diff options
| author | wiz <wiz> | 2012-07-30 09:20:08 +0000 |
|---|---|---|
| committer | wiz <wiz> | 2012-07-30 09:20:08 +0000 |
| commit | 051233c0ac6cf2ce3f62b8accb0a452cd4c9f903 (patch) | |
| tree | ce3a6efea65c6473586cc4a7111d8308bb549ff5 /graphics | |
| parent | 535912fbaf2de09d007fa0e072b1798480f9700e (diff) | |
| download | pkgsrc-051233c0ac6cf2ce3f62b8accb0a452cd4c9f903.tar.gz | |
Fix possible denial of service. Bump PKGREVISION.
Diffstat (limited to 'graphics')
| -rw-r--r-- | graphics/ImageMagick/Makefile | 4 | ||||
| -rw-r--r-- | graphics/ImageMagick/distinfo | 3 | ||||
| -rw-r--r-- | graphics/ImageMagick/patches/patch-coders_png.c | 44 |
3 files changed, 48 insertions, 3 deletions
diff --git a/graphics/ImageMagick/Makefile b/graphics/ImageMagick/Makefile index 680f6ff0889..ca8956df38c 100644 --- a/graphics/ImageMagick/Makefile +++ b/graphics/ImageMagick/Makefile @@ -1,9 +1,9 @@ -# $NetBSD: Makefile,v 1.182 2012/06/14 07:43:11 sbd Exp $ +# $NetBSD: Makefile,v 1.183 2012/07/30 09:20:08 wiz Exp $ .include "Makefile.common" PKGNAME= ImageMagick-${DISTVERSION} -PKGREVISION= 2 +PKGREVISION= 3 MAINTAINER= adam@NetBSD.org COMMENT= Package for display and interactive manipulation of images diff --git a/graphics/ImageMagick/distinfo b/graphics/ImageMagick/distinfo index f41479eb0a5..0ba125780cc 100644 --- a/graphics/ImageMagick/distinfo +++ b/graphics/ImageMagick/distinfo @@ -1,5 +1,6 @@ -$NetBSD: distinfo,v 1.113 2012/05/29 23:42:24 dsainty Exp $ +$NetBSD: distinfo,v 1.114 2012/07/30 09:20:08 wiz Exp $ SHA1 (ImageMagick-6.7.6-6.tar.bz2) = 7456efb55d2eb37fe7c5a8c131d0247041ce0100 RMD160 (ImageMagick-6.7.6-6.tar.bz2) = 714fa4a68049df810581fe5e8d791812c6a4b255 Size (ImageMagick-6.7.6-6.tar.bz2) = 10484245 bytes +SHA1 (patch-coders_png.c) = 07a1f14fb112d9f0b5b555446f2771c15589e55c diff --git a/graphics/ImageMagick/patches/patch-coders_png.c b/graphics/ImageMagick/patches/patch-coders_png.c new file mode 100644 index 00000000000..96c6ab4d28d --- /dev/null +++ b/graphics/ImageMagick/patches/patch-coders_png.c @@ -0,0 +1,44 @@ +$NetBSD: patch-coders_png.c,v 1.1 2012/07/30 09:20:08 wiz Exp $ + +Tom Lane (tgl@redhat.com) found an issue in ImageMagick. Basically +CVE-2011-3026 deals with libpng memory allocation, limitations have been +added so that a bad PNG can't cause the system to allocate a lot of +memory causing a denial of service. However on further investigation of +ImageMagick Tom Lane found that PNG malloc function (Magick_png_malloc) +in turn calls AcquireMagickMemory with an improper size argument: + +#ifdef PNG_USER_MEM_SUPPORTED +static png_voidp Magick_png_malloc(png_structp png_ptr,png_uint_32 size) +{ + (void) png_ptr; + return((png_voidp) AcquireMagickMemory((size_t) size)); +} + +This is incorrect, the size argument should be declared +png_alloc_size_t according to 1.5, or png_size_t according to 1.2. + +"As this function stands, it invisibly does the wrong thing for any +request over 4GB. On big-endian architectures it very possibly will +do the wrong thing even for requests less than that. So the reason why +the hard-wired 4GB limit prevents a core dump is that it masks the ABI +mismatch here." + +So basically we have memory allocations problems that can probably +lead to a denial of service. + +For more information please see: + +https://bugzilla.redhat.com/show_bug.cgi?id=844101 +https://bugzilla.redhat.com/show_bug.cgi?id=844105 + +--- coders/png.c.orig 2012-04-12 01:52:11.000000000 +0000 ++++ coders/png.c +@@ -1756,7 +1756,7 @@ static void MagickPNGWarningHandler(png_ + } + + #ifdef PNG_USER_MEM_SUPPORTED +-static png_voidp Magick_png_malloc(png_structp png_ptr,png_uint_32 size) ++static png_voidp Magick_png_malloc(png_structp png_ptr,png_alloc_size_t size) + { + (void) png_ptr; + return((png_voidp) AcquireMagickMemory((size_t) size)); |