diff options
author | tron <tron@pkgsrc.org> | 2012-07-31 18:01:01 +0000 |
---|---|---|
committer | tron <tron@pkgsrc.org> | 2012-07-31 18:01:01 +0000 |
commit | 4ffa04c04463b3a6c5c19f47b427d006da6a39ed (patch) | |
tree | e49664243d05734ab402caed0cd38dcf3509809c | |
parent | 05bd66a6767341780c3710eb35aaeb48462dc7d1 (diff) | |
download | pkgsrc-4ffa04c04463b3a6c5c19f47b427d006da6a39ed.tar.gz |
Pullup ticket #3884 - requested by wiz
graphics/GraphicsMagick: security patch
Revisions pulled up:
- graphics/GraphicsMagick/Makefile 1.49
- graphics/GraphicsMagick/distinfo 1.31
- graphics/GraphicsMagick/patches/patch-coders_png.c 1.3
---
Module Name: pkgsrc
Committed By: wiz
Date: Mon Jul 30 09:25:29 UTC 2012
Modified Files:
pkgsrc/graphics/GraphicsMagick: Makefile distinfo
Added Files:
pkgsrc/graphics/GraphicsMagick/patches: patch-coders_png.c
Log Message:
Fix possible security problem. Bump PKGREVISION.
-rw-r--r-- | graphics/GraphicsMagick/Makefile | 4 | ||||
-rw-r--r-- | graphics/GraphicsMagick/distinfo | 3 | ||||
-rw-r--r-- | graphics/GraphicsMagick/patches/patch-coders_png.c | 44 |
3 files changed, 49 insertions, 2 deletions
diff --git a/graphics/GraphicsMagick/Makefile b/graphics/GraphicsMagick/Makefile index a4230b0f334..e4bc2cb87f2 100644 --- a/graphics/GraphicsMagick/Makefile +++ b/graphics/GraphicsMagick/Makefile @@ -1,8 +1,10 @@ -# $NetBSD: Makefile,v 1.48 2012/06/24 02:03:45 obache Exp $ +# $NetBSD: Makefile,v 1.48.2.1 2012/07/31 18:01:01 tron Exp $ # .include "Makefile.common" +PKGREVISION= 1 + MAINTAINER= pkgsrc-users@NetBSD.org HOMEPAGE= http://www.graphicsmagick.org/ COMMENT= X application for displaying and manipulating images diff --git a/graphics/GraphicsMagick/distinfo b/graphics/GraphicsMagick/distinfo index 00856189c8b..acbefd69ea2 100644 --- a/graphics/GraphicsMagick/distinfo +++ b/graphics/GraphicsMagick/distinfo @@ -1,5 +1,6 @@ -$NetBSD: distinfo,v 1.30 2012/06/24 02:03:45 obache Exp $ +$NetBSD: distinfo,v 1.30.2.1 2012/07/31 18:01:01 tron Exp $ SHA1 (GraphicsMagick-1.3.16.tar.gz) = f2ec0392d7a7d5cbe0d5bdff2931edbacedd73e9 RMD160 (GraphicsMagick-1.3.16.tar.gz) = 75b12d2f0839ea384a3d861da6295995be11bfad Size (GraphicsMagick-1.3.16.tar.gz) = 8736761 bytes +SHA1 (patch-coders_png.c) = 92e145867f767ba069fa5bb63a1b67bad946dbfa diff --git a/graphics/GraphicsMagick/patches/patch-coders_png.c b/graphics/GraphicsMagick/patches/patch-coders_png.c new file mode 100644 index 00000000000..98042a4ee74 --- /dev/null +++ b/graphics/GraphicsMagick/patches/patch-coders_png.c @@ -0,0 +1,44 @@ +$NetBSD: patch-coders_png.c,v 1.3.2.2 2012/07/31 18:01:02 tron Exp $ + +Tom Lane (tgl@redhat.com) found an issue in ImageMagick. Basically +CVE-2011-3026 deals with libpng memory allocation, limitations have been +added so that a bad PNG can't cause the system to allocate a lot of +memory causing a denial of service. However on further investigation of +ImageMagick Tom Lane found that PNG malloc function (Magick_png_malloc) +in turn calls AcquireMagickMemory with an improper size argument: + +#ifdef PNG_USER_MEM_SUPPORTED +static png_voidp Magick_png_malloc(png_structp png_ptr,png_uint_32 size) +{ + (void) png_ptr; + return((png_voidp) AcquireMagickMemory((size_t) size)); +} + +This is incorrect, the size argument should be declared +png_alloc_size_t according to 1.5, or png_size_t according to 1.2. + +"As this function stands, it invisibly does the wrong thing for any +request over 4GB. On big-endian architectures it very possibly will +do the wrong thing even for requests less than that. So the reason why +the hard-wired 4GB limit prevents a core dump is that it masks the ABI +mismatch here." + +So basically we have memory allocations problems that can probably +lead to a denial of service. + +For more information please see: + +https://bugzilla.redhat.com/show_bug.cgi?id=844101 +https://bugzilla.redhat.com/show_bug.cgi?id=844105 + +--- coders/png.c.orig 2012-06-23 20:10:10.000000000 +0000 ++++ coders/png.c +@@ -1360,7 +1360,7 @@ static void PNGWarningHandler(png_struct + } + + #ifdef PNG_USER_MEM_SUPPORTED +-static png_voidp png_IM_malloc(png_structp png_ptr,png_uint_32 size) ++static png_voidp png_IM_malloc(png_structp png_ptr,png_alloc_size_t size) + { + (void) png_ptr; + return MagickAllocateMemory(png_voidp,(size_t) size); |