diff options
| author | Francesco Colista <fcolista@alpinelinux.org> | 2017-08-04 13:36:20 +0000 |
|---|---|---|
| committer | Francesco Colista <fcolista@alpinelinux.org> | 2017-08-04 14:26:13 +0000 |
| commit | f1d3663a658aec8ca5dd30b8a47fe7e93e10a5d2 (patch) | |
| tree | db25523f5ed2813bc67721eb720e283ebe578170 /community/graphicsmagick | |
| parent | 01e5f72daf55e494af5b88b14732a822c09df7e0 (diff) | |
| download | aports-f1d3663a658aec8ca5dd30b8a47fe7e93e10a5d2.tar.bz2 aports-f1d3663a658aec8ca5dd30b8a47fe7e93e10a5d2.tar.xz | |
community/graphicsmagick: fix CVE-2017-11403. Fixes #7547
Diffstat (limited to 'community/graphicsmagick')
| -rw-r--r-- | community/graphicsmagick/APKBUILD | 12 | ||||
| -rw-r--r-- | community/graphicsmagick/CVE-2017-11403.patch | 14 |
2 files changed, 23 insertions, 3 deletions
diff --git a/community/graphicsmagick/APKBUILD b/community/graphicsmagick/APKBUILD index 91ac727e2d..cda8a6fdd3 100644 --- a/community/graphicsmagick/APKBUILD +++ b/community/graphicsmagick/APKBUILD @@ -2,7 +2,7 @@ # Maintainer: Francesco Colista <fcolista@alpinelinux.org> pkgname=graphicsmagick pkgver=1.3.26 -pkgrel=0 +pkgrel=1 pkgdesc="Image processing system" url="http://www.graphicsmagick.org/" arch="all" @@ -12,11 +12,16 @@ depends_dev="jasper-dev libpng-dev tiff-dev libxml2-dev libwmf-dev" makedepends="$depends_dev libtool libltdl" install="" subpackages="$pkgname-dev $pkgname-doc" -source="http://downloads.sourceforge.net/$pkgname/$pkgname/$pkgver/GraphicsMagick-$pkgver.tar.xz" +source="http://downloads.sourceforge.net/$pkgname/$pkgname/$pkgver/GraphicsMagick-$pkgver.tar.xz + CVE-2017-11403.patch" options="libtool" builddir="$srcdir"/GraphicsMagick-$pkgver +# security fixes: +# 1.3.26-r1: +# - CVE-2017-11403 + build() { cd "$builddir" ./configure \ @@ -42,4 +47,5 @@ package() { make DESTDIR="$pkgdir" install || return 1 } -sha512sums="b33ca0f1c858428693aee27a9089acff9e63d1110f85fa036894cfefe6274e7b2422758ea39852f94fdb4823c9c3f3c44b0d8906627503301f5928096f739f22 GraphicsMagick-1.3.26.tar.xz" +sha512sums="b33ca0f1c858428693aee27a9089acff9e63d1110f85fa036894cfefe6274e7b2422758ea39852f94fdb4823c9c3f3c44b0d8906627503301f5928096f739f22 GraphicsMagick-1.3.26.tar.xz +00cb425b9cb6cc0c7b92a6c795150222edf2d16d513f4d4c803ff15cfb1917e81c6854109aee0ca845d3668e515cec06c4067155f82a9ea0abde30f6bbd1e8c2 CVE-2017-11403.patch" diff --git a/community/graphicsmagick/CVE-2017-11403.patch b/community/graphicsmagick/CVE-2017-11403.patch new file mode 100644 index 0000000000..f3ae7b0298 --- /dev/null +++ b/community/graphicsmagick/CVE-2017-11403.patch @@ -0,0 +1,14 @@ +diff -r b24f2a9b0dd7 -r d0a76868ca37 coders/png.c +--- a/coders/png.c Mon Jul 10 11:31:05 2017 -0400 ++++ b/coders/png.c Mon Jul 10 12:40:55 2017 -0400 +@@ -5161,8 +5161,8 @@ + + if (image == (Image *) NULL) + { ++ CloseBlob(previous); + DestroyImageList(previous); +- CloseBlob(previous); + MngInfoFreeStruct(mng_info,&have_mng_structure); + return((Image *) NULL); + } + |