Forgotten 4 patches

o Backport upstream fix http://trac.imagemagick.org/changeset/17846 - bz#1195263
		Add Patch3: ImageMagick-6.8.6-hdr-bz#1195263.patch
	o Backport upstream fix http://trac.imagemagick.org/changeset/17854 - bz#1195265
		Add Patch4: ImageMagick-6.8.6-miff-bz#1195265.patch
	o Backport upstream fix http://trac.imagemagick.org/changeset/17855 - bz#1195269
		Add Patch5: ImageMagick-6.8.6-pdb-bz#1195269.patch
	o Backport upstream fix http://trac.imagemagick.org/changeset/17856 - bz#1195271
		Add Patch6: ImageMagick-6.8.6-vicar-bz#1195271.patch

ImageMagick-6.8.6-CVE-2014-8354.patch

@@ -0,0 +1,18 @@
+Index: ImageMagick/trunk/MagickCore/resize.c
+===================================================================
+--- a/ImageMagick/trunk/magick/resize.c
++++ b/ImageMagick/trunk/magick/resize.c
+@@ -2498,4 +2498,6 @@
+       density+=contribution[n].weight;
+     }
++    if (n == 0)
++      continue;
+     if ((density != 0.0) && (density != 1.0))
+       {
+@@ -2711,4 +2713,6 @@
+       density+=contribution[n].weight;
+     }
++    if (n == 0)
++      continue;
+     if ((density != 0.0) && (density != 1.0))
+       {

ImageMagick-6.8.6-CVE-2014-8355.patch

@@ -0,0 +1,345 @@
+--- orig/coders/pcx.c	2013-04-07 20:20:50.000000000 +0400
++++ fixed/coders/pcx.c	2015-03-10 13:30:49.758099539 +0300
+@@ -13,11 +13,11 @@
+ %                Read/Write ZSoft IBM PC Paintbrush Image Format              %
+ %                                                                             %
+ %                              Software Design                                %
+-%                                John Cristy                                  %
++%                                   Cristy                                    %
+ %                                 July 1992                                   %
+ %                                                                             %
+ %                                                                             %
+-%  Copyright 1999-2013 ImageMagick Studio LLC, a non-profit organization      %
++%  Copyright 1999-2014 ImageMagick Studio LLC, a non-profit organization      %
+ %  dedicated to making software imaging solutions freely available.           %
+ %                                                                             %
+ %  You may not use this file except in compliance with the License.  You may  %
+@@ -40,6 +40,7 @@
+   Include declarations.
+ */
+ #include "magick/studio.h"
++#include "magick/attribute.h"
+ #include "magick/blob.h"
+ #include "magick/blob-private.h"
+ #include "magick/cache.h"
+@@ -220,6 +221,13 @@
+ 
+ static Image *ReadPCXImage(const ImageInfo *image_info,ExceptionInfo *exception)
+ {
++#define ThrowPCXException(severity,tag) \
++  { \
++    scanline=(unsigned char *) RelinquishMagickMemory(scanline); \
++    pixel_info=RelinquishVirtualMemory(pixel_info); \
++    ThrowReaderException(severity,tag); \
++  }
++
+   Image
+     *image;
+ 
+@@ -235,6 +243,9 @@
+     offset,
+     *page_table;
+ 
++  MemoryInfo
++    *pixel_info;
++
+   PCXInfo
+     pcx_info;
+ 
+@@ -264,8 +275,8 @@
+ 
+   unsigned char
+     packet,
+-    *pcx_colormap,
+-    *pcx_pixels,
++    pcx_colormap[768],
++    *pixels,
+     *scanline;
+ 
+   /*
+@@ -317,10 +328,12 @@
+       if (offset < 0)
+         ThrowReaderException(CorruptImageError,"ImproperImageHeader");
+     }
+-  pcx_colormap=(unsigned char *) NULL;
+   count=ReadBlob(image,1,&pcx_info.identifier);
+   for (id=1; id < 1024; id++)
+   {
++    int
++      bits_per_pixel;
++
+     /*
+       Verify PCX identifier.
+     */
+@@ -328,7 +341,10 @@
+     if ((count == 0) || (pcx_info.identifier != 0x0a))
+       ThrowReaderException(CorruptImageError,"ImproperImageHeader");
+     pcx_info.encoding=(unsigned char) ReadBlobByte(image);
+-    pcx_info.bits_per_pixel=(unsigned char) ReadBlobByte(image);
++    bits_per_pixel=ReadBlobByte(image);
++    if (bits_per_pixel == -1)
++      ThrowReaderException(CorruptImageError,"ImproperImageHeader");
++    pcx_info.bits_per_pixel=(unsigned char) bits_per_pixel;
+     pcx_info.left=ReadBlobLSBShort(image);
+     pcx_info.top=ReadBlobLSBShort(image);
+     pcx_info.right=ReadBlobLSBShort(image);
+@@ -350,13 +366,11 @@
+     image->x_resolution=(double) pcx_info.horizontal_resolution;
+     image->y_resolution=(double) pcx_info.vertical_resolution;
+     image->colors=16;
+-    pcx_colormap=(unsigned char *) AcquireQuantumMemory(256UL,
+-      3*sizeof(*pcx_colormap));
+-    if (pcx_colormap == (unsigned char *) NULL)
+-      ThrowReaderException(ResourceLimitError,"MemoryAllocationFailed");
+     count=ReadBlob(image,3*image->colors,pcx_colormap);
+     pcx_info.reserved=(unsigned char) ReadBlobByte(image);
+     pcx_info.planes=(unsigned char) ReadBlobByte(image);
++    if ((pcx_info.bits_per_pixel*pcx_info.planes) >= 64)
++      ThrowReaderException(CorruptImageError,"ImproperImageHeader");
+     one=1;
+     if ((pcx_info.bits_per_pixel != 8) || (pcx_info.planes == 1))
+       if ((pcx_info.version == 3) || (pcx_info.version == 5) ||
+@@ -384,25 +398,33 @@
+     /*
+       Read image data.
+     */
+-    pcx_packets=(size_t) image->rows*pcx_info.bytes_per_line*
+-      pcx_info.planes;
+-    pcx_pixels=(unsigned char *) AcquireQuantumMemory(pcx_packets,
+-      sizeof(*pcx_pixels));
++    pcx_packets=(size_t) image->rows*pcx_info.bytes_per_line*pcx_info.planes;
++    if ((size_t) (pcx_info.bits_per_pixel*pcx_info.planes*image->columns) >
++        (pcx_packets*8U))
++      ThrowReaderException(CorruptImageError,"ImproperImageHeader");
+     scanline=(unsigned char *) AcquireQuantumMemory(MagickMax(image->columns,
+       pcx_info.bytes_per_line),MagickMax(8,pcx_info.planes)*sizeof(*scanline));
+-    if ((pcx_pixels == (unsigned char *) NULL) ||
+-        (scanline == (unsigned char *) NULL))
+-      ThrowReaderException(ResourceLimitError,"MemoryAllocationFailed");
++    pixel_info=AcquireVirtualMemory(pcx_packets,sizeof(*pixels));
++    if ((scanline == (unsigned char *) NULL) ||
++        (pixel_info == (MemoryInfo *) NULL))
++      {
++        if (scanline != (unsigned char *) NULL)
++          scanline=(unsigned char *) RelinquishMagickMemory(scanline);
++        if (pixel_info != (MemoryInfo *) NULL)
++          pixel_info=RelinquishVirtualMemory(pixel_info);
++        ThrowReaderException(ResourceLimitError,"MemoryAllocationFailed");
++      }
++    pixels=(unsigned char *) GetVirtualMemoryBlob(pixel_info);
+     /*
+       Uncompress image data.
+     */
+-    p=pcx_pixels;
++    p=pixels;
+     if (pcx_info.encoding == 0)
+       while (pcx_packets != 0)
+       {
+         packet=(unsigned char) ReadBlobByte(image);
+         if (EOFBlob(image) != MagickFalse)
+-          ThrowReaderException(CorruptImageError,"UnexpectedEndOfFile");
++          ThrowPCXException(CorruptImageError,"UnexpectedEndOfFile");
+         *p++=packet;
+         pcx_packets--;
+       }
+@@ -411,7 +433,7 @@
+       {
+         packet=(unsigned char) ReadBlobByte(image);
+         if (EOFBlob(image) != MagickFalse)
+-          ThrowReaderException(CorruptImageError,"UnexpectedEndOfFile");
++          ThrowPCXException(CorruptImageError,"UnexpectedEndOfFile");
+         if ((packet & 0xc0) != 0xc0)
+           {
+             *p++=packet;
+@@ -421,7 +443,7 @@
+         count=(ssize_t) (packet & 0x3f);
+         packet=(unsigned char) ReadBlobByte(image);
+         if (EOFBlob(image) != MagickFalse)
+-          ThrowReaderException(CorruptImageError,"UnexpectedEndOfFile");
++          ThrowPCXException(CorruptImageError,"UnexpectedEndOfFile");
+         for ( ; count != 0; count--)
+         {
+           *p++=packet;
+@@ -440,7 +462,7 @@
+             Initialize image colormap.
+           */
+           if (image->colors > 256)
+-            ThrowReaderException(CorruptImageError,"ColormapExceeds256Colors");
++            ThrowPCXException(CorruptImageError,"ColormapExceeds256Colors");
+           if ((pcx_info.bits_per_pixel*pcx_info.planes) == 1)
+             {
+               /*
+@@ -469,14 +491,13 @@
+                   image->colormap[i].blue=ScaleCharToQuantum(*p++);
+                 }
+             }
+-          pcx_colormap=(unsigned char *) RelinquishMagickMemory(pcx_colormap);
+         }
+     /*
+       Convert PCX raster image to pixel packets.
+     */
+     for (y=0; y < (ssize_t) image->rows; y++)
+     {
+-      p=pcx_pixels+(y*pcx_info.bytes_per_line*pcx_info.planes);
++      p=pixels+(y*pcx_info.bytes_per_line*pcx_info.planes);
+       q=QueueAuthenticPixels(image,0,y,image->columns,1,exception);
+       if (q == (PixelPacket *) NULL)
+         break;
+@@ -626,9 +647,7 @@
+     if (image->storage_class == PseudoClass)
+       (void) SyncImage(image);
+     scanline=(unsigned char *) RelinquishMagickMemory(scanline);
+-    if (pcx_colormap != (unsigned char *) NULL)
+-      pcx_colormap=(unsigned char *) RelinquishMagickMemory(pcx_colormap);
+-    pcx_pixels=(unsigned char *) RelinquishMagickMemory(pcx_pixels);
++    pixel_info=RelinquishVirtualMemory(pixel_info);
+     if (EOFBlob(image) != MagickFalse)
+       {
+         ThrowFileException(exception,CorruptImageError,"UnexpectedEndOfFile",
+@@ -839,6 +858,9 @@
+     *page_table,
+     scene;
+ 
++  MemoryInfo
++    *pixel_info;
++
+   PCXInfo
+     pcx_info;
+ 
+@@ -863,7 +885,7 @@
+ 
+   unsigned char
+     *pcx_colormap,
+-    *pcx_pixels;
++    *pixels;
+ 
+   /*
+     Open output image file.
+@@ -877,8 +899,7 @@
+   status=OpenBlob(image_info,image,WriteBinaryBlobMode,&image->exception);
+   if (status == MagickFalse)
+     return(status);
+-  if (IssRGBCompatibleColorspace(image->colorspace) == MagickFalse)
+-    (void) TransformImageColorspace(image,sRGBColorspace);
++  (void) TransformImageColorspace(image,sRGBColorspace);
+   page_table=(MagickOffsetType *) NULL;
+   if ((LocaleCompare(image_info->magick,"DCX") == 0) ||
+       ((GetNextImageInList(image) != (Image *) NULL) &&
+@@ -982,29 +1003,24 @@
+     for (i=0; i < 58; i++)
+       (void) WriteBlobByte(image,'\0');
+     length=(size_t) pcx_info.bytes_per_line;
+-    pcx_pixels=(unsigned char *) AcquireQuantumMemory(length,pcx_info.planes*
+-      sizeof(*pcx_pixels));
+-    if (pcx_pixels == (unsigned char *) NULL)
++    pixel_info=AcquireVirtualMemory(length,pcx_info.planes*sizeof(*pixels));
++    if (pixel_info == (MemoryInfo *) NULL)
+       ThrowWriterException(ResourceLimitError,"MemoryAllocationFailed");
+-    q=pcx_pixels;
++    pixels=(unsigned char *) GetVirtualMemoryBlob(pixel_info);
++    q=pixels;
+     if ((image->storage_class == DirectClass) || (image->colors > 256))
+       {
+-        const PixelPacket
+-          *pixels;
+-
+         /*
+           Convert DirectClass image to PCX raster pixels.
+         */
+         for (y=0; y < (ssize_t) image->rows; y++)
+         {
+-          pixels=GetVirtualPixels(image,0,y,image->columns,1,
+-            &image->exception);
+-          if (pixels == (const PixelPacket *) NULL)
+-            break;
+-          q=pcx_pixels;
++          q=pixels;
+           for (i=0; i < pcx_info.planes; i++)
+           {
+-            p=pixels;
++            p=GetVirtualPixels(image,0,y,image->columns,1,&image->exception);
++            if (p == (const PixelPacket *) NULL)
++              break;
+             switch ((int) i)
+             {
+               case 0:
+@@ -1047,7 +1063,7 @@
+               }
+             }
+           }
+-          if (PCXWritePixels(&pcx_info,pcx_pixels,image) == MagickFalse)
++          if (PCXWritePixels(&pcx_info,pixels,image) == MagickFalse)
+             break;
+           if (image->previous == (Image *) NULL)
+             {
+@@ -1067,10 +1083,10 @@
+             if (p == (const PixelPacket *) NULL)
+               break;
+             indexes=GetVirtualIndexQueue(image);
+-            q=pcx_pixels;
++            q=pixels;
+             for (x=0; x < (ssize_t) image->columns; x++)
+               *q++=(unsigned char) GetPixelIndex(indexes+x);
+-            if (PCXWritePixels(&pcx_info,pcx_pixels,image) == MagickFalse)
++            if (PCXWritePixels(&pcx_info,pixels,image) == MagickFalse)
+               break;
+             if (image->previous == (Image *) NULL)
+               {
+@@ -1082,9 +1098,6 @@
+           }
+         else
+           {
+-            IndexPacket
+-              polarity;
+-
+             register unsigned char
+               bit,
+               byte;
+@@ -1092,26 +1105,19 @@
+             /*
+               Convert PseudoClass image to a PCX monochrome image.
+             */
+-            polarity=(IndexPacket) (GetPixelLuma(image,
+-              &image->colormap[0]) < (QuantumRange/2) ? 1 : 0);
+-            if (image->colors == 2)
+-              polarity=(IndexPacket) (
+-                GetPixelLuma(image,&image->colormap[0]) <
+-                GetPixelLuma(image,&image->colormap[1]) ? 1 : 0);
+             for (y=0; y < (ssize_t) image->rows; y++)
+             {
+-              p=GetVirtualPixels(image,0,y,image->columns,1,
+-                &image->exception);
++              p=GetVirtualPixels(image,0,y,image->columns,1,&image->exception);
+               if (p == (const PixelPacket *) NULL)
+                 break;
+               indexes=GetVirtualIndexQueue(image);
+               bit=0;
+               byte=0;
+-              q=pcx_pixels;
++              q=pixels;
+               for (x=0; x < (ssize_t) image->columns; x++)
+               {
+                 byte<<=1;
+-                if (GetPixelIndex(indexes+x) == polarity)
++                if (GetPixelLuma(image,p) >= (QuantumRange/2.0))
+                   byte|=0x01;
+                 bit++;
+                 if (bit == 8)
+@@ -1124,7 +1130,7 @@
+               }
+               if (bit != 0)
+                 *q++=byte << (8-bit);
+-              if (PCXWritePixels(&pcx_info,pcx_pixels,image) == MagickFalse)
++              if (PCXWritePixels(&pcx_info,pixels,image) == MagickFalse)
+                 break;
+               if (image->previous == (Image *) NULL)
+                 {
+@@ -1138,7 +1144,7 @@
+         (void) WriteBlobByte(image,pcx_info.colormap_signature);
+         (void) WriteBlob(image,3*256,pcx_colormap);
+       }
+-    pcx_pixels=(unsigned char *) RelinquishMagickMemory(pcx_pixels);
++    pixel_info=RelinquishVirtualMemory(pixel_info);
+     pcx_colormap=(unsigned char *) RelinquishMagickMemory(pcx_colormap);
+     if (page_table == (MagickOffsetType *) NULL)
+       break;

ImageMagick-6.8.6-hdr-bz#1195263.patch

@@ -0,0 +1,69 @@
+Index: ImageMagick/branches/ImageMagick-6/ChangeLog
+===================================================================
+--- a/ImageMagick/branches/ImageMagick-6/ChangeLog
++++ b/ImageMagick/branches/ImageMagick-6/ChangeLog
+@@ -1,6 +1,8 @@
+ 2013-07-01  6.8.6-3 Cristy  <quetzlzacatenango@image...>
+   * New version 6.8.6-3, SVN revision 12579.
+ 
++  * Fixed infinite loop in HDR reader (reference
++    http://www.imagemagick.org/discourse-server/viewtopic.php?f=3&t=26929).
+ 2013-06-26  6.8.6-3 Cristy  <quetzlzacatenango@image...>
+   * Improve HCL to RGB roundtrip (reference
+     http://www.imagemagick.org/discourse-server/viewtopic.php?f=3&t=22384).
+
+Index: ImageMagick/branches/ImageMagick-6/coders/hdr.c
+===================================================================
+--- a/ImageMagick/branches/ImageMagick-6/coders/hdr.c
++++ b/ImageMagick/branches/ImageMagick-6/coders/hdr.c
+@@ -275,5 +275,5 @@
+             continue;
+           p=value;
+-          while ((c != '\n') && (c != '\0'))
++          while ((c != '\n') && (c != '\0') && (c != EOF))
+           {
+             if ((size_t) (p-value) < (MaxTextExtent-1))
+@@ -320,16 +320,18 @@
+                     white_point[2];
+ 
+-                  (void) sscanf(value,"%g %g %g %g %g %g %g %g",
+-                    &chromaticity[0],&chromaticity[1],&chromaticity[2],
+-                    &chromaticity[3],&chromaticity[4],&chromaticity[5],
+-                    &white_point[0],&white_point[1]);
+-                  image->chromaticity.red_primary.x=chromaticity[0];
+-                  image->chromaticity.red_primary.y=chromaticity[1];
+-                  image->chromaticity.green_primary.x=chromaticity[2];
+-                  image->chromaticity.green_primary.y=chromaticity[3];
+-                  image->chromaticity.blue_primary.x=chromaticity[4];
+-                  image->chromaticity.blue_primary.y=chromaticity[5];
+-                  image->chromaticity.white_point.x=white_point[0],
+-                  image->chromaticity.white_point.y=white_point[1];
++                  if (sscanf(value,"%g %g %g %g %g %g %g %g",&chromaticity[0],
++                      &chromaticity[1],&chromaticity[2],&chromaticity[3],
++                      &chromaticity[4],&chromaticity[5],&white_point[0],
++                      &white_point[1]) == 8)
++                    {
++                      image->chromaticity.red_primary.x=chromaticity[0];
++                      image->chromaticity.red_primary.y=chromaticity[1];
++                      image->chromaticity.green_primary.x=chromaticity[2];
++                      image->chromaticity.green_primary.y=chromaticity[3];
++                      image->chromaticity.blue_primary.x=chromaticity[4];
++                      image->chromaticity.blue_primary.y=chromaticity[5];
++                      image->chromaticity.white_point.x=white_point[0],
++                      image->chromaticity.white_point.y=white_point[1];
++                    }
+                   break;
+                 }
+@@ -350,7 +352,9 @@
+                     width;
+ 
+-                  (void) sscanf(value,"%d +X %d",&height,&width);
+-                  image->columns=(size_t) width;
+-                  image->rows=(size_t) height;
++                  if (sscanf(value,"%d +X %d",&height,&width) == 2)
++                    {
++                      image->columns=(size_t) width;
++                      image->rows=(size_t) height;
++                    }
+                   break;
+                 }

ImageMagick-6.8.6-miff-bz#1195265.patch

@@ -0,0 +1,54 @@
+diff -ur ImageMagick-6.8.6-3.miff-orig/coders/miff.c ImageMagick-6.8.6-3/coders/miff.c
+--- ImageMagick-6.8.6-3.miff-orig/coders/miff.c	2013-05-17 22:58:19.000000000 +0400
++++ ImageMagick-6.8.6-3/coders/miff.c	2015-03-10 22:37:49.930865595 +0300
+@@ -1399,6 +1399,9 @@
+           bzip_info.avail_out=(unsigned int) (packet_size*image->columns);
+           do
+           {
++            int
++              code;
++
+             if (bzip_info.avail_in == 0)
+               {
+                 bzip_info.next_in=(char *) compress_pixels;
+@@ -1408,7 +1411,13 @@
+                 bzip_info.avail_in=(unsigned int) ReadBlob(image,length,
+                   (unsigned char *) bzip_info.next_in);
+               }
+-            if (BZ2_bzDecompress(&bzip_info) == BZ_STREAM_END)
++            code=BZ2_bzDecompress(&bzip_info);
++            if (code < 0)
++              {
++                status=MagickFalse;
++                break;
++              }
++            if (code == BZ_STREAM_END)
+               break;
+           } while (bzip_info.avail_out != 0);
+           (void) ImportQuantumPixels(image,(CacheView *) NULL,quantum_info,
+@@ -1455,6 +1464,9 @@
+           zip_info.avail_out=(uInt) (packet_size*image->columns);
+           do
+           {
++            int
++              code;
++
+             if (zip_info.avail_in == 0)
+               {
+                 zip_info.next_in=compress_pixels;
+@@ -1464,7 +1476,13 @@
+                 zip_info.avail_in=(unsigned int) ReadBlob(image,length,
+                   zip_info.next_in);
+               }
+-            if (inflate(&zip_info,Z_SYNC_FLUSH) == Z_STREAM_END)
++            code=inflate(&zip_info,Z_SYNC_FLUSH);
++            if (code < 0)
++              {
++                status=MagickFalse;
++                break;
++              }
++            if (code == Z_STREAM_END)
+               break;
+           } while (zip_info.avail_out != 0);
+           (void) ImportQuantumPixels(image,(CacheView *) NULL,quantum_info,
+Только в ImageMagick-6.8.6-3/coders: miff.c.orig

ImageMagick-6.8.6-pdb-bz#1195269.patch

@@ -0,0 +1,19 @@
+Index: ImageMagick/branches/ImageMagick-6/coders/pdb.c
+===================================================================
+--- a/ImageMagick/branches/ImageMagick-6/coders/pdb.c
++++ b/ImageMagick/branches/ImageMagick-6/coders/pdb.c
+@@ -372,5 +372,13 @@
+     }
+   num_pad_bytes = (size_t) (img_offset - TellBlob( image ));
+-  while (num_pad_bytes--) ReadBlobByte( image );
++  while (num_pad_bytes-- != 0)
++  {
++    int
++      c;
++
++    c=ReadBlobByte(image);
++    if (c == EOF)
++      break;
++  }
+   /*
+     Read image header.

ImageMagick-6.8.6-vicar-bz#1195271.patch

@@ -0,0 +1,11 @@
+Index: ImageMagick/branches/ImageMagick-6/coders/vicar.c
+===================================================================
+--- a/ImageMagick/branches/ImageMagick-6/coders/vicar.c
++++ b/ImageMagick/branches/ImageMagick-6/coders/vicar.c
+@@ -276,4 +276,6 @@
+   {
+     c=ReadBlobByte(image);
++    if (c == EOF)
++      break;
+     count++;
+   }

ImageMagick-6.8.7-psd-CVE.patch

@@ -0,0 +1,25 @@
+Index: ImageMagick/branches/ImageMagick-6/coders/psd.c
+===================================================================
+--- a/ImageMagick/branches/ImageMagick-6/coders/psd.c
++++ b/ImageMagick/branches/ImageMagick-6/coders/psd.c
+@@ -270,5 +270,5 @@
+   for (i=0; (packets > 1) && (i < (ssize_t) number_pixels); )
+   {
+-    length=(*compact_pixels++);
++    length=(size_t) (*compact_pixels++);
+     packets--;
+     if (length == 128)
+@@ -277,4 +277,6 @@
+       {
+         length=256-length+1;
++        if ((ssize_t) length + i > (ssize_t) number_pixels)
++          length=number_pixels-(size_t) i;
+         pixel=(*compact_pixels++);
+         packets--;
+@@ -323,4 +325,6 @@
+       }
+     length++;
++    if ((ssize_t) length + i > (ssize_t) number_pixels)
++      length=number_pixels-(size_t) i;
+     for (j=0; j < (ssize_t) length; j++)
+     {

ImageMagick.spec

@@ -1,9 +1,9 @@
-%global VER 6.8.8
-%global Patchlevel 10
+%global VER 6.8.6
+%global Patchlevel 3
 
 Name:		ImageMagick
 Version:		%{VER}.%{Patchlevel}
-Release:		2%{?dist}
+Release:		6%{?dist}
 Summary:		An X application for displaying and manipulating images
 Group:		Applications/Multimedia
 License:		ImageMagick
@@ -12,9 +12,24 @@ Source0:		ftp://ftp.ImageMagick.org/pub/%{name}/%{name}-%{VER}-%{Patchlevel}.tar
 
 Requires:		%{name}-libs = %{version}-%{release}
 
+# CVE bug fix backporting: http://www.imagemagick.org/discourse-server/viewtopic.php?f=3&t=25128&sid=ff40ad66b1f845c767aa77c7e32f9f9c&p=109901#p109901
+Patch0:		ImageMagick-6.8.7-psd-CVE.patch
+# Backport upstream fix http://trac.imagemagick.org/changeset/16765 - bz#1158520
+Patch1:		ImageMagick-6.8.6-CVE-2014-8354.patch
+# Backport upstream fix http://trac.imagemagick.org/changeset/16774#file0 - bz#1158524
+Patch2:		ImageMagick-6.8.6-CVE-2014-8355.patch
+# Backport upstream fix http://trac.imagemagick.org/changeset/17846 - bz#1195263
+Patch3:		ImageMagick-6.8.6-hdr-bz#1195263.patch
+# Backport upstream fix http://trac.imagemagick.org/changeset/17854 - bz#1195265
+Patch4:		ImageMagick-6.8.6-miff-bz#1195265.patch
+# Backport upstream fix http://trac.imagemagick.org/changeset/17855 - bz#1195269
+Patch5:		ImageMagick-6.8.6-pdb-bz#1195269.patch
+# Backport upstream fix http://trac.imagemagick.org/changeset/17856 - bz#1195271
+Patch6:		ImageMagick-6.8.6-vicar-bz#1195271.patch
+
 BuildRoot:	%{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n)
 BuildRequires:	bzip2-devel, freetype-devel, libjpeg-devel, libpng-devel
-BuildRequires:	libtiff-devel, giflib-devel, zlib-devel, perl-devel >= 5.8.1
+BuildRequires:	libtiff-devel, zlib-devel, perl-devel >= 5.8.1
 BuildRequires:	ghostscript-devel, djvulibre-devel
 BuildRequires:	libwmf-devel, jasper-devel, libtool-ltdl-devel
 BuildRequires:	libX11-devel, libXext-devel, libXt-devel
@@ -132,6 +147,14 @@ however.
 
 %prep
 %setup -q -n %{name}-%{VER}-%{Patchlevel}
+%patch0 -p4 -b .cve
+%patch1 -p3 -b .cve-2014-5354
+%patch2 -p1 -b .cve-2014-5355
+%patch3 -p4 -b .hdr
+%patch4 -p1 -b .miff
+%patch5 -p4 -b .pdb
+%patch6 -p4 -b .vicar
+
 sed -i 's/libltdl.la/libltdl.so/g' configure
 iconv -f ISO-8859-1 -t UTF-8 README.txt > README.txt.tmp
 touch -r README.txt README.txt.tmp
@@ -253,8 +276,8 @@ rm -rf %{buildroot}
 %files libs
 %defattr(-,root,root,-)
 %doc LICENSE NOTICE AUTHORS.txt QuickStart.txt
-%{_libdir}/libMagickCore-6.Q16.so.*
-%{_libdir}/libMagickWand-6.Q16.so.*
+%{_libdir}/libMagickCore-6.Q16.so.1*
+%{_libdir}/libMagickWand-6.Q16.so.1*
 %{_libdir}/%{name}-%{VER}
 %{_datadir}/%{name}-6
 %exclude %{_libdir}/%{name}-%{VER}/modules-Q16/coders/djvu.*
@@ -298,7 +321,7 @@ rm -rf %{buildroot}
 %defattr(-,root,root,-)
 %doc Magick++/AUTHORS Magick++/ChangeLog Magick++/NEWS Magick++/README
 %doc www/Magick++/COPYING
-%{_libdir}/libMagick++-6.Q16.so.*
+%{_libdir}/libMagick++-6.Q16.so.1*
 
 %files c++-devel
 %defattr(-,root,root,-)
@@ -319,28 +342,34 @@ rm -rf %{buildroot}
 %doc PerlMagick/demo/ PerlMagick/Changelog PerlMagick/README.txt
 
 %changelog
-* Sat Mar 29 2014 Pavel Alexeev <Pahan@Hubbitus.info>- 6.8.8.10-2
-- Update to 6.8.8-10 with hope to fix CVE-2014-1958 (bz#1067276, bz#1067277, bz#1067278), CVE-2014-1947, CVE-2014-2030 (bz#1064098)
+* Tue Mar 10 2015 Pavel Alexeev <Pahan@Hubbitus.info> - 6.8.6.3-6
+- Fix 4 more security bugs:
+	o Backport upstream fix http://trac.imagemagick.org/changeset/17846 - bz#1195263
+		Add Patch3: ImageMagick-6.8.6-hdr-bz#1195263.patch
+	o Backport upstream fix http://trac.imagemagick.org/changeset/17854 - bz#1195265
+		Add Patch4: ImageMagick-6.8.6-miff-bz#1195265.patch
+	o Backport upstream fix http://trac.imagemagick.org/changeset/17855 - bz#1195269
+		Add Patch5: ImageMagick-6.8.6-pdb-bz#1195269.patch
+	o Backport upstream fix http://trac.imagemagick.org/changeset/17856 - bz#1195271
+		Add Patch6: ImageMagick-6.8.6-vicar-bz#1195271.patch
+
+* Mon Mar 09 2015 Pavel Alexeev <Pahan@Hubbitus.info> - 6.8.6.3-5
+- Backport upstream fix http://trac.imagemagick.org/changeset/16765 (bz#1158520) for CVE-2014-8354
+	Add Patch1: ImageMagick-6.8.7-CVE-2014-8354.patch
+- Backport upstream fix http://trac.imagemagick.org/changeset/16774 (bz#1158524) for CVE-2014-8355
+	Add Patch2: ImageMagick-6.8.6-CVE-2014-8355.patch
+
+* Thu Apr 3 2014 Pavel Alexeev <Pahan@Hubbitus.info> - 6.8.6.3-4
+- Build 6.8.6-3 version because soname bump happened in newer.
+- Concretize soname versioning.
+- Add Patch0: ImageMagick-6.8.7-psd-CVE.patch CVE bug fix backporting:
+	http://www.imagemagick.org/discourse-server/viewtopic.php?f=3&t=25128&sid=ff40ad66b1f845c767aa77c7e32f9f9c&p=109901#p109901
+	for fix CVE-2014-1958 (bz#1067276, bz#1067277, bz#1067278), CVE-2014-1947, CVE-2014-2030 (bz#1064098)
 - Enable %%check by Alexander Todorov suggestion - bz#1076671.
 - Add %%{?_smp_mflags} into make install and check (not main compilation).
-
-* Mon Jan 6 2014 Pavel Alexeev <Pahan@Hubbitus.info> - 6.8.7.0-4
-- Drop BR giflib-devel (bz#1039378)
-
-* Thu Jan 02 2014 Orion Poplawski <orion@cora.nwra.com> - 6.8.7.0-3
-- Rebuild for libwebp soname bump
-
-* Wed Nov 27 2013 Rex Dieter <rdieter@fedoraproject.org> 6.8.7.0-2
-- rebuild (openexr)
-
-* Fri Nov 08 2013 Kyle McMartin <kyle@fedoraproject.org>
-- Use %__isa_bits instead of hardcoding the list of 64-bit architectures.
-
-* Mon Oct 7 2013 Pavel Alexeev <Pahan@Hubbitus.info> - 6.8.7.0-1
-- Update to 6.8.7-0 to fix badurl (http://www.mail-archive.com/devel@lists.fedoraproject.org/msg67796.html)
-
-* Sun Sep 08 2013 Rex Dieter <rdieter@fedoraproject.org> - 6.8.6.3-4
-- rebuild (openexr)
+- Porting some other non-destructive minor enhancments from master branch:
+	o Drop BR giflib-devel (bz#1039378)
+	o Use %%__isa_bits instead of hardcoding the list of 64-bit architectures.
 
 * Fri Aug 02 2013 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 6.8.6.3-3
 - Rebuilt for https://fedoraproject.org/wiki/Fedora_20_Mass_Rebuild

sources

@@ -1 +1 @@
-ab9b397c1d4798a9f6ae6cc94aa292fe  ImageMagick-6.8.8-10.tar.xz
+84f1a14906b58c8d8ce1ed35cb882112  ImageMagick-6.8.6-3.tar.xz