gnu: graphicsmagick: Fix CVE-2017-{11403,14103}.
* gnu/packages/imagemagick.scm (graphicsmagick)[source]: Add patch. * gnu/packages/patches/graphicsmagick-CVE-2017-11403+CVE-2017-14103.patch: New file. * gnu/local.mk (dist_patch_DATA): Register it.
This commit is contained in:
parent
c61794cf45
commit
db7f7eb8ca
|
@ -678,6 +678,7 @@ dist_patch_DATA = \
|
||||||
%D%/packages/patches/gobject-introspection-absolute-shlib-path.patch \
|
%D%/packages/patches/gobject-introspection-absolute-shlib-path.patch \
|
||||||
%D%/packages/patches/gobject-introspection-cc.patch \
|
%D%/packages/patches/gobject-introspection-cc.patch \
|
||||||
%D%/packages/patches/gobject-introspection-girepository.patch \
|
%D%/packages/patches/gobject-introspection-girepository.patch \
|
||||||
|
%D%/packages/patches/graphicsmagick-CVE-2017-11403+CVE-2017-14103.patch \
|
||||||
%D%/packages/patches/graphicsmagick-CVE-2017-12935.patch \
|
%D%/packages/patches/graphicsmagick-CVE-2017-12935.patch \
|
||||||
%D%/packages/patches/graphicsmagick-CVE-2017-12936.patch \
|
%D%/packages/patches/graphicsmagick-CVE-2017-12936.patch \
|
||||||
%D%/packages/patches/graphicsmagick-CVE-2017-12937.patch \
|
%D%/packages/patches/graphicsmagick-CVE-2017-12937.patch \
|
||||||
|
|
|
@ -178,7 +178,8 @@ script.")
|
||||||
(base32
|
(base32
|
||||||
"122zgs96dqrys62mnh8x5yvfff6km4d3yrnvaxzg3mg5sprib87v"))
|
"122zgs96dqrys62mnh8x5yvfff6km4d3yrnvaxzg3mg5sprib87v"))
|
||||||
(patches
|
(patches
|
||||||
(search-patches "graphicsmagick-CVE-2017-12935.patch"
|
(search-patches "graphicsmagick-CVE-2017-11403+CVE-2017-14103.patch"
|
||||||
|
"graphicsmagick-CVE-2017-12935.patch"
|
||||||
"graphicsmagick-CVE-2017-12936.patch"
|
"graphicsmagick-CVE-2017-12936.patch"
|
||||||
"graphicsmagick-CVE-2017-12937.patch"
|
"graphicsmagick-CVE-2017-12937.patch"
|
||||||
"graphicsmagick-CVE-2017-13775.patch"
|
"graphicsmagick-CVE-2017-13775.patch"
|
||||||
|
|
|
@ -0,0 +1,137 @@
|
||||||
|
http://www.openwall.com/lists/oss-security/2017/09/01/6
|
||||||
|
|
||||||
|
CVE-2017-11403:
|
||||||
|
http://hg.code.sf.net/p/graphicsmagick/code/rev/d0a76868ca37
|
||||||
|
|
||||||
|
CVE-2017-14103:
|
||||||
|
http://hg.code.sf.net/p/graphicsmagick/code/rev/98721124e51f
|
||||||
|
|
||||||
|
some changes were made to make the patch apply
|
||||||
|
|
||||||
|
# HG changeset patch
|
||||||
|
# User Glenn Randers-Pehrson <glennrp+bmo@gmail.com>
|
||||||
|
# Date 1503875721 14400
|
||||||
|
# Node ID 98721124e51fd5ec0c6fba64bce2e218869632d2
|
||||||
|
# Parent f0f2ea85a2930f3b6dcd72352719adb9660f2aad
|
||||||
|
Attempt to fix Issue 440.
|
||||||
|
|
||||||
|
diff -ru a/coders/png.c b/coders/png.c
|
||||||
|
--- a/coders/png.c 1969-12-31 19:00:00.000000000 -0500
|
||||||
|
+++ b/coders/png.c 2017-09-10 11:31:56.543194173 -0400
|
||||||
|
@@ -3106,7 +3106,9 @@
|
||||||
|
if (length > PNG_MAX_UINT || count == 0)
|
||||||
|
{
|
||||||
|
DestroyJNGInfo(color_image_info,alpha_image_info);
|
||||||
|
- ThrowReaderException(CorruptImageError,CorruptImage,image);
|
||||||
|
+ (void) LogMagickEvent(CoderEvent,GetMagickModule(),
|
||||||
|
+ "chunk length (%lu) > PNG_MAX_UINT",length);
|
||||||
|
+ return ((Image*)NULL);
|
||||||
|
}
|
||||||
|
|
||||||
|
chunk=(unsigned char *) NULL;
|
||||||
|
@@ -3117,13 +3119,16 @@
|
||||||
|
if (chunk == (unsigned char *) NULL)
|
||||||
|
{
|
||||||
|
DestroyJNGInfo(color_image_info,alpha_image_info);
|
||||||
|
- ThrowReaderException(ResourceLimitError,MemoryAllocationFailed,
|
||||||
|
- image);
|
||||||
|
+ (void) LogMagickEvent(CoderEvent,GetMagickModule(),
|
||||||
|
+ " Could not allocate chunk memory");
|
||||||
|
+ return ((Image*)NULL);
|
||||||
|
}
|
||||||
|
if (ReadBlob(image,length,chunk) < length)
|
||||||
|
{
|
||||||
|
DestroyJNGInfo(color_image_info,alpha_image_info);
|
||||||
|
- ThrowReaderException(CorruptImageError,CorruptImage,image);
|
||||||
|
+ (void) LogMagickEvent(CoderEvent,GetMagickModule(),
|
||||||
|
+ " chunk reading was incomplete");
|
||||||
|
+ return ((Image*)NULL);
|
||||||
|
}
|
||||||
|
p=chunk;
|
||||||
|
}
|
||||||
|
@@ -3198,7 +3203,7 @@
|
||||||
|
jng_width, jng_height);
|
||||||
|
MagickFreeMemory(chunk);
|
||||||
|
DestroyJNGInfo(color_image_info,alpha_image_info);
|
||||||
|
- ThrowReaderException(CorruptImageError,ImproperImageHeader,image);
|
||||||
|
+ return ((Image *)NULL);
|
||||||
|
}
|
||||||
|
|
||||||
|
/* Temporarily set width and height resources to match JHDR */
|
||||||
|
@@ -3233,8 +3238,9 @@
|
||||||
|
if (color_image == (Image *) NULL)
|
||||||
|
{
|
||||||
|
DestroyJNGInfo(color_image_info,alpha_image_info);
|
||||||
|
- ThrowReaderException(ResourceLimitError,MemoryAllocationFailed,
|
||||||
|
- image);
|
||||||
|
+ (void) LogMagickEvent(CoderEvent,GetMagickModule(),
|
||||||
|
+ " could not open color_image blob");
|
||||||
|
+ return ((Image *)NULL);
|
||||||
|
}
|
||||||
|
if (logging)
|
||||||
|
(void) LogMagickEvent(CoderEvent,GetMagickModule(),
|
||||||
|
@@ -3245,7 +3251,9 @@
|
||||||
|
if (status == MagickFalse)
|
||||||
|
{
|
||||||
|
DestroyJNGInfo(color_image_info,alpha_image_info);
|
||||||
|
- ThrowReaderException(CoderError,UnableToOpenBlob,color_image);
|
||||||
|
+ (void) LogMagickEvent(CoderEvent,GetMagickModule(),
|
||||||
|
+ " could not open color_image blob");
|
||||||
|
+ return ((Image *)NULL);
|
||||||
|
}
|
||||||
|
|
||||||
|
if (!image_info->ping && jng_color_type >= 12)
|
||||||
|
@@ -3255,17 +3263,18 @@
|
||||||
|
if (alpha_image_info == (ImageInfo *) NULL)
|
||||||
|
{
|
||||||
|
DestroyJNGInfo(color_image_info,alpha_image_info);
|
||||||
|
- ThrowReaderException(ResourceLimitError,
|
||||||
|
- MemoryAllocationFailed, image);
|
||||||
|
+ (void) LogMagickEvent(CoderEvent,GetMagickModule(),
|
||||||
|
+ " could not allocate alpha_image_info",length);
|
||||||
|
+ return ((Image *)NULL);
|
||||||
|
}
|
||||||
|
GetImageInfo(alpha_image_info);
|
||||||
|
alpha_image=AllocateImage(alpha_image_info);
|
||||||
|
if (alpha_image == (Image *) NULL)
|
||||||
|
{
|
||||||
|
DestroyJNGInfo(color_image_info,alpha_image_info);
|
||||||
|
- ThrowReaderException(ResourceLimitError,
|
||||||
|
- MemoryAllocationFailed,
|
||||||
|
- alpha_image);
|
||||||
|
+ (void) LogMagickEvent(CoderEvent,GetMagickModule(),
|
||||||
|
+ " could not allocate alpha_image");
|
||||||
|
+ return ((Image *)NULL);
|
||||||
|
}
|
||||||
|
if (logging)
|
||||||
|
(void) LogMagickEvent(CoderEvent,GetMagickModule(),
|
||||||
|
@@ -3277,7 +3286,9 @@
|
||||||
|
{
|
||||||
|
DestroyJNGInfo(color_image_info,alpha_image_info);
|
||||||
|
DestroyImage(alpha_image);
|
||||||
|
- ThrowReaderException(CoderError,UnableToOpenBlob,image);
|
||||||
|
+ (void) LogMagickEvent(CoderEvent,GetMagickModule(),
|
||||||
|
+ " could not allocate alpha_image blob");
|
||||||
|
+ return ((Image *)NULL);
|
||||||
|
}
|
||||||
|
if (jng_alpha_compression_method == 0)
|
||||||
|
{
|
||||||
|
@@ -3613,6 +3624,8 @@
|
||||||
|
alpha_image = (Image *)NULL;
|
||||||
|
DestroyImageInfo(alpha_image_info);
|
||||||
|
alpha_image_info = (ImageInfo *)NULL;
|
||||||
|
+ (void) LogMagickEvent(CoderEvent,GetMagickModule(),
|
||||||
|
+ " Destroy the JNG image");
|
||||||
|
DestroyImage(jng_image);
|
||||||
|
jng_image = (Image *)NULL;
|
||||||
|
}
|
||||||
|
@@ -5146,8 +5159,8 @@
|
||||||
|
|
||||||
|
if (image == (Image *) NULL)
|
||||||
|
{
|
||||||
|
- DestroyImageList(previous);
|
||||||
|
CloseBlob(previous);
|
||||||
|
+ DestroyImageList(previous);
|
||||||
|
MngInfoFreeStruct(mng_info,&have_mng_structure);
|
||||||
|
return((Image *) NULL);
|
||||||
|
}
|
Loading…
Reference in New Issue