diff --git a/SOURCES/0001-Fix-CVE-2014-1947-CVE-2014-2030.patch b/SOURCES/0001-Fix-CVE-2014-1947-CVE-2014-2030.patch new file mode 100644 index 0000000..703a255 --- /dev/null +++ b/SOURCES/0001-Fix-CVE-2014-1947-CVE-2014-2030.patch @@ -0,0 +1,49 @@ +From b78822716fd79b380ddce5cbe23ce82d08e1df96 Mon Sep 17 00:00:00 2001 +From: cristy +Date: Thu, 14 Nov 2013 12:36:55 +0000 +Subject: [PATCH] Fix CVE-2014-1947, CVE-2014-2030 + +Upstream commit: r13736 + +Make layer_name large enough so that an overflow does not occur if +there are more than 99 layers. +--- + coders/psd.c | 12 ++++++------ + 1 file changed, 6 insertions(+), 6 deletions(-) + +diff --git a/coders/psd.c b/coders/psd.c +index 3c0b938..5c23992 100644 +--- a/coders/psd.c ++++ b/coders/psd.c +@@ -2101,9 +2101,6 @@ static MagickBooleanType WritePSDImage(const ImageInfo *image_info,Image *image) + StringInfo + *bim_profile; + +- unsigned char +- layer_name[4]; +- + /* + Open image file. + */ +@@ -2361,12 +2358,15 @@ static MagickBooleanType WritePSDImage(const ImageInfo *image_info,Image *image) + property=(const char *) GetImageProperty(next_image,"label"); + if (property == (const char *) NULL) + { ++ char ++ layer_name[MaxTextExtent]; ++ + (void) WriteBlobMSBLong(image,16); + (void) WriteBlobMSBLong(image,0); + (void) WriteBlobMSBLong(image,0); +- (void) FormatLocaleString((char *) layer_name,MaxTextExtent, +- "L%06ld",(long) layer_count++); +- WritePascalString( image, (char*)layer_name, 4 ); ++ (void) FormatLocaleString(layer_name,MaxTextExtent,"L%06ld",(long) ++ layer_count++); ++ WritePascalString(image,layer_name,4); + } + else + { +-- +1.8.3.1 + diff --git a/SPECS/ImageMagick.spec b/SPECS/ImageMagick.spec index d8afc55..d24e491 100644 --- a/SPECS/ImageMagick.spec +++ b/SPECS/ImageMagick.spec @@ -3,7 +3,7 @@ Name: ImageMagick Version: %{VER}.%{Patchlevel} -Release: 6%{?dist} +Release: 10%{?dist} Summary: An X application for displaying and manipulating images Group: Applications/Multimedia License: ImageMagick @@ -11,6 +11,7 @@ Url: http://www.imagemagick.org/ Source0: ftp://ftp.ImageMagick.org/pub/%{name}/%{name}-%{VER}-%{Patchlevel}.tar.xz Patch0: 0001-Fix-man-page-scan-results.patch +Patch1: 0001-Fix-CVE-2014-1947-CVE-2014-2030.patch BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n) BuildRequires: bzip2-devel, freetype-devel, libjpeg-devel, libpng-devel @@ -125,6 +126,7 @@ mv README.txt.tmp README.txt mkdir Magick++/examples cp -p Magick++/demo/*.cpp Magick++/demo/*.miff Magick++/examples %patch0 -p1 +%patch1 -p1 %build %configure --enable-shared \ @@ -182,14 +184,8 @@ if [ -z perl-pkg-files ] ; then fi # fix multilib issues -%ifarch x86_64 s390x ia64 ppc64 alpha sparc64 -%define wordsize 64 -%else -%define wordsize 32 -%endif - mv %{buildroot}%{_includedir}/%{name}/magick/magick-config.h \ - %{buildroot}%{_includedir}/%{name}/magick/magick-config-%{wordsize}.h + %{buildroot}%{_includedir}/%{name}/magick/magick-config-%{__isa_bits}.h cat >%{buildroot}%{_includedir}/%{name}/magick/magick-config.h < 6.7.8.9-10 +- backported r13736 to fix CVE-2014-1947, CVE-2014-2030 (rhbz#1083080) + +* Fri Jan 24 2014 Daniel Mach - 6.7.8.9-9 +- Mass rebuild 2014-01-24 + +* Fri Dec 27 2013 Daniel Mach - 6.7.8.9-8 +- Mass rebuild 2013-12-27 + +* Fri Nov 08 2013 Benjamin Tissoires 6.7.8.9-7 +- add aarch64 as a target by using %{__isa_bits} set by platform, instead of hardcoding the list of 64-bit arches (rhbz#1028584) + * Mon Sep 09 2013 Benjamin Tissoires 6.7.8.9-6 - drop djvulibre (BZ#1004852)