Add some security fix regarding to

http://www.imagemagick.org/discourse-server/viewtopic.php?f=4&t=20629. [CVE-2012-0259] JPEG EXIF tag crash. [CVE-2012-0260] Excessive memory use with JPEG restart markers. [CVE-2012-1798] Copying of invalid memory when reading TIFF EXIF IFD. Bump PKGREVISION.
author: taca <taca@pkgsrc.org> 2012-03-30 03:50:47 +0000
committer: taca <taca@pkgsrc.org> 2012-03-30 03:50:47 +0000
commit: efe4b5b46f58a3014503e62585839ebcd10ca936 (patch)
tree: 245da1959b5eca76c9ae64fb889110e067d949d4 /graphics/ImageMagick
parent: e683dbbff246340332446e9bdfefdae0fe1ec6d1 (diff)
download: pkgsrc-efe4b5b46f58a3014503e62585839ebcd10ca936.tar.gz
5 files changed, 65 insertions, 2 deletions
diff --git a/graphics/ImageMagick/Makefile b/graphics/ImageMagick/Makefile
index fdceb9d5b83..58bc5615be9 100644
--- a/graphics/ImageMagick/Makefile
+++ b/graphics/ImageMagick/Makefile
@@ -1,8 +1,9 @@
-# $NetBSD: Makefile,v 1.177 2012/03/21 18:12:42 drochner Exp $
+# $NetBSD: Makefile,v 1.178 2012/03/30 03:50:47 taca Exp $
 
 .include "Makefile.common"
 
 PKGNAME=	ImageMagick-${DISTVERSION}
+PKGREVISION=	1
 
 MAINTAINER=	adam@NetBSD.org
 COMMENT=	Package for display and interactive manipulation of images
diff --git a/graphics/ImageMagick/distinfo b/graphics/ImageMagick/distinfo
index 5373012040a..86166f4b124 100644
--- a/graphics/ImageMagick/distinfo
+++ b/graphics/ImageMagick/distinfo
@@ -1,5 +1,8 @@
-$NetBSD: distinfo,v 1.109 2012/03/21 18:12:42 drochner Exp $
+$NetBSD: distinfo,v 1.110 2012/03/30 03:50:47 taca Exp $
 
 SHA1 (ImageMagick-6.7.5-10.tar.bz2) = e19d7d5148de58d56a02d68049bb5d3ba470f53c
 RMD160 (ImageMagick-6.7.5-10.tar.bz2) = 5ff5b7ddc773beb048773cc252c5d306eaf28e50
 Size (ImageMagick-6.7.5-10.tar.bz2) = 10416791 bytes
+SHA1 (patch-coders_jpeg.c) = 77e47f58ee3c46888f2edeafa1964e5145b65c25
+SHA1 (patch-coders_tiff.c) = ff11a7fe6f47cd3fb7afeab986851ac417366722
+SHA1 (patch-magick_property.c) = 19c345afac494a6599ef65a8a273f52095071127
diff --git a/graphics/ImageMagick/patches/patch-coders_jpeg.c b/graphics/ImageMagick/patches/patch-coders_jpeg.c
new file mode 100644
index 00000000000..422f2cfa6b9
--- /dev/null
+++ b/graphics/ImageMagick/patches/patch-coders_jpeg.c
@@ -0,0 +1,29 @@
+$NetBSD: patch-coders_jpeg.c,v 1.1 2012/03/30 03:50:47 taca Exp $
+
+* Fix for CVE-2012-0260.
+
+--- coders/jpeg.c.orig	2012-03-02 17:37:45.000000000 +0000
++++ coders/jpeg.c
+@@ -319,6 +319,8 @@ static void JPEGErrorHandler(j_common_pt
+ 
+ static MagickBooleanType JPEGWarningHandler(j_common_ptr jpeg_info,int level)
+ {
++#define JPEGExcessiveWarnings	1000
++
+   char
+     message[JMSG_LENGTH_MAX];
+ 
+@@ -337,11 +339,12 @@ static MagickBooleanType JPEGWarningHand
+         Process warning message.
+       */
+       (jpeg_info->err->format_message)(jpeg_info,message);
++      if (jpeg_info->err->num_warnings++ > JPEGExcessiveWarnings)
++	JPEGErrorHandler(jpeg_info);
+       if ((jpeg_info->err->num_warnings == 0) ||
+           (jpeg_info->err->trace_level >= 3))
+         ThrowBinaryException(CorruptImageWarning,(char *) message,
+           image->filename);
+-      jpeg_info->err->num_warnings++;
+     }
+   else
+     if ((image->debug != MagickFalse) &&
diff --git a/graphics/ImageMagick/patches/patch-coders_tiff.c b/graphics/ImageMagick/patches/patch-coders_tiff.c
new file mode 100644
index 00000000000..dd72af445da
--- /dev/null
+++ b/graphics/ImageMagick/patches/patch-coders_tiff.c
@@ -0,0 +1,15 @@
+$NetBSD: patch-coders_tiff.c,v 1.1 2012/03/30 03:50:47 taca Exp $
+
+* Fix for CVE-2012-1798.
+
+--- coders/tiff.c.orig	2012-02-14 00:43:58.000000000 +0000
++++ coders/tiff.c
+@@ -647,7 +647,7 @@ static void TIFFGetEXIFProperties(TIFF *
+         ascii=(char *) NULL;
+         if ((TIFFGetField(tiff,exif_info[i].tag,&ascii,&sans,&sans) != 0) &&
+             (ascii != (char *) NULL) && (*ascii != '\0'))
+-          (void) CopyMagickMemory(value,ascii,MaxTextExtent);
++          (void) CopyMagickString(value,ascii,MaxTextExtent);
+         break;
+       }
+       case TIFF_SHORT:
diff --git a/graphics/ImageMagick/patches/patch-magick_property.c b/graphics/ImageMagick/patches/patch-magick_property.c
new file mode 100644
index 00000000000..6a515a40f6b
--- /dev/null
+++ b/graphics/ImageMagick/patches/patch-magick_property.c
@@ -0,0 +1,15 @@
+$NetBSD: patch-magick_property.c,v 1.1 2012/03/30 03:50:47 taca Exp $
+
+* Fix for CVE-2012-0259.
+
+--- magick/property.c.orig	2012-03-01 01:41:19.000000000 +0000
++++ magick/property.c
+@@ -1309,6 +1309,8 @@ static MagickBooleanType GetEXIFProperty
+             buffer[MaxTextExtent],
+             *value;
+ 
++	  value = NULL;
++	  *buffer = '\0';
+           switch (format)
+           {
+             case EXIF_FMT_BYTE:
author	taca <taca@pkgsrc.org>	2012-03-30 03:50:47 +0000
committer	taca <taca@pkgsrc.org>	2012-03-30 03:50:47 +0000
commit	efe4b5b46f58a3014503e62585839ebcd10ca936 (patch)
tree	245da1959b5eca76c9ae64fb889110e067d949d4 /graphics/ImageMagick
parent	e683dbbff246340332446e9bdfefdae0fe1ec6d1 (diff)
download	pkgsrc-efe4b5b46f58a3014503e62585839ebcd10ca936.tar.gz