diff options
| author | obache <obache@pkgsrc.org> | 2009-08-08 04:41:07 +0000 |
|---|---|---|
| committer | obache <obache@pkgsrc.org> | 2009-08-08 04:41:07 +0000 |
| commit | f1e1566a10c7d6a80ad6bebf481dbf01e6d4cf07 (patch) | |
| tree | 3dc9201091bde8294b43ab9db3c260c22c7b22dc /graphics/GraphicsMagick | |
| parent | 7b757f80a2d59feeaaa0eb53ca4376fdfb23ae1d (diff) | |
| download | pkgsrc-f1e1566a10c7d6a80ad6bebf481dbf01e6d4cf07.tar.gz | |
Add an patch to fixes CVE-2008-1097, taken from upstream repository.
Bump PKGREVISION.
Diffstat (limited to 'graphics/GraphicsMagick')
| -rw-r--r-- | graphics/GraphicsMagick/Makefile | 3 | ||||
| -rw-r--r-- | graphics/GraphicsMagick/distinfo | 3 | ||||
| -rw-r--r-- | graphics/GraphicsMagick/patches/patch-ab | 19 |
3 files changed, 23 insertions, 2 deletions
diff --git a/graphics/GraphicsMagick/Makefile b/graphics/GraphicsMagick/Makefile index 00547540b1a..a4559012326 100644 --- a/graphics/GraphicsMagick/Makefile +++ b/graphics/GraphicsMagick/Makefile @@ -1,7 +1,8 @@ -# $NetBSD: Makefile,v 1.21 2009/01/27 04:38:44 obache Exp $ +# $NetBSD: Makefile,v 1.22 2009/08/08 04:41:07 obache Exp $ # DISTNAME= GraphicsMagick-1.3.5 +PKGREVISION= 1 CATEGORIES= graphics MASTER_SITES= ${MASTER_SITE_SOURCEFORGE:=graphicsmagick/} \ ftp://ftp.graphicsmagick.org/pub/GraphicsMagick/1.3/ diff --git a/graphics/GraphicsMagick/distinfo b/graphics/GraphicsMagick/distinfo index ad2d16ce598..40edcd32ebc 100644 --- a/graphics/GraphicsMagick/distinfo +++ b/graphics/GraphicsMagick/distinfo @@ -1,5 +1,6 @@ -$NetBSD: distinfo,v 1.17 2009/01/27 04:38:44 obache Exp $ +$NetBSD: distinfo,v 1.18 2009/08/08 04:41:07 obache Exp $ SHA1 (GraphicsMagick-1.3.5.tar.gz) = f0a8ba6ccfd03be3fa1d29eaa55b8faa73e5e7a2 RMD160 (GraphicsMagick-1.3.5.tar.gz) = cef96710a916954ecce894b03e058aaf5a304480 Size (GraphicsMagick-1.3.5.tar.gz) = 7386555 bytes +SHA1 (patch-ab) = f4e501afbfb5822a6803be76826e70de9a4cee15 diff --git a/graphics/GraphicsMagick/patches/patch-ab b/graphics/GraphicsMagick/patches/patch-ab new file mode 100644 index 00000000000..8ccda944408 --- /dev/null +++ b/graphics/GraphicsMagick/patches/patch-ab @@ -0,0 +1,19 @@ +$NetBSD: patch-ab,v 1.1 2009/08/08 04:41:08 obache Exp $ + +Detect improper rows, columns, or depth. +Fixes CVE-2008-1097 "Memory corruption in ImageMagick's PCX coder". + +http://cvs.graphicsmagick.org/cgi-bin/cvsweb.cgi/GraphicsMagick/coders/pcx.c.diff?r1=1.135;r2=1.136 + +--- coders/pcx.c.orig 2008-11-07 17:36:01.000000000 +0000 ++++ coders/pcx.c +@@ -302,6 +302,9 @@ static Image *ReadPCXImage(const ImageIn + */ + image->columns=(pcx_info.right-pcx_info.left)+1; + image->rows=(pcx_info.bottom-pcx_info.top)+1; ++ if ((image->columns == 0) || (image->rows == 0) || ++ (pcx_info.bits_per_pixel == 0)) ++ ThrowReaderException(CorruptImageError,ImproperImageHeader,image); + image->depth=pcx_info.bits_per_pixel <= 8 ? 8 : QuantumDepth; + image->units=PixelsPerInchResolution; + image->x_resolution=pcx_info.horizontal_resolution; |