From 986fa9c54db10e597f3b7d5db859e28b1c0f9317 Mon Sep 17 00:00:00 2001 From: Mark H Weaver Date: Sat, 27 Mar 2021 08:08:10 -0400 Subject: [PATCH 7/8] gnu: imagemagick: Fix CVE-2020-27829. * gnu/packages/patches/imagemagick-CVE-2020-27829.patch: New file. * gnu/local.mk (dist_patch_DATA): Add it. * gnu/packages/imagemagick.scm (source): Add patch. --- gnu/local.mk | 1 + gnu/packages/imagemagick.scm | 4 ++- .../patches/imagemagick-CVE-2020-27829.patch | 27 +++++++++++++++++++ 3 files changed, 31 insertions(+), 1 deletion(-) create mode 100644 gnu/packages/patches/imagemagick-CVE-2020-27829.patch diff --git a/gnu/local.mk b/gnu/local.mk index 0aec66414e..18799bac7f 100644 --- a/gnu/local.mk +++ b/gnu/local.mk @@ -1221,6 +1221,7 @@ dist_patch_DATA = \ %D%/packages/patches/id3lib-UTF16-writing-bug.patch \ %D%/packages/patches/idris-disable-test.patch \ %D%/packages/patches/ilmbase-fix-tests.patch \ + %D%/packages/patches/imagemagick-CVE-2020-27829.patch \ %D%/packages/patches/inetutils-hurd.patch \ %D%/packages/patches/inkscape-poppler-0.76.patch \ %D%/packages/patches/intel-xed-fix-nondeterminism.patch \ diff --git a/gnu/packages/imagemagick.scm b/gnu/packages/imagemagick.scm index 4200ed1daf..44598fbb73 100644 --- a/gnu/packages/imagemagick.scm +++ b/gnu/packages/imagemagick.scm @@ -140,7 +140,9 @@ text, lines, polygons, ellipses and Bézier curves.") version ".tar.xz")) (sha256 (base32 - "1pkwij76yz7vd5grl6520pgpa912qb6kh34qamx4zfndwcx6cf6b")))))) + "1pkwij76yz7vd5grl6520pgpa912qb6kh34qamx4zfndwcx6cf6b")) + (patches + (search-patches "imagemagick-CVE-2020-27829.patch")))))) (define-public perl-image-magick (package diff --git a/gnu/packages/patches/imagemagick-CVE-2020-27829.patch b/gnu/packages/patches/imagemagick-CVE-2020-27829.patch new file mode 100644 index 0000000000..b15c1d0879 --- /dev/null +++ b/gnu/packages/patches/imagemagick-CVE-2020-27829.patch @@ -0,0 +1,27 @@ +We omit the ChangeLog changes below, since they do not apply cleanly. + + +From 6ee5059cd3ac8d82714a1ab1321399b88539abf0 Mon Sep 17 00:00:00 2001 +From: Cristy +Date: Mon, 30 Nov 2020 16:26:59 +0000 +Subject: [PATCH] possible TIFF related-heap buffer overflow (alert & POC by + Hardik Shah) + +--- + ChangeLog | 6 ++++++ + coders/tiff.c | 2 +- + 2 files changed, 7 insertions(+), 1 deletion(-) + +diff --git a/coders/tiff.c b/coders/tiff.c +index e98f927ab..1eecf17ae 100644 +--- a/coders/tiff.c ++++ b/coders/tiff.c +@@ -1975,7 +1975,7 @@ static Image *ReadTIFFImage(const ImageInfo *image_info, + extent+=image->columns*sizeof(uint32); + #endif + strip_pixels=(unsigned char *) AcquireQuantumMemory(extent, +- sizeof(*strip_pixels)); ++ 2*sizeof(*strip_pixels)); + if (strip_pixels == (unsigned char *) NULL) + ThrowTIFFException(ResourceLimitError,"MemoryAllocationFailed"); + (void) memset(strip_pixels,0,extent*sizeof(*strip_pixels)); -- 2.31.0