From 42733cb3a55e96d45c56ca48d89ad9f2c0267024 Mon Sep 17 00:00:00 2001 From: Kevin Fenzi Date: Thu, 27 Jul 2017 17:17:33 -0700 Subject: [PATCH] Update to 6.9.9-3. Fixes bug #1299275 Fix CVE-2017-11644 ImageMagick: Memory-Leak in ReadMATImage() coders/mat.c - bug #1475485 Fix CVE-2017-11639 ImageMagick: heap-based buffer over-read in the WriteCIPImage() function in coders/cip.c - bug #1475470 Fix CVE-2017-11640 ImageMagick: NULL pointer dereference in WritePTIFImage() in coders/tiff.c - bug #1475463 Fix CVE-2017-11523 ImageMagick: Endless loop in ReadTXTImage function in coders/txt.c - bug #1474845 Fix CVE-2017-11446 CVE-2017-11478 ImageMagick: various flaws - bug #1474363,1474391 Fix CVE-2017-11360 ImageMagick: Resource exhaustion in ReadRLEImage function - bug #1473847 Fix CVE-2017-11188 ImageMagick: Resource exhaustion in ReadDPXImage function in coders\dpx.c - bug #1473824 Fix CVE-2017-11448 ImageMagick: Info leak from from uninitialized memory in ReadJPEGImage function - bug #1473801 Fix CVE-2017-11447 ImageMagick: Memory leak in ReadSCREENSHOTImage function in coders/screenshot.c - bug #1473798 Fix CVE-2017-11449 ImageMagick: coders/mpc.c don't validade blob sizes of stdin image input - bug #1473796 Fix CVE-2017-11450 ImageMagick: Too short JPEG data causes denial of service in coders/jpeg.c - bug #1473774 Fix CVE-2017-11141 ImageMagick: Memory exhaustion in ReadMATImage function in coders\mat.c - bug #1473757 Fix CVE-2017-10928 ImageMagick: heap-based buffer over-read in the GetNextToken function - bug #1473717 Fix CVE-2017-11352 ImageMagick: Improper EOF handling in coders/rle.c can trigger crash (Incomplete fix for CVE-2017-9144) - bug #1471835 Fix CVE-2017-10995 ImageMagick: Out-of-bounds heap read in mng_get_long function - bug #1471121 Fix CVE-2017-11170 ImageMagick: Memory leak in ReadTGAImage function when processing TGA or VST file - bug #1470669 Fix CVE-2017-7941 CVE-2017-7942 CVE-2017-7943 CVE-2017-8352 ImageMagick: various flaws - bug #1445676,1445677,1445679,1449253 Fix CVE-2017-9141 CVE-2017-9142 CVE-2017-9143 CVE-2017-9144 ImageMagick: various flaws - bug #1455578,1455581,1455583,1455584 Fix CVE-2016-9559 ImageMagick: Null pointer dereference in tiff.c - bug #1398189,1398198,1413898 Fix CVE-2017-5507 ImageMagick: Memory leak in mpc file handling - bug #1414444 Fix CVE-2016-10146 ImageMagick: Memory leak in caption and label handling - bug #1414446 Fix CVE-2017-5508 ImageMagick: Heap-buffer-overflow in PushQuantumPixel - bug #1414445 Fix CVE-2016-10070 ImageMagick: Out-of-bounds read in mat.c - bug #1410510 Fix CVE-2017-5506 ImageMagick: Double-free memory corruption in profile.c - bug #1414442 Fix CVE-2016-10064 ImageMagick: Buffer overflow in tiff.c - bug #1410478 Fix CVE-2016-10071 ImageMagick: Out-of-bounds read in mat.c - bug #1410513 Fix CVE-2016-10059 ImageMagick: TIFF file buffer overflow - bug #1410469 Fix CVE-2016-10057 ImageMagick: Buffer overflow in CALS coder - bug #1410466 Fix CVE-2016-10052 ImageMagick: Out-of-bounds write in exif (jpeg) reader - bug #1410459 Fix CVE-2016-10050 ImageMagick: Heap overflow when reading corrupt RLE files - bug #1410454 Fix CVE-2016-10049 ImageMagick: Buffer overflow when reading corrupt RLE files - bug #1410452 Fix CVE-2016-10046 ImageMagick: Buffer overflow in draw.c - bug #1410448 Fix CVE-2016-8677 ImageMagick: Memory allocation failure in AcquireQuantumPixel - bug #1385698 Fix CVE-2016-7906 ImageMagick: Mogrify heap-use-after-free in attribute.c - bug #1381141 Fix CVE-2016-7799 ImageMagick: Mogrify buffer over-read in profile.c - bug #1381138 ImageMagick: Hang when supplying file ending with colon to identify - bug #1380428 Fix CVE-2014-9907 CVE-2015-8957 CVE-2015-8958 CVE-2015-8959 CVE-2016-6823 CVE-2016-7101 CVE-2016-7513 CVE-2016-7514 CVE-2016-7515 CVE-2016-7516 CVE-2016-7517 CVE-2016-7518 CVE-2016-7519 CVE-2016-7520 CVE-2016-7521 ... ImageMagick: various flaws - bug #1378734,1378735,1378736,1378738,1378733,1378739,1378741,1378743,1378744,1378745,1378746,1378747,1378748,1378751,1378754,1378756,1378757,1378758,1378759,1378760,1378761,1378762,1378763,1378764,1378765,1378767,1378768,1378772,1378773,1378775,1378776,1378777,1378790 Fix CVE-2016-5010 ImageMagick: Out-of-bounds read when processing crafted tiff file - bug #1354500,1361578 --- .gitignore | 1 + ...2-7-multiarch-implicit-pkgconfig-dir.patch | 28 --------- ...9-3-multiarch-implicit-pkgconfig-dir.patch | 28 +++++++++ ImageMagick.spec | 61 +++++++++++++++---- sources | 2 +- 5 files changed, 79 insertions(+), 41 deletions(-) delete mode 100644 ImageMagick-6.9.2-7-multiarch-implicit-pkgconfig-dir.patch create mode 100644 ImageMagick-6.9.9-3-multiarch-implicit-pkgconfig-dir.patch diff --git a/.gitignore b/.gitignore index 71c8929..e0395ab 100644 --- a/.gitignore +++ b/.gitignore @@ -22,3 +22,4 @@ ImageMagick-6.4.0-multilib.patch /ImageMagick-6.9.1-3.tar.bz2 /ImageMagick-6.9.2-7.tar.xz /ImageMagick-6.9.3-0.tar.xz +/ImageMagick-6.9.9-3.tar.xz diff --git a/ImageMagick-6.9.2-7-multiarch-implicit-pkgconfig-dir.patch b/ImageMagick-6.9.2-7-multiarch-implicit-pkgconfig-dir.patch deleted file mode 100644 index 8f711cc..0000000 --- a/ImageMagick-6.9.2-7-multiarch-implicit-pkgconfig-dir.patch +++ /dev/null @@ -1,28 +0,0 @@ -diff -NurEbBH ImageMagick-6.9.2-7.orig/wand/MagickWand-config.in ImageMagick-6.9.2-7/wand/MagickWand-config.in ---- ImageMagick-6.9.2-7.orig/wand/MagickWand-config.in 2015-11-26 17:14:07.000000000 +0300 -+++ ImageMagick-6.9.2-7/wand/MagickWand-config.in 2015-12-05 21:53:37.350660894 +0300 -@@ -38,19 +38,19 @@ - echo '@PACKAGE_VERSION@ Q@QUANTUM_DEPTH@ @MAGICK_HDRI@' - ;; - --cflags) -- PKG_CONFIG_PATH="@libdir@/pkgconfig" pkg-config --cflags MagickWand -+ pkg-config --cflags MagickWand - ;; - --cxxflags) -- PKG_CONFIG_PATH="@libdir@/pkgconfig" pkg-config --cflags MagickWand -+ pkg-config --cflags MagickWand - ;; - --cppflags) -- PKG_CONFIG_PATH="@libdir@/pkgconfig" pkg-config --cflags MagickWand -+ pkg-config --cflags MagickWand - ;; - --ldflags) -- PKG_CONFIG_PATH="@libdir@/pkgconfig" pkg-config --libs MagickWand -+ pkg-config --libs MagickWand - ;; - --libs) -- PKG_CONFIG_PATH="@libdir@/pkgconfig" pkg-config --libs MagickWand -+ pkg-config --libs MagickWand - ;; - *) - echo "${usage}" 1>&2 diff --git a/ImageMagick-6.9.9-3-multiarch-implicit-pkgconfig-dir.patch b/ImageMagick-6.9.9-3-multiarch-implicit-pkgconfig-dir.patch new file mode 100644 index 0000000..64cefc0 --- /dev/null +++ b/ImageMagick-6.9.9-3-multiarch-implicit-pkgconfig-dir.patch @@ -0,0 +1,28 @@ +diff -Nur ImageMagick-6.9.9-3.orig/wand/MagickWand-config.in ImageMagick-6.9.9-3/wand/MagickWand-config.in +--- ImageMagick-6.9.9-3.orig/wand/MagickWand-config.in 2017-07-24 06:37:55.000000000 -0700 ++++ ImageMagick-6.9.9-3/wand/MagickWand-config.in 2017-07-27 15:17:55.343675457 -0700 +@@ -38,19 +38,19 @@ + echo '@PACKAGE_VERSION@ Q@QUANTUM_DEPTH@ @MAGICK_HDRI@' + ;; + --cflags) +- @PKG_CONFIG@ --cflags MagickWand ++ pkg-config --cflags MagickWand + ;; + --cxxflags) +- @PKG_CONFIG@ --cflags MagickWand ++ pkg-config --cflags MagickWand + ;; + --cppflags) +- @PKG_CONFIG@ --cflags MagickWand ++ pkg-config --cflags MagickWand + ;; + --ldflags) +- @PKG_CONFIG@ --libs MagickWand ++ pkg-config --libs MagickWand + ;; + --libs) +- @PKG_CONFIG@ --libs MagickWand ++ pkg-config --libs MagickWand + ;; + *) + echo "${usage}" 1>&2 diff --git a/ImageMagick.spec b/ImageMagick.spec index 90210f9..859cbaa 100644 --- a/ImageMagick.spec +++ b/ImageMagick.spec @@ -1,18 +1,17 @@ -%global VER 6.9.3 -%global Patchlevel 0 +%global VER 6.9.9 +%global Patchlevel 3 Name: ImageMagick Version: %{VER}.%{Patchlevel} -Release: 8%{?dist} +Release: 1%{?dist} Summary: An X application for displaying and manipulating images Group: Applications/Multimedia License: ImageMagick Url: http://www.imagemagick.org/ -Source0: ftp://ftp.ImageMagick.org/pub/%{name}/%{name}-%{VER}-%{Patchlevel}.tar.xz +Source0: https://www.imagemagick.org/download/%{name}-%{VER}-%{Patchlevel}.tar.xz Requires: %{name}-libs%{?_isa} = %{version}-%{release} -BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n) BuildRequires: bzip2-devel, freetype-devel, libjpeg-devel, libpng-devel BuildRequires: libtiff-devel, giflib-devel, zlib-devel, perl-devel >= 5.8.1 BuildRequires: perl-generators @@ -24,7 +23,7 @@ BuildRequires: fftw-devel, OpenEXR-devel, libwebp-devel BuildRequires: jbigkit-devel BuildRequires: openjpeg2-devel >= 2.1.0 -Patch0: ImageMagick-6.9.2-7-multiarch-implicit-pkgconfig-dir.patch +Patch0: ImageMagick-6.9.9-3-multiarch-implicit-pkgconfig-dir.patch %description ImageMagick is an image display and manipulation tool for the X @@ -175,9 +174,6 @@ cp -a www/source %{buildroot}%{_datadir}/doc/%{name}-%{VER} # Delete *ONLY* _libdir/*.la files! .la files used internally to handle plugins - BUG#185237!!! rm %{buildroot}%{_libdir}/*.la -# fix weird perl Magick.so permissions -chmod 755 %{buildroot}%{perl_vendorarch}/auto/Image/Magick/Magick.so - # perlmagick: fix perl path of demo files %{__perl} -MExtUtils::MakeMaker -e 'MY->fixin(@ARGV)' PerlMagick/demo/*.pl @@ -249,8 +245,8 @@ make %{?_smp_mflags} check %files libs %doc LICENSE NOTICE AUTHORS.txt QuickStart.txt -%{_libdir}/libMagickCore-6.Q16.so.2* -%{_libdir}/libMagickWand-6.Q16.so.2* +%{_libdir}/libMagickCore-6.Q16.so.5* +%{_libdir}/libMagickWand-6.Q16.so.5* %{_libdir}/%{name}-%{VER} %{_datadir}/%{name}-6 %exclude %{_libdir}/%{name}-%{VER}/modules-Q16/coders/djvu.* @@ -291,7 +287,7 @@ make %{?_smp_mflags} check %files c++ %doc Magick++/AUTHORS Magick++/ChangeLog Magick++/NEWS Magick++/README %doc www/Magick++/COPYING -%{_libdir}/libMagick++-6.Q16.so.6* +%{_libdir}/libMagick++-6.Q16.so.8* %files c++-devel %doc Magick++/examples @@ -310,6 +306,47 @@ make %{?_smp_mflags} check %doc PerlMagick/demo/ PerlMagick/Changelog PerlMagick/README.txt %changelog +* Thu Jul 27 2017 Kevin Fenzi - 6.9.9.3-1 +- Update to 6.9.9-3. Fixes bug #1299275 +- Fix CVE-2017-11644 ImageMagick: Memory-Leak in ReadMATImage() coders/mat.c - bug #1475485 +- Fix CVE-2017-11639 ImageMagick: heap-based buffer over-read in the WriteCIPImage() function in coders/cip.c - bug #1475470 +- Fix CVE-2017-11640 ImageMagick: NULL pointer dereference in WritePTIFImage() in coders/tiff.c - bug #1475463 +- Fix CVE-2017-11523 ImageMagick: Endless loop in ReadTXTImage function in coders/txt.c - bug #1474845 +- Fix CVE-2017-11446 CVE-2017-11478 ImageMagick: various flaws - bug #1474363,1474391 +- Fix CVE-2017-11360 ImageMagick: Resource exhaustion in ReadRLEImage function - bug #1473847 +- Fix CVE-2017-11188 ImageMagick: Resource exhaustion in ReadDPXImage function in coders\dpx.c - bug #1473824 +- Fix CVE-2017-11448 ImageMagick: Info leak from from uninitialized memory in ReadJPEGImage function - bug #1473801 +- Fix CVE-2017-11447 ImageMagick: Memory leak in ReadSCREENSHOTImage function in coders/screenshot.c - bug #1473798 +- Fix CVE-2017-11449 ImageMagick: coders/mpc.c don't validade blob sizes of stdin image input - bug #1473796 +- Fix CVE-2017-11450 ImageMagick: Too short JPEG data causes denial of service in coders/jpeg.c - bug #1473774 +- Fix CVE-2017-11141 ImageMagick: Memory exhaustion in ReadMATImage function in coders\mat.c - bug #1473757 +- Fix CVE-2017-10928 ImageMagick: heap-based buffer over-read in the GetNextToken function - bug #1473717 +- Fix CVE-2017-11352 ImageMagick: Improper EOF handling in coders/rle.c can trigger crash (Incomplete fix for CVE-2017-9144) - bug #1471835 +- Fix CVE-2017-10995 ImageMagick: Out-of-bounds heap read in mng_get_long function - bug #1471121 +- Fix CVE-2017-11170 ImageMagick: Memory leak in ReadTGAImage function when processing TGA or VST file - bug #1470669 +- Fix CVE-2017-7941 CVE-2017-7942 CVE-2017-7943 CVE-2017-8352 ImageMagick: various flaws - bug #1445676,1445677,1445679,1449253 +- Fix CVE-2017-9141 CVE-2017-9142 CVE-2017-9143 CVE-2017-9144 ImageMagick: various flaws - bug #1455578,1455581,1455583,1455584 +- Fix CVE-2016-9559 ImageMagick: Null pointer dereference in tiff.c - bug #1398189,1398198,1413898 +- Fix CVE-2017-5507 ImageMagick: Memory leak in mpc file handling - bug #1414444 +- Fix CVE-2016-10146 ImageMagick: Memory leak in caption and label handling - bug #1414446 +- Fix CVE-2017-5508 ImageMagick: Heap-buffer-overflow in PushQuantumPixel - bug #1414445 +- Fix CVE-2016-10070 ImageMagick: Out-of-bounds read in mat.c - bug #1410510 +- Fix CVE-2017-5506 ImageMagick: Double-free memory corruption in profile.c - bug #1414442 +- Fix CVE-2016-10064 ImageMagick: Buffer overflow in tiff.c - bug #1410478 +- Fix CVE-2016-10071 ImageMagick: Out-of-bounds read in mat.c - bug #1410513 +- Fix CVE-2016-10059 ImageMagick: TIFF file buffer overflow - bug #1410469 +- Fix CVE-2016-10057 ImageMagick: Buffer overflow in CALS coder - bug #1410466 +- Fix CVE-2016-10052 ImageMagick: Out-of-bounds write in exif (jpeg) reader - bug #1410459 +- Fix CVE-2016-10050 ImageMagick: Heap overflow when reading corrupt RLE files - bug #1410454 +- Fix CVE-2016-10049 ImageMagick: Buffer overflow when reading corrupt RLE files - bug #1410452 +- Fix CVE-2016-10046 ImageMagick: Buffer overflow in draw.c - bug #1410448 +- Fix CVE-2016-8677 ImageMagick: Memory allocation failure in AcquireQuantumPixel - bug #1385698 +- Fix CVE-2016-7906 ImageMagick: Mogrify heap-use-after-free in attribute.c - bug #1381141 +- Fix CVE-2016-7799 ImageMagick: Mogrify buffer over-read in profile.c - bug #1381138 +- ImageMagick: Hang when supplying file ending with colon to identify - bug #1380428 +- Fix CVE-2014-9907 CVE-2015-8957 CVE-2015-8958 CVE-2015-8959 CVE-2016-6823 CVE-2016-7101 CVE-2016-7513 CVE-2016-7514 CVE-2016-7515 CVE-2016-7516 CVE-2016-7517 CVE-2016-7518 CVE-2016-7519 CVE-2016-7520 CVE-2016-7521 ... ImageMagick: various flaws - bug #1378734,1378735,1378736,1378738,1378733,1378739,1378741,1378743,1378744,1378745,1378746,1378747,1378748,1378751,1378754,1378756,1378757,1378758,1378759,1378760,1378761,1378762,1378763,1378764,1378765,1378767,1378768,1378772,1378773,1378775,1378776,1378777,1378790 +- Fix CVE-2016-5010 ImageMagick: Out-of-bounds read when processing crafted tiff file - bug #1354500,1361578 + * Wed Jul 26 2017 Fedora Release Engineering - 6.9.3.0-8 - Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Mass_Rebuild diff --git a/sources b/sources index dd94466..98e3023 100644 --- a/sources +++ b/sources @@ -1 +1 @@ -87939f4f82d6f24a28d3106a58d523d8 ImageMagick-6.9.3-0.tar.xz +SHA512 (ImageMagick-6.9.9-3.tar.xz) = df1cad5cd087d18dea233eec52a7b1119d766a551b26b606e3e9b03547db5a3c132980608eccad16dd8415158e449c63bc0baf725995ccc3ddfe254d5008f676