diff --git a/CVE-2019-7397.patch b/CVE-2019-7397.patch new file mode 100644 index 0000000000000000000000000000000000000000..11398018838c4e1dfef0656dcadffc1d0bd1ecdd --- /dev/null +++ b/CVE-2019-7397.patch @@ -0,0 +1,156 @@ +diff -Nur ImageMagick-6.9.10-67_old/coders/pdf.c ImageMagick-6.9.10-67/coders/pdf.c +--- ImageMagick-6.9.10-67_old/coders/pdf.c 2019-12-25 16:48:50.196305907 +0800 ++++ ImageMagick-6.9.10-67/coders/pdf.c 2019-12-25 18:00:11.863959671 +0800 +@@ -1712,7 +1712,10 @@ + offset=TellBlob(image); + number_pixels=(MagickSizeType) image->columns*image->rows; + if ((4*number_pixels) != (MagickSizeType) ((size_t) (4*number_pixels))) ++ { ++ xref=(MagickOffsetType *) RelinquishMagickMemory(xref); + ThrowPDFException(ResourceLimitError,"MemoryAllocationFailed"); ++ } + if ((compression == FaxCompression) || (compression == Group4Compression) || + ((image_info->type != TrueColorType) && + (SetImageGray(image,&image->exception) != MagickFalse))) +@@ -1735,7 +1738,10 @@ + status=InjectImageBlob(image_info,image,image,"jpeg", + &image->exception); + if (status == MagickFalse) ++ { ++ xref=(MagickOffsetType *) RelinquishMagickMemory(xref); + ThrowPDFException(CoderError,image->exception.reason); ++ } + break; + } + case JPEG2000Compression: +@@ -1743,7 +1749,10 @@ + status=InjectImageBlob(image_info,image,image,"jp2", + &image->exception); + if (status == MagickFalse) ++ { ++ xref=(MagickOffsetType *) RelinquishMagickMemory(xref); + ThrowPDFException(CoderError,image->exception.reason); ++ } + break; + } + case RLECompression: +@@ -1758,7 +1767,10 @@ + length=(size_t) number_pixels; + pixel_info=AcquireVirtualMemory(length,sizeof(*pixels)); + if (pixel_info == (MemoryInfo *) NULL) ++ { ++ xref=(MagickOffsetType *) RelinquishMagickMemory(xref); + ThrowPDFException(ResourceLimitError,"MemoryAllocationFailed"); ++ } + pixels=(unsigned char *) GetVirtualMemoryBlob(pixel_info); + /* + Dump Runlength encoded pixels. +@@ -1842,7 +1854,10 @@ + status=InjectImageBlob(image_info,image,image,"jpeg", + &image->exception); + if (status == MagickFalse) ++ { ++ xref=(MagickOffsetType *) RelinquishMagickMemory(xref); + ThrowPDFException(CoderError,image->exception.reason); ++ } + break; + } + case JPEG2000Compression: +@@ -1850,7 +1865,10 @@ + status=InjectImageBlob(image_info,image,image,"jp2", + &image->exception); + if (status == MagickFalse) ++ { ++ xref=(MagickOffsetType *) RelinquishMagickMemory(xref); + ThrowPDFException(CoderError,image->exception.reason); ++ } + break; + } + case RLECompression: +@@ -2151,7 +2169,10 @@ + tile_image=ThumbnailImage(image,geometry.width,geometry.height, + &image->exception); + if (tile_image == (Image *) NULL) ++ { ++ xref=(MagickOffsetType *) RelinquishMagickMemory(xref); + ThrowPDFException(ResourceLimitError,image->exception.reason); ++ } + xref[object++]=TellBlob(image); + (void) FormatLocaleString(buffer,MaxTextExtent,"%.20g 0 obj\n",(double) + object); +@@ -2256,7 +2277,10 @@ + status=InjectImageBlob(image_info,image,tile_image,"jpeg", + &image->exception); + if (status == MagickFalse) ++ { ++ xref=(MagickOffsetType *) RelinquishMagickMemory(xref); + ThrowPDFException(CoderError,tile_image->exception.reason); ++ } + break; + } + case JPEG2000Compression: +@@ -2264,7 +2288,10 @@ + status=InjectImageBlob(image_info,image,tile_image,"jp2", + &image->exception); + if (status == MagickFalse) ++ { ++ xref=(MagickOffsetType *) RelinquishMagickMemory(xref); + ThrowPDFException(CoderError,tile_image->exception.reason); ++ } + break; + } + case RLECompression: +@@ -2281,6 +2308,7 @@ + if (pixel_info == (MemoryInfo *) NULL) + { + tile_image=DestroyImage(tile_image); ++ xref=(MagickOffsetType *) RelinquishMagickMemory(xref); + ThrowPDFException(ResourceLimitError,"MemoryAllocationFailed"); + } + pixels=(unsigned char *) GetVirtualMemoryBlob(pixel_info); +@@ -2354,7 +2382,10 @@ + status=InjectImageBlob(image_info,image,tile_image,"jpeg", + &image->exception); + if (status == MagickFalse) ++ { ++ xref=(MagickOffsetType *) RelinquishMagickMemory(xref); + ThrowPDFException(CoderError,tile_image->exception.reason); ++ } + break; + } + case JPEG2000Compression: +@@ -2362,7 +2393,10 @@ + status=InjectImageBlob(image_info,image,tile_image,"jp2", + &image->exception); + if (status == MagickFalse) ++ { ++ xref=(MagickOffsetType *) RelinquishMagickMemory(xref); + ThrowPDFException(CoderError,tile_image->exception.reason); ++ } + break; + } + case RLECompression: +@@ -2380,6 +2414,7 @@ + if (pixel_info == (MemoryInfo *) NULL) + { + tile_image=DestroyImage(tile_image); ++ xref=(MagickOffsetType *) RelinquishMagickMemory(xref); + ThrowPDFException(ResourceLimitError,"MemoryAllocationFailed"); + } + pixels=(unsigned char *) GetVirtualMemoryBlob(pixel_info); +@@ -2474,6 +2509,7 @@ + if (pixel_info == (MemoryInfo *) NULL) + { + tile_image=DestroyImage(tile_image); ++ xref=(MagickOffsetType *) RelinquishMagickMemory(xref); + ThrowPDFException(ResourceLimitError, + "MemoryAllocationFailed"); + } +@@ -2679,6 +2715,7 @@ + if (pixel_info == (MemoryInfo *) NULL) + { + image=DestroyImage(image); ++ xref=(MagickOffsetType *) RelinquishMagickMemory(xref); + ThrowPDFException(ResourceLimitError,"MemoryAllocationFailed"); + } + pixels=(unsigned char *) GetVirtualMemoryBlob(pixel_info); diff --git a/ImageMagick-6.9.10-67.tar.xz b/ImageMagick-6.9.10-67.tar.xz new file mode 100644 index 0000000000000000000000000000000000000000..be66bfbe1530bebb195d4c4d9aeb394b79380f03 Binary files /dev/null and b/ImageMagick-6.9.10-67.tar.xz differ diff --git a/ImageMagick.spec b/ImageMagick.spec new file mode 100644 index 0000000000000000000000000000000000000000..7a2f19298b5f4051ef02776b1490ac88926e4cd4 --- /dev/null +++ b/ImageMagick.spec @@ -0,0 +1,168 @@ +Name: ImageMagick +Epoch: 1 +Version: 6.9.10.67 +Release: 5 +Summary: Create, edit, compose, or convert bitmap images +License: ImageMagick +Url: http://www.imagemagick.org/ +Source0: https://mirrors.sohu.com/gentoo/distfiles/db/ImageMagick-6.9.10-67.tar.xz + +Patch0001: CVE-2019-7397.patch + +BuildRequires: bzip2-devel freetype-devel libjpeg-devel libpng-devel perl-generators +BuildRequires: libtiff-devel giflib-devel zlib-devel perl-devel >= 5.8.1 jbigkit-devel +BuildRequires: libgs-devel ghostscript-x11 libwmf-devel jasper-devel +BuildRequires: libtool-ltdl-devel libX11-devel libXext-devel libXt-devel lcms2-devel +BuildRequires: libxml2-devel librsvg2-devel fftw-devel ilmbase-devel OpenEXR-devel +BuildRequires: openjpeg2-devel >= 2.1.0 libwebp-devel autoconf automake gcc gcc-c++ + +Provides: ImageMagick-libs = %{epoch}:%{version}-%{release} +Provides: ImageMagick-djva = %{epoch}:%{version}-%{release} +Obsoletes: ImageMagick-libs < %{epoch}:%{version}-%{release} +Obsoletes: ImageMagick-djvu < %{epoch}:%{version}-%{release} + +%description +Use ImageMagick to create, edit, compose, or convert bitmap images. It can read and write +images in a variety of formats (over 200) including PNG, JPEG, GIF, HEIC, TIFF, DPX, EXR, +WebP, Postscript, PDF, and SVG. Use ImageMagick to resize, flip, mirror, rotate, distort, +shear and transform images, adjust image colors, apply various special effects, +or draw text, lines, polygons, ellipses and Bézier curves. + +%package devel +Summary: Development files for ImageMagick +Requires: ImageMagick = %{epoch}:%{version}-%{release} +Requires: libgs-devel libX11-devel libXext-devel libXt-devel +Requires: bzip2-devel freetype-devel libtiff-devel libjpeg-devel lcms2-devel +Requires: libwebp-devel OpenEXR-devel jasper-devel pkgconfig + +%description devel +Development files for ImageMagick. + +%package help +Summary: HTML documentation for ImageMagick +Provides: ImageMagick-doc = %{epoch}:%{version}-%{release} +Obsoletes: ImageMagick-doc < %{epoch}:%{version}-%{release} + +%description help +HTML documentation for ImageMagick. + +%package perl +Summary: Perl bindings to ImageMagick +Requires: ImageMagick = %{epoch}:%{version}-%{release} +Requires: perl(:MODULE_COMPAT_%(eval "`%{__perl} -V:version`"; echo $version)) + +%description perl +Perl bindings to ImageMagick. +Install it to use perl scripts that use ImageMagick. + +%package c++ +Summary: Magick++ library +Requires: ImageMagick = %{epoch}:%{version}-%{release} + +%description c++ +This package contains the Magick++ library. +Install it to use applications that use Magick++. + +%package c++-devel +Summary: Development files for ImageMagick-c++ +Requires: ImageMagick-c++ = %{epoch}:%{version}-%{release} +Requires: ImageMagick-devel = %{epoch}:%{version}-%{release} + +%description c++-devel +Development files for ImageMagick-c++. + +%prep +%autosetup -n ImageMagick-6.9.10-67 -p1 + +install -d Magick++/examples +cp -p Magick++/demo/*.cpp Magick++/demo/*.miff Magick++/examples + +%build +autoconf -f -i +export CFLAGS="%{optflags} -DIMPNG_SETJMP_IS_THREAD_SAFE" +%configure --enable-shared --disable-static --with-modules --with-perl --with-x \ + --with-threads --with-magick_plus_plus --with-gslib --with-wmf --with-webp \ + --with-openexr --with-rsvg --with-xml --without-dps --without-gcc-arch \ + --with-jbig --with-openjp2 \ + --with-perl-options="INSTALLDIRS=vendor %{?perl_prefix} CC='%__cc -L$PWD/magick/.libs' LDDLFLAGS='-shared -L$PWD/magick/.libs'" +%make_build + +%install +%make_install +cp -a www/source %{buildroot}%{_datadir}/doc/ImageMagick-6.9.10 +rm %{buildroot}%{_libdir}/*.la + +%{__perl} -MExtUtils::MakeMaker -e 'MY->fixin(@ARGV)' PerlMagick/demo/*.pl + +find %{buildroot} -name "*.bs" -exec rm {} \; +find %{buildroot} -name ".packlist" -exec rm {} \; +find %{buildroot} -name "perllocal.pod" -exec rm {} \; + +printf "%defattr(-,root,root,-)\n" > perl-pkg-files +find %{buildroot}/%{_libdir}/perl* -type f -print | sed "s@^%{buildroot}@@g" > perl-pkg-files +find %{buildroot}%{perl_vendorarch} -type d -print | sed "s@^%{buildroot}@%dir @g" \ + | grep -v '^%dir %{perl_vendorarch}$' | grep -v '/auto$' >> perl-pkg-files + +%check +export LD_LIBRARY_PATH=%{buildroot}/%{_libdir} +make %{?_smp_mflags} check +rm PerlMagick/demo/Generic.ttf + +%post +/sbin/ldconfig +%postun +/sbin/ldconfig + +%files +%doc LICENSE NOTICE AUTHORS.txt +%{_bindir}/[a-z]* +%{_libdir}/libMagickCore-6.Q16.so.6* +%{_libdir}/libMagickWand-6.Q16.so.6* +%{_libdir}/ImageMagick-6.9.10 +%{_datadir}/ImageMagick-6 +%dir %{_sysconfdir}/ImageMagick-6 +%config(noreplace) %{_sysconfdir}/ImageMagick-6/*.xml + +%files devel +%{_bindir}/MagickCore-config +%{_bindir}/Magick-config +%{_bindir}/MagickWand-config +%{_bindir}/Wand-config +%{_libdir}/libMagickCore-6.Q16.so +%{_libdir}/libMagickWand-6.Q16.so +%{_libdir}/pkgconfig/MagickCore* +%{_libdir}/pkgconfig/ImageMagick.pc +%{_libdir}/pkgconfig/ImageMagick-6.Q16.pc +%{_libdir}/pkgconfig/MagickWand* +%{_libdir}/pkgconfig/Wand* +%dir %{_includedir}/ImageMagick-6 +%{_includedir}/%{name}-6/magick +%{_includedir}/%{name}-6/wand + +%files help +%doc README.txt NEWS.txt ChangeLog Platforms.txt QuickStart.txt +%doc %{_datadir}/doc/ImageMagick-6 +%doc %{_datadir}/doc/ImageMagick-6.9.10 +%{_mandir}/man[145]/[a-z]* +%{_mandir}/man1/* +%{_mandir}/man3/* + +%files perl -f perl-pkg-files +%doc PerlMagick/demo/ PerlMagick/Changelog PerlMagick/README.txt + +%files c++ +%doc Magick++/AUTHORS Magick++/ChangeLog Magick++/NEWS Magick++/README +%doc www/Magick++/COPYING +%{_libdir}/libMagick++-6.Q16.so.8* + +%files c++-devel +%doc Magick++/examples +%{_bindir}/Magick++-config +%{_includedir}/ImageMagick-6/Magick++* +%{_libdir}/libMagick++-6.Q16.so +%{_libdir}/pkgconfig/Magick++* +%{_libdir}/pkgconfig/ImageMagick++* + +%changelog +* Mon Feb 24 2020 xuxijian - 6.9.10.67-5 +- Package init diff --git a/README.en.md b/README.en.md deleted file mode 100644 index a7edb08f000fb72b7ae0cc59b75f11aa18ca4172..0000000000000000000000000000000000000000 --- a/README.en.md +++ /dev/null @@ -1,36 +0,0 @@ -# ImageMagick - -#### Description -{**When you're done, you can delete the content in this README and update the file with details for others getting started with your repository**} - -#### Software Architecture -Software architecture description - -#### Installation - -1. xxxx -2. xxxx -3. xxxx - -#### Instructions - -1. xxxx -2. xxxx -3. xxxx - -#### Contribution - -1. Fork the repository -2. Create Feat_xxx branch -3. Commit your code -4. Create Pull Request - - -#### Gitee Feature - -1. You can use Readme\_XXX.md to support different languages, such as Readme\_en.md, Readme\_zh.md -2. Gitee blog [blog.gitee.com](https://blog.gitee.com) -3. Explore open source project [https://gitee.com/explore](https://gitee.com/explore) -4. The most valuable open source project [GVP](https://gitee.com/gvp) -5. The manual of Gitee [https://gitee.com/help](https://gitee.com/help) -6. The most popular members [https://gitee.com/gitee-stars/](https://gitee.com/gitee-stars/) diff --git a/README.md b/README.md deleted file mode 100644 index 174be0057a59f54a71b347b245e68dc93576df86..0000000000000000000000000000000000000000 --- a/README.md +++ /dev/null @@ -1,39 +0,0 @@ -# ImageMagick - -#### 介绍 -{**以下是码云平台说明,您可以替换此简介** -码云是 OSCHINA 推出的基于 Git 的代码托管平台(同时支持 SVN)。专为开发者提供稳定、高效、安全的云端软件开发协作平台 -无论是个人、团队、或是企业,都能够用码云实现代码托管、项目管理、协作开发。企业项目请看 [https://gitee.com/enterprises](https://gitee.com/enterprises)} - -#### 软件架构 -软件架构说明 - - -#### 安装教程 - -1. xxxx -2. xxxx -3. xxxx - -#### 使用说明 - -1. xxxx -2. xxxx -3. xxxx - -#### 参与贡献 - -1. Fork 本仓库 -2. 新建 Feat_xxx 分支 -3. 提交代码 -4. 新建 Pull Request - - -#### 码云特技 - -1. 使用 Readme\_XXX.md 来支持不同的语言,例如 Readme\_en.md, Readme\_zh.md -2. 码云官方博客 [blog.gitee.com](https://blog.gitee.com) -3. 你可以 [https://gitee.com/explore](https://gitee.com/explore) 这个地址来了解码云上的优秀开源项目 -4. [GVP](https://gitee.com/gvp) 全称是码云最有价值开源项目,是码云综合评定出的优秀开源项目 -5. 码云官方提供的使用手册 [https://gitee.com/help](https://gitee.com/help) -6. 码云封面人物是一档用来展示码云会员风采的栏目 [https://gitee.com/gitee-stars/](https://gitee.com/gitee-stars/)