summaryrefslogtreecommitdiff
path: root/graphics/ImageMagick
diff options
context:
space:
mode:
authorsalo <salo@pkgsrc.org>2006-01-28 02:36:55 +0000
committersalo <salo@pkgsrc.org>2006-01-28 02:36:55 +0000
commit5c81dfe171d2224a536de2b6ab4fda67de60db70 (patch)
treeefa5f843c21bd866d41899dea33b7401be8e6d5f /graphics/ImageMagick
parent5607de5e2e4dc09fcfc4a921a3b846597eae88dd (diff)
downloadpkgsrc-5c81dfe171d2224a536de2b6ab4fda67de60db70.tar.gz
Security fixes for CVE-2006-0082 and Debian bug #345595:
"Format string vulnerabilities in ImageMagick allow user-complicit attackers to cause a denial of service (crash) and possibly execute arbitrary code via a numeric format string specifier such as %d in the file name, a variant of CVE-2005-0397, and as demonstrated using the convert program." Patches from Debian. http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-0082 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=345876 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=345595
Diffstat (limited to 'graphics/ImageMagick')
-rw-r--r--graphics/ImageMagick/Makefile3
-rw-r--r--graphics/ImageMagick/distinfo9
-rw-r--r--graphics/ImageMagick/patches/patch-ab15
-rw-r--r--graphics/ImageMagick/patches/patch-ac34
-rw-r--r--graphics/ImageMagick/patches/patch-ad51
-rw-r--r--graphics/ImageMagick/patches/patch-ae34
-rw-r--r--graphics/ImageMagick/patches/patch-af15
-rw-r--r--graphics/ImageMagick/patches/patch-ag82
-rw-r--r--graphics/ImageMagick/patches/patch-ah14
9 files changed, 255 insertions, 2 deletions
diff --git a/graphics/ImageMagick/Makefile b/graphics/ImageMagick/Makefile
index e4c2053120c..bbae75a4ff9 100644
--- a/graphics/ImageMagick/Makefile
+++ b/graphics/ImageMagick/Makefile
@@ -1,8 +1,9 @@
-# $NetBSD: Makefile,v 1.136 2006/01/26 20:38:18 adam Exp $
+# $NetBSD: Makefile,v 1.137 2006/01/28 02:36:55 salo Exp $
.include "Makefile.common"
PKGNAME= ImageMagick-${DISTVERSION}
+PKGREVISION= 1
MAINTAINER= adam@NetBSD.org
HOMEPAGE= http://www.simplesystems.org/ImageMagick/
diff --git a/graphics/ImageMagick/distinfo b/graphics/ImageMagick/distinfo
index 73c09f9b95a..b3b91fd7016 100644
--- a/graphics/ImageMagick/distinfo
+++ b/graphics/ImageMagick/distinfo
@@ -1,6 +1,13 @@
-$NetBSD: distinfo,v 1.57 2006/01/26 20:38:18 adam Exp $
+$NetBSD: distinfo,v 1.58 2006/01/28 02:36:55 salo Exp $
SHA1 (ImageMagick-6.2.6-0.tar.bz2) = 0cf67149e806053a63fdaec70de913a9fd72aaf9
RMD160 (ImageMagick-6.2.6-0.tar.bz2) = 34d8ea5408439c536ac2c791c7ad2fafa1424671
Size (ImageMagick-6.2.6-0.tar.bz2) = 5139235 bytes
SHA1 (patch-aa) = b5002ca0bd553c27a23f3ea9835e5b6c738f4f8d
+SHA1 (patch-ab) = 8b6e1c08d3e48dd76f8b4ae98297f6ab78017313
+SHA1 (patch-ac) = 0fed1246c6d36ba8549a60c859cbed2e213f8ec7
+SHA1 (patch-ad) = a98725b948b5c58c509d5d0c623831e2d3a452cb
+SHA1 (patch-ae) = a3134b37c2830b7ea094a1e10c1847e596a7c78c
+SHA1 (patch-af) = db1af7fa7f143cd4fa45a83310f209e928959ae6
+SHA1 (patch-ag) = 732bcd06b712d2bdae5b05845be98603d2b75282
+SHA1 (patch-ah) = b240858ffb307f89cdfca402ce02b6d299f1b984
diff --git a/graphics/ImageMagick/patches/patch-ab b/graphics/ImageMagick/patches/patch-ab
new file mode 100644
index 00000000000..9982d5b0940
--- /dev/null
+++ b/graphics/ImageMagick/patches/patch-ab
@@ -0,0 +1,15 @@
+$NetBSD: patch-ab,v 1.16 2006/01/28 02:36:55 salo Exp $
+
+Security fix for CVE-2006-0082, from Debian.
+
+--- wand/animate.c.orig 2006-01-13 05:49:46.000000000 +0100
++++ wand/animate.c 2006-01-28 02:24:20.000000000 +0100
+@@ -410,7 +410,7 @@
+ /*
+ Form filename for multi-part images.
+ */
+- (void) FormatMagickString(filename,MaxTextExtent,
++ (void) FormatMagickStringNumeric(filename,MaxTextExtent,
+ image_info->filename,scene);
+ if (LocaleCompare(filename,image_info->filename) == 0)
+ (void) FormatMagickString(filename,MaxTextExtent,"%s[%lu]",
diff --git a/graphics/ImageMagick/patches/patch-ac b/graphics/ImageMagick/patches/patch-ac
new file mode 100644
index 00000000000..335957457d9
--- /dev/null
+++ b/graphics/ImageMagick/patches/patch-ac
@@ -0,0 +1,34 @@
+$NetBSD: patch-ac,v 1.12 2006/01/28 02:36:55 salo Exp $
+
+Security fix for CVE-2006-0082, from Debian.
+
+--- magick/blob.c.orig 2006-01-19 00:30:32.000000000 +0100
++++ magick/blob.c 2006-01-28 02:29:06.000000000 +0100
+@@ -1913,25 +1913,8 @@
+ /*
+ Form filename for multi-part images.
+ */
+- (void) CopyMagickString(filename,image->filename,MaxTextExtent);
+- for (p=strchr(filename,'%'); p != (char *) NULL; p=strchr(p+1,'%'))
+- {
+- char
+- *q;
+-
+- q=p+1;
+- if (*q == '0')
+- (void) strtol(q,&q,10);
+- if ((*q == '%') || (*q == 'd') || (*q == 'o') || (*q == 'x'))
+- {
+- char
+- format[MaxTextExtent];
+-
+- (void) CopyMagickString(format,p,MaxTextExtent);
+- (void) FormatMagickString(p,MaxTextExtent,format,image->scene);
+- break;
+- }
+- }
++ (void) FormatMagickStringNumeric(filename,MaxTextExtent,image->filename,
++ image->scene);
+ if (image_info->adjoin == MagickFalse)
+ if ((image->previous != (Image *) NULL) ||
+ (GetNextImageInList(image) != (Image *) NULL))
diff --git a/graphics/ImageMagick/patches/patch-ad b/graphics/ImageMagick/patches/patch-ad
new file mode 100644
index 00000000000..da500f027cc
--- /dev/null
+++ b/graphics/ImageMagick/patches/patch-ad
@@ -0,0 +1,51 @@
+$NetBSD: patch-ad,v 1.9 2006/01/28 02:36:55 salo Exp $
+
+Security fixes for CVE-2006-0082 and #345595, from Debian.
+
+--- wand/display.c.orig 2006-01-13 05:49:46.000000000 +0100
++++ wand/display.c 2006-01-28 02:35:54.000000000 +0100
+@@ -315,10 +315,7 @@
+ image_number=0;
+ last_image=0;
+ last_scene=0;
+- image_marker=(unsigned long *)
+- AcquireMagickMemory((argc+1)*sizeof(*image_marker));
+- for (i=0; i <= argc; i++)
+- image_marker[i]=(unsigned long) argc;
++ image_marker=(unsigned long *) NULL;
+ option=(char *) NULL;
+ pend=MagickFalse;
+ resource_database=(XrmDatabase) NULL;
+@@ -326,9 +323,6 @@
+ server_name=(char *) NULL;
+ state=0;
+ status=MagickTrue;
+- if (image_marker == (unsigned long *) NULL)
+- ThrowDisplayException(ResourceLimitError,"MemoryAllocationFailed",
+- strerror(errno));
+ /*
+ Check for server name specified on the command line.
+ */
+@@ -337,6 +331,13 @@
+ if (status == MagickFalse)
+ ThrowDisplayException(ResourceLimitError,"MemoryAllocationFailed",
+ strerror(errno));
++ image_marker=(unsigned long *)
++ AcquireMagickMemory((argc+1)*sizeof(*image_marker));
++ for (i=0; i <= argc; i++)
++ image_marker[i]=(unsigned long) argc;
++ if (image_marker == (unsigned long *) NULL)
++ ThrowDisplayException(ResourceLimitError,"MemoryAllocationFailed",
++ strerror(errno));
+ for (i=1; i < (long) argc; i++)
+ {
+ /*
+@@ -461,7 +462,7 @@
+ /*
+ Form filename for multi-part images.
+ */
+- (void) FormatMagickString(filename,MaxTextExtent,
++ (void) FormatMagickStringNumeric(filename,MaxTextExtent,
+ image_info->filename,scene);
+ if (LocaleCompare(filename,image_info->filename) == 0)
+ (void) FormatMagickString(filename,MaxTextExtent,"%s.%lu",
diff --git a/graphics/ImageMagick/patches/patch-ae b/graphics/ImageMagick/patches/patch-ae
new file mode 100644
index 00000000000..1588a67049e
--- /dev/null
+++ b/graphics/ImageMagick/patches/patch-ae
@@ -0,0 +1,34 @@
+$NetBSD: patch-ae,v 1.6 2006/01/28 02:36:55 salo Exp $
+
+Security fix for CVE-2006-0082, from Debian.
+
+--- magick/image.c.orig 2006-01-17 17:20:54.000000000 +0100
++++ magick/image.c 2006-01-28 02:42:54.000000000 +0100
+@@ -2780,25 +2780,8 @@
+ /*
+ Rectify multi-image file support.
+ */
+- (void) CopyMagickString(filename,image_info->filename,MaxTextExtent);
+- for (p=strchr(filename,'%'); p != (char *) NULL; p=strchr(p+1,'%'))
+- {
+- char
+- *q;
+-
+- q=(char *) p+1;
+- if (*q == '0')
+- (void) strtol(q,&q,10);
+- if ((*q == '%') || (*q == 'd') || (*q == 'o') || (*q == 'x'))
+- {
+- char
+- format[MaxTextExtent];
+-
+- (void) CopyMagickString(format,p,MaxTextExtent);
+- (void) FormatMagickString(p,MaxTextExtent,format,image_info->scene);
+- break;
+- }
+- }
++ (void) FormatMagickStringNumeric(filename,MaxTextExtent,
++ image_info->filename,image_info->scene);
+ if ((LocaleCompare(filename,image_info->filename) != 0) &&
+ (strchr(filename,'%') == (char *) NULL))
+ image_info->adjoin=MagickFalse;
diff --git a/graphics/ImageMagick/patches/patch-af b/graphics/ImageMagick/patches/patch-af
new file mode 100644
index 00000000000..b465163ce61
--- /dev/null
+++ b/graphics/ImageMagick/patches/patch-af
@@ -0,0 +1,15 @@
+$NetBSD: patch-af,v 1.6 2006/01/28 02:36:55 salo Exp $
+
+Security fix for CVE-2006-0082, from Debian.
+
+--- wand/montage.c.orig 2006-01-13 05:49:46.000000000 +0100
++++ wand/montage.c 2006-01-28 02:51:49.000000000 +0100
+@@ -340,7 +340,7 @@
+ /*
+ Form filename for multi-part images.
+ */
+- (void) FormatMagickString(filename,MaxTextExtent,
++ (void) FormatMagickStringNumeric(filename,MaxTextExtent,
+ image_info->filename,scene);
+ if (LocaleCompare(filename,image_info->filename) == 0)
+ (void) FormatMagickString(filename,MaxTextExtent,"%s.%lu",
diff --git a/graphics/ImageMagick/patches/patch-ag b/graphics/ImageMagick/patches/patch-ag
new file mode 100644
index 00000000000..06b51d5aef3
--- /dev/null
+++ b/graphics/ImageMagick/patches/patch-ag
@@ -0,0 +1,82 @@
+$NetBSD: patch-ag,v 1.4 2006/01/28 02:36:55 salo Exp $
+
+Security fix for CVE-2006-0082, from Debian.
+
+--- magick/string.c.orig 2006-01-08 23:49:09.000000000 +0100
++++ magick/string.c 2006-01-28 02:54:01.000000000 +0100
+@@ -971,6 +971,75 @@
+ % %
+ % %
+ % %
++% F o r m a t M a g i c k S t r i n g N u m e r i c %
++% %
++% %
++% %
++%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
++%
++% Method FormatMagickStringNumeric formats output for a single numeric
++% argument. It takes into account that the format string given might be
++% untrusted user input, and returns the length of the formatted string.
++%
++% The format of the FormatMagickStringNumeric method is:
++%
++% long FormatMagickStringNumeric(char *string,const size_t length,
++% const char *format,int value)
++%
++% A description of each parameter follows.
++%
++% o string: FormatMagickStringNumeric() returns the formatted string in this
++% character buffer.
++%
++% o length: The maximum length of the string.
++%
++% o format: A string describing the format to use to write the numeric
++% argument. Only the first numeric format identifier is replaced.
++%
++% o value: Numeric value to substitute into format string.
++%
++%
++*/
++MagickExport long FormatMagickStringNumeric(char *string,const size_t length,const char *format,int value)
++{
++ char
++ *p;
++
++ (void) CopyMagickString(string, format, length);
++
++ for (p=strchr(format,'%'); p != (char *) NULL; p=strchr(p+1,'%'))
++ {
++ char
++ *q;
++
++ q=(char *) p+1;
++ if (*q == '0')
++ (void) strtol(q,&q,10);
++ if ((*q == '%') || (*q == 'd') || (*q == 'o') || (*q == 'x'))
++ {
++ char
++ c;
++
++ q++;
++ c=*q;
++ *q='\0';
++ (void) snprintf(string+(p-format),length-(p-format),p,value);
++ *q=c;
++ (void) ConcatenateMagickString(string,q,length);
++ if (*(q-1) == '%')
++ p++;
++ else
++ break;
++ }
++ }
++ return (long)strlen(string);
++}
++
++/*
++%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
++% %
++% %
++% %
+ % F o r m a t M a g i c k S t r i n g %
+ % %
+ % %
diff --git a/graphics/ImageMagick/patches/patch-ah b/graphics/ImageMagick/patches/patch-ah
new file mode 100644
index 00000000000..3e0deca36cb
--- /dev/null
+++ b/graphics/ImageMagick/patches/patch-ah
@@ -0,0 +1,14 @@
+$NetBSD: patch-ah,v 1.3 2006/01/28 02:36:55 salo Exp $
+
+Security fix for CVE-2006-0082, from Debian.
+
+--- magick/string_.h.orig 2006-01-08 06:14:02.000000000 +0100
++++ magick/string_.h 2006-01-28 03:04:20.000000000 +0100
+@@ -61,6 +61,7 @@
+ magick_attribute((format (printf,3,4))),
+ FormatMagickStringList(char *,const size_t,const char *,va_list)
+ magick_attribute((format (printf,3,0))),
++ FormatMagickStringNumeric(char *,const size_t,const char *,int),
+ FormatMagickTime(const time_t,const size_t,char *),
+ LocaleCompare(const char *,const char *),
+ LocaleNCompare(const char *,const char *,const size_t);
generated by cgit v1.2.3 (git 2.39.1) at 2024-07-25 00:57:42 +0000