Compare commits
7 Commits
Author | SHA1 | Date |
---|---|---|
Hubbitus | f06d726465 | |
Hubbitus | 9cbd568b2e | |
Hubbitus | 6d27c89aa1 | |
Hubbitus | a7581637fb | |
Hubbitus | 86767a6ec3 | |
Hubbitus | 001f14d901 | |
Hubbitus | 36451106b3 |
|
@ -0,0 +1,18 @@
|
|||
Index: ImageMagick/trunk/MagickCore/resize.c
|
||||
===================================================================
|
||||
--- a/ImageMagick/trunk/magick/resize.c
|
||||
+++ b/ImageMagick/trunk/magick/resize.c
|
||||
@@ -2498,4 +2498,6 @@
|
||||
density+=contribution[n].weight;
|
||||
}
|
||||
+ if (n == 0)
|
||||
+ continue;
|
||||
if ((density != 0.0) && (density != 1.0))
|
||||
{
|
||||
@@ -2711,4 +2713,6 @@
|
||||
density+=contribution[n].weight;
|
||||
}
|
||||
+ if (n == 0)
|
||||
+ continue;
|
||||
if ((density != 0.0) && (density != 1.0))
|
||||
{
|
|
@ -0,0 +1,109 @@
|
|||
diff -ru ImageMagick-6.8.8-10.orig/coders/pcx.c ImageMagick-6.8.8-10/coders/pcx.c
|
||||
--- ImageMagick-6.8.8-10.orig/coders/pcx.c 2014-02-23 03:29:04.000000000 +0400
|
||||
+++ ImageMagick-6.8.8-10/coders/pcx.c 2015-03-11 01:23:23.618561284 +0300
|
||||
@@ -221,6 +221,13 @@
|
||||
|
||||
static Image *ReadPCXImage(const ImageInfo *image_info,ExceptionInfo *exception)
|
||||
{
|
||||
+#define ThrowPCXException(severity,tag) \
|
||||
+ { \
|
||||
+ scanline=(unsigned char *) RelinquishMagickMemory(scanline); \
|
||||
+ pixel_info=RelinquishVirtualMemory(pixel_info); \
|
||||
+ ThrowReaderException(severity,tag); \
|
||||
+ }
|
||||
+
|
||||
Image
|
||||
*image;
|
||||
|
||||
@@ -268,7 +275,7 @@
|
||||
|
||||
unsigned char
|
||||
packet,
|
||||
- *pcx_colormap,
|
||||
+ pcx_colormap[768],
|
||||
*pixels,
|
||||
*scanline;
|
||||
|
||||
@@ -321,7 +328,6 @@
|
||||
if (offset < 0)
|
||||
ThrowReaderException(CorruptImageError,"ImproperImageHeader");
|
||||
}
|
||||
- pcx_colormap=(unsigned char *) NULL;
|
||||
count=ReadBlob(image,1,&pcx_info.identifier);
|
||||
for (id=1; id < 1024; id++)
|
||||
{
|
||||
@@ -354,10 +360,6 @@
|
||||
image->x_resolution=(double) pcx_info.horizontal_resolution;
|
||||
image->y_resolution=(double) pcx_info.vertical_resolution;
|
||||
image->colors=16;
|
||||
- pcx_colormap=(unsigned char *) AcquireQuantumMemory(256UL,
|
||||
- 3*sizeof(*pcx_colormap));
|
||||
- if (pcx_colormap == (unsigned char *) NULL)
|
||||
- ThrowReaderException(ResourceLimitError,"MemoryAllocationFailed");
|
||||
count=ReadBlob(image,3*image->colors,pcx_colormap);
|
||||
pcx_info.reserved=(unsigned char) ReadBlobByte(image);
|
||||
pcx_info.planes=(unsigned char) ReadBlobByte(image);
|
||||
@@ -389,6 +391,9 @@
|
||||
Read image data.
|
||||
*/
|
||||
pcx_packets=(size_t) image->rows*pcx_info.bytes_per_line*pcx_info.planes;
|
||||
+ if ((size_t) (pcx_info.bits_per_pixel*pcx_info.planes*image->columns) >
|
||||
+ (pcx_packets*8U))
|
||||
+ ThrowReaderException(CorruptImageError,"ImproperImageHeader");
|
||||
scanline=(unsigned char *) AcquireQuantumMemory(MagickMax(image->columns,
|
||||
pcx_info.bytes_per_line),MagickMax(8,pcx_info.planes)*sizeof(*scanline));
|
||||
pixel_info=AcquireVirtualMemory(pcx_packets,sizeof(*pixels));
|
||||
@@ -411,7 +416,7 @@
|
||||
{
|
||||
packet=(unsigned char) ReadBlobByte(image);
|
||||
if (EOFBlob(image) != MagickFalse)
|
||||
- ThrowReaderException(CorruptImageError,"UnexpectedEndOfFile");
|
||||
+ ThrowPCXException(CorruptImageError,"UnexpectedEndOfFile");
|
||||
*p++=packet;
|
||||
pcx_packets--;
|
||||
}
|
||||
@@ -420,7 +425,7 @@
|
||||
{
|
||||
packet=(unsigned char) ReadBlobByte(image);
|
||||
if (EOFBlob(image) != MagickFalse)
|
||||
- ThrowReaderException(CorruptImageError,"UnexpectedEndOfFile");
|
||||
+ ThrowPCXException(CorruptImageError,"UnexpectedEndOfFile");
|
||||
if ((packet & 0xc0) != 0xc0)
|
||||
{
|
||||
*p++=packet;
|
||||
@@ -430,7 +435,7 @@
|
||||
count=(ssize_t) (packet & 0x3f);
|
||||
packet=(unsigned char) ReadBlobByte(image);
|
||||
if (EOFBlob(image) != MagickFalse)
|
||||
- ThrowReaderException(CorruptImageError,"UnexpectedEndOfFile");
|
||||
+ ThrowPCXException(CorruptImageError,"UnexpectedEndOfFile");
|
||||
for ( ; count != 0; count--)
|
||||
{
|
||||
*p++=packet;
|
||||
@@ -449,7 +454,7 @@
|
||||
Initialize image colormap.
|
||||
*/
|
||||
if (image->colors > 256)
|
||||
- ThrowReaderException(CorruptImageError,"ColormapExceeds256Colors");
|
||||
+ ThrowPCXException(CorruptImageError,"ColormapExceeds256Colors");
|
||||
if ((pcx_info.bits_per_pixel*pcx_info.planes) == 1)
|
||||
{
|
||||
/*
|
||||
@@ -478,7 +483,6 @@
|
||||
image->colormap[i].blue=ScaleCharToQuantum(*p++);
|
||||
}
|
||||
}
|
||||
- pcx_colormap=(unsigned char *) RelinquishMagickMemory(pcx_colormap);
|
||||
}
|
||||
/*
|
||||
Convert PCX raster image to pixel packets.
|
||||
@@ -634,8 +638,6 @@
|
||||
}
|
||||
if (image->storage_class == PseudoClass)
|
||||
(void) SyncImage(image);
|
||||
- if (pcx_colormap != (unsigned char *) NULL)
|
||||
- pcx_colormap=(unsigned char *) RelinquishMagickMemory(pcx_colormap);
|
||||
scanline=(unsigned char *) RelinquishMagickMemory(scanline);
|
||||
pixel_info=RelinquishVirtualMemory(pixel_info);
|
||||
if (EOFBlob(image) != MagickFalse)
|
||||
Только в ImageMagick-6.8.8-10/coders: pcx.c.orig
|
|
@ -0,0 +1,69 @@
|
|||
Index: ImageMagick/branches/ImageMagick-6/ChangeLog
|
||||
===================================================================
|
||||
--- a/ImageMagick/branches/ImageMagick-6/ChangeLog
|
||||
+++ b/ImageMagick/branches/ImageMagick-6/ChangeLog
|
||||
@@ -1,6 +1,8 @@
|
||||
2013-07-01 6.8.6-3 Cristy <quetzlzacatenango@image...>
|
||||
* New version 6.8.6-3, SVN revision 12579.
|
||||
|
||||
+ * Fixed infinite loop in HDR reader (reference
|
||||
+ http://www.imagemagick.org/discourse-server/viewtopic.php?f=3&t=26929).
|
||||
2013-06-26 6.8.6-3 Cristy <quetzlzacatenango@image...>
|
||||
* Improve HCL to RGB roundtrip (reference
|
||||
http://www.imagemagick.org/discourse-server/viewtopic.php?f=3&t=22384).
|
||||
|
||||
Index: ImageMagick/branches/ImageMagick-6/coders/hdr.c
|
||||
===================================================================
|
||||
--- a/ImageMagick/branches/ImageMagick-6/coders/hdr.c
|
||||
+++ b/ImageMagick/branches/ImageMagick-6/coders/hdr.c
|
||||
@@ -275,5 +275,5 @@
|
||||
continue;
|
||||
p=value;
|
||||
- while ((c != '\n') && (c != '\0'))
|
||||
+ while ((c != '\n') && (c != '\0') && (c != EOF))
|
||||
{
|
||||
if ((size_t) (p-value) < (MaxTextExtent-1))
|
||||
@@ -320,16 +320,18 @@
|
||||
white_point[2];
|
||||
|
||||
- (void) sscanf(value,"%g %g %g %g %g %g %g %g",
|
||||
- &chromaticity[0],&chromaticity[1],&chromaticity[2],
|
||||
- &chromaticity[3],&chromaticity[4],&chromaticity[5],
|
||||
- &white_point[0],&white_point[1]);
|
||||
- image->chromaticity.red_primary.x=chromaticity[0];
|
||||
- image->chromaticity.red_primary.y=chromaticity[1];
|
||||
- image->chromaticity.green_primary.x=chromaticity[2];
|
||||
- image->chromaticity.green_primary.y=chromaticity[3];
|
||||
- image->chromaticity.blue_primary.x=chromaticity[4];
|
||||
- image->chromaticity.blue_primary.y=chromaticity[5];
|
||||
- image->chromaticity.white_point.x=white_point[0],
|
||||
- image->chromaticity.white_point.y=white_point[1];
|
||||
+ if (sscanf(value,"%g %g %g %g %g %g %g %g",&chromaticity[0],
|
||||
+ &chromaticity[1],&chromaticity[2],&chromaticity[3],
|
||||
+ &chromaticity[4],&chromaticity[5],&white_point[0],
|
||||
+ &white_point[1]) == 8)
|
||||
+ {
|
||||
+ image->chromaticity.red_primary.x=chromaticity[0];
|
||||
+ image->chromaticity.red_primary.y=chromaticity[1];
|
||||
+ image->chromaticity.green_primary.x=chromaticity[2];
|
||||
+ image->chromaticity.green_primary.y=chromaticity[3];
|
||||
+ image->chromaticity.blue_primary.x=chromaticity[4];
|
||||
+ image->chromaticity.blue_primary.y=chromaticity[5];
|
||||
+ image->chromaticity.white_point.x=white_point[0],
|
||||
+ image->chromaticity.white_point.y=white_point[1];
|
||||
+ }
|
||||
break;
|
||||
}
|
||||
@@ -350,7 +352,9 @@
|
||||
width;
|
||||
|
||||
- (void) sscanf(value,"%d +X %d",&height,&width);
|
||||
- image->columns=(size_t) width;
|
||||
- image->rows=(size_t) height;
|
||||
+ if (sscanf(value,"%d +X %d",&height,&width) == 2)
|
||||
+ {
|
||||
+ image->columns=(size_t) width;
|
||||
+ image->rows=(size_t) height;
|
||||
+ }
|
||||
break;
|
||||
}
|
|
@ -0,0 +1,54 @@
|
|||
diff -ur ImageMagick-6.8.6-3.miff-orig/coders/miff.c ImageMagick-6.8.6-3/coders/miff.c
|
||||
--- ImageMagick-6.8.6-3.miff-orig/coders/miff.c 2013-05-17 22:58:19.000000000 +0400
|
||||
+++ ImageMagick-6.8.6-3/coders/miff.c 2015-03-10 22:37:49.930865595 +0300
|
||||
@@ -1399,6 +1399,9 @@
|
||||
bzip_info.avail_out=(unsigned int) (packet_size*image->columns);
|
||||
do
|
||||
{
|
||||
+ int
|
||||
+ code;
|
||||
+
|
||||
if (bzip_info.avail_in == 0)
|
||||
{
|
||||
bzip_info.next_in=(char *) compress_pixels;
|
||||
@@ -1408,7 +1411,13 @@
|
||||
bzip_info.avail_in=(unsigned int) ReadBlob(image,length,
|
||||
(unsigned char *) bzip_info.next_in);
|
||||
}
|
||||
- if (BZ2_bzDecompress(&bzip_info) == BZ_STREAM_END)
|
||||
+ code=BZ2_bzDecompress(&bzip_info);
|
||||
+ if (code < 0)
|
||||
+ {
|
||||
+ status=MagickFalse;
|
||||
+ break;
|
||||
+ }
|
||||
+ if (code == BZ_STREAM_END)
|
||||
break;
|
||||
} while (bzip_info.avail_out != 0);
|
||||
(void) ImportQuantumPixels(image,(CacheView *) NULL,quantum_info,
|
||||
@@ -1455,6 +1464,9 @@
|
||||
zip_info.avail_out=(uInt) (packet_size*image->columns);
|
||||
do
|
||||
{
|
||||
+ int
|
||||
+ code;
|
||||
+
|
||||
if (zip_info.avail_in == 0)
|
||||
{
|
||||
zip_info.next_in=compress_pixels;
|
||||
@@ -1464,7 +1476,13 @@
|
||||
zip_info.avail_in=(unsigned int) ReadBlob(image,length,
|
||||
zip_info.next_in);
|
||||
}
|
||||
- if (inflate(&zip_info,Z_SYNC_FLUSH) == Z_STREAM_END)
|
||||
+ code=inflate(&zip_info,Z_SYNC_FLUSH);
|
||||
+ if (code < 0)
|
||||
+ {
|
||||
+ status=MagickFalse;
|
||||
+ break;
|
||||
+ }
|
||||
+ if (code == Z_STREAM_END)
|
||||
break;
|
||||
} while (zip_info.avail_out != 0);
|
||||
(void) ImportQuantumPixels(image,(CacheView *) NULL,quantum_info,
|
||||
Только в ImageMagick-6.8.6-3/coders: miff.c.orig
|
|
@ -0,0 +1,19 @@
|
|||
Index: ImageMagick/branches/ImageMagick-6/coders/pdb.c
|
||||
===================================================================
|
||||
--- a/ImageMagick/branches/ImageMagick-6/coders/pdb.c
|
||||
+++ b/ImageMagick/branches/ImageMagick-6/coders/pdb.c
|
||||
@@ -372,5 +372,13 @@
|
||||
}
|
||||
num_pad_bytes = (size_t) (img_offset - TellBlob( image ));
|
||||
- while (num_pad_bytes--) ReadBlobByte( image );
|
||||
+ while (num_pad_bytes-- != 0)
|
||||
+ {
|
||||
+ int
|
||||
+ c;
|
||||
+
|
||||
+ c=ReadBlobByte(image);
|
||||
+ if (c == EOF)
|
||||
+ break;
|
||||
+ }
|
||||
/*
|
||||
Read image header.
|
|
@ -0,0 +1,11 @@
|
|||
Index: ImageMagick/branches/ImageMagick-6/coders/vicar.c
|
||||
===================================================================
|
||||
--- a/ImageMagick/branches/ImageMagick-6/coders/vicar.c
|
||||
+++ b/ImageMagick/branches/ImageMagick-6/coders/vicar.c
|
||||
@@ -276,4 +276,6 @@
|
||||
{
|
||||
c=ReadBlobByte(image);
|
||||
+ if (c == EOF)
|
||||
+ break;
|
||||
count++;
|
||||
}
|
|
@ -0,0 +1,25 @@
|
|||
Index: ImageMagick/branches/ImageMagick-6/coders/psd.c
|
||||
===================================================================
|
||||
--- a/ImageMagick/branches/ImageMagick-6/coders/psd.c
|
||||
+++ b/ImageMagick/branches/ImageMagick-6/coders/psd.c
|
||||
@@ -270,5 +270,5 @@
|
||||
for (i=0; (packets > 1) && (i < (ssize_t) number_pixels); )
|
||||
{
|
||||
- length=(*compact_pixels++);
|
||||
+ length=(size_t) (*compact_pixels++);
|
||||
packets--;
|
||||
if (length == 128)
|
||||
@@ -277,4 +277,6 @@
|
||||
{
|
||||
length=256-length+1;
|
||||
+ if ((ssize_t) length + i > (ssize_t) number_pixels)
|
||||
+ length=number_pixels-(size_t) i;
|
||||
pixel=(*compact_pixels++);
|
||||
packets--;
|
||||
@@ -323,4 +325,6 @@
|
||||
}
|
||||
length++;
|
||||
+ if ((ssize_t) length + i > (ssize_t) number_pixels)
|
||||
+ length=number_pixels-(size_t) i;
|
||||
for (j=0; j < (ssize_t) length; j++)
|
||||
{
|
|
@ -12,9 +12,22 @@ Source0: ftp://ftp.ImageMagick.org/pub/%{name}/%{name}-%{VER}-%{Patchlevel}.tar
|
|||
|
||||
Requires: %{name}-libs = %{version}-%{release}
|
||||
|
||||
# Backport upstream fix http://trac.imagemagick.org/changeset/16765 - bz#1158520
|
||||
Patch1: ImageMagick-6.8.6-CVE-2014-8354.patch
|
||||
# Backport upstream fix http://trac.imagemagick.org/changeset/16774 - bz#1158524
|
||||
Patch2: ImageMagick-6.8.6-CVE-2014-8355.patch
|
||||
# Backport upstream fix http://trac.imagemagick.org/changeset/17846 - bz#1195263
|
||||
Patch3: ImageMagick-6.8.6-hdr-bz#1195263.patch
|
||||
# Backport upstream fix http://trac.imagemagick.org/changeset/17854 - bz#1195265
|
||||
Patch4: ImageMagick-6.8.6-miff-bz#1195265.patch
|
||||
# Backport upstream fix http://trac.imagemagick.org/changeset/17855 - bz#1195269
|
||||
Patch5: ImageMagick-6.8.6-pdb-bz#1195269.patch
|
||||
# Backport upstream fix http://trac.imagemagick.org/changeset/17856 - bz#1195271
|
||||
Patch6: ImageMagick-6.8.6-vicar-bz#1195271.patch
|
||||
|
||||
BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n)
|
||||
BuildRequires: bzip2-devel, freetype-devel, libjpeg-devel, libpng-devel
|
||||
BuildRequires: libtiff-devel, giflib-devel, zlib-devel, perl-devel >= 5.8.1
|
||||
BuildRequires: libtiff-devel, zlib-devel, perl-devel >= 5.8.1
|
||||
BuildRequires: ghostscript-devel, djvulibre-devel
|
||||
BuildRequires: libwmf-devel, jasper-devel, libtool-ltdl-devel
|
||||
BuildRequires: libX11-devel, libXext-devel, libXt-devel
|
||||
|
@ -348,6 +361,23 @@ make %{?_smp_mflags} check
|
|||
* Mon Apr 20 2015 Pavel Alexeev <Pahan@Hubbitus.info> - 6.9.1.2-1
|
||||
- New version 6.9.1-2 - bz#1204371.
|
||||
|
||||
* Tue Mar 10 2015 Pavel Alexeev <Pahan@Hubbitus.info> - 6.8.8.10-9
|
||||
- Merge fixes from f21 branch:
|
||||
o Backport upstream fix http://trac.imagemagick.org/changeset/16765 (bz#1158520) for CVE-2014-8354
|
||||
Add Patch1: ImageMagick-6.8.7-CVE-2014-8354.patch
|
||||
o Backport upstream fix http://trac.imagemagick.org/changeset/16774 (bz#1158524) for CVE-2014-8355
|
||||
Add Patch2: ImageMagick-6.8.6-CVE-2014-8355.patch
|
||||
- Concretize soname versions.
|
||||
- Fix 4 more security bags:
|
||||
o Backport upstream fix http://trac.imagemagick.org/changeset/17846 - bz#1195263
|
||||
Add Patch3: ImageMagick-6.8.6-hdr-bz#1195263.patch
|
||||
o Backport upstream fix http://trac.imagemagick.org/changeset/17854 - bz#1195265
|
||||
Add Patch4: ImageMagick-6.8.6-miff-bz#1195265.patch
|
||||
o Backport upstream fix http://trac.imagemagick.org/changeset/17855 - bz#1195269
|
||||
Add Patch5: ImageMagick-6.8.6-pdb-bz#1195269.patch
|
||||
o Backport upstream fix http://trac.imagemagick.org/changeset/17856 - bz#1195271
|
||||
Add Patch6: ImageMagick-6.8.6-vicar-bz#1195271.patch
|
||||
|
||||
* Mon Mar 09 2015 Pavel Alexeev <Pahan@Hubbitus.info> - 6.9.0.10-1
|
||||
- New version 6.9.0-10 - bz#1197400.
|
||||
|
||||
|
@ -371,31 +401,17 @@ make %{?_smp_mflags} check
|
|||
* Fri Jun 06 2014 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 6.8.8.10-4
|
||||
- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_Mass_Rebuild
|
||||
|
||||
* Wed Apr 2 2014 Pavel Alexeev <Pahan@Hubbitus.info> - 6.8.8.10-3
|
||||
- Concretize soname versions.
|
||||
|
||||
* Sat Mar 29 2014 Pavel Alexeev <Pahan@Hubbitus.info> - 6.8.8.10-2
|
||||
- Update to 6.8.8-10 with hope to fix CVE-2014-1958 (bz#1067276, bz#1067277, bz#1067278), CVE-2014-1947, CVE-2014-2030 (bz#1064098)
|
||||
* Thu Apr 3 2014 Pavel Alexeev <Pahan@Hubbitus.info> - 6.8.6.3-4
|
||||
- Build 6.8.6-3 version because soname bump happened in newer.
|
||||
- Concretize soname versioning.
|
||||
- Add Patch0: ImageMagick-6.8.7-psd-CVE.patch CVE bug fix backporting:
|
||||
http://www.imagemagick.org/discourse-server/viewtopic.php?f=3&t=25128&sid=ff40ad66b1f845c767aa77c7e32f9f9c&p=109901#p109901
|
||||
for fix CVE-2014-1958 (bz#1067276, bz#1067277, bz#1067278), CVE-2014-1947, CVE-2014-2030 (bz#1064098)
|
||||
- Enable %%check by Alexander Todorov suggestion - bz#1076671.
|
||||
- Add %%{?_smp_mflags} into make install and check (not main compilation).
|
||||
|
||||
* Mon Jan 6 2014 Pavel Alexeev <Pahan@Hubbitus.info> - 6.8.7.0-4
|
||||
- Drop BR giflib-devel (bz#1039378)
|
||||
|
||||
* Thu Jan 02 2014 Orion Poplawski <orion@cora.nwra.com> - 6.8.7.0-3
|
||||
- Rebuild for libwebp soname bump
|
||||
|
||||
* Wed Nov 27 2013 Rex Dieter <rdieter@fedoraproject.org> 6.8.7.0-2
|
||||
- rebuild (openexr)
|
||||
|
||||
* Fri Nov 08 2013 Kyle McMartin <kyle@fedoraproject.org>
|
||||
- Use %__isa_bits instead of hardcoding the list of 64-bit architectures.
|
||||
|
||||
* Mon Oct 7 2013 Pavel Alexeev <Pahan@Hubbitus.info> - 6.8.7.0-1
|
||||
- Update to 6.8.7-0 to fix badurl (http://www.mail-archive.com/devel@lists.fedoraproject.org/msg67796.html)
|
||||
|
||||
* Sun Sep 08 2013 Rex Dieter <rdieter@fedoraproject.org> - 6.8.6.3-4
|
||||
- rebuild (openexr)
|
||||
- Porting some other non-destructive minor enhancments from master branch:
|
||||
o Drop BR giflib-devel (bz#1039378)
|
||||
o Use %%__isa_bits instead of hardcoding the list of 64-bit architectures.
|
||||
|
||||
* Fri Aug 02 2013 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 6.8.6.3-3
|
||||
- Rebuilt for https://fedoraproject.org/wiki/Fedora_20_Mass_Rebuild
|
||||
|
|
Loading…
Reference in New Issue