diff options
| author | Natanael Copa <ncopa@alpinelinux.org> | 2016-10-21 14:40:34 +0200 |
|---|---|---|
| committer | Natanael Copa <ncopa@alpinelinux.org> | 2016-10-21 14:40:34 +0200 |
| commit | a9c59696d69df232d543f278c34f1241e3c1e103 (patch) | |
| tree | 2bdee9287a40bb67d8142409d5114525eff5f2d2 | |
| parent | 7a1fa50fc838cd70f0faff3af1d1c258a13001ec (diff) | |
| download | aports-a9c59696d69df232d543f278c34f1241e3c1e103.tar.bz2 aports-a9c59696d69df232d543f278c34f1241e3c1e103.tar.xz | |
main/imagemagic: security fix for CVE-2016-7799 CVE-2016-7906
fixes #6325
| -rw-r--r-- | main/imagemagick/APKBUILD | 22 | ||||
| -rw-r--r-- | main/imagemagick/CVE-2016-7799.patch | 22 | ||||
| -rw-r--r-- | main/imagemagick/CVE-2016-7906.patch | 22 |
3 files changed, 61 insertions, 5 deletions
diff --git a/main/imagemagick/APKBUILD b/main/imagemagick/APKBUILD index b379c98385..0ab2e44018 100644 --- a/main/imagemagick/APKBUILD +++ b/main/imagemagick/APKBUILD @@ -5,7 +5,7 @@ pkgname=imagemagick pkgver=6.9.5.9 _abiver=6 _pkgver=${pkgver%.*}-${pkgver##*.} -pkgrel=0 +pkgrel=1 pkgdesc="A collection of tools and libraries for many image formats" url="http://www.imagemagick.org/" arch="all" @@ -15,7 +15,10 @@ options="libtool" makedepends="zlib-dev libpng-dev libjpeg-turbo-dev freetype-dev fontconfig-dev perl-dev ghostscript-dev libwebp-dev libtool tiff-dev lcms2-dev" subpackages="$pkgname-doc $pkgname-dev $pkgname-c++:_cxx" -source="http://www.imagemagick.org/download/releases/ImageMagick-$_pkgver.tar.xz" +source="http://www.imagemagick.org/download/releases/ImageMagick-$_pkgver.tar.xz + CVE-2016-7799.patch + CVE-2016-7906.patch + " # secfixes: # 6.9.5.3: @@ -28,6 +31,9 @@ source="http://www.imagemagick.org/download/releases/ImageMagick-$_pkgver.tar.xz # - CVE-2016-5841 # - CVE-2016-5842 # - CVE-2016-6491 +# 6.9.5.9-r1: +# - CVE-2016-7799 +# - CVE-2016-7906 _builddir="$srcdir/ImageMagick-${_pkgver}" prepare() { @@ -85,6 +91,12 @@ _cxx() { mv "$pkgdir"/usr/lib/libMagick++*.so.* "$subpkgdir"/usr/lib/ } -md5sums="fc7c456f4bee061d387a03c7484e27f1 ImageMagick-6.9.5-9.tar.xz" -sha256sums="9c4f300daae165a6bcf46779876f9361a958076f8cd59fa203d84c70ba5bc183 ImageMagick-6.9.5-9.tar.xz" -sha512sums="3aff67710305e3427e2effab5bd5b10c9f55ca9b755704cdea169dbe3653fe919ae603a37fb3d7c105b61c930d4652cf488f7a7ec0a2d847bfb66b8f6eb1db43 ImageMagick-6.9.5-9.tar.xz" +md5sums="fc7c456f4bee061d387a03c7484e27f1 ImageMagick-6.9.5-9.tar.xz +a69aaa7cfb91129faf0a6180632f37cc CVE-2016-7799.patch +db49949a2ab7d4f593f07dcd2dd76e66 CVE-2016-7906.patch" +sha256sums="9c4f300daae165a6bcf46779876f9361a958076f8cd59fa203d84c70ba5bc183 ImageMagick-6.9.5-9.tar.xz +a81409f154f1d195e559aadc0caa6b4498fd6132c8d97bc3a9b55e693cb7aa75 CVE-2016-7799.patch +a4e525f2980d665db04f15050cfce44a2dfdbf324e442f5610dfbd045214f02f CVE-2016-7906.patch" +sha512sums="3aff67710305e3427e2effab5bd5b10c9f55ca9b755704cdea169dbe3653fe919ae603a37fb3d7c105b61c930d4652cf488f7a7ec0a2d847bfb66b8f6eb1db43 ImageMagick-6.9.5-9.tar.xz +78d60bd48ac932adaaadaae0b26594cc72ba3e94a0752e28e775ad37c9eb0cd0f602c969e52dab0e196a9742559df5b4406dc116095a6a5852444d0f00a89aca CVE-2016-7799.patch +f64fe197b621ae7046326ad88302c8a24e70c95c8725a8cdae56586460b00bb7137228ae04a9396b0e872bde901c464f2fbf570657d5d1c1c3592900c42d626b CVE-2016-7906.patch" diff --git a/main/imagemagick/CVE-2016-7799.patch b/main/imagemagick/CVE-2016-7799.patch new file mode 100644 index 0000000000..6b04f3dc4b --- /dev/null +++ b/main/imagemagick/CVE-2016-7799.patch @@ -0,0 +1,22 @@ +From 00a80395a4cd17a6f420238bf9d936d3d9b65a8a Mon Sep 17 00:00:00 2001 +From: Cristy <urban-warrior@imagemagick.org> +Date: Fri, 30 Sep 2016 15:18:03 -0400 +Subject: [PATCH] https://github.com/ImageMagick/ImageMagick/issues/280 + +--- + magick/profile.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/magick/profile.c b/magick/profile.c +index baf7e70..db4083d 100644 +--- a/magick/profile.c ++++ b/magick/profile.c +@@ -2060,7 +2060,7 @@ static MagickBooleanType SyncExifProfile(Image *image, StringInfo *profile) + (void) AddValueToSplayTree(exif_resources,q,q); + tag_value=(ssize_t) ReadProfileShort(endian,q); + format=(ssize_t) ReadProfileShort(endian,q+2); +- if ((format-1) >= EXIF_NUM_FORMATS) ++ if ((format < 0) || ((format-1) >= EXIF_NUM_FORMATS)) + break; + components=(ssize_t) ReadProfileLong(endian,q+4); + if (components < 0) diff --git a/main/imagemagick/CVE-2016-7906.patch b/main/imagemagick/CVE-2016-7906.patch new file mode 100644 index 0000000000..fc22b35278 --- /dev/null +++ b/main/imagemagick/CVE-2016-7906.patch @@ -0,0 +1,22 @@ +From d63a3c5729df59f183e9e110d5d8385d17caaad0 Mon Sep 17 00:00:00 2001 +From: Cristy <urban-warrior@imagemagick.org> +Date: Sat, 1 Oct 2016 11:16:55 -0400 +Subject: [PATCH] https://github.com/ImageMagick/ImageMagick/issues/281 + +--- + magick/attribute.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/magick/attribute.c b/magick/attribute.c +index 4e01240..53d2706 100644 +--- a/magick/attribute.c ++++ b/magick/attribute.c +@@ -1296,7 +1296,7 @@ MagickExport MagickBooleanType SetImageType(Image *image,const ImageType type) + status=QuantizeImage(quantize_info,image); + quantize_info=DestroyQuantizeInfo(quantize_info); + } +- image->colors=2; ++ status=AcquireImageColormap(image,2); + image->matte=MagickFalse; + break; + } |