduction +Obsoletes: GraphicsMagick < 1.3.19-4 +BuildArch: noarch + +%description help +GraphicsMagick documentation and usage introduction. %prep -%autosetup -p1 +%setup -q +%if 0%{?urw_font_bundle} +mkdir -p urw-fonts +tar --directory=urw-fonts/ -xf %{SOURCE1} +rm -f urw-fonts/ChangeLog urw-fonts/README* urw-fonts/fonts* +%endif + +%patch002 -p1 -b .perl_linkage + +for f in ChangeLog.{2006,2008,2009,2012} NEWS.txt ; do + iconv -f iso-8859-2 -t utf8 < $f > $f.utf8 + touch -r $f $f.utf8 ; mv -f $f.utf8 $f +done + +# Avoid lib64 rpaths (FIXME: recheck this on newer releases) %if "%{_libdir}" != "/usr/lib" -sed -i -e 's|"/lib /usr/lib|"%{_lib} %{_libdir}|' configure +sed -i.rpath -e 's|"/lib /usr/lib|"/%{_lib} %{_libdir}|' configure %endif %build -%configure --enable-shared --disable-static --docdir=%{_pkgdocdir} --with-lcms2 --with-magick_plus_plus \ - --with-modules --with-perl --with-perl-options="INSTALLDIRS=vendor %{?perl_prefix}" \ - --with-quantum-depth=16 --enable-quantum-library-names --with-threads --with-wmf --with-x \ - --with-xml --without-dps --without-gslib --with-gs-font-dir=%{_datadir}/fonts/default/Type1 +%configure \ + --enable-shared --disable-static \ + --docdir=%{_pkgdocdir} \ + --with-lcms2 \ + --with-magick_plus_plus \ + --with-modules \ +%if 0%{?flatpak} + --without-perl \ +%else + --with-perl \ + --with-perl-options="INSTALLDIRS=vendor %{?perl_prefix}" \ +%endif + %{?_with_quantum_depth} \ + %{?_enable_quantum_library_names} \ + --with-threads \ + --with-wmf \ + --with-x \ + --with-xml \ + --without-dps \ + --without-gslib \ + --with-gs-font-dir=%{urw_font_path} %make_build +%if 0%{?perl} %make_build perl-build +%endif %install %make_install + +%if 0%{?perl} %make_install -C PerlMagick +# perlmagick: fix perl path of demo files %{__perl} -MExtUtils::MakeMaker -e 'MY->fixin(@ARGV)' PerlMagick/demo/*.pl -find %{buildroot} -type f -name "*.bs" -delete -find %{buildroot} -type f -name ".packlist" -delete -find %{buildroot} -type f -name "perllocal.pod" -delete +find %{buildroot} -name "*.bs" |xargs rm -fv +find %{buildroot} -name ".packlist" |xargs rm -fv +find %{buildroot} -name "perllocal.pod" |xargs rm -fv +ls -l %{buildroot}%{perl_vendorarch}/auto/Graphics/Magick/Magick.so chmod 755 %{buildroot}%{perl_vendorarch}/auto/Graphics/Magick/Magick.so +# perlmagick: build files list find %{buildroot}/%{_libdir}/perl* -type f -print \ - | sed "s@^%{buildroot}@@g" > perl-pkg-files + | sed "s@^%{buildroot}@@g" > perl-pkg-files find %{buildroot}%{perl_vendorarch} -type d -print \ | sed "s@^%{buildroot}@%dir @g" \ | grep -v '^%dir %{perl_vendorarch}$' \ - | grep -v '/auto$' >> perl-pkg-files + | grep -v '/auto$' >> perl-pkg-files if [ -z perl-pkg-files ] ; then - echo "ERROR: FILE LIST EMPTY" + echo "ERROR: EMPTY FILE LIST" exit -1 fi +%endif + +rm -rfv %{buildroot}%{_datadir}/GraphicsMagick +# Keep config +rm -rfv %{buildroot}%{_datadir}/%{name}-%{version}/[a-b,d-z,A-Z]* +rm -fv %{buildroot}%{_libdir}/lib*.la -rm -rf %{buildroot}%{_datadir}/GraphicsMagick -rm -rf %{buildroot}%{_datadir}/%{name}-%{version}/[a-b,d-z,A-Z]* -find %{buildroot}%{_libdir} -type f -name "lib*.la" -delete +%if 0%{?urw_font_bundle} +mkdir -p %{buildroot}%{urw_font_path}/ +install -p -m644 urw-fonts/* \ + %{buildroot}%{urw_font_path}/ +%endif -%ifarch x86_64 +# fix multilib issues +%ifarch %{multilib_archs} mv %{buildroot}%{_includedir}/GraphicsMagick/magick/magick_types.h \ %{buildroot}%{_includedir}/GraphicsMagick/magick/magick_types-%{__isa_bits}.h cat >%{buildroot}%{_includedir}/GraphicsMagick/magick/magick_types.h < - + #if __WORDSIZE == 32 # include "magick/magick_types-32.h" #elif __WORDSIZE == 64 @@ -168,14 +258,29 @@ cat >%{buildroot}%{_includedir}/GraphicsMagick/magick/magick_types.h < - 1.3.41-1 +- Update to 1.3.41 for fix CVE-2020-21679 + * Mon Jul 11 2022 houyingchao - 1.3.30-9 - Fix CVE-2022-1270 diff --git a/urw-fonts-1.0.7pre44.tar.bz2 b/urw-fonts-1.0.7pre44.tar.bz2 new file mode 100644 index 0000000000000000000000000000000000000000..9dfc6068d3bcfb8abd8687bdca76ee3234b679f4 Binary files /dev/null and b/urw-fonts-1.0.7pre44.tar.bz2 differ