diff options
author | Natanael Copa <ncopa@alpinelinux.org> | 2016-10-21 14:40:34 +0200 |
---|---|---|
committer | Natanael Copa <ncopa@alpinelinux.org> | 2016-10-21 14:40:34 +0200 |
commit | a9c59696d69df232d543f278c34f1241e3c1e103 (patch) | |
tree | 2bdee9287a40bb67d8142409d5114525eff5f2d2 | |
parent | 7a1fa50fc838cd70f0faff3af1d1c258a13001ec (diff) | |
download | alpine_aports-a9c59696d69df232d543f278c34f1241e3c1e103.tar.bz2 alpine_aports-a9c59696d69df232d543f278c34f1241e3c1e103.tar.xz alpine_aports-a9c59696d69df232d543f278c34f1241e3c1e103.zip |
main/imagemagic: security fix for CVE-2016-7799 CVE-2016-7906
fixes #6325
-rw-r--r-- | main/imagemagick/APKBUILD | 22 | ||||
-rw-r--r-- | main/imagemagick/CVE-2016-7799.patch | 22 | ||||
-rw-r--r-- | main/imagemagick/CVE-2016-7906.patch | 22 |
3 files changed, 61 insertions, 5 deletions
diff --git a/main/imagemagick/APKBUILD b/main/imagemagick/APKBUILD index b379c98385..0ab2e44018 100644 --- a/main/imagemagick/APKBUILD +++ b/main/imagemagick/APKBUILD | |||
@@ -5,7 +5,7 @@ pkgname=imagemagick | |||
5 | pkgver=6.9.5.9 | 5 | pkgver=6.9.5.9 |
6 | _abiver=6 | 6 | _abiver=6 |
7 | _pkgver=${pkgver%.*}-${pkgver##*.} | 7 | _pkgver=${pkgver%.*}-${pkgver##*.} |
8 | pkgrel=0 | 8 | pkgrel=1 |
9 | pkgdesc="A collection of tools and libraries for many image formats" | 9 | pkgdesc="A collection of tools and libraries for many image formats" |
10 | url="http://www.imagemagick.org/" | 10 | url="http://www.imagemagick.org/" |
11 | arch="all" | 11 | arch="all" |
@@ -15,7 +15,10 @@ options="libtool" | |||
15 | makedepends="zlib-dev libpng-dev libjpeg-turbo-dev freetype-dev fontconfig-dev | 15 | makedepends="zlib-dev libpng-dev libjpeg-turbo-dev freetype-dev fontconfig-dev |
16 | perl-dev ghostscript-dev libwebp-dev libtool tiff-dev lcms2-dev" | 16 | perl-dev ghostscript-dev libwebp-dev libtool tiff-dev lcms2-dev" |
17 | subpackages="$pkgname-doc $pkgname-dev $pkgname-c++:_cxx" | 17 | subpackages="$pkgname-doc $pkgname-dev $pkgname-c++:_cxx" |
18 | source="http://www.imagemagick.org/download/releases/ImageMagick-$_pkgver.tar.xz" | 18 | source="http://www.imagemagick.org/download/releases/ImageMagick-$_pkgver.tar.xz |
19 | CVE-2016-7799.patch | ||
20 | CVE-2016-7906.patch | ||
21 | " | ||
19 | 22 | ||
20 | # secfixes: | 23 | # secfixes: |
21 | # 6.9.5.3: | 24 | # 6.9.5.3: |
@@ -28,6 +31,9 @@ source="http://www.imagemagick.org/download/releases/ImageMagick-$_pkgver.tar.xz | |||
28 | # - CVE-2016-5841 | 31 | # - CVE-2016-5841 |
29 | # - CVE-2016-5842 | 32 | # - CVE-2016-5842 |
30 | # - CVE-2016-6491 | 33 | # - CVE-2016-6491 |
34 | # 6.9.5.9-r1: | ||
35 | # - CVE-2016-7799 | ||
36 | # - CVE-2016-7906 | ||
31 | 37 | ||
32 | _builddir="$srcdir/ImageMagick-${_pkgver}" | 38 | _builddir="$srcdir/ImageMagick-${_pkgver}" |
33 | prepare() { | 39 | prepare() { |
@@ -85,6 +91,12 @@ _cxx() { | |||
85 | mv "$pkgdir"/usr/lib/libMagick++*.so.* "$subpkgdir"/usr/lib/ | 91 | mv "$pkgdir"/usr/lib/libMagick++*.so.* "$subpkgdir"/usr/lib/ |
86 | } | 92 | } |
87 | 93 | ||
88 | md5sums="fc7c456f4bee061d387a03c7484e27f1 ImageMagick-6.9.5-9.tar.xz" | 94 | md5sums="fc7c456f4bee061d387a03c7484e27f1 ImageMagick-6.9.5-9.tar.xz |
89 | sha256sums="9c4f300daae165a6bcf46779876f9361a958076f8cd59fa203d84c70ba5bc183 ImageMagick-6.9.5-9.tar.xz" | 95 | a69aaa7cfb91129faf0a6180632f37cc CVE-2016-7799.patch |
90 | sha512sums="3aff67710305e3427e2effab5bd5b10c9f55ca9b755704cdea169dbe3653fe919ae603a37fb3d7c105b61c930d4652cf488f7a7ec0a2d847bfb66b8f6eb1db43 ImageMagick-6.9.5-9.tar.xz" | 96 | db49949a2ab7d4f593f07dcd2dd76e66 CVE-2016-7906.patch" |
97 | sha256sums="9c4f300daae165a6bcf46779876f9361a958076f8cd59fa203d84c70ba5bc183 ImageMagick-6.9.5-9.tar.xz | ||
98 | a81409f154f1d195e559aadc0caa6b4498fd6132c8d97bc3a9b55e693cb7aa75 CVE-2016-7799.patch | ||
99 | a4e525f2980d665db04f15050cfce44a2dfdbf324e442f5610dfbd045214f02f CVE-2016-7906.patch" | ||
100 | sha512sums="3aff67710305e3427e2effab5bd5b10c9f55ca9b755704cdea169dbe3653fe919ae603a37fb3d7c105b61c930d4652cf488f7a7ec0a2d847bfb66b8f6eb1db43 ImageMagick-6.9.5-9.tar.xz | ||
101 | 78d60bd48ac932adaaadaae0b26594cc72ba3e94a0752e28e775ad37c9eb0cd0f602c969e52dab0e196a9742559df5b4406dc116095a6a5852444d0f00a89aca CVE-2016-7799.patch | ||
102 | f64fe197b621ae7046326ad88302c8a24e70c95c8725a8cdae56586460b00bb7137228ae04a9396b0e872bde901c464f2fbf570657d5d1c1c3592900c42d626b CVE-2016-7906.patch" | ||
diff --git a/main/imagemagick/CVE-2016-7799.patch b/main/imagemagick/CVE-2016-7799.patch new file mode 100644 index 0000000000..6b04f3dc4b --- /dev/null +++ b/main/imagemagick/CVE-2016-7799.patch | |||
@@ -0,0 +1,22 @@ | |||
1 | From 00a80395a4cd17a6f420238bf9d936d3d9b65a8a Mon Sep 17 00:00:00 2001 | ||
2 | From: Cristy <urban-warrior@imagemagick.org> | ||
3 | Date: Fri, 30 Sep 2016 15:18:03 -0400 | ||
4 | Subject: [PATCH] https://github.com/ImageMagick/ImageMagick/issues/280 | ||
5 | |||
6 | --- | ||
7 | magick/profile.c | 2 +- | ||
8 | 1 file changed, 1 insertion(+), 1 deletion(-) | ||
9 | |||
10 | diff --git a/magick/profile.c b/magick/profile.c | ||
11 | index baf7e70..db4083d 100644 | ||
12 | --- a/magick/profile.c | ||
13 | +++ b/magick/profile.c | ||
14 | @@ -2060,7 +2060,7 @@ static MagickBooleanType SyncExifProfile(Image *image, StringInfo *profile) | ||
15 | (void) AddValueToSplayTree(exif_resources,q,q); | ||
16 | tag_value=(ssize_t) ReadProfileShort(endian,q); | ||
17 | format=(ssize_t) ReadProfileShort(endian,q+2); | ||
18 | - if ((format-1) >= EXIF_NUM_FORMATS) | ||
19 | + if ((format < 0) || ((format-1) >= EXIF_NUM_FORMATS)) | ||
20 | break; | ||
21 | components=(ssize_t) ReadProfileLong(endian,q+4); | ||
22 | if (components < 0) | ||
diff --git a/main/imagemagick/CVE-2016-7906.patch b/main/imagemagick/CVE-2016-7906.patch new file mode 100644 index 0000000000..fc22b35278 --- /dev/null +++ b/main/imagemagick/CVE-2016-7906.patch | |||
@@ -0,0 +1,22 @@ | |||
1 | From d63a3c5729df59f183e9e110d5d8385d17caaad0 Mon Sep 17 00:00:00 2001 | ||
2 | From: Cristy <urban-warrior@imagemagick.org> | ||
3 | Date: Sat, 1 Oct 2016 11:16:55 -0400 | ||
4 | Subject: [PATCH] https://github.com/ImageMagick/ImageMagick/issues/281 | ||
5 | |||
6 | --- | ||
7 | magick/attribute.c | 2 +- | ||
8 | 1 file changed, 1 insertion(+), 1 deletion(-) | ||
9 | |||
10 | diff --git a/magick/attribute.c b/magick/attribute.c | ||
11 | index 4e01240..53d2706 100644 | ||
12 | --- a/magick/attribute.c | ||
13 | +++ b/magick/attribute.c | ||
14 | @@ -1296,7 +1296,7 @@ MagickExport MagickBooleanType SetImageType(Image *image,const ImageType type) | ||
15 | status=QuantizeImage(quantize_info,image); | ||
16 | quantize_info=DestroyQuantizeInfo(quantize_info); | ||
17 | } | ||
18 | - image->colors=2; | ||
19 | + status=AcquireImageColormap(image,2); | ||
20 | image->matte=MagickFalse; | ||
21 | break; | ||
22 | } | ||