From 30752e4ff5aceec6fb2000fd981e1d88a0203f57 Mon Sep 17 00:00:00 2001
From: starlet-dx <15929766099@163.com>
Date: Thu, 9 Feb 2023 17:06:42 +0800
Subject: [PATCH] Fix CVE-2022-44267 and CVE-2022-44268

(cherry picked from commit 441e3e42e392cdc4e29dc3fc7810c4d6dfdd8b8b)
---
 CVE-2022-44267_CVE-2022-44268.patch | 30 +++++++++++++++++++++++++++++
 ImageMagick.spec                    |  6 +++++-
 2 files changed, 35 insertions(+), 1 deletion(-)
 create mode 100644 CVE-2022-44267_CVE-2022-44268.patch

diff --git a/CVE-2022-44267_CVE-2022-44268.patch b/CVE-2022-44267_CVE-2022-44268.patch
new file mode 100644
index 0000000..330a5ce
--- /dev/null
+++ b/CVE-2022-44267_CVE-2022-44268.patch
@@ -0,0 +1,30 @@
+From 3c5188b41902a909e163492fb0c19e49efefcefe Mon Sep 17 00:00:00 2001
+From: Cristy <urban-warrior@imagemagick.org>
+Date: Sat, 22 Oct 2022 13:28:51 -0400
+Subject: [PATCH] possible DoS @ stdin (OCE-2022-70); possible arbitrary file
+ leak (OCE-2022-72)
+
+---
+ coders/png.c | 3 ++-
+ 1 file changed, 2 insertions(+), 1 deletion(-)
+
+diff --git a/coders/png.c b/coders/png.c
+index dae894d9c..887827636 100644
+--- a/coders/png.c
++++ b/coders/png.c
+@@ -3793,13 +3793,14 @@ static Image *ReadOnePNGImage(MngInfo *mng_info,
+              */
+             if (!png_get_valid(ping,ping_info,PNG_INFO_pHYs) ||
+                 (LocaleCompare(text[i].key,"density") != 0 &&
+-                LocaleCompare(text[i].key,"units") != 0))
++                 LocaleCompare(text[i].key,"units") != 0))
+               {
+                 char
+                   key[MaxTextExtent];
+ 
+                 (void) FormatLocaleString(key,MaxTextExtent,"%s",text[i].key);
+                 if ((LocaleCompare(key,"version") == 0) ||
++                    (LocaleCompare(key,"profile") == 0) ||
+                     (LocaleCompare(key,"width") == 0))
+                   (void) FormatLocaleString(key,MagickPathExtent,"png:%s",
+                     text[i].key);
diff --git a/ImageMagick.spec b/ImageMagick.spec
index 9b88b12..4a48184 100644
--- a/ImageMagick.spec
+++ b/ImageMagick.spec
@@ -1,7 +1,7 @@
 Name:           ImageMagick
 Epoch:          1
 Version:        6.9.12.43
-Release:        4
+Release:        5
 Summary:        Create, edit, compose, or convert bitmap images
 License:        ImageMagick and MIT
 Url:            http://www.imagemagick.org/
@@ -12,6 +12,7 @@ Patch0002: CVE-2022-3213-pre1.patch
 Patch0003: CVE-2022-3213-pre2.patch
 Patch0004: CVE-2022-3213.patch
 Patch0005: CVE-2022-32547.patch
+Patch0006: CVE-2022-44267_CVE-2022-44268.patch
 
 
 BuildRequires:  bzip2-devel freetype-devel libjpeg-devel libpng-devel perl-generators
@@ -170,6 +171,9 @@ rm PerlMagick/demo/Generic.ttf
 %{_libdir}/pkgconfig/ImageMagick++*
 
 %changelog
+* Thu Feb 09 2023 yaoxin <yaoxin30@h-partners.com> - 1:6.9.12.43-5
+- Fix CVE-2022-44267 and CVE-2022-44268
+
 * Tue Nov 22 2022 yaoxin <yaoxin30@h-partners.com> - 1:6.9.12.43-4
 - Fix CVE-2022-32547
 
-- 
Gitee