Fix CVE-2012-3437 (bz#844101, 844103)
This commit is contained in:
parent
29e85cf80f
commit
35c4c46188
|
@ -0,0 +1,56 @@
|
|||
--- coders/png.c (revision 8733)
|
||||
+++ coders/png.c (revision 8732)
|
||||
@@ -1756,11 +1756,7 @@
|
||||
}
|
||||
|
||||
#ifdef PNG_USER_MEM_SUPPORTED
|
||||
-#if PNG_LIBPNG_VER >= 14000
|
||||
-static png_voidp Magick_png_malloc(png_structp png_ptr,png_alloc_size_t size)
|
||||
-#else
|
||||
-static png_voidp Magick_png_malloc(png_structp png_ptr,png_size_t size)
|
||||
-#endif
|
||||
+static png_voidp Magick_png_malloc(png_structp png_ptr,png_uint_32 size)
|
||||
{
|
||||
#if (PNG_LIBPNG_VER < 10011)
|
||||
png_voidp
|
||||
@@ -7462,22 +7458,12 @@
|
||||
(char *) profile_type, (double) length);
|
||||
}
|
||||
|
||||
-#if PNG_LIBPNG_VER >= 14000
|
||||
- text=(png_textp) png_malloc(ping,(png_alloc_size_t) sizeof(png_text));
|
||||
-#else
|
||||
- text=(png_textp) png_malloc(ping,(png_size_t) sizeof(png_text));
|
||||
-#endif
|
||||
+ text=(png_textp) png_malloc(ping,(png_uint_32) sizeof(png_text));
|
||||
description_length=(png_uint_32) strlen((const char *) profile_description);
|
||||
allocated_length=(png_uint_32) (length*2 + (length >> 5) + 20
|
||||
+ description_length);
|
||||
-#if PNG_LIBPNG_VER >= 14000
|
||||
- text[0].text=(png_charp) png_malloc(ping,
|
||||
- (png_alloc_size_t) allocated_length);
|
||||
- text[0].key=(png_charp) png_malloc(ping, (png_alloc_size_t) 80);
|
||||
-#else
|
||||
- text[0].text=(png_charp) png_malloc(ping, (png_size_t) allocated_length);
|
||||
- text[0].key=(png_charp) png_malloc(ping, (png_size_t) 80);
|
||||
-#endif
|
||||
+ text[0].text=(png_charp) png_malloc(ping,allocated_length);
|
||||
+ text[0].key=(png_charp) png_malloc(ping, (png_uint_32) 80);
|
||||
text[0].key[0]='\0';
|
||||
(void) ConcatenateMagickString(text[0].key,
|
||||
"Raw profile type ",MaxTextExtent);
|
||||
@@ -10796,13 +10782,7 @@
|
||||
{
|
||||
if (value != (const char *) NULL)
|
||||
{
|
||||
-
|
||||
-#if PNG_LIBPNG_VER >= 14000
|
||||
- text=(png_textp) png_malloc(ping,
|
||||
- (png_alloc_size_t) sizeof(png_text));
|
||||
-#else
|
||||
- text=(png_textp) png_malloc(ping,(png_size_t) sizeof(png_text));
|
||||
-#endif
|
||||
+ text=(png_textp) png_malloc(ping,(png_uint_32) sizeof(png_text));
|
||||
text[0].key=(char *) property;
|
||||
text[0].text=(char *) value;
|
||||
text[0].text_length=strlen(value);
|
|
@ -3,7 +3,7 @@
|
|||
|
||||
Name: ImageMagick
|
||||
Version: %{VER}.%{Patchlevel}
|
||||
Release: 3%{?dist}
|
||||
Release: 4%{?dist}
|
||||
Summary: An X application for displaying and manipulating images
|
||||
Group: Applications/Multimedia
|
||||
License: ImageMagick
|
||||
|
@ -18,6 +18,9 @@ BuildRequires: libwmf-devel, jasper-devel, libtool-ltdl-devel
|
|||
BuildRequires: libX11-devel, libXext-devel, libXt-devel
|
||||
BuildRequires: lcms-devel, libxml2-devel, librsvg2-devel, OpenEXR-devel
|
||||
|
||||
# bz#844101, bz#844103
|
||||
Patch1: ImageMagick-6.7.5-6-CVE-2012-3437.patch
|
||||
|
||||
%description
|
||||
ImageMagick is an image display and manipulation tool for the X
|
||||
Window System. ImageMagick can read and write JPEG, TIFF, PNM, GIF,
|
||||
|
@ -126,6 +129,9 @@ however.
|
|||
|
||||
%prep
|
||||
%setup -q -n %{name}-%{VER}-%{Patchlevel}
|
||||
|
||||
%patch1 -p0 -R -b .CVE-2012-3437
|
||||
|
||||
sed -i 's/libltdl.la/libltdl.so/g' configure
|
||||
iconv -f ISO-8859-1 -t UTF-8 README.txt > README.txt.tmp
|
||||
touch -r README.txt README.txt.tmp
|
||||
|
@ -303,6 +309,9 @@ rm -rf %{buildroot}
|
|||
%doc PerlMagick/demo/ PerlMagick/Changelog PerlMagick/README.txt
|
||||
|
||||
%changelog
|
||||
* Sat Aug 11 2012 Pavel Alexeev <Pahan@Hubbitus.info> - 6.7.5.6-4
|
||||
- Fix CVE-2012-3437 (bz#844101, 844103)
|
||||
|
||||
* Sat Feb 25 2012 Pavel Alexeev <Pahan@Hubbitus.info> - 6.7.5.6-1
|
||||
- Update by request https://bugzilla.redhat.com/show_bug.cgi?id=755827#c8
|
||||
- Delete multilib patch as it should be in main sources.
|
||||
|
|
Loading…
Reference in New Issue