diff options
| author | wiz <wiz@pkgsrc.org> | 2012-07-30 09:25:29 +0000 |
|---|---|---|
| committer | wiz <wiz@pkgsrc.org> | 2012-07-30 09:25:29 +0000 |
| commit | 3a65190d34bff2e50bf704b5ca95c78ce65694e0 (patch) | |
| tree | a07154dd0bc7e429761567929a9ea72220490edd /graphics | |
| parent | d4d06999319113bae68d537f1d2d0016c22e8295 (diff) | |
| download | pkgsrc-3a65190d34bff2e50bf704b5ca95c78ce65694e0.tar.gz | |
Fix possible security problem. Bump PKGREVISION.
Diffstat (limited to 'graphics')
| -rw-r--r-- | graphics/GraphicsMagick/Makefile | 4 | ||||
| -rw-r--r-- | graphics/GraphicsMagick/distinfo | 3 | ||||
| -rw-r--r-- | graphics/GraphicsMagick/patches/patch-coders_png.c | 44 |
3 files changed, 49 insertions, 2 deletions
diff --git a/graphics/GraphicsMagick/Makefile b/graphics/GraphicsMagick/Makefile index a4230b0f334..2bb215d6bbb 100644 --- a/graphics/GraphicsMagick/Makefile +++ b/graphics/GraphicsMagick/Makefile @@ -1,8 +1,10 @@ -# $NetBSD: Makefile,v 1.48 2012/06/24 02:03:45 obache Exp $ +# $NetBSD: Makefile,v 1.49 2012/07/30 09:25:29 wiz Exp $ # .include "Makefile.common" +PKGREVISION= 1 + MAINTAINER= pkgsrc-users@NetBSD.org HOMEPAGE= http://www.graphicsmagick.org/ COMMENT= X application for displaying and manipulating images diff --git a/graphics/GraphicsMagick/distinfo b/graphics/GraphicsMagick/distinfo index 00856189c8b..3fcfd02e885 100644 --- a/graphics/GraphicsMagick/distinfo +++ b/graphics/GraphicsMagick/distinfo @@ -1,5 +1,6 @@ -$NetBSD: distinfo,v 1.30 2012/06/24 02:03:45 obache Exp $ +$NetBSD: distinfo,v 1.31 2012/07/30 09:25:29 wiz Exp $ SHA1 (GraphicsMagick-1.3.16.tar.gz) = f2ec0392d7a7d5cbe0d5bdff2931edbacedd73e9 RMD160 (GraphicsMagick-1.3.16.tar.gz) = 75b12d2f0839ea384a3d861da6295995be11bfad Size (GraphicsMagick-1.3.16.tar.gz) = 8736761 bytes +SHA1 (patch-coders_png.c) = 92e145867f767ba069fa5bb63a1b67bad946dbfa diff --git a/graphics/GraphicsMagick/patches/patch-coders_png.c b/graphics/GraphicsMagick/patches/patch-coders_png.c new file mode 100644 index 00000000000..314f42f2413 --- /dev/null +++ b/graphics/GraphicsMagick/patches/patch-coders_png.c @@ -0,0 +1,44 @@ +$NetBSD: patch-coders_png.c,v 1.3 2012/07/30 09:25:29 wiz Exp $ + +Tom Lane (tgl@redhat.com) found an issue in ImageMagick. Basically +CVE-2011-3026 deals with libpng memory allocation, limitations have been +added so that a bad PNG can't cause the system to allocate a lot of +memory causing a denial of service. However on further investigation of +ImageMagick Tom Lane found that PNG malloc function (Magick_png_malloc) +in turn calls AcquireMagickMemory with an improper size argument: + +#ifdef PNG_USER_MEM_SUPPORTED +static png_voidp Magick_png_malloc(png_structp png_ptr,png_uint_32 size) +{ + (void) png_ptr; + return((png_voidp) AcquireMagickMemory((size_t) size)); +} + +This is incorrect, the size argument should be declared +png_alloc_size_t according to 1.5, or png_size_t according to 1.2. + +"As this function stands, it invisibly does the wrong thing for any +request over 4GB. On big-endian architectures it very possibly will +do the wrong thing even for requests less than that. So the reason why +the hard-wired 4GB limit prevents a core dump is that it masks the ABI +mismatch here." + +So basically we have memory allocations problems that can probably +lead to a denial of service. + +For more information please see: + +https://bugzilla.redhat.com/show_bug.cgi?id=844101 +https://bugzilla.redhat.com/show_bug.cgi?id=844105 + +--- coders/png.c.orig 2012-06-23 20:10:10.000000000 +0000 ++++ coders/png.c +@@ -1360,7 +1360,7 @@ static void PNGWarningHandler(png_struct + } + + #ifdef PNG_USER_MEM_SUPPORTED +-static png_voidp png_IM_malloc(png_structp png_ptr,png_uint_32 size) ++static png_voidp png_IM_malloc(png_structp png_ptr,png_alloc_size_t size) + { + (void) png_ptr; + return MagickAllocateMemory(png_voidp,(size_t) size); |